Category: Cyber Security CII sector

Cyber Security CII sector

GAO report finds DOD's weapons programs lack clear cybersecurity guidelines

Agency News, Cyber Security CII sector, Industry News
DOD's network of sophisticated, expensive weapon systems must work when needed, without being incapacitated by cyberattacks. However, GAO reported in 2018 that DOD was routinely finding cyber vulnerabilities late in its development process.
A Senate report accompanying the National Defense Authorization Act for Fiscal Year 2020 included a provision for GAO to review DOD's implementation of cybersecurity for weapon systems in development. GAO's report addresses (1) the extent to which DOD has made progress in implementing cybersecurity for weapon systems during development, and (2) the extent to which DOD and the military services have developed guidance for incorporating weapon systems cybersecurity requirements into contracts.
Since GAO's 2018 report, the Department of Defense (DOD) has taken action to make its network of high-tech weapon systems less vulnerable to cyberattacks. DOD and military service officials highlighted areas of progress, including increased access to expertise, enhanced cyber testing, and additional guidance. For example, GAO found that selected acquisition programs have conducted, or planned to conduct, more cybersecurity testing during development than past acquisition programs. It is important that DOD sustain its efforts as it works to improve weapon systems cybersecurity.
Contracting for cybersecurity requirements is key. DOD guidance states that these requirements should be treated like other types of system requirements and, more simply, “if it is not in the contract, do not expect to get it.” Specifically, cybersecurity requirements should be defined in acquisition program contracts, and criteria should be established for accepting or rejecting the work and for how the government will verify that requirements have been met. However, GAO found examples of program contracts omitting cybersecurity requirements, acceptance criteria, or verification processes. For example, GAO found that contracts for three of the five programs did not include any cybersecurity requirements when they were awarded. A senior DOD official said standardizing cybersecurity requirements is difficult and the department needs to better communicate cybersecurity requirements and systems engineering to the users that will decide whether or not a cybersecurity risk is acceptable.
DOD and the military services have developed a range of policy and guidance documents to improve weapon systems cybersecurity, but the guidance usually does not specifically address how acquisition programs should include cybersecurity requirements, acceptance criteria, and verification processes in contracts. Among the four military services GAO reviewed, only the Air Force has issued service-wide guidance that details how acquisition programs should define cybersecurity requirements and incorporate those requirements in contracts. The other services could benefit from a similar approach in developing their own guidance that helps ensure that DOD appropriately addresses cybersecurity requirements in contracts.
GAO is recommending that the Army, Navy, and Marine Corps provide guidance on how programs should incorporate tailored cybersecurity requirements into contracts. DOD concurred with two recommendations, and stated that the third—to the Marine Corps—should be merged with the one to the Navy. DOD's response aligns with the intent of the recommendation.
Leave a comment , ,

CISA Issues Emergency Directive for Federal Agencies to Patch Critical Vulnerability

Agency News, Cyber Security CII sector, Industry News
The Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive (ED) 21-02 requiring federal civilian departments and agencies running Microsoft Exchange on-premises products to update or disconnect the products from their networks until updated with the Microsoft patch released yesterday.  It also requires agencies who are currently able to do so to collect forensic images. All agencies are also required to search for known indicators of compromise after patching, and if indicators are found, contact CISA to begin incident response activities.  The directive is in response to observed active exploitation of these products using previously unknown vulnerabilities.  CISA also issued an activity alert to provide additional information and to encourage other public and private sector organizations to take steps to protect their networks.
“This Emergency Directive will help us secure federal networks against the immediate threat while CISA works with its interagency partners to better understand the malicious actor’s techniques and motivations to share with our stakeholders,” said Acting CISA Director Brandon Wales.  “The swiftness with which CISA issued this Emergency Directive reflects the seriousness of this vulnerability and the importance of all organizations – in government and the private sector – to take steps to remediate it.”
ED 21-02 reflects CISA’s determination that exploitations that pose an unacceptable risk to the federal civilian executive branch agencies require emergency action.  CISA made this assessment on the basis of 1) current exploitation of these vulnerabilities, 2) the likelihood of widespread exploitation of the vulnerabilities after public disclosure and the risk that federal government services to the American public could be degraded.
CISA and the National Security Agency worked with Microsoft and security researchers to identify detection and mitigation approaches to these vulnerabilities, for which Microsoft released the patch this afternoon.  Cloud services such as Microsoft 365 and Azure systems are not known to be affected by this vulnerability.
Leave a comment , ,

