Information Technology

Cloud computing services have become a vital tool for most businesses. It’s a trend that has accelerated in recent years, with cloud-based services such as Zoom, Microsoft 365 and Google Workspace and many others becoming the collaboration and productivity tools of choice for teams working remotely.While cloud quickly became an essential tool, allowing businesses and employees to continue operating remotely from home, embracing the cloud can also bring additional cybersecurity risks, something that is now increasingly clear. Previously, most people connecting to the corporate network would be doing so from their place of work, and thus accessing their accounts, files and company servers from inside the four walls of the office building, protected by enterprise-grade firewalls and other security tools. The expanded use of cloud applications meant that suddenly this wasn’t the case, with users able to access corporate applications, documents and services from anywhere. That has brought the need for new security tools. Cloud computing security threats

ZDNet Recommends

The best cloud storage services

Free and cheap personal and small business cloud storage services are everywhere. But, which one is best for you? Let’s look at the top cloud storage options.

Read More

While it brings a number of  positives for workers, remote working also presents an opportunity for cyber criminals, who have quickly taken advantage of the shift to attempt to break into the networks of organisations that have poorly configured cloud security. Corporate VPNs and cloud-based application suites have become prime targets for hackers. If not properly secured, all of these can provide cyber criminals with a simple means of accessing corporate networks. All attackers need to do is get hold of a username and password – by stealing them via a phishing email or using brute force attacks to breach simple passwords – and they’re in. Because the intruder is using the legitimate login credentials of someone who is already working remotely, it’s harder to detect unauthorised access, especially considering how the rise of hybrid working has resulted in some people working different hours to what might be considered core business hours.Attacks against cloud applications can be extremely damaging for victims as cyber criminals could be on the network for weeks or months. Sometimes they steal large amounts of sensitive corporate information; sometimes they might use cloud services as an initial entry point to lay the foundations for a ransomware attack that can lead to them both stealing data and deploying ransomware. That’s why it’s important for businesses using cloud applications to have the correct tools and practices in place to make sure that users can safely use cloud services – no matter where they’re working from – while also being able to use them efficiently.Use multi-factor authentication controls on user accountsOne obvious preventative step is to put strong security controls around how users log in to the cloud services in the first place. Whether that’s a virtual private network (VPN), remote desktop protocol (RDP) service or an office application suite, staff should need more than their username and password to use the services.  “One of the things that’s most important about cloud is identity is king. Identity becomes almost your proxy to absolutely everything. All of a sudden, the identity and its role and how you assign that has all of the power,” says Christian Arndt, cybersecurity director at PwC.  Whether it’s software-based, requiring a user to tap an alert on their smartphone, or hardware-based, requiring the user to use a secure USB key on their computer, multi-factor authentication (MFA) provides an effective line of defence against unauthorised attempts at accessing accounts. According to Microsoft, MFA protects against 99.9% of fraudulent sign-in attempts.  Not only does it block unauthorised users from automatically gaining entry to accounts, the notification sent out by the service, which asks the user if they attempted to log in, can act as an alert that someone is trying to gain access to the account. This can be used to warn the company that they could be the target of malicious hackers. Use encryption The ability to easily store or transfer data is one of the key benefits of using cloud applications, but for organisations that want to ensure the security of their data, its processes shouldn’t involve simply uploading data to the cloud and forgetting about it. There’s an extra step that businesses can take to protect any data uploaded to cloud services – encryption. Just as when it’s stored on regular PCs and servers, encrypting the data renders it unreadable, concealing it to unauthorised or malicious users. Some cloud providers automatically provide this service, employing end-to-end protection of data to and from the cloud, as well as inside it, preventing it from being manipulated or stolen.  Apply security patches as swiftly as possible Like other applications, cloud applications can receive software updates as vendors develop and apply fixes to make their products work better. These updates can also contain patches for security vulnerabilities, as just because an application is hosted by a cloud provider, it doesn’t make it invulnerable to security vulnerabilities and cyberattacks. Critical security patches for VPN and RDP applications have been released by vendors in order to fix security vulnerabilities that put organisations at risk of cyberattacks. If these aren’t applied quickly enough, there’s the potential for cyber criminals to abuse these services as an entry point to the network that can be exploited for further cyberattacks. Cybersecurity agencies like the Cybersecurity and Infrastructure Security Agency (CISA) and UK National Cyber Security Centre often issue alerts about cyber attackers exploiting particular vulnerabilities. If the vulnerability hasn’t already been patched, then organisations should react to the alerts immediately and apply the updates. Use tools to know what’s on your networkCompanies are using more and more cloud services – and keeping track of every cloud app or cloud server ever spun up is hard work. But there are many, many instances of corporate data left exposed by poor use of cloud security. A cloud service can be left open and exposed without an organisation even knowing about it. Exposed public cloud storage resources can be discovered by attackers and that can put the whole organisation at risk. 

