International Association of CIP Professionals

North Korean Malicious Cyber Activity

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Cyber Command Cyber National Mission Force (CNMF) identified tactics, techniques, and procedures (TTPs) used by North Korean advanced persistent threat (APT) group Kimsuky to gain intelligence on various topics of interest to the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

Kimsuky is engaged in ongoing cyber operations against worldwide targets to gain intelligence for North Korea, specifically on foreign policy and national security issues related to the Korean peninsula, nuclear policy, and sanctions. CISA, FBI, and CNMF recommend individuals and organizations within commercial sector businesses increase their defenses and adopt a heightened state of awareness.

The information contained in the alerts and MARs listed below is the result of analytic efforts between the U.S. Department of Homeland Security, the U.S. Department of Defense, and the Federal Bureau of Investigation to provide technical details on the tools and infrastructure used by cyber actors of the North Korean government. Each MAR includes malware descriptions, suggested response actions, and recommended mitigation techniques.

Users or administrators should flag activity associated with the malware and report the activity to the Cybersecurity and Infrastructure Security Agency (CISA) or the FBI Cyber Watch (CyWatch), and give the activity the highest priority for enhanced mitigation. The U.S. Government refers to the malicious cyber activity by the North Korean government as HIDDEN COBRA.

Leave a comment

Hurricane Zeta makes landfall on Louisiana Coast

October 29, 2020 Neil Walker Industry News, Power/Energy/Oil & Gas sector, Telecomms sector, Transport sector, Water sector

Hurricane Zeta made landfall in southeastern Louisiana as a Category 2 storm, tearing into coastal communities with heavy rain and wind, and leaving hundreds of thousands without power, and threatening other critical infrastructure systems.

Almost 350,000 homes and businesses in Louisiana are already without power, with some coastal roads under water.

The number of people being left in the dark due to Zeta's strong winds continues to climb. More than 1.3 million customers are without power across Louisiana, Mississippi, Alabama and Georgia, according to PowerOutage.us. These numbers are likely to continue to climb as Zeta charges northeastward at a staggering 39 mph.

The most dangerous storm surge is expected to the east of New Orleans, with 6 to 9 feet (1.8 to 2.7 meters) of surge likely between the Pearl River on the Louisiana-Mississippi border and Dauphin Island, Alabama. The storm surge around New Orleans itself is forecast only 1 to 2 feet lower, and is still very dangerous. At least 1 to 3 feet (30 to 90 centimeters) of surge is likely across a region stretching from the central Louisiana coast to Yankeetown, Florida.

Zeta is expected to move fast across the U.S., bringing damaging wind, dumping rain and triggering floods across Mississippi, Alabama, northern Georgia, the Carolinas and southeastern Virginia. Powerful wind is likely across the southern Appalachians, the NHC wrote.

It's not yet November and Zeta is already the 27th Atlantic tropical cyclone of 2020, nearing the record of 28 set in 2005.

Leave a comment

NSA Secures 5G Through Partnerships

October 29, 2020 Neil Walker Agency News, Industry News, Telecomms sector

NSA’s Cybersecurity mission includes working to secure future technologies. As imminently emerging technology, 5G will change the way both military and National Security Systems operate, and NSA is partnering across industry and government, along with standards bodies, to support the construction of a secure network.

5G, or fifth generation network, promises to be a major upgrade from previous generations. New 5G technologies will support many new and exciting use cases. The increase in speed will enable a new generation of innovation and business to flourish.

NSA has partnered with fellow government agencies to support the security of 5G. The Enduring Security Framework (ESF) team has been working with partners at the Department of Homeland Security, the Office of the Director of National Intelligence, the National Security Council, and more. They are partnering with industry to deep dive into threats, standards, cloud, and analytics. Each of these areas will have a dedicated public-private partnership effort to examine the risks associated with their subject matter and pursue technical solutions. The cumulative goal is to jointly improve the ability of the 5G infrastructure to identify and build threat models, detect threats in networks, recover from attacks, and securely leverage the benefits of virtualization.

