Information Technology

Cybersecurity firm Zscaler reported fiscal Q1 revenue and profit that topped Wall Street analysts’ expectations Tuesday afternoon.Revenue in the quarter rose 62% year over year to $230.5 million, yielding a profit of 14 cents per share. Analysts had been modeling $208.43 million in revenue and 12 cents per share.Non-GAAP net income reached $21 million in the quarter. The report sent Zscaler shares up more than 4% in late trading. Zscaler CEO and Chairman Jay Chaudhry said CISOs and CIOs are looking to phase out legacy network security in favor of Zero Trust architecture, due to increasing cyber and ransomware risks and accelerating digital transformation. “This architecture shift continues to drive strong demand for our Zero Trust Exchange platform,” Chaudhry says in the report. “We delivered outstanding results for the first quarter.”For the current quarter, the company expects revenue of $240 million to $242 million and an EPS around 11 cents. For the full-year fiscal 2022, the company predicted revenue in a range of $1 billion to $1.01 billion and EPS ranging from $0.50 to $0.52. 

Tech Earnings More

Beijing-backed hackers might soon start trying to steal encrypted data — such as biometric info, the identities of covert spies, and weapons designs — with a view to decrypting it with a future quantum computer, according to analysts at US tech consultancy Booz Allen Hamilton (BAH). 

ZDNet Recommends

“In the 2020s, Chinese economic espionage will likely increasingly steal data that could be used to feed quantum simulations,” the analysts write in the report Chinese Threats in the Quantum Era. At risk are data protected by the current algorithms underpinning public-key cryptography, which some fear may be rendered useless for protecting data once quantum computers become powerful enough.Also: Spy chief’s warning: Our foes are now ‘pouring money’ into quantum computing and AI The big question is when such a quantum computer might arrive. However, Booz Allen Hamilton’s analysts suggest it doesn’t matter that an encryption-breaking quantum computer could be years off because the type of data being targeted would still be valuable. Hence, there’s still an incentive for hackers to steal high-value encrypted data.  Recent studies suggest it would take a processor with about 20 million qubits to break the algorithms behind public-key cryptography, which is much larger than the quantum processors that exist today. But a quantum computer that threatens today’s algorithms for generating encryption keys could be built by 2030. The report frames the threat from China around its past cyber-espionage campaigns and the nation’s ambitions to be a major quantum computing player by mid-2020, as major US tech firms such as Google, IBM, IONQ and others race towards ‘quantum supremacy’.

“China’s current capabilities and long-term goals related to quantum computing will very likely shape the near-term targets and objectives of its cyber-enabled espionage,” the report states. It’s warning cybersecurity chiefs to be aware of China’s espionage targeting encrypted data as an emerging risk.”By the end of the 2020s, Chinese threat groups will likely collect data that enables quantum simulators to discover new economically valuable materials, pharmaceuticals, and chemicals,” the analysts warn.However, they add that while China will remain a major player in quantum computing, it probably won’t surpass the US and Europe in quantum computing by the mid-2020s. The consultancy notes that data decryption poses a “high risk” in the 2020s, but it reckons China’s chances to build a cryptography-breaking quantum computer before 2030 are “very small”. Nonetheless, they argue, the distant promise of quantum and the opportunities at stake will make encrypted data an enticing target in the years to come. “Still, the outsized threat of a rival state possessing the ability to decrypt any data using current public-key encryption rapidly generates high risk,” the report states. “Encrypted data with intelligence longevity, like biometric markers, covert intelligence officer and source identities, Social Security numbers, and weapons’ designs, may be increasingly stolen under the expectation that they can eventually be decrypted.”See also: Dark web crooks are now teaching courses on how to build botnets.BAH warns that it could take organizations a “decade or longer” to implement an organizational strategy for deploying post-quantum encryption. However, the US Institute of Standards and Technology (NIST) is looking for answers to post-quantum cryptography and selected a shortlist of candidates for exchanging digital keys and adding digital signatures, as CNET’s Stephen Shankland reported. As NIST notes, it took almost two decades to deploy our modern public key cryptography infrastructure. More

The rise of technologies like artificial intelligence (AI) and quantum computing is changing the world — and intelligence services must adapt in order to operate in an increasingly digital environment, the head of MI6 has warned.

