Hackers Could Decrypt Your GSM Phone Calls

Researchers have discovered a flaw in the GSM standard used by AT&T and T-Mobile that would allow hackers to listen in.

Most mobile calls around the world are made over the Global System for Mobile Communications standard; in the US, GSM underpins any call made over AT&T or T-Mobile networks. But at the DefCon security conference in Las Vegas on Saturday, researchers from BlackBerry are presenting an attack that can intercept GSM calls as they’re transmitted over the air and then decrypt them to listen back to what was said. What’s more, this vulnerability has been around for decades.

Regular GSM calls aren’t fully end-to-end encrypted for maximum protection, but they are encrypted at many steps along their path, so random people can’t just tune into phone calls over the air like radio stations. The researchers found, though, that they can target the encryption algorithms used to protect calls and listen in on basically anything.

“GSM is a well-documented and analyzed standard, but it’s an aging standard and it’s had a pretty typical cybersecurity journey,” says Campbell Murray, the global head of delivery for BlackBerry Cybersecurity. “The weaknesses we found are in any GSM implementation up to 5G. Regardless of which GSM implementation you’re using there is a flaw historically created and engineered that you’re exposing.”

The problem is in the encryption key exchange that establishes a secure connection between a phone and a nearby cell tower every time you initiate a call. This exchange gives both your device and the tower the keys to unlock the data that is about to be encrypted. In analyzing this interaction, the researchers realized that the way the GSM documentation is written, there are flaws in the error control mechanisms governing how the keys are encoded. This makes the keys vulnerable to a cracking attack.

“It’s a really good example of how the intention is there to create security, but the security engineering process behind that implementation failed.” – CAMPBELL MURRAY, BLACKBERRY

As a result, a hacker could set up equipment to intercept call connections in a given area, capture the key exchanges between phones and cellular base stations, digitally record the calls in their unintelligible, encrypted form, crack the keys, and then use them to decrypt the calls. The findings analyze two of GSM’s proprietary cryptographic algorithms that are widely used in call encryption—A5/1 and A5/3. The researchers found that they can crack the keys in most implementations of A5/1 within about an hour. For A5/3 the attack is theoretically possible, but it would take many years to actually crack the keys.

“We spent a lot of time looking at the standards and reading the implementations and reverse engineering what the key exchange process looks like,” Murray says. “You can see how people believed that this was a good solution. It’s a really good example of how the intention is there to create security, but the security engineering process behind that implementation failed.”

The researchers emphasize that because GSM is such an old and thoroughly analyzed standard, there are already other known attacks against it that are easier to carry out in practice, like using malicious base stations, often called stingrays, to intercept calls or track a cell phone’s location. Additional research into the A5 family of ciphers over the years has turned up other flaws as well. And there are ways to configure the key exchange encryption that would make it more difficult for attackers to crack the keys. But Murray adds that the theoretical risk always remains.

Short of totally overhauling the GSM encryption scheme, which seems unlikely, the documentation for implementing A5/1 and A5/3 could be revised to make key interception and cracking attacks even more impractical. The researchers say that they are in the early phases of discussing the work with the standards body GSMA.

The trade association said in a statement to WIRED: “Details have not been submitted to the GSMA under our coordinated vulnerability programme. When the technical details are known to the GSMA’s Fraud and Security Group we will be better placed to consider the implications and the necessary mitigation actions.”

Though it may not be that surprising at this point that GSM has security issues, it’s still the cellular protocol used by the vast majority of the world. And as long as it’s around, real call privacy issues remain too.

Source | https://www.wired.com/story/gsm-decrypt-calls/?verso=true

RM67.6 million lost to cyber crimes in Q1 2019

LABUAN: Cyber crimes involving losses of RM67.6 million in 2,207 cases were reported in the first three months of this year, according to a senior officer of the Communications and Multimedia Ministry (KKMM) today.

Its deputy secretary-general (policy), Shakib Ahmad Shakir, said the ministry and agencies under it were concerned over the large amounts of money lost through such scams.

The three most common types of cyber crimes were cheating via telephone calls which recorded 773 cases with RM26.8 million in losses, cheating in online purchases with 811 cases totaling RM4.2 million and the ‘African Scam’ with 371 cases totaling RM14.9 million.

E-financial fraud recorded 212 cases involving losses of RM21.5 million, he said when opening a Labuan-level briefing on awareness to combat cyber crimes and human trafficking, here.

He said the losses were reported in online scams, credit card frauds, identity thefts and data breaches.

“KKMM is determined to combat cyber crimes in view of the concerns raised on the rise in cyber crimes committed through various means.

“Cyber crimes are a serious threat to the people as these frauds can cause them to lose hundreds of thousands of ringgit of their hard-earned money,” he said.

The briefing is part of the commitment of KKMM to create public awareness on cyber crimes through education and promotion and publicity campaigns.

Shakib said that according to the Commercial Crime Investigation Department, 13,058 cheating cases were reported in 2017 compared to 10,394 last year.

