More stories

  • in

    FBI warning: Beware of student loan forgiveness scammers

    The FBI is warning that cyber criminals and scammers could start targeting former students who are seeking debt relief under US president Joe Biden’s student loan forgiveness program.  Under the Student Loan Debt Relief Plan (2022 SDRP) for individuals with incomes below $125,000, or joint filers with incomes below $250,000, the United States Department of […] More

  • in

    Singapore wants citizens to arm up, take accountability for personal cyber hygiene

    Singapore has called on its citizens to take responsibility for their own cyber hygiene, so they can better safeguard their devices and not end up putting entire systems at risk. The country wants to help them do so with the introduction of a portal that will assess if websites have the necessary security protocols. The government also has set up a task force to develop policies and capabilities to bolster efforts to combat ransomware attacks, which are a growing concern for local businesses. Singapore laid out its cyber defence strategy, which it said spanned five key areas including the need for individuals to arm up on cyber awareness and be capable of protecting themselves. “Individuals have a responsibility to adopt good cybersecurity practices and protect the systems and devices they use,” Senior Minister and Coordinating Minister for National Security, Teo Chee Hean, said Wednesday at the Singapore International Cyber Week conference. The annual event gathers international policy makers, industry players, and academia to discuss cybersecurity best practices and cyber defence. Teo said: “Personal devices, including the multitude of IoT (Internet of Things) devices, do not exist on their own. They are connected to other devices, systems, and networks. With the introduction of 5G technology, we can expect a step-jump in the number and types of devices to be connected in ever-larger networks. If individuals or these multitude of devices are compromised, they will not only bring harm to themselves, but could be exploited to penetrate and weaken the whole system or network.”He urged citizens to be aware of cyber risks and  be responsible for their own online safety.To help them in this aspect, Singapore’s Cyber Security Agency (CSA) launched the Internet Hygiene Portal, which it said served as a one-stop platform for businesses to access resources and self-assessment tools to guide them in adopting online security best practices. The new portal also features an online hygiene rating table to provide “visibility” on the cyber hygiene of digital platforms. This should help consumers make informed choices on the sites they visited and better protect their digital transactions from potential threats. E-commerce platforms first to be rated on cybersecurity hygieneFor a start, CSA said the portal would list 10 popular e-commerce services providers, each would have a rating based on the “average adoption of internet security best practices”. Curated by the government agency, these best practices were internationally recognised common baseline online standards and security controls, and included security protocols such as HTTPS, DNSSEC, and DMARC. These global security protocols were designed to secure website communications, prevent DNS spoofing and cache poisoning, as well as combat email spoofing. The current list of e-commerce platforms included Amazon.com, Alibaba’s Lazada, Qoo10, and Shopee–of which eight had been rated with a green badge, indicating these sites had adopted most baseline online security best practices. Courts and Ebay were the only two platforms to be rated with a yellow badge, indicating they had implemented some baseline online security best practices. No website was tagged with a red badge, which meant most baseline best practices were absent. According to CSA, the e-commerce internet hygiene ratings would be next updated in January 2023. It said it would look to add companies from other sectors on a similar rating list, such as banking and financial services and healthcare. The new hygiene portal also offers cybersecurity toolkits that were introduced as part of the SG Cyber Safe Programme, which aimed to support businesses with guides on online hygiene standards and best practices, and self-assessment tools for email, website, and internet connectivity. Apart from individual accountability, Teo said Singapore’s cyber defence also encompassed the need to safeguard digital information infrastructures, including systems operated by local telcos, internet services and cloud services providers, as well as the physical cables and other digital connections with the world.He further pointed to the need to protect the country’s “soft” national infrastructure, including its national digital identity system or SingPass, which provided trusted credentials for digital identity verification, and national digital payment platform PayNow. The integrity and resilience of these infrastructures were essential to enable citizens and businesses to transact securely with each other as well as with the government, the minister said. Singapore also needed to safeguard its critical information infrastructures (CIIs), which delivered essential services such as water, transport, and electricity. Teo said CSA worked closely with CII owners and leads to identify, detect, and respond to cyber threats. He noted that the security government agency was developing a National Cyber Security Centre, which would look to tighten integration with Singapore’s CII operators. Apart from these sectors, he added that all organisations as well as research and educational institutions also would need to bolster their own defences against online threats–one of which was ransomware. Pointing to the new task force, Teo said this inter-agency counter-ransomware unit would help pull together businesses, government, and international partners to “more effectively” combat ransomware attacks. Singapore saw a 54% year-on-year increase in reported ransomware cases, which hit 137 in 2021 with small and midsize businesses (SMBs) from sectors such as manufacturing and IT mostly falling victims to such attacks. With ransomware a cross-border problem, CSA noted that ransomware criminals often were based overseas and leveraged jurisdictional boundaries to move illicit assets and evade legal consequences. Hence, the task force would look to coordinate Singapore’s international engagement efforts to counter ransomware and drive greater international cooperation in cybersecurity, financial supervision, and cross-border law enforcement operations, CSA said. It added that the task force was working on a set of recommendations the government could take to improve its counter ransomware efforts. These would be published “in due course”. Teo said: “Because the digital domain has become a more important and indispensable part of our everyday lives, threats in the digital domain have become much more serious and more challenging. Threats that start out in the digital domain can also quickly impact events in the physical world. “If a critical system is brought down by an attack, there could be severe effects on countries and the international system, organisations and businesses…[there could be] financial losses and threats to lives and livelihoods,” he said. Adding that there were no borders in the digital domain, he noted the need for international cooperation to build a robust framework that could safeguard cybersecurity and promote confidence and trust in cyberspace. “This is key is to establish norms of responsible state behaviour, build consensus around the application of existing international law in cyberspace, and facilitate confidence-building measures, capacity-building and standards,” the Singapore minister said. “These are the basic building blocks to a cyber stability framework, which will guide states and other stakeholders to better trust each other and work together on cyber issues in a meaningful manner.”RELATED COVERAGE More

