Menu

Timesdelhi.com

March 19, 2019
Category archive

Cyberwarfare

The responsibility for a sustainable digital future

in articles/Column/computer security/cryptography/cybercrime/Cyberwarfare/Delhi/e-commerce/Europe/Facebook/France/G7/Getty-Images/India/national security/Paris/Politics/Tim-berners lee by

On March 12, 2019, we celebrate the 30th anniversary of the “World Wide Web”, Tim Berners-Lee’s ground-breaking invention.

In just thirty years, this flagship application of the Internet has forever changed our lives, our habits, our way of thinking and seeing the world. Yet, this anniversary leaves a bittersweet taste in our mouth: the initial decentralized and open version of the Web, which was meant to allow users to connect with each other, has gradually evolved to a very different version, centralized in the hands of giants who capture our data and impose their standards.

We have poured our work, our hearts and a lot of our lives out on the internet. For better or for worse. Beyond business uses for Big Tech, our data has become an incredible resource for malicious actors, who use this windfall to hack, steal and threaten. Citizens, small and large companies, governments: online predators spare no one. This initial mine of information and knowledge has provided fertile ground for dangerous abuse: hate speech, cyber-bullying, manipulation of information or apology for terrorism – all of them amplified, relayed and disseminated across borders.

Laissez-faire or control: between Scylla and Charybdis

Faced with these excesses, some countries have decided to regain control over the Web and the Internet in general: by filtering information and communications, controlling the flow of data, using digital instruments for the sake of sovereignty and security. The outcome of this approach is widespread censorship and surveillance. A major threat to our values ​​and our vision of society, this project of “cyber-sovereignty” is also the antithesis of the initial purpose of the Web, which was built in a spirit of openness and emancipation. Imposing cyber-borders and permanent supervision would be fatal to the Web.

To avoid such an outcome, many democracies have favored laissez-faire and minimal intervention, preserving the virtuous circle of profit and innovation. Negative externalities remain, with self-regulation as the only barrier. But laissez-faire is no longer the best option to foster innovation: ​​data is monopolized by giants that have become systemic, users’ freedom of choice is limited by vertical integration and lack of interoperability. Ineffective competition threatens our economies’ ability to innovate.

In addition, laissez-faire means being vulnerable to those who have chosen a more interventionist or hostile stance. This question is particularly acute today for infrastructures: should we continue to remain agnostic, open and to choose a solution only based on its economic competitiveness? Or should we affirm the need to preserve our technological sovereignty and our security?

Internet of Things connecting in cloud over city scape.

Photo courtesy of Getty Images/chombosan

Paving a third way

To avoid these pitfalls, France, Europe and all democratic countries must take control of their digital future. This age of digital maturity involves both smart digital regulation and enhanced technological sovereignty.

Holding large actors accountable is a legitimate and necessary first step: “with great power comes great responsibility”.

Platforms that relay and amplify the audience of dangerous content must assume a stronger role in information and prevention. The same goes for e-commerce, when consumers’ health and safety is undermined by dangerous or counterfeit products, made available to them with one click. We should apply the same focus on systemic players in the field of competition: vertical integration should not hinder users’ choice of goods, services or content.

But for our action to be effective and leave room for innovation, we must design a “smart regulation”. Of course, our goal is not to impose on all digital actors an indiscriminate and disproportionate normative burden.

Rather, “smart regulation” relies on transparency, auditability and accountability of the largest players, in the framework of a close dialogue with public authorities. With this is mind, France has launched a six-month experiment with Facebook on the subject of hate content, the results of which will contribute to current and upcoming legislative work on this topic.

In the meantime, in order to maintain our influence and promote this vision, we will need to strengthen our technological sovereignty. In Europe, this sovereignty is already undermined by the prevalence of American and Asian actors. As our economies and societies become increasingly connected, the question becomes more urgent.

Investments in the most strategic disruptive technologies, construction of an innovative normative framework for the sharing of data of general interest: we have leverage to encourage the emergence of reliable and effective solutions. But we will not be able to avoid protective measures when the security of our infrastructure is likely to be endangered.

To build this sustainable digital future together, I invite my G7 counterparts to join me in Paris on May 16th. On the agenda, three priorities: the fight against online hate, a human-centric artificial intelligence, and ensuring trust in our digital economy, with the specific topics of 5G and data sharing.

Our goal? To take responsibility. Gone are the days when we could afford to wait and see.

