Category: Agency News

NCSC CNI Hub goes live

Agency News, Cyber Security CII sector, Industry News
Deborah Petterson, Deputy Director of the National Cyber Security Centre in the UK, has introduced a dedicated resource for UK Critical National Infrastructure.
Sometimes, Critical National Infrastructure (CNI) is taken for granted. The feeling seems to be that essential services, like telecoms, water, or energy 'just happen'. That's fine, but this isn't the way it works. It takes a huge effort to keep the water, electricity and information flowing.
The current pandemic has brought national infrastructure into focus.
The industry has been discussing supply chains, transport infrastructure, critical dependencies, and the unwanted attention from our adversaries, on the industries supporting our response to the COVID-19 pandemic.
The NCSC's new CNI Hub, will help support service providers in raising their resilience and defending against cyber attacks.
The new CNI Hub will provide several new features which will be of direct and immediate benefit to those involved with UK CNI:
- highlighted advice and guidance that is particularly relevant to the CNI
- events that will be of interest to CNI
- a new home for the NCSC’s Cyber Assessment Framework, which is a key tool for many UK CNI cyber security regulators
- a new way to view the NCSC’s assured products and services to support regulatory approaches
Leave a comment

North Korean Malicious Cyber Activity

Agency News, Cyber Security CII sector, Industry News
The Cybersecurity and Infrastructure Security Agency (CISA),  the Federal Bureau of Investigation (FBI), and the U.S. Cyber Command Cyber National Mission Force (CNMF) identified tactics, techniques, and procedures (TTPs) used by North Korean advanced persistent threat (APT) group Kimsuky to gain intelligence on various topics of interest to the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.
Kimsuky is engaged in ongoing cyber operations against worldwide targets to gain intelligence for North Korea, specifically on foreign policy and national security issues related to the Korean peninsula, nuclear policy, and sanctions. CISA, FBI, and CNMF recommend individuals and organizations within commercial sector businesses increase their defenses and adopt a heightened state of awareness.
The information contained in the alerts and MARs listed below is the result of analytic efforts between the U.S. Department of Homeland Security, the U.S. Department of Defense, and the Federal Bureau of Investigation to provide technical details on the tools and infrastructure used by cyber actors of the North Korean government. Each MAR includes malware descriptions, suggested response actions, and recommended mitigation techniques.
Users or administrators should flag activity associated with the malware and report the activity to the Cybersecurity and Infrastructure Security Agency (CISA) or the FBI Cyber Watch (CyWatch), and give the activity the highest priority for enhanced mitigation. The U.S. Government refers to the malicious cyber activity by the North Korean government as HIDDEN COBRA.
Leave a comment

NSA Secures 5G Through Partnerships

Agency News, Industry News, Telecomms sector
NSA’s Cybersecurity mission includes working to secure future technologies. As imminently emerging technology, 5G will change the way both military and National Security Systems operate, and NSA is partnering across industry and government, along with standards bodies, to support the construction of a secure network.
5G, or fifth generation network, promises to be a major upgrade from previous generations. New 5G technologies will support many new and exciting use cases. The increase in speed will enable a new generation of innovation and business to flourish.
NSA has partnered with fellow government agencies to support the security of 5G. The Enduring Security Framework (ESF) team has been working with partners at the Department of Homeland Security, the Office of the Director of National Intelligence, the National Security Council, and more. They are partnering with industry to deep dive into threats, standards, cloud, and analytics. Each of these areas will have a dedicated public-private partnership effort to examine the risks associated with their subject matter and pursue technical solutions. The cumulative goal is to jointly improve the ability of the 5G infrastructure to identify and build threat models, detect threats in networks, recover from attacks, and securely leverage the benefits of virtualization.
To secure the full scope of 5G use cases, it is critical that strong cybersecurity practices are incorporated. The recently launched Center for Cybersecurity Standards (CCSS) looks at 5G from a viewpoint of securing NSS and contributing to working groups within standards bodies to secure 5G mobile infrastructure. Through engagements with 3GPP, ATIS, IETF and IEEE, CCSS is raising the bar for security in the 5G ecosystem and making sure secure options exist for use on NSS. As subject matter experts, NSA leverages our legacy in secure cryptography and network security to ensure 5G standards will protect NSS data by working with the carriers to ensure that they are requiring optional security settings.
The impact of 5G technologies will be felt well beyond NSS to include numerous IoT devices transforming our personal and professional lives. These devices are smarter and will use 5G to provide new edge computing capabilities, greatly impacting many parts of our society, including manufacturing (through its impact on robotics and Smart Warehouses), transportation (such as smart cars and the smart infrastructure they rely on), and healthcare (through impacts on tele-health and even remote surgery).
The full evolution to 5G will take time – time to develop the supporting standards, produce the technology, and upgrade the infrastructure across the U.S. and around the world to support the full extent of this technology. Since customers will be using 5G, strengthening U.S. infrastructure is vital to maintaining a military and economic edge.
Leave a comment

