Updates

Cybercrime

2018

The European Commission has called for improved capacity of the EU and its Member States to attribute cyber attacks. In its joint communication to the European Parliament, the European Council and the Council, “Increasing resilience and bolstering capabilities to address hybrid threats", the Commission emphasised the importance of attribution to deterring potential aggressors and holding the culprits accountable. Member States were encouraged to continue their work on attribution of cyber-attacks and the practical use of the cyber diplomacy toolbox to step up the political response to cyberattacks. The Commision also urged the European Parliament and the Council to swiftly agree on the proposed legislation on gathering electronic evidence, as it would significantly enhance the ability of law enforcement to investigate and prosecute cybercrime.

The Government of Canada unveiled Canada’s second National Cyber Security Strategy. The Government committed to better protect Canadians from cybercrime and respond to evolving threats and defend critical systems, revealing that a Canadian Centre for Cyber Security will be established for these purposes. A new National Cybercrime Coordination Unit under the Royal Police will coordinate cooperation with domestic and international partners. The Government also vowed to make Canada a global leader in cybersecurity by fostering research, innovation, skills and knowledge, starting with emerging areas of Canadian excellence, such as quantum computing and blockchain technologies. The third goal is to advance cybersecurity in Canada while working to shape the international cybersecurity environment in Canada's favour, where Canada’s interest include open, free, and secure internet and enhancing international cooperation to combat cybercrime. The strategy is supported with $507.7M over five years and $108.8M per year.

Qrius reports that on June 5, Egypt’s parliament passed a cybercrime law that establishes regulations that will impose restrictions on social media and other online content, with implications for web censorship and freedom of expression. The law has been under discussion for some time, as authorities seek to stop 'terrorist and extremist ideologies'. According to Global Voices, the law 'gives investigative authorities the right to “order the censorship of websites” whenever a site hosts content that “poses a threat to national security or compromises national security or the national economy”.

A sophisticated malware dubbed VPNFilter discovered by Cisco’s Talos security team is reported to have infected over 700,000 routers in at least 54 countries since 2016, including those made by ASUS, D-Link, Huawei, Ubiquiti, UPVEL, ZTE, Linksys, MikroTik, Netgear, and TP-Link. Unlike most of the emerging IoT threats, the backdoor of this malware remains even after rebooting the device. According to Talos analysis, the most advanced module of the malware, called “ssler”, allows intercepting and altering the traffic flowing through the infected router thanks to a “man-in-the-middle” capability. This enables also infecting the devices and networks connected to a particular router, rendering a pool of possibly infected devices much larger. The module also has a self-destruct option which removes all the traces of its operations and makes the device unusable. FBI, which obtained a warrant to seize a domain used to control the infected routers, believes that the malware was developed by the hacking group Sofacy (also known as Fancy Bear and APT28), which they previously identified as sponsored by Russia.

UK’s Digital Secretary Matt Hancock has announced new plans to create regulation to ensure that ‘the UK is the safest place in the world to be online’. According to the British government, there is a lack of sufficient oversight or transparency for technology companies, resulting in inappropriate and harmful content online, ranging from cyberbullying and intimidation to online child sexual exploitation and extremist material. While working closely with industry, the government will work on a white paper, to be published later this year, which will draft legislation against digital harms. The move is part of the UK’s Internet Safety Strategy.

Mexico’s central bank confirmed that there was a cyber attack on Mexican financial institutions, in which the attackers siphoned around 300 million pesos from five institutions. According to the Governor of the Central Bank, the attackers tried to weaken the connection of financial institutions with the Interbank Electronic Payment System (Sistema de Pagos Electrónicos Interbancarios,- SPEI) issuing fraudulent transfers, which affected the accounts of the institutions themselves. SPEI itself was not affected, and neither were the end users as their transactions occur in a separate system.

Pages

 

The GIP Digital Watch observatory is provided by

 

 

and members of the GIP Steering Committee



 

GIP Digital Watch is operated by

Scroll to Top