First, North Korea is no stranger to the espionage scene, with a history of spy infiltration to other nations to obtain valuable information. Recently, the hermit kingdom has adopted cyberwarfare to hone its already formidable spy networks.

Mastermind behind “WannaCry”

Apparently, North Korea was asserted by the United States, United Kingdom and Australia behind the attack of the ransomware crypto-worm that affected about 200,000 computers across 150 countries last year.

It was one of the most unprecedent ransomware incident that occurred in history since its initial outbreak over the May 12-15, 2017 period. One of its most famous victims was the UK’s National Health service hospitals in England and Scotland where over 70,000 devices were affected. However, North Korean authorities denied any wrong doings after that.

Phishing lure ahead of the Summit

In gathering more information for the Trump-Kim summit, North Korean hackers allegedly created a malware dubbed NavRAT for a campaign of phishing attacks on South Korea’s email platform.

Apparently, the malware acted as a lure for web-users interested in the US-North Korea summit as it was distributed via decoy Hangul Word Processor (HWP) documents which is a common format in South Korea with the subject line “Prospects for US-North Korea Summit.hwp.

Cisco Systems’ Talos threat intelligence division believed that the malware, NavRAT had been placed in the South Korea-based Naver Corporation’s email platform since 2016.

No to Nuclear, Yes to Cyber weapon?

In choosing to give up between nuclear arsenal and cyberwarfare, Cory Gardner, US Senator felt that North Korea will rather stick to its guns on the latter.

“There is little hope, however, that the North Koreans will give up their cyber weapons.” said Gardner on his interview with Politico ahead of the summit.

Besides, North Korea has the habit of escalating their cyberattacks in major summit event such the one between South Korean president Moon Jae-In and Kim earlier in the year. Thus, the summit between Trump and Kim will be no exception, with North Korean hackers launching te attacks, while US on the defense.

“There is no precedent for negotiating a country’s cyber capabilities away, and there would be no way to verify or enforce the agreement,” concluded Gardner.

The post Cyberwar over the Trump Kim summit appeared first on Hack Ware News.

The island-state’s four universities namely, National University of Singapore (NUS), Nanyang Technological University (NTU), Singapore Management University (SMU) and Singapore University of Technology and Design (SUTD), had reportedly came under attacked from an alleged Iranian hacking syndicate.

Not just Singapore, the whole world is targeted

Apparently, Singapore’s universities formed just one small part of the global ambitions of the alleged Iranian hackers, which were believed to build a hit list of at least 21 countries’ academics institutions.

This infamous global campaign was first uncovered by US Department of Justice which charged nine Iranians reputedly for attempting to hack 144 US and 176 foreign universities back in 23 March 2018.

The statement released by the US Department of Justice did suggest that this group of Iranian hackers had the backing of the state and linked to Iran-based firm named Mabna Institute. The hack in US drawn some similarities with the latest data breach in Singapore as the hackers targeted research papers and data across all disciplines of science and technology, medical, engineering and so on.

According to US Department of Justice, a total of 8,000 professor accounts worldwide were breached by the Iranian hackers, with nearly half or 3,768 accounts belonged to academics from US-based universities. The stolen data were believed to use to benefit the agendas of the Iran’s Revolutionary Guards.

Counter-measures taken by Singapore

In response, Cyber Security Agency (CSA) of Singapore urged the universities’ personnel to change their passwords immediately and run checks on their networks. Upon further investigation, the CSA explained that hack came as a form of phishing attack in asking users to enter in their account credentials.

These personal information were later used to gain unauthorized access in the universities’ library website to download research papers and publications. CSA stated that it will conduct further investigation and claimed that no sensitive information was being extracted through the incident.

Verdict

The HackwareNews team understands that the phishing attack is hard to prevent and often it will take collective efforts for all stakeholders of organization to act together.

On the personnel level, the user can practice vigilance on emails and not opening unfamiliar links and attachments. Moreover, the user is also advised not to post any personal data like address, phone number, birthday and holiday plans via social media which can be used against them to the hackers’ advantages. Individual user can also check the spellings of URL and adopting best practices in identifying the phishing attacks.

On the organization front, the company or institution can engage the services of pen-testing firms to identify vulnerability in information system and use the findings to create awareness and rectify them.

The post University: The Next Battleground for hackers? appeared first on Hack Ware News.