“I was told that telecommunication fraud is the most common form of (cyber) crime in Labuan with 16 complaints in 2017 and 19 complaints last year, a 35 per cent increase,” he said.

Shakib said the ministry would continue to cooperate with its strategic partners like the media, police, the Malaysian National News Agency (Bernama) and Information Department to combat the menace. – Bernama

Source | https://www.nst.com.my/news/crime-courts/2019/04/482208/rm676-million-lost-cyber-crimes-q1-2019

National awareness plan on managing cybersecurity, cybercrime at year-end

KUALA LUMPUR: A national awareness plan on the management of cybersecurity and cybercrime will be launched at the end of this year, Deputy Prime Minister Datuk Seri Dr Wan Azizah Wan Ismail said today.

She said the plan, which was being developed by the National Cyber Security Agency (NACSA), was expected to be implemented in January 2020, targeting four groups – children, youths, adults and parents, as well as organisations.

Dr Wan Azizah, who is also chairman of the E-Sovereignty Committee, said various parties were involved in developing the plan, including government agencies, the private sector, industries and non-governmental organisations.

The plan was an effort to address cyber threats comprehensively besides the National Cyber Security Strategy which was still being developed, she said.

“One of the things that we (the government) stress is the management of cybersecurity and we have the National Cyber Security Strategy … where we look at cyber attacks in other countries. This is important for us to protect the banking system and so on,” she told reporters in a special interview at her office in Parliament House in conjunction with the first anniversary of the Pakatan Harapan (PH) government.

The National Cyber Security Strategy, among others, covers the management of cyber incidences through an active cyber defence approach which outlines proactive, integrated action at every layer of system defence and information and communications technology of the country.

Dr Wan Azizah said Malaysia is also aware that international collaboration is very important and necessary to improve the effectiveness of the management of cybersecurity and cybercrime.

She said that among the initiatives that are being implemented is developing the ASEAN Regional Forum (ARF) Cyber Security Work Plan which is a joint plan for cybersecurity among ARF member countries.

Dr Wan Azizah said Malaysia, together with Australia, has developed the ‘Cyber Point of Contact’, which is a database of the list of liaison officers in member countries, to get assistance and cooperation during cyber incidences. – Bernama

Source | https://www.theborneopost.com/2019/05/08/national-awareness-plan-on-managing-cybersecurity-cybercrime-at-year-end/

MORE DEDICATED CYBER-SECURITY STAFF NEEDED IN HEALTHCARE INDUSTRY

  • Industry that deals with copious amounts of personal, exploitable data
  • Organisation-wide education and awareness are crucial

AS THE adoption of digital technology in the healthcare industry accelerates, there is an increasing need to protect another side of patients’ and healthcare organisations’ well-being – the security of their personal data.

This emphasis on protecting data and mitigating cyber-threats is reflected in the industry’s significant investment into cyber-security.

According to a recent survey by Palo Alto Networks, about 70% of healthcare organisations in Asia-Pacific say that 5% to 15% of their organisation’s IT budget is allocated to cyber-security.

However, despite substantial budgets, there seems to be a need for the healthcare industry to catch-up with industry peers in terms of cyber-security talent, with only 78% having a team in their organisations dedicated to IT security, the lowest among other industries surveyed. This is also well-below the industry-wide average of 86%.

“As an industry that deals with copious amounts of personal, exploitable data, it can be disastrous if this data enters the wrong hands.

“Healthcare organisations need to ensure they are always updated on new security measures, and change their mindset from a reactive approach to a prevention-based approach instead, akin to how they remind patients that prevention is better than cure,” says Sean Duca, vice president and regional chief security officer for Asia-Pacific, Palo Alto Networks.

Risk factors

Aside from monetary loss associated with data breaches and availability of connected devices which monitor patient lives, healthcare professionals are most worried about the loss of clients’ contacts, financial or medical information – 30% have cited loss of details as key.

Fear of damaging the company’s reputation among clients comes next at 22%, followed by 17% citing company downtime while a breach is being fixed as a concern.

Cyber-security risks in healthcare organisations are also amplified with BYOD (Bring Your Own Device), with 78% of organisations allowing employees to access work-related information with their own personal devices such as their mobile phones and computers.

In addition to this, 69% of those surveyed say they are allowed to store and transfer their organisation’s confidential information through their personal devices.

While 83% claimed there are security policies in place, only 39% admit to reviewing these policies more than once a year – lower than the 51% of respondents from the finance industry, a sector also known to hold sensitive client data.

Call to get in shape for the future

As more healthcare organisations fall prey to cyber-attacks, such as ransomware, a lapse in data security is a real threat to the industry, hence organisation-wide education and awareness are crucial towards ensuring that the right preventive measures are implemented and enforced.

Fifty-four percent of the respondents have cited an inability to keep up with the evolving solutions being a barrier to ensuring cyber-security in their organisations, and 63% of respondents attributed this to an ageing internet infrastructure as the likely main reason for cyber-threats, should they happen.

