Information Technology

By Ink Drop — Shutterstock
Under Twitch’s latest content policy update, the streaming platform said it will ban “harmful misinformation actors” from using its service.”We’re proud that Twitch can bring people together — but we do not believe that individuals who use online services to spread false, harmful information, have a place in our community,” the company said in a blog post. According to the company, it will apply a ban on users whose online presence is dedicated to persistently sharing widely disproven and broadly shared harmful misinformation topics, such as conspiracies that promote violence, whether it is on Twitch or not.”We will only enforce against actors who meet all three of these criteria, and our off-service investigations team will be conducting thorough reviews into each case,” the company said. Some content covered under the policy includes COVID-19 vaccines or harmful health information, and content that “undermines the integrity of a civic or political process” such as electronic fraud, and terrorist or extremist propaganda.  Twitch assured that it’s unlikely the update will have an impact on most of its streamers or viewers, and that harmful misinformation is not prevalent on its platform. But the company wanted to take the precautionary step to curb any potential harm. “Our goal is to prohibit individuals whose online presence is dedicated to spreading harmful, false, information from using Twitch,” the company added. Meanwhile, Reddit joins a growing list of platforms that have taken a stance against Russian state-backed media outlets amid Russia’s invasion of Ukraine. Reddit said in a blog post it will ban users globally from posting links to Russian state media outlets like Russia Today, Sputnik, and their foreign language affiliates.Additionally, it will continue to not accept advertisements that target Russia or originate from any Russian-based government or private entity, Reddit stated.Others that have also decided to remove content, restrict discoverability, or stop actively promoting content from Russia include Meta, Twitter, Google, Microsoft, YouTube, and many more. RELATED COVERAGE More

Multiple cities in Ukraine are experience power outages due to the ongoing invasion by Russian forces that started last week. Global internet access tracker NetBlocks shared data showing widespread internet outages across Mariupol, Sumy, and other regions of the country following an increase in bombing campaigns and rocket fire launched by Russian units. “Mariupol and Sumy are the main outage incidents we’re tracking today. Overall, at national level, observable connectivity is down some 20% compared to ordinary levels prior to the onset of conflict,” Alp Toker, director of NetBlocks, told ZDNet. “The reduction in connectivity is attributed to power outages and the destruction of infrastructure in most of the major conflict zones, and the figure also reflects population flight as people leave home and shutter businesses.”
Netblocks
Mariupol, which had about 400,000 residents before the invasion, began seeing widespread outages on Wednesday. Residents told the BBC that there has been “a relentless barrage of Russian shelling.”One resident said he has spent two days without light, heat, or water after filling up a bathtub before the water was shut off. They are now running out of food and medicine. The outages in Sumy began on Thursday. Netblocks and others wrote that residents were reporting massive blasts at the thermal power plant and electrical substation that they said “turned the sky ‘yellow and red’ for miles.” The town had about one million residents before the invasion began. 
Netblocks
“The incident marks the largest single region-wide disruption to telecoms service since the onset of the conflict, and is attributed to the destruction of the region’s electricity production and transmission infrastructure,” Netblocks explained. TVUA 24 editor-in-chief Olha Konsevych confirmed on Twitter that two explosions damaged the CHP plant and the electrical substation. “Residents say they have been left without heat, water, and electricity,” Konsevych said. A number of Ukrainians on Twitter confirmed the outages, noting that they or their family members were trying to figure out what to do without electricity. 

NetBlocks has also reported internet outages in other major Ukrainian cities such as Kyiv and Kharkiv. Tesla CEO Elon Musk has tried to help Ukrainians dealing with internet outages by sending Starlink terminals and making the Starlink service active in the country. 