NSCAI Report presents strategy for winning the artificial intelligence era

Agency News, Cyber Security CII sector, Industry News
The 16 chapters in the National Security Commission on Artificial Intelligence (NSCAI) Main Report provide topline conclusions and recommendations. The accompanying Blueprints for Action outline more detailed steps that the U.S. Government should take to implement the recommendations.
The NSCAI acknowledges how much remains to be discovered about AI and its future applications. Nevertheless, enough is known about AI today to begin with two convictions.
First, the rapidly improving ability of computer systems to solve problems and to perform tasks that would otherwise require human intelligence—and in some instances exceed human performance—is world altering. AI technologies are the most powerful tools in generations for expanding knowledge, increasing prosperity, and enriching the human experience. AI is also the quintessential “dual-use” technology. The ability of a machine to perceive, evaluate, and act more quickly and accurately than a human represents a competitive advantage in any field—civilian or military. AI technologies will be a source of enormous power for the companies and countries that harness them.
Second, AI is expanding the window of vulnerability the United States has already entered. For the first time since World War II, America’s technological predominance—the backbone of its economic and military power—is under threat. China possesses the might, talent, and ambition to surpass the United States as the world’s leader in AI in the next decade if current trends do not change. Simultaneously, AI is deepening the threat posed by cyber attacks and disinformation campaigns that Russia, China, and others are using to infiltrate our society, steal our data, and interfere in our democracy. The limited uses of AI-enabled attacks to date represent the tip of the iceberg. Meanwhile, global crises exemplified by the COVID-19 pandemic and climate change highlight the need to expand our conception of national security and find innovative AI-enabled solutions.
Given these convictions, the Commission concludes that the United States must act now to field AI systems and invest substantially more resources in AI innovation to protect its security, promote its prosperity, and safeguard the future of democracy.
Full report is available at https://reports.nscai.gov/final-report
Leave a comment , ,

Cybersecurity for 5G: ENISA Releases Report on Security Controls in 3GPP

Agency News, Cyber Security CII sector, Industry News
Cybersecurity for 5G: ENISA Releases Report on Security Controls in 3GPP
The European Union Agency for Cybersecurity (ENISA) provides authorities with technical guidance on the 5G Toolbox measure for security requirements in existing 5G standards.
The Agency has released its Security in 5G Specifications Report about key security controls in the Third Generation Partnership Project (3GPP), the main body developing technical specifications for fifth generation of mobile telecommunications (5G) networks. As vendors, system integrators and operators build, deploy and manage 5G networks, the ENISA publication underlines the need for cybersecurity and for the national regulatory authorities in charge of cybersecurity policy development and implementation to have a good understanding of these controls.
This new ENISA report is directly driven by the objectives set in the EU toolbox for 5G security - mainly technical measure ‘TM02’. This technical measure calls on the relevant authorities in EU Member States to ensure and evaluate the implementation of security measures in existing 5G standards (3GPP specifically) by operators and their suppliers.
The aim of the report is to help national and regulatory authorities to better understand the standardisation environment pertaining to 5G security, 3GPP security specifications and key security controls that operators must implement to secure 5G networks.
More specifically, the report provides:
- A high-level overview of the specification and standardisation landscape for the security of 5G networks, and of the main activities by various standardisation organisations and industrial groups in the area of 5G;
- An explanation of the technical specifications developed by 3GPP for the security of 5G networks, with a focus on optional security features;
- Summary of key findings and good security practices.
The ENISA report also covers security considerations beyond standards and specifications, such as testing and assurance, product development, network design, configuration and deployment, and operation and management.
Leave a comment , ,