In these circumstances, it could be useful to employ cloud security posture management (CSPM) tools. These can help organisations identify and remediate potential security issues around misconfiguration and compliance in the cloud, providing a means of reducing the attack surface available to hackers to examine, and helping to keep the cloud infrastructure secure against potential attacks and data breaches. “Cloud security posture management is a technology that evaluates configuration drift in a changing environment, and will alert you if things are somehow out of sync with what your baseline is and that may indicate that there’s something in the system that means more can be exploited for compromise purposes,” says Merritt Maxim, VP and research director at Forrester. SEE: Network security policy (TechRepublic Premium)CSPM is an automated procedure and the use of automated management tools can help security teams stay on top of alerts and developments. Cloud infrastructure can be vast and having to manually comb through the services to find errors and abnormalities would be too much for a human – especially if there are dozens of different cloud services on the network. Automating those processes can, therefore, help keep the cloud environment secure. “You don’t have enough people to manage 100 different tools in the environment that changes everyday, so I would say try to consolidate on platforms that solve a big problem and apply automation,” says TJ Gonen, head of cloud security at Check Point Software, a cybersecurity company. Ensure the separation of administrator and user accountsCloud services can be complex and some members of the IT team will have highly privileged access to the service to help manage the cloud. A compromise of a high-level administrator account could give an attacker extensive control over the network and the ability to perform any action the administrator privileges allow, which could be extremely damaging for the company using cloud services.It’s, therefore, imperative that administrator accounts are secured with tools such as multi-factor authentication and that admin-level privileges are only provided to employees who need them to do their jobs. According to the NCSC, admin-level devices should not be able to directly browse the web or read emails, as these could put the account at risk of being compromised.

It’s also important to ensure that regular users who don’t need administrative privileges don’t have them, because – in the event of account compromise – an attacker could quickly exploit this access to gain control of cloud services.Use backups as contingency planBut while cloud services can – and have – provided organisations around the world with benefits, it’s important not to rely on cloud for security entirely. While tools like two-factor authentication and automated alerts can help secure networks, no network is impossible to breach – and that’s especially true if extra security measures haven’t been applied. SEE: Ransomware: Paying up won’t stop you from getting hit again, says cybersecurity chiefThat’s why a good cloud security strategy should also involve storing backups of data and storing it offline, so in the event of an event that makes cloud services unavailable, there’s something there for the company to work with. Use cloud applications that are simple for your employees to useThere’s something else that organisations can do to ensure the security of cloud – and that’s provide their employees with the correct tools in the first place. Cloud application suites can make collaboration easier for everyone, but they also need to be accessible and intuitive to use, or organisations run the risk of employees not wanting to use them.  A business could set up the most secure enterprise cloud suite possible, but if it’s too difficult to use, employees, frustrated with not being able to do their jobs, could turn to public cloud tools instead. This issue could lead to corporate data being stored in personal accounts, creating greater risk of theft, especially if a user doesn’t have two-factor authentication or other controls in place to protect their personal account.  Information being stolen from a personal account could potentially lead to an extensive data breach or wider compromise of the organisation as a whole. Therefore, for a business to ensure it has a secure cloud security strategy, not only should it be using tools like multi-factor authentication, encryption and offline backups to protect data as much as possible, the business must also make sure that all these tools are simple to use to encourage employees to use them correctly and follow best practices for cloud security. MORE ON CYBERSECURITY  More

A view of Kiev, Ukraine.
Getty Images
Editorial Note: In response to Russia’s “unprovoked attack on Ukraine” on February 23, the Cybersecurity & Infrastructure Security Agency (CISA) published an updated set of cybersecurity recommendations for organizations.In the five years since I first explored the potential impact of a Digital Cold War on the IT industry, tensions with Russia have gotten worse, especially following a series of cyberattacks on systems in the United States. These include Russia’s involvement in the SolarWinds breach, as well as its interference with the 2016 US presidential elections via attacks on the Democratic National Committee infrastructure and the purchasing of tens of millions of ads on Facebook in an attempt to sow discontent among US voters.Under Vladimir Putin’s leadership, the nation has focused on international cybersecurity activity for many years.