Our leverage? If we join our wills and forces, our values can prevail.

We all have the responsibility to design a World Wide Web of Trust. It is still within our reach but the time has come to act.

News Source = techcrunch.com

Researchers obtain a command server used by North Korean hacker group

in computer security/cyberattacks/Cyberwarfare/Delhi/Europe/Government/Hack/hacker/India/malware/McAfee/North Korea/Politics/Security/Sony/United Kingdom/United States by

In a rare move, government officials have handed security researchers a seized server believed to be used by North Korean hackers to launch dozens of targeted attacks last year.

Known as Operation Sharpshooter, the server was used to deliver a malware campaign targeting governments, telecoms, and defense contractors — first uncovered in December. The hackers sent malicious Word document by email that would when opened run macro-code to download a second-stage implant, dubbed Rising Sun, which the hackers used to conduct reconnaissance and steal user data.

The Lazarus Group, a hacker group linked to North Korea, was the prime suspect given the overlap with similar code previously used by hackers, but a connection was never confirmed.

Now, McAfee says it’s confident to make the link.

“This was a unique first experience in all my years of threat research and investigations,” said Christiaan Beek, lead scientist and senior principal engineer at McAfee, told TechCrunch in an email. “In having visibility into an adversary’s command-and-control server, we were able to uncover valuable information that lead to more clues to investigate,” he said.

The move was part of an effort to better understand the threat from the nation state, which has in recent years been blamed for the 2016 Sony hack and the WannaCry ransomware outbreak in 2017, as well as more targeted attacks on global businesses.

In the new research seen by TechCrunch out Sunday, the security firm’s examination of the server code revealed Operation Sharpshooter was operational far longer than first believed — dating back to September 2017 — and targeted a broader range of industries and countries, including financial services and critical infrastructure in Europe, the U.K. and the U.S.

The modular command and control structure of the Rising Sun malware. (Image: McAfee)

The research showed that server, operating as the malware’s command and control infrastructure, was written in the PHP and ASP web languages, used for building websites and web-based applications, making it easily deployed and highly scalable.

The back-end has several components used to launch attacks on the hackers’ targets. Each component has a specific role, such as the implant downloader, which hosts and pulls the implant from another downloader; and the the command interpreter, which operates the Rising Sun implant through an intermediate hacked server to help hide the wider command structure.

The researchers say that the hackers use a factory-style approach to building the Rising Sun, a modular type of malware that was pieced together different components over several years. “These components appear in various implants dating back to 2016, which is one indication that the attacker has access to a set of developed functionalities at their disposal,” said McAfee’s research. The researchers also found a “clear evolutionary” path from Duuzer, a backdoor used to target South Korean computers as far back as 2015, and also part of the same family of malware used in the Sony hack, also attributed to North Korea.

Although the evidence points to the Lazarus Group, evidence from the log files show a batch of IP addresses purportedly from Namibia, which researchers can’t explain.

“It is quite possible that these unobfuscated connections may represent the locations that the adversary is operating from or testing in,” the research said. “Equally, this could be a false flag,” such as an effort to cause confusion in the event that the server is compromised.

The research represents a breakthrough in understanding the adversary behind Operation Sharpshooter. Attribution of cyberattacks is difficult at best, a fact that security researchers and governments alike recognize, given malware authors and threat groups share code and leave red herrings to hide their identities. But obtaining a command and control server, the core innards of a malware campaign, is telling.

Even if the goals of the campaign are still a mystery, McAfee’s chief scientist Raj Samani said the insight will “give us deeper insights in investigations moving forward.”

News Source = techcrunch.com

With cybersecurity threats looming, the government shutdown is putting America at risk

in agriculture/America/China/Column/computer security/cybercrime/Cyberwarfare/Delhi/Department of Homeland Security/Federal government/Finance/Food/Government/India/Internal Revenue Service/Iran/national security/North Korea/Politics/presidential election/Russia/Security/United States by

Putting political divisions and affiliations aside, the government partially shutting down for the third time over the last year is extremely worrisome, particularly when considering its impact on the nation’s cybersecurity priorities. Unlike the government, our nation’s enemies don’t ‘shut down.’ When our nation’s cyber centers are not actively monitoring and protecting our most valuable assets and critical infrastructure, threats magnify and vulnerabilities become further exposed.