Here are some tips for healthcare organisations:

Ensure that medical devices are equipped with up-to-date firmware and security patches to address cyber-security risks. Medical devices are notoriously vulnerable to cyber-attacks because security is often an afterthought when the devices are designed and maintained by the manufacturer. These precautionary measures may include having an inventory on all medical devices, accessing network architecture and determining patch management plan for medical devices, as well as developing a plan to migrate medical devices to the medical device segment.

Apply a zero-trust networking architecture for hospital networks, making security ubiquitous throughout, not just at the perimeter. Healthcare organisations should look to segment devices and data based on their risk, inspecting network data as it flows between segments, and requiring authentication to the network and to any application for any user on the network.

Practices such as BYOD and some employees’ ability to store and transfer confidential information through their personal devices put them at a higher risk of phishing attacks. To prevent this, healthcare providers should ensure that staff undergo regular end-user security training to reduce successful phishing. Cyber-security best practices can be taught as a new hire class for every employee.

As healthcare organisations migrate portions of their critical infrastructure and applications to the cloud, it becomes imperative for an advanced and integrated security architecture to be deployed to prevent cyber-attacks on three-prongs: the network, the endpoint and the cloud. Traditional antivirus will not be effective in guarding against advanced malware such as ransomware which continuously changes to avoid detection.

Source | https://www.digitalnewsasia.com/digital-economy/more-dedicated-cyber-security-staff-needed-healthcare-industry

NSA might shut down phone snooping program, whatever that means!

The US National Security Agency (NSA) has created a boatload of buzz over the past few days with these two headline-makers:

First, a senior Republican congressional aide suggested over the weekend that the agency might be shuttering its phone metadata slurping program instead of renewing it in December (suppress your glee: the news is less encouraging for surveillance-adverse citizenry than it appears at first blush) and….

…Second, by releasing Ghidra, a free software reverse engineering tool that the agency had been using internally for well over a decade.

First, the political cat-and-mouse game:

Will the USA Patriot Act really die?

News of the NSA potentially killing off its mass phone-spying program – exposed by whistleblower Edward Snowden in 2013 – came on Saturday in the form of a Lawfare podcast interview with Luke Murry, national security advisor to House minority leader Kevin McCarthy.

At 5 minutes in, Murry said that the NSA hasn’t been using its metadata collecting system for spying on US citizens for the past six months, due to “problems with the way in which that information was collected, and possibly collecting on US citizens.” The program is due for Congressional reauthorization in December 2019, but Murry suggested that the administration might not bother:

I’m not actually certain that the administration will want to start that back up given where they’ve been in the last six months.

News outlets jumped on the notion that the NSA might end a widely disliked spying program: one that courts have dubbed illegal, that privacy advocates have protested, and which legislators havefilibustered against, given that it indiscriminately snoops on America’s own citizens.

If you’re wondering which spying program Murry was talking about, join the club. Was it the USA Patriot Act, whose Section 215 supported the NSA’s bulk collection of telephone records, which resulted in the agency having collected the phone records of millions of US persons not suspected of any crime? Or was it the USA Freedom Act, signed into law in 2015 as what was supposed to be a way to clip the NSA’s powers?

Section 215 expired at the end of May 2015 but was re-enabled through to the end of 2019 via the USA Freedom Act, which passed the following month, as well as being extended via various otherlegal maneuvers.

In the interview with Lawfare, Murry muddled the two laws. When asked about national security topics coming up this year, he said:

One which may be must-pass, may actually not be must-pass, is Section 215 of USA Freedom Act, where you have this bulk collection of, basically metadata on telephone conversations – not the actual content of the conversations but we’re talking about length of call, time of call, who’s calling – and that expires at the end of this year.

Again, Section 215 is actually from the Patriot Act. But whatever law Murry referred to, we shouldn’t be too excited by the notion that it will go away, because if history is any guide, it won’t. Rather, it will likely be reinterpreted and spring up in a new form. The Register has done a thorough rundown of how the NSA works that, and it’s well worth a read.

For example, Section 215 goes far beyond authorizing the collection of phone metadata, but the truth is that the secretive NSA hasn’t told us about the other 97% of data collection it authorizes. From the Register:

In 2014, for example, there were 180 orders authorized by the US government’s special FISA Court under Section 215, but only five of them related to metadata; the rest cover, well, the truth is that we don’t know what they cover because it remains secret.

It could be that Section 215 covers collection of emails and instant messages, search engine searches, and video uploads, for example. The law says that the NSA can collect “tangible things”, which could mean just about anything.

After the blanket surveillance program was reauthorized in 2015, the Office of the Director of National Intelligence (ODNI) issued an official statement that sure did sound good: the NSA would stop analyzing old bulk telephony metadata and start deleting it. What it would shift to, the DNI said, was the Freedom Act’s new, “targeted production” of records.

It turns out that the phone data collection didn’t stop, however. In a June 2018 statement, the ODNI said that the NSA had begun deleting all the call detail records that it had gotten its hands on – afterthat new, “targeted” approach.

The NSA blamed “technical irregularities in some data received from telecommunications service providers” for the junking of the phone records – problems that, it promised, had been resolved, clearing the way for yet more future records collection.

