The spread of fake news relating to government initiatives around Covid-19 placed Brazil on a list of countries most affected by phishing attacks, according to new research on spam and phishing published by security firm Kaspersky.
According to the report, about one in eight Internet users in Brazil (12.9%) accessed, between April and June 2020, at least one link that led to websites with malicious content. This is well above the global average, of 8,26% within the same period of time.
The massive increase in disinformation campaigns around supposed government initiatives relating to the pandemic are the main driver behind the increase, the software firm noted. An example of the scams sent to users in recent months mentioned in the report is an email with the false information that the government had suspended payments for energy bills during the pandemic, which included a link inviting users to register for the benefit.

The recent trends place Brazil as the fifth country most affected by phishing on a list compiled by Kaspersky as part of the report. Venezuela tops the list, where 17.56% of users have clicked on a link leading to malicious content, followed by Portugal (13.51%), Tunisia (13.51%) and France (13.08%).
A separate study by Kaspersky, released in July, suggests that Brazilians are more aware of Internet security risks, but still need to evolve their online behavior. The study carried out in May, which considered users with at least two connected devices, has found that 48% have not improved their Internet security habits.
This relaxed attitude to online security has three main reasons, according to the research: some 45% of Brazilians are not prioritizing this due to everyday pressures, despite recognizing that they should pay more attention to their security while using the Internet. Some 36% say they feel more secure while carrying out financial and business transactions online while 33% of Brazilians polled reported they don’t have anything of value to offer to cybercriminals.
When it comes to how Brazilians deal with such threats, almost two thirds (62%) of Brazilians polled by Kaspersky stated they only install trusted apps on their devices, downloaded from sources including the Apple Store and Google Play. More than half (54%) said they run regular security checks on their mobile phones. More

Written by

Eileen Yu, Contributor

Eileen Yu
Contributor

Eileen Yu began covering the IT industry when Asynchronous Transfer Mode was still hip and e-commerce was the new buzzword. Currently an independent business technology journalist and content specialist based in Singapore, she has over 20 years of industry experience with various publications including ZDNet, IDG, and Singapore Press Holdings.

Full Bio

China has lashed out at a trade initiative led by the US, which aims to establish mutually agreed standards in four key areas including the digital economy and supply chains. Beijing has described the move as the Biden administration’s attempts to “contain” China and create divisions. The Indo-Pacific Economic Framework (IPEF) was launched on Monday with 12 participating nations from the region, including Singapore, Australia, India, Indonesia and Japan. This group accounted for 40% of global GDP and 60% of the world’s population. It is expected to the largest contributor of global growth over the next three decades, according to the US government. It touted the benefits of the new framework for America, adding that trade with the Indo-Pacific supports more than 3 million American jobs. Brunei, South Korea, Malaysia, New Zealand, the Philippines, Thailand, and Vietnam also are part of the trade framework.  

