View this email in your browser
Prague Security Studies Institute is pleased to introduce its fourth issue of TIDS Newsletter, 
which will provide you with the latest updates and analysis on Technology, Infrastructure,  Data & Security in the context of the Czech Republic and Central Europe with a particular focus on cyber, economic & financial security.

Update on cybersecurity in the Czech Republic
» Exercise "Defence 2020" will test crisis management plans to hybrid threats
» 5G Security Conference to be held again in Prague
» Only one in ten Czech companies has cyber insurance
» Czech Republic joins EU quantum communications initiative
» Avast Antivirus admits to selling user data to 3rd parties
» Czech Republic falls in international cybersecurity ranking
» Cybercrime is rapidly on the rise, report Czech police
» Malta bank cyberattack involves Czech accounts as well
» PRG.AI project aims to stimulate research and student interest in AI
Technology, Infrastructure, Data & Security in Europe and Overseas
» Hackers infiltrate UN networks
» UK reveals Russian state cyber attacks on Georgia
» Turkish government-backed hackers strike Europe, Middle East
» University of Maastricht pays cyber-ransom in Bitcoin
» Russian group hacks major German auto parts producer
» Facebook settles major personal data lawsuit with state of Illinois
» NATO Stratcom director warns about dangers of big data and targeted media
» US considers investments in Huawei’s rivals
» Sony Ericsson and Nokia to build 5G for France’s largest telecom firm
» UK will not fully exclude Huawei from 5G network
» US weighs ban on supplying chips to Huawei
» Bank of Japan warns of increased cyberattacks ahead of Olympics
» Check Point 2020 Security Report sees rise in new cyber threats
» BEC scams account for half of cyber crime losses, says FBI 2019 Internet Crime Report
» Federal judge halts progress on cloud-computing deal with the Department of Defense

Network Security Spotlight: Moving towards a European 5G Plan
» “5G toolbox” encompasses both EU-level mechanisms, such as coordinated foreign investment screening and cybersecurity certification controls, as well as national-level measures.
» Exercise "Defence 2020", taking place between 9-12th of March, will test whether the country´s crisis management plans can adequately respond to potential hybrid threats, including cyberattacks targeting critical infrastructure, disinformation and public unrest. The Ministry of Defence is responsible for this exercise, which will include various government institutions, members of the security community, but also Parliament representatives.
»The 5G Security Conference, hosted by the Czech National Cyber and Information Security Agency (NCISA) and the Office of the Government, will be held between 5-6th of May in Prague. It will be a follow up on last year’s event, which resulted in the development of Prague's 5G security toolbox and subsequently shaped the EU’s common approach to 5G. The goal of the forthcoming conference is to provide a so-called Prague 5G Repository and to analyze non-EU experiences with 5G measures.
» In 2019, only one in ten Czech companies had cyber insurance to protect their computer infrastructure (based on data from the Czech state statistical office). Cyber insurance was more common among large companies (17%) and middle-sized companies with 50 to 250 employees (14%).
» The Czech Republic joined a pan-EU initiative to build quantum communications infrastructure. The technology involved is expected to protect critical information infrastructure and secure information exchange in unprecedented ways.
» Antivirus company Avast sold data from its users to 3rd parties via its subsidiary company Jumpshot, according to Motherboard and PCMag. Avast did not deny such claims and responded through a public statement that the company ceased any data selling activities in December 2019.
» The rise in computer attacks led to a deterioration of the country’s cybersecurity ranking. Because of this rise, cybersecurity company Check Point reported that the Czech Republic is now ranked the 69th least secure country (as opposed to 87th in November 2019).
» Cybercrime is rapidly on the rise– while in 2018 the Czech police documented 6,815 cases, last year this number rose to 8,417 (a 23% increase), confirming the trend of organized criminal groups moving into the virtual world. A significant share of cybercrime is associated with fictitious online shops.
» A cyberattack was discovered on the Bank of Valetta, Malta’s largest and oldest bank, in which hackers attempted to steal €13 million last February. The attack involved accounts in the UK, United States, Hong Kong and Czech Republic. Part of the stolen money was secured by Czech financial intelligence.
» A Czech project named PRG.AI seeks to nurture greater interest in artificial intelligence (AI) among students, help new startups in the field, and support the innovation potential of Czech industry. Currently, PRG.AI organizes educational seminars for university students.