Ukraine Crisis More

Following Russia’s invasion, Ukraine had asked the Internet Corporation for Assigned Names and Numbers (ICANN) to revoke Russia’s top-level domains (TLD), such as .ru, .рф, and .su be revoked along with the nation’s associated Secure Sockets Layer (SSL) certificates. The request came from  Andrii Nabok, ICANN’s Ukrainian representative, and Mykhailo Fedorov, Ukraine’s vice prime minister and minister of digital transformation.Now, ICANN has replied: No.The letter from Göran Marby, ICANN’s CEO and president, tried to soften the blow, “ICANN stands ready to continue to support Ukrainian and global Internet security, stability, and resiliency.” But, a no is a no.Fedorov had also asked that RIPE NCC, the regional Internet registry for Europe, the Middle East, and parts of Central Asia, withdraw Russia and its Local Internet Registries (LIR) rights to use their assigned IPv4 and IPv6 addresses and to block their DNS root servers.  RIPE had turned down this request earlier. The RIPE NCC Executive Board stated that “the means to communicate should not be affected by domestic political disputes, international conflicts or war. This includes the provision of correctly registered Internet numbering resources.”These moves come as no surprise. Earlier, people with both internet organizations and related groups had made it clear they didn’t want to ask. Andrew Sullivan, president and CEO of the Internet Society, warned that if ICANN has granted Ukraine’s request it might cause “‘Splinternet’ – the splintering of the Internet along geographical, political, commercial, and/or technological boundaries.” This fragmenting would have massive negative effects, while also setting dangerous precedents. Sullivan said: “The calls to cut Russia off from the Internet are a slippery slope, as the ‘Splinternet’ is the antithesis of how the Internet was designed and meant to function. We must resist these calls, no matter how tempting they may be.”Marby agreed: “Within our mission, we maintain neutrality and act in support of the global Internet. Our mission does not extend to taking punitive actions, issuing sanctions, or restricting access against segments of the Internet – regardless of the provocations.”While the internet’s official governors are staying out of the war, unofficial groups such as Anonymous have taken up their cyber arms against Russia. Anonymous has claimed to have taken down various websites, including Russian oil power Gazprom; Russian state news agency RT; and Russian and Belarusian government agencies, including the Kremlin.Numerous companies have also joined the right against Russia. For example, Microsoft President Brad Smith announced that the Windows giant would help Ukraine against Russian cyber attacks. Smith wrote that while “We are a company and not a government or a country,” Microsoft would protect Ukraine from cyberattacks.This is not a 20th-century war. No matter where you are in the world, you’re only an internet connection away from the cyber-frontlines. 

Ukraine Crisis More

Emerging markets are more open towards cryptocurrency than developed nations, with residents in the former more likely to have invested in it. Those in developing Asia-Pacific nations are most familiar with cryptocurrency and have plans to set aside 22% of their investible assets for the digital currencies. In fact, 46% of residents in emerging Asia-Pacific markets already had invested in crypto, compared to 26% of their peers in the region’s developed nations. Some 39% in Latin America had done likewise as well as 27% in EMEA, according to new research from consumer analyst firm, Toluna. The global survey polled 9,000 respondents aged between 18 and 64 from 17 markets across four regions. Some 5,000 were from nine Asia-Pacific nations, including Singapore, Australia, Thailand, India, and Indonesia. Six markets were from EMEA including Germany, France, and the UK. 

The study revealed that respondents from emerging markets were more receptive to crypto, with 41% from these nations invested in it compared to 22% from developed markets. The former also had more trust in digital currencies at 32%, compared to 14% in developed nations, and less likely to see crypto as a risky investment at 25% whereas 42% of their peers from developed markets perceived it to be risky. The most receptive countries to cryptocurrency were Vietnam, the Philippines, Thailand, and India, according to the report.There was higher familiarity and awareness of its inherent risks in emerging Asia-Pacific markets, though, with 53% familiar with it and 47% agreeing crypto investments were not guaranteed to succeed. In comparison, 36% in Latin America were familiar with it and 32% knew such investments were not guaranteed to succeed.Some 20% of respondents in developed Asia-Pacific nations saw crypto as mere hype that would crash soon, compared to 49% of their peers in the region’s developed markets who perceived digital currencies to be on a long-term upward trend. The survey found that 41% of respondents in Vietnam, Indonesia, and Thailand had invested in crypto for its short-term growth potential. Another 33% in Thailand and Malaysia invested in it to diversify their overall investment portfolio. Some 51% of Asia-Pacific developed nations viewed crypto as high risk, as did 38% in EMEA and 34% in North America.Globally, 43% perceived crypto to be risky investments, with 40% pointing to a lack of understanding of digital currencies as the main reason behind their hesitance to invest. Some 61% were aware of it and 45% believed it was an ongoing development that had no guarantee of success. One in 10 across the board had no plans to invest in crypto. More in developing nations, at 75%, planned to increase the portion of their investible assets for cryptocurrencies. In comparison, 57% expected to do likewise.Almost half of Latin Americans perceived digital currencies as more of an investment than a payment mode, with 45% believing it could be easily converted to cash. Some 45% in emerging Asia-Pacific markets agreed with the latter. However, just 16% in EMEA as well as 18% in developed Asia-Pacific nations believed crypto could be easily converted to cash. A separate study last August revealed that 67% of personal investors in Singapore expanded their cryptocurrency portfolio amidst the global pandemic, with 78% owning Ethereum and 69% holding Bitcoin. Some 33% in the country had yet invest in crypto, with more than half citing a lack of knowledge as the key reason. Singapore’s industry regulator in January 2022 instructed providers of cryptocurrency services not to promote or advertise their offerings to the general public. This rule applied to companies such as banks and payment institutions that offered such services, and would be further expanded to include the transfer of cryptocurrencies and provision of wallet services. The Monetary Authority of Singapore reiterated that cryptocurrency trading involved high risks and was not suitable for the general public, as prices were subject to “sharp speculative swings”. RELATED COVERAGE More