The IPEF aimed to address 21st century economic issues with various arrangements that spanned establishing rules for the digital economy, ensuring secure and resilient supply chains, driving investments in clean energy infrastructure, and improving standards for transparency and fair taxation. Noting that past models did not address challenges across these areas, the Biden administration said a new model was necessary to resolve them. It added that businesses increasingly were looking for alternatives to China and countries participating in the Indo-Pacific Framework would be “more reliable partners” for US businesses. The IPEF, however, will not lay out plans for tariffs or easier market access, which are common objectives of traditional free trade agreements. Rather, the Indo-Pacific framework will pull its partners together through agreed standards across the four key areas.  Singapore Prime Minister Lee Hsien Loong said he welcomed an “open, inclusive, and rules-based order” and stressed the need for the framework to remain so. He added that members should be able to work with other partners in other overlapping agreements.Lee said: “IPEF is of both strategic and economic significance. It can be a valuable platform for the US to exercise economic diplomacy in the region, and it clearly signals the US’ continued commitment to engage with its partners in Asia, and deepen ties across the Pacific.”Strategy to dominate in digital technology standards headed failure The IPEF launch, though, has ruffled feathers in China, where government officials describe the move as the US’ attempts to create division and fuel confrontation. Chinese State Councillor and Foreign Minister Wang Yi said the US-led strategy was bound for failure, according to a report by state-owned media agency Xinhua.  Wang said the IPEF was the US government’s strategy to create division, incite geopolitical confrontation, and undermine peace. Its objective was to “contain” China, he added. Rather than drive free trade, he said the IPEF attempted to pursue protectionism. Noting that the US had pulled out from the Trans-Pacific Partnership (TPP), he added that the US was choosing to undermine existing regional cooperation infrastructures instead of following free-trade rules. Wang said: “Is the US trying to speed up the recovery of the global economy or is it trying to create economic decoupling, technological blockade and industrial disruption, and aggravate the supply chain crisis? The US should learn from the trade war it launched against China a few years ago, which brought severe consequences to the world and US itself.”He said it would be wrong for the US to use the IPEF as a political tool to safeguard its regional economic hegemony and deliberately exclude specific countries. He further questioned the Biden administration’s intent to force governments in this region to choose sides between China and the US. Chinese daily tabloid Global Times, which is owned by state-run People’s Daily, published a commentary highlighting the lack of market access and tariff provisions as a significant problem with the IPEF, giving no practical trade incentives for participating members. It added that the framework had not been approved by the US congress and lacked political sustainability. Global Times also accused the US of using the trade framework to “dominate” rules and standards in digital technologies, such as artificial intelligence and 5G. “IPEF, which excludes China, is driven more by geopolitical considerations rather than economic factors,” the paper said. “Countries in the region do not want to be trapped in the predicament of taking sides between Beijing and Washington, as China is their largest trading partner. China should have confidence in facing the US’ strategic containment. As long as Chinese government keeps the right direction concerning domestic and foreign policies and continues opening up, the US will be unable to stop China’s continuous rise.”In an interview with Nikkei, Singapore’s Lee said the IPEF as an alternative to an FTA arrangement between Asian nations and the US, which failed to materialise under the TPP. He added that the framework reflected the intent to cooperate on economic issues that were relevant to the region, including digital economies, supply chains, and green energy. He noted that details under the IPEF had not been negotiated, though, “broad areas” had been identified. “So we will go in and we will try to work out something as substantive and mutually beneficial as we can,” Lee said, pointing to carbon trading rules, digital economy, and sustainable finance as areas Singapore was keen to discuss as part of the IPEF.RELATED COVERAGE More

More than half of the connected medical devices in hospitals pose security threats due to critical vulnerabilities that could potentially compromise patient care. 

According to the 2022 State of Healthcare IoT Device Security Report from Cynerio, 53% of internet-connected medical devices analyzed were found to have a known vulnerability, while one-third of bedside devices were identified to have a critical risk. Cynerio analyzed over 10 million medical devices at more than 300 global hospitals and medical facilities.    The report warns that if these medical devices were to be accessed by hackers, it would impact service availability, data confidentiality, and even patient safety.  “Healthcare is a top target for cyberattacks, and even with continued investments in cybersecurity, critical vulnerabilities remain in many of the medical devices hospitals rely on for patient care,” said Daniel Brodie, the CTO, and co-founder, Cynerio, in a statement. “Hospitals and health systems don’t need more data — they need advanced solutions that mitigate risks and empower them to fight back against cyberattacks, and as medical device security providers, it’s time for all of us to step up. With the first ransomware-related fatalities reported last year, it could mean life or death.”  Out of all the medical devices, the report found that infusion (IV) pumps are the most common device with some type of vulnerability at 73%, especially since they make up 38% of a hospital’s IoT. If attackers were to hack into an IV pump, it would directly affect the patients since the pumps are connected. Some of the causes of these vulnerabilities result from relatively simple things, such as outdated programs. For example, the report found that most medical IoT devices were running older Windows versions, specifically, older than Windows 10. In addition, default passwords that are the same throughout an organization are common risks, especially since these weak default credentials secure about 21% of devices. Healthcare has become the number one target for cybercriminals in recent years, primarily due to outdated systems and not enough cybersecurity protocols. More than 93% of healthcare organizations experienced some type of data breach between 2016-2019. 

Just last month, Maryland’s Department of Health experienced a ransomware attack that affected the department for weeks. The attack left the department scrambling since it could not release COVID-19 case rates amid the Omicron surge, and the number of COVID-19 deaths were not reported in the state for almost all of December.  Cynerio notes that the solution to mitigating these vulnerabilities to reduce ransomware attacks is network segmentation. By dividing up a hospital’s network, more than 90% of critical risks in medical devices would be addressed. More

