Subterms
Illustration: Maria Diaz | ZDNET – Photo: MaryAnnShmueli via Getty Images Eufy’s claims to keep “privacy in your own hands” have been rendered null, after a researcher caught the security camera company uploading local-only footage to the cloud without user authorization or knowledge. To top it all off, users have also been made aware that […] More
SARINYAPINNGAM/Getty Images/iStockphoto Bitwarden is one of many password managers on the market, most of which include a bevy of features. As more and more people start using a password manager in their daily life, the creators of the tools add extra features to make them more appealing. ZDNET Recommends One such feature you might find […] More
StackCommerce In this day and age, if you’re not using a password manager, chances are pretty good you might be using passwords that are weak enough to be cracked by any hacker. And given how rampant password-based attacks and data breaches are, you should consider making use of a password manager. ZDNET Recommends Why? Because […] More
Image: Getty ZIP and RAR files have overtaken Office documents as the file most commonly used by cyber criminals to deliver malware, according to an analysis of real-world cyber attacks and data collected from millions of PCs. The research, based on customer data by HP Wolf Security, found in the period between July and September […] More
Hackers who breached Medibank’s systems have dumped another batch of data on the dark web, along with claims the files contain all of the data they took in a heist that impacted 9.7 million customers. The Australian insurance group confirms six zipped files of data have been released, while government officials reiterate the overdue need to overhaul the country’s cyber strategy. Medibank on Thursday said it was analysing the data, which was released overnight on the dark web, but added that the files appeared to comprise customer information compromised in the breach. First announced in October, the security incident affected 9.7 million current and former customers as well as some of their authorised representatives. Amongst those impacted were 1.8 million international customers. Before the latest data dump, hackers involved in the theft had released the files in batches along with demands for ransom. Medibank had said it would not pay any ransom.In its statement Thursday, the insurance company said there was no indication financial or banking details had been compromised and the stolen data alone was insufficient to facilitate identity or financial fraud. It further noted that the raw data, so far, had been determined to be incomplete and difficult to understand. This remained so for the latest six zipped files, which were released in a folder tagged “full”, Medibank said, adding that the health data released was not matched up with customer and contact details. Australia’s Attorney-General Mark Dreyfus said the government was aware of the latest data dump and confirmed “agencies” were looking into it. A review of the country’s Privacy Act also was slated to be completed by year-end, Dreyfus said when asked about how legislation should be further updated, following the recent increase in penalties for data breaches. Speaking in an interview with ABC Radio Melbourne, he said: “This is a really outdated piece of legislation. We need to have a wholesale reform of it.”Dreyfus added that he would be working on a “complete revision” of the Privacy Act next year. Until then, he noted that the significant increase in financial penalties should serve as an incentive for local organisations that stored personal information of Australian residents to ensure they took better care of the data and adopted better security measures. The government last month passed a legislation to push up maximum financial penalties for serious or repeated data breaches to AU$50 million ($32.34 million), from its previous AU$2.22 million, or three times the value of any benefit obtained through the data misuse, or 30% of the company’s adjusted turnover in the relevant period, whichever is greater. RELATED COVERAGE More
Image: Getty Images Google on Wednesday shared the details of newly exposed exploitation frameworks capable of deploying spyware to targeted devices. Dubbed the “Heliconia” exploits, they appear to have ties to the Spanish company Variston IT, according to Google Threat Analysis Group (TAG). Heliconia targets n-day vulnerabilities, meaning that there are already patches available for […] More