ITU to advance AI capabilities to contend with natural disasters

Cyber Security CII sector, Industry News
The International Telecommunication Union (ITU) – the United Nations specialized agency for information and communication technologies – has launched a new Focus Group to contend with the increasing prevalence and severity of natural disasters with the help of artificial intelligence (AI).
In close collaboration with the World Meteorological Organization (WMO) and the United Nations Environment Programme (UNEP), the ITU Focus Group on 'AI for natural disaster management' will support global efforts to improve our understanding and modelling of natural hazards and disasters. It will distill emerging best practices to develop a roadmap for international action in AI for natural disaster management.
"With new data and new insight come new powers of prediction able to save countless numbers of lives," said ITU Secretary-General Houlin Zhao. "This new Focus Group is the latest ITU initiative to ensure that AI fulfils its extraordinary potential to accelerate the innovation required to address the greatest challenges facing humanity."
Clashes with nature impacted 1.5 billion people from 2005 to 2015, with 700,000 lives lost, 1.4 million injured, and 23 million left homeless, according to the Sendai Framework for Disaster Risk Reduction 2015-2030 developed by the UN Office for Disaster Risk Reduction (UNDRR).
AI can advance data collection and handling, improve hazard modelling by extracting complex patterns from a growing volume of geospatial data, and support effective emergency communications. The new Focus Group will analyze relevant use cases of AI to deliver technical reports and accompanying educational materials addressing these three key dimensions of natural disaster management. Its study of emergency communications will consider both technical as well as sociological and demographical aspects of these communications to ensure that they speak to all people at risk.
"This Focus Group looks to AI to help address one of the most pressing issues of our time," noted the Chair of the Focus Group, Monique Kuglitsch, Innovation Manager at ITU member Fraunhofer Heinrich Hertz Institute. “We will build on the collective expertise of the communities convened by ITU, WMO and UNEP to develop guidance of value to all stakeholders in natural disaster management. We are calling for the participation of all stakeholders to ensure that we achieve this."
Muralee Thummarukudy, Operations Manager for Crisis Management at UNEP explained: "AI applications can provide efficient science-driven management strategies to support four phases of disaster management: mitigation, preparedness, response and recovery. By promoting the use and sharing of environmental data and predictive analytics, UNEP is committed to accelerating digital transformation together with ITU and WMO to improve disaster resilience, response and recovery efforts."
The Focus Group's work will pay particular attention to the needs of vulnerable and resource-constrained regions. It will make special effort to support the participation of the countries shown to be most acutely impacted by natural disasters, notably small island developing states (SIDS) and low-income countries.
The proposal to launch the new Focus Group was inspired by discussions at an AI for Good webinar on International Disaster Risk Reduction Day, 13 October 2020, organized by ITU and UNDRR.
"WMO looks forward to a fruitful collaboration with ITU and UNEP and the many prestigious universities and partners committed to this exciting initiative. AI is growing in importance to WMO activities and will help all countries to achieve major advances in disaster management that will leave no one behind," said Jürg Luterbacher, Chief Scientist & Director of Science and Innovation at WMO. "The WMO Disaster Risk Reduction Programme assists countries in protecting lives, livelihoods and property from natural hazards, and it is strengthening meteorological support to humanitarian operations for disaster preparedness through the development of a WMO Coordination Mechanism and Global Multi-Hazard Alert System. Complementary to the Focus Group, we aim to advance knowledge transfer, communication and education – all with a focus on regions where resources are limited."
Leave a comment , , ,