Murry said the program never got rebooted, though, and that he doesn’t believe it will. This undoubtedly has something to do with strenuous efforts by two US senators, Ron Wyden and Rand Paul, who’ve both been waging war against the NSA’s spying.

During their wrangling, which has gone on for over a year and has focused on getting more control of Section 702 of the Foreign Intelligence Surveillance Act (FISA), the NSA has avoided answering Rand’s questions (PDF), such as whether the NSA is collecting domestic communications. It’s also gotten creative with coming up with secret interpretations of the law.

The Register suggests that the fact that the public only knows about the telephone metadata aspects of the far broader Section 215 could be an advantage to the NSA, as it continues to find ways to keeping getting the data it wants. From the Register:

If the NSA offers to give up its phone metadata collection voluntarily, it opens up several opportunities for the agency. For one, it doesn’t have to explain what its secret legal interpretations of the law are and so can continue to use them. Second, it can repeat the same feat as in 2015 – give Congress the illusion of bringing the security services to heel. And third, it can continue to do exactly what it was doing while looking to everyone else that it has scaled back.

On a far more security-crowd-pleasing note, there’s the NSA’s release of Ghidra:

Ghidra

The NSA released Ghidra, a software reverse engineering tool, at the RSA security conference on Wednesday. It marked the first public demonstration of the tool, which the agency has been using internally and which helps to analyze malicious code and malware tracks down potential vulnerabilities in networks and systems.

ZDNet, reporting from the conference, said that the NSA’s plan is to get security researchers comfortable working with the tool before they apply for government cybersecurity positions, be those jobs at the NSA or at the other government intelligence agencies with which the NSA has privately shared Ghidra.

At this point, Ghidra is available for download only through its official website, but the NSA also plans to release its source code under an open source license on GitHub.

The initial reviews have been, overall, positive, in large measure because “free” is a lot cheaper than the alternative tool, IDA Pro. The commercial license for IDA Pro costs thousands of US dollars per year.

If you haven’t tried out Ghidra yet, you can get more information on the official website or on theGitHub repo.

Source : https://nakedsecurity.sophos.com/2019/03/07/nsa-might-shut-down-phone-snooping-program-whatever-that-means/

Three films about corporate cybersecurity and cyberwar

While stories about breaches and cyberattacks have only become commonplace in the news relatively recently, Hollywood has had an interest in cybersecurity for some time now. To coincide with the Oscars, we’re taking a look at several popular films that dealt with cyberattacks on companies or government institutions, industrial espionage, and cyberwar, in order to take away some lessons for businesses.

Endpoint security and the problem with critical infrastructure.

In Skyfall (2012), one of the latest James Bond films, the British Intelligence Service, MI6, is under attack, and is trying to stop vital information from being leaked to the public. In turn, Bond is fighting to survive, and struggling to stay relevant in a world where the figure of the field agent is becoming less important thanks to technological advances, and where popular services such as social networks can put an agent’s privacy at risk. Silva, a cybercriminal, and the film’s bad guy, manages to interfere with satellite signals, attack the London Underground, tamper with elections in several African countries, and destabilize the stock market… All from a computer.

Although the film contains such important concepts as the protection of critical infrastructures, and is the first Bond film to use a cyberattack as a lethal weapon, there is one serious error that needs to be highlighted. The employees of MI6 get their hands on a computer belonging to Silva, the criminal hacker, and connect it to the intelligence service’s network to extract information from it.

Accessing the network via an infected endpoint endangers the organization’s entire infrastructure, and is an important example of how simple mistakes in a business environment can put our privacy at risk. Despite this slip up, Q, the technology expert at MI6, says, one might say quite rightly: “I’ll hazard I can do more damage on my laptop, sitting in my pyjamas before my first cup of Earl Grey than you can do in a year in the field.”

The documentary Zero Days (2016) investigates the by now well-known sophisticated computer worm Stuxnet, which is suspected to have been developed by the United States and Israel in order to sabotage the Iranian nuclear program in 2010. Stuxnet also managed to make its way onto a private network via an infected endpoint – in this case a pen drive – which injected malicious code onto the programmable logic controllers (PLC) used to automate the nuclear power station’s processes.

The worm took over more than 1,000 machines in the industrial environment, and forced them to self-destruct. This attack became the first known digital weapon in international cyberwar, the first virus capable of paralyzing functioning hardware.

The malware leveraged multiple zero day vulnerabilities in order to infect Windows computers, specifically targeting nuclear centrifuges used to produce the uranium needed for weapons and nuclear reactors. Despite being created specifically to affect nuclear facilities in 2010, it seems that Stuxnet has mutated and spread to different organizations outside the industrial sector. 

Human error in cyberwar

In the film Blackhat (2015), after attacks on nuclear power stations in Hong Kong and on the Chicago Stock Exchange, the US and Chinese governments are forced to cooperate in order to protect themselves. In light of these new threats, the FBI turns to a convicted cybercriminal, Hathaway, to help discover who is behind the IT attacks: a black hat hacker seeking to get rich by bringing down the stock market.

