Information Technology

Australian payments provider Eftpos has gone live with new online security features through a handful of payment merchants, ahead of a full rollout next year.These security features, which include two-factor authentication functionality, has initially been adopted by Till Payments, Fat Zebra, and Eftex. The rollout of these features is part of Eftpos’ five-year, AU$100 million investment it’s making on digital upgrades to its network, designed to enhance the level of protection up-front for consumers and merchants, rather than retrofitting security to legacy systems.  “This is a tipping point for Eftpos, online Australian businesses and the digital economy, and it is great to have partners like Till Payments, Fat Zebra, and Eftex onboard,” Eftpos chief Stephen Benton claimed.”This is a game changer for Eftpos and Australian retailers because retail is quickly transforming to become an increasingly digital marketplace, accelerated by COVID. Big economic benefits could flow from increased competition in addition to enhanced payments security.”The company said Eftpos payments are already available online for some card-on-file payments where banks have implemented the service for their merchant customers. Since launching the Eftpos digital service that enables LCR last year, Eftpos said it has been subject to zero fraud.LCR is an initiative aimed at promoting competition in the debit card market and helping to reduce payment costs in the economy.

When a customer makes a contactless “tap-and-go” payment with their dual-network debit card — not credit cards, however — the merchant may choose to send the transaction via the debit network that costs them the least to accept. If the merchant chooses not to route, the transaction is instead sent via the default network which is programmed on the card, typically the Debit Mastercard or Visa Debit network.If a merchant uses LCR, it should not affect which deposit account the funds are paid from, and the three networks — Eftpos, Visa, and Mastercard — offer similar protections to the cardholder from fraud and disputed transactions.”This Eftpos extension will allow eCommerce merchants to securely send millions more online payments through Eftpos, resulting in substantial payment acceptance cost savings for their business and their customers,” Eftex general manager Ian Sanford said.Latest Finance News From Australia More

StackCommerce

ZDNet Recommends

It’s amazing how much affordable self-paced training is available online these days. For instance, even if you have no experience whatsoever, you can learn to be a Python programmer in no time and their average salaries are over $80,000 a year. But you could also become an ethical hacker, learn to be a game developer or so many other choices.However, just like when you are doing anything else online, you need to be extremely careful about protecting yourself when accessing educational content. And now, new users need never worry about that again, because a VPNSecure Online Privacy: Lifetime Subscription is currently available for only $39.99 during our pre-Black Friday sale.Obviously, your traffic will be encrypted so that hackers aren’t able to get access to your data. VPNSecure renders your traffic on the service unrecognizable with Stealth VPN. You also have full stack IP support (IPv4 + IPv6) and kill switches that will automatically disconnect you from the internet if your VPN connection is dropped. Your IP address and location will be hidden and VPNSecure has a strict policy of absolutely no logging.Since you have access to servers in more than 45 countries, and new ones are being added all the time, you will be able to watch all of your favorite content no matter where you happen to be. And VPNSecure fully supports torrents, yet you are allowed unlimited bandwidth, so you should be able to stream smoothly with no buffering.You can use the service on five devices simultaneously, on desktop or mobile. There is an ad blocker option that is available at no extra charge and so many other convenient features.Even Security.org was impressed. They said:”VPNSecure provided us with nearly everything we needed to search the web safely and even included some unique features like the Meta Search Engine.”

You really don’t want to pass up this opportunity to protect yourself online for a lifetime. If you are a new user, get VPNSecure Online Privacy: Lifetime Subscription now while it’s available for only $39.99.

More ZDNet Academy Deals More

The FBI has warned that a sophisticated group of attackers have exploited a zero-day flaw in a brand of virtual private networking (VPN) software since May.

The FBI said its forensic analysis showed that the exploitation of the zero-day vulnerability in the FatPipe WARP, MPVPN, and IPVPN software, by an advanced persistent threat (APT) group, went back to at least May 2021. It did not provide any further information about the identity of the group.The vulnerability allowed the attackers to gain access to an unrestricted file upload function to drop a webshell for exploitation activity with root access, leading to elevated privileges and potential follow-on activity, the FBI said, noting: “Exploitation of this vulnerability then served as a jumping-off point into other infrastructure for the APT actors.”See also: A winning strategy for cybersecurity (ZDNet special report).The FBI said the vulnerability affects all FatPipe WARP, MPVPN, and IPVPN device software prior to the latest version releases, 10.1.2r60p93 and 10.2.2r44p1.It warned that detection of exploitation activity might be difficult, as cleanup scripts designed to remove traces of the attackers’ activity were discovered in most cases.”Organizations that identify any activity related to these indicators of compromise within their networks should take action immediately,” the FBI said in an alert.

