Information Technology

European Union members have a collective cybersecurity skills shortage that may be partially addressed by a surge in new graduates — but even that potential solution is not without its problems.Supply chain component strains are affecting all industries right now, but one supply chain problem that pre-existed the pandemic is the mismatch between supply and demand for cybersecurity staff.ENISA, the EU’s transnational cybersecurity agency, has now raised a flag about the enduring labor market supply problem and says it won’t be resolved despite a doubling of the number of graduates in the next two years.See also: Managers aren’t worried about keeping their IT workers happy. That’s bad for everyone.”The number of skilled and qualified workers is not enough to meet the demand, and national labour markets are disrupted worldwide, Europe included, as a consequence,” ENISA says in a new report. “The number of graduates in the next 2-3 years is expected to double. However, gender balance is still an issue with only 20% of female students enrolled.”Free market competition for security professionals also impacts the supply of expertise to the public sector and central banks, which don’t pay as much as banks and insurance companies. 

ENISA separates the terms cybersecurity “skills gap” and “skills shortage” in a new report that explores how to solve the problem. The former refers to a lack of appropriate skills in the workforce to perform cybersecurity tasks within a professional setting. The latter refers to “unfilled or hard-to-fill vacancies that have arisen as a consequence of a lack of qualified candidates for posts.”ENISA says there are 126 higher education programs from 25 countries that meet the EU’s definition of a cybersecurity program. For example, a master’s degree requires at least 40% of the taught modules to address cybersecurity topics. Using this definition, master’s-level qualifications constitute 77% of ENISA’s Cybersecurity Higher Education Database (CyberHEAD). Remote learning became the norm during the pandemic. Still, ENISA found that only 14% of higher education cybersecurity programs are purely online, while 57% are classroom-only, and 29% are a blend of face-to-face and online learning. Online may help reduce geographic barriers to entry, argues ENISA. The language was another barrier to entry. Of the EU programs included in the database, there were 16 languages, with 38% taught in English, 17% in Spanish, 11% in German, 7% in Italian, 5% in French, 4% in Greek, and 4% in Portuguese. ENISA argues that an “even higher percentage of English-based programs also presents additional benefits” by producing graduates who are confident at interacting in an international setting. University fees are another barrier to entry. Some 71% of programs required fees to enrol.  In terms of placing new graduates in the private and public sectors, ENISA found that compulsory internships were only part of 34% of EU programs. Only 23% of programs prepared students for specific professional certifications, such as CISSP, ISO 27001 and CompTIA Security+.See also: The secret to being more creative at work? Why timing could be the key.On the question of gender, women made up at least 20% of cybersecurity programs in only six EU nations: Romania (50%), Latvia (47%), Bulgaria (42%), Lithuania (31%), France (20%,) and Sweden (20%). “Unfortunately, these statistics mean that, overall, most HEI programmes in Europe have particularly low levels of gender diversity,” ENISA notes. ENISA made several recommendations to address the EU cybersecurity skills shortage and gap: Increase enrolments and graduates in cybersecurity programs by diversifying the content, levels and languages used in the higher education curriculaProvide scholarships, especially for underrepresented groups, and promote cybersecurity as a diverse field Adopt a common framework for cybersecurity roles, competencies, skills and knowledgePromote challenges and competitions in cybersecurity skillsIncrease collaborations between member states in sharing program results and lessons learntSupport the analysis of demographics (including the diversity) of new students and graduates in cybersecurity More