ZDNet Recommends

In his first public speech since taking the role of “C” in October 2020, Richard Moore, chief of the UK Secret Intelligence Service (MI6), discussed the challenges posed by the rapid evolution in technology.While developments in computing like AI and quantum computing can provide society with what he described as “revolutionary advances,” Moore warned that they also lead to additional security threats which MI6 will need to face.”Others would speak to you about the benefits of these new discoveries — and they are myriad — but I’m paid to look at the threat side of the ledger. MI6 deals with the world as it is, not as we’d like it to be — and the digital attack surface that criminals, terrorists and hostile states seek to exploit against us is growing exponentially,” he said, in a speech at the International Institute for Strategic Studies (IISS).Moore warned that China, Russia and Iran are the most significant nation-state threats to the UK who could exploit technology to meet their aims, citing the SolarWinds cyber attack, which has been attributed to the Russian foreign intelligence, as a key example of this.Also: Hackers could steal encrypted data now and crack it with quantum computers later, warn analystsIn order to confront the challenges posed by the growing global digital environment, MI6 needs to ensure that it has the human intelligence capabilities to analyse and understand data which could help provide insights, keep agents in the field informed and ultimately help protect the UK from threats.

“There is no longer such a thing as an analogue intelligence operation in this digital world,” said Moore. “All of this requires insights from data, the tools to manipulate data and, most importantly, the talent to turn complex data into human insight. The combination of technological prowess and insights from human intelligence gives the UK a powerful edge.”He warned: “Our adversaries are pouring money and ambition into mastering artificial intelligence, quantum computing and synthetic biology because they know that mastering these technologies will give them leverage.”Moore warned that MI6 “needs to be at the vanguard of what is technologically possible” in order to stand the best chance of protecting the UK from security threats.But while MI6 has traditionally worked in the shadows, now it’s stepping out of them in order to ensure it has access to have the people required to help solve the problems faced by new technologies.”We can’t match the scale and resources of the global tech industry, so shouldn’t try. Instead, we should seek their help. Through the National Security Strategic Investment Fund, we are opening up our mission problems to those with talent in organisations that wouldn’t normally work with national security. Unlike Q in the Bond movies, we cannot do it all in-house,” said Moore.By looking to outside experts in emerging technologies, the aim is to help improve MI6 operations and innovate faster than the UK’s adversaries – and it represents a significant shift from the secretive operations of the past, one he stressed also requires increased diversity to represent better the population MI6 serves.”I cannot stress enough what a sea-change this is in MI6’s culture, ethos and way of working since we have traditionally relied primarily on our own capabilities to develop the world-class technologies we need to stay secret and deliver against our mission,” said Moore, adding “We must become more open, to stay secret,” he added.By adapting MI6 to be able to bring in expertise to help work with emerging technologies, it’s hoped that it’ll allow the intelligence service to keep the UK safe from threats, no matter where in the world they come from. “My mission as Chief is to ensure the successful transformation and modernisation of our organisation: extending MI6’s secret human relationships to reflect the changing nature of power and influence in the world; investing in the skills a global intelligence agency needs in the digital age and meeting the technological challenge head-on by opening up — to an unprecedented degree — to partners who can help us master the technologies we need for our operations, and enable us to innovate faster than our adversaries,” Moore said. More on cybersecurity: More

F-Secure
HP has patched critical flaws impacting approximately 150 printer models.  Printers are usually connected to business networks — and potentially forgotten when it comes to security — so they can easily provide an avenue of attack. Highlighting this issue is PrintNightmare, CVE-2021-34481, a Windows Print Spooler service vulnerability that permits attackers to escalate privileges to system level, which was patched in August. In addition, HP patched a separate, 16-year-old privilege escalation driver flaw in July.

Also: Microsoft just revealed another Print Spooler bug Now, researchers from F-Secure have documented “Printing Shellz,” a set of vulnerabilities impacting multifunction printers (MFPs).  On Thursday, the research team said that their tests involved the HP MFP M725z. However, the vulnerabilities — dating back to 2013 — impact an estimated 150 products. These include models in the HP Color LaserJet Enterprise, HP LaserJet Enterprise, HP PageWide, HP OfficeJet Enterprise Color, and HP ScanJet Enterprise 8500 FN1 Document Capture Workstation ranges. The first issue the researchers discovered was CVE-2021-39238. Assigned a CVSS severity score of 9.3, this potential buffer overflow issue could allow the creation of a “self-propagating network worm capable of independently spreading to other vulnerable MFPs on the same network,” according to F-Secure researchers Alexander Bolshev and Timo Hirvonen.  The second issue, CVE-2021-39237 (CVSS 7.1), is described by HP as an information disclosure bug. F-Secure says this flaw was caused by exposed physical ports, so local access is required as an avenue for attack. 

