What's new

Cybersecurity firm claims to have found evidence of a Cyber attack against Pakistan

My old man is actually a cyber security expert. In the old days, the idea (to stop any kind of espionage) was to avoid doing anything stupid, e.g., when on assignment overseas, don't engage with the locals (esp. women); don't open suspicious looking packages (esp. when you're not expecting them), etc.

Yes, we need to improve our cyber security tech, but if you carefully read the OP article as well as look into the vast majority of cyber attacks, they all start with a stupid action. In this case, it's people opening emails with promising looking intelligence reports (stupid: who the heck will send YOU an intel report via email!?!?)

We can fix 75% of the gap in 25% of the time via basic cyber security training and education for all personnel, setting processes re: emails, and -- above all -- restricting personnel usage of smartphones, WhatsApp, FB, Twitter, etc.

I'd say if there's a start to investing in tech, it's banning personal devices from any armed forces installation, including the canteen, masjid and mess, and issuing special devices with hardware encryption and thorough MDM banning Google Play/App Store and sideload installs. It goes without saying we shouldn't get our devices from the US or Europe, but directly from China, but in pieces, and then re-assembled in Pakistan.

Thanks for the very well detailed response. For the uninitiated folks like me, how does signals intelligence tie into cyber security? Are there any similarities and how would your rate Pakistan’s capabilities? Few years ago, Pakistan is believed to have done the infamous Operation Arachnophobia which targeted Indian institutions. What does this say about inherent capabilities in Pakistan?
 
.
My old man is actually a cyber security expert. In the old days, the idea (to stop any kind of espionage) was to avoid doing anything stupid, e.g., when on assignment overseas, don't engage with the locals (esp. women); don't open suspicious looking packages (esp. when you're not expecting them), etc.

Yes, we need to improve our cyber security tech, but if you carefully read the OP article as well as look into the vast majority of cyber attacks, they all start with a stupid action. In this case, it's people opening emails with promising looking intelligence reports (stupid: who the heck will send YOU an intel report via email!?!?)

We can fix 75% of the gap in 25% of the time via basic cyber security training and education for all personnel, setting processes re: emails, and -- above all -- restricting personnel usage of smartphones, WhatsApp, FB, Twitter, etc.

I'd say if there's a start to investing in tech, it's banning personal devices from any armed forces installation, including the canteen, masjid and mess, and issuing special devices with hardware encryption and thorough MDM banning Google Play/App Store and sideload installs. It goes without saying we shouldn't get our devices from the US or Europe, but directly from China, but in pieces, and then re-assembled in Pakistan.

Or you can opt for camera less Nokia type phones that only send/receive calls or SMS instead of locked smart phones.

This is the current practice in several strategic organizations. Even there this access is for higher level officials. Lower level officials don't get access to mobile phones (only landlines).

Similarly several of these organizations have their own fiber optic network and are not on outside network with usb ports removed (except for few that are on higher grades).

However, information security training is important. Many of the hacks begin by social engineering.

Moreover, all these personnel need to reduce sharing their personal information/pics on Facebook e.t.c.

However, going old school in army will reduce it's efficiency.

Many of operations in FATA/swat had help from platoon level Intel sources (local civilans that were cultivated for Intel at platoon/company level) so encrypted locked smart phones might help in ops area.
 
.
Thanks for the very well detailed response. For the uninitiated folks like me, how does signals intelligence tie into cyber security? Are there any similarities and how would your rate Pakistan’s capabilities? Few years ago, Pakistan is believed to have done the infamous Operation Arachnophobia which targeted Indian institutions. What does this say about inherent capabilities in Pakistan?
Don't know much about micro-level SIGINT; for good reason, procurement in that regard tend to fall under the table and out of view. I do know there are Canadian companies that export that stuff, but to whom, they won't say, but they definitely aren't only NATO or big time US allies.
 
. .

Thanks for the tag. The article seems a propaganda. It is more focused on creating Pakistani nuclear weapons as threat. Now moving on to the scale of attack. I think there was few days back news about banking system being hit and that news s died with much coverage. This article has not confirmed any perticular attack and jumping around and endding the whole thing on the same banking hack which was not a hack of banking system but credit card creditiancial theft. Done by skimming or hacking any online store data base. So I cannot really conclude what this article is trying to achieve here.
 