OSCE and UN partners train practitioners from Central Asia on effective investigations of cybercrimes and terrorist use of Internet

Agency News, Cyber Security CII sector, Industry News
A three-day online training course for over 70 practitioners from the five Central Asian states on the effective investigation of crimes committed in cyberspace and with the use of digital technologies recently concluded. The event was organized by the OSCE Secretariat’s Transnational Threats Department jointly with the UN Office of Counter-Terrorism - UN Centre for Counter-Terrorism (UNCCT- UNOCT), and the UN Regional Centre for Preventive Diplomacy in Central Asia (UNRCCA) with the support of the OSCE field operations in Central Asia.
The practitioners from Kazakhstan, Kyrgyzstan, Tajikistan, Turkmenistan and Uzbekistan work in investigating crimes committed in cyberspace and with the use of digital technologies, as well as requesting, processing and handling digital evidence, in their respective countries.
“Terrorist and violent extremist actors have learned how to harness new technologies to great effect and we have witnessed the expansion of their activities in cyberspace,” said Oguljeren Niyazberdiyeva, Chief of the Office of the Under-Secretary-General for Counter-Terrorism. “The ongoing COVID-19 environment has exacerbated vulnerabilities and conditions conducive to terrorism as the whole world increasingly lives their lives in the virtual space generating ever increasing opportunities for terrorism-related cyber-crimes.”
Ambassador Alena Kupchyna, OSCE Co-ordinator to address Transnational Threats, said: “Issues related to improving the effectiveness of the investigation of cybercrimes and cyber-enabled terrorist offences are of increasing relevance in many countries. This emphasizes the need to develop the capacity of national criminal justice systems to investigate these types of crimes while ensuring respect for the rule of law and respect for human rights and fundamental freedoms.”
Philipp Saprykin, Deputy Head of UNRCCA said: “Together with our partners, UNRCCA continues to provide capacity-building assistance to Central Asian countries in priority areas identified through our regular consultations with Member States.”
The training was conducted by representatives and experts of the OSCE, the UNCCT-UNOCT, UNRCCA, the Counter-Terrorism Committee Executive Directorate (CTED) and the UN Office on Drugs and Crime. They familiarized participants with best international practices and case studies in cybercrime investigations, as well as countering the use of the Internet for terrorist purposes, based on respect for human rights and fundamental freedoms.
Leave a comment

ENISA Threat Landscape 2020 highlights top cyber threats for January 2019-April 2020

Agency News, Cyber Security CII sector, Industry News
The European Union Agency for Cybersecurity (ENISA), with the support of the European Commission, EU Member States and the CTI Stakeholders Group, has published the 8th annual ENISA Threat Landscape (ETL) report, identifying and evaluating the top cyber threats for the period January 2019-April 2020.
This publication is divided into 22 different reports, available in pdf form and ebook form. The combined report lists the major change from the 2018 threat landscape as the COVID-19-led transformation of the digital environment. During the pandemic, cyber criminals have been seen advancing their capabilities, adapting quickly and targeting relevant victim groups more effectively Infographic - Threat Landscape Mapping during COVID-19.
The ETL report is part strategic and part technical, with information relevant to both technical and non-technical readers. The following table describes the type of audience and content for each ETL report. You can navigate through the entire collection by using the links available in each report in the section "Related". For a better understanding on how the ETL is structured, we recommend the initial reading of "The Year in Review" report. Previous, ENISA Threat Landscape reports are available on the webpage - ETL though the years and Tematic Landscapes.
The full report is available at ENISA >>
Leave a comment

New Dates for Critical Infrastructure Protection & Resilience North America

Agency News, Association News

Critical Infrastructure Protection and Resilience North America (CIPRNA) has announced its rescheduled dates of 19th-21st October 2021 in New Orleans, USA, with the support of Infragard Louisiana.

