Information Technology

Canberra-based quantum cybersecurity solutions firm QuintessenceLabs (QLabs) has completed a AU$25 million series B funding round that will be used to expand the company globally and more than double its headcount.The funding round was led by Main Sequence and the investment arm of Canadian telco Telus, with participation from Mizuho Financial Group-backed InterValley Ventures and Terry Snow’s Capital Property Group. Speaking to ZDNet, QLabs founder and CEO Vikram Sharma said the investment would help with the continued development of the company’s quantum-based cybersecurity solutions. Specifically, this will include growing QLabs’ US headcount from eight to more than 20 over the next 18 months, starting with hiring a chief revenue officer, followed by expanding its sales, business development, and marketing teams. “We’ve spent the best part of a decade planting a scientific seed, maturing the science, translating that science to technology, and ultimately mapping that technology to solve real-world cyber problems. Through that process, we achieved our customer base of some very strong names, including a dozen Fortune 500 companies, government organisations, defence agencies,” he said. “This round is all about scale-up. We’re really pleased to have closed it and we’re very much looking forward to the next two to three years.”Sharma added QLabs will also be looking to enter the UK market during the first half of next year.

“We already have relationships in the UK. They’ve got such a storied history in cybersecurity, amongst other technology areas, and it’s the second largest cybermarket in the world, so it’ll be a very natural expansion for us,” he said.QLabs will also be developing its existing relationships in Japan and India, Sharma said.Back in 2017, QLabs picked up AU$3.26 million in funding from the Australian Department of Defence to continue the expansion of its quantum key distribution capabilities and develop an Australia-specific solution. This was followed by an additional AU$528,000 to progress encryption work for the department.Australian banking heavyweight Westpac has also previously funded QLabs’ work, boasting a 16% stake in the company as a result.QLabs was formed in 2008 as a spin-off out of the physics department at the Australian National University (ANU) in Canberra, although QLabs’ product suite was developed independent of ANU.Related CoverageQuantum cybers land in Vault Cloud thanks to QuintessenceLabsThe offering has been touted as the world’s first secure and scalable package for enterprise file synchronisation and sharing systems.How the industry expects to secure information in a quantum worldWith all of the good a quantum computer promises, one of the side effects is that it will be able to break the mechanisms currently used to secure information. But the industry is onto it, and Australia’s QuintessenceLabs is playing a key role.QuintessenceLabs harnesses diode ‘flaw’ for new quantum number generatorHijacking a flaw in diodes to harness quantum physics, Australia’s QuintessenceLabs has built a full-entropy quantum random number generator with a 1Gbps output. More

Image: Getty Images
The United States Federal Communications Commission (FCC) has removed the authority of China Telecom to operate in the US, and given it 60 days to pack its bags, and stop providing domestic and international services. Citing a recommendation from the Trump-era Justice Department, the Commission said China Telecom America “failed to rebut” a series of concerns raised. “China Telecom Americas, a US subsidiary of a Chinese state-owned enterprise, is subject to exploitation, influence, and control by the Chinese government and is highly likely to be forced to comply with Chinese government requests without sufficient legal procedures subject to independent judicial oversight,” the FCC said. “China Telecom Americas’ ownership and control by the Chinese government raise significant national security and law enforcement risks by providing opportunities for China Telecom Americas, its parent entities, and the Chinese government to access, store, disrupt, and/or misroute US communications, which in turn allow them to engage in espionage and other harmful activities against the United States.” The FCC also said the national security landscape has changed since China Telecom entered the US market almost two decades ago, the company showed a lack of “candor, trustworthiness, and reliability” when dealing with US authorities, as well as breaking two of five provisions in a 2007 letter of assurance, and it was not possible to mitigate the expressed concerns.”Today, based on the totality of the extensive unclassified record alone, the commission’s public interest analysis finds that the present and future public interest, convenience, and necessity is no longer served by China Telecom Americas’ retention of its section 214 authority,” the FCC said before also stating the classified material backed up its decision. Elsewhere in America on Tuesday, the Republican sections of the Senate Committee on Commerce, Science, and Transportation released a report that said Seagate sold hard drives to Huawei without the required licence.