  • in

    Passwords still dominate, and are causing headaches for everyone

    Image: Getty Images / iStockphoto While Google, Microsoft and Apple roll out passwordless passkey functionality for their platforms, most people are still dependent on passwords. Google last week started testing passkey support in Chrome and Android via the FIDO Alliance, the group behind passwordless sign-ins that use a smartphone’s sensors for biometric authentication. Apple in […] More

  • in

    Government officials, including Russia, call for dialogue in combating cybersecurity threats

    Multilateral collaboration and information exchange between nations are key in the battle against cybersecurity threats, especially as global systems today are increasingly interconnected. Citizens also need to take responsibility for their personal cyber hygiene amidst growing adoption of Internet of Things (IoT), where one compromised device can bring down an entire network. There should be open dialogues and communication channels through which governments could share cyber threat details, urged delegates during a ministerial roundtable discussion held Wednesday at the Singapore International Cyber Week conference. “Cyber threats pose an existential threat to life as we know it. We need to look beyond individual country and individual interests o work together for our collective good,” said Ursula Owusu-Ekuful, Ghana’s Minister for Communications and Digitalisation. “Until we realise that and learn how to engage with each other, and promote dialogue and experience sharing, we will continue to remain at risk.”She underscored the need for greater international cooperation and capacity building, with emphasis on building core digital skills that were required to safeguard individuals and societies. Owusu-Ekuful added that nations should look to build trust in digital systems and allow international rules of engagement to work for the global community. Artur Lyukmanov, Acting Director of Russia’s Ministry of Foreign Affairs Department on International Information Security, also stressed the need for open communications between governments, where it was important for nations to have points of contacts and be able to call up their global counterparts in the event of a cybersecurity incident or when new threats emerged. Lyukmanov rebuked governments such as the US for being quick to put blame on Russia for cyber attacks without due investigation, describing this as an attempt to undermine efforts of international working groups, such as those led by the United Nations (UN), of which Russia was a part.Adding that political discussions should not be intertwined with cybersecurity dialogues, he said nations should refrain from militarising the digital sphere. He objected to countries that used ICT for military purposes, pointing instead to the need for dialogue. He further noted that the international community would not be able to take concrete action on establishing new cyber norms of state behaviour if there was no confidence and trust between nations. US warns of risks relying on China-built infrastructuresUS Secretary of Homeland Security Alejandro N. Mayorkas, also in Singapore for the conference this week to speak at a closed-door briefing, took questions from the media on Tuesday where he said the US cooperated with this region and other countries in different forms. Mayorkas said: “We share information with respect to the cyber threats that are known. We share information with respect to vulnerabilities in systems that are discovered. We share information with respect to how to patch those vulnerabilities. We assist in training. We have cyber emergency response teams that assist countries in responding to and remediating threats that have actually materialised. And the threats are diverse in nature, whether it’s phishing, spear phishing, [and] ransomware [which] is a threat that is growing so significantly.  “So we have seen quite a number of attacks. They have been perpetrated by cybercriminals as well as by adverse nation-states such as Russia, the PRC, North Korea, and Iran,” he said. He also pointed to the need to work with the private sector and academia as part of a collective approach to cybersecurity. Noting that most US critical infrastructure were in the hands of the private sector, he said the US Cybersecurity and Infrastructure Security Agency (CISA) had established the Joint Cyber Defense Collaborative (JCDC) as the framework to drive public-private partnership. This ensured there was information exchange between both sectors, he said. “The cyber threat is not specific to governments.  So many private and public businesses have been attacked by ransomware [and] have suffered cyber attacks that it really requires an all-of-society effort to strengthen the entire cyber ecosystem,” he added. Asked if the US saw risks in China’s efforts to build out subsea internet cables and global nations tapping these lines for connectivity, Mayorkas said: “I think that all of the countries participating in the Singapore International Cyber Week are well aware of the risks that are involved in doing business and relying upon the technological infrastructure provided by the PRC. We have seen the potential outcomes [and] adverse consequences of doing so. “When countries fall behind in their loan payments to the PRC, there is a technological vulnerability in predicating one’s infrastructure on PRC assets,” the US government official said. “It is a risk that we have communicated and that I intend to communicate [here at the conference].”No one country knows it allDuring the roundtable discussion, Owusu-Ekuful also highlighted the importance of global consensus. “We are all in this together…we sink or swim [together] in the cyber space, where there are no big or small countries. Countries cannot adopt a position where they know it all and have this ‘big brother’ attitude when dealing with the cyber space. We need to engage [in dialogue],” she said. Multi-stakeholder efforts at an international level should look to establish legal and regulatory frameworks that provided room for all to engage as equal partners, she added.Also emphasising the importance of information sharing, she noted that Ghana had established CERTs (Computer Emergency Response Teams) on both a national and sectoral level, with industries such as banking and financial services as well as telecommunications each with its own CERT. Plans currently were underway to also establish CERTs for the transport and and energy industries, she said, adding that the West African nation had designated 189 critical information infrastructure (CII) owners across 13 sectors. These CERTs constantly fed cyber threat and security information to the national CERT as part of efforts to facilitate faster response to attacks and potential risks, Owusu-Ekuful said. Because “one sneeze” in the cyber space could result in everyone else catching a cold, she said the ability to respond quickly was critical to cyber defence and safeguarding CIIs. RELATED COVERAGE More

  • in

    Car theft ring used software to steal hundreds of vehicles without the physical key fob, say police

    Image: Getty Images/Jung Getty Law enforcement in France, Latvia and Spain have arrested 31 suspects believed to be part a group that used software to steal vehicles without using the physical key fob.  According to the EU Agency for Criminal Justice Cooperation (Eurojust), the suspects built or used software that duplicated certain models’ ignition keys […] More

  • in

    Linux dodges serious Wi-Fi security exploits

    suphakit73/iStockphoto/Getty Images You may recall that Linus Torvalds recently added support for Rust in the Linux kernel. One of the big reasons for adding Rust was to put an end to Linux code memory problems.  Open Source It can’t come soon enough. Recently, five serious Linux Wi-Fi security holes were uncovered.  What did they all […] More