Subterms
The FBI and other agencies are warning of a rise in Daixin Team ransomware and data extortion attacks on healthcare providers. The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Department of Health and Human Services (HHS) has issued a joint warning about Daixin Team activity against the healthcare and public […] More
Shutterstock/MS_studio ZDNET Recommends Attention, all Android phone users: Keeping your phone secure is important. These days, it’s sadly easy for malicious hackers to drain your bank account or steal your data. Keeping up with your security practices on the front end makes it a lot less likely you’ll have to spend time, energy, and maybe […] More
When the dark web is mentioned online, it is usually in tandem with criminal marketplaces and arrests made by law enforcement agencies. Drugs, weapons, and stolen IP and data are all hot businesses in the dark web, with hundreds of terabytes of information on offer. Traders cash in on stolen credit card data dumps, initial access points to vulnerable systems, credentials, and intellectual property belonging to companies comprised during cyberattacks. According to Kela’s 2022 Threat Intelligence report (PDF), 48% of organizations have no documented dark web threat intelligence policy in place, despite the obvious danger. However, the dark web has far more uses for organizations and individuals than what a small subset of criminals do under its umbrella.To access a dark web address, you must use a VPN and a suitable browser (it should be Tor). The aim is to reduce your online footprint as much as possible, anonymize your traffic, and disguise your location. There are many legitimate uses for dark web services and communication. For example, this can include tools hosted for combating censorship — critical services for individuals in countries with stringent government surveillance and control, as well as privacy-enhancing anonymous email and whistleblower drop boxes.Also: What is torrenting and how does it work?Some media outlets also maintain an online presence via the dark web when their surface websites are blocked, and other websites do the same when they are banned at the ISP level by countries during unrest and protests. Yes, the dark web has an unsavory reputation. However, remaining anonymous can be invaluable to protesters, civil rights groups, journalists, lawyers, and other vulnerable groups. More
A woman looking thoughtful while looking at her smartphone. Image: Getty/Guido Mieth Sixteen Android apps downloaded by a combined total of over 20 million users have been removed from the Google Play store after it was discovered they contained malware which uses up data and drains batteries. The malware has been discovered by cybersecurity […] More
The Asean Regional Computer Emergency Response Team (CERT) has been formally established, operating as a virtual centre comprising analysts and incident respondents from across member states. It is tipped to play a key role in beefing up the region’s cyber resilience amidst a threat landscape that is increasingly complex.It would deepen collaboration between CERTs amongst Asean member states and boost the region’s cybersecurity posture, said Minister for Communications and Information Josephine Teo, who was speaking at the Asean ministerial conference held Thursday in Singapore. Noting that the region already had conducted annual CERT incident drills since 2006 to boost the readiness of CERTs within the individual countries, Teo said setting up the Asean CERT was an important step in building regional cyber resilience. There currently are 10 Asean member states including Singapore, Indonesia, Thailand, Malaysia, and the Philippines. The region in September 2018 agreed on the need for a formal framework to coordinate cybersecurity efforts, outlining cyber diplomacy, policy, and operational issues. Analysts and incident respondents in the regional CERT would ensure timely information exchange when a cybersecurity incident, such as a supply chain attack, occurred in any of the member state. The CERT held eight functions, including facilitating coordination and information sharing between national CERTs and developing partnerships with industry players and academia. These served to boost Asean’s operational readiness in dealing with the changing cyber landscape through stronger regional incident response coordination and collaboration in critical information infrastructure (CII) protection. The latter would include cross-border CII, such as aviation, maritime, and banking and finance. “Regional CERT analysts would rapidly share information from their own countries and jointly develop advisories when needed,” Teo said. “We are weaving a tighter net that will hopefully help prevent cyber attackers from getting through too easily.”She said the regional CERT now would need to be operationalised, adding that Singapore had distributed a draft operational framework and was seeing feedback from member states.This document detailed the purpose, scope, functions, mechanism, as well as composition and partners of the Asean Regional CERT. The facility is targeted to be established by 2024, after both the operational framework and financing model have been agreed upon by member states. For the Asean CERT to be effective, every member state would have to be onboard and share information