Information Technology

Emerging markets are more open towards cryptocurrency than developed nations, with residents in the former more likely to have invested in it. Those in developing Asia-Pacific nations are most familiar with cryptocurrency and have plans to set aside 22% of their investible assets for the digital currencies. In fact, 46% of residents in emerging Asia-Pacific markets already had invested in crypto, compared to 26% of their peers in the region’s developed nations. Some 39% in Latin America had done likewise as well as 27% in EMEA, according to new research from consumer analyst firm, Toluna. The global survey polled 9,000 respondents aged between 18 and 64 from 17 markets across four regions. Some 5,000 were from nine Asia-Pacific nations, including Singapore, Australia, Thailand, India, and Indonesia. Six markets were from EMEA including Germany, France, and the UK. 

The study revealed that respondents from emerging markets were more receptive to crypto, with 41% from these nations invested in it compared to 22% from developed markets. The former also had more trust in digital currencies at 32%, compared to 14% in developed nations, and less likely to see crypto as a risky investment at 25% whereas 42% of their peers from developed markets perceived it to be risky. The most receptive countries to cryptocurrency were Vietnam, the Philippines, Thailand, and India, according to the report.There was higher familiarity and awareness of its inherent risks in emerging Asia-Pacific markets, though, with 53% familiar with it and 47% agreeing crypto investments were not guaranteed to succeed. In comparison, 36% in Latin America were familiar with it and 32% knew such investments were not guaranteed to succeed.Some 20% of respondents in developed Asia-Pacific nations saw crypto as mere hype that would crash soon, compared to 49% of their peers in the region’s developed markets who perceived digital currencies to be on a long-term upward trend. The survey found that 41% of respondents in Vietnam, Indonesia, and Thailand had invested in crypto for its short-term growth potential. Another 33% in Thailand and Malaysia invested in it to diversify their overall investment portfolio. Some 51% of Asia-Pacific developed nations viewed crypto as high risk, as did 38% in EMEA and 34% in North America.Globally, 43% perceived crypto to be risky investments, with 40% pointing to a lack of understanding of digital currencies as the main reason behind their hesitance to invest. Some 61% were aware of it and 45% believed it was an ongoing development that had no guarantee of success. One in 10 across the board had no plans to invest in crypto. More in developing nations, at 75%, planned to increase the portion of their investible assets for cryptocurrencies. In comparison, 57% expected to do likewise.Almost half of Latin Americans perceived digital currencies as more of an investment than a payment mode, with 45% believing it could be easily converted to cash. Some 45% in emerging Asia-Pacific markets agreed with the latter. However, just 16% in EMEA as well as 18% in developed Asia-Pacific nations believed crypto could be easily converted to cash. A separate study last August revealed that 67% of personal investors in Singapore expanded their cryptocurrency portfolio amidst the global pandemic, with 78% owning Ethereum and 69% holding Bitcoin. Some 33% in the country had yet invest in crypto, with more than half citing a lack of knowledge as the key reason. Singapore’s industry regulator in January 2022 instructed providers of cryptocurrency services not to promote or advertise their offerings to the general public. This rule applied to companies such as banks and payment institutions that offered such services, and would be further expanded to include the transfer of cryptocurrencies and provision of wallet services. The Monetary Authority of Singapore reiterated that cryptocurrency trading involved high risks and was not suitable for the general public, as prices were subject to “sharp speculative swings”. RELATED COVERAGE More

Intel has debuted the vPro computing platform, supported by 12th-gen processors, with hybrid work and enhanced security in mind for today’s businesses. Hybrid and remote working arrangements are now a common feature in many companies — a consequence of the pandemic and one that is potentially going to become a permanent employment option. 