Ukraine Crisis

Ukraine invasionUnder the pretext of “Peacekeeping operations,” Russia has now initiated a full-scale invasion of Ukraine. Presumably, Russia also has been responsible for recent cyberattacks on Ukrainian banks.In response, the United States, NATO nations, and allied countries have imposed numerous economic sanctions on Russia, including blocking its two state-owned banks from debt trading on US and European markets and freezing their assets under US jurisdictions, as well as freezing the assets of the country’s wealthiest citizens. Germany has halted its plans on Russia’s Nord Stream 2 Gas Pipeline. Further wide-ranging sanctions are expected as Russia continues its assault on Ukraine.On February the 23rd, President Biden condemned the military action and said, “President Putin has chosen a premeditated war that will bring a catastrophic loss of life and human suffering. Russia alone is responsible for the death and destruction this attack will bring, and the United States and its Allies and partners will respond in a united and decisive way. The world will hold Russia accountable.”The economic impacts of this conflict will likely be significant, including a halt on Russian oil and natural gas exports to Western Europe and, presumably, the denial of civil and commercial air transit to Asia through Russian airspace. Although the United States, unlike Europe, is not a major consumer of Russian energy exports, it would be simplistic to say that Russia has no impact on US business at all.An extended conflict with Russia — coupled with the imposition of wide-ranging sanctions — will have a tangible impact on the global technology industry.Software companies with concerns about Russian connectionsMany companies with significant market share and widespread use within US corporations have various levels of connections with Russia. For example, some were founded in Russia and others are headquartered elsewhere but have a development presence within Russia and other parts of Eastern Europe.UK-incorporated Kaspersky Lab, for example, is a major and well-established player in the antivirus/antimalware space. It maintains its international headquarters and has substantial research and development capabilities in Russia, even though its primary R&D center was moved to Israel in 2017.It’s also thought that Eugene Kaspersky, the company’s founder, has strong personal ties to the Putin-controlled government. Kaspersky has repeatedly denied these allegations, but questions about the man and his company remain and will be further scrutinized, particularly as the conflict develops.In the past, evidence emerged that Kaspersky’s software was involved in compromising the security of a contract employee of the United States National Security Agency in 2015. Kaspersky Lab insists that, to the contrary, the evidence supporting this has not been properly established and has produced an internal audit of the findings.It’s also important to note that companies with no evidence of any wrongdoing are suffering guilt by association.NGINX Inc is the support and consulting arm of an open source reverse proxy web server project that is very popular with some of the most high-volume internet services on the planet. The company is of Russian origin but was sold to F5 Networks in 2019. The founder of the company, Igor Sysoev, announced his departure in January of this year.Parallels, Inc., which Corel acquired in 2018, focuses extensively on virtualization technology. Their Parallels Desktop is one of the most popular solutions for Windows virtualization on the Mac. Historically, their primary development labs were in Moscow and Novosibirsk, Russia. The company was founded by Serguei Beloussov, who was born in the former Soviet Union and later emigrated to Singapore. Two of their products, Virtuozzo and Plesk, were spun off as their own companies in 2017. Parallels’ Odin, a complex management stack for billing and provisioning automation used by service providers and private clouds running on VMware’s virtual infrastructure stack and Microsoft’s Azure, was sold to Ingram Micro in 2015.Acronis, like Parallels, is another company founded by Beloussov. After founding Parallels in 1999, and being involved with both companies for some time, he became CEO of Acronis in May of 2013. The company specializes in cybersecurity products for end-to-end device protection, and in the past, has had bare-metal systems imaging, systems deployment, and storage management products for Microsoft Windows and Linux. The company maintains its global headquarters in Singapore. However, it has substantial R&D operations in Eastern Europe in addition to operations in Israel, Singapore, and the US.

Special feature

Cyberwar and the Future of Cybersecurity

Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.

Read More

Veeam Software founded by Russian-born Ratmir Timashev, concentrates on enterprise backup solutions for VMware and Microsoft public and private cloud stacks. Like Parallels and Acronis, it is also multinational. For many years, it had much of its R&D based out of St. Petersburg, Russia. It was purchased by Insight Partners in 2020 and installed a new management team. However, it has yet to be determined how much Russian legacy code is in its products or continues to be contributed to them.These are only just a few examples. Numerous Russian software firms generate billions of dollars of revenue that have products and services that have significant enterprise penetration in the United States, EMEA, and Asia. There are also many smaller ones that perform niche or specialized services, such as subcontracting.It should also be noted that many mobile apps — including entertainment software for iOS, Android, Windows — also originate in  Russia.Russian services firms will also be impactedMany global technology giants in the software and services industries have used Russian and Eastern European developers in the past because of their high-quality and value-priced work compared to their US and Western Europe-based counterparts. And many have invested hundreds of millions of dollars in having a developer as well as reseller channel presence in Russia. World governments do not need to levy Iran-style isolationist sanctions against Russia for a snowball effect to start within US corporations that use Russian software or services.The escalation into full-blown conflict in Ukraine will make C-seats within global enterprises extremely concerned about using software that originates from Russia or has been produced by Russian nationals. The most conservative companies will probably “rip and replace” most off-the-shelf stuff and go with other solutions, preferably American ones.The Russian mobile apps? BYOD mobile device management (MDM) policies will wall them off from being installed on any device that can access a corporate network. And if sanctions are put in place by world governments, we can expect them to disappear entirely from the mobile device stores.Countless games and apps originating from Russia could be no more when actual sanctions on that industry are implemented.But C-seats aren’t going to wait for governments to ban Russian software. If there is any lack of confidence in a vendor’s trustworthiness, or if there is any concern that their customer loyalty can be swapped out or influenced by the Putin regime and used to compromise their own systems,  be assured that software of Russian origin will disappear very quickly from enterprise IT infrastructure.Contractor visas will certainly be canceled en-masse or will not be renewed for Russian nationals performing work for large corporations. You can count on it.Any vendor that is being considered for a large software contract with a US company is going to undergo significant scrutiny and will be asked if any of their product involved Russian developers. If it doesn’t pass the most basic audits and sniff tests, they can just forget about doing business in this country.So if a vendor does have a prominent Russian developer headcount, they will have to pack up shop and move those labs back to the US or country that is better aligned with US interests — as we have seen with the companies listed above. This goes especially for anybody wanting to do federal contract work.Then there is the issue of custom code produced by outsourced firms. That gets a lot trickier.Obviously, there’s the question of how recent the code is and whether or not there are suitable methods in place to audit it. We can expect that there will be services products offered shortly by the US and Western European IT firms to pour through vast amounts of custom code so that they can be sure Russian nationals leave behind no backdoor compromises under the influence of the Putin regime.If you thought your Y2K mitigation was expensive, wait until your enterprise experiences the Russian Purge.I don’t have to tell any of you just how expensive a proposition this is. The wealthiest corporations, sensing a huge risk to security and customer confidence, will address this as quickly as possible and swallow the bitter pill of costly audits.But many companies may not have the immediate funds to do it. They will try their best to mitigate the risk on their own, and compromised code may sit around for years until major system migrations occur and the old code gets (hopefully) flushed out.We will almost certainly be dealing with Russian cyberattacks from within the walls of our own companies for years to come, from software initially developed under the auspices of having access to relatively cheap and highly-skilled strategically outsourced programmer talent.Will Russian software and services become the first victim in a Digital War? Talk Back and Let Me Know. More