» A leaked report shows that last year hackers infiltrated the UN networks in Geneva and Vienna. The AP that according to internal UN documents dating back to September 2019, 42 servers were compromised and 25 others were considered suspicious. Among accounts known to have been accessed were those of domain administrators.
» The UK, together with Georgian and international partners, revealed that the GRU, Russia’s military intelligence service, carried out a number of cyberattacks on Georgian government and media institutions in 2019, defacing websites and interrupting broadcasting. British officials have strongly condemned the attacks.
» Hackers supported by the Turkish state have attacked at least 30 organizations, including government ministries, security services and embassies. Reuters specifically highlights victims in Greece, Cyprus, Iraq and Albania. They all occurred in late 2019 or early 2020, but a broader series of attacks is believed to be ongoing.
» The University of Maastricht said that it had paid hackers a ransom of 30 bitcoin — at the time worth $220,000 — to unblock its computer systems, including email and computers, after an attack that unfolded on Dec. 24. Cybersecurity firm Fox-IT, which helped the university recover and analyze what happened, identified the hackers as TA505, a Russian-language criminal group.
» A criminal group attacked the German car components producer Gedia,which employs over 4,000 people in seven countries. The ransomware damaged the company's ability to work– it was forced to shut down its IT system. The group used Russian-language forums on the dark web to threaten to publish the company’s sensitive data.
» Facebook settled with Illinois for $550 million in a lawsuit regarding the storage of facial recognition imagery without the user’s consent. It is one of the largest payouts for a privacy breach in US history.
» "At the moment, when you buy a phone, your privacy ceases to exist," says Jānis Sārts, the director of NATO STRATCOM in Latvia. “Mobile phones collect private information; which users do not even share with their friends. Platforms such as Facebook monetize those collections. Their algorithms recommend us personalized pieces of information in an emotional way. We should establish funds for independent journalism, otherwise, emotional news will only rise”, Sārts claims.
» The U.S. should consider buying a share in European telecommunication companies Nokia and Ericsson, said the U.S. Attorney General Barr. The intended effect would be limit China’s dominance in 5G by strengthening its rival firms.
» Sony Ericsson and Nokia were selected for the construction of a 5G network by France’s biggest telecoms company, Orange. Since Orange currently uses the equipment of the above-mentioned companies, continued cooperation “was the easiest solution”.
» The UK decided on the construction of its 5G network - Huawei will not be excluded absolutely, but only from so-called core areas. It is presented as a compromise by the government between security and economic efficiency. Notwithstanding the fact that the core will not be constructed by Chinese companies, US government experts worry about the fading of boundaries between the core and the periphery components in the future.
» The US weighs forbidding the delivery of chips to Huawei Technologies. Under the draft proposal, foreign companies that use US chip-making equipment would have to seek a US license before supplying Huawei. Given that no Chinese production line is independent of foreign chip-suppliers, this step would mean a significant blow to China in the ongoing US-China economic battle.
» The Bank of Japan (BoJ) issued a warning to the Japanese financial sector ahead of the 2020 Tokyo Olympic Games about the increased possibility of cyberattacks. In a survey conducted by BoJ, roughly 40% of Japanese financial institutions have experienced cyberattacks in the last three years. Strikingly, 60% of the institutions reported that they do nto have sufficient personnel to deal with such threats.
» Check Point 2020 Security Report points to an increase in botnet armies and cloud-focused attacks, cryptocurrency mining attacks and counterfeit e-shop websites. However, phone attacks are on the decline.
» The FBI 2019 Internet Crime Report states that BEC (Business Email Compromise) scams accounted for half of the reported financial losses from cybercrime activity. The idea behind BEC is to spoof an email account for a legitimate person/company and send fake invoices to company employees or contractors.
» A federal judge acknowledged Amazon’s claim and ordered Microsoft to halt any progress on its 10 billion dollar cloud-computing contract with the Department of Defense.



On January 29th, the Network Information Security Cooperation Group, a committee of the European Commission, laid out the first guidelines for an EU-wide approach to the issue of European 5G network security. Their report identifies shared risks tied to network development, and outlines a common “5G toolbox” of methods for managing and mitigating those risks. These “tools” encompass both EU-level mechanisms, such as coordinated foreign investment screening and cybersecurity certification controls, as well as national-level measures, including localized risk assessment and corresponding regulatory action.
The Commission has focused on the need to restrict access to critical infrastructure for entities deemed to constitute a risk to European network security, rather than on implementing outright EU-wide bans.
The Commission’s statements appear to mirror the general rhetoric employed in the United Kingdom’s decision to allow Chinese telecoms firm Huawei a “limited role” in its 5G network development earlier that month, though the Cooperation Group’s report does not discuss the risks associated with Huawei explicitly.
While the EU heads of states agree on the need for a coordinated approach to 5G network security, the member states remain divided on the issue of Huawei. Recent statements by both Germany’s governing Christian Democratic Union party and France’s cybersecurity chief suggest both countries will exclude Huawei from critical elements of their networks but not ban the company altogether. On the other hand, the Czech Republic has been a leading European voice in calling attention to 5G security risks. At last May’s Prague 5G Security Conference, organized by the Czech Ministry of Foreign Affairs, a panel of leading international experts concluded that “unauthorized access to communications systems could expose unprecedented amounts of information or even disrupt entire societal processes”, and recommended that all service providers should adhere to the highest possible security, transparency and accountability standards, a recommendation seen as advising against working with Huawei in any capacity.

Copyright © 2020 Prague Security Studies Institute, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.