Some enterprise players are now making the transition from remote to hybrid workweeks, including Google. And according to Intel, hybrid and remote setups have become a catalyst for the design of computing systems able to “empower productivity” no matter the size of a company.The vPro platform has been created to “meet these technology demands and offer a wide range of computing options.” On March 3, the US tech giant said vPro, now compatible with 12th-gen hardware, comes in four flavors: Intel vPro Enterprise for Windows, vPro Essentials, vPro Enterprise for Chrome, and vPro, An Evo Design.  vPro Enterprise for Windows: This platform comes with a full set of features and is targeted toward enterprise players and managed businesses.  vPro Essentials: Designed for SMBs and larger companies, vPro Essentials includes device management support, enhanced security, and Intel Hardware Shield.  vPro Enterprise for Chrome: This platform has been designed by Intel for the professional Chromebook market, “with the performance, stability, and security technologies that businesses require.”  vPro, An Evo Design: This platform subset is tailored for mobility in work environments, in particular, notebooks. The platform is supported by Intel’s 12th-generation processor family. The 12th-gen Intel Core architecture contains options for both mobile and desktop machines and includes a mix of Intel’s Performance (P-cores) and Efficient cores (E-cores).  12th-gen Alder Lake processors support DDR5 (desktop) and both DDR5 and LPDDR5 memory (mobile), while Intel vPro Enterprise workstations also cater for ECC memory with corresponding Intel chipsets. Mobile users can adopt Thunderbolt 4 docking if they choose, and Intel continues to support 1Gbps/2.5Gbps wired Ethernet connections.  According to Intel, the 12th-gen processor range has been built to improve machine performance when business users need to use remote collaboration apps, such as VoIP. In tests against rival chipsets, for example, Intel claims that the 12th-gen Intel Core i9-12900 is up to 23% faster when Excel files are being edited and shared over Zoom, and up to 46% more responsive when Microsoft Power BI files are being edited and shared.  Overall, Intel says that mobile and desktop users can expect a performance boost of up to 27% and 21% faster mainstream application performance in comparison to previous generations, respectively.
Intel
Security appears to be an area Intel has worked to improve with vPro. Intel has enhanced its chipsets to bolster protection against code injection attacks and has introduced security mechanisms at the silicon level for OS virtualization and Chrome systems. Among security enhancements available is anomalous behavior detection to detect ransomware infections, of which ESET is collaborating with the company. Hardware Shield, Intel’s trusted execution system, and Security System Report, a mechanism for managing Windows security configurations, are also available.Furthermore, Intel has also included System Resource Defense, SSM protections required for Microsoft Secured-core PC compliance, multi-key encryption protections, and defenses against cold boot attacks. Over 150 commercial designs have been developed using the platform and devices will become available this year. Dynabook, formerly Toshiba PC Co, has introduced new designs based on 12th-gen Intel processors. The Samsung GalaxyBook2 business laptop is another new offering based on Intel vPro technologies. Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Staff at organisations involved in the efforts to aid refugees from the conflict in Ukraine have been targeted by what security researchers describe as a likely state-sponsored phishing campaign that aims to deliver malware. Detailed by Proofpoint, it’s believed the attack exploited a compromised personal email account belonging to a member of the Ukrainian armed forces, which was then used to send targeted phishing attacks to European government workers tasked with managing transportation in Europe, as Ukrainian refugees flee the Russian invasion. 

ZDNet Recommends

The aim of the attacks is likely to be an attempt to gain intelligence from within NATO member countries. Researchers have tentatively linked the campaign to a hacking group known as TA445, part of a wider operation known as UNC1151, which has previously been linked to the government of Belarus.SEE: Cybersecurity: Let’s get tactical (ZDNet special report)However, researchers also note that they’ve “not yet observed concrete technical overlaps which would allow us to definitively attribute this campaign”. The initial phishing emails were detected on February 24, originating from a Ukrainian email address and sent to an undisclosed European government agency. The subject line references the emergency in Ukraine and includes an Excel file named “list of persons”, which contains the malicious macros. If the macros are enabled, the document will download and install malware. Dubbed SunSeed, the malware appears to be a downloader designed to deliver additional payloads. It’s believed that the purpose of these attacks is to track individuals with responsibilities related to transportation, financial and budget allocation, administration, and population movement within Europe, potentially with the aim of gaining intelligence about movements of funds, supplies and people.  Researchers also note that TA445 has a history of pushing disinformation campaigns intended to generate anti-refugee sentiment and if this phishing campaign is linked to the group, the information stolen could be abused to fuel similar operations. Proofpoint’s analysis of this phishing campaign targeting refugee aid comes following a warning by Computer Emergency Response Team for Ukraine (CERT-UA) that phishing attacks – including those believed to be of Belarusian origin – are attempting to compromise targets in Ukraine. It’s believed the campaigns designed to target European governments and personnel involved in aiding refugees will continue as long as the war continues to displace people. “This campaign represents an effort to target NATO entities with compromised Ukrainian military accounts during an active period of armed conflict between Russia, its proxies, and Ukraine. While the utilised techniques in this campaign are not ground-breaking individually, if deployed collectively, and during a high tempo conflict, they possess the capability to be quite effective,” Proofpoint researchers said in the blog post. “Being aware of this threat and disclosing it publicly are paramount for cultivating awareness among targeted entities,” they added. Several other phishing campaigns are also attempting to exploit the Russia-Ukraine war in what are likely attempts to steal passwords, financial information and other sensitive data, as well as potentially delivering malware. Microsoft has detailed a number of what are described as “opportunistic phishing campaigns” using tailored phishing campaigns related to Ukraine.Ukraine faced several cyberattacks and malware campaigns in the run up to the Russian invasion, including wiper attacks targeting government networks and other organisations.  MORE ON CYBERSECURITY More

