Eliana Willis

Singapore has again pushed back the deployment of its next-generation electronic road pricing (ERP) system, this time, due to the global chip shortage. The satellite-based network is now expected to be rolled out in the second half of 2023, instead of end-2021. It was originally slated to be implemented from 2020, but this was delayed to early this year with completion set for mid-2023. The government then had pointed to the impact of COVID-19 on global supply chains as the reason for the revised timeline. With the Global Navigation Satellite System (GNSS) ERP network now anticipated to be rolled out only from the second half of 2023, it would mean a delay of almost two years before implementation works–spanning 18 months–would be completed. These will include the installation of a new on-board unit, to replace current in-vehicle units, which are mandatory for all registered vehicles in Singapore, with few exceptions that include vehicles that do not use public roads on the mainland or are subject to usage restrictions such as tractors and construction equipment.  

The on-board unit is described as “central” to the new ERP system, providing various services to motorists such as alerts on electric charging locations and real-time traffic data. The supply of critical microchips needed for these units, however, had been affected by the “worsening” global shortage, which also had impacted other industries, said the Land Transport Authority (LTA) in a statement Wednesday. The industry regulator noted that, amidst accelerated global demand during the pandemic, the suspension of operations in major semiconductor foundries across multiple countries had affected production. This, in turn, severely impacted the production of electronic devices in multiple sectors including consumer electronics, industrial machines, and automotive. According to LTA, parts required for the on-board units had to be sourced from different suppliers, some of which had indicated their inability to meet the required delivery schedules for critical components. This shortage was expected to continue throughout 2022, with chip production projected to ramp up gradually from end-2022 to mid-2023. 

Due to the uncertainty in the supply chain, implementation of the on-board units should only commence when production was “stable and sufficient”, it said. “To ensure a smooth and uninterrupted installation exercise for all motorists, the installation of on-board units is now planned to commence in the second half of 2023, instead of end-2021,” LTA said. It added that it would work with local systems integrator NCS and Mitsubishi Heavy Industries (MHI) Engine System Asia on the production and installation of the on-board units. MHI Machinery Systems’ president Naoaki Ikeda said the company was “working closely” with its supply chain partners to source for the affected components and “safeguard their availability” for the installation.Singapore’s current ERP system, launched in 1998, uses a combination of smart card and RFID (radio frequency identification) technology to collect toll charges as vehicles, including motorbikes, drive through gantries. These typically are located along highways and roads that are frequently congested during peak hours. Smart cards carrying stored cash value, also dubbed CashCards, are inserted into the in-vehicle units and funds are deducted each time the vehicle passes through an ERP gantry that is in operation. According to LTA, the current system is increasingly expensive to maintain and the new GNSS infrastructure will do away with the need for bulky gantries, which will be replaced with slimmer ones.As of October 2021, Singapore has a vehicle population of 987,450 that comprises cars, taxis, buses, and motorcycles.RELATED COVERAGE More

Microsoft has detailed the activities of six Iranian hacker groups that are behind waves of ransomware attacks that have arrived every six to eight weeks since September 2020. Russia is often seen as the home of the biggest cyber-criminal ransomware threats, but state-sponsored attackers from North Korea and Iran have also shown a growing interest in ransomware. 

ZDNet Recommends

Microsoft said Iranian hacking groups are using ransomware to either collect funds or disrupt their targets, and are “patient and persistent” while engaging with their targets – although they will use aggressive brute-force attacks.SEE: A winning strategy for cybersecurity (ZDNet special report)The most consistent of the six Iranian threat groups is one Microsoft tracks as Phosphorus (others call it APT35). Microsoft has been playing cat and mouse with the group for the past two years. While initially known for cyber espionage, Microsoft details the group’s strategies for deploying ransomware on targeted networks, often using Microsoft’s Windows disk-encryption tool BitLocker to encrypt victim files. Other cybersecurity firms last year detected a rise in ransomware from Iranian state-backed hackers using known Microsoft Exchange vulnerabilities to install persistent web shells on email servers and Thanos ransomware.    According to Microsoft, Phosphorus was also targeting unpatched on-premise Exchange servers and Fortinet’s FortiOS SSL VPN in order to deploy ransomware.

In the second half of 2021, the group started scanning for the four Exchange flaws known as ProxyShell that were initially exploited as zero days by Beijing-backed hackers.Microsoft released patches for CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 in April. ProxyLogon was one of several exploits that made up ProxyShell. An account by security specialist DFIR Report notes Phosphorus used BitLocker on servers and DiskCryptor on PCs. Their activity stood out because it didn’t rely on ransomware-as-a-service offerings that are popular among cyber criminals and didn’t create custom encryptors. “After compromising the initial server (through vulnerable VPN or Exchange Server), the actors moved laterally to a different system on the victim network to gain access to higher value resources,” the Microsoft Threat Intelligence Center (MSTIC) notes in a blogpost. “From there, they deployed a script to encrypt the drives on multiple systems. Victims were instructed to reach out to a specific Telegram page to pay for the decryption key.”The group also tries to steal credentials by sending “interview requests” to targeted individuals through emails that contain tracking links to confirm whether the user has opened the file. Once a response is received from the target user, the attackers send a link to a list of interview questions and then a link to a fake Google Meeting, which would steal login details.SEE: Ransomware: It’s a ‘golden era’ for cyber criminals – and it could get worse before it gets betterOther groups mentioned in Microsoft’s report included an emerging Iranian hacking group that recently targeted Israel and US organizations in the Persian Gulf with password-spraying attacks. Microsoft highlights that the adoption of ransomware aided the Iranian hackers’ efforts in espionage, disruption and destruction, and to support physical operations. Their arsenal of attacks included ransomware, disk wipers, mobile malware, phishing, password-spray attacks, mass exploitation of vulnerabilities, and supply chain attacks.         More

Ransomware is the most significant cybersecurity threat facing the country today, but many businesses still aren’t taking the threat as seriously as they should be, the National Cyber Security Centre (NCSC) has warned. In its newly published annual review, the NCSC – the cybersecurity arm of intelligence agency GCHQ – details the incidents and threats the UK has faced during the past 12 months, including cyberattacks against the health service and vaccine developers during the coronavirus pandemic, state-sponsored cyber-espionage campaigns, phishing scams and more.  