Singapore has released what it says is a blueprint to combat growing ransomware threat and offer guidelines on how to mitigate such attacks. These include a reference ransomware “kill chain” and recommendations on whether to pay ransom demands. Ransomware risks had increased significantly in scale and impact, becoming an “urgent” problem that countries including Singapore must address, said Cyber Security Agency (CSA) in a statement Wednesday. “It is inherently an international problem, as attackers conduct their operations across borders and jurisdictional lines to evade justice” the government agency said. “Fuelled by illicit monetary gains, ransomware has raised a criminal ecosystem, offering criminal services from unauthorised access to targeted networks to money laundering services.”To effectively address the challenge, it underscored the need to coordinate cybersecurity, law enforcement, and financial regulatory agencies as well as support global collaboration. This had prompted Singapore to establish an inter-agency task force early this year, comprising senior representatives from various ministries and government agencies including CSA, Government Technology Agency, Ministry of Defence, Monetary Authority of Singapore, and Singapore Police Force. The task force focused on three primary outcomes encompassing a reference model for a ransomware kill chain, which would serve as the foundation for government agencies to coordinate and develop counter-ransomware solutions. It also reviewed the country’s policies towards making ransom payments and established recommendations of operational plans and capabilities needed to combat ransomware effectively. The kill chain outlines five stages of a ransomware attack, starting from the phases before it is activated and when attackers gain access to the targeted system and and execute preparatory steps, such as data exfiltration and removal of backups. Stealth is a priority here and attackers have been known to carry out these stages months before activation, according to the blueprint. It highlighted that “prevention is better than cure”, the report noted, adding that cutting the skill chain at the initial two stages should be the priority. “Having a common reference model of a ransomware kill chain will allow countries to better understand each other, facilitate information sharing, benchmark counter-ransomware best practices, and identify gaps in existing national measures,” the task force said in the report. The blueprint also supported Singapore’s stance that payment of ransoms should be “strongly discouraged”, as doing so would further fuel the ransomware problem since that was the attacker’s main objective.Furthermore, paying the ransom neither guaranteed the decryption of data nor that the data would not be published by the hackers. The task force noted that organisations that opted to pay the ransom could be identified as “soft” targets and be hit again. In addition, payment of ransoms in such attacks under certain circumstance may breach the Terrorism Act 2002, which criminalises the financing of terrorist acts. With this in mind, the task force recommended government agencies and owners of critical information infrastructures (CII) consider the risk and notify CSA and law enforcement, in the event of a ransomware attack, before making any ransom payment.it also suggested the government looked at four key action plans, including strengthening the cyber defence of high-risk targets, such as CIIs and government agencies, as well as supporting recovery so victims of ransomware attacks did not feel pressured to pay the ransom. According to CSA, the number of reported ransomware cases totalled 137 last year, up 54% from 2020, with SMBs from sectors such as manufacturing and IT mostly falling victims to such attacks. It added that ransomware groups targeting SMBs in Singapore tapped the ransomware-as-a-service model, which made it easier for amateur hackers to use existing infrastructure to push out ransomware payloads. RELATED COVERAGE More
Ransomware attacks continue to plague nations such as Japan and Singapore, where they are expected to remain a significant concern especially for critical information infrastructure (CII) sectors. Small and midsize businesses (SMBs), too, are a growing worry as they often lack resources and more likely to fall victim to cyber attacks. Cyber attacks had been increasing in volume over the last few years and this past year was no exception, NTT’s chief cybersecurity strategist Mihoko Matsubara said in an interview with ZDNET. The Ukraine war also had prompted questions from organisations in Japan about how it would impact the cyber threat landscape, said Tokyo-based Matsubara, but noted it was difficult to determine if there was a direct correlation between the ongoing conflict and growing number of cyber attacks. She added that most companies, as they digitalised their operations, would have more IT assets and an expanded attack surface to protect, making it more difficult to safeguard their network amidst the onslaught of attacks. The heightened awareness of the potential risks, however, presented an opportunity for businesses and countries to enhance their cyber resiliency, she said.Righard Zwienenberg, ESET’s senior research fellow, said the security vendor’s research showed a drop in ransomware attacks this year, with phishing still the top threat, especially for companies in Japan.However. the figures did not necessarily indicate hackers were moving their attention away from ransomware, said Zwienenberg, who also