Data protection is the best foot forward

Israel is indeed a land of startups, with over 544 start-up companies offering cyber security services, based on data of Startup National Organization. These cyber security companies are also among the most lucrative as compared to startup of various other fields such as fintech companies, transportation, ecommerce, digital-healthcare and so on. According to Startup National Organization, the Israelis cyber-security firms attracted around USD 847.3 million so far this year, far eclipsing the next competitor, fintech at USD 402.3 million.

Why investing on cyber-security firms?

Having an increasing inter-connected world of nodes, an aspiring start up nationwide must first secure its data, encrypted sensitive information, protect intellectual property before reaping the profits from various commercial operations. That’s the reason why cyber-security firms have gotten much funding even more than the e-commerce and various financial technology start up.

Just in 2015, the cyber-attacks have been increased by 38% year-on-year or with an average of 161,927 attacks per day according to data gathered Startup National Organization. This figure is likely to grow yearly, as with more cyber-attacks expected to cost business at an average cost of USD 3.58 million per year. Plus, there is increasing attacks on government agencies on a daily basis at an alarming rates. Thus, it was estimated to the total costs of cyber-crime to the global economy at around USD 375-575 billion yearly.

Windfall investment for cyber-security firms

With much demands on cyber-security services, cyber-security firms have become a darling among the investors. For instances, the Israeli cyber-security firms drew 15% of the world’s investment meant for cyber-security sector. Furthermore, among the world’s top ten cyber-security firms, two of them hailed from Israel namely, Check Point and Cyber Ark with net worth of USD1.6 billion and USD1.8 billion respectively.

Having received much accolades for cyber security investment, Israel has become the home of Research & Development centers to global brand names like IBM, Oracle, Microsoft, Amazon.com Citibanks and so on. Collectively, the Israeli-based cyber security firms accounted 5% of the global market share, second only to the US.

The moral of story for Start-up nation wannabee?

Following the shadows of the trail-blazing Israel, the first step of cementing the start-up nations seem to focus on the security issues first. The more secured the platform, will give the talented programmers more confidence to use their creativity to develop new programmes.

Then, these new programmes need to be protected and be made safe from hacking to preserve data integrity.  Given the lucratively market of cyber-security sector, do not be surprised if Singapore decide to change course mid-way and focus on being a cyber security powerhouse instead.

The post Lessons draw from Start-up Nation appeared first on Hack Ware News.

In cybersecurity or rather cyber-warfare, funds are needed to upgrade hardware, technology and communications before assembling trained men dedicated to defend or attack. Recently, the United States (US) government has put this strategy to broad uses much like the military rearmament for any foreseeable future cyber-warfare.

Cyber-warfare policy worth USD700 billion

On Monday, 18 Sep 2017, the US Senate has passed a bill worth a “whoppy” USD700 billion war chest to create the country’s first ever cyber warfare policy. The draft was dubbed as a defense authorization bill and involved the use of offensive digital weapons as well as spending USD500 million in the modernization of federal information technology.

The modernization and technological software upgrade will come as handy as previously the US government sector was ranked lowly, at the bottom two places or 16th out of 18 industries compiled by the SecurityScorecard, a security risk rating agency.

Protection of strategic resources.

After the pumping many greenbacks into development of offensives cyber-weapons, US has also developed battle plans in protecting strategic resources of raw materials like oil and natural gases.

As such, the US Department of Energy (DOE) had introduced 20 cybersecurity projects to protect the American electric grid, and oil and natural gas infrastructure. Award up to USD50 million will be granted by DOE to support early stage research and development of next-generation tools and technologies in protection of strategic energy resources.

So far, the department has invested more than USD270 million over the past seven years in cybersecurity research development, and demonstration projects that are led by industry, universities and DOE’s National Laboratories.

Australia joins the rearmament race

US is not alone in the rearmament race of cybersecurity, the Australian government has pledged AUD50 million (USD39.7 million) over the seven years to build up its cyber security capability through a new cybersecurity cooperative research centre (CRC).

Additional funding of AUD89 million or USD70.8 million for the CRC will come from other channels such as from around 25 industry players, research and government partners. All these funds are part of the grander Australia’s AUD 240 million Cyber Security Strategy which formed the defensive shield in preventing attacks from any state-sponsored attackers or from any organized crime syndicates. Furthermore, the country has branched out to liaise with its “cyber-allies” in the region such as Singapore for a “joint cybersecurity exercise.”