In this case, several of the attacks are carried out by the black hat using a RAT (Remote Access Trojan), a piece of malware that can take over a system via a remote connection.Those collaborating with the FBI also fall back on two important weapons to attack corporate networks: an email with an attached PDF containing a keylogger.

This tool is used to access a piece of software exclusive to the National Security Agency (NSA), which is not willing to collaborate with the FBI. As with the other two films discussed here, they also use an infected pen drive as an attack vector, in this case to gain access to a bank’s network and drain the accounts of the cybercriminal who is wreaking so much havoc.

Cybersecurity lessons

These three examples from the film industry can provide us with some valuable tips for a business environment:

  • Pen drives must never be inserted in our systems if you don’t know where they come from, or without first running a malware analysis. To carry out a scan like this, advanced platforms such as Panda Adaptive Defense provide a detailed vision of all endpoints. It’s also vital to scan files that come in as attachments.

  • Attachments from unknown senders or people who aren’t in our address books must never be opened.
  • We need to make sure that our employees know how to deal with social engineeringattacks and such common mistakes as connecting unknown devices to the corporate network.

Source |https://www.pandasecurity.com/mediacenter/news/7-best-cybersecurity-films/

Cyber espionage warning: The most advanced hacking groups are getting more ambitious

The top 20 most notorious cyber-espionage operations have increased their activity by a third in recent years – and are looking to conduct more attacks, according to a security company.

The most advanced hacking groups are becoming bolder when conducting campaigns, with the number of organisations targeted by the biggest campaigns rising by almost a third

A combination of new groups emerging and threat actors developing successful strategies for breaking into networks has seen the average number of organisations targeted by the most active hacking groups rise from 42 between 2015 and 2017 to an average of 55 in 2018.

The figures detailed in Symantec’s annual Internet Security Threat Report suggest that the top 20 most prolific hacking groups are targeting more organisations as the attackers gain more confident in their activities.

Groups like Chafer, DragonFly, Gallmaker and others are all conducting highly targeted hacking campaigns as they look to gather intelligence against businesses they think hold valuable information.

Once attackers might have needed the latest zero-days to gain access to corporate networks, but now it’s spear-phishing emails laced with malicious content that are most likely to provide attackers with the initial entry they need.

And because these espionage groups are so proficient at what they do, they have well tried-and-tested means of conducting activity once they’re inside a network.

“It’s like they have steps which they go through, which they know are effective to get into networks, then for lateral movement across networks to get what they want,” Orla Cox, director of Symentec’s security response unit told ZDNet.

“It makes them more efficient and, for organizations, it makes them harder to spot because a lot of the activity looks like traditional enterprise activity,” she added.

In many of the cases detailed in the report, attackers are deploying what Symantec refers to as ‘living-off-the-land’ tactics: the attackers uses everyday enterprise tools to help them travel across corporate networks and steal data, making the campaigns more difficult to discover.

Not only is the number of targeted campaigns on the rise, but there’s a larger variety in the organisations being targeted. Organisations in sectors like utilities, government and financial services have regularly found themselves targets of organised cyber-criminal gangs, but increasingly, these groups are expanding their attacks to new targets.

“Often in the past they’d have a clear focus on one sector, but now we see these campaigns can focus on a wide variety of targets, ranging from telecoms companies, hotels, universities. It’s harder to pinpoint exactly what their end goal is,” said Cox.

While intelligence gathering remains the key goal of many of these campaigns, some are beginning to expand by also displaying an interest in compromising systems.

This is a particularly worrying trend, because while stealing data in itself is bad enough, attackers with the ability to operate cyber-physical systems could be much worse.

One group Symantec has observed conducting this activity is a hacking operation dubbed Thrip, which expressed particular interest in gaining control of satellite operations — something that could potentially cause major disruption.

In the face of a rise in targeted attacks, governments are increasingly pointing the finger not just at nations but individuals believed to be involved in cyber espionage. For example, the United States named individuals it claims are responsible for conducting cyber attacks: they include citizens of Russia, North Korea, Iran and China. Symantec’s report suggests the indictment might disrupt some targeted operations, but it’s unlikely that cyber espionage campaigns will be disappearing anytime soon.

Source | https://www.zdnet.com/article/cyber-espionage-warning-the-most-advanced-hacking-groups-are-getting-more-ambitious/

Which countries have the worst (and best) cybersecurity?

With so much of our information (including incredibly personal data) being found online, cybersecurity is of the utmost importance.

So just where in the world are you cyber safe – if anywhere?

Our study looked at 60 countries and found huge variances in a number of categories, from malware rates to cybersecurity-related legislation. In fact, not one country is « top of the class » across the board. All of the countries we analyzed could do with some significant improvements.

However, there were some countries that lacked significantly in a variety of areas and others who outperformed the majority of countries. So with that in mind, we’ve created rankings for these 60 countries, from the least cyber safe to the most cyber safe.

Our methodology: how did we find the countries with the worst cybersecurity?

