More stories

  • in

    Singapore clocks higher ransomware attacks, warns of IoT risks

    Ransomware and phishing attacks continue to climb in Singapore, hitting small and midsize businesses (SMBs) and social media platforms. Cybercriminals also are expected to turn their attention to Internet of Things (IoT) devices and crypto-based transactions, leveraging the lack of security safeguards on these platforms. Some 55,000 local-hosted phishing URLs were identified last year, up 17% from 2020, with social media companies accounting for more than half of spoofed targets. This might have been due to threat actors looking to exploit public interest in WhatsApp’s announcement to update its privacy policy, said Singapore’s Cyber Security Agency (CSA) on Monday, when it released its Singapore Cyber Landscape 2021 report. Social networking sites were the most commonly spoofed sector, followed by financial services and the online and cloud services sector. WhatsApp, Facebook, Lloyds, Chase Bank, and Microsoft were the most commonly spoofed brands, according to CSA. The government agency noted that scammers also spoofed government websites in late-2021, amidst heightened interest in the Omicron subvariant outbreak here. The number of ransomware cases reported to CSA totalled 137 last year, up 54% from 2020, with SMBs from sectors such as manufacturing and IT mostly falling victims to such attacks. These industries typically operated 24 by 7, leaving little time for organisations to patch their systems and potentially enabling ransomware groups to exploit vulnerabilities, CSA said. It noted that ransomware groups targeting SMBs in Singapore tapped the ransomware-as-a-service model, which made it easier for amateur hackers to use existing infrastructure to push out ransomware payloads. CSA also identified 3,300 malicious command and control (C&C) servers hosted in Singapore last year, more than triple the number in 2020 and the largest figure registered since 2017. The significant climb was attributed to the number of servers distributing Cobalt Strike malware, accounting for almost 30% of all C&C servers. Some 4,800 botnet drones with Singapore IP addresses were identified last year, a 27% dip from the daily average of 6,600 in 2020. There were no dominant malware variants amongst compromised devices, which CSA said could be due to threat actors moving away from older strains to explore new infection methods, as organisations cleaned up infected systems. Cybercrimes in Singapore continued on their upward climb, with 22,219 such cases recorded last year, up 38% from 2020. Online scams accounted for 81% of cybercrime cases, comprising cheating incidents that involved e-commerce or during which victims were approached through the internet.In its report, CSA also outlined key developments that should be closely monitored, warning that critical IoT devices, for instance, could be targeted in ransomware attacks. “Cybercriminals are recognising that they can inflict significant damage to organisations by infecting critical IoT devices, such as internet-connected uninterruptible power supply (UPS) units, leading to significant downtime costs,” it said. “IoT devices often lack critical cybersecurity protection [and] employees have been known to connect their personal IoT devices to the organisation’s networks without the knowledge of security teams.””Should organisations in critical, time-sensitive industries such as healthcare, be infected with ransomware, there could be serious, life-threatening consequences.”The Singapore government agency further cautioned that crypto-based scams were increasing, fuelled largely by the use of decentralised finance (DeFi) and peer-to-peer financial platforms, which bypassed the need for intermediaries. The borderless accessibility of DeFi’s open platforms as well as anonymity features also made it challenging to track illicit activities and enforce Singapore’s regulations across borders, CSA said. This further enabled cybercriminals to launch crypto-based scams. It also noted that decreased global reliance on Western technology–due to increasing geopolitical tensions–would result in differing cyber norms, ecosystems, and standards in the near future. In addition, organisations could suffer “collateral damage” from geopolitical conflicts, as cybercriminal and hacktivist groups take sides and engage in more malicious cyber activities for politically-motivated purposes. This increased the risk of reprisals and, in a hyper-connected global cyberspace, could impact organisations not linked to nations involved in the geopolitical conflicts, CSA said. RELATED COVERAGE More