Small is beautiful

Cybersecurity funds for Australia may seem like a dwarf as compared to more holistic “defense and attack” strategy adopted by US. But the notion is clear, each country should do its part and set aside resources for cybersecurity.

As a city-state, Singapore plays its part in cybersecurity with an upfront injection of USD12 million under its National Cyber Security R&D Program. The funding will go to finance around 9 public-private research projects in data protection and encryption as well as analysis report on malware attacks. The island-nation has recently prioritized cybersecurity in its borders and the topic even make it ways into its National Budget 2017.

Small it may be, but cybersecurity in Singapore is armed to its teeth. The city-state is ranked high and always placed among the top ten attacking countries by Threatmap, a web agency that tracks malicious cyber-attacks across the globe. In 18^th to 19^th September 2017, Singapore was even crowned as “numero uno” consecutively for being the top cyber attacker of the world.

The post Rearming for Cyber-warfare appeared first on Hack Ware News.

The website tracks malicious cyber-attacks across the globe and consistently ranked the top aggressors in cyber-attacks. One glance on the list of top ten attacking countries, one will find the great powers of the world pitting each other for glory and honors in the cyberspace.

However, a nation or rather a city-state stood out from the rest of big countries with likes of USA, Russia, UK, Germany and China. Surprise, surprise… the city-state is none other than Singapore.

Singapore ranks 4th in the pecking order

According to Threatmap, the island-nation is placed on the fourth position among the top attacking countries. Singapore has held the same position rather consistently over the past two weeks, which saw almost an average cyber-attacks of 14 million cases over the world daily.

The first place in the hit-list among the Singaporean hackers is reserved for USA and the city-state is likely to inflict its target with tons of malwares. By computation, Singapore’s favorite weapons of choice belongs to access to malicious resources at 61.7%, followed by bot communication at 30.3%, then malicious file transfer at 0.9% and others malwares at 7.1%.

Meanwhile, the “numero uno” or first-place among the top attacking countries is conferred to Russia which infects other machines and global networks mostly with bot communications. Ironically, Russia is also placed consistently as the number one target by hackers all over the world.

The Best Defense is a Good Offense

Despite its small size, Singapore has proven to the best pound-for-pound fighter in term of cyber security, thanks to a long term vision and good executions. As the saying goes, offense is the best defense, Singapore has threw its weight against bigger opponents by taking the first initiative.

For instance, the country first launched a cybersecurity master plan back in 2005. A decade later, the nation established a specialized bureau named Cyber Security Agency of Singapore to shore up its cybersecurity defense and capability.

Just last year, Singapore declared its ambition in becoming a Smart Nation and the first priority drawn out for this master plan depends on the creation of a safer cyberspace in protecting key installations and services.

“Singapore aspires to be a Smart Nation. But to be a Smart Nation, we must also be a safe, cyber nation,” said Lee Hsien Loong, the Prime Minister of Singapore.

“We must get cybersecurity right, to capture the benefits of a more connected world.” the prime minister added.

UN rates Singapore “Numero Uno” in cybersecurity strategy

Having a strategic plan is half the battle, the key for success will lie solely on executions and more executions. Thus, the city-state’s showing on the field of cyber-security did not goes unnoticed and was recently ranked number one by the United Nations (UN) by possessing a better overall cyber-security approach.

The ranking survey was conducted by UN International Telecommunication Union (ITU) which rates countries’ cyber-security readiness over facets such as legal, technical and organizational institutions, educational and research capabilities and cooperation in information-sharing networks.

In achieving another “first”, the city-state’s accolade has surpassed US and other wealthy, developed countries like Australia, Canada, France, Malaysia and so on. In the list, US was ranked at second place, while big nations like Russia was placed at 11^th, Germany at 24^th, followed by India at 25^th and finally China at 34^th.

Verdict

Perhaps other wealthier nations have yet to create the awareness of cyber-security and thus did not channel much resources toward the sector. Singapore has uniquely seized this advantage under the noses of much powerful countries and played to its strength.

In fact, the city-state’s cyber strategy resembled the US military campaign in Iraq, namely “Clear, Hold and Build.” First, clear all existing known threats, then hold the ground with the right trainings of personnel plus hardware and finally build up a business community there. So are you game enough to join this grand campaign of cyber-security?