Microsoft has brought its Defender for Cloud security system for weeding out configuration weaknesses in workloads to Google Cloud Platform (GCP). The extension of Defender for Cloud brings the security offering in line with the same Defender for Cloud security services Microsoft currently offers for workloads on Amazon Web Services (AWS). The two key Defender for Cloud services are Cloud Security Posture Management (CSPM) and Cloud Workload Protection (CWP) — two categories of security products that address cloud misconfigurations.Eric Doerr, corporate vice president of Cloud Security at Microsoft, noted there are no dependencies on Google’s own tools, easy onboarding from GCP workloads, and more than 80 recommendations to harden an environment in GCP or AWS. Microsoft’s own Azure of course is already integrated into Defender for Cloud.There is a dashboard that offers a quick overview across multiple clouds and a Secure Score for environments in those clouds. The recommendations include alerts about cloud storage buckets that are publicly accessible, alerts when multi-factor authentication (MFA) isn’t enabled for all non-service accounts, and where cloud SQL database instances don’t enforce incoming connections to use SSL encryption. There’s also extensive support for containers and servers as well as container protection for Google Kubernetes Engine (GKE) Standard clusters. Additionally, there is server protection to support Google Compute virtual machines, which relies on Defender for Endpoint and covers vulnerability assessments to behavioral alerts for VMs, anti-malware, and OS updates that need to be applied. As for multi-cloud, Microsoft believes it is the right time for security solutions that bridge major clouds, compounded by the ongoing shortage of time and talent in cybersecurity. “We’re hearing more and more from customers that they want simplicity and that they don’t want the complexity of ten different products that they’re using. They’re having a hard time defending the cloud infrastructure that they have,” Doerr said. “There has also been a shift from multi-cloud by accident to multi-cloud by intent. It’s core to the strategy of an increasing number of customers. They’ve got a reason why they’re doing that and yet it’s super hard for security teams.”Doerr reckons organizations have much to do to get ahead of the type of cybersecurity threats that prompted the Biden Administration’s new cybersecurity strategy for federal agencies. Yet it’s the simple stuff, like not patching or not using multi-factor authentications, where most organizations fall prey to attacks on their IT systems. “In the vast majority of cases when we’re helping customers respond to in a breach, even the the most sophisticated attackers, an awful lot of those start with something very simple like not using MFA, not having a good password policy, leaving a management port open on a piece of cloud infrastructure, patches not up to date,” said Doerr.  “Sophisticated attackers have a toolkit that includes the basic stuff and they try that first and if it works then they don’t need to spend the time on more advanced techniques. Part of the journey here as an industry is how do we raise the minimum bar. If we can get to the place where most organizations are nailing the basics of security, it will make a really big difference.”  More

June Wan/ZDNet
When buying a new phone, carriers and retailers often pitch discounts in the form of trade-in offers. That is if you send in an old phone that meets the vendors’ requirements in exchange for tens to hundreds of dollars off your new one. This process has become more aggressive over the past years, with stores like AT&T now willing to sell you the latest

Samsung

 or

Apple

 device for free, as long as you trade in a functioning phone — cracked or not. Still, trading in is not as simple as powering off your device and handing it to your local store associate. A phone that has not been properly factory reset backed up or shipped in the appropriate supplies can delay the evaluation process for your discount and, in the worst case, be deemed as ineligible for any offer. That’s why we’ve curated this guide to help you through all the steps and best practices for a burden-less trade-in experience.Backing up your data (contacts, photos, etc.)The first practice that you should always do when switching to a new phone is backing up the data and files on your old one. You wouldn’t want to lose all those pictures, videos, contacts, and text messages, right? For iOS or Android, the backup process is fairly straightforward, with multiple options to get the job done. Just make sure that your phone is charged up (at least 75%, ideally) so that it doesn’t power off in the middle of the transferring. More: The best places to sell or trade your current smartphoneBacking up an iPhone via iCloud

