Information Technology

Gartner analysts released their list of cybersecurity and privacy predictions for the next few years, floating a number of potential ideas about how the world will respond to certain problems over the next decade. The predictions ranged from potential legislation to how the market for certain technologies will change from now until 2025. Gartner analysts predicted weaponized OT environments will result in human casualties by 2025 due to malware that they believe will spread at “wirespeeds.” The analysts say by that time, cybercriminals will shift from business disruption to physical harm, leading to regulations placing liability on CEOs. For 2023, Gartner expects 75% of the world to be covered under some kind of privacy law with built in subject rights requests and consent. The key, they said, will be whether privacy management programs can be automated.By 2024, Gartner said it believes organizations adopting a cybersecurity mesh architecture will reduce the financial impact of security incidents by an average of 90%.They expect security to stop being baked into assets and instead be “bolted on.” But with the permanent shift to remote work for many companies, Gartner predicted more organizations to use adaptive access control capabilities to facilitate it. The research institution is also expecting consolidation in the cloud and security edge services market, predicting that 30% of people will end up using the same provider by 2024. They noted that SaaS platforms are becoming “the preferred delivery model for organizations,” and added that hardware refresh cycles will impact adoption timeframes. 

“By 2024, 30% of enterprises will adopt cloud-delivered SWG, CASB, ZTNA and FWaaS capabilities from the same vendor,” the analysts said, adding that by 2025, “60% will use cybersecurity risk as a primary determinant for business transactions.”Security will begin to play a bigger role in public policy as well by 2025, with Gartner expecting at least 30% of the world’s nations to pass some form of legislation around ransomware. Gartner also expects more regulation centered around ransomware payments as well as fines and negotiations. Cybersecurity will even become a priority for boards, with Gartner adding that by 2025, 40% of boards will have dedicated cyber committees or at least one qualified board member overseeing cybersecurity.  More

Asana’s Universal Reporting feature
Asana

Special feature

Turning Big Data into Business Insights

Businesses are good at collecting data, and the Internet of Things is taking it to the next level. But, the most advanced organizations are using it to power digital transformation.

Read More

Team management software provider Asana on Wednesday rolled out Enterprise Work Graph, a new suite of tools to help organizations stay on top of cross-team objectives while maintaining enterprise-grade security and controls. The new product is based on Asana’s proprietary Work Graph data model. It aligns teams around goals, coordinates workflows and provides visibility into the status of projects. It’s built to support enterprises with more than 100,000 users and offers an availability commitment of 99.9%. There are features for enterprise IT teams, such as an Admin Announcement capability, as well as a new SCIM functionality that automates group set-up and synchronizes profile updates with Okta. In terms of security, an upcoming Enterprise Key Management (EKM) feature will let organizations use their own keys to encrypt data.The Enterprise Work Graph offers a Goals API that lets organizations pull in information from other tools to stay on top of cross-team goals. For instance, an organization could link an Asana goal to a CRM report. When sales teams closed opportunities, the goal would automatically update in Asana so that teams across the organization would stay informed.Additionally, there’s a Workflow Builder tool that requires no coding and a Universal Reporting tool for tracking business objectives.Asana has been working to scale its business over the last few years. In 2019, Asana launched Asana Automation, opened a new office in Tokyo, and launched Asana for Marketing and Creative Teams. Overall, Asana has more than 100 integrations with enterprise software vendors including Slack, Microsoft Office 365, Gmail, Adobe Creative Cloud, and others.In September, the company reported it has over 107,000 paying customers, with strong growth in the enterprise. The number of customers spending over $50,000 grew 111% in Asana’s second quarter.