Postponed due to the Covid-19 pandemic CIPRNA will reconvene in New Orleans in October 2021 to continue the important discussions for governments, agencies, operator/owners and stakeholders for collaboration in securing and protecting America's critical infrastructure, and are currently inviting abstracts for consideration for presentation in the programme.

CIPRNA is the premier conference discussion for securing North America's critical infrastructure.

Presidential Policy Directive 21 (PPD-21): Critical Infrastructure Security and Resilience advances a national policy to strengthen and maintain secure, functioning, and resilient critical infrastructure.
The Nation’s critical infrastructure provides the essential services that underpin American society. Proactive and coordinated efforts are necessary to strengthen and maintain secure, functioning, and resilient critical infrastructure – including assets, networks, and systems – that are vital to public confidence and the Nation’s safety, prosperity, and well-being.
Critical infrastructure must be secure and able to withstand and rapidly recover from all hazards. Achieving this will require integration with the national preparedness system across prevention, protection, mitigation, response, and recovery.

Further details at www.ciprna-expo.com

Leave a comment

The Call to Work Towards Better Governance

Agency News, Industry News
Disaster risk governance is entering a critical period. Not only has it been suddenly and overwhelmingly put to the test by the COVID-19 pandemic, but this is also the cutoff year for Target E of the Sendai Framework for Disaster Risk Reduction (2015-2030), the first target to complete its action plan, which calls for a “substantial increase in the number of national and local strategies for disaster risk reduction by 2020.”
It could not be otherwise, therefore, that the focus this year on October 13, the International Day for Disaster Risk Reduction (IDDRR), will be on good governance as a pathway to effective risk reduction. “COVID-19 and the climate emergency are telling us that we need clear vision, plans and competent, empowered institutions acting on scientific evidence for the public good,” says Mami Mizutori, the United Nations Secretary-General’s Special Representative for Disaster Risk Reduction.
The robustness of the COVID-19 pandemic in all sectors has also sent a loud and clear message concerning governance: the risk is systemic, and some risks are increasingly acting in cohort with others to create a cascading impact on the entire system. Beyond the evident undermining of health systems, it is estimated that the GDP for Latin America and the Caribbean could fall by 9.1% in 2020, according to the United Nations report ‘The Impact of COVID-19 on Latin America and the Caribbean’. Moreover, the document foresees a rise of 5.4% in unemployment, 7% in poverty and 4.5% in extreme poverty as well as an increase of 4 million people experiencing a situation of acute food insecurity.
“It is fundamental that each country develop a strategy for analyzing and systematizing the response to COVID-19. Many countries surely need to update key risk governance aspects to foster a clear analysis of the systemic risk confronted by each country, but above all to enable a response to any sort of threat regardless of its source, duration or impact,” declares Ciro Ugarte, Director for Health Emergencies at the Regional Office of the Pan American Health Organization.
Governance leads the way
Extensive evidence indicates that good disaster risk governance springs from the collaboration and alliances among mechanisms and institutions to reduce disaster risk and pave the way toward sustainable development.
As an example, Uruguay’s response to the COVID-19 pandemic resonated throughout the entire region. Through the formation of a comprehensive body that brought together decision makers, scientists and academics, it became possible to apply strategies and plans that shaped the management of the health crisis - only 1500 infections - and reduced the risk of the socio-economic threats that have shaken so many other countries. “The pandemic led to the establishment of various agreements and the beginning of a more holistic focus on risk. It also enhanced and deepened a culture of risk management and awareness,” asserts Sergio Rico, Director of Uruguay’s National Emergency System.
Science and technology have become key allies of good risk governance. The gathering of data and information allows for the construction of threat projections and risk scenarios intended to reduce the impact of disasters, especially in populations afflicted by poverty, exclusion, and inequality.