We considered seven criteria, each of which had equal weight in our overall score. These were:

  • The percentage of mobiles infected with malware – software designed to gain unauthorized access to, destroy, or disrupt a device’s system
  • The percentage of computers infected with malware – software designed to gain unauthorized access to, destroy, or disrupt a computer’s system
  • The number of financial malware attacks – malicious programs created to steal a user’s money from the bank account on their computer system
  • The percentage of telnet attacks (by originating country) – the technique used by cybercriminals to get people to download a variety of malware types
  • The percentage of attacks by cryptominers – software that’s developed to take over a user’s computer and use its resources to mine currency (without the user’s permission)
  • The best-prepared countries for cyber attacks
  • The countries with the most up-to-date legislation

Apart from the latter two, all of the scores were based on the percentage of attacks during 2018. The best-prepared countries for cyber attacks were scored using the Global Cybersecurity Index (GCI) scores. The most up-to-date legislation was scored based on existing legislation (and drafts) that covered seven categories (national strategy, military, content, privacy, critical infrastructure, commerce, and crime). Countries received a point for having legislation in a category or half a point for a draft.

For each criterion, the country was given a point based on where it ranked between the highest-ranking and lowest-ranking countries. Countries with the least cyber-secure scores were given 100 points, while countries with the most cyber-secure scores were allocated zero points. All of the countries in between these two scores received a score on a percentile basis, depending on where they ranked.

The total score was achieved by averaging each country’s score across the seven categories.

All of the data used to create this ranking system is the latest available, and we have only included countries where we could cover all of the data points.

Which is the least cyber-secure country in the world?

According to our study, Algeria is the least cyber-secure country in the world. It was the highest-ranking country for lack of legislation and computer malware rates, and also received a high score in the categories for mobile malware and preparation for cyber attacks.

Other high-ranking countries were Indonesia, Vietnam, Tanzania, and Uzbekistan.

Some countries ranked at the top of one category but did better in others, improving their overall score. Germany received the highest score for financial malware, and China received the highest score as the country where most telnet attacks originated from.

The highest-scoring countries per category were:

  • Highest percentage of mobile malware infections – Bangladesh – 35.91% of users
  • Highest number of financial malware attacks – Germany – 3% of users
  • Highest percent of computer malware infections – Algeria – 32.41%
  • Highest percentage of telnet attacks (by originating country) – China – 27.15%
  • Highest percentage of attacks by cryptominers – Uzbekistan – 14.23% of users
  • Least prepared for cyber attacks – Vietnam – 0.245 score
  • Worst up-to-date legislation for cybersecurity – Algeria – 1 key category covered

Which is the most cyber-secure country in the world?

Our findings revealed Japan to be the most cyber-secure country in the world. It scored incredibly low across the majority of categories, only scoring a little higher in the preparation for cyber attacks and legislation categories.

Other top-performing countries included France, Canada, Denmark, and the United States.

As before, some countries scored well in one category but had other scores that brought their average up. These include Ukraine, which had the lowest financial malware rate, and Uzbekistan, Sri Lanka, and Algeria, which had the lowest telnet attack scores.

The lowest-scoring countries per category were:

  • Lowest percentage of mobile malware infections – Japan – 1.34% of users
  • Lowest number of financial malware attacks – Ukraine – 0.3% of users
  • Lowest percent of computer malware infections –  Denmark – 5.9% of users
  • Lowest percentage of telnet attacks (by originating country) – Algeria, Uzbekistan, and Sri Lanka – 0.01%
  • Lowest percentage of attacks by cryptominers – Denmark – 0.61% of users
  • Best prepared for cyber attacks – Singapore – 0.925 score
  • Most up-to-date legislation for cybersecurity – France, China, Russia, and Germany – all 7 categories covered

Overall cybersecurity rankings (from the worst to the best)

