Information Technology

Written by

Eileen Yu, Contributor

Eileen Yu
Contributor

Eileen Yu began covering the IT industry when Asynchronous Transfer Mode was still hip and e-commerce was the new buzzword. Currently an independent business technology journalist and content specialist based in Singapore, she has over 20 years of industry experience with various publications including ZDNet, IDG, and Singapore Press Holdings.

Full Bio

China has lashed out at a trade initiative led by the US, which aims to establish mutually agreed standards in four key areas including the digital economy and supply chains. Beijing has described the move as the Biden administration’s attempts to “contain” China and create divisions. The Indo-Pacific Economic Framework (IPEF) was launched on Monday with 12 participating nations from the region, including Singapore, Australia, India, Indonesia and Japan. This group accounted for 40% of global GDP and 60% of the world’s population. It is expected to the largest contributor of global growth over the next three decades, according to the US government. It touted the benefits of the new framework for America, adding that trade with the Indo-Pacific supports more than 3 million American jobs. Brunei, South Korea, Malaysia, New Zealand, the Philippines, Thailand, and Vietnam also are part of the trade framework.  

The IPEF aimed to address 21st century economic issues with various arrangements that spanned establishing rules for the digital economy, ensuring secure and resilient supply chains, driving investments in clean energy infrastructure, and improving standards for transparency and fair taxation. Noting that past models did not address challenges across these areas, the Biden administration said a new model was necessary to resolve them. It added that businesses increasingly were looking for alternatives to China and countries participating in the Indo-Pacific Framework would be “more reliable partners” for US businesses. The IPEF, however, will not lay out plans for tariffs or easier market access, which are common objectives of traditional free trade agreements. Rather, the Indo-Pacific framework will pull its partners together through agreed standards across the four key areas.  Singapore Prime Minister Lee Hsien Loong said he welcomed an “open, inclusive, and rules-based order” and stressed the need for the framework to remain so. He added that members should be able to work with other partners in other overlapping agreements.Lee said: “IPEF is of both strategic and economic significance. It can be a valuable platform for the US to exercise economic diplomacy in the region, and it clearly signals the US’ continued commitment to engage with its partners in Asia, and deepen ties across the Pacific.”Strategy to dominate in digital technology standards headed failure The IPEF launch, though, has ruffled feathers in China, where government officials describe the move as the US’ attempts to create division and fuel confrontation. Chinese State Councillor and Foreign Minister Wang Yi said the US-led strategy was bound for failure, according to a report by state-owned media agency Xinhua.  Wang said the IPEF was the US government’s strategy to create division, incite geopolitical confrontation, and undermine peace. Its objective was to “contain” China, he added. Rather than drive free trade, he said the IPEF attempted to pursue protectionism. Noting that the US had pulled out from the Trans-Pacific Partnership (TPP), he added that the US was choosing to undermine existing regional cooperation infrastructures instead of following free-trade rules. Wang said: “Is the US trying to speed up the recovery of the global economy or is it trying to create economic decoupling, technological blockade and industrial disruption, and aggravate the supply chain crisis? The US should learn from the trade war it launched against China a few years ago, which brought severe consequences to the world and US itself.”He said it would be wrong for the US to use the IPEF as a political tool to safeguard its regional economic hegemony and deliberately exclude specific countries. He further questioned the Biden administration’s intent to force governments in this region to choose sides between China and the US. Chinese daily tabloid Global Times, which is owned by state-run People’s Daily, published a commentary highlighting the lack of market access and tariff provisions as a significant problem with the IPEF, giving no practical trade incentives for participating members. It added that the framework had not been approved by the US congress and lacked political sustainability. Global Times also accused the US of using the trade framework to “dominate” rules and standards in digital technologies, such as artificial intelligence and 5G. “IPEF, which excludes China, is driven more by geopolitical considerations rather than economic factors,” the paper said. “Countries in the region do not want to be trapped in the predicament of taking sides between Beijing and Washington, as China is their largest trading partner. China should have confidence in facing the US’ strategic containment. As long as Chinese government keeps the right direction concerning domestic and foreign policies and continues opening up, the US will be unable to stop China’s continuous rise.”In an interview with Nikkei, Singapore’s Lee said the IPEF as an alternative to an FTA arrangement between Asian nations and the US, which failed to materialise under the TPP. He added that the framework reflected the intent to cooperate on economic issues that were relevant to the region, including digital economies, supply chains, and green energy. He noted that details under the IPEF had not been negotiated, though, “broad areas” had been identified. “So we will go in and we will try to work out something as substantive and mutually beneficial as we can,” Lee said, pointing to carbon trading rules, digital economy, and sustainable finance as areas Singapore was keen to discuss as part of the IPEF.RELATED COVERAGE More