Compromise of U.S. Water Treatment Facility

Agency News, Cyber Security CII sector, Industry News, Water sector
On February 5, 2021, unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment facility. The unidentified actors used the SCADA system’s software to increase the amount of sodium hydroxide, also known as lye, a caustic chemical, as part of the water treatment process. Water treatment plant personnel immediately noticed the change in dosing amounts and corrected the issue before the SCADA system’s software detected the manipulation and alarmed due to the unauthorized change. As a result, the water treatment process remained unaffected and continued to operate as normal. The cyber actors likely accessed the system by exploiting cybersecurity weaknesses, including poor password security, and an outdated operating system. Early information indicates it is possible that a desktop sharing software, such as TeamViewer, may have been used to gain unauthorized access to the system, although this cannot be confirmed at present date. Onsite response to the incident included Pinellas County Sheriff Office (PCSO), U.S. Secret Service (USSS), and the Federal Bureau of Investigation (FBI).
The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the Environmental Protection Agency (EPA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have observed cyber criminals targeting and exploiting desktop sharing software and computer networks running operating systems with end of life status to gain unauthorized access to systems. Desktop sharing software, which has multiple legitimate uses—such as enabling telework, remote technical support, and file transfers—can also be exploited through malicious actors’ use of social engineering tactics and other illicit measures. Windows 7 will become more susceptible to exploitation due to lack of security updates and the discovery of new vulnerabilities. Microsoft and other industry professionals strongly recommend upgrading computer systems to an actively supported operating system. Continuing to use any operating system within an enterprise beyond the end of life status may provide cyber criminals access into computer systems.
Click here for a PDF version of this report.
Technical Details
Desktop Sharing Software
The FBI, CISA, EPA, and MS-ISAC have observed corrupt insiders and outside cyber actors using desktop sharing software to victimize targets in a range of organizations, including those in the critical infrastructure sectors. In addition to adjusting system operations, cyber actors also use the following techniques:
- Use access granted by desktop sharing software to perform fraudulent wire transfers.
- Inject malicious code that allows the cyber actors to
 - Hide desktop sharing software windows,
 - Protect malicious files from being detected, and
 - Control desktop sharing software startup parameters to obfuscate their activity.
- Move laterally across a network to increase the scope of activity.
TeamViewer, a desktop sharing software, is a legitimate popular tool that has been exploited by cyber actors engaged in targeted social engineering attacks, as well as large scale, indiscriminate phishing campaigns. Desktop sharing software can also be used by employees with vindictive and/or larcenous motivations against employers.
Beyond its legitimate uses, when proper security measures aren’t followed, remote access tools may be used to exercise remote control over computer systems and drop files onto victim computers, making it functionally similar to Remote Access Trojans (RATs). TeamViewer’s legitimate use, however, makes anomalous activity less suspicious to end users and system administrators compared to RATs.
Windows 7 End of Life
On January 14, 2020, Microsoft ended support for the Windows 7 operating system, which includes security updates and technical support unless certain customers purchased an Extended Security Update (ESU) plan. The ESU plan is paid per-device and available for Windows 7 Professional and Enterprise versions, with an increasing price the longer a customer continues use. Microsoft will only offer the ESU plan until January 2023. Continued use of Windows 7 increases the risk of cyber actor exploitation of a computer system.
Cyber actors continue to find entry points into legacy Windows operating systems and leverage Remote Desktop Protocol (RDP) exploits. Microsoft released an emergency patch for its older operating systems, including Windows 7, after an information security researcher discovered an RDP vulnerability in May 2019. Since the end of July 2019, malicious RDP activity has increased with the development of a working commercial exploit for the vulnerability. Cyber actors often use misconfigured or improperly secured RDP access controls to conduct cyberattacks. The xDedic Marketplace, taken down by law enforcement in 2019, flourished by compromising RDP vulnerabilities around the world.
Mitigations
General Recommendations
The following cyber hygiene measures may help protect against the aforementioned scheme:
- Update to the latest version of the operating system (e.g., Windows 10).
- Use multiple-factor authentication.
- Use strong passwords to protect Remote Desktop Protocol (RDP) credentials.
- Ensure anti-virus, spam filters, and firewalls are up to date, properly configured, and secure.
- Audit network configurations and isolate computer systems that cannot be updated.
- Audit your network for systems using RDP, closing unused RDP ports, applying multiple-factor authentication wherever possible, and logging RDP login attempts.
- Audit logs for all remote connection protocols.
- Train users to identify and report attempts at social engineering.
- Identify and suspend access of users exhibiting unusual activity.
Water and Wastewater Systems Security Recommendations
The following physical security measures serve as additional protective measures:
- Install independent cyber-physical safety systems. These are systems that physically prevent dangerous conditions from occurring if the control system is compromised by a threat actor.
- Examples of cyber-physical safety system controls include:
 - Size of the chemical pump
 - Size of the chemical reservoir
 - Gearing on valves
 - Pressure switches, etc.
The benefit of these types of controls in the water sector is that smaller systems, with limited cybersecurity capability, can assess their system from a worst-case scenario. The operators can take physical steps to limit the damage. If, for example, cyber actors gain control of a sodium hydroxide pump, they will be unable to raise the pH to dangerous levels.
Remote Control Software Recommendations
For a more secured implementation of TeamViewer software:
- Do not use unattended access features, such as “Start TeamViewer with Windows” and “Grant easy access.”
- Configure TeamViewer service to “manual start,” so that the application and associated background services are stopped when not in use.
- Set random passwords to generate 10-character alphanumeric passwords.
- If using personal passwords, utilize complex rotating passwords of varying lengths. Note: TeamViewer allows users to change connection passwords for each new session. If an end user chooses this option, never save connection passwords as an option as they can be leveraged for persistence.
- When configuring access control for a host, utilize custom settings to tier the access a remote party may attempt to acquire.
- Require remote party to receive confirmation from the host to gain any access other than “view only.” Doing so will ensure that, if an unauthorized party is able to connect via TeamViewer, they will only see a locked screen and will not have keyboard control.
- Utilize the ‘Block and Allow’ list which enables a user to control which other organizational users of TeamViewer may request access to the system. This list can also be used to block users suspected of unauthorized access.
Leave a comment , , ,