To secure the full scope of 5G use cases, it is critical that strong cybersecurity practices are incorporated. The recently launched Center for Cybersecurity Standards (CCSS) looks at 5G from a viewpoint of securing NSS and contributing to working groups within standards bodies to secure 5G mobile infrastructure. Through engagements with 3GPP, ATIS, IETF and IEEE, CCSS is raising the bar for security in the 5G ecosystem and making sure secure options exist for use on NSS. As subject matter experts, NSA leverages our legacy in secure cryptography and network security to ensure 5G standards will protect NSS data by working with the carriers to ensure that they are requiring optional security settings.

The impact of 5G technologies will be felt well beyond NSS to include numerous IoT devices transforming our personal and professional lives. These devices are smarter and will use 5G to provide new edge computing capabilities, greatly impacting many parts of our society, including manufacturing (through its impact on robotics and Smart Warehouses), transportation (such as smart cars and the smart infrastructure they rely on), and healthcare (through impacts on tele-health and even remote surgery).

The full evolution to 5G will take time – time to develop the supporting standards, produce the technology, and upgrade the infrastructure across the U.S. and around the world to support the full extent of this technology. Since customers will be using 5G, strengthening U.S. infrastructure is vital to maintaining a military and economic edge.

Leave a comment

OSCE and UN partners train practitioners from Central Asia on effective investigations of cybercrimes and terrorist use of Internet

October 27, 2020 Neil Walker Agency News, Cyber Security CII sector, Industry News

A three-day online training course for over 70 practitioners from the five Central Asian states on the effective investigation of crimes committed in cyberspace and with the use of digital technologies recently concluded. The event was organized by the OSCE Secretariat’s Transnational Threats Department jointly with the UN Office of Counter-Terrorism - UN Centre for Counter-Terrorism (UNCCT- UNOCT), and the UN Regional Centre for Preventive Diplomacy in Central Asia (UNRCCA) with the support of the OSCE field operations in Central Asia.

The practitioners from Kazakhstan, Kyrgyzstan, Tajikistan, Turkmenistan and Uzbekistan work in investigating crimes committed in cyberspace and with the use of digital technologies, as well as requesting, processing and handling digital evidence, in their respective countries.

“Terrorist and violent extremist actors have learned how to harness new technologies to great effect and we have witnessed the expansion of their activities in cyberspace,” said Oguljeren Niyazberdiyeva, Chief of the Office of the Under-Secretary-General for Counter-Terrorism. “The ongoing COVID-19 environment has exacerbated vulnerabilities and conditions conducive to terrorism as the whole world increasingly lives their lives in the virtual space generating ever increasing opportunities for terrorism-related cyber-crimes.”

Ambassador Alena Kupchyna, OSCE Co-ordinator to address Transnational Threats, said: “Issues related to improving the effectiveness of the investigation of cybercrimes and cyber-enabled terrorist offences are of increasing relevance in many countries. This emphasizes the need to develop the capacity of national criminal justice systems to investigate these types of crimes while ensuring respect for the rule of law and respect for human rights and fundamental freedoms.”

Philipp Saprykin, Deputy Head of UNRCCA said: “Together with our partners, UNRCCA continues to provide capacity-building assistance to Central Asian countries in priority areas identified through our regular consultations with Member States.”

The training was conducted by representatives and experts of the OSCE, the UNCCT-UNOCT, UNRCCA, the Counter-Terrorism Committee Executive Directorate (CTED) and the UN Office on Drugs and Crime. They familiarized participants with best international practices and case studies in cybercrime investigations, as well as countering the use of the Internet for terrorist purposes, based on respect for human rights and fundamental freedoms.

Leave a comment

ENISA Threat Landscape 2020 highlights top cyber threats for January 2019-April 2020

October 26, 2020 Neil Walker Agency News, Cyber Security CII sector, Industry News

The European Union Agency for Cybersecurity (ENISA), with the support of the European Commission, EU Member States and the CTI Stakeholders Group, has published the 8th annual ENISA Threat Landscape (ETL) report, identifying and evaluating the top cyber threats for the period January 2019-April 2020.