US President Joe Biden has launched a new economic framework geared towards countering Chinese influence in Asia and announced the 12 regional partners who will cooperate on shared standards in areas such as clean energy and 5G network advancements.Biden, in his first visit to Japan as president, presented the Indo-Pacific Economic Framework for Prosperity in a speech on Monday, citing four essential pillars — trade, supply chains, sustainable energy, and infrastructure — as well as tax and anti-corruption. Meanwhile, the White House claimed that the framework — as based on these pillars — will ensure that supply chains in the region develop greater resilience to protect against higher prices for consumers.”We’re here today for one simple purpose: the future of the 21st Century economy is going to be largely written in the Indo-Pacific,” Biden said in Tokyo. “[The framework is a commitment to] improving security and trust in the digital economy, protecting workers, strengthening supply chains, and tackling corruption that robs nations of their ability to serve their citizens.Biden added the framework would work towards eliminating critical supply chain bottlenecks, carbon from the economy, and work towards clean energy and developing “early warning systems” to identify problems before they happen.”Let’s start with new rules governing trade in digital goods and services so companies don’t have to hand over the proprietary technology to do business in a country,” Biden said.The 12 regional partners include Australia, Brunei, India, Indonesia, Japan, South Korea, Malaysia, New Zealand, the Philippines, Singapore, Thailand, and Vietnam. All of these partners, excluding Australia and India, were also signatories to China’s Belt and Road Initiative.The framework marks Biden’s latest attempt to shore up US support in the Asia-Pacific region after former President Donald Trump withdrew from the Trans-Pacific Partnership in 2017.Read: China, India, Russia missing from future of internet pledge by US, EU, and 33 othersFurther to this, South Korean President Yoon Suk Yeol pledged his country’s support for the framework, and also announced that South Korea will now become a signatory of the Declaration for the Future of the Internet. Meanwhile, Google said from the announcement that it expects a greater commitment to cybersecurity collaboration in the region, as well as a commitment to the free flow of data between countries and businesses.”This is the moment for Indo-Pacific countries to chart a bold, inclusive and sustainable path forward to address common challenges and seize the tremendous opportunities the digital economy can bring,” Google said.Related Coverage More

Written by

Aimee Chanthadavong, Senior Journalist

Aimee Chanthadavong
Senior Journalist

Since completing a degree in journalism, Aimee has had her fair share of covering various topics, including business, retail, manufacturing, and travel. She continues to expand her repertoire as a tech journalist with ZDNet.