While Republicans and Democrats continue to butt heads over border security, the vital agencies tasked with properly safeguarding our nation from our adversaries are stuck in operational limbo. Without this protection in full force acting around the clock, serious extraneous threats to government agencies and private businesses can thrive. This shutdown, now into its fourth week, has crippled key U.S. agencies, most notably the Department of Homeland Security, imperiling our nation’s cybersecurity defenses.

Consider the Cybersecurity and Infrastructure Security Agency, which has seen nearly 37 percent of its staff furloughed. This agency leads efforts to protect and defend critical infrastructure, as it pertains to industries as varied as energy, finance, food and agriculture, transportation, and defense.

As defined in the 2001 Patriot Act, critical infrastructure is such that, “the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.” In the interest of national security, we simply cannot tolerate prolonged vulnerability in these areas.

Employees who are considered “essential” are still on the job, but the loss of supporting staff could prove to be costly, in both the short and long term. More immediately, the shutdown places a greater burden on the employees deemed essential enough to stick around. These employees are tasked with both longer hours and expanded responsibilities, leading to a higher risk of critical oversight and mission failure, as weary agents find themselves increasingly stretched beyond their capabilities.

The long-term effects, however, are quite frankly, far more alarming. There’s a serious possibility our brightest minds in cybersecurity will consider moving to the private sector following a shutdown of this magnitude. Even ignoring that the private sector pays better, furloughed staff are likely to reconsider just how valued they are in their current roles. After the 2013 shutdown, a significant segment of the intelligence community left their posts for the relative stability of corporate America. The current shutdown bears those risks as well. A loss of critical personnel could result in institutional failure far beyond the present shutdown, leading to cascading security deterioration.

This shutdown has farther reaching effects for the federal government to attract talent in the form of recent college grads or those interested in transitioning from the private sector. The stability of government was once viewed as a guarantee compared to the private sector, but work could incentivize workers to take their talents to the private sector.

The IRS in particular is extremely vulnerable, putting America’s private sector and your average taxpayer directly in the crosshairs. The shutdown has come at the worst time of the year, as the holidays and the post-holiday season tend to have the highest rates for cybercrime. In 2018, the IRS reported a 60 percent increase in email scams. Meanwhile, as the IRS furloughed much of its staff as well, cyber criminals are likely to ramp up their activity even more.

Though the agency has stated it will recall a “significant portion” of its personnel to work without pay, it has also indicated there will be a lack of support for much beyond essential service. There’s no doubt cybercriminals will see this as a lucrative opportunity. With tax season on the horizon, the gap in oversight will feed directly into cyber criminals’ playing field, undoubtedly resulting in escalating financial losses due to tax identity theft and refund fraud.

Cyberwarfare is no longer some distant afterthought, practiced and discussed by a niche group of experts in a backroom. Cyberwarfare has taken center stage on the virtual battlefield. Geopolitical adversaries such as North Korea, Russia, Iran, and China rely on cyber as their most agile and dangerous weapon against the United States. These hostile nation-states salivate at the idea of a prolonged government shutdown.

From Russian interference in the 2016 presidential election to Chinese state cybercriminals breaching Marriott Hotels, the necessity  to protect our national cybersecurity has never been more explicit.

If our government doesn’t resolve this dilemma quickly, America’s cybersecurity will undoubtedly suffer serious deterioration, inevitably endangering the lives and safety of citizens across the nation. This issue goes far beyond partisan politics, yet needs both parties to come to a consensus immediately. Time is not on our side.

News Source = techcrunch.com

A look back at the Israeli cyber security industry in

in british airways/Cisco/cisco systems/cloudlock/Co-founder/Column/computer security/computing/CTO/CyberArk/cybercrime/Cyberwarfare/Delhi/Entrepreneur/executive/Facebook/IDF/Imperva/India/Internet of Things/IoT/Israel/national security/palo alto networks/Politics/SECDO/Sygnia/Technology/temasek/thoma bravo/Twistlock/YL Ventures by

2018 saw a spate of major cyber attacks including the hacks of British Airways, Facebook and Marriott. Despite growing emphasis on and awareness of cyber threats, large organizations continue experiencing massive data breaches. And as the world becomes increasingly connected (cars and medical devices, among others), attack vectors are evolving and exposures multiply.

The Israeli cybersecurity industry has long been recognized as a hotbed for innovative solutions, and 2018 to be yet another strong year. Early stage companies raised more money than ever before to tackle emerging security threats like protecting the proliferating number of internet-connected devices and enabling blockchain technologies to thrive in more secure environments.