“The investigation found that Seagate flouted the regulation designed to protect US national security by making unlawful transactions with Huawei for as long as one year, allowing the company to gain significant profits as it monopolised the market,” the GOP members said. The report said Huawei spends $800 million annually on drives and Seagate holds a “large part” in supplying them. “Based on the evidence available to Minority Staff, it appears that Seagate Technology knowingly violated the Foreign Direct Product Rule for more than one year,” the report states. “Seagate likely made the strategic calculation to continue violating national security regulations based on the prospect of earning significantly greater profits through market monopolisation than the potential cost of regulatory penalties. All unlicensed shipments of prohibited products to Huawei should cease without delay.” Related Coverage More

The federal government has launched a new initiative to block scam text messages posing as legitimate government sender IDs. The new initiative was launched following a year-long pilot program that focused on capturing phishing texts appearing to originate from government agencies such as Centrelink, myGov, and the Australian Taxation Office. “The success of this initiative is timely, given the use of MyGov has increased significantly during the COVID-19 pandemic. I have written to NBN Co, Australia Post, and the banks strongly encouraging them to apply the same process to text messages they send,” Minister for Communications, Urban Infrastructure, Cities and the Arts Paul Fletcher said. According to Fletcher, the pilot program blocked around 2,500 scam texts over 12 months. The initiative was developed by the Australian Cyber Security Centre, Services Australia, and the telecommunications sector. At the same time, Fletcher provided an update on the Reducing Scam Calls Code, saying that over 214 million scam calls have been blocked since telcos were required to adopt the code in December. By comparison, telcos had blocked 30 million scam calls last year prior to the code’s rollout.  Australian Communications and Media Authority chair Nerida O’ Loughlin said yesterday at Senate Estimates that while the scam call code has been successfully adopted by telcos, it was now working with the telecommunications industry to create a new code targeting scam text messages.

“We’re now working with the industry around what they do about SMS scams and the industry itself is developing some new enforceable obligations on the telcos to identify, trace, block and disrupt those SMS scams. We expect that they will put a code in by the end of this year,” O’ Loughlin said.On Monday, Home Affairs secretary Mike Pezzullo told Senate Estimates that his department was also in talks with the telecommunications industry, with those discussions being focused on providing telcos additional more powers to block spam and malicious content under the Telecommunications Act.Federal government launches new AU$15 million cyber education programThe federal government has also announced a new cyber education program, called the Questacon Cyber Ready program, aimed at providing cybersecurity skills to students across primary, secondary, and tertiary education. With almost AU$15 million, to be spent over five years, being allocated to the program, the Questacon Cyber Ready program will provide students with training modules that have been designed to build skills relevant to cybersecurity. There are also training modules designed for teachers and professionals within the program. Minister for Science and Technology Melissa Price said the program, which has a particular focus on underrepresented groups, would sit alongside other cyber education initiatives, such as the Engineering is Elementary program, in equipping younger Australians with cyber skills. “We want to increase the cyber education initiatives available to young Australians, including those in regional and remote areas, and boost the participation of women, Indigenous, and neuro-diverse people,” Price said. According to the Hays Salary Guide Report FY21/22, which is based on survey results of nearly 3,500 organisations, 68% of the local technology industry is suffering from skills shortages. “Technology is a huge one because the demand for technology is exponential [such as] cloud-based specialists, UX/UI, cybersecurity. In those areas, there is a real shortage of talent and skills,” Hays Australia and New Zealand managing director Nick Deligiannis said at the time. Updated at 4:20pm AEST, 27 October 2021: Added comments about potential scam text code by ACMA chair Nerida O’ Loughlin.Related Coverage More

Application security company F5 Networks delivered better-than-expected fourth-quarter financial results, reporting non-GAAP net income of $185 million, or $3.01 per diluted share, on revenue of non-GAAP $617 million.The fourth-quarter fiscal year 2021 GAAP revenue was $682 million, beating Wall Street’s expectations of $671.51 million and $2.75 per share earnings.See also: F5 to acquire multi-cloud security software maker Volterra for $500 million, raises financial outlook. This year, the company announced that it would acquire distributed multi-cloud application security and load-balancing software company Volterra of Santa Clara, California. F5 Networks also announced last month that it is acquiring cloud security company Threat Stack for $68 million.F5 shares are up 2% at $208.12 in after-hours trading.For fiscal year 2021, F5 delivered GAAP revenue of $2.60 billion, up 11% year over year. The company said its revenue growth was driven by 21% product revenue growth and 2% global services revenue growth compared to last year. F5 expects to deliver revenue in the range of $665 million to $685 million, with non-GAAP earnings in the range of $2.71 to $2.83 per diluted share for Q1. 