The post Singapore: A top hacking nation appeared first on Hack Ware News.

hackwarenews

Japan to set up cyber security bureau

Recently, Seiko Noda, the Internal Affairs and Communications Minister of Japan stated that there is a “growing risk” for machines and equipment to be hijacked by digital means.

We will make stronger efforts in (cyber security) talent development and other cyber security issues,

commented Noda during an interview with The Nikkei.

The urgency of cyber security was felt as Noda takes the matter into Japan’s fiscal 2018 budget draft to provide funding for the creation of a bureau specialized in cyber security. In addressing this new frontier, the Japanese policy-makers realized that they are way behind tech-leaders such as U.S. and Israel in term of attracting potential cyber-security talents and personnel.

U.S. Government ranks 16 out of 18 in SecurityScorecard report

Despite being top of the game in technology-wise, Japan is not the country that unprepared for cyber-security. In fact, the U.S. government was inadequate for the task as well in protection of sensitive information and digital data, according to SecurityScorecard, a security risk rating agency.

In a recent report from SecurityScorecard, the agency placed the U.S. government on the 16th position when comparing it with the security practices of 18 industries. For the report, SecurityScorecard reportedly reviewed 552 local, state, and federal organizations to see how their security practices stacked up across 10 key categories.

The two industry ranked behind the U.S. government are namely telecom and finally sitting at the last place, education sector.

However, historical records from SecurityScorecard showed the U.S. government actually improved its rating for languishing at the bottom place before moving two places up to 16th.

ENISA seeks funds to manage European cyber security

The European countries felt the heat too in shoring up their defense against malicious cyber-attacks. Interestingly, debt-ridden Greece raised the issue in European Commission seeking for more funding on cyber security for Athens-based European Union Agency for Network and Information Security (ENISA).

According to Vassilis Maglaras, the secretary general for communications of Greece’s ministry for digital policy, told local media that the ENISA should take on a “bigger role” and “only role” in cyber security of European Union (EU). To expand its scope, the ENISA needs fresh funding which currently is capped at EUR 11 million annually.

“It’s an organization (ENISA) that had a mandate that was irrelevant 15 years ago, it was very small because the info-communication technology sector was not so developed. But now it’s a very huge issue so it has to have more money,” explained Maglaras.

In his opinion, a stronger, better funded ENISA is equivalent to safer Europe, not just to Greece alone. However, one of the main barriers for an integrated cyber-security system pointed to the unwillingness of each EU member to share sensitive information with ENISA.

However, all these will change when a new ruling for EU cyber security legislation comes into effect next year where EU members are required to open up and share more information.

Asia unites in cyber defense

Closer to home, Indonesia and Australia have both initiated steps in cybersecurity measures and both initiatives are linked with the city-state of Singapore. For instance, the Singaporean government has invited Joko “Jokowi” Widodo, Indonesian president for the upcoming Singapore International Cyber Week 2017, held during 18-21 September 2017.

Since we have established a national cyber agency, we will need more input. So I’m interested to attend the event in Singapore to talk about cyber security issues. Jokowi told local media.

Since June 2017, Indonesia has inaugurated its national cyber agency named Cyber Body and National Encryption Agency (BSSN) and the agency is scheduled for operation by September 2017.

Similarly, Singapore has also established agency specialized in mitigating cyber risks, called the Cyber Security Agency (CSA) of Singapore. The CSA has then signed an agreement with Australia’s Cyber Security Agency in cooperation for protection of critical information infrastructure.

Under the agreement, both countries will hold “joint cybersecurity exercise” to test their capability in facing the common threat. In addition, the two countries have in mind to host a “cyber-risk reduction workshop” for all the countries in the Association of Southeast Asian Nations (ASEAN) by the end of 2017.

Verdict

As the saying goes, out of adversity comes opportunity. In this case, it seems that in face of adversity, countries unite to fight a common enemy, namely cyber threats. Indeed, this new threat that cyber threats pose can be anonymous, faceless, cross boundaries and yet bring devastating losses to data integrity, financial wealth and even safety of human lives.

The world leaders have since recognized this threat and pitch a defense plan against it. However, the best form of defense actually start from the individual, thus – Are you prepared for cyber-warfare?

The post Ghost in the Shell: Countries step up on cybersecurity appeared first on Hack Ware News.