The National Australia Bank (NAB) has launched a bug bounty program, offering a reward to security researchers who uncover previously undisclosed vulnerabilities in the bank’s environment.
The bank has partnered with crowdsource security firm Bugcrowd for the new program. To participate, individuals must have an “Elite Trust Score” on the Bugcrowd platform.
NAB executive of enterprise security Nick McKenzie said using “controlled crowdsourcing” methods would assist NAB to further test and strengthen its existing cybersecurity capabilities.
“Controlled, crowdsourced cybersecurity brings together uniquely skilled testers and security researchers with fresh perspectives to uncover vulnerabilities in our defences that traditional assessment might have missed,” McKenzie said.
“Proactive cybersecurity measures are vital in today’s hyperconnected environment where new threats are constantly emerging.”
McKenzie said moving to a paid bounty system gives NAB the opportunity to “attract a wider pool of ethically-trained security researchers from across the globe”.
“Diversity is a critical yet often overlooked factor in security and controls strategies,” he added.
NAB in July last year admitted that some personal information on approximately 13,000 customers was uploaded, without authorisation, to the servers of two data service companies.
The compromised data included customer name, date of birth, contact details, and in some cases, a government-issued identification number, such as a driver’s licence number.
NAB in early 2017 also admitted it sent the details of approximately 60,000 customers to an email address on a global domain rather than its .au address.
It is understood customer information was sent in error to an nab.com address rather than an email address on the nab.com.au domain.
Meanwhile, Bugcrowd in April raised another $30 million in its Series D round, bringing its total funding to over $80 million.
The company is based in San Francisco.
MORE FROM NAB More

The Select Committee on Foreign Interference through Social Media has been tasked with probing the risk posed to the nation’s democracy by foreign interference through social media.
Twitter, Google, Tiktok, and Facebook have previously made submissions to the inquiry, with the plan for representatives from each of the social media platforms to eventually face the committee.
TikTok was probed on Friday, using its time to clarify data protection rules, its plans to prevent distressing videos from being viewed on its platform, and how it wasn’t asked to provide assistance to a government investigation, among other things. Facebook was due to appear alongside TikTok, but blamed a scheduling issue for pulling out.
The latest submission [PDF] to the committee as part of its inquiry comes from the Middle Kingdom, by way of popular chat app WeChat.
WeChat is owned and operated by WeChat International Pte Ltd, an entity incorporated in Singapore. WeChat International is a wholly owned subsidiary of Tencent Holdings Limited, which is a global technology giant incorporated in the Cayman Islands and listed on the Main Board of the Stock Exchange of Hong Kong.
Globally, WeChat boasts over 1.2 billion monthly active users. As at 21 September 2020, WeChat had approximately 690,000 daily active users in Australia.
US President Donald Trump in August claimed that apps developed in China are a threat to national security, making an executive order to ban WeChat alongside TikTok. Although that ban was later blocked by the US district court, WeChat has taken the opportunity in its submission to the Australian committee to explain how western users of the app are treated differently to those in mainland China.
Firstly, the specific app used is regional.
WeChat is operated by WeChat International, and is designed for users outside of mainland China. It said WeChat is not governed by PRC law.
Weixin is designed for users in the PRC, is operated by a PRC entity, and is governed by PRC law. In addition to different governing laws, Weixin and WeChat make use of different server architectures. WeChat servers are all located outside of mainland China.
How a user first registers an account determines whether they are a WeChat or Weixin user.
“For instance, users who register with a PRC mobile phone number will be a Weixin user, while users who register with an Australian mobile phone number will be a WeChat user,” it wrote.
“WeChat does allow users to access and use certain Weixin functions through the WeChat application. Where this occurs, the user is clearly informed that the access and use of these functions is subject to the relevant Weixin terms of service.”
When it comes to countering foreign interference and misinformation on its platform for Australian users, WeChat said it prohibits spam content; accounts that coordinate, spread, distribute, or participate in inauthentic behaviour, including in relation to false news, disinformation, or misinformation in relation to a topic or individual; the creation of fake accounts or accounts that misrepresent the identity of the user; content which breaches any applicable laws or regulations; and content which may constitute a genuine risk of harm or direct threat to public safety.
“For example, we prohibit the advertising and sale of COVID-19 home testing kits and have worked with relevant Australian authorities to enforce this in the past year,” it said.
It also said that it has previously met with and worked with the Department of Home Affairs and the Australian Electoral Commission in the context of the Australian Federal Election.
Similarly, it has discussed Australia’s Foreign Influence Transparency Scheme with the Attorney-General’s Department and is “committed” to working with Australian regulators and authorities in “respect of any complaint or request that may arise”.
MORE RELATED TO THE INQUIRY More