Enterprise Software More

A stealthy hacking group is infiltrating telecommunications companies around the world in a campaign which researchers have linked to intelligence gathering and cyber espionage. The campaign, which has been active since at least 2016, has been detailed by cybersecurity researchers at CrowdStrike, who’ve attributed the activity to a group they call LightBasin – also known as UNC1945.  It’s believed that since 2019, the offensive hacking group has compromised at least 13 telecommunication companies with the aim of stealing specific information about mobile communications infrastructure, including subscriber information and call metadata – and in some cases, direct information about what data smartphone users are sending and receiving via their device. “The nature of the data targeted by the LightBasin aligns with information likely to be of significant interest to signals intelligence organisations. Their key motives are likely a combination of surveillance, intelligence, and counterintelligence collection,” Adam Meyers, SVP of Intelligence at CrowdStrike told ZDNet. “There is significant intelligence value to any state-sponsored adversary that’s likely contained within telecommunications companies,” he added. The exact origins of LightBasin aren’t disclosed, but researchers suggest that the author of tools used in attacks has knowledge of the Chinese language – although they don’t go as far to suggest a direct link with China or any other Chinese-speaking countries. The attackers employ extensive operational security measures in an effort to avoid detection and will only compromise Windows systems on target networks if absolutely necessary. LightBasin’s primary focus is on Linux and Solaris servers which are critical for running telecommunications infrastructure – and are likely to have less security measures in place than Windows systems. 

SEE: A winning strategy for cybersecurity (ZDNet special report) Initial access to networks is gained via external DNS (eDNS) servers, which are part of the General Packet Radio Service (GPRS) network which connects different phone operators. Researchers discovered that LightBasin accessed one victim from a previously compromised victim. It’s likely that initial access to original victims is gained by exploiting weak passwords via the use of brute force attacks. Once inside the network and calling back to a command and control server run by the attackers, LightBasin is able drop TinyShell, an open-source Unix backdoor used by many cyber criminal groups. By combining this with emulation software, the attacker is able to tunnel traffic from the telecommunications network. Other tools deployed in campaigns include CordScan, a network scanner which enables the retrieval of data when dealing with communications protocols.  LightBasin has the ability to do this with many different telecommunications architectures, indicating what researchers describe as “robust research and development capabilities to target vendor-specific infrastructure commonly seen in telecommunications environments” and something “consistent with a signals intelligence organization” – or in other words, an espionage campaign. However, despite their best efforts to remain hidden, there are some elements of the campaigns which means they can be discovered and identified, such as not encrypting binaries while using SteelCorgi, a known ATP espionage tool.  There’s also evidence of the same tools and techniques being used in the networks of compromised telecommunications providers, pointing towards a singular entity behind the whole campaign. It’s believed that LightBasin is still actively targeting telecommunications providers around the world. “Given LightBasin’s usage of bespoke tools and in-depth knowledge of telecommunications network architectures, we’ve seen enough to realize the threat LightBasin poses is not localized and could affect organizations outside of the ones we work with,” said Meyers. “The potential payoff to these threat actors in terms of intelligence gathering and surveillance is just too big for them to walk away from,” he added. To protect networks from this and other cyber attacks, it’s recommended that telecommunications companies ensure that the firewalls responsible for GPRS network to have rules applied which mean networks can only be accessed via expected protocols.  “Securing a telecommunications organization is by no means a simple task, especially with the partner-heavy nature of such networks and the focus on high-availability systems; however, with the clear evidence of a highly sophisticated adversary abusing these systems and the trust between different organizations, focusing on improving the security of these networks is of the utmost importance,” the CrowdStrike blog post said. MORE ON CYBERSECURITY  More

Researchers have uncovered a lively trade online in the sale of fake vaccination records and passports. 

COVID-19 prompted panic buying and price hikes for basic necessities worldwide when the pandemic first hit. However, once vaccines were developed, a market was born out of consumers who wanted their shots as quickly as possible. Not everyone wants a vaccination, however, and with international restrictions imposed for non-vaccinated travelers, some are looking for alternatives — including fake records. According to research conducted by Intel 471, the vaccine trade is still strong, but numerous cybercriminals are now also offering fake COVID-19 vaccine certifications focused on US and EU entry requirements. The US Centers for Disease Control and Prevention (CDC) vaccination cards are issued by vaccine providers in a paper format. The EU also offers a vaccine passport, the EU Digital COVID Certificate, which is issued to European residents in a paper and digital form.  Underground forum posts advertise their fake certificate wares together with coronavirus claims and misinformation, such as that the “minority ruling is trying to destroy mankind” and the vaccines are “poisonous.” “We do this to help people who are in critical situations and want to travel urgently,” one advert read. 

