Ransomware attacks continue to plague nations such as Japan and Singapore, where they are expected to remain a significant concern especially for critical information infrastructure (CII) sectors. Small and midsize businesses (SMBs), too, are a growing worry as they often lack resources and more likely to fall victim to cyber attacks. Cyber attacks had been increasing in volume over the last few years and this past year was no exception, NTT’s chief cybersecurity strategist Mihoko Matsubara said in an interview with ZDNET. The Ukraine war also had prompted questions from organisations in Japan about how it would impact the cyber threat landscape, said Tokyo-based Matsubara, but noted it was difficult to determine if there was a direct correlation between the ongoing conflict and growing number of cyber attacks. She added that most companies, as they digitalised their operations, would have more IT assets and an expanded attack surface to protect, making it more difficult to safeguard their network amidst the onslaught of attacks. The heightened awareness of the potential risks, however, presented an opportunity for businesses and countries to enhance their cyber resiliency, she said.Righard Zwienenberg, ESET’s senior research fellow, said the security vendor’s research showed a drop in ransomware attacks this year, with phishing still the top threat, especially for companies in Japan.However. the figures did not necessarily indicate hackers were moving their attention away from ransomware, said Zwienenberg, who also is a member of the Europol European Cyber Crime Center’s advisory group. Instead, the drop in the number of ransomware attacks likely reflected a change in “business model” that concentrated less on lower tiered companies and more on higher value enterprises with deeper pockets. This meant hackers could demand higher ransoms from their targeted victims, he said, pointing to ransom demands last year that ranged from $4.4 million in the US Colonial Pipeline ransomware attack, to $70 million with Kaseya and $240 million involving MediaMarkt. And rather than blocking access to sensitive or customer data, he added that cybercriminals increasingly were opting for extortion, in which they would threaten to release their victims’ data and notify the public about the data breach. This would cause more damage to the targeted organisations, including financial penalty for potentially violating local data privacy regulations, and push them to pay the ransom. Zwienenberg advocated the need for regulations that would stop organisations from giving in to ransom demands, noting that there was never any guarantee ceding to such demands would lead to a full recovery of stolen data or that hackers would remove data logs. He also pointed to growing worries about CIIs amidst a shift in target towards these sectors and cyber warfare, as a result of the war in Ukraine. SMBs need help staving off attacksMatsubara, too, expressed concerns about an increase in ransomware attacks targeting hospitals in Japan as well as SMBs. Citing the Japanese National Police Agency, she noted that more than half of companies affected by ransomware attacks were SMBs, compared to one third that were large or major Japanese organisations. With SMBs an integral part of global supply chains, she urged governments and industry players to work together and identify ways, apart from funding, to provide better support to bolster SMBs’ business continuity capabilities. The Tokyo metropolitan government, for instance, rolled out a uniquely Japanese campaign that included a series of manga-styled guidebooks to better help SMBs visualise cybersecurity attacks and how they should mitigate and respond to threats, such as ransomware and business email compromise. Matsubara noted, though, that the ongoing Ukraine conflict had prompted more dialogues between governments and their local industries, as part of efforts to exchange threat intel. This was encouraging since the public sector was not always forthcoming about sharing information in the interest of national security, said Matsubara, who once worked at the Japan’s Ministry of Defence and served on the government’s cybersecurity R&D policy committee. Noting that cybersecurity was a global challenge, she said it was increasingly necessary for defence ministries to engage with the general public and business leaders so they could help local industries enhance their cyber defences and better protect infrastructures.Ensuring there was a bridge between the public and private sectors also would help shape regulations and polices that were practical, while ensuring technologies could be developed in a timely and effective way, she added. It would further encourage incident reporting and mutual sharing of threat intel, since businesses would not feel it was an unfair one-sided trade and would be better assured their insights were being taken seriously, she said. Asked how nations with dedicated cyber defence units such as Singapore should ensure these were effective, Matsubara again underscored the need for cyber intelligence sharing amongst various ministries and industry, particularly CII operators. There also should be regular joint cybersecurity exercises between government agencies, CII companies, and the cyber defence unit to test their incident response capabilities. Pointing to the ransomware attack that brought down the US Colonial Pipeline last year, she said the case demonstrated that financially-motivated cybercrimes that targeted a specific company could cause significant damage in other sectors as well as the rest of the country. Other nations also could be impacted since there were no borders in the cyber realm.The potentially wide spread and interdependencies of CII sectors, such as transport and energy, further stressed the importance for governments and the industry to participate in intelligence sharing and joint cybersecurity exercises, she said. Sociopolitical tensions such as the ongoing Sino-US trade war, though, could introduce further complexities to the global ecosystem, particularly if it resulted in the decoupling of technology infrastructures.It could mean organisations would have to support more protocols to ensure interoperability, potentially resulting in more exploits and more patches to deploy, Zwienenberg said. Businesses–in particular, SMBs–already were taking too long to roll out fixes, with known exploits left unpatched sometimes for months, he said, noting that old exploits such as Wannacry still infecting systems today. RELATED COVERAGE More