Full Bio

Image: Shutterstock / Ascannio
The Information Commissioner’s Office (ICO) has fined controversial facial recognition company Clearview AI £7.5 million ($9.4 million) for breaching UK data protection laws and has issued an enforcement notice ordering the company to stop obtaining and using data of UK residents, and to delete the data from its systems.In its finding, the ICO detailed how Clearview AI failed to inform people in the UK that it was collecting their images from the web and social media to create a global online database that could be used for facial recognition; failed to have a lawful reason for collecting people’s information; failed to have a process in place to stop the data being retained indefinitely; and failed to meet data protection standards required for biometric data under the General Data Protection Regulation. The ICO also found the company asked for additional personal information, including photos, when asked by members of the public if they were on their database.The privacy watchdog also concluded that given the higher number of UK internet and social media users, Clearview AI’s database is “likely to include a substantial amount of data” from UK residents, and while the company no longer offers services to UK organisations, it continues to do so in other countries, and this may include using personal data of UK residents. Read more: ‘Booyaaa’: Australian Federal Police use of Clearview AI detailed”Clearview AI Inc has collected multiple images of people all over the world, including in the UK, from a variety of websites and social media platforms, creating a database with more than 20 billion images,” UK Information Commissioner John Edwards said.”The company not only enables identification of those people, but effectively monitors their behaviour and offers it as a commercial service. That is unacceptable. That is why we have acted to protect people in the UK by both fining the company and issuing an enforcement notice.”People expect that their personal information will be respected, regardless of where in the world their data is being used. That is why global companies need international enforcement.”The enforcement action follows a joint investigation the ICO carried out with the Office of Australian Information Commissioner (OAIC). The investigation into Clearview AI by both privacy watchdogs has been underway since 2020, and was conducted in accordance with the Australian Privacy Act and the UK Data Protection Act. The pair investigated how the company used people’s images, data scraping from the internet, and biometric data for facial recognition. “This international cooperation is essential to protect people’s privacy rights in 2022. That means working with regulators in other countries, as we did in this case with our Australian colleagues,” Edwards said.Earlier this month, in a landmark settlement, Clearview AI agreed to cease sales to private companies and individuals in the United States, and also agreed to stop making to database available to Illinois state government and local police departments for five years. The New York-based company, however, continue to offer its services to other law enforcement and federal agencies, and government contractors outside of Illinois. Related Coverage More

When I first started using Linux, back in ’97, working with the built-in firewall was not something just anyone could do. In fact, it was quite complicated. Starting around 1998, if you want to manage the security of a system, you had to learn iptables (which is a suite of commands for manipulating the Netfilter packet filtering system). For example, if you want to allow all incoming secure shell (SSH) traffic, you might have to issue commands like this:sudo iptables -A INPUT -p tcp –dport 22 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -p tcp –sport 22 -m conntrack –ctstate ESTABLISHED -j ACCEPT

That’s all fine and good if you have time to not only master the Linux operating system, but also know the finer points of managing a complicated security system. To be fair, I did spend the time and was eventually able to manage the security of my systems with iptables. However, the busier I got, the harder it became to continue the level of mastery needed to keep up with iptables. Over time, things started getting more accessible and some Linux distribution developers began to realize an easier system was necessary. One of those more accessible Linux firewalls came into being with the Ubuntu distribution (around version 12.04). That firewall is aptly named Uncomplicated Firewall.Uncomplicated Firewall (UFW) is a frontend for iptables, which focuses on simplicity. Compared to iptables, UFW is a leisurely stroll through the park that anyone can handle.Let’s take a walk down UFW lane and see just how simple it makes managing your Linux system firewall.There are two things you should know about UFW: It’s a command-line tool.There are GUI tools available to make it even easier.The UFW command-line basicsThe UFW command is actually pretty simple. Let’s stick with our SSH idea from above. Let’s say you want to allow other systems to access your machine by way of SSH (which listens on port 22). First, you’ll want to see if UFW is even enabled. Guess what…it’s not by default. Test that out by opening a terminal window and issuing the command:sudo ufw status
You’ll probably see the following:Status: inactive
How do you activate it? Issue the command:sudo ufw enable
The output of the command should be:Firewall is active and enabled on system startupCongratulations, your firewall is now active. As to the basic usage of UFW, it looks something like this:sudo ufw ARGUMENT SERVICE
Where ARGUMENT is either allow, deny, reject, limit, status, show, reset, reload, enable, disable and SERVICE is the service you want to work with (such as SSH or HTTP).Next, we need to allow SSH traffic into the system. Believe it or not, that’s as simple as:sudo ufw allow ssh
You could also run the command using the port number, like this:sudo ufw allow 22
Or, if you run SSH on port 2022, that command would be:sudo ufw allow 2022
If you’re working on a server and you need to allow HTTP traffic through, that command would be:sudo ufw allow http
Let’s get a bit more advancedone of the nice things about UFW is that even using more advanced features doesn’t require advanced knowledge. Let’s say, for example, you want to allow SSH traffic in, but only from a specific IP address on your network.If you’ve already allowed incoming SSH traffic, you’ll first need to delete that rule with:sudo ufw delete allow ssh
Now, if you try to SSH into the machine, the firewall will block the attempt. So, let’s allow SSH connections from IP address 192.168.1.152. For that, we’d issue the command:sudo ufw allow from 192.168.1.152 to any port ssh
After running the above command, you should be able to log into the machine, via SSH, only from the remote system at IP address 192.168.1.152.What about the GUI?If the command line isn’t your jam, there’s always a handy GUI tool to make it even easier. One such tool is GUFW, which allows you to point and click your way to UFW firewall rules. If UFW isn’t installed on your Linux distribution by default, you’ll find it in your app store. Once installed, open the app and click on the Rules tab (Figure 1).The GUFW tool makes configuring your firewall even easier.
Image: Jack Wallen
As you can see, I already have a few UFW rules added. One thing to keep in mind is that you cannot edit rules that were added via the UFW command line. Let’s add the same rule via the GUI that we just did from the command line. Click + and then (from the Preconfigured tab), select the following:Policy – AllowDirection – InCategory – AllSubcategory – AllApplication – SSHThat alone will create the rule allowing all SSH traffic into your system. If, however, you want to only allow traffic from a single IP address, you must click the Advanced tab and fill out the following (Figure 2):Name – any name you wantPolicy – AllowDirection – InInterface – All InterfacesFrom – 192.168.1.152Adding a rule to UFW to only allow SSH traffic from IP address 192.168.1.62
Image: Jack Wallen
Click Add and your rule is inserted into the firewall.And that, my friends, is your uncomplicated introduction to the Uncomplicated Firewall. But don’t think UFW is nothing more than a very basic firewall system. You can actually get considerably more complicated but for the basics, UFW is easy enough for anyone to use. More

