Information Technology

Ransomware attacks continue to plague nations such as Japan and Singapore, where they are expected to remain a significant concern especially for critical information infrastructure (CII) sectors. Small and midsize businesses (SMBs), too, are a growing worry as they often lack resources and more likely to fall victim to cyber attacks. Cyber attacks had been increasing in volume over the last few years and this past year was no exception, NTT’s chief cybersecurity strategist Mihoko Matsubara said in an interview with ZDNET. The Ukraine war also had prompted questions from organisations in Japan about how it would impact the cyber threat landscape, said Tokyo-based Matsubara, but noted it was difficult to determine if there was a direct correlation between the ongoing conflict and growing number of cyber attacks. She added that most companies, as they digitalised their operations, would have more IT assets and an expanded attack surface to protect, making it more difficult to safeguard their network amidst the onslaught of attacks. The heightened awareness of the potential risks, however, presented an opportunity for businesses and countries to enhance their cyber resiliency, she said.Righard Zwienenberg, ESET’s senior research fellow, said the security vendor’s research showed a drop in ransomware attacks this year, with phishing still the top threat, especially for companies in Japan.However. the figures did not necessarily indicate hackers were moving their attention away from ransomware, said Zwienenberg, who also is a member of the Europol European Cyber Crime Center’s advisory group. Instead, the drop in the number of ransomware attacks likely reflected a change in “business model” that concentrated less on lower tiered companies and more on higher value enterprises with deeper pockets. This meant hackers could demand higher ransoms from their targeted victims, he said, pointing to ransom demands last year that ranged from $4.4 million in the US Colonial Pipeline ransomware attack, to $70 million with Kaseya and $240 million involving MediaMarkt. And rather than blocking access to sensitive or customer data, he added that cybercriminals increasingly were opting for extortion, in which they would threaten to release their victims’ data and notify the public about the data breach. This would cause more damage to the targeted organisations, including financial penalty for potentially violating local data privacy regulations, and push them to pay the ransom. Zwienenberg advocated the need for regulations that would stop organisations from giving in to ransom demands, noting that there was never any guarantee ceding to such demands would lead to a full recovery of stolen data or that hackers would remove data logs. He also pointed to growing worries about CIIs amidst a shift in target towards these sectors and cyber warfare, as a result of the war in Ukraine. SMBs need help staving off attacksMatsubara, too, expressed concerns about an increase in ransomware attacks targeting hospitals in Japan as well as SMBs. Citing the Japanese National Police Agency, she noted that more than half of companies affected by ransomware attacks were SMBs, compared to one third that were large or major Japanese organisations. With SMBs an integral part of global supply chains, she urged governments and industry players to work together and identify ways, apart from funding, to provide better support to bolster SMBs’ business continuity capabilities. The Tokyo metropolitan government, for instance, rolled out a uniquely Japanese campaign that included a series of manga-styled guidebooks to better help SMBs visualise cybersecurity attacks and how they should mitigate and respond to threats, such as ransomware and business email compromise. Matsubara noted, though, that the ongoing Ukraine conflict had prompted more dialogues between governments and their local industries, as part of efforts to exchange threat intel. This was encouraging since the public sector was not always forthcoming about sharing information in the interest of national security, said Matsubara, who once worked at the Japan’s Ministry of Defence and served on the government’s cybersecurity R&D policy committee. Noting that cybersecurity was a global challenge, she said it was increasingly necessary for defence ministries to engage with the general public and business leaders so they could help local industries enhance their cyber defences and better protect infrastructures.Ensuring there was a bridge between the public and private sectors also would help shape regulations and polices that were practical, while ensuring technologies could be developed in a timely and effective way, she added. It would further encourage incident reporting and mutual sharing of threat intel, since businesses would not feel it was an unfair one-sided trade and would be better assured their insights were being taken seriously, she said. Asked how nations with dedicated cyber defence units such as Singapore should ensure these were effective, Matsubara again underscored the need for cyber intelligence sharing amongst various ministries and industry, particularly CII operators. There also should be regular joint cybersecurity exercises between government agencies, CII companies, and the cyber defence unit to test their incident response capabilities. Pointing to the ransomware attack that brought down the US Colonial Pipeline last year, she said the case demonstrated that financially-motivated cybercrimes that targeted a specific company could cause significant damage in other sectors as well as the rest of the country. Other nations also could be impacted since there were no borders in the cyber realm.The potentially wide spread and interdependencies of CII sectors, such as transport and energy, further stressed the importance for governments and the industry to participate in intelligence sharing and joint cybersecurity exercises, she said. Sociopolitical tensions such as the ongoing Sino-US trade war, though, could introduce further complexities to the global ecosystem, particularly if it resulted in the decoupling of technology infrastructures.It could mean organisations would have to support more protocols to ensure interoperability, potentially resulting in more exploits and more patches to deploy, Zwienenberg said. Businesses–in particular, SMBs–already were taking too long to roll out fixes, with known exploits left unpatched sometimes for months, he said, noting that old exploits such as Wannacry still infecting systems today. RELATED COVERAGE More