The federal government has announced it will amend telecommunications legislation to provide telcos with the ability to block scam SMS messages. “The regulatory amendment we have enacted provides the telecommunications sector with the authority they need to block malicious SMS messages at scale and protect the Australian public from scammers,” Minister for Home Affairs Karen Andrews said. “The Morrison government is committed to collaborating with industry to tackle new and emerging threats to the Australian community, including scams that exploit digital technologies for nefarious ends.” The changes entail amending the Telecommunications (Interception and Access) Act 1979 (TIA Act) so that telcos can intercept malicious SMS messages to be able to block them.The regulatory amendments have been in development for some time, with Home Affairs secretary Mike Pezzullo telling Senate Estimates that his department had been in talks with the telecommunications industry to provide more powers to telcos for blocking spam and malicious content through the TIA Act.Telstra CEO Andy Penn said in light of the regulatory changes, his telco was now developing a new cyber safety capability designed to automatically detect and block scam SMS messages as they travel across its network. The capability is currently being run as a pilot inside Telstra so that any scam SMS messages sent to its staff can help “train” the systems to spot the difference between a legitimate and a malicious SMS. This latest capability is part of Telstra’s Cleaner Pipes initiative that commenced last year.

Andrews also announced that a new Joint Policing Cybercrime Coordination Centre — the JPC3 — will be operational from March 2022, which will specifically focus on preventing cyber criminals from scamming, stealing, and defrauding Australians. The JPC3’s operations will be led by Australian Federal Police (AFP) assistant commissioner Justine Gough, who will become the AFP’s first full-time executive dedicated to countering cyber crime. “AFP-led JPC3 will target at scale those cyber criminals who trick firms using business email compromise or unleash mass phishing attacks, which can scam individuals out of personal information or money,” the AFP said. With Andrews announcing these new cyber initiatives, the AFP simultaneously said it has prevented cyber criminals from stealing AU$24 million from local superannuation accounts through a newly unveiled operation. Under Operation Zinger, the AFP said it shut down a criminal marketplace dealing in the online sale of cybercrime software, which contained over 500,000 compromised online credentials. By examining 500 gigabytes of data, the AFP was able to determine victims and offenders. The AFP then proceeded to contact 20 superannuation companies and facilitated the remediation of more than 25 managed super information systems to protect 681 matched super accounts attached to members and 35 matched super accounts attached to employers. The AFP has also charged a Sydney man for stealing more than AU$100,000 in an illegal SMS phishing scam that targeted the banks and telecommunications accounts of more than 450 victims. The phishing scam entailed luring victims onto a phony webpage, via SMS, and asking them to provide personal information. The charged individual then used this information to access victims’ telephone and bank accounts. He also created new accounts without their knowledge. The AFP worked with Commonwealth Bank of Australia, National Australia Bank, and Telstra to identify victims who had entered information into these phony webpages. The companies also placed additional security protocols on those account holders, helping prevent more than AU$4 million from being stolen from the accounts of another 16,000 Australians, the AFP said.  The charged individual, if found guilty, could face up to 26 years of imprisonment.All of the new measures follow the theme of countering cyber threats, much like other initiatives announced by Home Affairs in recent months such as the Critical Infrastructure Bill that is currently waiting for Royal Assent, its national ransomware action plan, and new principles for critical technology supply chain security. RELATED COVERAGE More

This is that time of year when people are busy looking for gifts for friends and family. Socks.After shave.Chocolates.How about giving someone a gift that will keep them and their data safe?That’s a gift that will keep giving throughout 2022 and beyond.So, how do you give someone added security, without breaking the bank?

Give an Yubico Yubikey security key.So, what is a YubiKey?A YubiKey is the ultimate line of defense against having your online accounts taken over. And with prices starting at $45, it’s one of those indispensable gadgets for the 21st century.A hardware authentication device made by Yubico, it’s used to secure access to online accounts, computers, and networks. The Yubikey 5 Series look like small USB flash drives and come in a range of different connectors — USB-A, USB-C, and USB-C and Lightning combo. There are versions that also include support for NFC.It offers two-factor authentication (also known as multi-factor authentication or two-step verification) for hundreds of online services, from Facebook, Google, and Twitter, to more specific services such as Coinbase, Salesforce, and Login.gov. Your YubiKey can also be used to secure password storage services such as Bitwarden , Password Safe , and LastPass.And the great think is that if someone already has one, you’ve got them a backup key (which I highly recommend having).There are two models of YubiKey that I highly recommend.

First is the YubiKey 5 NFC. This not only features a USB-A r USB-C connector (depending on the version you buy), but it also has built-in NFC capability, making it a great choice for laptops, desktops, iPhone, and Android devices.