Log4Shell, the critical bug in Apache’s widely used Log4j project, hasn’t triggered the disaster that was feared, but it’s still being exploited and predominantly from cloud computers in the US. The Log4Shell vulnerability came to light in December and sparked concern that it would be exploited by attackers because it was relatively easy to do and because the Java application logging library is embedded in many different services.

ZDNet Recommends

Microsoft has observed Log4Shell being used by state-sponsored and criminal attacks but early on found it was mostly being used for coin mining and ransomware. It advised customers to “assume broad availability of exploit code and scanning capabilities to be a real and present danger to their environments.”SEE: Linux malware attacks are on the rise, and businesses aren’t ready for itThe Cybersecurity and Infrastructure Security Agency warned that, while it hadn’t seen any major breach happen due to the flow, attackers might be waiting to use access gained through Log4Shell until alert levels fall. Oracle, Cisco, IBM and VMware have spent the past two months releasing patches for affected software. Barracuda Networks, a maker of network security appliances, has now said that Log4Shell attacks are happening at consistent levels. However, it hasn’t found evidence of an onslaught of attacks. “The majority of attacks came from IP addresses in the U.S., with half of those IP addresses being associated with AWS, Azure and other data centers. Attacks were also being sent from Japan, Germany, Netherlands, and Russia,” it notes. It adds that these IP addresses are linked to scans and attempted intrusions, which mean the scans could be from researchers or attackers. The payloads range from trivial internet memes to the somewhat more serious category of crypto-mining malware that uses another person’s hardware to solve equations that earn the attacker crypto such as Monero. One, for example, attempts to delivery a “relatively benign (or depending on your viewpoint, very annoying) payload” in the form of a a YouTube video that plays Rick Astley’s “Never Gonna Give You Up.” “I do wonder if anyone was actually Rick-Rolled by this one. It is, as noted earlier, a benign payload in my opinion, but one that will get you patching very quickly!” says Baracuda’s Tushar Richabadas.Other notable malware it reports being used in connection with Log4Shell include the distributed denial of service (DDoS) malware called BillGates. It’s an old piece of malware that has no connection with Microsoft’s co-founder and that targets Linux machines. Log4Shell has also been used to deploy Mirai DDoS malware, which is often used in conflicts between online gamers.  Barracuda has seen also seen Log4Shell being used to deploy cypto miners Kinsing and XMRig, as well as the Muhstik DDoS malware. Overall, Barracuda’s report suggests there is no change in the threat level from Log4Shell than was the case in January. 

[embedded content] More

Singapore is building a new digital intelligence unit within its armed forces that will look to boost the country’s defence against cyber threats. The government has described the move as necessary, with online threats growing in volume and sophistication and attacks targeting both physical and digital domains. The new digital and intelligence service (DIS) unit will be parked under Singapore Armed Forces (SAF) and tasked with combating online attacks. It is pipped to help the army fight better as a collective group. Expected to be operational by end-2022, the DIS would enable SAF to deal with cyber threats that were known today as well as future attacks, said Singapore’s Defence Minister Ng Eng Hen. He noted that threats in the digital domain already were spilling over to the physical space and such risks were expected to escalate. 