is a member of the Europol European Cyber Crime Center’s advisory group. Instead, the drop in the number of ransomware attacks likely reflected a change in “business model” that concentrated less on lower tiered companies and more on higher value enterprises with deeper pockets. This meant hackers could demand higher ransoms from their targeted victims, he said, pointing to ransom demands last year that ranged from $4.4 million in the US Colonial Pipeline ransomware attack, to $70 million with Kaseya and $240 million involving MediaMarkt. And rather than blocking access to sensitive or customer data, he added that cybercriminals increasingly were opting for extortion, in which they would threaten to release their victims’ data and notify the public about the data breach. This would cause more damage to the targeted organisations, including financial penalty for potentially violating local data privacy regulations, and push them to pay the ransom. Zwienenberg advocated the need for regulations that would stop organisations from giving in to ransom demands, noting that there was never any guarantee ceding to such demands would lead to a full recovery of stolen data or that hackers would remove data logs. He also pointed to growing worries about CIIs amidst a shift in target towards these sectors and cyber warfare, as a result of the war in Ukraine. SMBs need help staving off attacksMatsubara, too, expressed concerns about an increase in ransomware attacks targeting hospitals in Japan as well as SMBs. Citing the Japanese National Police Agency, she noted that more than half of companies affected by ransomware attacks were SMBs, compared to one third that were large or major Japanese organisations. With SMBs an integral part of global supply chains, she urged governments and industry players to work together and identify ways, apart from funding, to provide better support to bolster SMBs’ business continuity capabilities. The Tokyo metropolitan government, for instance, rolled out a uniquely Japanese campaign that included a series of manga-styled guidebooks to better help SMBs visualise cybersecurity attacks and how they should mitigate and respond to threats, such as ransomware and business email compromise. Matsubara noted, though, that the ongoing Ukraine conflict had prompted more dialogues between governments and their local industries, as part of efforts to exchange threat intel. This was encouraging since the public sector was not always forthcoming about sharing information in the interest of national security, said Matsubara, who once worked at the Japan’s Ministry of Defence and served on the government’s cybersecurity R&D policy committee. Noting that cybersecurity was a global challenge, she said it was increasingly necessary for defence ministries to engage with the general public and business leaders so they could help local industries enhance their cyber defences and better protect infrastructures.Ensuring there was a bridge between the public and private sectors also would help shape regulations and polices that were practical, while ensuring technologies could be developed in a timely and effective way, she added. It would further encourage incident reporting and mutual sharing of threat intel, since businesses would not feel it was an unfair one-sided trade and would be better assured their insights were being taken seriously, she said. Asked how nations with dedicated cyber defence units such as Singapore should ensure these were effective, Matsubara again underscored the need for cyber intelligence sharing amongst various ministries and industry, particularly CII operators. There also should be regular joint cybersecurity exercises between government agencies, CII companies, and the cyber defence unit to test their incident response capabilities. Pointing to the ransomware attack that brought down the US Colonial Pipeline last year, she said the case demonstrated that financially-motivated cybercrimes that targeted a specific company could cause significant damage in other sectors as well as the rest of the country. Other nations also could be impacted since there were no borders in the cyber realm.The potentially wide spread and interdependencies of CII sectors, such as transport and energy, further stressed the importance for governments and the industry to participate in intelligence sharing and joint cybersecurity exercises, she said. Sociopolitical tensions such as the ongoing Sino-US trade war, though, could introduce further complexities to the global ecosystem, particularly if it resulted in the decoupling of technology infrastructures.It could mean organisations would have to support more protocols to ensure interoperability, potentially resulting in more exploits and more patches to deploy, Zwienenberg said. Businesses–in particular, SMBs–already were taking too long to roll out fixes, with known exploits left unpatched sometimes for months, he said, noting that old exploits such as Wannacry still infecting systems today. RELATED COVERAGE More
