By Harriet Ellis, Research Analyst and Administrative Assistant, Future Conflict and Cyber Security, and Samantha Hoffman, Research Consultant, Future Conflict and Cyber Security and Defence and Military Analysis.
SPECIAL UPDATE - GLOBAL RANSOMWARE EPIDEMIC
- An outbreak of Wanna Decryptor (also known as WannaCry, Wanna Crypt and WannaCrypt0r) which exploits a vulnerability in Windows operating systems, caused widespread disruption at companies, organisations and government agencies around the world; Europol estimates there have been about 200,000 victims in at least 150 countries.
- Notable victims included National Health Service trusts in the United Kingdom; the Ministry of the Interior in Russia; a telecommunications firm in Spain; over 29,000 institutions in China; the healthcare sectors in Egypt and Iran; car factories in France, Romania and Slovenia and an energy company in Kazakhstan.
- The vulnerability that this exploit uses was allegedly developed by the United States National Security Agency, and was leaked in mid-April by a hacking group called Shadow Brokers. Microsoft had patched the vulnerability in mid-March, but the patch was not available for older operating systems. In a ‘highly unusual’ step, Microsoft issued a patch for XP, Windows 8 and Windows Server 2003 after the attack.
- Microsoft president and chief legal officer Brad Smith called the ransomware attack a ‘wake-up call’, criticising the tendency of governments to stockpile vulnerabilities. Russian President Vladimir Putin, whose country was among the worst affected, blamed US intelligence services. Australia’s top cyber security adviser has rejected calls for governments to modulate their offensive cyber capabilities.
- Shadow Brokers stated that they have additional exploits for sale.
- It is so far unclear who is behind the attack, which has made over $70,000 USD, however some experts have suggested North Korea may be responsible.
National law and policy
- Vladimir Putin approved Russia’s Strategy for the Development of the Information Society, which promotes the use of homegrown encryption, software and hardware.
- The US Senate Intelligence Committee held a hearing on global threats.
- Donald Trump signed an executive order on strengthening the cyber security of federal networks and critical infrastructure.
- An assessment of the Netherlands’ ‘cyber readiness’ has been released.
- Ukraine’s president signed a National Security and Defense Decree that would block access to popular Russian websites.
- The Canadian government’s Communications Security Establishment began an assessment of how foreign hackers could pose a threat to the country’s political process.
- Thailand’s Internet Service Provider Association is under pressure from the government to shut down access to Facebook after the company failed to take down all images of the Thai king wearing a crop top. This follows reports last week that the company had geoblocked the video, in accordance with Thailand’s strict lese-majesty laws. Additionally, the National Reform Steering Assembly deliberated on cyber security legislation. proposed legislation would set up a National Cyber Security Committee and give authorities power to access private computer systems.
- FireEye published a report on APT32, also known as OceanLotus, which it said has conducted targeted operations aligned with Vietnamese state interests since at least 2014.
- Australian Defence Secretary Dennis Richardson accused China of spying on Chinese communities in Australia and of controlling Chinese-language media outlets in Australia.
- South Korea’s special prosecutor investigating corruption hired two cyber security firms to protect the investigation.
- The Slovakian government will work with NATO to draft a national cyber law defining responsibilities of individual ministries and institutions.
- Georgia, Turkey and Azerbaijan signed a defence deal, and discussed strengthening cooperation on cyber security and counter terrorism.
- Russian Telecom and Mass Communication Minister said Russia is interested in cooperating with Iran on cyber security.
- Tonga became the first Pacific country to accede to the Budapest Convention on Cybercrime.
- The European Union Chamber of Commerce in China wrote a letter to the country’s Cyberspace Administration criticising the cyber security law due to take effect on 1 June. Separately, 54 global business groups signed a joint letter urging the postponement of the law’s enforcement.
- The third Transform Africa Summit was held in Kigali, Rwanda, convening regional government leaders, private sector and development partners. Several technology sector agreements were signed. Rwanda introduced a ‘Smart Cities Blueprint,’ which would guide regional ICT initiatives.