Ng said in parliament Wednesday: “The digital terrain has become as real as the land, air, and sea domains for which we have raised the Army, the Air Force and the Navy. In fact, some would argue that for the next generations, the digital domain is the dominant domain–so much so that a new word ‘metaverse’ has been coined for that virtual universe.”Threats that emanate in the digital domain can readily impact events in the real physical world. That divide between virtual and physical, in security terms is a false one as the two are in fact intricately interwoven,” he said. He pointed to fuel shortages that occurred in the US following a ransomware attack on the Colonial Pipeline and how Iranians were unable to top up gas at petrol stations after hackers breached the payment system.Ukraine also had come under constant cyber attacks in the years leading up to its current physical conflict, during which it experienced damage to servers and databases and disruptions to power and communications. Singapore must “learn and adjust” now from these developments to better prepare itself for potential attacks, Ng said. “Because as good and ambitious as the next-generation SAF is, there are some gaps in capabilities that [these] recent events and developments warn us against….and I am talking primarily about threats in the digital domain.”The new DIS unit was essential to drive Singapore’s vision to build a next-generation armed forces by 2040, he added. Its establishment as a fourth service–in addition to the Army, Navy, and Air Force–also would significantly boost recruitment and career prospects, he said. The minister underscored the need for soldiers with different skillsets as well as mindset to deal with threats in the digital domain, comprising “tactics, techniques, and procedures”.”Technology, especially related to IT and communications will play a big role for the DIS,” he said. “It will also require a force with specialisations not only in core IT areas and comms, but also in diverse areas including data science, psychology, linguistics, anthropology, and geography, that will help them understand the motivation and means in which orchestrated state and non-state groups aim to harm Singapore.”The addition of DIS would enable the SAF to better “train and fight as a networked, integrated, and expanded force”, so it could deal with the spectrum of threats that were known today as well as that would increase in the future, Ng said. He added that other countries recognised this, too, and had added a digital force to their own tri-services. Germany, for example, established the Cyber and Information Domain Service, consolidating its Communication and Information Systems Command, and Geoinformation Centre.Ng noted that Singapore in the past decade had progressively built up capabilities across four key areas in command, control, communications, and computers and intelligence. The Defence Cyber Organisation also was established in 2017 to coordinate cybersecurity efforts in the defence sector, but was insufficient to meet SAF’s growing needs. A dedicated digital intelligence force was necessary to effectively deal with digital threats from external threat actors that were expected to grow in numbers, sophistication, and organisation, he said. The new DIS would facilitate mission focus, sharpen direct responsibility and accountability, and capability development, he added.In its factsheet on DIS, Singapore’s Ministry of Defence (Mindef) said the digital domain had grown into a “full-fledged arena of conflict and contestation [where] digital threats that emanate in the digital domain can readily impact events in the physical world”. The establishment of DIS would enable SAF to be more effective and better prepared to defend the country and its population, Mindef said. The new unit would “more tightly integrate” the SAF’s capabilities across all four services to deal with a spectrum of security threats, including those from the digital domain. DIS also would have “dedicated focus to realise the full potential” of emerging digital technologies, including cloud, artificial intelligence, and data science. This would accelerate SAF’s next-generation transformation efforts, Mindef said. Specifically, DIS would provide “accurate, relevant, and timely” early warning and operational intelligence, and be responsible for SAF’s digital defence through “cyberdefence and electronic protection” of Singapore’s networks and systems as well as “psychological defence” to boost the armed forces’ resilience in operations. According to Ng, Singapore would increase its defence spending this year to an estimated SG$16.3 billion ($12 billion). This would be a one-off increase of 6.5%, following two years of subdued spending as the country focused on its COVID-19 efforts. RELATED COVERAGE More

Camera maker Axis released more details about a cyberattack that started on the night of Saturday, February 19.