.
This incident only goes to show the serious ways Pakistan is generations behind in this technology, even compared to countries like Iran. [/USER]

The above quote is the final conclusion... we are even not in a mood to take it seriously and move forward. Yes, we have launched few websites with fancy URLs and that's all.

Back in 2005, GCHQ and NSA acquired Pakistan’s NADRA entire data record and we did not have a clue ....we only came to know through Snowden Leaks. Same is the case here. We have no proper CERT & SOCs. Others often intrude, complete their job and let us know thet they were sitting on our back.

https://www.dawn.com/news/1190080
 
Last edited:
.
A new campaign of exploits and malware has hit Pakistan’s Air Force, and it shows signs of being the work of a sophisticated state-sponsored actor in the Middle East. It also has implications for governments and organisations far from Pakistan’s borders, Dark Reading reported.

According to Cylance researchers, the espionage campaign has been named “Operation Shaheen” in reference to the Shaheen Falcon that is the symbol of Pakistan’s Air Force. According to Kevin Livelli, director of threat intelligence at Cylance and one of three authors of three bundled reports detailing the operation, Shaheen is frequently invoked in the phishing email messages used as launch vectors for the attacks.

After the email messages, though, the campaign quickly becomes highly sophisticated. The threat actor, dubbed the “White Company” by the Cylance researchers, uses an array of evasion and obfuscation techniques to hide the presence and operation of malware.

“The White Company is the first threat actor of any kind that we’ve encountered that targets and effectively evades no fewer than eight different antivirus products,” Livelli says. Those eight products — from Sophos, ESET, Kaspersky, Bitdefender, Avira, Avast, AVG, and Quick Heal — were then turned against their owners when the malware “surrendered” to the antivirus software on a specific date. The surrender, he says, seems intended to distract, delay, and divert the target’s resources after the espionage package had achieved persistence on the victim’s systems.

According to Livelli, the White Company’s campaign is notable not just for the sophistication of its evasion techniques, but for the many layers of obfuscation employed. As Tom Pace, senior director of consulting services at Cylance and another report author, explains, “One of the techniques is packing the malware, which is a common technique. They’re packing it in five different layers, which is pretty significant.” That’s because, with each level of packing, there’s a risk of corrupting the exfiltrated data, making it unusable, he says.

“For the White Group to risk packing five times is indicative of a very good familiarity with leveraging this kind of tool, and it’s something we don’t really see very often,” Pace says. Most threat actors might pack their malware once or even twice, but five-level packing is “… both impressive technically, and something we don’t see,” he adds.

Operation Shaheen is not the only White Group campaign underway, either, though Cylance hasn’t yet completed the research to say who the other targets are. Even for those not currently in the group’s crosshairs, though, there are reasons to be concerned by this activity.

“If you apply the traditional techniques of investigating these kinds of incidents, you would have missed most of the key takeaways here and not really understood what was going on in the campaign,” Livelli says. “If [traditional techniques are] applied in another context, and you’re following the tried-and-true methods, you’re not going to learn the right answers.”

As for what to do with that concern, both Livelli and Pace suggest a redoubling of basic efforts. “Even people that are incredibly sophisticated, with no technical limitations to their skills, are still just sending emails,” Pace says.

And users can be trained to avoid those emails, he adds. “If you look at some of the titles of documents there, they are like a perfect example of things that you see in most companies’ security awareness program training,” he explains.
 
. . .
Pakistan Needs a dedicated National Cyber-Security Review, to isolate Critical infrastructure from Civilian networks. Air Gaps and dedicated networks for only essential data. The rest should be the old one time pad encryption and the like. Also this article starts with Phishing Emails. Cyber-Security Hygiene needs to not only be retaught, but enforced with White Hats testing security regularly. Chinese Government approved Consultants should be hired by the Pakistani Government to bring at all aspects of the Pakistani Government, Military, and top Industry up to the latest cyber defense strategies. Recently 22 of Pakistan's Banks were compromised. This has to be taken seriously.

https://www.theregister.co.uk/2018/11/12/pakistan_military_virus/
 
.
Back
Top Bottom