June Wan/ZDNET Three things are certain when the holiday season comes around: overeating, overspending, and my inbox being overcrowded with marketing emails from virtually every brand I’ve ever laid eyes on.  With the Black Friday and Cyber Monday hubbub dying down, now is the best time to scan your inbox, discover what brands you didn’t […] More

Image: Getty/damircudic A cruel business email compromise (BEC) gang is hacking people’s email accounts and sending messages to their contacts claiming the account owner needs to send a gift to an unwell friend in an attempt to manipulate people into sending online gift cards.  ZDNET Recommends Detailed by cybersecurity researchers at Abnormal Security, an organized […] More

Australia is beefing up its scrutiny of Medibank and will assess if further regulatory action is necessary, following a data breach that impacted 9.7 million customers. The insurance group also has pledged to share the outcome of an external review into the breach, which is believed to be the work of Russian hackers. Noting that the breach raised concerns about the robustness of Medibank’s operational risk controls, the Australian Prudential Regulation Authority (APRA) said Monday it had “intensified” its supervision of Medibank. Consulting firm Deloitte had been brought in to examine the security incident as well as Medibank’s response and effectiveness of its controls. The financial services regulator said it would determine if further regulatory action was necessary when findings of the external review were established. APRA Member Suzanne Smith said: “APRA expects Medibank to undertake any recommended remediation actions and ensure there is appropriate consequence management, including impacts to executive remuneration where appropriate.”The government agency added that it would further intensify supervision of all entities that failed to comply with the country’s Information Security Prudential Standard CPS 234, which outlined measures they must take to remain resilient against cybersecurity incidents. “Recent cyber attacks reinforce the need for ongoing vigilance and focus by boards on operational resilience,” Smith said. “They are a stark reminder for boards to ensure they can answer these fundamental questions: Do you know what data you are holding? Do you know where it is? How do you know it is safe? And do you need to retain it? “Cybersecurity is a highly significant risk area for all regulated entities and we remind banks, insurers and superannuation funds to remain vigilant in order to protect their beneficiaries and the Australian community,” she added. In response, Medibank CEO David Koczkar said Monday it had been in consultation with APRA on the scope of the external review, which it had commissioned Deloitte to undertake. “We will share the key outcomes and consequences of the review, where appropriate, having regard to the interests of our customers and stakeholders and the ongoing nature of the Australian Federal Police (AFP) investigation,” Koczkar said. The police earlier this month said hackers based in Russian were responsible for the breach, adding that it was working on “covert measures” with its international networks, including the Interpol.”AFP Commissioner Reece Kershaw said: “Our intelligence points to a group of loosely affiliated cybercriminals, who are likely responsible for past significant breaches in countries across the world. These cybercriminals are operating like a business with affiliates and associates who are supporting the business. We also believe some affiliates may be in other countries.”Adding that his team knew but were not revealing the identifies of the people behind the attack, Kershaw said ongoing investigations were focused on all parties involved. “What I will say is that we will be holding talks with Russian law enforcement about these individuals,” he said. AFP has oversight of the Australian Interpol National Central Bureau, which has direct contact with National Central Bureau Moscow. Kershaw noted that Interpol National Central Bureaus could ask for cooperation from any other National Central Bureau in investigations that went beyond local borders. “It is important to note that Russia benefits from the intelligence-sharing and data shared through Interpol, and with that comes responsibilities and accountability,” he said.Medibank has posted updates on data compromised in the breach that have popped up on a dark web forum. In a November 20 statement, it confirmed another four files containing 1,496 records were released online, including 123 records from files previously released by the hackers. Koczkar said the company would not pay any ransom, based on the advice of cybercrime experts and belief there was only a limited chance doing so would prevent its customers’ data from being published. “Paying could have the opposite effect and encourage the criminal to directly extort our customers, and there is a strong chance that paying puts more people in harm’s way by making Australia a bigger target,” he said. The Australian government this month passed a legislation to increase financial penalties for data privacy violators, pushing up maximum fines for serious or repeated breaches to AU$50 million ($32.34 million), from its current AU$2.22 million, or three times the value of any benefit obtained through the data misuse, or 30% of the company’s adjusted turnover in the relevant period, whichever is greater. RELATED COVERAGE More