If you’re switching between

iPhones

, I’d recommend backing up your files through iCloud, Apple’s cloud storage service. Not only will you be able to upload and download data from your Apple devices, but the service will also be available for you to peruse via the web (

iCloud.com

). By default, Apple offers 5GB of free iCloud storage to keep your photos, contacts, notes, and more intact. If more is needed, you can opt into 50GB, 200GB, and 2TB storage plans for $0.99, $2.99, and $9.99 a month, respectively. For getting your files from one iPhone to another, I think paying for one month’s service is definitely worth the convenience. Tip: If you’ve never subscribed to an iCloud plan, Apple will actually offer you a free, one-time trial that lets you use as much iCloud storage as you need to transfer your data onto your new iPhone. To see if you’re eligible, open up the settings app > tap General > Transfer of Reset iPhone > Get Started within the Prepare for New iPhone bubble. Otherwise, here’s how to back up your iPhone data via iCloud:Open up the settings app > tap into your profile tab at the top > iCloud > toggle on or off all the items that you’d like to back up. When you’re set, tap iCloud Backup > Back Up Now. The duration of the process will vary depending on how many files you’re storing in the cloud.
June Wan/ZDNet
Backing up an iPhone via iTunes (computer)You can also backup your iPhone data onto a computer via Apple’s iTunes program (yes, it’s still active). While this method is a little more labor-intensive, it’s free, and you will have most, if not all, of your files stored locally. First, make sure your MacOS or Windows-powered computer has iTunes installed. If not, you can

download it here

. Once installed, here’s how to back up your iPhone:Connect your device to your computer with a

Lightning to USB-C

or

USB-A

cable.Open the iTunes software on the computer and click the Device button at the top left. The icon shows a small iPhone. Now click Summary under your iPhone information > Back Up Now.iTunes allows you to back up text messages, call logs, contacts, photos, videos, and more. You can see what’s been backed up by clicking Edit > Preferences > Devices. Tip: Apple’s

Genius Bar

will help and walk you through the backup process for your iPhone. The service is free and requires a reservation.Backing up an Android device via Google

Like the iPhone and Apple’s iCloud, the most convenient way to backup an Android device is through Google’s cloud service, Google One. It’s built into your Android phone — whether it’s a

Samsung Galaxy

,

Pixel

, or

OnePlus

 — and easily accessible. The catch is that Google only offers every user 15GB of free storage, so if you’re in need of more space, you’ll have to opt into one of its

paid plans

. Pricing goes as follows: 100GB for $2 a month or $20 a year, 200GB for $3 a month or $30 a year, and 2TB for $10 a month or $100 a year. Once you’ve decided on a plan, here’s how to initiate the backup process: Open up your settings > Google > scroll down and tap Backup.For a breakdown of your backup(s), you can download the free Google One app > tap the Storage tab under Device Backup.If it’s your first time doing this and you’re backing up a lot of files, the process can take up to hours. So, make sure that your phone is either charged enough or plugged into a charger.
June Wan/ZDNet
Backing up an Android device via PC (Windows)While Android doesn’t have an iTunes alternative, you can backup your data directly onto a Windows PC or external hard drive for free. To do this:Connect your device to your PC with a