Intel has debuted the vPro computing platform, supported by 12th-gen processors, with hybrid work and enhanced security in mind for today’s businesses. Hybrid and remote working arrangements are now a common feature in many companies — a consequence of the pandemic and one that is potentially going to become a permanent employment option. 

Some enterprise players are now making the transition from remote to hybrid workweeks, including Google. And according to Intel, hybrid and remote setups have become a catalyst for the design of computing systems able to “empower productivity” no matter the size of a company.The vPro platform has been created to “meet these technology demands and offer a wide range of computing options.” On March 3, the US tech giant said vPro, now compatible with 12th-gen hardware, comes in four flavors: Intel vPro Enterprise for Windows, vPro Essentials, vPro Enterprise for Chrome, and vPro, An Evo Design.  vPro Enterprise for Windows: This platform comes with a full set of features and is targeted toward enterprise players and managed businesses.  vPro Essentials: Designed for SMBs and larger companies, vPro Essentials includes device management support, enhanced security, and Intel Hardware Shield.  vPro Enterprise for Chrome: This platform has been designed by Intel for the professional Chromebook market, “with the performance, stability, and security technologies that businesses require.”  vPro, An Evo Design: This platform subset is tailored for mobility in work environments, in particular, notebooks. The platform is supported by Intel’s 12th-generation processor family. The 12th-gen Intel Core architecture contains options for both mobile and desktop machines and includes a mix of Intel’s Performance (P-cores) and Efficient cores (E-cores).  12th-gen Alder Lake processors support DDR5 (desktop) and both DDR5 and LPDDR5 memory (mobile), while Intel vPro Enterprise workstations also cater for ECC memory with corresponding Intel chipsets. Mobile users can adopt Thunderbolt 4 docking if they choose, and Intel continues to support 1Gbps/2.5Gbps wired Ethernet connections.  According to Intel, the 12th-gen processor range has been built to improve machine performance when business users need to use remote collaboration apps, such as VoIP. In tests against rival chipsets, for example, Intel claims that the 12th-gen Intel Core i9-12900 is up to 23% faster when Excel files are being edited and shared over Zoom, and up to 46% more responsive when Microsoft Power BI files are being edited and shared.  Overall, Intel says that mobile and desktop users can expect a performance boost of up to 27% and 21% faster mainstream application performance in comparison to previous generations, respectively.
Intel
Security appears to be an area Intel has worked to improve with vPro. Intel has enhanced its chipsets to bolster protection against code injection attacks and has introduced security mechanisms at the silicon level for OS virtualization and Chrome systems. Among security enhancements available is anomalous behavior detection to detect ransomware infections, of which ESET is collaborating with the company. Hardware Shield, Intel’s trusted execution system, and Security System Report, a mechanism for managing Windows security configurations, are also available.Furthermore, Intel has also included System Resource Defense, SSM protections required for Microsoft Secured-core PC compliance, multi-key encryption protections, and defenses against cold boot attacks. Over 150 commercial designs have been developed using the platform and devices will become available this year. Dynabook, formerly Toshiba PC Co, has introduced new designs based on 12th-gen Intel processors. The Samsung GalaxyBook2 business laptop is another new offering based on Intel vPro technologies. Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Staff at organisations involved in the efforts to aid refugees from the conflict in Ukraine have been targeted by what security researchers describe as a likely state-sponsored phishing campaign that aims to deliver malware. Detailed by Proofpoint, it’s believed the attack exploited a compromised personal email account belonging to a member of the Ukrainian armed forces, which was then used to send targeted phishing attacks to European government workers tasked with managing transportation in Europe, as Ukrainian refugees flee the Russian invasion. 

