NISC, NoMoreRansom, AsterX, BTC ETF, March 3rd – March 9th - This Week in Security
Editor's Introduction
This week in security editor is Koichi this week. Today's TWIS I chose topics of Japanese related ones, NISC, No More Ransom, AsterX, and Bitcoin ETF.
We in F5 SIRT invest a lot of time understanding the frequently changing behavior of bad actors. Bad actors are a threat to your business, your reputation, and your livelihood. That’s why we take the security of your business seriously. When you’re under attack, we’ll work quickly to effectively mitigate attacks and vulnerabilities, and get you back up and running. So next time you are under security emergency please contact F5 SIRT
NISC and cyber attack on a port
The National Center of Incident Readiness and Strategy for Cybersecurity (NISC) is an organization established in the Cabinet Secretariat to develop the information security policies of the Japanese government, monitor and analyze malicious activities against information systems of administrative departments, provide necessary advice and information, and other assistance in ensuring cyber security, conducts audits, etc. It also serves as a general coordinator for cyber security, not only with administrative agencies but also with certain critical infrastructure operating companies.
NISC regularly has meetings to decide its action plans. On March 8, the 39th meeting of the Cybersecurity Strategy Headquarters was held, and according to the publication, ports were added to the critical infrastructure monitoring items for Japan's cybersecurity. As the background of this decision, the ransomware incident in last year is listed.
On July 4, 2023, Nagoya United Terminal System (NUTS) at a container terminal at the Port of Nagoya, was attacked by the ransomware group "LockBit", resulting in halted container loading and unloading operations for approximately three days. This incident was the cyber attack of ransomware, conducted by "LockBit," an attacker group believed to be of Russian origin. The incident revealed that there wasn't a person in charge of cyber security for the port operation systems, which needs to be improved.
Then, Let us discuss about LockBit in the next item.
Source: https://www.nisc.go.jp/pdf/about/nisc_gaiyou.pdf (Japanese) , https://www.nisc.go.jp/pdf/council/cs/dai39/39cs_press.pdf (Japanese)
"No More Ransom"
LockBit is a ransomware group that provides ransomware as an attack infrastructure, the so-called "RaaS (Ransam as a Service)", explained in the previous TWIS.
The news source reports that nearly a quarter of all ransomware submissions are by LockBit.
In February, law enforcement agencies of 14 countries joined forces to launch "Operation Cronos" to defend against LockBit and other criminal groups. In addition to arresting some of the individuals involved, they have taken countermeasures such as seizing related assets such as leaked websites, crypto asset (virtual currency) accounts, and decryption keys.
The joint team and some security companies also launched "No More Ransom" website to educate the people and give prevention advice.
Through Operation Cronos, the European Criminal Police Organization announced the Japanese National Police Agency developed a tool, the "Decryption Checker" which allows users to investigate how much they can decrypt the victim files, but just to know how much, not decrypting it. It is uploaded in "No More Ransom" website.
For LockBit, LockBit 3.0 Decrypter is also available in "No More Ransom" website.
Source: https://www.security-next.com/154009(Japanese)
AsterX Space CyberDefense exercise
The French Air and Space Force (Armée de l'Air et de l'Espace Française) conducts AsterX, the space cyber attack/defense exercise annually. However, participants have been limited to Europe countries and the United States until recently.
In this year, AsterX (AsterX 24) will be held in France from April 4 to April 15. 16 countries and European-based aerospace companies like MBDA and Ariane Group will participate, and from this year, Japan's Self-Defense Forces will participate as well.
The AsterX will be held in the style of a real-time war game. In the scenario, a fictional adversary threatens the space assets of the neighboring countries (it is fictional as well), and a Joint task force of participants will try to defend the allied country.
Some sources of this news see the fictional adversary as a simulation of Russian cyberattacks.
One of the good effects of participating in international exercises is to increase partnerships with other countries and companies, which will affect when a real cyber-attack happens.
https://air.defense.gouv.fr/asterx/dossier/presentation-asterx-2024
Bitcoin ETF
Bitcoin has reached its ATH (all-time high). The Bitcoin ETF is believed to be the reason for the surge, due to the large inflow of funds. You can check the amount of inflows into that ETF and heatmap at Bitcoin ETF Overview.
So Bitcoin becomes a more valuable asset. How about security? Over 10 years the Bitcoin system, with its robust system, has not been brought down or stopped by attacks. The only successful thefts to date have occurred outside of the Bitcoin protocol. The Bitcoin network’s security is multi-layered. Transaction hashing, mining, block confirmations, and game theory all work together to make Bitcoin’s blockchain impenetrable.
The most well-known threat to Bitcoin might be quantum computing (its ability to decrypt the public key to get its private key). According to researchers at the University of Sussex, a quantum computer with 1.9 billion qubits of processing power would be needed to break into the Bitcoin network within 10 minutes. (1 block = 10 minutes, so the attacker needs to decrypt within 10 minutes) As far as I know, it is unlikely to happen with the current quantum computer's ability. And if it is going to happen, and the threat comes to mind of Bitcoin developers, a new Bitcoin Improvement Proposal (BIP) will be filed to adapt post-quantum cryptography.