This YubiKey features a USB-C connector on one end and a Lightning connector on the other. It’s the perfect for iPhone/iPad/Mac users as it covers it all.Perfect for those who don’t need NFC capability. More

Most Brazilian professionals working remotely believe they are responsible for the integrity and security of corporate data, according to a global study on consumer security attitudes. The 2021 Unisys Security Index reveals that two-thirds of Brazilians working remotely stated they are primarily responsible for keeping their employers’ data secure. Of the respondents who believe they are primarily responsible for the integrity of corporate data, 41% also place that responsibility on application providers. Only 21% of those polled hold their employers accountable for data security.

ZDNet Recommends

Best security key 2021

While robust passwords go a long way to securing your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

Read More

The results suggest that most Brazilians have a high degree of responsibility in relation to the corporate data they work with, according to Alexis Aguirre, director at Unisys Cybersecurity for Latin America. On the other hand, Aguirre noted corporate attitudes contrast with the lack of knowledge among the population about the various types of digital security fraud. “It is clear that in addition to investing in technology, it is essential to train people, as users are generally the gateway through which cybercriminals focus their actions, especially using social engineering techniques,” Aguirre adds. The Unisys study polled 11,000 consumers across 11 countries, including 1,000 Brazilian participants. The research has also covered the lack of awareness about security issues among Brazilians, with the minority of respondents stating they are aware of crimes such as SIM jacking and SMS phishing.On the other hand, separate research has found that Brazilians are concerned about the security of their data. A study carried out by Datafolha institute on behalf of Mastercard has found that fear of cyber attacks is high among Brazilian users, with 73% of respondents reported having suffered some kind of digital threat, such as receiving fake messages from companies and stolen passwords. Fostering a data protection culture in Brazil is one of the main initial objectives of the National Data Protection Authority (ANPD), a body set up in 2020. As part of efforts to raise awareness on the issue among the general public, ANPD launched a a data protection guide in September detailing how data holders can protect their data and listing steps that should be taken in case of incidents related to cybersecurity. More

Although you want to grab the best deals this holiday weekend, remember that this is the perfect time for scammers to take advantage of you online.

Phishing emails — claiming to be from a store, bank, credit card company, etc. — will entice you to click links that go to copies of legitimate websites. From there, they will try to extract your passwords or credit card information. As your inbox fills up with Black Friday and Cyber Monday deals, remember that not all is as it seems. Lamar Bailey, director of security research and development at Tripwire, warns, “Not all of the emails will be legit, as attackers will take valid emails and change the links to point you to malicious sites that may look like the real things.”Sam Curry, Chief Security Officer at Cybereason, advises that people with balances on multiple credit cards might “receive an email pretending to be from the credit card company saying their account is overdue and is subject to being shut down unless they make a minimum monthly payment. The unsuspecting consumer gives away their credit card information and other personable identifiable information.”Javvad Malik, security advocate at AlienVault (now AT&T Cybersecurity), confirms this, advising you to “regularly monitor your credit, debit, and ATM card activity for fraudulent transactions and immediately report anything suspicious.”Phishing scams are also rife this weekend. Curry warns against opening “any attachments or [clicking] on links appearing to be from trusted vendors” and advises going to the trusted website from your web browser instead. He also notes that ransomware attacks, which allow hackers to make money from you if ransomware hits your computer, are prevalent during the holiday season. In short, do not click on links from unsolicited emails warns Paul Bischoff, privacy advocate at Comparitech. He insists that you should always check that you have a “valid HTTPS before entering any information into a website.”

Other scams occur when you buy something and the item does not arrive. Bischoff notes that the scammer will claim “there is some problem with Amazon or Ebay’s payment system.”