ZDNet Recommends

The aim of the attacks is likely to be an attempt to gain intelligence from within NATO member countries. Researchers have tentatively linked the campaign to a hacking group known as TA445, part of a wider operation known as UNC1151, which has previously been linked to the government of Belarus.SEE: Cybersecurity: Let’s get tactical (ZDNet special report)However, researchers also note that they’ve “not yet observed concrete technical overlaps which would allow us to definitively attribute this campaign”. The initial phishing emails were detected on February 24, originating from a Ukrainian email address and sent to an undisclosed European government agency. The subject line references the emergency in Ukraine and includes an Excel file named “list of persons”, which contains the malicious macros. If the macros are enabled, the document will download and install malware. Dubbed SunSeed, the malware appears to be a downloader designed to deliver additional payloads. It’s believed that the purpose of these attacks is to track individuals with responsibilities related to transportation, financial and budget allocation, administration, and population movement within Europe, potentially with the aim of gaining intelligence about movements of funds, supplies and people.  Researchers also note that TA445 has a history of pushing disinformation campaigns intended to generate anti-refugee sentiment and if this phishing campaign is linked to the group, the information stolen could be abused to fuel similar operations. Proofpoint’s analysis of this phishing campaign targeting refugee aid comes following a warning by Computer Emergency Response Team for Ukraine (CERT-UA) that phishing attacks – including those believed to be of Belarusian origin – are attempting to compromise targets in Ukraine. It’s believed the campaigns designed to target European governments and personnel involved in aiding refugees will continue as long as the war continues to displace people. “This campaign represents an effort to target NATO entities with compromised Ukrainian military accounts during an active period of armed conflict between Russia, its proxies, and Ukraine. While the utilised techniques in this campaign are not ground-breaking individually, if deployed collectively, and during a high tempo conflict, they possess the capability to be quite effective,” Proofpoint researchers said in the blog post. “Being aware of this threat and disclosing it publicly are paramount for cultivating awareness among targeted entities,” they added. Several other phishing campaigns are also attempting to exploit the Russia-Ukraine war in what are likely attempts to steal passwords, financial information and other sensitive data, as well as potentially delivering malware. Microsoft has detailed a number of what are described as “opportunistic phishing campaigns” using tailored phishing campaigns related to Ukraine.Ukraine faced several cyberattacks and malware campaigns in the run up to the Russian invasion, including wiper attacks targeting government networks and other organisations.  MORE ON CYBERSECURITY More

Log4Shell, the critical bug in Apache’s widely used Log4j project, hasn’t triggered the disaster that was feared, but it’s still being exploited and predominantly from cloud computers in the US. The Log4Shell vulnerability came to light in December and sparked concern that it would be exploited by attackers because it was relatively easy to do and because the Java application logging library is embedded in many different services.

ZDNet Recommends

Microsoft has observed Log4Shell being used by state-sponsored and criminal attacks but early on found it was mostly being used for coin mining and ransomware. It advised customers to “assume broad availability of exploit code and scanning capabilities to be a real and present danger to their environments.”SEE: Linux malware attacks are on the rise, and businesses aren’t ready for itThe Cybersecurity and Infrastructure Security Agency warned that, while it hadn’t seen any major breach happen due to the flow, attackers might be waiting to use access gained through Log4Shell until alert levels fall. Oracle, Cisco, IBM and VMware have spent the past two months releasing patches for affected software. Barracuda Networks, a maker of network security appliances, has now said that Log4Shell attacks are happening at consistent levels. However, it hasn’t found evidence of an onslaught of attacks. “The majority of attacks came from IP addresses in the U.S., with half of those IP addresses being associated with AWS, Azure and other data centers. Attacks were also being sent from Japan, Germany, Netherlands, and Russia,” it notes. It adds that these IP addresses are linked to scans and attempted intrusions, which mean the scans could be from researchers or attackers. The payloads range from trivial internet memes to the somewhat more serious category of crypto-mining malware that uses another person’s hardware to solve equations that earn the attacker crypto such as Monero. One, for example, attempts to delivery a “relatively benign (or depending on your viewpoint, very annoying) payload” in the form of a a YouTube video that plays Rick Astley’s “Never Gonna Give You Up.” “I do wonder if anyone was actually Rick-Rolled by this one. It is, as noted earlier, a benign payload in my opinion, but one that will get you patching very quickly!” says Baracuda’s Tushar Richabadas.Other notable malware it reports being used in connection with Log4Shell include the distributed denial of service (DDoS) malware called BillGates. It’s an old piece of malware that has no connection with Microsoft’s co-founder and that targets Linux machines. Log4Shell has also been used to deploy Mirai DDoS malware, which is often used in conflicts between online gamers.  Barracuda has seen also seen Log4Shell being used to deploy cypto miners Kinsing and XMRig, as well as the Muhstik DDoS malware. Overall, Barracuda’s report suggests there is no change in the threat level from Log4Shell than was the case in January. 