The largest free trade agreement in history was signed over the weekend, with 15 countries in the Asia Pacific region agreeing to be signatories. In total, the agreement will cover 30% of the world’s GDP and population to surpass the Trans-Pacific Partnership in scale.
The signatories involved are Australia, China, Japan, New Zealand, South Korea, and the 10 members of ASEAN, including Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Philippines, Singapore, Thailand, and Vietnam.
The signatories’ leaders agreed to the terms of the Regional Comprehensive Economic Partnership (RCEP) at the Association of South-East Asian Nations (ASEAN) summit in Bangkok last year, with the agreement being officially signed on Sunday. In a joint statement, the signatories said the trade deal would play an important role in plans to recover from the pandemic and help build the region’s resilience through an “inclusive and sustainable post-pandemic economic recovery process”.
“In light of the adverse impact of the pandemic on our economies, and our people’s livelihood and well-being, the signing of the RCEP Agreement demonstrates our strong commitment to supporting economic recovery, inclusive development, job creation, and strengthening regional supply chains,” the signatories said in the joint statement.
The RCEP will primarily focus on standardising trade rules across countries in a bid to make it easier for people to do business. For example, the RCEP will enforce a new single set of rules for accessing preferential tariffs in any of the 15 RCEP markets. 
RCEP countries will also create a new framework of rules for telecommunications that build on ASEAN’s existing free trade agreements that focus on improving access and use of public telecommunications systems and access to essential telecommunications facilities. The new framework will also ensure RCEP countries do not discriminate against each other in providing access to submarine cable systems.
In terms of cybersecurity, RCEP countries have committed to collaborating and exchanging information on best practices for dealing with cybersecurity incidents and building the capacity of authorities to respond. When drafting the RCEP, signatory countries said they recognised that cooperation with each other was crucial for preventing cybersecurity attacks.   

The RCEP also includes commitments to ensure that signatories do not prevent business data and information from being transferred across borders. In addition, the RCEP includes commitments to prevent countries from imposing measures that require computing facilities to be located within their own territories. These commitments will not apply to the financial services sector, however, and also include exceptions for measures implemented for national security or other public policy reasons.
Signatory countries will also work together on a range of issues, including helping small and medium-sized enterprises overcome obstacles in using electronic commerce, encouraging the development of practices that enhance consumer confidence, and targeted cooperation on research, training, capacity building and technical assistance. To address this, Australia will commit AU$46 million to provide technical assistance and capacity building to help eligible ASEAN countries implement their RCEP commitments.
Other changes include a new scope for trade in services throughout the region including across telecommunications, professional, and financial services; improved mechanisms for tackling non-tariff barriers, including in areas such as customs procedures, quarantine, and technical standards; greater investment certainty for businesses; new rules on ecommerce to make it easier for businesses to trade online; a common set of rules on intellectual property; and agreed rules of origin that are aimed at increasing the competitiveness of signatory markets within regional production chains.  
The RCEP, which took eight years to negotiate, was previously intended to include India as well. India pulled out of negotiations last year, however, due to concerns surrounding how the agreement would impact its agricultural sector. Despite India’s withdrawal, the joint statement from the signatories said it was welcome to enter into the RCEP agreement.
Related Coverage More

The Department of Home Affairs on Friday said it agrees with submissions from industry that government currently does not have the technological capability for implementing a travel rule for cryptocurrencies.A travel rule, if ratified, would require financial institutions to pass certain information onto another financial institution to provide more transparency regarding cryptocurrency movement.The travel rule was recommended by the Financial Action Task Force (FATF) in May as it believed the rule would aid in preventing terrorists and other criminals from having unfettered access to electronically-facilitated funds transfers for moving their funds and for detecting such misuse when it occurs. “I think it depends on the way that [the travel rule] is implemented so a technological solution that takes a lot of the legwork out of that would be a game changer. [But] we are not at the point where, globally, there is such a technological solution,” said Home Affairs assistant secretary Daniel Mossop, who appeared before the Senate Committee on Australia as a Technology and Financial Centre on Friday afternoon. Australian Transaction Reports and Analysis Centre (Austrac) national manager Bradley Brown shared a similar sentiment during the hearing, saying a solid basis for a technological solution for facilitating the travel rule would be required if the travel rule were to go live. Brown’s input to the committee is an update of Austrac’s view of the travel rule. Shortly after the FATF recommended the rule, Austrac CEO Nicole Rose said her agency was interested in regulating the exchanges that “turn cash into cryptocurrency” and would consider the merits of implementing the rule within Anti-Money Laundering and Counter-Terrorism Financing regulation. Later in the afternoon, the committee questioned Australian Securities and Investments Commission (ASIC) representatives about the scope of Australia’s regulatory powers in relation to crypto assets. Commissioner Cathie Armour said ASIC’s own powers currently were limited when regulating crypto assets, clarifying that it can only regulate crypto assets if they are a financial product.  

Armour added that Australian regulation of crypto assets has primarily been an exercise of crime enforcement rather than financial regulation. Committee chair Senator Andrew Bragg then asked whether Parliament could enact custody arrangements for digital assets in the financial space that leverage existing rules. Armour explained that this would be dependent on how Australia wants to regulate crypto assets. “Is it as a separate category that they decide covers all digital assets? Or is it more an identification of which digital asset might fit into the existing categories of financial products better,” she said. “I think once your committee has considered what would be the best approach there, that could happen,” Armour said. The committee is currently in the last phase of its inquiry, which is focusing on removing more barriers to Australian growth as a technology and finance centre. The inquiry first kicked off in October 2019.Related Coverage More

Image: Firewalla I’ve been experimenting with Firewalla firewalls since the launch of the original Blue model, but for the last two months, I’ve been using the Firewalla Gold as my network’s main router.  I finally made the switch for a number of reasons, one of which was the fact that Firewalla has a Wi-Fi SD […] More

By Jiap — Shutterstock It has been a totem of the cryptocurrency community that the numeric addresses of Bitcoin and other wallets will protect the identity of those using them to buy and sell.  A new paper, released this week by researchers at Baylor College of Medicine and Rice University, has shattered that presumed anonymity. […] More