Regulating for resilience: Reigniting ICT markets and economies post-COVID-19

Agency News, Cyber Security CII sector, Industry News
As the COVID-19 pandemic continues its relentless spread, governments, regulators, academics, and the global information and communication technology (ICT) community keep rethinking policy and regulatory frameworks to mitigate the effects of the crisis and chart a way out of it.
The 7th Economic Experts Roundtable convened by ITU provided a platform to generate ideas and solutions to render ICT markets an even more important contributor to social and economic resilience in the face of COVID-19.
The current crisis has brought new challenges to the ICT sector. Regulatory frameworks need to be adjusted to stimulate investment while maintaining a moderate level of competition. Markets and consumer benefits are now examined by decision-makers through the lens of financial adversity and uncertain outlooks.
Amid disruption, policy-makers and regulators need evidence-based guidance that provides a solid ground for their reforms.
A new study released at the Roundtable provides fresh insights backed by authoritative data on the evolution of ICT regulation since 2007, the ICT Regulatory Tracker, and a global dataset on ICT markets economics.
The study shows that ICT regulation has had a measurable impact on the growth of global ICT markets over the past decade.
The analysis uses econometric modelling to pinpoint the impact of the regulatory and institutional frameworks on the performance of the ICT sector and its contribution to national economies.
It provides policy-makers and regulators with evidence to advance regulatory reform and address the challenges and gaps in current regulatory frameworks for digital services and applications.
Upgrading regulatory frameworks: What matters?
The new analysis points to regulatory features that can have a multiplier effect on ICT markets and consumer benefits.
• ICT regulation is positively linked with increases in telecommunication investment. An improvement of 10 per cent in the maturity of national ICT regulatory frameworks is associated with an increase of fixed and mobile investment of over 7 per cent. For this to happen, a country needs a separate, autonomous ICT regulator with a broad mandate, promoting competition and adopting best regulatory practices in ICT licencing, service quality monitoring, and spectrum sharing.
• Tax cuts are associated with a significant boost in capital investment, as they increase available financial resources for network deployment. Reducing profit tax by half leads to an increase of fixed and mobile investment of nearly 14 per cent.
• Streamlining government administrative processes is linked to a significant increase in capital investment, highlighting the importance of minimizing time to obtain network deployment permits, handling municipal network construction requirements, and reducing red tape costs. Slashing administrative processing times by half is linked to an increase in fixed and mobile investment of 17 per cent.
A regulatory power boost for mobile
For the mobile sector, open and collaborative regulatory policies appear to have a strong positive impact on investment. In turn, more investment triggers coverage gains and lower consumer prices, boosts ICT adoption and generates growth in national economies around two years after policy adoption.
• A digital agenda is crucial to accelerating innovation and boosting investment. The introduction of a national broadband plan with a strong implementation framework and leadership increases mobile investment and network coverage by some 15 per cent.
• Converged licensing frameworks maximize the financial returns of investments as they provide a flexible policy approach adapted to technological advances. Such frameworks are associated with a 10 per cent increase in mobile investment and network coverage.
• Allowing voluntary spectrum sharing agreements, thereby helping operators to maximize the opportunities to make investments profitable, creates strong incentives for network deployment. Such collaborative regulatory regimes see an 18 per cent increase in mobile investment and network coverage, and price reduction by close to 10 per cent compared to countries where this is not allowed.
• Openness to foreign operators increases access to capital for network development and modernization and enables technology and know-how transfer. An open mobile market can stimulate capital investment with increases of 14 per cent along with network coverage.
Policy-makers are encouraged to use this report as an evidence base underpinned by a deeper understanding of the linkages between regulatory and institutional contexts and ICT market outcomes, and of which policies can lead markets, consumers, and economies out of the current crisis.
[Source: ITU]
Leave a comment , ,