It’s possible to exploit these flaws locally via physical access to the device, such as by printing from USB. And when it comes to CVE-2021-39238, another potential attack vector involves sending an exploit payload directly from a browser via cross-site printing (XSP).  “These vulnerabilities give attackers an effective way to steal information: defenders are unlikely to proactively examine the security of a printer, and so the attacker can simply sit back and steal whatever information it comes across (via employees printing, scanning, etc),” F-Secure comments. “They could also use the MFP as a pivot point to move through the corporate network.” HP was informed of F-Secure’s discoveries on April 29 and has since released two advisories (1,2), detailing the vulnerabilities. Patches and firmware updates were released in November. There is no evidence of exploitation in the wild.  “Any organizations using affected devices should install the patches as soon as they’re available,” the researchers say. “While exploiting these issues is somewhat difficult, the public disclosure of these vulnerabilities will help threat actors know what to look for to attack vulnerable organizations.”
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

By urbans/Shutterstock
Queensland government-owned energy generator CS Energy said on Tuesday it was responding to a ransomware incident that occurred over the weekend. First reported by Energy Source & Distribution, the company said the incident has not impacted electricity generation at Callide and Kogan Creek power station, and it was looking to restore its network. “We immediately notified relevant state and federal agencies, and are working closely with them and other cybersecurity experts,” CEO Andrew Bills said. “We have contacted our retail customers to reassure them that there is no impact to their electricity supply and we have been regularly briefing employees about our response to this incident.” In response to the incident, ANZ regional director at Claroty, Lani Refiti, said critical infrastructure has been increasingly targeted by ransomware gangs since the infrastructure firms cannot afford any disruptions or downtime. “The usual vector for ransomware is via corporate systems/networks and most organisations in the power sector will segment their operational technology systems from their corporate networks to avoid an attack via this route,” Refiti said. “Hopefully this is the case for CS Energy, who are one of Queensland’s three main power generation companies along with Stanwell Corporation and Cleanco.”

Refiti’s hope is likely dashed thanks to Bills pointing out that segregation occurred after the incident began. “CS Energy moved quickly to contain this incident by segregating the corporate network from other internal networks and enacting business continuity processes,” Bills said. Earlier in the year, Callide suffered a fire in its turbine hall that led to outages across Queensland. Speaking earlier this month, Telstra energy head Ben Burge said the telco was able to keep the lights on for 50,000 families during that event, thanks to the telco being able to utilise standby power assets, including batteries, used in its telecommunication infrastructure to stabilise the grid and address market shortages.”The physical assets we have already activated would be enough to cover nearly 50,000 customers. In the next few years we expect to grow that coverage to over 200,000 customers,” Burge said. Telstra has gained authorisation to operate in New South Wales, Queensland, and South Australia and is looking to enter the energy market during 2022. Last month, the Australian government has announced a new set of standalone criminal offences for people who use ransomware under what it has labelled its Ransomware Action Plan, including a new criminal offence has for people that target critical infrastructure with ransomware. “The Ransomware Action Plan takes a decisive stance — the Australian Government does not condone ransom payments being made to cybercriminals. Any ransom payment, small or large, fuels the ransomware business model, putting other Australians at risk,” Minister for Home Affairs Karen Andrews said at the time. The plan will also roll out a new mandatory ransomware incident reporting regime, which would require organisations with a turnover of over AU$10 million per year to formally notify government if they experience a cyber attack. Last week, the Critical Infrastructure Bill passed both houses of federal parliament and is currently waiting for Royal Assent. Related Coverage More

Eftpos has switched on a new AI anti-fraud online capability as the Australian debit payments provider continues to expand its security features.The new capability is underpinned by a fraud detection engine that uses AI and machine learning to predict individual behaviour in real time. The feature was developed as part of a partnership with UK-based financial crime prevention firm Featurespace. “The anti-fraud capability has widespread support from banks and fintechs across the country and will scale quickly in the Australian market next year to provide real benefits for merchants and consumers as Eftpos online market penetration grows,” Eftpos CEO Stephen Benton said.Introducing the anti-fraud capability follows Eftpos going live last week with its two-factor authentication functionality, ahead of a full rollout next year.The rollout of these features is part of Eftpos’ five-year, AU$100 million investment it’s making on digital upgrades to its network, designed to enhance the level of protection up-front for consumers and merchants, rather than retrofitting security to legacy systems. Other security capabilities that exist in Eftpos’ security kit include tokenisation, disputes and chargebacks capability, and its digital identity solution, connectID.