“FBI strongly urges system administrators to upgrade their devices immediately and to follow other FatPipe security recommendations such as disabling UI and SSH access from the WAN interface (externally facing) when not actively using it.”FatPipe has its own advisory FPSA006, which notes: “A vulnerability in the web management interface of FatPipe software could allow a remote attacker to upload a file to any location on the filesystem on an affected device.”The vulnerability is due to a lack of input and validation checking mechanisms for certain HTTP requests on an affected device. An attacker could exploit this vulnerability by sending a modified HTTP request to the affected device.” More

Microsoft has raised an alarm about a massive surge in Iranian state-sponsored hacking attempts against IT services firms.

ZDNet Recommends

According to Microsoft, attacks from state-sponsored Iranian hackers on IT services firms were virtually non-existent in 2020, but this year exceeded 1,500 potential attacks. “Microsoft has observed multiple Iranian threat actors targeting the IT services sector in attacks that aim to steal sign-in credentials belonging to downstream customer networks to enable further attacks,” it said.See also: A winning strategy for cybersecurity (ZDNet special report).Most of the targeting is focused on IT services companies based in India, as well as several companies based in Israel and the United Arab Emirates. Microsoft said that these attacks are another example of how nation-state actors are increasingly targeting supply chains as an indirect approach to their real targets.”Until July 2021, Microsoft had observed relatively little history of Iranian actors attacking Indian targets,” Microsoft said in a blogpost from its Threat Intelligence Center (MSTIC) and Digital Security Unit (DSU).”Iranian threat actors are increasing attacks against IT services companies as a way to access their customers’ networks. This activity is notable because targeting third parties has the potential to exploit more sensitive organizations by taking advantage of trust and access in a supply chain.”

It would seem Iranian hackers have learned lessons from successful software supply-chain hacks, such as the attack on SolarWinds, which targeted US federal agencies and key US cybersecurity firms, including Microsoft: the US and UK blamed that attack on Russia’s Foreign Intelligence Service. Microsoft says the Iranian attacks on IT services firms have trended upwards significantly in the past six months. “As India and other nations rise as major IT services hubs, more nation-state actors follow the supply chain to target these providers’ public and private sector customers around the world matching nation-state interests,” Microsoft noted. Microsoft said it issued 1,788 nation-state notifications about Iranian actors to enterprise customers in India from mid-August to late September, roughly 80% of which were to IT companies, up from just 10 notifications issued in the previous three years in response to previous Iranian targeting. “Iranian cyber actors have rarely targeted India, and the lack of pressing geopolitical issues that would have prompted such a shift suggests that this targeting is for indirect access to subsidiaries and clients outside India,” Microsoft said.Microsoft is tracking the emerging threat actor as DEV-0228. This week, Microsoft also highlighted Iran’s growing interest in using ransomware to disrupt targets and coordinate these attacks with physical operations. See also: Dark web crooks are now teaching courses on how to build botnets.The US, UK, and Australian governments subsequently urged admins to immediately patch Exchange email server and Fortinet VPN vulnerabilities. And last month, Microsoft warned that Iranian hackers were using password attacks against 250 Israeli and US organizations operating in the Persian Gulf. DEV-0228 used access to an IT company to extend compromise customers in the defense, energy, and legal sectors in Israel, according to Microsoft. “DEV-0228 dumped credentials from the on-premises network of an IT provider based in Israel in early July. Over the next two months, the group compromised at least a dozen other organizations, several of which have strong public relations with the compromised IT company,” it said.  More

Ransomware is so lucrative for the gangs involved that other parts of the cybercrime ecosystem are being repurposed into a system for delivering potential victims.

