{"id":26798,"date":"2016-05-25T10:59:32","date_gmt":"2016-05-25T00:59:32","guid":{"rendered":"http:\/\/www.aspistrategist.ru\/?p=26798"},"modified":"2016-05-25T10:59:32","modified_gmt":"2016-05-25T00:59:32","slug":"cyber-wrap-121","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/cyber-wrap-121\/","title":{"rendered":"Cyber wrap"},"content":{"rendered":"

\"\"Following costly compromises in<\/span> Bangladesh<\/span><\/a>,<\/span> Vietnam<\/span><\/a> and<\/span> Ecuador<\/span><\/a>, Gottfried Leibbrandt, CEO of international bank settlement company Swift<\/span> has told a conference in Brussels<\/span><\/a> that cyber threats are his main source of anxiety. In his speech Leibbrandt outlined the organisation\u2019s response to the cyber security breaches that have seen millions of dollars stolen. According to Leibbrandt, Swift plans to harden its security requirements, require certification for third party providers, assist members to identify suspicious behaviour, and develop security audit frameworks to ensure new security controls are properly implemented.<\/span><\/p>\n

Swift has also<\/span> criticised some members<\/span><\/a> for being slow to report cyber security incidents affecting the network. Internationally, data breach notification requirements are inconsistent and there is disagreement about whether mandatory breach reporting has value. In<\/span> The Wall Street Journal<\/span><\/i><\/a>, Denise Zheng from CSIS and Andrea Castillo from George Mason University have discussed the case for and against mandatory data breach notifications. Zheng says that requiring companies to disclose breaches improves collective cyber security responses, but Castillo believes that regulating breach disclosure could weaken the ability of companies to properly investigate and respond to cyber threats. In Australia, the<\/span> Privacy Amendment (Notifications of Serious Data Breaches) Bill<\/span><\/a> is expected to be introduced into Parliament<\/span> later this year<\/span><\/a>. The Bill includes mandatory data breach disclosures and notifications for customers whose data is lost in cyber security incidents.<\/span><\/p>\n

James Clapper, the US Director of National Intelligence,<\/span> told Congress back in 2015<\/span><\/a> that Russia had surpassed China as the US\u2019s principal cyber threat, even though Russian<\/span> hackers have been notoriously hard to detect<\/span><\/a>. This week Switzerland\u2019s CERT.ch<\/span> has revealed<\/span><\/a> that one of the country\u2019s top defence, aerospace and technology firms,<\/span> Ruag<\/span><\/a>, had been compromised for at least two years by an<\/span> APT<\/span><\/a>, most likely linked to the Russian<\/span> Turla APT<\/span><\/a>. CERT.ch was apparently monitoring the breach for some time to gather evidence about the APT\u2019s tactics and techniques, but this was cut short after a<\/span> media leak earlier this month<\/span><\/a>. CERT.ch<\/span> characterised the actor responsible<\/span><\/a> as extremely patient and deliberate, moving carefully through the company\u2019s network and identifying individuals so that they could specifically target only those with valuable information. System logs revealed at least five occasions last year when significant amounts of Ruag\u2019s data was exfiltrated<\/span> using proxy servers<\/span><\/a>.<\/span><\/p>\n

Not to be outdone, a Chinese APT<\/span> dubbed \u2018Ke3chang\u2019 by FireEye<\/span><\/a> has reappeared two and a half years after it was first detected<\/span> targeting European foreign ministries just before the G20 summit.<\/span><\/a> Palo Alto\u2019s Unit42<\/span><\/a> has<\/span> found evidence<\/span><\/a> that Ke3chang has reengineered a remote access tool into a new tool called TidePool in order to target 30 Indian embassies around the world. Ke3chang distributes TidePool by<\/span> spoofing emails<\/span><\/a> from other embassy employees to induce their targets to open infected attachments. The vulnerability used (<\/span>CVE-2015-2545<\/span><\/a>) has also recently been used by another hacker group against<\/span> anti-China protesters in Hong Kong<\/span><\/a>.<\/span><\/p>\n

Moving across the ditch, Andrew Hampton, the new head of New Zealand\u2019s signals intelligence organisation GCSB, has told<\/span> stuff.co.nz<\/span><\/a> that one of the \u2018more disturbing revelations\u2019 of his first month at the helm was the scale of the cyber threat that his agency deals with. Hampton revealed that GCSB detects an average of seven serious cyber incidents per month, in addition to about 12 reports from other agencies of less serious incidents. He characterised the actors responsible as \u2018foreign sourced, complex and persistent\u2019. Hampton is a career public servant, but<\/span> unusually for his role<\/span><\/a> has no previous experience in intelligence or security.<\/span><\/p>\n