On one forum, a trader is offering counterfeit CDC cards, whereas, on another, EU and specifically French documents containing QR codes are being displayed.  The QR codes on legitimate vaccine passports are designed to pull vaccination records from healthcare providers. However, these codes may go to fraudulent websites containing fake records.
Intel 471
Intel 471 also found a variety of vaccines on the market, claiming to be sourced from manufacturers producing AstraZeneca, Johnson & Johnson, Moderna, Pfizer, and Sputnik V. However, the e-commerce domains are currently offline. The researchers say that after tracking vaccine traders, the sellers appear to be keeping a close eye on the news and will market their wares accordingly — such as to appeal to customers in countries with limited or no vaccine supplies on hand.  “Be it underground vaccine sales or counterfeit vaccine passes, actors are monetizing the fear and misinformation around COVID-19, creating a new market that has been constructed partly by pushing people who have never purchased anything illicit to buy things off of the underground,” the firm commented. Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Over 25% of malicious JavaScript code is obfuscated by so-called ‘packers’, a software packaging method that has given attackers a way of evading signature-based detection, according to security and content delivery network provider Akamai.  Packers work by compressing or encrypting code to make that code unreadable and non-debuggable — resulting in ‘obfuscated’ code that is difficult for antivirus to detect. 

ZDNet Recommends

JavaScript packers aren’t a new threat. As Secureworks noted as far back as 2008, JavaScript packers became a popular alternative to JavaScript libraries because they were good at reducing the number of bytes downloaded on each page in order to support richer web applications of the time.  SEE: This new ransomware encrypts your data and makes some nasty threats, too “Computer hackers have taken advantage of the acceptance of these packers as suboptimal network optimization tactics and are using them as a way to evade and bypass security controls on the gateway and at the host,” SecureWorks noted then.  Akamai notes that some of the world’s most popular websites contain obfuscated JavaScript for business reasons.  The company highlights that packers are still a large scale problem, aiding the spread of phishing pages, malware droppers and scams like the Magecart attacks on online payment systems. At the SecTor 2021 conference in November researchers will present a new “technique that profiles the unique functionality of packers to detect JavaScript prior to it being obfuscated, regardless of the original code.”

Instead of a signature or hash, the JavaScript code is detected by the techniques the packer introduces, according to Akamai.  To show how it’s profiling packers, Akamai looked at four pieces of JavaScript code from four unrelated malicious files. Two of the snippets were for phishing, one was a malware dropper, and the fourth a Magecart scammer.  SEE: This is how Formula 1 teams fight off cyberattacks “These four examples are the output of the same unique packer functionality being used to obfuscate any given JavaScript code,” Akamai explains.  “By profiling packers and their functionality, we evaluated 30,000 benign and malicious JavaScript files and were able to see that at least 25% of the malicious files used one of five profiled packer functionalities.” The research also found that 0.5% of benign files from the top 20,000 top-ranked websites on Alexa.com used packer obfuscation techniques. Akamai argues then that obfuscation isn’t a strong enough signal for malicious code and suggests detection will require machine learning to differentiate between malicious and benign obfuscated JavaScript code.  More

Increasing adoption of hybrid work practices has pushed the need to enable and secure remote workers as a top challenge for IT managers. Security threats also have evolved amidst this emerging workplace, with supply chain attacks hogging recent headlines, but 53% of IT administrators believe their use of “known, trusted software” will help keep their organisation safe from such threats. Asked about challenges they faced in the past year with increased adoption of remote work, 57.2% of IT managers pointed to enabling or instructing employees about working remotely, while 49.6% cited the need to secure these workers. Another 44.5% highlighted the need to ensure availability of business applications and networks, according to a study conducted by data security vendor Acronis. The survey polled 3,600 IT managers and remote workers in 18 markets, including Singapore, Australia, India, Japan, Germany, the US, and the UK. Respondents from each country comprised 100 IT managers and 100 remote workers. The study was conducted over two months through to October 2021. 