This publication is divided into 22 different reports, available in pdf form and ebook form. The combined report lists the major change from the 2018 threat landscape as the COVID-19-led transformation of the digital environment. During the pandemic, cyber criminals have been seen advancing their capabilities, adapting quickly and targeting relevant victim groups more effectively Infographic - Threat Landscape Mapping during COVID-19.

The ETL report is part strategic and part technical, with information relevant to both technical and non-technical readers. The following table describes the type of audience and content for each ETL report. You can navigate through the entire collection by using the links available in each report in the section "Related". For a better understanding on how the ETL is structured, we recommend the initial reading of "The Year in Review" report. Previous, ENISA Threat Landscape reports are available on the webpage - ETL though the years and Tematic Landscapes.

The full report is available at ENISA >>

Leave a comment

Manila rolls out its La Niña Implementation Plan

October 23, 2020 Neil Walker Health & Social Care, Industry News, Transport sector, Water sector

The Manila Disaster Risk Reduction and Management Office (MDRRMO) rolled out the first phase of the city's La Niña Implementation Plan to ensure proper coordination and the safety of the general public.

In a statement, the MDRRMO said, its objectives include the conduct of risk assessment and analysis in all affected areas, determine vulnerabilities and provide continuous advisories and warnings to constituents on passable routes, evacuation centers, danger and safe zones as well as other pertinent information.

Under its implementation, MDRRMO will lead and organize teams to conduct emergency preparedness response and management operations. This includes support and close coordination with the department's Emergency Operations Center (EOC).

In line with this, MDRRMO will also conduct inspections for early warning systems to provide redundancy and avoid false alarms. This will pave way to the evaluation of the city's capabilities, inventory of its assets and available vehicles for response operations.

As a preventive measure, the Barangays together with the Department of Public Services (DPS) Department of Engineering and Public Works (DEPW) and other agencies shall continue to conduct declogging operations and sewage maintenance activities to help control and minimize flooding in communities and main roads.

Earlier this year, the Manila City government purchased about 80 polyvinyl chloride (PVC) rescue boats which can effectively aid rescue operations and can be strategically deployed in low-lying areas.

According to the Metropolitan Manila Development Association (MMDA) Flood Control Division, there are 31 major creeks across the six districts, wherein 11 are in the first and second district; 9 in the third and fourth districts; and 11 in the fifth and sixth districts.

MDRRMO shall also be responsible in providing situational reports to the Office of the Civil Defense, Department of the Interior and Local Government and the Metro Manila Disaster Risk Reduction & Management Council.

Meanwhile, the Manila Barangay Bureau shall provide manpower augmentation and maintain the peace and order within communities.

To assist in search and rescue operations and to lead fire emergency situations during La Niña, MDRRMO coordinated with the Bureau of Fire Protection.

Furthermore, DEPW shall assist in restoration of power lines to avoid accidents and cases of electrocution. The department shall also be in charge of construction of additional evacuation centers if deemed necessary.

Moreover, DPS shall deploy its personnel to conduct clean-up operations and maintenance activities in evacuation and rescue centers.

To ensure safe, secure and accessible evacuation sites, the Manila Department of Social Welfare (MDSW) shall provide temporary shelters for the evacuees. MDSW shall also be in charge of relief distribution and camp management.

The Manila Health Department (MHD) shall play a vital role in the provision of medical treatment and control procedures to ensure safety especially if the situation occurs during the pandemic outbreak.

Overall, MDRRMO shall coordinate, monitor and establish guidelines and measures to effectively prevent drastic effects, publish early forecasts to allow the local government to provide multi-sectoral support and mitigate environmental and economic risks.

Leave a comment

New Report: Cities at risk – Building a resilient future for the world’s urban centres

October 22, 2020 Neil Walker Industry News, Telecomms sector, Transport sector

A new report has been published by Lloyds, focusing on cities trends.