  • in

    How to use confidential mode in Gmail to protect sensitive information

    Gmail is used by millions of people around the globe. As of July, 28.13% of people use Gmail as their primary email client. I count myself in that number (only Gmail is far from being the only account I use) and actually depend on Gmail for work-related communication.Regularly, I have to send sensitive information to others. Although I’d rather take advantage of GPG encryption found in the likes of Thunderbird, I don’t always have that option… especially when using Gmail. However, a few years back Google did add a nice feature to Gmail called Confidential Mode that helps protect sensitive information from authorized access. With Confidential Mode, you can set an expiration date and a password for messages and even revoke access any time you choose. And when a recipient receives a confidential message, they cannot forward, copy, print, or download the message.Also: How to change your Gmail inbox layout and why you might want toThe one caveat to Confidential Mode is that there’s no way of stopping users from taking screenshots of those confidential emails and then sending those images to other people. So, it’s not perfect, but it is a step in the right direction.How do you use Confidential Mode? Let me show you.RequirementsThe only thing you’ll need to use Confidential Mode is a Gmail account on either the web-based Gmail client or the mobile app (it works on Android and iOS). I’m going to demonstrate using the web-based client, which works on almost any web browser, but the email client works similarly.With that said, let’s get confidential.How to send an email in Confidential Mode1. Open GmailOpen your web browser, head to Gmail, and log in.2. Compose an emailClick Compose to open the Gmail compose window. At the bottom of that window, click the padlock-and-clock icon (Figure 1). More

  • in

    Microsoft: Iranian attackers are using Log4Shell to target organizations in Israel

    GettyImages Microsoft has warned that an Iranian state-based threat actor it calls Mercury is using the Log4Shell flaws in applications from IT vendor SysAid against organizations located in Israel. Microsoft’s nation-state tracking team, Microsoft Threat Intelligence Center (MSTIC), has assessed with “high confidence” that the campaign is affiliated with Iran’s Ministry of Intelligence and Security […] More

  • in

    CISA: Action required now to prepare for quantum computing cyber threats

    Image: Getty/sakkmesterke Action must be taken now to help protect networks from cybersecurity threats that will emerge in the advent of power of quantum computing, the US Cybersecurity and Infrastructure Security Agency (CISA) has warned.  While quantum computing could bring benefits to computing and society, it also brings new cybersecurity threats – and the CISA […] More

  • in

    Caught up in another password breach? Follow these 3 rules to protect yourself online

    Another day, another password breach. This time, the compromised website belongs to the Plex media-streaming service, and the advice is predictable: Reset your account password immediately.Yes, of course you should do that. But don’t stop there. Every one of these incidents is an opportunity to assess your current online security and tighten it up as needed. The goal is to make sure you’re at minimal risk when (not if) another, similar data breach occurs. The best way to do that is to follow three ironclad rules:Always use a long, random passwordNever reuse a passwordAlways turn on 2-factor authentication (2FA), if possibleIf you followed those rules, you wouldn’t have been particularly worried about today’s password breach. Why? The hash of that long, random password can’t easily be matched with its plaintext version, and even if the thieves managed to decrypt that password and try to use it before you changed it, they’d be stopped cold by the 2FA prompt.ZDNET recommends Most importantly, if they tried those credentials on other sites, they’d have no success at all. The real danger of reusing passwords is that simply changing them in one place isn’t enough. If you use the same password on multiple websites, you could be in a heap of trouble once the bad guys start trying the stolen Plex password on popular sites like Gmail and Outlook.com.The good news is that a first-rate password manager can help you identify weak passwords and detect duplicates. Here’s one example, a report generated by 1Password More

  • in

    Hackers are attempting to steal millions of dollars from businesses by bypassing multi-factor authentication

    Image: Getty A phishing and business email compromise (BEC) campaign that attempts to steal millions of dollars from victims is targeting Microsoft 365 accounts with attacks that can bypass multi-factor authentication (MFA).  Applying multi-factor authentication (MFA) is one of the best things that can be done to help secure user accounts from being compromised – […] More

  • in

    Microsoft: Russian hackers gain powerful 'MagicWeb' authentication bypass

    Image: Getty Microsoft has warned that the hacking group behind the 2020 SolarWinds supply chain attack have a new technique for bypassing authentication in corporate networks. The trick, a highly specialized capability Microsoft calls “MagicWeb”, allows the actors to keep a firm position in a network even as defenders attempt to eject them. However, unlike […] More