The Coordinating Center for Disaster Prevention in Central America and the Dominican Republic (CEPREDENAC) has taken advantage of the benefits of technology to strengthen disaster risk management in the region. Through the Information and Coordination Platform for the COVID-19 Emergency, a resource available through the web portal of the Central American Integration System (SICA), these countries consolidated information to complement national efforts, enhancing strategic focuses in the region.
“The digital platform focused on taking steps to characterize the three dimensions of disaster risk (exposure, vulnerability and resilience) in an effort to prevent the creation of new risks, reduce existing risks, increase resilience and create mechanisms that allow us to understand the pandemic’s impact on a regional level,” explains Claudia Herrera, CEPREDENAC Executive Secretary.
Herrera adds that comprehensive efforts are essential to the promotion of good governance to “move the region forward through a combination of work, ideas and experiences across governments and the private sector.”
The private sector in particular has been among the systems with the greatest need to rely on resilience during the pandemic. “The crisis affected demand and supply, increased cost of doing business, reduced working capital and human resource and caused a disruption in logistics and high cost of transportation,” stresses Lizra Fabien, Executive Director of the Dominica Association of Industry & Commerce (DAIC) and former President of the Network of Caribbean Chambers of Commerce (CARICHAM).
In this sense, the Private Sector Alliance for Disaster Resilient Societies (ARISE) has become the preferred platform for a robust private sector that can work hand-in-hand with the public sector in creating good governance. “This process of recuperation will also develop regional collaboration and implement the good practices we learn from one another to ensure that we come out of this crisis as a stronger region,” Fabien adds.
Working toward good governance
In this way, the COVID-19 pandemic and Target E of the Sendai Framework are together creating a favorable environment to improve governance in the region. As Ugarte says: “In times of crisis, it is necessary to continue to strengthen good governance in disaster risk reduction strategies at national, regional and world levels.”
“The most significant driver of disaster risk is weak governance. It is necessary to have clear objectives, plans, directives, and coordination across all sectors. All of us are responsible for reducing disaster risk, which is key to the success of the Sustainable Development Goals. We must build good governance to guarantee a prosperous and safe future,” emphasizes Raúl Salazar, Chief of the Americas/Caribbean Regional Office of the United Nations Office for Disaster Risk Reduction (UNDRR).
Governance must take a broad and deep view of risks and their impact, taking into account their social construction. In its most basic and fundamental justification, it is on a par with life itself, concludes Mami Mizutori: “Good disaster risk governance can be measured by lives saved, fewer people affected and reduced economic losses.”
Leave a comment

Study for the creation of a national capabilities assessment framework

Agency News, Cyber Security CII sector, Industry News

ENISA, the EU Agency for cybersecurity, held a workshop to validate the results of the study for the creation of a national capabilities assessment framework together with the EU Member States and related stakeholders. By assessing their National Cybersecurity Strategy objectives both at strategic and at operational level, Member States will be able to possibly enhance existing and build new cybersecurity capabilities. The purpose of the framework is to help Member States perform a self-assessment of their level of maturity. Other benefits include:

  • Identification of elements missing within the strategy;
  • Establish a history of lessons learned;
  • Referencing best practices;
  • Generate credibility and showing transparency for the public, National and international stakeholders and partners.

Sixty participants coming from academia, EU institutions, National Authorities, Ministries, and CSIRTs attended the online workshop. They were all actively engaged in the assessment and validation of the proposed report, which will be published later.

Members of the Hellenic Ministry of Digital Governance and of the Ministry of Justice and Security in the Netherlands also intervened. Each of them gave a short presentation on the recent NCSS efforts conducted in Greece and in the Netherlands respectively. They also shared the main challenges they face as well as good practices and lessons learned.