The company added that Eftpos payments are already available online for some card-on-file payments where banks have implemented the service for their merchant customers. Since launching the Eftpos digital service that enables Least Cost Routing last year, Eftpos said it has thus far been subject to zero fraud.”Eftpos’ extension further into online payments will quickly drive much needed large-scale competition and place downward pressure on transaction costs. Currently we are well known as the lowest cost debit payments provider for retailers and small businesses at physical shops, and we want to develop the same reputation in the online environment,” Benton said. LATEST FINANCE NEWS FROM AUSTRALIA More

Tech manufacturing giant Panasonic has confirmed that it’s network was accessed illegally this month during a cyberattack.In a statement released on Friday, the Japanese company said it was attacked on November 11 and determined that “some data on a file server had been accessed during the intrusion.” “After detecting the unauthorized access, the company immediately reported the incident to the relevant authorities and implemented security countermeasures, including steps to prevent external access to the network,” Panasonic said in a statement. “In addition to conducting its own investigation, Panasonic is currently working with a specialist third-party organization to investigate the leak and determine if the breach involved customers’ personal information and/or sensitive information related to social infrastructure.”While no other information was provided in the statement, Japanese outlets Mainichi and NHK said the breach actually started on June 22 and ended on November 3. Panasonic did not respond to requests for comment but confirmed that date in an interview with TechCrunch and said the November 11 date actually refers to when the breach was first discovered.NHK reported that the attacked servers stored information about Panasonic business partners and the company’s technology, noting a ransomware incident last November involving a subsidiary of the company that also leaked business information.  

“We cannot predict whether it will affect our business or business performance, but we cannot deny the possibility of a serious incident,” the company told Mainichi on Friday, which according to The Record reported that the breach may have also involved employee information. Panasonic signed a pact with McAfee in March to create a vehicle security operations center focused exclusively on cyberattacks.  More

Over 300,000 Android smartphone users have downloaded what have turned out to be banking trojans after falling victim to malware which has bypassed detection by the Google Play app store.  Detailed by cybersecurity researchers at ThreatFabric, the four different forms of malware are delivered to victims via malicious versions of commonly downloaded applications, including document scanners, QR code readers, fitness monitors and cryptocurrency apps. The apps often come with the functions which are advertised in order to avoid users getting suspicious.  In each case, the malicious intent of the app is hidden and the process of delivering the malware only begins once the app has been installed, enabling them to bypass Play Store detections.  The most prolific of the four malware families is Anatsa, which has been installed by over 200,000 Android users – researchers describe it as an “advanced” banking trojan which can steal usernames and passwords, and uses accessibility logging to capture everything shown on the user’s screen, while a keylogger allows attackers to record all information entered into the phone.  Anasta malware has been active since January, but appears to have received a substantial push since June – researchers were able to identify six different malicious applications designed to deliver the malware. These include apps which posed as QR code scanners, PDF scanners and cryptocurrency apps, all of which deliver the malware.  One of these apps is a QR code scanner which has been installed by 50,000 users alone and the download page features a large number of positive reviews, something which can encourage people to download the app. Users are directed to the apps via phishing emails or malicious ad campaigns.  After the initial download, users are forced to update the app to continue using it – it’s this update which connects to a command and control server and downloads the Anatsa payload onto the device, providing attackers with the means to steal banking details and other information. 

The second most prolific of the malware families detailed by researchers at ThreatFabric is Alien, an Android banking trojan which can also steal two-factor authentication capabilities and which has been active for over a year. The malware has received 95,000 installations via malicious apps in the Play Store.  SEE: A winning strategy for cybersecurity (ZDNet special report) One of these is a gym and fitness training app which when comes with a supporting website designed to enhance the legitimacy, but close inspection of the site reveals placeholder text all over it. The website also serves as the command and control centre for the Alien malware.  Like Anasta, the initial download doesn’t contain malware, but users are asked to install a fake update – disguised as a package of new fitness regimes – which distributes the payload.   The other two forms of malware which have been dropped using similar methods in recent months are Hydra and Ermac, which have a combined total of at least 15,000 downloads. ThreatFabric has linked Hydra and Ermac to Brunhilda, a cyber criminal group known to target Android devices with banking malware. Both Hydra and Ermac provide attackers with access to the device required to steal banking information.  ThreatFabric has reported all of the malicious apps to Google and they’ve either already been removed or are under review. Cyber criminals will continually attempt to find ways to bypass protections to deliver mobile malware, which is becoming increasingly attractive to cyber criminals.  “The Android banking malware echo-system is evolving rapidly. These numbers that we are observing now are the result of a slow but inevitable shift of focus from criminals towards the mobile landscape. With this in mind, the Google Play Store is the most attractive platform to use to serve malware,” Dario Durando, mobile malware specialist at ThreatFabric told ZDNet.  The convincing nature of the malicious apps means that they can be hard to identify as a potential threat, but there are steps users can take to avoid infection  “A good rule of thumb is to always check updates and always be very careful before granting accessibility services privileges – which will be requested by the malicious payload, after the “update” installation –  and be wary of applications that ask to install additional software,” said Durando. ZDNet attempted to contact Google for comment but hadn’t received a response at the time of publication. 
MORE ON CYBERSECURITY  More