Information Technology

Most businesses across four Asia-Pacific nations have had to fend off phishing and ransomware attacks, with those infected in Australia the most willing to give in to ransomware demands. Those Down Under also are most likely to experience such attacks, with 92% having experienced phishing incidents and 90% reporting business email compromise attacks. Another 86% and 80% have had to deal with ransomware and supply chain attacks, according to Proofpoint’s State of the Phish report. The study polled 2,000 employees and 200 security professionals in Singapore, South Korea, Japan, and Australia. Respondents in Singapore saw the next highest number of attacks, with 85% having to deal with phishing incidents and 78% reporting ransomware attacks. Another 72% experienced business email compromise, with 46% suffering direct financial losses. Another 68% reported supply chain attacks. But while Singapore, at 68%, reported the highest number of ransomware infections, their peers in Australia–58% of whom were infected–were more likely to cave to ransom demands when breached. Some 90% Down Under admitted to paying up at least once, compared to 71% in Singapore and 63% in South Korea. Just 18% of businesses in Japan paid at least one ransom–the lowest across the board, where the global average was 64%. According to the report, Japanese laws prohibit local companies from handing over money to organised crime, which may be deemed to include cybercrime. Proofpoint added that Japanese respondents were least likely to report a successful phishing attack, at 64%, compared to the global average of 84%. The security vendor theorised that this might be due to cybercriminals’ lack of fluency in the local language, making it easier for Japanese employees to identify poorly worded phishing lures. “Around the world, English is the language most used in phishing attacks, so businesses that don’t conduct activities in English may receive some protection,” the report noted. However, it highlighted that it might be less culturally acceptable in some countries to acknowledge they suffered a security breach, resulting in under-reporting. In South Korea, amongst the 72% that experienced ransomware attacks, 48% eventually were infected. And of the 96% in Australia that had cyber insurance, 83% said their insurer paid the ransom either fully or partially. Some 90% in Singapore reported having cyber insurance, 95% of which had insurers that paid the ransom either fully or partially. Some 82% in South Korea and 78% in Japan also had cyber insurance, with 74% and 72%, respectively, saying their insurers covered the ransom payment either fully or partially. Globally, 76% of organisations experienced ransomware attempts, with 64% eventually infected. Amongst those that had a cyber insurance policy for ransomware attacks, 82% of insurers stepped up to pay the ransom either in full or partially. “While conventional phishing remains successful, many threat actors have shifted to newer techniques, such as telephone-oriented attack delivery and adversary-in-the-middle (AitM) phishing proxies that bypass multi-factor authentication,” said Ryan Kalember, Proofpoint’s executive vice president of cybersecurity strategy. “These techniques have been used in targeted attacks for years, but 2022 saw them deployed at scale. We have also seen a marked increase in sophisticated, multi-touch phishing campaigns, engaging in longer conversations across multiple personas. Whether it’s a nation state-aligned group or a business email compromise actor, there are plenty of adversaries willing to play the long game.”The security vendor advocated the importance of employee training and building up security awareness, especially as phishing attempts are increasingly sophisticated. “The awareness gaps and lax security behaviours demonstrated by employees create substantial risk for organisations and their data,” said Jennifer Cheng, Proofpoint’s Asia-Pacific Japan director of cybersecurity strategy. “While email remains the favoured attack method for cybercriminals, we’ve also seen them become more creative–using techniques much less familiar such as smishing and vishing. Since the human element continues to play a crucial role in safeguarding companies, there is clear value in building a culture of security that spans the entire organisation.” RELATED COVERAGE More