Attackers using the Snake keylogger malware for Windows are emailing malicious PDFs with embedded Word documents to infect victims’ PCs and steal information. Malicious PDFs are an unusual tool to use today because attackers prefer Office formats like Word and Excel which are more familiar to PC users, according to threat analysts at HP’s Wolf Security who recently discovered the PDF malware campaign. The malicious PDF was used to infect PCs with Snake, a keylogger and credential stealer which was first spotted in late November 2020, according to HP. The attackers sent email with an attached PDF document named “REMMITANCE INVOICE.pdf” with an embedded Word document named “has been verified. However PDF, Jpeg, xlsx, .docs”. The reason for choosing this odd and actually rather sneaky file name for the Word document becomes clear when viewing the prompt that Adobe Reader displays when checking whether the user approves opening this file. The prompt reads: “The file ‘has been verified. However PDF, Jpeg, xlsx, .docs’ may contain programs, macros, or viruses that could potentially harm your computer.”An employee who hastily reads the notice could mistakenly understand that the file in question has been verified and is safe to open. Should the recipient then select “Open this file”, Microsoft Word opens. As HP notes, if Protected View is disable, Word downloads a Rich Text Format (.rtf) file from a web server, which is then run in the context of the open document. (It should be noted that Microsoft Office opens documents from the internet in Protected View or Application Guard for Office by default.)Upon analyzing the Word document, HP’s analysts found an illegitimate URL from which an external object linking and embedding (OLE) object was loaded. The OLE object also contains shellcode that exploits the CVE-2017-11882, an old remote code execution vulnerability in Microsoft Office Equation Editor that’s still popular with hackers. .  The shellcode downloads an executable called fresh.exe that is in fact the Snake keylogger, which has historically been distributed via malicious RFT documents or archive files attached to emails.  “While Office formats remain popular, this campaign shows how attackers are also using weaponized PDF documents to infect systems. Embedding files, loading remotely-hosted exploits and encrypting shellcode are just three techniques attackers use to run malware under the radar. The exploited vulnerability in this campaign (CVE-2017-11882) is over four years old, yet continues being used, suggesting the exploit remains effective for attackers,” HP notes.  More

After almost 40 years in technology, it finally happened. I had one of my accounts hacked. Blast it. The target was my Instagram account. While I’m very active on social networks, Instagram was the one I used the least. Here’s what happened. 