Rank Country Score Percentage of Mobiles Infected with Malware Financial Malware Attacks (% of Users) Percentage of Computers Infected with Malware Percentage of Telnet Attacks by Originating Country (IoT) Percentage of Attacks by Cryptominers Best Prepared for Cyberattacks Most Up-to-Date Legislation
1 Algeria 55.75 22.88 0.9 32.41 0.01 5.14 0.432 1
2 Indonesia 54.89 25.02 1.8 24.7 1.51 8.8 0.424 4
3 Vietnam 52.44 9.62 1.2 21.5 1.73 8.96 0.245 2
4 Tanzania 51.00 28.03 0.7 14.7 0.04 7.51 0.317 1.5
5 Uzbekistan 50.50 10.35 0.5 21.3 0.01 14.23 0.277 3
6 Bangladesh 47.21 35.91 1.3 19.7 0.38 3.71 0.524 3.5
7 Pakistan 47.10 25.08 1.4 14.8 0.4 6.07 0.447 2.5
8 Belarus 45.09 9.33 0.7 31.1 0.04 9.73 0.592 3
9 Iran 43.29 28.07 0.8 12.7 1.71 4.51 0.494 2
10 Ukraine 42.58 10.85 0.3 28.7 1.17 7.6 0.501 3
11 Nigeria 42.54 28.54 0.7 15.6 0.89 4.54 0.569 2
12 Peru 41.25 13.81 0.9 16.6 0.22 6.29 0.374 3
13 China 40.80 25.61 1.4 11.8 27.15 1.73 0.624 7
14 Sri Lanka 39.59 13.71 1.1 18.8 0.01 3.61 0.419 3
15 India 39.30 25.25 0.7 21.8 2.59 4.4 0.683 3.5
16 Greece 39.06 5.78 2.3 21.6 0.73 1.77 0.475 4
17 Romania 39.02 6.42 1.2 24.6 0.61 3.21 0.585 2
18 Ecuador 38.29 14.13 0.7 16.8 0.4 3.73 0.466 2
19 Azerbaijan 38.20 6.53 0.9 26.7 0.03 7.13 0.559 4
20 Egypt 38.03 18.8 1.3 20.2 7.43 4.01 0.772 4
21 Bulgaria 37.86 7.96 0.4 21.5 10.57 2.74 0.593 4
22 South Korea 37.16 7.14 2.8 14.3 3.57 3.1 0.782 3
23 United Arab Emirates 36.88 9.14 1.9 20.7 0.09 2.99 0.566 4
24 Philippines 36.79 23.07 0.6 23.8 0.1 2.94 0.594 4
25 Morocco 36.47 10.61 1.5 21.7 0.11 3.01 0.541 4
26 Slovakia 35.57 5.32 0.6 22 0.13 2.76 0.362 3
27 Tunisia 35.54 9.85 1.2 21.5 0.1 2.78 0.591 3
28 South Africa 34.39 9.9 1 13.4 0.64 2.51 0.502 2
29 Kenya 34.16 21.43 1.2 17 0.15 3.39 0.574 5
30 Brazil 33.57 4.73 1.8 21.4 0.7 3.49 0.579 3
31 Latvia 33.05 6.25 1.4 23.1 0.17 4.17 0.688 4
32 Saudi Arabia 32.99 10.15 0.7 20.7 0.11 2.72 0.569 3
33 Portugal 32.79 5.25 1.9 20.9 0.09 1.63 0.508 5
34 Thailand 32.42 7.26 1 19.7 0.79 4.27 0.684 3
35 Malaysia 31.79 15.46 2.1 21.7 0.24 2.87 0.893 5
36 Italy 28.31 5.24 1.3 18 1.75 1.14 0.626 4
37 Argentina 28.11 11.71 0.9 18.8 0.86 2.11 0.482 6
38 Russia 28.02 10.11 0.6 23 7.87 6.89 0.788 7
39 Colombia 27.69 12.52 0.5 16.4 0.52 2.01 0.569 4
40 Poland 27.36 5.83 0.8 19.9 1.23 1.73 0.622 4
41 Hungary 27.30 7.28 0.8 20.2 0.3 4.19 0.534 6
42 Mexico 27.17 10.49 0.7 19.5 0.73 1.43 0.66 4
43 Croatia 27.09 3.66 1.8 15.2 0.05 1.91 0.59 5
44 Germany 26.48 3.41 3 15.7 1.11 0.91 0.679 7
45 Austria 25.76 2.94 1.4 12.3 0.12 0.84 0.639 3
46 Spain 24.12 5.14 0.8 18.6 1.1 1.56 0.718 4
47 Turkey 23.20 8.94 0.8 15.6 1.82 2.17 0.581 6
48 Belgium 21.03 4.11 0.4 13.5 0.07 0.97 0.671 3
49 Czech Republic 20.37 5.68 0.5 10.9 0.34 1.44 0.609 4
50 Australia 16.34 5.47 0.8 14.5 0.37 0.88 0.824 5
51 Singapore 15.13 8.18 0.8 8.5 0.14 1.61 0.925 4
52 Netherlands 15.00 3.71 0.6 8.1 0.32 1.06 0.76 4
53 United Kingdom 14.15 3.68 0.7 10.5 1.07 0.88 0.783 5
54 Sweden 13.78 3.15 0.4 11 0.45 1.31 0.733 5
55 Ireland 13.41 3.73 0.5 7.9 0.06 0.85 0.675 5
56 United States 12.20 7.68 0.5 10.3 4.47 0.71 0.919 5.5
57 Denmark 12.04 1.98 0.4 5.9 0.04 0.61 0.617 5
58 Canada 11.19 3.91 0.4 14.3 0.47 0.81 0.818 6
59 France 10.58 4.72 0.4 16.2 0.67 1.12 0.819 7
60 Japan 8.81 1.34 0.5 8.3 1.23 1.1 0.786 6

 

What can we take away from these findings?

Despite some countries having clear strengths and weaknesses, there is definite room for improvement in each and every one. Whether they need to strengthen their legislation or users need help putting better protections in place on their computers and mobiles, there’s still a long way to go to make our countries cyber secure.

Plus, as the landscape of cybersecurity constantly changes (cryptominers are growing in prevalence, for example), countries need to try and get one step ahead of cybercriminals.

