This report was prepared by The Institute for National Security Studies (INSS) and The Cyber Security Forum Initiative (CSFI) to create better cyber situational awareness (Cyber SA) of the nature and scope of threats and hazards to national security worldwide in the domains of cyberspace and open source intelligence. It is provided to Federal, State, Local, Tribal, Territorial and private sector officials to aid in the identification and development of appropriate actions, priorities and follow-up measures.
A new Cyber division in the US Army
As a result to the cyber threats the US is facing, a new cyber agency is about to be established. This new agency, named CTIIC an acronym for (Cyber Threat Intelligence Integration Center), will have the role of coordinating various agencies, such as the Central Intelligence Agency (CIA), the National Security Agency (NSA), the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI) and the US military’s Cyber Command, requiring the agencies to share information. According to Lisa Monaco, who is the US Homeland Security Advisor, “Currently, no single government entity is responsible for producing coordinated cyber threat assessments.”
Obama has indicated cyber security as a top priority in 2015 after recent hacking massive cyber-attacks against the entertainment company Sony.
UK: New military information warfare unit to counter cyber jihad
Two weeks ago, the UK ministry of Defense announced that a new military unit would be launched. This new unit has been set up specifically to counter Islamist propaganda, such as ISIS in cyberspace. The British Army 77th Brigade will be operational in April 2015 and will include around 1,500 people, including soldiers and reservists.
The ministry of Defense have said they are looking for people with skills in journalism and social media. The new information warfare unit will be tasked with influencing public opinion and countering claims by Islamist extremist groups like ISIS. Indeed, the use of social networks, including Facebook and Twitter, is already established as a powerful way to gather people for their cause.
This new unit will perform information and psychological warfare in order to counter the extremist ideologies broadcasted by these groups over the web. With the creation of this new Brigade, the British Army is now following other nations that already have their own information warfare units such as North Korea, Iran, United States and Israel.
This is just a step forward in the war that Europe has been engaged in against cyber jihad. Jihadists have already enlisted hundreds of people to join them in their fight in Syria.
Netherlands targeted by sophisticated DDoS attack
On Wednesday, February 11, 2015, the Netherlands was the target of a large DDoS attack, which took down several government websites for more than 10 hours on Thursday. According to Raymond Dijkxhoorn, the director of the hosting company Prolocation, this attack seemed to be different and more advanced than the usual DDoS attacks that The Netherlands authorities are facing daily. The attackers targeted several websites including the federal government and other websites hosted on the same network. Furthermore, a blog named Geenstijl.nl and the telecom company Telfort’s website were also taken down during the attack.
For now, there are no details about the way the attack was performed. However, according to some sources, the DDoS attack involved a mix of methods. Today, DDoS attacks can use different techniques, such as NTP, DNS amplification, or botnets. The Netherlands authorities and the ministry of General Affairs, the National Cyber Security Centre, the website hosting company Prolocation, and the services provider Centric are all investigating the attack, the methods, and threat actors behind it.
China and APAC
Singapore: Cybercrime gets noticed by insurance companies
Companies in Singapore lost nearly S$2 Billion (About 1.47USD) in 2014 due to illicit cyber activities, which resulted in loss or unplanned downtime. This is a small fraction of the world-wide loss estimated to be US$375 billion to US$575 billion. This fact got the attention of insurance companies, which start offering protection to firms as cyber-attacks become more frequent and sophisticated.
Such policies offered by local Singaporean insurers as interest in them rise are slow to catch on, despite Singapore’s high-profile online intrusions in the public and private sectors alike. In 2014, 66% of businesses in the country suffered data loss or unplanned downtime due to illegitimate cyber activity. Authorities are working with the industry to provide coverage and manage cyber risks.
“Such events are more than capable of inflicting significant reputational and financial damage. In efforts to develop greater cybersecurity resilience, insurance can play an important role in helping organizations improve cyber controls and manage the financial impact from such events,” the spokesperson said.
Despite the risks such attacks present, the cyber insurance market remains small. EY estimated the size of the global marketplace for cyber insurance at between US$600 million (S$812 million) to US$1.3 billion in gross written premiums in 2013. By comparison, the global commercial insurance market is worth about US$1 trillion annually, said Boston Consulting Group. An EY study in 2013 found that only 31% of respondents globally said their firms had cyber insurance coverage.