It all started when I got a plausible Instagram message from a friend. His message asked for my help and included a reset link for their account. Rather than asking me to click the link, which I’d never do in a million years, it simply asked me to send him back a screenshot of the message including the link. I thought, “How can I be hacked by sending a PNG image?” After all, it wasn’t a reset link for my account. So I replied with the image. Oh foolish, foolish me.It turns out the combination of the URL on the image and my reply gave them enough information to take over my account. Now, even when I saw trouble brewing — an Instagram e-mail came asking me if I wanted to change my phone number to one in Nigeria — I wasn’t too worried. I’d protected my account with two-factor authentication (2FA). While 2FA isn’t perfect, it’s better than anything else out there for basic security.But, here’s where things went awry. Instagram should have sent me an e-mail with a link asking me to “revert this change.” Instagram didn’t send such a message. Instead, I received e-mails from security@mail.instagram.com that provided a link about how to “secure your account.” This dropped me into Instagram’s pages for a hacked account, which wasn’t any help.In the meantime, I got another Instagram message telling me that my account was now associated with a  new e-mail account–a garbage Gmail account. Once more Instagram didn’t give me a chance to refuse this change and the message sent me back to the Instagram hacked account page.Argh!I followed up with Instagram’s suggestions on how to bring my account back. I asked for a login link from my Android Instagram app. I got one, which didn’t work. Next, I requested a security code. I got one. That didn’t work either, no doubt because — by that time — the account was now responding to its “new” e-mail address and phone number. Next up, I verified my identity by providing the email address and phone number I signed up with and the type of device I used when I signed up. I had hoped for this message since I doubt very much there are that many people who sign up for Instagram do so from a Linux desktop! Well, it was a good idea, but nothing happened. Then since my account had photos of me, I took a video selfie of myself to confirm that I’m a real person to confirm my identity. Nada.I would have called the Instagram tech support number, except — surprise! — there’s no such thing. After some digging, I was able to send a message directly to Instagram tech support. Instagram doesn’t make it easy to find this. In fact, the Instagram support link is actually a Facebook page. Good going, Meta!But even after that, it didn’t do me any good. I didn’t hear a peep out of them. So, I decided it was time to bring out the big guns. I sent a message as Steven J. Vaughan-Nichols, top technology journalist, to Instagram public relations asking for help and/or an explanation.That didn’t work.I guess I’m not that special after all.So, while I made the first mistake by opening the door to the hack, Instagram gets a lot of the blame for its 2FA system, indeed its entire security support system.But, hey at least I’m not alone. More: A security researcher easily found my passwords and more: How my digital footprints left me surprisingly over-exposedThe Bored Ape Yacht Club, a leading non-fungible tokens (NFT) collective, lost $3 million of NFTs to a hacker using a phishing attack.  Like yours truly, the Bored Ape Yacht Club said, “At the time of the hack, two-factor authentication was enabled and security surrounding the IG account followed best practices.” They also said they were working with Instagram security and they’d report on what happened. That was almost a month ago.There appears to be a spat of these attacks going on. I’ve seen many reports of small businesses having their Instagram accounts hijacked. Several of my friends have reported the same. They also tell me that Instagram has been useless. One of them who works in security public relations reports he reached out to some white hats for advice, but they couldn’t help. Instagram appears to be a security black hole, Users’ complaints go in and nothing comes out. He also had 2FA on and was bombarded by “all kinds of weird texts for confirmation about changing my password. Also got multiple emails from IG about resetting my password. I later got a letter from T-Mobile, my phone provider, about putting a SIM block on my account.” SIM blocks are used to keep your phone’s SIM card from being cloned, a popular way of getting around SMS-based 2FA. He also “filed a police report and had the police contact IG.” After all that, “IG support was useless” and he eventually lost his account. Personally, this has been really annoying, but it hasn’t really bothered me that much. I had less than 100 Instagram followers. My hacker appears to be using my former account to send cryptocurrency spam. Anyone who knows me knows I think cryptocurrency is a scam. I’ve spread the word that my account has been hacked, and people should report, unfriend, and block it. You’d think all those reports, well over two dozen people have told me they’ve reported it, Instagram might have put two and two together and realized my account had been hacked. Three weeks into this and Instagram still hasn’t bought a clue.But, it could be worse. Hackers are taking over corporate and influencer Instagram accounts and demanding ransomware payments of up to $40,000. But what’s irritating to me is a business killer for others. I’ll shed no tears for the Bored Ape Yacht Club. NFTs are scams too and if you think otherwise I’ll happily sell you an NFT of the Brooklyn Bridge. However, many design shops, videographers, photographers, and marketing people depend on it for their livelihood. If Instagram doesn’t step up its security game, it’s time to find another platform for your business. I made, at most, one minor mistake, and lost my account. Instagram, with its pathetic security defenses, could lose your far more valuable account and you’d have no way to restore your account or your followers.Related Stories: More