freely, said Alex Lei, Asia-Pacific Japan senior vice president at security vendor ProofPoint. While it was still early days to assess its effectiveness, establishing a cross-national CERT was a positive step forward, Lei said in an interview with ZDNET on the sidelines of the conference, which was held in conjunction with Singapore International Cyber Week. He noted the competitive landscape in cyber was “lopsided”, with the “defenders” such as organisations and nations often working in silos, while the attackers operated in a marketplace where there were no national divisions. Ransomware attacks also were offered as as service and hacking tools were freely sold, he said, with hackers all working together. Defenders, on the other hand, were concerned about their proprietary data, he added, but noted that this was starting to change with more willingness now to exchange threat intel. “So for the Asean CERT to work…the free exchange of ideas and information is important or you’ll lose leverage from what you’re seeing [in the threat landscape],” he said. Teo also pointed to the need to implement “rules, norms, and principles” of responsible state behaviour in cyberspace. Asean, she said, remained the first and only regional group to have subscribed, in principle, to the United Nations’ (UN) 11 voluntary, non-binding norms of responsible state behaviour in the use of ICTs. “All of us in Asean appreciate the importance of an open, secure, stable and interoperable cyberspace, based on mutual trust and confidence,” she said. “Developing the ‘rules of the road’ for cyberspace requires deliberate and consistent effort. We need to actively implement the 11 voluntary and non-binding norms.”She noted that a plan of action to put these principles into practice was endorsed last year, outlining concrete steps Asean members could take as well as specific areas they could focus on to drive capacity building. Importance of clarity, readiness in incident responseDetailing clear steps to take was especially important to better guide businesses in mitigating security risks and incidents, said Imperva CTO Kunal Anand in an interview with ZDNET. He noted that companies were overwhelmed by the deluge of tools, concepts, and frameworks being thrown at them by security vendors. Market players also were touting different messaging on ways to address security risks, making it even more confusing for organisations, Anand said. It could be difficult for companies to really understand their risks, know what to invest in, and who to hire, he said, noting that this should be addressed by providing businesses with playbooks that offered clear steps to take to protect themselves.Pointing to Singapore’s CII supply chain guide, he noted that the document currently was not prescriptive and offered little as a constructive playbook for businesses to implement if they experienced a supply chain attack. Released by the Cyber Security Agency (CSA), the CII Supply Chain Programme Paper aimed to mitigate supply chain risks through five key areas, including a toolkit for CII owners to identify and rate supply chain risks. If there was another Log4j, for instance, CII operators needed to know how they should respond to a supply chain vulnerability, the steps to take, and how they should communicate and talk about it with their ecosystem, Anand said. The paper instead took on a high-level view and did not go into detail concrete steps companies should take to mitigate and address supply chain risks. He also pointed to the need to connect cybersecurity risks with financial risks. “We need to be more prescriptive so companies know where to begin and what to do,” he said, adding that Singapore could codify core principles and actions into such playbooks. That said, he noted that the Asian nation was amongst the most advanced in cybersecurity preparedness, with CSA availing many collaterals and guidelines such as the supply chain paper to support the local industry. SolarWinds’ head geek Sascha Giese also underscored the need for businesses to know exactly what they had to be done in the event of a breach. Asked about gaps that needed to be plugged. Giese said companies still lacked preparation for worst-case scenarios, with their employees insufficiently trained on what they had to do in the event of a breach. Running incident response drills, for example, would allow organisations to finetune policies and steps their staff should take, including public statements the company should make when a breach occurred. “Preparation is everything. You don’t place a fire extinguisher at the door only when a fire breaks out,” he said. “That’s what still missing even in big enterprises today.”RELATED COVERAGE More
