TII’s Cryptography Research Center Launches CLAASP Cryptanalysis Tool
Analyzing symmetric cipher algorithms just became significantly easier! The Technology Innovation Institute’s (TII) Cryptography Research Center (CRC) has announced the release of a cryptanalysis tool called CLAASP – an acronym for a Cryptographic Library for the Automated Analysis of Symmetric Primitives.
Built upon the computer algebraic system SageMath, CLAASP took over four years to develop and leverages Python3 to automate the design analysis of symmetric primitives such as block ciphers, cryptographic permutations, hash functions, and stream ciphers by employing a cryptanalytic approach.
As the era of quantum computing becomes a reality, cryptographic libraries have quickly grown in importance to become critical assets for organizations ranging from governments to businesses and even individual researchers. CLAASP’s unparalleled maturity, generality, and completeness make it a crucial tool to ensure design sovereignty for organizations of their own symmetric ciphers.
Dr Najwa Aaraj, Chief Researcher TII’s Cryptography Research Center and Autonomous Robotics Researcher Center, said, “While CLAASP may not completely replace manual analysis, it still helps to mitigate the risks and decrease the time and effort associated with carrying it out – allowing cryptanalysts to focus on comparing cipher designs and to a lesser extent on implementation issues.”
Notably, in a bid to make it widely accessible to the public, CLAASP has been released as an open-source tool and carries a GPLv3 license.
Kaspersky Intros New Enterprise Specialisations and Benefits to its Partner Program
Kaspersky United partner program now includes new Enterprise specializations for its Gold and Platinum partners. Rebates for resellers and distributors were also updated, and new compensations were introduced for Proof of Concept and Deployment services.
Kaspersky introduced two new specializations for partners that provide significant advantages when selling and deploying enterprise solutions: Enterprise specialization for Gold and Platinum partners and Enterprise+ for Platinum partners. These specializations allow partners to get additional rebates to drive sales of Expert products, to be eligible for prioritized presale support from Kaspersky, to run joint marketing activities for enterprise solutions, and other benefits. Partners offering advanced cybersecurity services to their customers, including the deployment of Kaspersky solutions, can get the Enterprise+ specialization. Partners with this specialization will be eligible to receive compensation for POC services and deployment, technical training vouchers, and much more benefits.
The program for distributors now includes two specializations. The Value Added Distributor (VAD) specialization allows partners to get rebates for sales of specific enterprise products, and the Specialist specialization rewards distributors for deployment and POC services on behalf of the partner. Distributors with VAD specializations are focused on driving enterprise product sales to the market, and Specialist specialization is created for the distributors who are eager to deliver deployment and additional services to customers. For MSP distributors in Italy, Iberia, France, North America, APAC, and LATAM, Kaspersky introduced additional rebates for MSP sales.
Kaspersky LMP (License Management Portal) is becoming easier to operate and to search for customers there. MSP partners can purchase an SKU Plus license, which allows them to get 24/7 immediate phone support from the Kaspersky team instead of the standard system of ticketing. Another update for MSPs includes a possibility for partners to buy Kaspersky Professional Services on behalf of the MSP, and Kaspersky will help with its expertise in deployment, implementation, etc.
“The introduction of the new Enterprise specializations reflects the shift in our corporate strategy, as we have extended our secure-by-design solution offering to enterprise customers globally. We believe they create additional opportunities for our channel partners to leverage the global cybersecurity trends and to address the growing cybersecurity customer concerns. These changes can be a great opportunity to grow businesses both for our partners and us,” comments Kirill Astrakhan, Executive Vice President at Kaspersky.
A Total of 13 Organizations in 9 Countries Fall Victim to “Dark Pink”
Group-IB has today published a new update into the APT (advanced persistent threat) group codenamed Dark Pink, revealing that a total of 13 organizations in 9 countries have now fallen victim to this malicious actor. Dark Pink’s operations were detailed in depth by Group-IB’s Threat Intelligence unit in a January 2023 blog post, and at this time, researchers linked the group to attacks on 7 organizations in the Asia-Pacific region and 1 in Europe. Group-IB experts have since discovered 5 new Dark Pink victims, and the geographic scope of the group’s operations is wider than previously thought, as organizations in Brunei, Thailand, and Belgium were all hit by Dark Pink attacks.
Continued analysis has revealed that this group is still active, as Dark Pink attacked a government ministry in Brunei this past January and a government agency in Indonesia as recently as April 2023. Additionally, Group-IB researchers were able to attribute three other attacks from 2022 to this particular APT group. The initial access vector for Dark Pink attacks continues to be spear-phishing emails, and Group-IB researchers noted in their January 2023 blog that the group utilized an almost-entirely custom toolkit to exfiltrate files and messenger data from infected devices and networks.
Since then, Group-IB experts can reveal that Dark Pink APT has updated many of these custom tools, changing their functionalities in order to allow the group to slip undetected past defense mechanisms of cybersecurity systems. For example, the group’s custom KamiKakaBot module, designed to read and execute commands from the threat actors via Telegram, is still stored on the filesystem of infected devices, but it is now divided into two distinct parts — one that controls the device and the other that steals sensitive data. Dark Pink also continues to use an MSBuild utility to launch KamiKakaBot in the infection chain.