Written by

Chris Duckett, APAC Editor

Chris Duckett
APAC Editor

Chris started his journalistic adventure in 2006 as the Editor of Builder AU after originally joining CBS as a programmer. After a Canadian sojourn, he returned in 2011 as the Editor of TechRepublic Australia, and is now the Australian Editor of ZDNet.

Full Bio

Image: Lynn Grieveson/Getty Images
As Australians wake up on Monday with a new government after sending the Morrison-led one packing, this past election campaign has been one of the more shouty and incorrect elections in recent times, and not only from the candidates. One of the more commendable efforts this time around has been the misinformation bubble-bursting work undertaken by the Australian Electoral Commission (AEC) on Twitter. Rather than just being a boring corporate account, it has got sassy and has been stomping on any misinformation or disinformation it comes across. After watching electoral messes overseas, the AEC clearly formed a view that politely and meekly engaging was not an option to head off one of the biggest scourges of being online in the 2020s, and if the pilled mob are going to claim the election is rigged regardless of counter arguments, the AEC might as well have a proper go at them and take an infinitesimal shot at piercing their reality. For an example of how far misinformation can travel online, last week researchers of The Disinformation Project at Victoria University of Wellington released a study on how misinformation played into the New Zealand copycat version of the Canadian protest convoy earlier this year. Promise: Labor election plan has digital licence and misinformation detection course for children In the first week of the New Zealand protest, misinformation and disinformation peddlers were able to garner more video views on Facebook than the entirety of the mainstream media in the nation. “On 11 February, video content by mainstream media was viewed less than the day before, while engagement with mis- and disinformation accounts remained about the same,” the researchers said. “Mis- and disinformation ecologies are heavily laden with conspiratorialism, Covid-19 denialism, and other harms, including from QAnon wellsprings in the United States, imported into Aotearoa New Zealand.” By March, the researchers found 73% of interactions were driven by a dozen misinformation accounts, and the classic, older conspiracy theories were rising in prominence to such an extent that some protesters “took to wearing hats made from tinfoil as protection”. Once the Ukraine invasion kicked off, the disinformation network shifted to parroting pro-Kremlin talking points. “By the end of March, in what was a sustained and stark content signature, every domestic telegram channel studied had pivoted to a near-exclusive framing of the Ukraine war through pro-Putin and pro-Kremlin frames,” the researchers said. “An inability to distinguish between real, fictive, and imagined events is a consequence of information disorders and the expansion of online mis- and disinformation into offline realities. “These are significant challenges facing Aotearoa New Zealand society and government that must be addressed.” The implications for being complacent about disinformation, the researchers warned, is ending up in a place where people have vastly different views on how events unfolded and what actually took place. The obvious example of where this ends up is how America is still wrestling with the events of January 6, 2021. See also: Musk’s vague ideas of free speech and Tesla’s ambition could spell doom for India’s minorities Australia has looked at granting powers to curb disinformation and misinformation on social media, and the AEC said earlier this year that all platforms would increase resourcing for election monitoring. Coming into the six week election campaign, the AEC misinformation-fighting crusade had a succinct slogan: Check the source. But what if the misinformation is coming from inside the house and it is something that is found on the AEC’s disinformation register? No less than former Prime Minister Kevin Rudd falsely claiming voting for one party means you end up voting for another. This is a piece of misinformation the AEC addressed in January, and the nub of it is thanks to Australia’s preferential system — voters control where their votes go, not parties. This trope has been repeated from all sides of the spectrum, but with Labor looking to get over the line and form a majority government, Rudd’s replacement in the seat of Griffith tried to claim a vote for any of the three major parties other than hers would result in a Morrison government.Apart from the seriousness of spreading outright disinformation about how preferential voting in Australia works, there is the sillier idea of left-wing Greens supporting a right-wing government they’ve said they want to boot out. It is simply preposterous — and it turns out the universe is not without a sense of humour, as Griffith appears to have shifted Green, and yet the conservative government has been ditched.As psephologist Kevin Bonham points out, misinformation is not against the law, and the AEC is hamstrung to do anything itself; it is not a policing agency and does not regulate truth in advertising. Information war: Ukraine destroys five bot farms that were spreading ‘panic’ among citizensIt’s just something else that politicians are exempt from. You might be a wholly incorrect but genuine anti-vaccine truther that finds themselves booted off a platform, and yet a politician who very much knows how voting works can fib their way to victory without repercussions. It’s the sort of hypocrisy that “do your own research” types loves to point at. Dealing with misinformation is fast approaching being table stakes for being online, for both users and platforms, and no doubt lawmakers are going to try to stem it — but politicians are not coming to the fight with clean hands. Restoring public faith in politics and democracy has a long way to go when even those who have risen to the top of the pile will tell porkies on the most sacred parts of the electoral process for a measly few votes. ZDNET’S MONDAY MORNING OPENER   ZDNet’s Monday Morning Opener is our opening take on the week in tech, written by members of our editorial team. We’re a global team so this editorial publishes on Monday at 8:00am AEST in Sydney, Australia, which is 6:00pm Eastern Time on Sunday in the US, and 10:00PM GMT in London. PREVIOUSLY ON MONDAY MORNING OPENER :  More