USB-C

(or

MicroUSB

) to USB-A cable. You may have one already that came with your old or new phone. To let your computer know that you’re connecting the phone to transfer files and not just to charge it, slide down the notification panel on your phone > tap the Charging this device via USB notification > make sure File transfer is selected.Open up your PC’s Windows File Explorer and click on your phone’s name on the left panel. Now, you can copy any or all files within your phone’s folders and paste them into your PC or external hard drive. Tip: Not every folder is named in a user-friendly manner. For example, if you’re copying over photos, you’ll want to find a folder labelled DCIM, not Camera.Resetting your phoneNow that all of your information is safely stored, you’ll want to factory reset your phone and give it a thorough cleaning before sending it out. Follow the steps below, and your phone will be as clean of a slate as can be, with no personal data left behind. Factory resetting an iPhoneOpen your settings app > tap General > scroll down to Transfer or Reset iPhone > Erase All Content and Settings > Continue > type in your iPhone passcode to confirm the reset. This procedure will wipe the apps and data of your device, as well as remove your Apple ID, Find My setting, and Apple Wallet from the iPhone.
June Wan/ZDNet
Factory resetting an AndroidAccessing the factory reset settings on Android is a little more complicated as the pathway depends on what brand you’re using. However, one method that works for all manufacturer devices is to open your settings and searching “factory reset” at the top. If you’re on a Samsung device, open the settings > scroll down to General management > Reset > Factory data reset > Reset. You’ll then be prompted to type in your passcode.Once your phone has fully reset itself, power it off, and remove your SIM card and case.Also: Best green phone: Sustainable and eco-friendly phonesShipping and handing offIf you’ve followed through all the instructions above, you’re just one last step away from trade-in bliss. Whether you’re shipping your old phone out to trade in or handing it over at a physical store, you should always, always double-check that it’s in the condition that you and the retailer agreed to. For most trade-ins, retailers require your device to meet the following qualifications: No cracks or heavy wear, powers on and holds a charge, and is fully paid off with no past-due balances. Phone boxes make for excellent packaging when trading in an old phone.
June Wan/ZDNet
When shipping any electronic device, ensure that it’s securely packed with bubble wrap, peanuts, or other layers of cushioning. If you have the original box for your phone, use it! Phone boxes are designed to keep the device snug and protected. However, most trade-in programs do not require you to pack the original charger and accessories. Lastly, it won’t hurt to mark the package with a “Fragile: Handle with Care” signage. Tip: Before sending your old phone out, use a secondary device (or your new phone if you’ve received it) to document its condition. Take clear pictures and videos of the phone’s screen, back, cameras, ports, and it turning on and off. This step is vital because once you ship your phone out, damage during delivery and other mishaps may occur, ultimately weighing into how much money a retailer will value the device for. With proof and documentation of its previous condition, you should have no trouble denying any suspicious evaluations. That’s it. Your phone is backed up, factory reset, and ready to be traded in. Did you find this guide useful? Let us know by commenting down below, as well as any other tips or questions you have regarding the trade-in process.

ZDNet Recommends More

Hackers linked to the Iranian Ministry of Intelligence and Security are exploiting a range of vulnerabilities to conduct cyber espionage and other malicious attacks against organisations around the world, a joint alert by US and UK authorities has warned. The advisory by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Cyber Command Cyber National Mission Force (CNMF), and the United Kingdom’s National Cyber Security Centre (NCSC) says an Iranian government-sponsored advanced hacking operation known as MuddyWater is going after a wide range of targets. 

ZDNet Recommends

These include telecommunications, defence, local government, and oil and natural gas organisations across Asia, Africa, Europe, and North America. According to CISA, the aim of the attacks is to gain access to networks to steal passwords and sensitive information “to share these with other malicious cyber actors”. SEE: Cybersecurity: Let’s get tactical (ZDNet special report)The group are known to exploit publicly reported vulnerabilities and use open-source tools and strategies to gain access to sensitive data on victims’ systems and deploy ransomware, the agencies said. MuddyWater – also known as Earth Vetala, Mercury, Static Kitten and Seedworm – has been active since at least 2018. Many of the campaigns leverage phishing attacks to coax targets into downloading ZIP files containing Excel files with malicious macros or PDFs that drop malicious payloads. MuddyWater campaigns deploy many different forms of malware to act as loaders and backdoors onto compromised networks. The main loader is a new variant of PowGoop malware, which consists of a DLL loader and a PowerShell-based downloader. The malicious file impersonates a legitimate file that is signed as a Google Update executable file. Another form of malware used in the attacks is Small Sieve, a Python backdoor that disguises malicious executables and uses filenames and registry key names associated with Microsoft’s Windows Defender to avoid detection while it helps to expand a foothold in the compromised network. Other malware used in the Iranian campaigns include Canopy, a malicious Windows script distributed by phishing emails, and Mori, a backdoor that uses Domain Name System tunneling to communicate with the group’s control infrastructure. The agencies have also identified a new PowerShell backdoor described as lightweight in functionality but capable of encrypting communications with command and control servers. The Iranian hackers use a variety of known vulnerabilities, which CISA has detailed in an alert. Therefore, organisations can help protect their networks from being compromised by installing security updates for operating systems, software and firmware as soon as they’re released. Of course, using antivirus and keeping it up to date is also suggested. CISA also recommends the use of multi-factor authentication whenever possible and limiting the use of administrator privileges for most users – both actions create additional barriers for attackers. It’s also recommended that organisations deploy application control software to limit the applications and executable code that can be run by users. Finally, users should be trained to identify and report suspected phishing attacks. MORE ON CYBERSECURITY More

Burnout has become endemic in the tech industry.
Image: Westend61/GETTY
With the number of data breaches in 2021 soaring past that of 2020, there is even more pressure on security teams to keep businesses secure in 2022. But at a time when strength and resilience have never been more important, burnout, low staff morale and high employee turnover could put businesses on the backfoot when attempting to manage the mounting cybersecurity threat.Employers are already face something of a dilemma when it comes to cybersecurity in 2022. Not only is the number of attempted cyberattacks escalating worldwide, but employers face the added pressure of a tightening hiring market and record levels of resignations that are also affecting the tech industry.