Some 28.6% said their organisation was targeted by cyber attackers at least once a month, while 21.4% saw weekly attacks and 20.6% reported at least one attack a day. About 20.1% believed they were never targeted in a cyber attack, compared to 9.3% who said their organisation was targeted every hour, the study revealed. Phishing attempts were the most common, with 57.9% of iT managers noting their organisation encountered such attacks in the past year, followed by 39.8% and 36.5% who cited DDoS (Distributed Denial of Service) and malware attacks, respectively. In particular, 74% and 50% of Singapore IT managers cited phishing and malware as the most common attacks, respectively–with both figures higher than the global average. The need to deal with cyber threats pushed stronger priority for antivirus and antimalware tools, with 73.3% of IT managers worldwide citing these as important business security tools, compared to just 43% in last year’s report. Another 47.9% highlighted the need for integrated backup and disaster recovery, while 45.3% pointed to vulnerability assessments and patch management. Another 35.7% prioritised remote monitoring and management and 20.4% cited URL filtering tools.

With news of third-party supply chain attacks including Kaseya and SolarWinds consuming headlines in the past year, 53% of IT managers believed their use of “only known, trusted software” would safeguard their organisation against such attacks. Some 23.8% said they turned to antivirus and endpoint detection and response tools, while 17.8% engaged an external provider to protect the organisation against supply chain attacks. Asked about two-factor authentication (2FA), just 21.6% said they used it for all accounts, while 37.7% said they did likewise for some accounts. Another 30.6% said they tapped 2FA for most accounts, while 10.1% did not use it at all. Amongst employees, 36.5% cited the use of VPN and other security measures as the most technically challenging aspect of working remotely, according to the Acronis study. Wi-Fi connectivity, though, was the most cited technical challenge at 43.9% of respondents, while 27% pointed to the lack of IT support. Some 25.3% of remote employees admitted not using any 2FA, while 38.3% did so for some accounts. Another 21% tapped 2FA for most accounts and 15.4% did likewise for all accounts. Acronis’ vice president of cyber protection research Candid Wuest said: “The cybercrime industry proved to be a well-oiled machine this year, relying on proven attack techniques, like phishing, malware, DDoS, and others. Threat actors are increasingly expanding their targets, while organisations are held back by the growing complexity of IT infrastructure.”Only a small number of companies have taken the time to modernise their IT stack with integrated data protection and cybersecurity. The threat landscape will continue to grow and automation is the only path to greater security, lower costs, improved efficiency, and reduced risks,” Wuest said.RELATED COVERAGE More

Compromising a business supply chain is a key goal for cyber attackers, because by gaining access to a company that provides software or services to many other companies, it’s possible to find a potential way into thousands of targets at once.Several major incidents during the past 12 months have demonstrated the large-scale consequences supply chain attacks can have. In one of the biggest cybersecurity incidents in recent years, cyber attackers working for the Russian foreign intelligence service compromised updates from IT services provider SolarWinds that were downloaded by 18,000 customers, with the attackers then going on to target around 100 of those customers including several US government agencies.

ZDNet Recommends

Other cyber criminals were able to carry out a supply chain attack using a vulnerability in software from Kaseya to launch a ransomware attack that affected thousands of its customers around the world. SEE: A winning strategy for cybersecurity (ZDNet special report)”The issue of the threat to IT service providers as part of a supply chain was clearly one of the features of the last year,” said Simon Mehdian-Staffell, UK government affairs manager at Microsoft, speaking during a Chatham House Cyber 2021 Conference discussion on the rise of state-backed cyberattacks.Some of these attacks have been identified because they’ve been on such a large scale, like the ones above. But there are means of supply chain compromise that are far less likely to draw attention, but can be very effective. And a more tightly focused campaign might be harder to detect.  “Clearly there’s trade-offs to be made between where they cast their net and the potential increased likelihood of being detected, so operators are having to make those trade-offs,” said Jamie Collier, cyber threat intelligence consultant at Mandiant, also speaking during the Chatham House panel. 