Growing seed rounds chasing greenfield opportunities

In 2018, the total amount of funding for Israeli cybersecurity companies across all stages grew 22 percent year-over-year to $1.03B. This closely matched the funding trends of 2016 and 2017 that each saw 23 percent year-over-year growth in funding amount. At the same time, 2018 saw 66 new companies founded, an increase of 10 percent over 2017, which represented a rebound after a dip last year (60 new companies in 2017 vs. 83 in 2016). Notably, average seed round increased to $3.6M in 2018 from $3.3M in 2017. 2018 marked the fifth consecutive year the size of Israeli cyber seed rounds grew. Since 2014, the average seed round size has increased 80 percent.

With industry growth metrics of Israeli cybersecurity up across the board in 2018, 2017’s dip in new cyber startups appears to have been an outlier. Not only does entrepreneurial interest in cyber look to be on the rise, investor enthusiasm, especially at the early stages, signals a market brimming with opportunity. Growing round sizes are interesting, but more revealing is following where this capital is flowing.

Emerging fields supplanting “traditional” technologies

The top emerging fields among new startups in 2018 included new verticals within IoT security, security for blockchain and cryptocurrencies, cloud-native security and SDP (Software Defined Perimeter). These nascent verticals drew considerably more attention than more “traditional” cyber sectors such as network security, email security and endpoint protection. Of all the emerging sectors, IoT drew the most investment with funding reaching $229.5M across all stages. What makes IoT particularly interesting is its continual branching into various new sub-domains including automotive, drones and medical devices.

Shai Morag, CEO and co-founder of Secdo, an Israeli cybersecurity firm acquired for $100M by Palo Alto Networks in mid-2018, sees these trends accelerating. “Innovation is going to keep happening in these areas for the next few years. We’ll also see innovation in third-party supply-chain risk assessment and management. Another wide-open field for innovation is SMBs. They are an underserved market hungry for full-stack solutions. These emerging fields are where I’m seeing the most excitement.”

Breaking out data on seed round funding into cyber startups targeting emerging vs. traditional markets reveals an even more pronounced growth trend. 2018’s aggressive early stage funding rounds disproportionately focused on companies pursuing emerging fields within cybersecurity. Of the 33 seed rounds raised in 2018, 20 (61 percent) went to companies in emerging fields. Even more striking, the sum of all seed rounds for emerging tech companies in 2018 was $79M, a 76 percent year-over-year increase. The numbers are clear, there is overwhelming investor interest in emerging cyber tech.

For example, the two largest seed funding rounds this year were in the IoT security domain. VDOO, founded by ex-Cyvera entrepreneurs (acquired by Palo Alto Networks in 2014 for $200M) and which develops security solutions for IoT vendors, raised an abnormally high seed round of $13M. Toka Cyber has secured $12.5M seed funding from Andreessen Horowitz and others, to develop and expand their IoT cybersecurity platform for governmental agencies. Twistlock, a pioneer developer of cloud-native security solutions raised $33M series C this year. BigID which protects sensitive data in light of GDPR and other privacy regulations raised both A ($14M) and B ($30M) rounds during 2018.

As the more traditional cybersecurity markets continue to consolidate and mature, prospects dim for “me too” cyber startups. We see that the industry still faces pressing problems in need of innovative solutions. Looming labor shortages, GDPR and other global data privacy legislation and the IoT explosion, are major challenges presenting substantial opportunities to incumbents able to provide relief. Investors and entrepreneurs sense greenfield opportunities on the horizon and are racing to plant their flags before the competition. This new divergent ecosystem is more selective of sophisticated, savvy investors and specialized, seasoned entrepreneurs.

Greenfields, not green founders

In 2018, 60 percent of founders had more than a decade’s worth of experience in the private sector–a 28 percent increase from 2017. The experience of these more seasoned founders came mostly from working in startups either as an executive or as an entrepreneur. Although Israel’s cybersecurity ecosystem relies heavily on the technical training potential entrepreneurs receive during service in the Israeli Defense Forces (IDF), in 2018, the proportion of founders coming straight out of the IDF fell to 2 percent, dropping from 10 percent the year before.

While nearly all Israeli founders leverage the skills and know-how acquired in the IDF’s various technological units, the need for experience from the private sector, either as an executive or an employee, seems to be more prevalent. Larger seed checks and larger ambitions are fuelling this push for more mature, veteran founders. Rising founders are not simply looking to build a novel technology and score a lucrative acquihire exit from an existing giant–they want to push into greenfield territory and stake a market-leading claim all their own.