Written by

Eileen Yu, Contributor

Eileen Yu
Contributor

Eileen Yu began covering the IT industry when Asynchronous Transfer Mode was still hip and e-commerce was the new buzzword. Currently an independent business technology journalist and content specialist based in Singapore, she has over 20 years of industry experience with various publications including ZDNet, IDG, and Singapore Press Holdings.

Full Bio

SolarWinds is ready to move past the “cyber incident”, having spent the past year bolstering its build model and processes to better mitigate future cybersecurity breaches. It also has expanded its systems monitoring capabilities as part of efforts to help customers better manage the complexities of hybrid cloud environments.  Mention SolarWinds and most would recall a colossal security breach that triggered when a malware-laced update for the vendor’s Orion network monitoring platform was sent to customers. Thousands of companies received the Orion update containing the malicious code Sunburst, including US government agencies, Microsoft, Malwarebytes, and FireEye, which first raised the alarm in December 2020. Acknowledging that 2021 was a tough year, SolarWinds’ president and CEO Sudhakar Ramakrishna told ZDNet that the company spent the time and investment assessing what it needed to do to beef up its infrastructure and processes.  In January 2021, with Ramakrishna then newly on board, SolarWinds brought in Chris Krebs, former director of the US Cybersecurity and Infrastructure Security Agency, and former Facebook chief security officer Alex Stamos to help improve its security posture. Over the past year, Krebs and Stamos engaged governments and regulators and put in place best practices to drive the vendor’s focus on being “secure by design”, Ramakrishna said in an interview. While SolarWinds already had capabilities in this aspect prior to the breach, more were added across all elements of security, he said. 