With their need for low network latency, healthcare and maritime are key sectors that can benefit from 5G connectivity. They will, however, also need to prepare for the higher security risks. Organisations across most verticals have been undergoing digital transformation in recent years and healthcare is no exception. In fact, most healthcare institutions have completed basic digitalisation and now are entering “the deep-water zone”, according to Xia Zun, Huawei Technologies’ president of global public sector. Technologies such as 5G, Internet of Things (IoT), artificial intelligence (AI), and cloud computing have emerged and are integrated with medical engineering to drive innovation in healthcare, said Xia, who was speaking to media on the sidelines of the Mobile World Congress in Barcelona, Spain. GSMA anticipates edge computing and IoT technology to drive more 5G opportunities, with 12% of operators already offering private wireless products and services. More are expected to do so as IoT deployments expand this year, according to the industry body. The global pandemic further accelerated the sector’s digital transformation, Xia said, where some hospitals including those in Singapore had begun exploring and implementing smart healthcare technology. 5G, in particular, played a critical role as it addressed network latency challenges, which was especially important in healthcare, Xia said. Huawei now is looking to tap such demand and offer services that support the sector’s digital transformation efforts. Specifically, it has identified products around four use cases for healthcare–namely, smart hospital ICT infrastructure, digital pathology, smart ward, and optical medical imaging. Healthcare is one of the key sectors for Huawei’s public sector business, which is the biggest segment parked under the vendor’s enterprise unit. It currently serves more than 2,800 hospitals and medical research institutions globally. The Chinese telecom equipment maker’s digital imaging products, for instance, encompass network, storage, and videoconferencing to process images more quickly, secure the data lifecycle, and reconstruct images in 3D and 4K high definition. They aim to improve efficiencies in diagnosis and treatment, especially since 70% of data used in hospital clinical diagnosis and treatment are images. These files are large and can freeze when users view them, according to Huawei. It also is using 5G, IoT and Wi-Fi technologies to provide a wireless IoT network system for smart hospital wards. Huawei is pitching this offering as a way for hospitals to cut network rollout and maintenance costs, as well as improve patient experience with features such as IV fluids monitoring and personnel location.The tech vendor also is integrating its OceanStor Pacific distributed storage systems and lossless compression technology to process pathological data. Touted to cut storage space by 30%, the product allows more than 1,000 slices to be viewed “in seconds” and supports remote pathology analysis. It can enhance analysis efficiency by 70%, said Koh Hong Eng, Huawei’s global chief of public services industry scientist. The vendor’s storage systems are equipped with ransomware detection capabilities, Koh said, and can stop data from being uploaded if its firmware detects a ransomware signature. Local storage snapshots also are used to enable fast data recovery and air-gap measures help isolate data in a secured area, so services can be restored.  He added such security features were critical as the healthcare sector was a top target for ransomware attacks. Data backups also were essential, said Samuel Wai, systems manager for Hong Kong Hospital Authority, who was at the media briefing. Asked how he addressed concerns about the sector’s widening attack surface amidst increased adoption of IoT technologies and online data use, Wai pointed to the ability to restore data should a breach occur. This meant carrying out regular data backs was key, he said. He noted that Hong Kong also was looking to drive IoT initiatives, for instance, to facilitate home-based healthcare, and was assessing how IoT data can be safely transferred to a hospital’s database. This had added complexity as storage vendors currently adopted different data standards, Wai said. Hong Kong currently was looking to establish a healthcare-sector data standard to unify all messaging formats, which then could be adopted across the territory, he said. It also was assessing how data should be secured and was exploring various options, including working with local telcos to roll out private 5G networks and using VPNs. Security critical when traditional, digital realms convergeCybersecurity risks will inevitably increase as traditional industries go through digital transformation and OT (operational technology) systems converge with IT systems, said Yue Kun, Huawei’s CTO for smart road, waterway, and port. This further underscored the need for organisations in these sectors to ensure their IT infrastructures and systems had a strong security foundation, Yue said, adding that Huawei worked alongside its partner ecosystem to address potential risks. Asked if CII (critical information infrastructure) sectors should run private 5G networks to enhance their security posture, he said robust technologies could be deployed on both public and private 5G networks. Network slicing, for instance, could be implemented to secure public 5G networks. Hence, it would be difficult to pit one as more secure than the other, he noted. Furthermore, such rollouts were dependent on government policies and spectrum allocation within a local jurisdiction, Yue said. Apart from healthcare, Huawei also is targeting to push its offerings to another CII sector–maritime. The Chinese vendor in January inked an agreement with Tianjin Port Group to build a digital twin of the port, with the aim to introduce more automation and intelligence. The collaboration would encompass the construction of new automated terminals as well as the upgrading of traditional ones. Noting that ports played an important role in maritime transportation, Yue said: “Building more efficient smart ports is becoming an increasingly pressing requirement for the global supply chain. Section C Terminal of the Port of Tianjin has now been operating stably for over one year. This proves that 5G and L4 autonomous driving have already been successfully adopted by industries in China, and are creating true commercial and social value.” Section C Terminal, which began large-scale commercial operations in October 2021, features container cranes that operate automatically and robots that roam the area. Remotely controlled quay cranes lift loaded containers from cargo ships and placed them on the robots for ground transportation. The port’s container throughput last year clocked at more than 21 million TEUs, placing it amongst the world’s top 10 ports, according to Huawei.The vendor now hopes to extend its reach to ports outside China. Yue said the Port of Singapore Authority (PSA) jointly invested in a terminal located across one Huawei was showcasing in Tianjin Port. This should provide opportunities for the former to see how the Chinese port was benefitting from its Huawei deployments, he noted, adding that he hoped PSA would make “the right choice”. Singapore’s container port operator, PSA is in the midst of relocating its operations across three terminal locations to Tuas Port by 2027. Based in Singapore, Eileen Yu reported for ZDNET from Mobile World Congress 2023 in Barcelona, Spain, on the invitation of Huawei Technologies. RELATED COVERAGE More

NurPhoto/Getty Images After months of investigating successful iPhone robberies, Apple ID erasures, and drained bank accounts, senior tech columnist for The Wall Street Journal, Joanna Stern, concluded that thieves only need that four-digit pin code you use to unlock your phone to erase your personal data. Also: Apple working on a new iPhone SE model with bigger […] More

Getty Images / Galeanu Mihai DNS stands for Domain Name Service, and it’s at the heart of the internet. DNS makes it such that you don’t have to type an IP address to get where you want to go. Without DNS, instead of just typing, say, “Google” into your browser, you’d have to remember an […] More

Image: FG Trade/Getty Images Google is expanding its rollout of client-side encryption to Gmail and Calendar, allowing more users to send and receive encrypted email and calendar invites.       The client-side encryption (CSE) feature is now generally available for Google Workspace Enterprise Plus, Education Plus, and Education Standard customers following the beta launch in […] More

Getty Images/Nguyen Duc Quang It recently became clear to me that there is a serious architectural problem with how Apple manages files on the Mac with iCloud, and that design flaw can lead to extensive data loss. If you have more data in your iCloud Drive storage than you have space on your Mac’s internal […] More

Galeanu Mihai/Getty Images Ah, the web browser. It’s the one tool modern society cannot do without. We work, play, research, connect, and shop with web browsers. I think it’s safe to say that the majority of desktop computer usage is done via a web browser. That means there are millions of users ripe for having […] More

June Wan/ZDNET LastPass has revealed that hackers stole a master password that they used to access highly restricted corporate databases and information by targeting a senior engineer’s home computer.  Also: Leaving LastPass? Here’s how to get your passwords out The password manager company first revealed that it had been hacked in August last year when it said attackers […] More