“They will try to contact you and extract payment through some other means,” says Bischoff. “Don’t interact with merchants outside of the marketplace’s official channels.” Also make sure you do not fall victim to porch pirates like a third of Americans do.If you are keen to shop online, make sure that your experience does not come at the cost of your security warns Todd Peterson, IAM specialist at One Identity. He explains, “Having non-essential websites store [your] passwords or credit card details or using the same password across all online stores is ill-advised.”One particular industry to cautiously shop from? Gaming. Beware of fake game codes or large discount from game companies says Jack Baylor, Security Threat Researcher at Cylance. “People often put up fake game codes claiming large discounts compared to buying directly from the game manufacturer or the likes of reputable markets such as Steam, Microsoft Store (Xbox1), or PlayStation Store (PS4),” he says. “Often consumers are left out of pocket with nothing more than a nonsense string of letters and numbers to show for it.”How can you reduce security risks when you shop online?Be wary of clicking email links or downloading anything — no matter how great the holiday sale appears to be. Always go directly to the vendor’s website and type the web address into your browser instead of clicking email links.Check that the vendor’s site is legitimate; look our for typos and grammatical errors in the URL and on the site.Use a different password for every website you purchase from.Disable pop-up ads on your browser.Enable multi-factor authentication or opt in to extra security measures provided by your bank/credit card company. If it takes multiple steps to purchase something when you shop, it will be more difficult for hackers to compromise your account.Check all of your online receipts and correlate them with your credit card statement. You need to know exactly what is being added to your card purchases.Check incoming calls from numbers you do not recognize online to see whether the call is from a genuine vendor, and block the number if you the caller makes you uncomfortable.To protect your incoming packages, use a locked drop box or install a home security camera or a video doorbell.If you are cautious and enable as much security as possible, you are far less likely to be compromised. Then you can rest assured that your holiday shopping does not end in security nightmares and costly mistakes. More

Security researchers have discovered new remote access trojan (RAT) malware that has created an unusual new way of hiding on servers.As first reported on BleepingComputer, this new malware, dubbed CronRAT, hides in scheduled tasks on Linux servers by being set for execution on February 31, a date that doesn’t exist. 

ZDNet Recommends

Discovered and named by e-commerce security specialist Sansec, CronRAT is part of a growing trend in Linux server-focused Magecart malware. CronRAT is used to enable server-side Magecart data theft.SEE: A winning strategy for cybersecurity (ZDNet special report)The security company describes the malware as “sophisticated” and it remains undetected by most antivirus vendors. Sansec had to rewrite its detection engine to spot the malware after receiving samples of it to discover how it works. The name CronRAT is a reference to the Linux cron tool that allows admins to create scheduled jobs on a Linux system to occur on a specific time of day or a regular day of the week.   “CronRAT’s main feat is hiding in the calendar subsystem of Linux servers (“cron”) on a nonexistant day. This way, it will not attract attention from server administrators. And many security products do not scan the Linux cron system,” explain Sansec in a blogpost. 

The malware drops a “sophisticated Bash program that features self-destruction, timing modulation and a custom binary protocol to communicate with a foreign control server,” says Sansec. Magecart card skimmers are a problem that’s not going away any time soon as e-commerce continues to play a vital role in shopping during the ongoing pandemic. Ahead of Black Friday, the National Cyber Security Centre (NCSC) warned it had found 4,151 retailers that had been compromised by hackers targeting bugs in checkout pages over the past 18 months. Most of the attacks targeted bugs in popular e-commerce platform Magento. The FBI last year issued a similar warning about Magecart attackers targeting a Magento plugin. More

Hackers have already created malware in a bid to exploit an elevation of privilege vulnerability in Microsoft’s Windows Installer.Microsoft released a patch for CVE-2021-41379, an elevation of privilege flaw in the Windows Installer component for enterprise application deployment. It had an “important” rating and a severity score of just 5.5 out of 10. 

