This Week In Security - 06/08/2020
Anti-Racism Sites Hit With Cyber Attacks
As protestors take to the streets to demonstrate their anger and frustration over the death of George Floyd in police custody, others are turning to cyber attacks to register their displeasure.
Cloudflare last week announced it had seen a surge in DDoS attacks on both US military sites and anti-racism and “advocacy groups, with a staggering increase of 1,120 times”.
CEO of Cloudflare, Matthew Prince, along with chief technology officer (CTO), John Graham-Cumming, said such “groups went from having almost no attacks at all in April to attacks peaking at 20,000 requests per second” in June.
Prince and Graham-Cumming warned that “if recent history is any guide, those who speak out against oppression will continue to face cyber attacks that attempt to silence them”.
Attacks on government websites, including fire and police departments, have also increased since the protests started. These are believed to be the work of “hacktivists acting in support of the protestors”.
Cloudflare voiced its support for the protestors and the groups currently under attack, saying it would remain “committed to making sure they can continue to function in the face of these attacks, regardless of their resources or the size of the attack”.
NATO Denounces COVID-19-related Cyber Attacks
The North Atlantic Treaty Organization (NATO) issued a statement condemning “destabilizing and malicious cyber activities directed against those whose work is critical to the response against the pandemic, including healthcare services, hospitals, and research institutes”.
The statement seeks to reaffirm “NATO’s Cyber Defence Pledge”, saying “we are determined to employ the full range of capabilities, including cyber, to deter, defend against and counter the full spectrum of cyber threats”.
NATO said it would “stand in solidarity with those who have been affected by malicious cyber activities and remain ready to assist Allies, including by continuing to share information, as they respond to cyber incidents that affect essential services”.
The statement, released on 4th June in English, French, and Russian said the organization would “continue to adapt to the evolving cyber threat landscape, which is affected by both state and non-state actors”. It also reiterated the fact that “all states have an important role to play in promoting and upholding voluntary norms of responsible state behavior”.
NATO’s statement echoes warnings issued by the UK National Cyber Security Centre (NCSC), the US Cybersecurity and Infrastructure Security Agency (CISA), and Interpol regarding the increase in ransomware attacks on healthcare and research organizations across the world.
North Korea Responds to US Cyber-attack Allegations
North Korea issued a statement last week denying it had anything to do with “what is claimed by the US to be a ‘cyber threat’”.
The statement was made in response to a report released by the US government last month “which accused the North of committing multiple high-profile cyber-crimes”.
Experts suspect North Korea-affiliated hackers of being behind the theft of “US-ROK military plans in 2017…and conducting a high-profile personal device hack in 2019”. North Korea has also been accused of instigating the 2016 Bangladesh Bank heist.
The statement was attributed to a spokesperson for the National Coordination Committee for Anti-Money Laundering and Countering the Financing of Terrorism of the Democratic People’s Republic of Korea and accused the US of trying to “tarnish the image of our state and create a moment for provoking us by employing a new leverage called “cyber threat” together with the issues of nukes, missiles, “human rights”, “sponsoring of terrorism” and “money laundering”.
The statement concluded by saying that “the U.S. should be clearly aware that worthless and worn-out plots and fabrications invented continuously by themselves will no longer work against the international community”.
UK Creates Dedicated Cyber Regiment
In recognition of the evolving face of warfare, the UK’s Ministry of Defence has created its first Cyber Regiment.
The 13th Signal Regiment “will protect vital defense networks at home and on operations overseas”, providing secure communications and “digital armor” to military personnel.
The regiment was “officially stood up” on 1st June, with defense secretary, Ben Wallace, saying “Cyber-attacks are every bit as deadly as those faced on the physical battlefield”.
During the Second World War, the 13th Signal Regiment “helped to pioneer the use of wireless technology and high-frequency wireless radios” and “had operators stationed in Berlin throughout the Cold War”.
The new cyber regiment hopes to “build on its predecessor’s proud legacy of innovation” by “matching cutting edge technology with cyber-fit soldiers to compete and win in the Information Age”.
As the basis of “the new Army Cyber Information Security Operations Centre”, the specialist unit will focus “on the protection of the Defence’s cyber domain” while working with both the Royal Air Force and the Royal Navy “to provide secure networks for all military communications”.
The 13th Signal Regiment will consist of around “250 specialist servicemen and women who possess relevant high-end technical skills”.