Cities are now the most important entities in society. More than half the world’s population now lives in urban areas and this is projected to reach two-thirds by 2050, and they are the engines of the global economy.

Yet cities all over the world are facing multiple challenges, such as climate change, cyber risks and pandemics, and are looking to strengthen their resilience.

This new Lloyd’s report, commissioned before COVID-19 and published in collaboration with Urban Foresight and Newcastle University, provides a comprehensive analysis of the risks’ cities are facing and will face in the future. It looks at their impacts and how urban areas can protect themselves from these threats.

It also suggests ways in which insurers and the relevant authorities could work together to build resilience, reduce risks and develop new insurance products and services that meet cities’ risk needs. This study helps city administrators and risk managers, as well as Lloyd’s market insurers and brokers, understand the risks that will influence the design and function of cities in the coming decade, and how insurance product development could respond to these changes.

Download full report here..

Leave a comment

New ITU study estimates US$ 428 billion are needed to connect the remaining 3 billion people to the Internet by 2030

October 15, 2020 Neil Walker Cyber Security CII sector, Industry News

The International Telecommunication Union (ITU) has published Connecting Humanity - Assessing investment needs of connecting humanity to the Internet by 2030, a comprehensive new study that estimates the investment needed to achieve universal, affordable broadband connectivity for all humanity by the end of this decade.

Connecting Humanity posits that nearly US$ 428 billion is required to connect the remaining 3 billion people aged ten years and above to broadband Internet by 2030. It is an ambitious goal and a major infrastructure investment challenge.

"Meeting the investment necessary to bring every person online by the end of this decade will require an unprecedented and concerted effort from the public and private sectors," said ITU Secretary-General Houlin Zhao. "The new Connecting Humanity study led by ITU is the much-needed roadmap that will guide decision-makers on the journey towards accessible, affordable, reliable, and safe digital technologies and services for all."

The study examines costs associated with infrastructure needs, enabling policy and regulatory frameworks, and basic digital skills and local content at both the global and regional levels, as well as how to mobilize the unprecedented levels of financing needed to extend networks to unserved communities.

Over the past several months, the COVID-19 pandemic has exposed different types of inequalities within and across countries and regions, including those related to quality of access, affordability and use of the Internet.

With so many essential services pushed online, there is a real and present danger that those without broadband Internet access could be left ever further behind. Hence assessing investment requirements to reach affordable universal connectivity is important to any country concerned with their ability to achieve the Sustainable Development Goals (SDGs).

According to ITU, over 12% of the global unconnected population live in remote, rural locations where traditional networks are not easily accessible, most of them in Africa and South Asia. This connectivity gap is exacerbated by the gender digital divide. Across the globe, more men than women use the Internet: only 48% of women as opposed to 58% of men.

Whereas in some regions bridging the connectivity gap predominantly means upgrading existing coverage and capacity sites, nearly half of the required radio access network (RAN) infrastructure investment in Sub-Saharan Africa, South Asia, and East Asia/Pacific will be greenfield, the new study says.

"While this is an ambitious aim, it is in no way an unachievable one," said Doreen Bogdan-Martin, Director of the ITU Telecommunication Development Bureau. "It is my hope that, as part of ITU's Connect 2030 Agenda efforts, this major new ITU assessment will provide clear, coherent evidence-based guidance for countries that will help accelerate efforts to reach unconnected communities, so that equality of opportunity is finally within reach of all."

Leave a comment

Broadband Commission calls on world leaders to prioritize universal connectivity as fundamental to sustainable development & global recovery

October 14, 2020 Neil Walker Industry News, Telecomms sector

Universal broadband access is the vital catalyst needed to drive global economic recovery and accelerate lacklustre progress towards the UN Sustainable Development Goals, according to a new report released by the UN Broadband Commission for Sustainable Development.

The COVID-19 pandemic has significantly underscored humanity's growing reliance on digital networks for business continuity, employment, education, commerce, banking, healthcare, and a whole host of other essential services. Yet today, almost half the global population has still never accessed the internet, and hundreds of millions more struggle with slow, costly and unreliable connections, often through remote locations like internet cafés.