Windows 11

It wasn’t actively being exploited at the time, but it is now, according to Cisco’s Talos malware researchers. And Cisco reports that the bug can be exploited even on systems with the November patch to give an attacker administrator-level privileges. SEE: Windows 11 FAQ: Our upgrade guide and everything else you need to knowThis, however, contradicts Microsoft’s assessment that an attacker would only be able to delete targeted files on a system and would not gain privileges to view or modify file contents.”This vulnerability allows an attacker with a limited user account to elevate their privileges to become an administrator,” explains Jaeson Schultz at Cisco Talos. “This vulnerability affects every version of Microsoft Windows, including fully patched Windows 11 and Server 2022. Talos has already detected malware samples in the wild that are attempting to take advantage of this vulnerability.”

Abdelhamid Naceri, the researcher who reported CVE-2021-41379 to Microsoft, tested patched systems and on November 22 published proof-of-concept exploit code on GitHub, which shows that it works despite Microsoft’s fixes. It also works on Server versions of affected Windows, including Windows Server 2022. “The code Naceri released leverages the discretionary access control list (DACL) for Microsoft Edge Elevation Service to replace any executable file on the system with an MSI file, allowing an attacker to run code as an administrator,” writes Cisco’s Shultz.SEE: Dark web crooks are now teaching courses on how to build botnetsHe adds that this “functional proof-of-concept exploit code will certainly drive additional abuse of this vulnerability.” Naceri says there is no workaround for this bug other than another patch from Microsoft. “Due to the complexity of this vulnerability, any attempt to patch the binary directly will break Windows Installer. So you’d better wait and see how/if Microsoft will screw the patch up again,” Naceri said. Microsoft is yet to acknowledge Naceri’s new proof of concept and has not yet said whether it will issue a patch for it.  More

Online criminals are deploying cryptocurrency miners within just 22 seconds of compromising misconfigured cloud instances running on Google Cloud Platform (GCP).Cryptocurrency mining is by far the main malicious activity conducted by attackers after taking advantage of misconfigured instances hosted on GCP, making up 86% of all actions carried out after compromise. And in many cases, the attackers move extremely quickly after compromising an instance and installing cryptomining malware to free-ride off others’ CPU and GPU resources to turn a profit for themselves. 

ZDNet Recommends

The best cloud storage services

Free and cheap personal and small business cloud storage services are everywhere. But, which one is best for you? Let’s look at the top cloud storage options.

Read More

“Analysis of the systems used to perform unauthorized cryptocurrency mining, where timeline information was available, revealed that in 58% of situations the cryptocurrency mining software was downloaded to the system within 22 seconds of being compromised,” Google says in its first Cloud Threat Intelligence report.SEE: Cloud security in 2021: A business guide to essential tools and best practicesAnother striking trend was how quickly attackers are finding and compromising unsecured, internet-facing instances. The shortest time a compromise took place was 30 minutes after those instances were deployed. In 40% of cases, the time-to-compromise was under eight hours. Security firm Palo Alto Networks similarly found that 80% of 320 internet-facing ‘honeypot’ instances hosted in the cloud — and designed to attract attackers — were compromised within 24 hours. 

As Google’s report highlights, crypto-mining malware is a problem for users on GCP who don’t take steps to protect their cloud instances. “While data theft did not appear to be the objective of these compromises, it remains a risk associated with the cloud asset compromises as bad actors start performing multiple forms of abuse. The public Internet-facing Cloud instances were open to scanning and brute force attacks,” Google notes. SEE: Dark web crooks are now teaching courses on how to build botnetsInternet-facing GCP instances were a significant target for attackers. Just under half of compromised instances were carried by attackers gaining access to instances with either no password or a weak password for user accounts or API connections, which meant these instances could be easily scanned and brute forced.”This suggests that the public IP address space is routinely scanned for vulnerable cloud instances. It will not be a matter of if a vulnerable Cloud instance is detected, but rather when,” Google said.Additionally, 26% of compromised instances were due to vulnerabilities in third-party software being used by the owner.”Many successful attacks are due to poor hygiene and a lack of basic control implementation,” said Bob Mechler, director at Google Cloud’s office of the CISO.The report is a wrap up of observations over the last year by Google Threat Analysis Group (TAG), Google Cloud Security and Trust Center, and Google Cloud Threat Intelligence for Chronicle, Trust and Safety. More