[embedded content] More

Singapore is building a new digital intelligence unit within its armed forces that will look to boost the country’s defence against cyber threats. The government has described the move as necessary, with online threats growing in volume and sophistication and attacks targeting both physical and digital domains. The new digital and intelligence service (DIS) unit will be parked under Singapore Armed Forces (SAF) and tasked with combating online attacks. It is pipped to help the army fight better as a collective group. Expected to be operational by end-2022, the DIS would enable SAF to deal with cyber threats that were known today as well as future attacks, said Singapore’s Defence Minister Ng Eng Hen. He noted that threats in the digital domain already were spilling over to the physical space and such risks were expected to escalate. 

Ng said in parliament Wednesday: “The digital terrain has become as real as the land, air, and sea domains for which we have raised the Army, the Air Force and the Navy. In fact, some would argue that for the next generations, the digital domain is the dominant domain–so much so that a new word ‘metaverse’ has been coined for that virtual universe.”Threats that emanate in the digital domain can readily impact events in the real physical world. That divide between virtual and physical, in security terms is a false one as the two are in fact intricately interwoven,” he said. He pointed to fuel shortages that occurred in the US following a ransomware attack on the Colonial Pipeline and how Iranians were unable to top up gas at petrol stations after hackers breached the payment system.Ukraine also had come under constant cyber attacks in the years leading up to its current physical conflict, during which it experienced damage to servers and databases and disruptions to power and communications. Singapore must “learn and adjust” now from these developments to better prepare itself for potential attacks, Ng said. “Because as good and ambitious as the next-generation SAF is, there are some gaps in capabilities that [these] recent events and developments warn us against….and I am talking primarily about threats in the digital domain.”The new DIS unit was essential to drive Singapore’s vision to build a next-generation armed forces by 2040, he added. Its establishment as a fourth service–in addition to the Army, Navy, and Air Force–also would significantly boost recruitment and career prospects, he said. The minister underscored the need for soldiers with different skillsets as well as mindset to deal with threats in the digital domain, comprising “tactics, techniques, and procedures”.”Technology, especially related to IT and communications will play a big role for the DIS,” he said. “It will also require a force with specialisations not only in core IT areas and comms, but also in diverse areas including data science, psychology, linguistics, anthropology, and geography, that will help them understand the motivation and means in which orchestrated state and non-state groups aim to harm Singapore.”The addition of DIS would enable the SAF to better “train and fight as a networked, integrated, and expanded force”, so it could deal with the spectrum of threats that were known today as well as that would increase in the future, Ng said. He added that other countries recognised this, too, and had added a digital force to their own tri-services. Germany, for example, established the Cyber and Information Domain Service, consolidating its Communication and Information Systems Command, and Geoinformation Centre.Ng noted that Singapore in the past decade had progressively built up capabilities across four key areas in command, control, communications, and computers and intelligence. The Defence Cyber Organisation also was established in 2017 to coordinate cybersecurity efforts in the defence sector, but was insufficient to meet SAF’s growing needs. A dedicated digital intelligence force was necessary to effectively deal with digital threats from external threat actors that were expected to grow in numbers, sophistication, and organisation, he said. The new DIS would facilitate mission focus, sharpen direct responsibility and accountability, and capability development, he added.In its factsheet on DIS, Singapore’s Ministry of Defence (Mindef) said the digital domain had grown into a “full-fledged arena of conflict and contestation [where] digital threats that emanate in the digital domain can readily impact events in the physical world”. The establishment of DIS would enable SAF to be more effective and better prepared to defend the country and its population, Mindef said. The new unit would “more tightly integrate” the SAF’s capabilities across all four services to deal with a spectrum of security threats, including those from the digital domain. DIS also would have “dedicated focus to realise the full potential” of emerging digital technologies, including cloud, artificial intelligence, and data science. This would accelerate SAF’s next-generation transformation efforts, Mindef said. Specifically, DIS would provide “accurate, relevant, and timely” early warning and operational intelligence, and be responsible for SAF’s digital defence through “cyberdefence and electronic protection” of Singapore’s networks and systems as well as “psychological defence” to boost the armed forces’ resilience in operations. According to Ng, Singapore would increase its defence spending this year to an estimated SG$16.3 billion ($12 billion). This would be a one-off increase of 6.5%, following two years of subdued spending as the country focused on its COVID-19 efforts. RELATED COVERAGE More