GCHQ and NSA Celebrate 75 Years of Partnership

Agency News, Cyber Security CII sector, Industry News
The United Kingdom Government Communications Headquarters (GCHQ) and the United States National Security Agency (NSA) commemorate their partnership to share intelligence. These intelligence agencies have worked together for nearly a century to strengthen national security. March 5, 2021 marks the 75th anniversary of the formalized agreement to share information between the two agencies as much as possible, with minimal restrictions.
The British USA (BRUSA) Communications Intelligence (COMINT) Agreement, signed on March 5, 1946, was the original document that formalized the relationship. The agreement emerged from U.K. and U.S. specialists recognizing the beneficial results of intelligence sharing during World War II. The BRUSA Agreement was updated and expanded to become the UKUSA Agreement in 1955. This groundbreaking document created the policies and procedures for U.K. and U.S. intelligence professionals for sharing communication, translation, analysis, and code breaking information.
GCHQ and NSA personnel have worked together to address threats across all domains. The diversity of our experts provides better outcomes in analysis and innovative approaches to form solutions.
The UKUSA Agreement became the foundation for our intelligence alliances with Australia, Canada, and New Zealand. When the challenge is global, working with partners around the world is essential. This extraordinary trust and collaboration brings a strategic advantage in our nations’ safety.
The 75th anniversary of the UKUSA Agreement marks the passage of a historic and lasting relationship which enhances the resilience of our nations’ defenses and security of our future.
Leave a comment , ,