The representatives identified the following challenges and lessons learned:

  • Most resources tend to be dedicated to the planning and implementation phase. While obviously important, this may lead to a lack of coordination and organisation in the monitoring and evaluation phase of the strategy.
  • The strategy should provide explicit ownership and accountability for the measures identified to reach the objectives. This is not currently the case.
  • Clarifying relations between objectives, measures, resources and expected outputs of the next national strategy will be essential in order to re-structure the policy theory.
  • Cybersecurity is a domain where information is highly confidential and not easily distributed. This is why it is crucial for EU Member States to have common tools and processes based on the shared experience.

Background on National Cybersecurity Strategies

In line with its strategic objectives, the European Agency for Cybersecurity, (ENISA) supports the efforts of Member States in the area of NCSS by:

  • Supporting cybersecurity as an integral part of national policies through the development of guidelines on the NCSS lifecycle and through analysis of existing strategies to outline good practices. The Good Practice Guide on NCSS published in 2016 is one of them.
  • Supports cutting-edge competencies and capabilities through performing deep dives on specific national strategic objectives, such as the publication on the Good practices in Innovation. This can also be done by developing online tools to support the uptake of lessons learned and good practices. Examples of such tools are the NCSS evaluation tool and the NCSS Interactive Map.
  • Empowering and engaging Member States through community building by maintaining an experts group on NCSS and by fostering cooperation and exchange of good practices between MS. Publications on effective collaborative models for PPPs and ISACs are good examples of such effort.
Leave a comment

Covid-19 Sparks Upward Trend in Cybercrime

Agency News, Cyber Security CII sector, Industry News

Europol’s 2020 cybercrime report updates on the latest trends and the current impact of cybercrime within the EU and beyond.

So much has changed since Europol published last year’s Internet Organised Crime Threat Assessment (IOCTA). The global COVID-19 pandemic that hit every corner of the world forced us to reimagine our societies and reinvent the way we work and live. During the lockdown, we turned to the internet for a sense of normality: shopping, working and learning online at a scale never seen before. It is in this new normal that Europol publishes its 7th annual IOCTA. The IOCTA seeks to map the cybercrime threat landscape and understand how law enforcement responds to it. Although the COVID-19 crisis showed us how criminals actively take advantage of society at its most vulnerable, this opportunistic behaviour of criminals should not overshadow the overall threat landscape. In many cases, COVID-19 has enhanced existing problems.

CROSS-CUTTING CRIME
Social engineering and phishing remain an effective threat to enable other types of cybercrime. Criminals use innovative methods to increase the volume and sophistication of their attacks, and inexperienced cybercriminals can carry out phishing campaigns more easily through crime as-a-service. Criminals quickly exploited the pandemic to attack vulnerable people; phishing, online scams and the spread of fake news became an ideal strategy for cybercriminals seeking to sell items they claim will prevent or cure COVID-19.

Encryption continues to be a clear feature of an increasing number of services and tools. One of the principal challenges for law enforcement is how to access and gather relevant data for criminal investigations. The value of being able to access data of criminal communication on an encrypted network is perhaps the most effective illustration of how encrypted data can provide law enforcement with crucial leads beyond the area of cybercrime.

MALWARE REIGNS SUPREME
Ransomware attacks have become more sophisticated, targeting specific organisations in the public and private sector through victim reconnaissance. While the COVID-19 pandemic has triggered an increase in cybercrime, ransomware attacks were targeting the healthcare industry long before the crisis. Moreover, criminals have included another layer to their ransomware attacks by threatening to auction off the comprised data, increasing the pressure on the victims to pay the ransom. Advanced forms of malware are a top threat in the EU: criminals have transformed some traditional banking Trojans into modular malware to cover more PC digital fingerprints, which are later sold for different needs.

CHILD SEXUAL ABUSE MATERIAL CONTINUES TO INCREASE
The main threats related to online child abuse exploitation have remained stable in recent years, however detection of online child sexual abuse material saw a sharp spike at the peak of the COVID-19 crisis. Offenders keep using a number of ways to hide this horrifying crime, such as P2P networks, social networking platforms and using encrypted communications applications. Dark web communities and forums are meeting places where participation is structured with affiliation rules to promote individuals based on their contribution to the community, which they do by recording and posting their abuse of children, encouraging others to do the same. Livestream of child abuse continues to increase, becoming even more popular than usual during the COVID-19 crisis when travel restrictions prevented offenders from physically abusing children. In some cases, video chat applications in payment systems are used which becomes one of the key challenges for law enforcement as this material is not recorded.