This battle for talent could hit cybersecurity particularly hard. According to a survey of more than 500 IT decision makers by threat intelligence company ThreatConnect, 50% of private sector businesses already have gaps in basic, technical IT security skills within their company. What’s more, 32% of IT managers and 25% of IT directors are considering quitting their jobs in the next six months – leaving employers open to a cacophony of issues across hiring, management, and IT security.SEE: Cybersecurity is tough work, so beware of burnoutMany employees are being lured away by the prospect of better pay and more flexible working arrangements, but excessive workloads and performance pressures are also taking their toll. ThreatConnect’s research found that high levels of stress were among the top three contributors to employees leaving their jobs, cited by 27% of survey respondents. Burnout threatens cybersecurity in multiple ways. First, on the employee side. “Human error is one of the biggest causes of data breaches in organisations, and the risk of causing a data breach or falling for a phishing attack is only heightened when employees are stressed and burned out,” says Josh Yavor, chief information security officer (CISO) at enterprise security solutions provider Tessian.A study conducted by Tessian and Stanford University in 2020 found that 88% of data breach incidents were caused by human error. Nearly half (47%) cited distraction as the top reason for falling for a phishing scam, while 44% blamed tiredness or stress.”Why? Because when people are stressed or burned out, their cognitive load is overwhelmed and this makes spotting the signs of a phishing attack so much more difficult,” Yavor tells ZDNet. Threat actors are wise to this fact, too: “Not only are they making spear-phishing campaigns more sophisticated, but they are targeting recipients during the afternoon slump, when people are most likely to be tired or distracted. Our data showed that most phishing attacks are sent between 2pm and 6pm.” Carlos Rivera, principal research advisor at Info-Tech Research Group, says the role exhaustion plays in making a company susceptible to phishing attacks should not be shrugged off or underestimated. It is, therefore, good practice to create a simulated phishing initiative as part of an organization’s security awareness programme, he tells ZDNet.”This program can be optimized by enforcing an hour’s worth of training per year, which can be carved into five-minute training sessions per month, 15 minutes a quarter,” says Rivera. “In order to have the most impact on your training effectiveness, base it on topics stemming from current events that typically manifest as tactics, techniques and procedures used by hackers.”SEE: Cybersecurity training isn’t working. And hacking attacks are only getting worse A report by analyst Gartner recently argued that the role of the cybersecurity leader needs to be “reframed” from one that predominantly deals with risks within the IT department to one that is responsible for making executive-level information risk decisions and ensuring business leaders have comprehensive cybersecurity knowledge.The analyst predicts that 50% of C-level executives will have performance requirements related to cybersecurity risk built into their employment contracts by 2026. This would mean that cybersecurity leaders will have less direct control over many of the IT decisions that would fall within their remit today.”Cybersecurity leaders are burnt out, overworked and in ‘always-on’ mode,” said Sam Olyaei, research director at Gartner. “This is a direct reflection of how elastic the role has become over the past decade due to the growing misalignment of expectations from stakeholders within their organisations.”Yavor also says it is critical to consider how burnout affects security teams and the knock-on effects for the wider organization. According to Tessian research, security leaders work an average of 11 hours extra per week, with one in 10 leaders working up to 24 hours extra a week. Much of this time is spent investigating and remediating threats caused by employee mistakes, and even when they’ve logged off, some 60% of CISOs are struggling to switch off from work because of stress.”If CISOs are experiencing this level of burnout, imagine the impact this has on the wider organisation as well as the people they work with. You’re going to lose good people if teams are constantly burned out.”Glorifying overworkThe culture around cybersecurity also needs to change, which Yavor believes wrongly idolizes overtime and sacrificing personal wellbeing for the sake of the company. “As security leaders, some of our most exciting stories include pulling all-nighters to defend the organisation or investigate a threat. But we often fail to acknowledge that the need for heroics usually indicates a failure condition, and it is not sustainable,” he says.”As leaders, it’s critical that CISOs lead by example and to set their teams up for sustainable operational work. Ensure there is confidence in the boundaries that are set – when you’re off call, you’re off call – and that the whole team feels supported.”Rivera points out that the growing popularity of remote working might be increasing the tendency of staff to put in longer hours, which may “contribute to burnout, unaccounted absences and in some cases, higher than expected turnover.”SEE: Tech workers are frustrated and thinking about quitting. Here’s what might persuade them to staySecurity and tech teams should work with other departments to bring organizational awareness to the issue of burnout and overwork, Rivera says, which can help managers identify single points of failure and instil a culture of resiliency within the company.This approach includes adopting a “left-shift mindset” within the development environment, where burnout and stress can lead to errors slipping through the gaps and making their way into published code. “Organizations will face the least risk when introducing security as early as possible in the development process and leveraging tools to automate and support this goal,” says Rivera.On the technical front, building a continuous improvement/continuous delivery (CI/CD) pipeline – and deploying tools such as an integrated development environment (IDE) – will give organizations the best chance of success. “An IDE will consist of a source code editor, debugger and build automation tools to provide the developer with self-service capabilities and identify errors in near real-time. IDE coupled with static analysis security testing and open-source scanning automated into the build pipeline will provide effective defect mitigation,” Rivera adds.Like any job function, communication is also critical. CISOs need to do a better job of communicating their capacity constraints, which Yavor says will set a precedent within the wider organization in admitting their own limitations.”Be comfortable in saying, ‘it’s not possible for me to do these things, with the resources and the constraints we currently have,'” he says. “There is this unfortunate trend of heroism in the security industry – and that mindset needs to change.”MORE ON CYBERSECURITY More

The government of Ukraine has reportedly sent out a call for volunteers with hacking skills to help protect the country’s critical infrastructure. 