Sources:

https://securelist.com/it-threat-evolution-q3-2018-statistics/88689/

https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2017-R1-PDF-E.pdf

https://csis-prod.s3.amazonaws.com/s3fs-public/Cyber_Regulation_Index.pdf?4tIe15nR2.LSc8dh9ztuvwpohH1t4dHF

https://www.comparitech.com/fr/blog/vpn-privacy/cybersecurity-by-country/

Russia is set to DISCONNECT from the internet temporarily as part of preparations for a potential cyber war

  • Brief test ‘disconnecting’ Russia from the internet set to take place before April 1
  • Reports claim move is part of preparations for a potential cyber-war in the future
  • Russia has been accused of carrying out a series of cyber-attacks in recent years, prompting NATO and its allies to threaten the country with sanctions 

Russia is set to disconnect from the internet temporarily as part of preparations for a potential cyber-war in the future, it has been claimed.

The test – set to take place before April – will see data passing between organisations and Russian citizens remain inside the country instead of being routed internationally.

It comes after a law was introduced to Russia’s parliament last year mandating technical changes required to allow Russia’s internet to operate independently.

April 1 has reportedly been set as the deadline for submitting amendments to the draft law – dubbed the Digital Economy National Program – but the timing of the test has yet to be set in stone, it has been reported.

Under the law, Russia’s internet service providers (IPSs) would be required to ensure the independence of the country’s Runet internet space should foreign powers attempt to isolate the nation online.

Russia has been accused of carrying out a series of cyber-attacks in recent years,  prompting NATO and its allies to threaten sanctions.

The country’s ISPs are said to be broadly supportive of the goals of the law but disagree over how it could be implemented.

There are, however, fears among the providers that such a test could also cause ‘major disruption’, according to ZDNet.

The law could also see Russia creating its own version of the internet’s address system, or DNS, with the idea being it could still operate if links to servers located abroad are disconnected.

A dozen organisations oversee the root servers for DNS – none of them based in Russia, the BBC reports.

In October, Britain publicly accused Russia’s military intelligence service of carrying out a campaign of reckless and destabilising cyber-attacks across the world.

Foreign Secretary Jeremy Hunt said the Kremlin had been working in secret to wage indiscriminate and illegal cyber-attacks on democratic institutions and businesses.

In a damning charge sheet, the Government firmly pinned the blame for a string of cyber-attacks on the GRU, the organisation also accused of poisoning double agent Sergei Skripal.

The Foreign Office said the National Cyber Security Centre had assessed with ‘high confidence’ that the GRU was ‘almost certainly’ responsible for multiple attacks which have cost economies millions of pounds.

It added: ‘Given the high confidence assessment and the broader context, the UK Government has made the judgment that the Russian government – the Kremlin – was responsible.’

Hacks included those on the governing body of the Democratic Party in the US, the World Anti-Doping Agency, metro systems and airports in Ukraine, Russia’s central bank and two Russian media outlets.

Source | https://www.dailymail.co.uk/news/article-6691735/Russia-set-DISCONNECT-internet-temporarily-preparations-potential-cyber-war.html?ito=social-facebook

Data leak exposes 773 million email addresses and 21 million passwords

A collection of files containing around 773 million unique email addresses and 21 million unique passwords was leaked on the Mega Cloud service, claims security researcher Troy Hunt.

However, the massive collection has since been removed from the platform. According to Hunt, the data dump he dubs “Collection #1”, includes over 12,000 separate files and is more than 87GB in size.

It contained 772,904,991 email addresses and 21,222,975 passwords, allegedly from many legitimate breaches that Hunt recognises in that list.

He adds that it is also entirely possible that some of them are from services that haven’t actually been involved in a data breach at all.

“It’s made up of many different individual data breaches from literally thousands of different sources,” says Hunt, the founder of Have I Been Pwned service which allows users to check if their accounts have been compromised in data breaches.

Hunt says that his own personal data is in the collection and that it is accurate. “Right email address and a password I used many years ago,” he says.

You can go to Have I Been Pwned and Pwned Passwords to check if your email addresses or passwords are in the lists. If they are, then change your passwords immediately, says Hunt.

“People take lists like these that contain our email addresses and passwords and then they attempt to see where else they work. The success of this approach is predicated on the fact that people reuse the same credentials on multiple services,” he says.

“Perhaps your personal data is on this list because you signed up to a forum many years ago you’ve long since forgotten about, but because its subsequently been breached and you’ve been using that same password all over the place, you’ve got a serious problem.”

According to Hunt, when hackers have access to huge numbers of login data they would employ bots to access multiple services with the same information, a technique called credential stuffing.

Hunt also adds that websites usually experience a spike in login attempts, some as many as three times, after a massive data breach.

This data leak goes to show that no one should be reusing their old passwords for new services. If you are, now is the time to change that.

Source | https://www.thestar.com.my/tech/tech-news/2019/01/18/773-million-email-addresses-and-21-million-passwords-affected-in-new-breach/#WDFjSVgfszJPUbpz.99