PAYMENT FRAUD: SIM SWAPPING A NEW TREND
SIM swapping, which allows perpetrators to take over accounts, is one of the new trends in this year’s IOCTA. As a type of account takeover, SIM swapping provides criminals access to sensitive user accounts. Criminals fraudulently swap or port victims’ SIMs to one in the criminals’ possession in order to intercept the one-time password step of the authentication process.

CRIMINAL ABUSE OF THE DARK WEB
In 2019 and early 2020 there was a high level of volatility on the dark web. The lifecycle of dark web market places has shortened and there is no clear dominant market that has risen over the past year. Tor remains the preferred infrastructure, however criminals have started to use other privacy-focused, decentralised marketplace platforms to sell their illegal goods. Although this is not a new phenomenon, these sorts of platforms have started to increase over the last year. OpenBazaar is noteworthy, as certain threats have emerged on the platform over the past year such as COVID-19-related items during the pandemic.

Leave a comment

CISA and MS-ISAC Release Joint Ransomware Guide

Agency News, Cyber Security CII sector, Industry News

The Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing a joint Ransomware Guide meant to be a one-stop resource for stakeholders on how to be proactive and prevent these attacks from happening and also a detailed approach on how to respond to an attack and best resolve the cyber incident. CISA and MS-ISAC observed there are vast products and resources available, but very few that have them all in one place.

This one-stop guide is divided into two parts:

First, the guide focuses on best practices for ransomware prevention, detailing practices that organizations should continuously do to help manage the risk posed by ransomware and other cyber threats. It is intended to enable forward-leaning actions to successfully thwart and confront malicious cyber activity associated with ransomware. Some of the several CISA and MS-ISAC preventive services that are listed are Malicious Domain Blocking and Reporting, regional CISA Cybersecurity Advisors, Phishing Campaign Assessment, and MS-ISAC Security Primers on ransomware variants such as Ryuk.

The second part of this guide, response best practices and services, is divided up into three sections: (1) Detection and Analysis, (2) Containment and Eradication, and (3) Recovery and Post-Incident Activity. One of the unique aspects that will significantly help an organization’s leadership as well as IT professional with response is a comprehensive, step-by-step checklist. With many technical details on response actions and lists of CISA and MS-ISAC services available to the incident response team, this part of the guide can enable a methodical, measured and properly managed approach.

“It is a CISA priority to help our partners defend against ransomware, advise them on appropriate risk-management actions and provide best practices for a resilient, responsible incident response plan in the event of an cyberattack,” said Bryan Ware, Assistant Director for Cybersecurity, CISA. “The collaborative and consistent engagement with our industry and government partners support our concerted efforts to offer trusted, proactive and timely resources and services. This guide is based on operational insight from CISA and MS-ISAC and our engagements with varied sector partners.”

Recent events stress the important reminder that ransomware can happen at any time to any organizations, so we encourage all organizations with sensitive or important data stored on their network to take steps now to protect it, including backing up data, training employees, and patching systems to blunt the potential impact of ransomware. Malicious actors have adjusted their ransomware tactics over time to include pressuring victims for payment by threatening to release stolen data if they refuse to pay and publicly naming and shaming victims as secondary forms of extortion.

One of the ways this guide can help is with identifying their critical data. It’s hard to have an organization determine after-the-fact what critical data was impacted by a ransomware incident if they did not have that understanding of what critical data they had ahead of time. And, it is hard to revert to backups if an organization does not have or has not properly maintained and tested their backups.

This joint ransomware guide is written primarily for the IT professional, but every level of an organization can benefit from reviewing it. CISA and MS-ISAC are proud to provide this guide that can help them plan for a ransomware incident and understand the risk management, analytical, and response services available to them.

Leave a comment
1 33 34 35 36 37 38