While big attacks get the attention, the past few years have seen “other vectors of supply chain compromise that are dominating the numbers that maybe don’t get the attention they deserve”, he added. These lower-scale, less obvious supply chain attacks can be just as effective for cyber attackers, providing discreet pathways into networks. In particular, developer or mobile environments can provide this gateway – and cyber attackers have noticed.  “First of all would be developer environments, we see a huge amount of supply chain compromise around there. And the second would be mobile.” said Collier. “So, while we want to focus on the likes of SolarWinds, there is a wider landscape out there and it’s important we recognise that broader spectrum,” he added. Given the success of major supply chain attacks thus far, they’ll remain a cybersecurity threat for the foreseeable future. 

“Supply chain attacks continue to be an attractive vector at the hand of sophisticated actors and the threat from these attacks is likely to grow. Especially as we anticipate technology supply chains will become increasingly complicated in the coming years,” Lindy Cameron, CEO of the National Cyber Security Centre (NCSC), said in a keynote address to the Cyber 2021 Conference. SEE: A company spotted a security breach. Then investigators found this new mysterious malwareThe threat of supply chain attacks means that organisations should examine what they can do to make themselves more resilient to cyberattacks. They should also examine how to protect themselves in the event of one of their suppliers unknowingly falling victim to a malicious cyber campaign. “First, organisations need to establish a clear security direction with their suppliers, asking for and incentivising good security through the supply chain. This is often relatively straightforward security practices, such as controlling how privileged access is managed,” said Cameron. “Second, organisations should take an approach where their design is resilient if a technology supplier is compromised. The SolarWinds incident is a good example. To be blunt, if your SolarWinds installation couldn’t talk directly to the internet – which it shouldn’t have been able to do – then the whole attack was irrelevant to your network,” she added. Organisations and their information security teams can go a long way to helping to protect the network from attacks by knowing exactly what’s on it and what is connected to the internet. By ensuring infrastructure that doesn’t need to be connected directly to the internet isn’t directly connected, you can provide a major barrier to attacks being successful.  MORE ON CYBERSECURITY More

Image: Cisco
51% of Asia Pacific small to medium-sized businesses that were hit with a cyber incident in the past year saw the cost of that incident exceed $500,000, according to a survey conducted by Cisco. Sampling 3,750 businesses employing between 10 and 999 employees in 14 countries around the region, Cisco said 83% reported an incident in excess of $100,000, and 13% had an incident cost more than $1 million. The survey was conducted between April and July. In Australia, where 306 qualifying businesses responded, the numbers were more stark, with 64% reporting an incident costing over $500,000, and 33% saying they were hit more than $1 million in cost. For businesses that ran simulation exercises, Cisco said 85% of respondents found issues in their defences. “Of those that identified weaknesses, 95% said the exercises revealed issues with not having the right technology solutions in place to detect a cyber attack or threat. The same number found they had too many technologies and struggled to integrate them together, while 96% discovered they did not have the right technology solutions to block an attack,” the company said. The main vector that attacked the sampled businesses was malware, which was used 85% of the time and led to 75% of attacks getting customer information, 62% finding internal emails, and 61% of attacks hitting employee data, intellectual property, or financial data. In its 2020-21 annual report released earlier this week, the Australian Signals Directorate (ASD) said it has seen a 15% increase in ransomware attacks over the past year.

“ASD responded to more than 1,630 cybersecurity incidents during 2020–21. Compared to the previous financial year, the total number of cybersecurity incidents in the 2020-21 financial year decreased by 28%,” it said. “A higher proportion of cybersecurity incidents this financial year were categorised by the ACSC as ‘substantial’ in impact. This change is due in part to an increase in attacks by cybercriminals on larger organisations and the impact of these attacks on the victims. The attacks included data theft, extortion, and/or rendering services offline.” Thanks to the pandemic, ASD said it has shifted more of its workforce to flexible and home-based work and taken down 7,700 sites that were hosting “cybercrime activity” related to COVID-19. Related Coverage More