Ukraine Crisis

On February 24, Reuters reported that notices backed by the government have appeared on online forums. Yegor Aushev, the co-founder of Cyber Unit Technologies and a figure known in Ukrainian circles for promoting the development of ethical hacking, told the news agency that he wrote the post following a request from a senior Defense Ministry official. Another individual involved in the scheme confirmed to the publication that the request was issued on Thursday morning as Russia began to invade Ukraine.  The post read, “Ukrainian cybercommunity! It’s time to get involved in the cyber defense of our country.” Aushev told Reuters that after applying to help through a Google document that also requires skills to be listed, volunteers would be divided into “defensive and offensive” teams.  Defensive volunteers would focus on protecting critical assets, including energy and water utilities, whereas offensive groups would be asked to help Ukraine’s military with cyberespionage and monitoring invading forces.  Ukraine experienced a cyberattack against its power grid in 2015, causing hundreds of thousands of Kyiv residents to lose access to electricity for roughly an hour. It is believed that Russian cyberattackers were behind the assault.  Also: Industroyer: An in-depth look at the culprit behind Ukraine’s power grid blackout On February 23, Ukraine’s State Service of Special Communications and Information Protection said that a number of government websites experienced outages due to a wave of distributed denial-of-service (DDoS) attacks. Websites impacted reportedly included the Ukrainian Ministry of Foreign Affairs, Ministry of Defense, and Ministry of Internal Affairs. Wiper malware was also discovered.Microsoft previously warned that multiple organizations in Ukraine had been targeted with destructive malware.  NetBlocks reported on February 24 that Ukraine’s second-largest city, Kharkiv, has experienced “network and telecoms disruptions, leaving many users cut off” from services. When approached by Reuters, the Ukraine Defense Ministry did not respond to requests for comment.See also Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Image: Getty Images
Telstra has warned organisations to not rely purely on technological capabilities when defending against cyber threats, pointing to a need for “the other parts of cybersecurity” such as cyber risk management programs also be prioritised.”An information security management system that is driven by managing cyber risk provides the governance of cybersecurity that’s required to go along with all of the technology components that are regularly found to be in place,” said John Powell, Telstra Purple principal security consultant. In terms of how organisations should undertake the development of cyber risk management programs, Powell said the approach for each organisation would need to be sector-specific rather than focusing on creating “bank-level security”. “[There’s] this misconception that there is ‘bank-level security’. The key to cyber risk management and information security management is the understanding of your contextual risk,” Powell explained. “So we look at the organisation’s threat landscape, we look at the organisation’s assets, and that helps us to determine what the organisation’s risks are. From that point, we then work with the organisation to understand what controls they need to put in to deal with their risks so understanding the risk of the organisation itself is what is the right risk management or cybersecurity posture.” The warning came alongside Telstra Purple launching what it has described as a “bespoke offering” for helping customers comply with the federal government’s recent critical infrastructure reforms. The reforms have so far come in the form of two pieces of legislation, with the first one already being passed in December to give government “last resort” powers to direct a critical infrastructure entity on how to intervene against cyber attacks. The second piece of legislation, currently before Parliament, looks to add requirements for critical infrastructure entities to have risk management programs in place and entities deemed “most important to the nation” to adhere to enhanced cybersecurity obligations. The risk management program under the second set of laws would have to identify hazards, including cyber risks, to critical infrastructure assets and the likelihood of them occurring. Telstra Purple’s new service entails providing advice about the development of a cyber risk management program, cyber detection and response, incident response readiness assessments, vulnerability assessments, and cyber exercises. Powell said the target demographic of this new service would be critical infrastructure entities covered by the reforms as well as the supply chain partners to these entities. “[Telstra Purple’s role] is to actually present to customers and talk about security issues, and help understand some of the security implications associated with either being a critical infrastructure operator or a responsible entity for critical infrastructure asset or being in that supply chain,” Powell explained. Powell’s warning comes shortly after Prime Minister Scott Morrison called for organisations to boost their cyber defence in light of the Australian government joining other Western governments in placing sanctions on Russia for its invasion into Ukraine. Morrison said the government had already privately reached out to some entities and that local organisations should read guidance issued by the Australian Cyber Security Centre (ACSC).  The prime minister added that cyber would be the most obvious vector for Russian retaliation, and that companies could be targeted as well as be cyber collateral damage. “The cyber attacks can sometimes come from miscalculation and misadventure, we have seen that in the past, where cyber attacks have sought to let loose various worms … or viruses and they get out of control of those who put them in the system,” he said. Related Coverage More