NYU Tandon’s Index of Cyber Security sees rapid rise in nation-state concerns

Cyber Security CII sector, Industry News
The recent Solar Winds attack confirms fears from cybersecurity experts that threats from nation-states are on the rise.
Cybersecurity experts across the world reported a 5% rise in nation-state and targeted counterparty hacking concerns in December, according to an index issued by a research team from the NYU Center for Cybersecurity (CCS) at the New York University Tandon School of Engineering. This rise appears to correlate closely with the recent “sunburst” attack on national and business infrastructure via SolarWinds’ Orion business software updates.
The Index of Cyber Security, which is updated monthly at the NYU CCS website, collects sentiment estimates via direct polling of practicing security experts around the world on cybersecurity threat-related issues. The index has operated since 2008, with CCS curating and hosting the research project for two years.
“When we saw this rise, we immediately connected it to the recent massive third-party software attack involving SolarWinds,” said NYU Tandon Distinguished Research Professor Edward Amoroso, who leads the ICS research team. “The experts who provide data for our index clearly saw this threat as increasing in intensity.”
An additional risk indicator that rose during the month was a shift toward cyberattacks being specifically aimed at counterparties. “This increased targeting of designated counterparties, versus devices, systems, or other non-human actors, is consistent with the motivation inherent in most nation-state campaigns,” said Amoroso.
The sentiment index is based on observational factors such as unpatched servers, unsatisfactory audit findings, and average time to respond to an incident. Amoroso’s academic research group at NYU Tandon’s Department of Computer Science and Engineering collaborates with TAG Cyber LLC, which supports information technology functions.
Leave a comment , ,

INTERPOL report charts top cyberthreats in Southeast Asia

Agency News, Cyber Security CII sector, Industry News
An INTERPOL report has highlighted the key cybercrime trends and threats confronting the Association of Southeast Asian Nations (ASEAN) region.
INTERPOL’s ASEAN Cyberthreat Assessment 2021 report outlines how cybercrime’s upward trend is set to rise exponentially, with highly organized cybercriminals sharing resources and expertise to their advantage.
It provides strategies for tackling cyberthreats against the context of the pandemic which has seen more people going online using mostly unprotected mobile devices, creating a surge in cybercriminal activities profiting from the theft of personal information and credentials.
The report further describes the essential collaboration on intelligence sharing and expertise between law enforcement agencies and the private sector, facilitated by INTERPOL’s global network.
The INTERPOL’s ASEAN Cybercrime Operations Desk (ASEAN Desk) with the support from law enforcement agencies in the region and INTERPOL’s private sector cybersecurity partners identify the region’s top cyberthreats:
- Business E-mail Compromise campaigns continue to top the chart with businesses suffering major losses, as it is a high-return investment with low cost and risk.
- Phishing. Cybercriminals are exploiting the widespread use of global communications on information related to COVID-19 to deceive unsuspecting victims.
- Ransomware. Cybercrime targeting hospitals, medical centers and public institutions for ransomware attacks has increased rapidly as cybercriminals believe they have a higher chance of success given the medical crisis in many countries.
- E-commerce data interception poses an emerging and imminent threat to online shoppers, undermining trust in online payment systems.
- Crimeware-as-a-Service puts cybercriminal tools and services in the hands of a wider range of threat actors – even non-technical ones, to the extent that anyone can become a cybercriminal with minimal ‘investment’.
- Cyber Scams. With the increase of online transactions and more people working from home, cybercriminals have revised their online scams and phishing schemes, even impersonating government and health authorities to lure victims into providing their personal information and downloading malicious content.
- Cryptojacking continues to be on the radar of cybercriminals as the value of cryptocurrencies increases.
“Cybercrime is constantly evolving. The COVID-19 pandemic has accelerated digital transformation, which has opened new opportunities for cybercriminals,” said Craig Jones, INTERPOL’s Director of Cybercrime.
“Through this report, INTERPOL strives to support member countries in the ASEAN region to take a targeted response against ever-evolving cybercrime threats to protect their digital economies and communities,” added Mr Jones.
Under the mandate of reducing the global impact of cybercrime and protecting communities, the INTERPOL Regional Cybercrime Strategy for ASEAN sets out INTERPOL’s key priorities and principles against cybercrime in the region.
Delivered through INTERPOL’s ASEAN Desk and ASEAN Cyber Capacity Development Project, the strategy is underpinned by four pillars: enhancing cybercrime intelligence for effective responses to cybercrime; strengthening cooperation for joint operations against cybercrime; developing regional capacity and capabilities to combat cybercrime; and promoting good cyber hygiene for a safer cyberspace.
Leave a comment , , ,
1 19 20 21 22 23 28