Efforts were centred on three key areas around its infrastructure, which included its cloud assets and applications, software build, and processes.  The focus here was to reduce the threat window that a security incident could occur and alter the threat surface on which an attack could be launched, he explained. A new build process then was implemented to address these two objectives, he said, adding that the goal was not to provide a fixed target for attackers to target by creating dynamic, rather than static, processes.  In this “next-generation build system”, SolarWinds subscribes to four pillars that looked to support “secure by design” software development principles to boost its resiliency against future attacks. These encompass “ephemeral operations”, amongst others, in which resources are produced on-demand and dismantled when tasks are completed, making it more difficult for threat actors to establish a base on systems.  The vendor also adopts a “build in parallel” principle where it creates multiple secured duplicates of its new build system and builds all artifacts in parallel, across all systems at the same time. This establishes a basis for integrity checks and “consensus-attested builds”. Apart from assessing the resilience of its systems, SolarWinds also spent the past year pumping in investments to expand its operations two key regions, Asia-Pacific and EMEA, said Ramakrishna, who was in Singapore this week. In addition, it worked to “evolve” its product offerings to support customers’ digital transformation and changing needs, especially as more adopted multi-cloud environments, he said. In this aspect, the vendor looked to beef up its product capabilities across automation, observation, visualisation, and remediation.  Describing 2021 as a “tough” as it coped with the aftermath of the “cyber incident”, the SolarWinds CEO said the year also was “rewarding” as the vendor was able to focus on bolstering its build systems and processes as well as make the investments it did. And while it remained associated with the security breach, he said SolarWinds also should be associated with how it handled and dealt with the breach and emerged from it.  He noted that security incidents were “here to stay”, pointing to others that had followed since SolarWinds’ own breach, such as Kaseya, US Colonial Pipeline, Log4j, and more recently Okta. Deeper observability needed to manage complex hybrid environments Rather than roll over and play victim, though, Ramakrishna said companies needed to learn from such attacks and continuously worked to better mitigate their impact.  This was particularly critical amidst significant changes in IT environments, as organisations adopted hybrid work and were more dependent on cloud services, he said.  As their ecosystems widened, they now had to deal with different environments with different security postures and different connectivity profiles, he noted. Security challenges were amplified along with demands on performance and the ability to identify and remediate issues, he added. It drove SolarWinds to pull together its monitoring capabilities and extend them to support such security requirements, he said. This included the need for deeper observability or “observation”, as he coined it, with a comprehensive system that could look at data across all entities including networks, databases, applications, users, and systems. Organisations then would be able to detect issues faster and remediate.  In reiterating the need for security by design, Ramakrishna also underscored the importance of adopting a zero trust framework as well as the need for better collaboration between private and public sectors.  “No company, regardless of how many resources you have or how smart and dedicated you are, will be able to thwart nation-state attacks,” he said, stressing the difficulty of defending against such threats. “The best way I know [that] needs to be done is for vendors like us to share information and be shy to share when we’ve been breached. Like any crisis situation, the faster we announce, the faster we accept help, the faster we resolve issues.”  In addition, he urged governments to proactively share threat intelligence with the private sector so the industry could be more vigilance against potential attacks.  While there currently was not enough of such exchange of information, he expressed optimism this would improve over time as there already was “collective will” to start doing so. “Threat intelligence should never be used as a competitive advantage,” he added. “We should compete hard on the value we deliver to customers, [but] not on holding back information from your competition with regards to threat intelligence.” Governments also had a role to play in how victims of cybersecurity breaches were perceived, he said, noting that victim-shaming would discourage companies from coming forward. An “environment of understanding” for those that complied would speed up resolution in the event of a security incident, he added.  Asked about his priorities moving forward, Ramakrishna pointed again to SolarWinds’ significant investment to drive its expansion plans in Asia-Pacific, which he said could be its fastest growing region.  He declined to break down the vendor’s growth and investment numbers by region, but said it recently established offices in South Korea and expanded its presence in Japan as well as Asean and ANZ.  In its first quarter 2022 earnings report last week, SolarWinds reported revenues of $177 million, up 2% year-on-year. Subscription revenue grew 37% year-on-year to hit $38.7 million, with adjusted EBITDA clocking in at $69 million. For the year, it forecasted revenue to range from $730 million to $750 million, on a year-on-year growth of between 2% and 4%. According to Ramakrishna, the vendor’s customer renewal rates prior to the breach had hovered in the low- to mid-90s, but dipped to the 80s in 2021 following the December 2020 cyber incident. Numbers since had climbed back up to 91% in the first quarter of this year, he said.  RELATED COVERAGE More