Governments worldwide are starting to collaborate with insurance companies with the aim of developing a collaborative approach between the insurance sector and the governments to reduce cyber risk dangers. The rationale behind this is that insurers and insurance brokers can help promote the adoption of good practice, including Cyber Essentials that reduce the frequency and cost of breaches.
US global surveillance program to monitor Russian cyber activities
As German media outlet Der Spiegel published last week, the US-led global surveillance program was only the first round of a broader cyber strategy by the United Sates that aims at preparing for global cyber war with other countries. As the source states, the next major conflict will take place in cyberspace and will concentrate on malware programs to disable the enemy’s key infrastructure objects, including banking systems, power plants, and airports. This publication does not come as a surprise, and it sends a clear message to Russia in the context of current geopolitical tensions. Der Spiegel underlines that Russia’s new Military Doctrine, signed at the end of December 2014, qualifies a cyber hazard as a military hazard. The doctrine explains that a cyber hazard can also be qualified immediately as a military threat if it targets objects of critical infrastructure in the nuclear, space, chemical, or pharmaceutical industries.
Newsweek Twitter account hacked by group claiming to be affiliated with ISIS
The Newsweek Twitter account was hacked by a group calling themselves the “Cyber Caliphate.” The group claims to be affiliated with the Islamic State (ISIS) and in the past hacked the Twitter accounts of the United States Central Command, as well as the singer Taylor Swift. The Newsweek account was hacked for 14 minutes until the Twitter’s support team regained control of the account at the publication’s request.
Kira Bindrim, the managing editor of Newsweek, said, “We can confirm that Newsweek’s Twitter account was hacked this morning and have since regained control of the account. We apologize to our readers for anything offensive that might have been sent from our account during that period and are working to strengthen our newsroom security measures going forward.”
During the hack, Newsweek account’s profile picture was changed to an image of a masked man and the Black Standard flag, along with a message “Je su IS IS.” The group published offensive messages threatening Michelle Obama and praising “cyber jihad.” They also published names of people they described as brave Mujahedeen that battled for the ISIS cause. Images the hackers claimed were confidential were also tweeted, specifically from the Defense Cyber Investigations Training Academy and the Pentagon.
The group also hacked the website of the International Business Times, as well as the Twitter account of Latin Times. IBT Media stated, “All of the Twitter accounts and websites that have been hacked share a parent company.”
Israel establishes Cyber Defense Authority
Israel’s Cabinet, at its weekly meeting on Sunday, Feb. 15, approved a comprehensive plan for national readiness in cyberspace; this is in addition to processes and efforts being advanced by the Israel National Cyber Bureau since its establishment three years ago in order to boost the State of Israel’s strength in cyberspace.
Prime Minister Benyamin Netanyahu’s office made an official announcement:
The Cabinet approved the establishment of a national cyber defense authority, which will have overall national responsibility for cyber defense and which will be gradually established over a three-year period. The authority will oversee cyber defense actions so as to provide a comprehensive response against cyber-attacks, including dealing with threats and events in real time. The authority will also operate an assistance center – a Cyber Event Readiness Team – for dealing with cyber threats in order to strengthen the resilience of organizations and sectors in the economy.
The decision follows comprehensive and thorough staff work that indicated the need for an operative, designated body to lead cyber defense activity in the State of Israel while keeping a long term view of the increasing and developing threats.
The authority will act alongside the Israel National Cyber Bureau (INCB), which will continue setting national policy in building a pioneering technological force for the State of Israel as a global leader in the cyber field. The authority and the bureau will constitute a single national cyber directorate in the Prime Minister’s Office, led by INCB head Dr. Eviatar Matania.
The Cabinet also approved a decision on organizing the cyber defense services sector, including relevant professionals, products, and services by means of a designated unit that will be established within the framework of the new authority. The Cabinet also approved the organizing of the deployment of organizations in the economy in the field of cyber defense to be based as much as possible on existing regulatory agencies. Thus, a plan will be formulated on assistance and incentives for organizations in the economy to raise their level of readiness to meet cyber threats.
These materials, including copyrighted materials, are intended for “fair use” as permitted under Title 17, Section 107 of the United States Code (“The Copyright Law”). Use of copyrighted material for unauthorized purposes requires permission from the copyright owner. Any feedback regarding this report or requests for changes to the distribution list should be directed to the Open Source Enterprise via unclassified e-‐mail at: firstname.lastname@example.org.
CSFI and the INSS would like to thank the Cyber Intelligence Analysts who worked on collecting and summarizing this report.