In its initial messages on its website, the Swedish camera giant said it got alerts from its cybersecurity and intrusion detection system on Sunday, February 20, before it shut down all public-facing services globally in the hopes of limiting the impact of the attack. But in a lengthy report about the attack, Axis says someone used “several combinations of social engineering” to sign in as a user on Saturday night “despite protective mechanisms such as multifactor authentication.”According to the report, there was no ransomware, but investigators did find malware and discovered that the company’s internal directory services were compromised. Axis claimed no customer information was involved. “Inside, the attackers used advanced methods to elevate their access and eventually gain access to directory services. Axis threat detection systems alerted incident staff of unusual, suspicious behavior, and investigations began early Sunday morning. At approximately 9 am CET Sunday morning, IT management decided to bring in external security experts, and at approximately 12:00pm (noon), it was confirmed that hackers were active inside Axis networks. The decision was taken to disconnect all external connectivity immediately as a way of cutting the intruders off,” Axis explained. Also: Nvidia says employee credentials, proprietary information stolen during cyberattack”At 6pm, all network access had been shut off globally. The measure had the intended effect of shutting the intruders off from their access. It also resulted in a loss of external services for Axis staff, such as in- and outbound email. Partner services were also affected, with axis.com and extranets being unavailable. Investigations rapidly showed that parts of the server infrastructure had been compromised while other parts remained intact.”The company noted that their global production and supply chain remained “largely unaffected” during the attack. Their first customer-facing service returned on Sunday evening. Most external services were restored by February 27, while others are still waiting on security clearances. Axis said it is still operating in “a restricted mode” with internet-facing services. As of Wednesday, March 2, device upgrades for AXIS OS/Apps is still facing a major outage, and the company’s licensing system is dealing with a partial outage.”This will continue as long as the forensic investigation is ongoing and until the cleaning and restoration are completed. This mainly affects our internal work streams and has a very limited effect on customers and partners. We expect the final parts of our customer-facing services to be completely available within a few days,” Axis said. “Needless to say, we are humble in the face of and due to the gravity of the situation. We are also grateful that we were able to catch and stop an ongoing attack before it had much more lasting effects.”The company initially announced the outages on Twitter but did not respond to requests for comment. On its status site Friday afternoon, Axis said its Case Insight tool in the US and the Camera Station License System were dealing with partial outages.  More

The US Senate approved new cybersecurity legislation that will force critical infrastructure organizations to report cyberattacks to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours and ransomware payments within 24 hours. 

Ukraine Crisis

The Strengthening American Cybersecurity Act passed by unanimous consent on Tuesday after being introduced on February 8 by Senators Rob Portman and Gary Peters, ranking member and chairman of the Senate Homeland Security and Governmental Affairs Committee. The act combines pieces of the Cyber Incident Reporting Act, the Federal Information Security Modernization Act of 2021, and the Federal Secure Cloud Improvement and Jobs Act — all of which were authored by Peters and Portman and advanced out of committee before floundering. The 200-page act includes several measures designed to modernize the federal government’s cybersecurity posture, and both Peters and Portman said the legislation was “urgently needed” in light of US support for Ukraine, which was invaded by Russia last week. 

I’m concerned that, as our nation rightly continues to support #Ukraine during Russia’s illegal, unjustifiable assault, the US will face increased cyber & ransomware attacks from Russia. The federal govt must quickly coordinate its response to any potential attacks.— Rob Portman (@senrobportman) March 2, 2022

“As our nation continues to support Ukraine, we must ready ourselves for retaliatory cyber-attacks from the Russian government… This landmark legislation, which has now passed the Senate, is a significant step forward to ensuring the United States can fight back against cybercriminals and foreign adversaries who launch these persistent attacks,” Peters said. “Our landmark, bipartisan bill will ensure CISA is the lead government agency responsible for helping critical infrastructure operators and civilian federal agencies respond to and recover from major network breaches and mitigate operational impacts from hacks. I will continue urging my colleagues in the House to pass this urgently needed legislation to improve public and private cybersecurity as new vulnerabilities are discovered, and ensure that the federal government can safety and securely utilize cloud-based technology to save taxpayer dollars.”The act also authorizes the Federal Risk and Authorization Management Program (FedRAMP) for five years to ensure federal agencies can “quickly and securely adopt cloud-based technologies that improve government operations and efficiency.” The act attempts to streamline federal government cybersecurity laws to improve coordination between federal agencies and requires all civilian agencies to report all cyberattacks to CISA.