- The UN Office on Drugs and Crime launched a training programme to address cryptocurrency-enabled cybercrime.
- Digital forensics experts from Europol’s European Cybercrime Centre called for the adoption of a standard data format, the Cyber-investigation Analysis Standard Expression (CASE).
- Ukrainian government soldiers fighting pro-Russia separatists have been receiving text messages that use threats and disinformation since 2014, news agency reports; it said the tools being used appear directly linked to the Russian government.
- Romania held national cyber security exercise CyDEx17, which was organised by the Romanian Intelligence Service in partnership with other agencies including the National Defence Ministry, Internal Affairs Ministry and Foreign Affairs Ministry.
- The US Army held training exercises to test resilience to advanced cyber-enabled weapons.
- The Pentagon’s Project Maven is developing artificial intelligence capable of searching aerial surveillance footage to produce actionable intelligence to support the fight against Islamic State.
- The Israel Defense Force is abandoning plans for a unified cyber command.
- Microsoft announced it will contribute $5 million USD to the United Nations Office of the High Commissioner for Human Rights over a five-year period. This partnership will develop new technologies that can better predict, analyse and respond to human rights crises.
- Germany’s federal cyber agency has accused Yahoo of refusing to cooperate with their investigation into user information breaches suffered by the company between 2013 and 2016.
- The CEO of a Chinese tech company says Facebook would need at least 20,000 human reviewers for video content alone if it were to expand into the country.
- Russia restored access to Chinese messaging app, WeChat, after the company provided mandated contact details to Russian authorities.
- Documents, reportedly from Romania’s Ministry of Foreign Affairs, show that Russian-linked hacking group APT28 spoofed NATO email addresses in an attempt to hack the Romanian government.
- US cyber security company TrapX said it defended a military contractor’s network against an attempted attack over a period of 18 days in April. The hackers were believed to be Iranian and, in a departure from previous tactics, using a tool set developed and sold by a known Russian cybercriminal.
- Cyber security firm Area 1 said President Obama and his staff were targeted by Russian cyberespionage actors as early as 2007.
- The public website of Norway’s Police Security Service was taken down with a denial of service attack.
- UK Minister of Defence Michael Fallon said the country has set aside £1.9 billion to improve cyber security, of which about £50 million has gone to protecting NHS computer systems.
- Chinese hackers allegedly took down media websites in Ghana following reports that Chinese mining in the African country has disastrous environmental consequences.
- Financial messaging company SWIFT launched an Information Sharing and Analysis Centre, a portal to provide member banks with intelligence on cyber-security.
- Vietnamese President Quang called on China to invest in hi-tech projects in his country.
- Kenya signed a deal with Chinese technology firm Huawei, under which Huawei will build government cloud infrastructure for Kenya.
- Two UN special rapporteurs for human rights condemned internet shut downs in the Indian state of Jammu and Kashmir.
- In the UK, the NHS has been criticised for providing personally identifying medical records of 1.6 million patients to Google’s artificial intelligence subsidiary, DeepMind.
- Wikipedia appealed to the Turkish Constitutional Court after the company’s appeal to a local court in Turkey over the decision to block access to the website was rejected.
- Turkey’s Information and Communications Technologies Authority sent out an online survey asking what service citizens would use if WhatsApp did not exist, prompting concerns the plaftorm would be blocked in the country. Officials denied this was the case.
- Italian antitrust authorities fined WhatsApp €3 million (£2.54 million) for ‘inducing’ users to share data with Facebook through ‘excessive emphasis’ on the need to agree to new terms and conditions in an in-app upgrade that included consent to share data with Facebook. India’s Supreme Court began hearing a case over the same issue on 15 May.
- France’s regulator fined Facebook €150,000 for six violations of data protection regulations. The Dutch Data Protection Authority said an similar investigation found that the company violates national data protection law. Investigations are also underway in Belgium, Spain and Germany.