But, because of the likely impact a successful attack could have on essential services or critical national infrastructure, it’s ransomware that is viewed as the most dangerous cyber threat – and one that more leadership teams need to think about.SEE: A winning strategy for cybersecurity (ZDNet special report) “One of the trends that the NCSC has seen over the last year was a worrying growth in criminal groups using ransomware to extort organisations. In my view it is now the most immediate cybersecurity threat to UK businesses and one that I think should be higher on the boardroom agenda,” said Lindy Cameron, CEO of the NCSC.  The number of ransomware attacks has grown significantly during the past year, reaching the same number of incidents in April 2021 as there had been in all of 2020. “In the first four months of 2021, the NCSC handled the same number of ransomware incidents as for the whole of 2020 – which was itself a number more than three times greater than in 2019,” said the NCSC report. 

The severity of some ransomware attacks means organisations can take a long time to recover. The NCSC paper notes that Hackney London Borough Council suffered significant disruption to services when a cyberattack resulted in IT systems being down for months, affecting the availability of local services, and requiring a recovery that cost millions of pounds.  Alongside local governments, universities have been a common victim of ransomware attacks, to the extent the NCSC has issued specific advice on how these institutions can protect themselves against attacks. “In the UK there was an increase in the scale and severity of ransomware attacks, targeting all sectors from businesses to public services. In response, the NCSC has identified and mitigated numerous threats, whether committed by sophisticated state actors, organised criminal groups or lone offenders,” said Sir Jeremy Fleming, director of GCHQ.  In total, including ransomware attacks, the NCSC has helped handle 777 incidents during the past year, up from 723 on the previous year and an average of 643 a year since the NCSC launched in 2016. 

But while ransomware is a significant and ever-evolving threat, there are measures that organisations can take to help avoid falling victim to an attack, or lessen the impact should the network be compromised by file-encrypting malware. SEE: Ransomware: It’s a ‘golden era’ for cyber criminals – and it could get worse before it gets betterAs detailed by the paper, the most common entry point for ransomware attacks are remote desktop protocol (RDP) attacks, where hackers take advantage of insecure RDP configurations to gain access to the network. Organisations can counter this by encouraging users to use unique, difficult-to-guess passwords – the NCSC recommends using three memorable words for accounts and introducing multi-factor authentication as an extra barrier to attacks. The shift towards remote working has led to a big rise in the use of Virtual Private Networks (VPNs) which, if not managed properly, can provide a gateway for outside attackers to enter the network. The paper also notes how ransomware gangs take advantage of unpatched devices and advises organisations to ensure security updates are rolled out in a timely fashion to help protect the network from cyber criminals exploiting known vulnerabilities. The NCSC regularly publishes advice on threats and now to protect networks from attacks – and one of the key aims of the organisation is to make sure the message gets heard by those who need to hear it. “Ransomware, mostly, doesn’t need a specific response, it needs the things we’ve been telling people to do for a long time. Part of our challenge is helping people do that or understanding what they need to do to apply it as much as possible,” said Cameron.  MORE ON CYBERSECURITY More

An analysis of password habits worldwide has revealed we are still performing poorly when it comes to strong credential management. 

While the idea of using passwords such as QWERTY, 123456, and PASSWORD might seem like a joke these days, they are still commonly found in data dumps of stolen credentials published online. Major online service providers now often enforce strong passwords with lower-case and capital letters, numbers, and special characters and may also encourage and enforce multi-factor authentication (MFA).  However, businesses may not impose the same standards. In addition, ghost and forgotten accounts, hardcoded credentials, and the re-use of username and password combinations are still common problems today.  On Wednesday, Nordpass published its annual study of password use across 50 countries, the “Most Common Passwords” report, an evaluation of a database containing 4TB of leaked passwords, many of which originated from the US, Canada, Russia, Australia, and Europe.  According to the researchers, the most common passwords in 2021, worldwide, were: 123456 (103,170,552 hits)123456789 (46,027,530 hits)12345 (32,955,431 hits)qwerty (22,317,280 hits)password (20,958,297 hits)12345678 (14,745,771 hits)111111 (13,354,149 hits)123123 (10,244,398 hits)1234567890 (9,646,621 hits)1234567 (9,396,813 hits)Among the findings, the researchers also found that a “stunning” number of people like to use their own name as a password (“charlie” appeared as the 9th most popular password in the UK over 2021, as it happens). 

“Onedirection” was a popular music-related password option, and the number of times “Liverpool” appears could indicate how popular the football team is — although, in Canada, “hockey” was unsurprisingly the top sports-related option in active use.  Swear words are also commonly employed, and when it comes to animal themes, “dolphin” was the most popular choice internationally.  Aside from variations of numbers and PC keyboards, in some lists, other local password options made the top 10, including the surname “Chregan” in South Africa; the city “Barcelona” in Spain, and the name “Tiffany” in France.  NordPass’ report can be accessed here.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More