For these Black Friday VPN deals, we only considered reputable and trustworthy VPN providers. There are no shortages of VPNs out there, but there is a limited number of companies that provide secure and user-friendly VPNs.Finding true VPN deals can be a bit tricky because the prices change frequently and with various subscription lengths and add-ons, it gets convoluted. Most VPNs charge less for longer subscriptions and the standard price for service is often advertised as a huge discount. But if the VPN is always available for 63% off, then I don’t consider that a sale. For the offers listed in this roundup, I based the discounted price on what I’d consider the standard offer rather than an imaginary inflated price that you’ll never have to pay. Many of these deals include additional months tacked onto a standard plan. These free months drop the average monthly cost but often the upfront price is the same, in those cases we’ve noted that the lump-sum payment hasn’t changed.We didn’t include free VPNs in our roundup because free VPN services are a mixed bag. It takes money to run a VPN and if you’re not paying then you could be bombarded with ads or stuck with a subpar service. That’s in the best-case scenario. The worst free VPNs could make money by selling your data, so it’s best to stick with a paid service if you’re taking your privacy and security seriously. More

For these Black Friday VPN deals, we only considered reputable and trustworthy VPN providers. There are no shortages of VPNs out there, but there is a limited number of companies that provide secure and user-friendly VPNs.Finding true VPN deals can be a bit tricky because the prices change frequently and with various subscription lengths and add-ons, it gets convoluted. Most VPNs charge less for longer subscriptions and the standard price for service is often advertised as a huge discount. But if the VPN is always available for 63% off, then I don’t consider that a sale. For the offers listed in this roundup, I based the discounted price on what I’d consider the standard offer rather than an imaginary inflated price that you’ll never have to pay. Many of these deals include additional months tacked onto a standard plan. These free months drop the average monthly cost but often the upfront price is the same, in those cases we’ve noted that the lump-sum payment hasn’t changed.We didn’t include free VPNs in our roundup because free VPN services are a mixed bag. It takes money to run a VPN and if you’re not paying then you could be bombarded with ads or stuck with a subpar service. That’s in the best-case scenario. The worst free VPNs could make money by selling your data, so it’s best to stick with a paid service if you’re taking your privacy and security seriously. More

Image: MS_studio/Shutterstock Many Android smartphones are vulnerable to multiple high-severity security issues that Google Project Zero reported over summer but remain unpatched, despite Arm releasing fixes for them.  Android phones equipped with Arm Mali GPUs are affected by the unpatched flaws. As GPZ researcher Ian Beer points out, even Google’s Pixel phones are vulnerable, as […] More

Image: Getty/Manuel Breva Colmeiro Google has released an update for Chrome to address a previously undisclosed or zero-day flaw that is under attack.  According to Google, the high-severity flaw, which is tracked as CVE-2022-4135, is due to a memory-related “heap buffer overflow in GPU”.  “Google is aware that an exploit for CVE-2022-4135 exists in the […] More