Group-IB’s Threat Intelligence unit has discovered Dark Pink’s new account on GitHub, which was created as soon as the first information about the APT group was published in the public domain this past January. The threat actors can issue commands to infected machines to download files from this GitHub account, and Group-IB researchers found 12 commits to the new account performed between January 9 and April 11, 2023.
Recent attacks have also seen the group exfiltrate stolen data over a HTTP protocol using Webhook service, and they have also leveraged functionalities of an MS Excel add-in to ensure the persistence of TelePowerBot (a simpler version of KamiKakaBot written in PowerShell). In line with Group-IB’s zero-tolerance policy to cybercrime, all confirmed and potential victims of Dark Pink attacks were issued with proactive warnings.
“Dark Pink APT shows no sign of slowing down,” Andrey Polovinkin, Malware Analyst at Group-IB, said. “APT groups are renowned for their responsiveness and ability to adapt their custom tools to continually avoid detection, and Dark Pink is no exception. The profile of the affected targets underscores the significant danger that Dark Pink poses for both public- and private-sector actors. Group-IB will continue to analyze all Dark Pink activity and ensure that confirmed and potential victims are informed.”
Regional Cybersecurity Leaders Promote Joint Action Against Cybercrime at GSMA M360 EURASIA 2023 Conference
On the sidelines of the GSMA M360 EURASIA 2023 conference in Baku, Azerbaijan, cybersecurity experts from the Middle East and Central Asia highlighted the need for collective action to address the global cybersecurity challenge at an exclusive media roundtable.
Dr. Tural Mammadov, Director of the Azerbaijan Computer Emergency Response Center (CERT), was joined in the panel by Dr. Mohammad Khaled, Director of Business Development and Strategic Projects, e& Enterprise, Dr. Elvin Balajanov, Chairman of the Board of Azerbaijan Cybersecurity Organization Association and Dr. Aloysius Cheang, Chief Security Officer, Huawei Middle East & Central Asia. Dr. Haitham Hilal Al Hajri, Sr. Executive – Cyber Security Projects, Oman National CERT, moderated the discussions.
Dr. Tural Mammadov observed that given the scale of the cybersecurity threat, no single regulatory body possesses enough depth to police cybercrime effectively. “The solution lies in all stakeholders working together, including bringing end-users on board. Numerous attacks today bypass information systems entirely and target end users directly. Telecoms cannot react to such threats as they lack visibility, requiring joint action by service providers, cybersecurity experts, and the end users.”
Under the theme of “Build more secure and resilient telecom networks to support the future digital economy efficiently,” participants in the media roundtable discussed various topics, including collaborations among network operators and their partners, suppliers, and customers in defending against telecom cybersecurity, how regulators could promote local telecom industry’s cybersecurity development, and the role that cybersecurity plays in safeguarding critical information infrastructure and the digital economy, among other topics.
Dr. Mohammad Khaled reiterated the need to diversify solutions and technology providers as part of an effective cyber defense strategy. “If we try to build one solution to defend against all threats, whatever application we put in place can be easily understood, manipulated, and finally breached. Since we face numerous cybersecurity threats, we must by necessity deploy as many cyber defense tools that address specific challenges.”
Similarly, Dr. Elvin Balajanov, Azerbaijan Cybersecurity Organization Association, stated that since the telecom infrastructure is built upon multiple technologies, then a multi-stakeholder cybersecurity approach is required to implement a holistic cybersecurity strategy. “A holistic approach promotes information sharing, which is very important, especially considering that different stakeholders depend on each other. Further, the cybersecurity landscape is too diverse and rapidly evolving; therefore, all stakeholders must remain informed and up-to-date.”
Dr. Aloysius Cheang highlighted the importance of regional cybersecurity initiatives such as OIC-CERT and the ITU Arab Regional Cyber Security Center in the overall war against cybercrime. “Through multinational efforts such as these, we can find synergies such as initiating joint projects, which can then be customized and localized. That said, such projects should follow a public-private partnership (PPP) model. In such a scenario, the industry should drive the process while governments provide the framework to ensure success.”
The telecom industry has become an integral part of modern society and is recognized as a critical infrastructure industry (CII). It plays a vital role in connecting people, businesses, and governments, facilitating communication, information sharing, and commerce on a global scale. However, as telecom networks become more complex and interconnected, they become more vulnerable to cyber threats.
Global standards, internationally agreed processes, and industry best practices are critical in addressing cyber threats effectively. NESAS/SCAS is an ideal example of global collaborative efforts in this domain. It offers a standardized cybersecurity assessment mechanism jointly defined by GSMA and 3GPP, the telecom industry’s leading standards-setting organizations, and GSMA 5G Cybersecurity Knowledge Base to provide useful guidance on 5G security risks and mitigation measures.
Toward the end of the session, Dr. Haitham Hilal Al Hajri reiterated that the Cybersecurity of telecoms is a critical component of national security, and therefore, it is essential to bring together telecom stakeholders to achieve a more robust telecom cybersecurity posture. This includes working closely with telecom service providers, equipment manufacturers, government entities, and other ICT industry players to identify and mitigate cybersecurity risks, develop and implement best practices, deliver cutting-edge digital services unimpeded by cyber threats, and further continuously raise awareness about the importance of cybersecurity in telecom.