The legislation updates the threshold for agencies to report cyber incidents to Congress and gives CISA more authority to ensure it is the lead federal agency in charge of responding to cybersecurity incidents on federal civilian networks. It now heads to the House for a vote before it makes its way to President Joe Biden’s desk. Peters and Portman said they have been working with chair of the House Oversight Committee Carolyn Maloney as well as Republican and Democratic lawmakers in the House to get the bill approved. Maloney told ZDNet that the act contains the Federal Information Security Modernization Act, a provision she called one of her “top legislative priorities.””The Committee on Oversight and Reform kicked off 2022 with a bipartisan hearing and markup to examine how best to approach FISMA modernization, and we look forward to incorporating those crucial lessons learned as this effort moves through the legislative process,” Maloney said. “FISMA reform will determine our federal cybersecurity posture for years to come, and it is essential that the final bill seizes every opportunity to defend our federal networks from the onslaught of attacks they face daily.”In his own statement, Portman also touted the ways the act will update FISMA and provide “the accountability necessary to resolve longstanding weaknesses in federal cybersecurity by clarifying roles and responsibilities and requiring the government to quickly inform the American people if their information is compromised.”

ZDNet Recommends

The best network-attached storage devices

If cloud-based servers don’t meet all of your storage needs, consider a NAS solution. We selected a handful of devices that passed our reliability torture tests and offer superior usability and feature sets.

Read More

Both Senators noted that the bill would have applied to the 2021 ransomware attacks on Colonial Pipeline and global meat processor JBS. But the two said the legislation would “help ensure critical infrastructure entities such as banks, electric grids, water networks, and transportation systems are able to quickly recover and provide essential services to the American people in the event of network breaches.” CyberSaint co-founder Padriac O’Reilly works directly with critical infrastructure across financial services, utilities, and the government to measure cyber risk.O’Reilly explained that the current cybersecurity landscape has worn down the long-standing recalcitrance of certain critical infrastructure sectors with respect to the 72-hour reporting window for incidents. “There are two sections very deep in the legislation that stand out to me. They talk about a budget-based risk analysis for improving cybersecurity and metrics-based approach to cyber in general. This is precisely what is needed and it has been known for some time in the industry,” O’Reilly said. “Section 115 covers automation reporting. This is very timely as automation has been advancing in the private sector and it is key with respect to risk management going forward. I was really impressed to see this in the bill. The government has been trying for years to advance this cause across all agencies and departments. Section 119 really gets at the holy grail in risk management, which is the ability to view cybersecurity risks in a prioritized way with respect to budget.” More

Credit: Microsoft

Microsoft’s newest Windows 11 test build adds a new Smart App Control security feature; improved Microsoft 365 account management; and a handful of other new features. Microsoft made this new build, No. 22567, available to Dev Channel testers on March 2. Smart App Control is a security feature that Microsoft is enabling on Windows 11 to block untrusted or potentially dangerous applications. Testers can manually turn on SAC in the Windows Security app under the App & Browser Control section. This feature will only work on devices that apply Build 22567 and higher via a clean install. Officials said they will provide more details about this feature “in the future.” Microsoft also has made the Microsoft 365 subscription management capability more visible under Settings > Accounts as of today’s build. In addition, in the subscription card area, Microsoft is enabling users to see their subscription payment information and be notified when their methods need updating through payment details. For those who aren’t Microsoft 365 subscribers, Microsoft plans to provide information on free capabilities and services they still can access via their Microsoft Account on the “Your Microsoft Account page. These kinds of free services include access to Office Web apps and the ability to view OneDrive storage. It sounds like an ad for moving to a Microsoft 365 subscription to get more functionality will be on this page, as well. Microsoft plans to use its Online Service Experience Packs to bring additional functionality under Settings > Accounts going forward, according to today’s blog post. Microsoft will be highlighting the ability to link Android phones to PCs using the Your Phone app by making a QR code available as part of the device setup (OOBE) for Windows 11 as of this build, It also is changing Windows Update to try to schedule updates at a specific time of day to save on carbon emissions — but only when PCs are plugged-in and “regional carbon intensity data” is available from its partners electricityMap or WattTime. There are a large number of other fixes and updates in Build 22567 which are itemized in Microsoft’s blog post. As Microsoft notes, those running Windows 10 who try to upgrade directly to 22563 or higher in the Dev Channel may get an install failure error code but can bypass this using the instructions in the blog post. Microsoft officials also note they plan to release new ISOs in the next few weeks.

Windows 11 More