Singapore and Germany have inked a pact to recognise their respective cybersecurity rating system for smart consumer products, including smart speakers, household robots, and home automation hubs. The EU member is the second country to do so, following Finland. Cyber Security Agency of Singapore (CSA) said Thursday it signed the agreement with Germany’s Federal Office for Information Security (BSI) to mutually recognise cybersecurity labels issued by both countries. Under the pact, products issued with BSI’s label would be deemed to have fulfilled Level 2 of CSA’s cybersecurity labelling scheme. Singapore’s labelling model assesses and rates smart devices into four levels based on the number of asterisks, each indicating an additional tier of testing and assessment the product has gone through. Level one, for instance, indicates a product has met basic security requirements such as ensuring unique default passwords and providing software updates, while a level four product has undergone structured penetration tests by approved third-party test labs and fulfilled level three requirements.Products rated Level 2 and above would be recognised by German’s BSI.The mutual recognition would apply to consumer Internet of Things (IoT) devices that included smart televisions, smart toys, health trackers, smart lighting, and smart thermostats. The agreement initially would not cover some products, such as smart door locks, general computing devices such as computers and smartphones, as well as fire, gas, and water detectors, which were designed to run any applications without a predefined purpose, CSA said. The Singapore government agency said it would work with BSI to add more product categories under the bilateral agreement.The Asian nation had inked a similar pact with Finland in October 2021, with consumer IoT products carrying the latter’s cybersecurity label deemed to have met Singapore’s Level 3 requirements, and vice versa. Such agreements saved smart device manufacturers not only cost and time they would otherwise have spent on duplicated testing, but also gave them access to new markets.As of October 2022, more than 200 products had been issued Singapore’s cybersecurity labels. CSA had received more than 300 applications for the labels.Connected medical devices to be assessed for security hygieneThe country’s labelling scheme on Thursday was expanded to include medical devices, which was launched in collaboration with the Ministry of Health (MOH), Health Science Authority (HSA), and Integrated Health Information Systems (IHIS).Such devices increasingly were connected to hospitals and home networks, but could cause physical harm should an IoT attack occur, said Singapore’s Senior Minister of State, Ministry of Communications and Information, Janil Puthuchear. Speaking Thursday at the Singapore International Cyber Week conference, the minister said medical devices such as ECG monitors and pacemakers were getting smarter as healthcare companies and professionals leveraged technology to improve their ability to collect patient data, deliver therapy, or customise therapy.Increased connectivity, though, meant increased cybersecurity risks and could compromise patients’ personal information, clinical data or treatment protocols, ultimately, affecting patient health outcomes.Puthuchear said: “When we think about IoT devices, convenience and efficiency are top of mind, but not necessarily security and safety of the users. The lack of strong IoT security can pose serious risks. Many consumer IoT devices contain a cache of consumer data and information that, if leaked, could compromise consumer privacy.”In more severe cases, IoT hacks can lead to serious physical harms, even risking lives,” he said, pointing to a 2017 vulnerability the US Food and Drug Administration discovered in pacemakers, which made it possible to alter the device’s functions and deplete its battery. Extending Singapore’s cybersecurity labelling scheme to include medical devices would encourage manufacturers to design such products with cybersecurity in mind. The labelling scheme would apply to medical devices that handled health data or were able to connect to other devices, systems, and services. Comprising four levels of rating, each level would indicate an additional level of testing and assessment that product had undergone. Level 1 meant the medical device had achieved baseline regulatory requirements, currently aligned with registration requirements for medical devices approved by HSA. Baseline cybersecurity requirements for Level 1 of the labelling scheme comprised requirements medical devices would have to meet to be registered with HSA. Hence, all HSA-registered medical products would be deemed to have complied with Level 1 of the cybersecurity labelling scheme. Products rated under Levels 2 through 4 would have to meet “enhanced” cybersecurity requirements, such as device and data requirements. Devices in these categories might have to pass independent third-party tests, according to CSA, which said further details would be provided at a later data. The government agency said a formal consultation with the medical device industry as well as associations would be held within the next month, to gather feedback on the proposed requirements of Levels 2 to 4. These would include the timeline for implementation. RELATED COVERAGE More
Getty Images Can you make it through an entire workday without having to recharge your laptop battery. Laptop makers want you to think so. That’s why so many brag that their models should get 8 hours of battery life. But no matter how carefully you shop for a new Windows laptop, you’re not going to […] More
Getty Images/iStockphoto Passwords are a fact of life, and if you’re one of those people who reuses the same couple of passwords because that’s all you can remember, then you really need to think seriously about a password manager. But in a world where there are countless options, which one is the right one for […] More