And finally, the status of the US Cyber Command is again<\/span> under examination<\/span><\/a>, as Congress debates a measure in the National Defense Authorisation Act (NDAA)<\/span> that would elevate Cyber Command to the status of Unified Combatant Command<\/span><\/a>, equivalent to Pacific Command or Central Command. The measure was passed by the<\/span> House<\/span><\/a>, but is absent from the<\/span> Senate\u2019s version of the Bill<\/span><\/a>, and the<\/span> White House has opposed<\/span><\/a> its inclusion in the NDAA. Cyber Command is currently a Sub-unified Command of Strategic Command, while its commander Admiral Mike Rogers is dual-hatted as Director of the NSA. Rogers has lobbied for Cyber Command to be taken out of Strategic Command as it would allow more control over its strategic priorities and budget measures which<\/span> he believes<\/span><\/a> \u00a0will allow it to better respond to cyber threats. <\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

Following costly compromises in Bangladesh, Vietnam and Ecuador, Gottfried Leibbrandt, CEO of international bank settlement company Swift has told a conference in Brussels that cyber threats are his main source of anxiety. In his speech …<\/p>\n","protected":false},"author":364,"featured_media":26802,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[391,95,713],"class_list":["post-26798","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-cyber","tag-cyber-security","tag-cyberattack"],"acf":[],"yoast_head":"\nCyber wrap | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/cyber-wrap-121\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cyber wrap | The Strategist\" \/>\n<meta property=\"og:description\" content=\"Following costly compromises in Bangladesh, Vietnam and Ecuador, Gottfried Leibbrandt, CEO of international bank settlement company Swift has told a conference in Brussels that cyber threats are his main source of anxiety. In his speech ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/cyber-wrap-121\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2016-05-25T00:59:32+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/05\/15129043791_385a69ab17_z.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"425\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Liam Nevill\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Liam Nevill\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI's analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/cyber-wrap-121\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/05\/15129043791_385a69ab17_z.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/05\/15129043791_385a69ab17_z.jpg\",\"width\":640,\"height\":425},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/cyber-wrap-121\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/cyber-wrap-121\/\",\"name\":\"Cyber wrap | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/cyber-wrap-121\/#primaryimage\"},\"datePublished\":\"2016-05-25T00:59:32+00:00\",\"dateModified\":\"2016-05-25T00:59:32+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/d81d6aff5a42bb8e53d00720fad0e936\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/cyber-wrap-121\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/cyber-wrap-121\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/cyber-wrap-121\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cyber wrap\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/d81d6aff5a42bb8e53d00720fad0e936\",\"name\":\"Liam Nevill\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/cfa81d9fb18f77771edc760e855ec75f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/cfa81d9fb18f77771edc760e855ec75f?s=96&d=mm&r=g\",\"caption\":\"Liam Nevill\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/liam-nevill\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cyber wrap | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/cyber-wrap-121\/","og_locale":"en_US","og_type":"article","og_title":"Cyber wrap | The Strategist","og_description":"Following costly compromises in Bangladesh, Vietnam and Ecuador, Gottfried Leibbrandt, CEO of international bank settlement company Swift has told a conference in Brussels that cyber threats are his main source of anxiety. In his speech ...","og_url":"https:\/\/www.aspistrategist.ru\/cyber-wrap-121\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2016-05-25T00:59:32+00:00","og_image":[{"width":640,"height":425,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/05\/15129043791_385a69ab17_z.jpg","type":"image\/jpeg"}],"author":"Liam Nevill","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Liam Nevill","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI's analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/cyber-wrap-121\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/05\/15129043791_385a69ab17_z.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/05\/15129043791_385a69ab17_z.jpg","width":640,"height":425},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/cyber-wrap-121\/","url":"https:\/\/www.aspistrategist.ru\/cyber-wrap-121\/","name":"Cyber wrap | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/cyber-wrap-121\/#primaryimage"},"datePublished":"2016-05-25T00:59:32+00:00","dateModified":"2016-05-25T00:59:32+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/d81d6aff5a42bb8e53d00720fad0e936"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/cyber-wrap-121\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/cyber-wrap-121\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/cyber-wrap-121\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"Cyber wrap"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/d81d6aff5a42bb8e53d00720fad0e936","name":"Liam Nevill","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/cfa81d9fb18f77771edc760e855ec75f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cfa81d9fb18f77771edc760e855ec75f?s=96&d=mm&r=g","caption":"Liam Nevill"},"url":"https:\/\/www.aspistrategist.ru\/author\/liam-nevill\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/26798"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/364"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=26798"}],"version-history":[{"count":3,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/26798\/revisions"}],"predecessor-version":[{"id":26803,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/26798\/revisions\/26803"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/26802"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=26798"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=26798"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=26798"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}