Amichai Shulman, co-founder & former CTO of Imperva and a Venture Advisor at YL Ventures, gives such founders aiming to “own a market” the following advice: “Make sure you’re able to explain – primarily to yourselves – how your offering and product becomes something bigger than what it inherently is in the beginning. Be able to articulate how you expand (in the future) further into organizations, not just by ‘selling more’ but by solving bigger and more general problems.”

Cyber exits continue to overperform

Beyond general trends, 2018 also had many exciting individual exits. Checkpoint-Dome9 and CyberArk-Vaultive were notable because both acquirer and acquiree were Israeli — a mark of true market maturity. The acquisition of Sygnia by Singaporean holding giant Temasek also was remarkable because it shows that the Israeli cyber market continues to attract new classes and kinds of global strategic players each year. In addition, Thoma Bravo’s  $2.1B acquisition of Israeli cyber firm Imperva made waves throughout the industry.

Tsahy Shapsa, co-founder of Cloudlock, which was acquired by Cisco in 2016 for $293M, reflected on the potential he sees coming from growing global investment. “From an entrepreneurial perspective, there is a constant dilemma between short-/mid-term exits and building a legacy company. As funding floods into Israel from around the world, temptation to sell early only increases. But all these exits have an advantage. They grow the pool of experienced, ‘repeat’ entrepreneurs and set the stage for more legacy companies to originate locally.” Zohar Alon, CEO and co-founder of Dome9 Security, which was acquired by Checkpoint in 2018 for $175M added the following guidance: “Israeli entrepreneurs should establish and maintain a constant communication channel with the local corporate development leaders, same as most do with the VC community focusing on product and go-to-market synergies.”

Israeli cybersecurity maintaining momentum

In 2018, investors became more domain-focused and preferred emerging fields. With traditional cybersecurity consolidating, emerging greenfields signal much stronger potential. Furthermore, growth continued both in cybersecurity startups as well as their fundraising across all stages, indicating rising confidence in the Israeli cybersecurity market.

The 2018 Israeli cybersecurity market boasted an excellent exit climate, highlighted not only by Imperva’s large-scale acquisition but also by the diversity in the types of players in the space. As such, the local cybersecurity market signals its ability to create and nurture large-scale security vendors, thereby attracting variety of both international and local players which continue identifying and capitalizing opportunities in this domain. For 2018, as has been the case for many years past, the state of the cyber nation is strong–and 2019 appears to promise more of the same.

News Source = techcrunch.com

Russian hackers already targeted a Missouri senator up for reelection in 2018

in 2018 midterm elections/Congress/Crime/cybercrime/Cyberwarfare/Delhi/fancy bear/Government/identity theft/India/Josh Hawley/Microsoft/phishing/Politics/Putin/Russia/Russian election interference/Security/social engineering/spamming/U.S. Senate by

A Democratic senator seeking reelection this fall appears to be the first identifiable target of Russian hacking in the 2018 midterm race. In a new story on the Daily Beast, Andrew Desiderio and Kevin Poulsen reported that Democratic Missouri Senator Claire McCaskill was targeted in a campaign-related phishing attack. That clears up one unspecified target from last week’s statement by Microsoft’s Tom Burt that three midterm election candidates had been targeted by Russian phishing campaigns.

The report cites its own forensic research in determining the attacker is likely Fancy Bear, a hacking group believed to be affiliated with Russian military intelligence.

“We did discover that a fake Microsoft domain had been established as the landing page for phishing attacks, and we saw metadata that suggested those phishing attacks were being directed at three candidates who are all standing for elections in the midterm elections,” Burt said during the Aspen Security Forum. Microsoft removed the domain and noted that the attack was unsuccessful.

Sen. McCaskill confirmed in a press release that she was targeted by the attack, which appears to have taken place in August 2017:

Russia continues to engage in cyber warfare against our democracy. I will continue to speak out and press to hold them accountable. While this attack was not successful, it is outrageous that they think they can get away with this. I will not be intimidated. I’ve said it before and I will say it again, Putin is a thug and a bully.

TechCrunch has reached out to Sen. McCaskill’s office for additional details on the incident. McCaskill, a vocal Russia critic, will likely face Republican frontrunner and Trump pick Josh Hawley this fall.

News Source = techcrunch.com

1 2 3
Go to Top