The criminal network behind the Goznym malware has been dismantled by law enforcement agencies in Europe and USA. According to Europol, the criminal network used GozNym malware in an attempt to steal an estimated USD$100 million from more than 41 000 victims. The criminals spammed hundreds of potential victims with e-mails that contained a malicious link or attachment, which upon clicking redirected the victims’ computer to a malicious domain on a server hosting the GozNym malware. Upon gaining unauthorised access to victims’ online bank accounts, the hackers initiated electronic transfers of funds, which were laundered in the US and other accounts and distributed amongst the members of the network. Out of 10 persons indicted in the case, 5 remain at large.
The European Parliament voted for the establishment of a border management system known as the Common Identity Repository (CIR). The database will collate the identity and biometric records of over 350 million persons. Apart from EU citizens identification data, data from tourists, immigrants, and asylum seekers will also be captured. It will include identity records such as names, dates of birth, passport numbers, and other identification details as well as biometrics such as fingerprints and facial scans. Reports indicate that the CIR will consolidate data from the Schengen Information System, Eurodac, the Visa Information System (VIS) and three new systems: the European Criminal Records System for Third Country Nationals (ECRIS-TCN), the Entry/Exit System (EES), and the European Travel Information and Authorisation System (ETIAS). The CIR will be among the world’s largest digital identification databases, similar to India’s Aadhar. It will be available to border and law enforcement officers.
Norsk Hydro, one of the world’s biggest aluminum producers, suffered a cyber-attack in which hackers blocked its systems with ransomware. This caused Hydro to switch some of its production units to manual operation. The Norwegian National Security Authority (NNSA, the state agency in charge of cybersecurity) said the hackers used LockerGoga ransomware in the attack, which originated from the USA. The attack may have cost the company more than $40 million in the week it occurred.
The Council of the European Union adopted the EU Law Enforcement Emergency Response Protocol that gives a central role to Europol’s European Cybercrime Centre (EC3) to support EU law enforcement authorities in providing response to cross-border cyber incidents of a suspected criminal nature.
The protocol determines the procedures, roles, and responsibilities of key agencies and players; promotes rapid assessment of cyber threats; secure and timely sharing of critical information through special communication channels and points of contact; as well as co-ordination of cross-border investigations. It aims to complement the EU's crisis management processes by streamlining transnational co-operation and enabling collaboration with network security community and partners from the private sector.
Singapore is another country which announced investment in experts to deal with issues connected to cyberdefence such as cyber incident responses, network monitoring and vulnerability assessment. It opened a school to arm future recruits with the necessary skill sets.
The Australian Parliament has adopted the Telecommunications and Other Legislation Amendment (Miscellaneous Amendments) Bill 2019. The Bill replaced the definitions of systemic weaknesses and vulnerabilities, which are now defined only as affecting ‘a whole class of technology’, and don’t include those ‘selectively introduced to one or more target technologies that are connected with a particular person’, thereby possibly creating space for those selectively introduced to be exploited by the law enforcement agencies. In addition, the new section (317ZG) introduces certain limitations to law enforcement measures, by specifying that technical assistance requests and notices, and technical capability notices, cannot have the effect of creating new decryption capabilities or weakening existing authentication or encryption mechanisms, or create a risk that otherwise secure information be compromised by unauthorised third parties.
Bank of Valletta (BOV) has suspended all its operations, including ATM machines, point-of-sale systems, online banking, website, and communications systems, after unknown hackers broke into its network and transferred 13 million euro to accounts in the US, the UK, the Czech Republic, and Hong Kong. According to Times of Malta, BoV has confirmed that customer accounts, funds, and data, were not compromised, because hackers breached the payment processing system from BOV’s account, not customers’. Contrary to the initial belief expressed by the Maltese Prime Minister that stolen funds would be retrieved, BOV officials expressed concerns that this may not be possible. Several local businesses that rely on BOV were affected, not being able to process related payments. BOV accounts for about half of Maltese banking transactions.
E-mail provider VFEmail suffered a hack aimed at destroying user data, almost losing 18 years’ worth of customer e-mail. On 11 February, VFEmail tweeted that all externally facing systems in multiple data centers were down. Later, the company revealed that an attacker formatted all disks on every server and that every VM, file server and backup server were lost. On 17 February the company unearthed an older backup server which was last backed up in August 2016. The next day, all mailboxes prior to August 2016 became available at nl101.vfemail.net port 1144. The company tweeted it will not shut down and that it hopes it can recover user data between June 2016 and February 2019. They also clarified that the US data center has been vacated and that the company will run entirely from the data center in Netherlands.
EU’s Horizontal Working Party on Cyber Issues is developing a sanctions regime to deter and respond to cyber-attacks, which builds on the EU Cyber Diplomacy Toolbox. An internal memo ‘Cyber Diplomacy Toolbox – Options for a restrictive measures framework to respond to or deter cyber activities that threaten the security or foreign policy interests of the Union or its Member States’ outlined a regime to sanction foreign hacker groups, involved in data breaches, intellectual property theft and stealing of classified information, attacks on IT and critical infrastructure, as well as election hacks, Bloomberg reports. Sanctions, which include asset freezes and travel bans, can be put in place regardless of the attack succeeding or not, if the victim is an EU country or an EU partner. Measures will, however, have to be accompanied by criminal evidences, defensible at the European Court of Justice, thus allowing prosecuted parties to appeal the decision. In addition, when imposing sanctions, unanimity will be required among EU member states. According to Politico, the plan will be forwarded to foreign affairs attachés, and the regime is expected to be in place before the elections for the European Parliament in May, in order to avoid possible interference with the elections.