The Broadband Commission for Sustainable Development's 2020 State of Broadband report, released at the Commission's 10th anniversary meeting earlier today, includes a rallying call to world leaders and heads of industry to place universal broadband connectivity at the very forefront of global recovery and sustainable development efforts.

The State of Broadband 2020: Tackling Digital Inequalities, A Decade for Action, highlights stark disparities in access to high-speed connectivity that have prevented billions of adults and children from benefiting from remote working, learning and communication. The report also takes stock of progress made in expanding access to and adoption of broadband infrastructure and services, and achieving the Commission's seven 2025 advocacy targets.

Paul Kagame, Co-Chair of the Broadband Commission and President of Rwanda said: "The first decade of the Broadband Commission has made a real impact by highlighting the transformational power of universal access to high-speed internet connectivity and smartphones. Ideas that seemed futuristic ten years ago, are now mainstream. The next decade will be about using digital tools to speed up the recovery from the Covid pandemic and make up some of the lost ground on the SDGs."

Carlos Slim Helú, President of the Carlos Slim Foundation and Co-Chair of the Broadband Commission, said: “Digital technologies are offering services that are creating big changes. Regulators and governments should be aware of the vital importance for society and development that telecom networks play, and that high taxes, spectrum charges and regulation are barriers to digital inclusion. Today our challenge is to look for universal connectivity and to make it available for countries and people. Broadband Connectivity is the bridge to move to economic development and welfare."

“Leaving no one behind means leaving no one offline, now more than ever before," said Houlin Zhao, Secretary-General of the International Telecommunication Union (ITU), the United Nations' specialized agency for information and communication technology (ICT), and Co-Vice Chair of the Commission. “Increasing and coordinating ICT infrastructure investments will be instrumental, not only in connecting the 3.6 billion people still offline, but also in driving the development of new technologies central to the digital economy."

“Digital technology could be the tool we need for human-centred emancipation. But to play this role, it needs our expertise and cooperation because we need to pool all of our resources if we are to rise to the challenge of connectivity and competencies," said UNESCO Director-General Audrey Azoulay. “In my view, this is the significance of the two Working Groups co-chaired by UNESCO. These documents published today focus on two crucial questions: school connectivity and the promotion of reliable, quality information."

According to latest ITU data, overall global Internet user penetration stands at 53.6%. That figure drops to 47% in developing countries, and to just 19.1% in the world's Least Developed Countries (LDCs), falling well below the Broadband Commission's advocacy Target 3 of broadband Internet user penetration of 75% worldwide, 65% in developing countries and 35% in LDCs by 2025.

Leave a comment

UN maritime agency hit by cyber attack

October 13, 2020 Neil Walker Industry News, Transport sector

The International Maritime Organization, the United Nations arm that regulates global shipping, said its London headquarters has been hit by a cyberattack that brought down its website and internal web-based services.

The incident disclosed a security breach that the agency categorized as a 'sophisticated cyber-attack' against its IT systems, was discovered and impacted the IMO public website and other web-based services, the UN agency said in a press release.

The hack was the latest in what appear to be a increasing number of cyberattacks on companies and organizations around the world this year. It follows a malware attack that hit containership company CMA CGM SA last weekend, crippling the French carrier’s booking and electronic communications network.

“The interruption of web-based services was caused by a sophisticated cyber-attack against the Organization’s IT systems that overcame robust security measures in place.” continues the statement.

IMO did not share technical details about the attack, the Secretariat is working with international security experts to identify the source of the attack, and further enhance the security of its infrastructure.

It is unclear if the IMO was hit by ransomware, a website defacement, or its website was used for a watering hole attack, a type of attack where hackers host malicious code on the IMO website in an attempt to trick IMO members and visitors into downloading and infecting themselves with malware.

Leave a comment

« 1 … 47 48 49 50 51 … 55 »