ZDNet Recommends

“The gravitational force of ransomware’s black hole is pulling in other cyberthreats to form one massive, interconnected ransomware delivery system — with significant implications for IT security,” said security company Sophos in a report. Ransomware is considered by many experts to be most pressing security risk facing businesses — and its extremely lucrative for the gangs involved, with ransom payouts increasing significantly.See also: A winning strategy for cybersecurity (ZDNet special report).Sophos said that ransomware is becoming more modular, with different groups specialising in particular elements of an attack. It also pointed to the linked rise of ‘ransomware as-a-service’, where criminal gangs are able to purchase access to tools to run their own ransomware attacks when they lack the technical ability to create those tools themselves.These so-called ransomware ‘affiliates’ don’t even have to find their own potential victims: the ransomware ecosystem has developed so that they can go to other groups who specialise in gaining access to corporate networks and who will sell that backdoor on to them.As well as doing business with these ‘initial access brokers’, would-be ransomware attackers can turn to botnet operators and malware delivery platforms to find and target potential victims. And because of the potential profit to be made, these groups are increasingly focusing on serving ransomware gangs rather than concentrating on less lucrative forms of online crime, Sophos said.

“Established cyberthreats will continue to adapt to distribute and deliver ransomware. These include loaders, droppers and other commodity malware; increasingly advanced, human-operated Initial Access Brokers; spam; and adware,” said the security company.The idea of ransomware-as-a-service has been around for a while, and has often been a way for lower-skilled or less well-funded attackers to get started. But what has changed now, said Chester Wisniewski, principal research scientist at Sophos, is that ransomware developers are now using this as-a-service model to optimise their code and get biggest payouts, offloading to others the tasks of finding victims, installing and executing the malware, and laundering the cryptocurrencies. See also: Ransomware: It’s a ‘golden era’ for cybercriminals – and it could get worse before it gets better.Separate research has even suggested that ransomware gangs are now rich enough to start buying their own zero-day flaws, something that was previously only available to state-backed hackers.”This is distorting the cyberthreat landscape,” Wisniewski said, as common threats such as loaders, droppers, and Initial Access Brokers — which were around and causing disruption well before the ascendancy of ransomware — are now servicing the demands of ransomware gangs. More

Palo Alto Networks on Thursday published solid first quarter financial results and raised its FY 2022 revenue guidance. Non-GAAP net income for the first quarter was $170.3 million, or $1.64 per diluted share. First-quarter revenue grew 32% year-over-year to $1.2 billion. Analysts were expecting earnings of $1.57 per share on revenue of $1.2 billion.”Q1 was a strong start to fiscal year 2022, driven by strength in both our product and Next-Generation Security businesses, giving us confidence to raise our revenue and billings guidance for the year,” chairman and CEO Nikesh Arora said in a statement. “We continue to see strong customer demand and have continued to release key innovations which give us confidence in the durable growth we presented at our September Analyst Day.”   First-quarter billings grew 28% year-over-year to $1.4 billion. Remaining performance obligation (RPO) grew 37% to $6 billion.
Palo Alto Networks
The company highlighted the performance of Primsa SASE, noting rapid adoption of the secure access service edge (SASE) service. Prisma SASE saw 100% year-over-year ARR growth. Meanwhile, more than 25% of new Prisma SASE customers are new to Palo Alto Networks over the last 12 months. The company now has 1,756 SASE customers, up 61% year-over-year.In the area of cloud-native security, Palo Alto reported that it now has 1,676 Prisma Cloud customers up 26% year-over-year.

For Q2 2022, Palo Alto expects revenue in the range of $1.265 billion to $1.285 billion. Analysts are expecting revenue of $1.27 billion. For the full fiscal year 2022, the company expects total revenue in the range of $5.35 billion to $5.40 billion, representing year-over-year growth of between 26% and 27%. Last quarter, the company forecast FY2022 revenue in the range of $5.275 billion to $5.325 billion.

Tech Earnings More

Lacework has raised $1.3 billion in a new funding round to bolster its position in the cloud security market. 

Announced on Thursday, the Series D funding round was led by existing investors Sutter Hill Ventures, Altimeter Capital, D1 Capital Partners, and Tiger Global Management. New investors have joined, including Liberty Global, General Catalyst, Snowflake Ventures, and Morgan Stanley Investment Management.Founded in 2015, Lacework develops cloud security solutions for the cloud, containers, and DevOps teams. The Lacework Cloud Security Platform collects, analyzes, and compiles security and threat data for anomaly detection, event and alert visualization, and compliance.  The San Jose, Calif.-based company counts Cloudera, VMware, Nextdoor, and Snowflake among its customers.  Lacework says the cash injection will be used to expand go-to-market strategies in the cloud security sector and to fund product development and innovation.  In addition, the security firm says that some of the funding will be used to “pursue additional strategic acquisitions,” building upon the recent purchase of Soluble. 

Soluble, a cloud infrastructure management company, was acquired earlier this month. The purchase price was not disclosed.  Lacework previously closed a $525 million funding round. The company has now completed five separate funding rounds since 2015. “Lacework’s Cloud Security Platform was built in the cloud, for the cloud. It’s a fundamentally different — and better — approach to security that is already dramatically reshaping the security market,” commented Mike Speiser, Managing Director of Sutter Hill Ventures. “With an outstanding platform and an exceptional team, Lacework has repeatedly exceeded every goal over the last 18 months. We continue to believe this is one of our most promising portfolio companies.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Botnets are one of the key drivers of cyberattacks, used to distribute malware, ransomware and other malicious payloads – and dark web forums are now offering lessons on how to make money from them, a move that is likely to increase the threat over time.Infected computers and devices in a cyber criminal-controlled botnet can be used to send phishing emails or malware to even more devices. It’s common for botnet operators to lease out their collection of unwittingly controlled machines – which can number in the thousands – to other cyber criminals. 

ZDNet Recommends

For example, TrickBot malware ropes machines into a botnet, providing the attacker with a backdoor into them. That access is often sold to cyber criminals who can then use them to deploy ransomware, using that access to encrypt files and demand a significant ransom payment. Many botnets are used to steal usernames and passwords, while others will take the processing power of the machines they control and lease them out to launch DDoS attacks in order to overflow websites with traffic and take them down. SEE: A winning strategy for cybersecurity (ZDNet special report) Botnet operators can, therefore, make significant sums of money, and now there are dark web operators who are offering online courses to train others on using botnets – and they operate much like their legitimate counterparts teaching cybersecurity and other skills in online courses. Cybersecurity researchers at Recorded Future analysed advertising and activity in a botnet school on a prominent underground forum and found that these courses are in demand – something that could be a potential issue for organisations that might be targeted by cyber criminals learning these skills. “It’s essentially like as if you’re in college,” Danny Panton, cybercrime intelligence analyst at Recorded Future told ZDNet. “You’ll have a director and they’ll be virtually teaching you – I don’t believe cameras are going to be on the person – but they have access to a platform and are taught insights into what you need to do to leverage botnets against potential victims.” 

Those teaching the courses include individuals who run large botnets themselves. The courses aren’t cheap – they cost over $1,400 dollars – but promise to provide even novice cyber criminals with knowledge on how to build, maintain and monetise botnets.”It really is a range of cybercrime experience and levels. You might have people who are seasoned cybercrime fraudsters, but aren’t really familiar with using botnets,” Panton explained. “Then there are people who are just completely new to cybercrime as a whole and just are curious and want to become better seasoned and increase their skills,” he added.Given the nature of the cybercrime world, some might be suspicious that if they hand over money to take part in the course, they’ll be scammed and get nothing in return. But it seems like legitimate a service and the course is subject to reviews, which suggest that the botnet school really offers what it says it does. If it was a scam, it wouldn’t have lasted so long.

Researchers don’t have the data to detail how many wannabe cyber criminals have taken the course in total, but during the time spent analysing this activity, the number of people taking the classes at any one time could vary; sometimes as few as five people, sometimes as many as 100.SEE: This mysterious malware could threaten millions of routers and IoT devicesThe course covers subjects including how to run a botnet in a way designed to avoid law enforcement attention – because, as demonstrated by the Emotet takedown, the authorities will clamp down hard on botnets when they can. And researchers warn that the existence of these courses likely leads to an increases in the threat of botnets – although by how much is hard to quantify without being able to track the activity of individual users.”It is highly likely that, as a result of these courses, more threat actors become proficient in botnet-oriented attacks,” said Panton. Botnets remain a significant threat to computer networks, but there are measures that can be taken to avoid becoming a victim. These include ensuring networks are updated with the latest security patches, making sure that default manufacturer passwords aren’t in use, and ensuring that internet-facing ports that aren’t necessary for the function of devices are closed. MORE ON CYBERSECURITY More