François Locoh-Donou, F5’s president and CEO, said the strong Q4 caps a “year of robust financial performance for F5.””With software revenue representing 45% of product revenue in the fourth quarter, and 80% of this software revenue coming from subscriptions, we continue to mark milestone after milestone in our rapid transformation to a software led business model,” Locoh-Donou said.”Skyrocketing application usage and heightened security awareness are driving strong demand for F5 solutions on premises, in the cloud, and across multiple clouds. Our expanded solutions portfolio and vision for enabling Adaptive Applications puts us at the intersection of these strong and sustainable secular trends and positions F5 for continued strong revenue and earnings growth.”

Tech Earnings More

DOJ
The Justice Department, Europol and dozens of police forces worldwide announced hundreds of arrests and the seizure of $31 million as part of operation Dark HunTOR — an effort to disrupt dark web marketplaces selling guns, drugs and more. Police forces in the US, Australia, Bulgaria, France, Germany, Italy, the Netherlands, Switzerland and the UK arrested 150 people while seizing 45 firearms and 234kg of drugs — including 152.1kg of amphetamine, 21.6kg of cocaine, 26.9kg of opioids and 32.5kg of MDMA.More than 200,000 ecstasy, fentanyl, oxycodone, hydrocodone and methamphetamine pills were seized alongside counterfeit medicine. Europol said a number of the suspects arrested are considered “high-value targets.”US officials arrested 65 people — the most of any country involved — and Germany nabbed 47 others. 24 people were arrested in the UK, and others were picked up across Europe. All of the law enforcement agencies involved noted that investigations are still being conducted as they try to identify the people behind certain dark web accounts. The Justice Department said arrests were made of those involved in active dark web marketplaces as well as inactive ones, including Dream, WallStreet, Dark Market and White House, which shut down this month.Italian police also disrupted the DeepSea and Berlusconi dark web marketplaces, seizing nearly $4.2 million in cryptocurrency. “The point of operations such as the one today is to put criminals operating on the dark web on notice: the law enforcement community has the means and global partnerships to unmask them and hold them accountable for their illegal activities, even in areas of the dark web,” Europol deputy executive director of operations Jean-Philippe Lecouffe said. 

In a press conference Tuesday morning, US Deputy Attorney General Monaco said the 10-month international law enforcement operation spanned across three continents and involved dozens of US and international law enforcement agencies “to send one clear message to those hiding on the darknet peddling illegal drugs: there is no dark internet.” “We can, and we will shine a light,” Monaco said. “Operation Dark HunTor prevented countless lives from being lost to this dangerous trade in illicit and counterfeit drugs because one pill can kill. The Department of Justice, with our international partners, will continue to crack down on lethal counterfeit opioids purchased on the DarkNet.”Law enforcement officials said the operation was a follow-up to the January takedown of DarkMarket, another widely used illegal marketplace that was disrupted earlier this year. Police in Germany arrested the leading operator and others connected to DarkMarket. That operation allowed authorities to seize DarkMarket’s infrastructure, providing law enforcement agencies worldwide with a trove of evidence to search through. US officials focused their announcement on the disruption of opioid and fentanyl trafficking due to the drug’s prominence in the US and a spate of recent high-profile deaths connected to drugs tainted with the deadly fentanyl.”Today, we face new and increasingly dangerous threats as drug traffickers expand into the digital world and use the Darknet to sell dangerous drugs like fentanyl and methamphetamine,” DEA administrator Anne Milgram said. “These drug traffickers are flooding the United States with deadly, fake pills, driving the US overdose crisis, spurring violence, and threatening the safety and health of American communities. DEA’s message today is clear: criminal drug networks operating on the Darknet, trying to hide from law enforcement, can no longer hide.”US Postal Inspection Service chief postal inspector Gary Barksdale noted that criminals are increasingly turning to the dark web to sell and ship narcotics and other dangerous goods around the world, “often relying on the postal system and private carriers to deliver these illegal products.”Investigators said they discovered that one of the unnamed organizations at the center of the operation was based in Houston, Texas and was involved in selling methamphetamine, counterfeit pressed Adderall, MDMA, cocaine and ketamine across the US. One of the DarkNet vendor accounts was run by people living in Fort Lauderdale, and another was based in Providence, Rhode Island. Agents who conducted the arrests discovered 3.5 kilograms of pressed fentanyl.Others arrested were marketing and selling counterfeit Adderall through the mail that was simply methamphetamine.  More

Open Source

CISA urged developers to update Discourse versions 2.7.8 and earlier in a notice sent out on Sunday, warning that a remote code execution vulnerability was tagged as “critical.” The issue was patched on Friday, and developers explained that CVE-2021-41163 involved “a validation bug in the upstream aws-sdk-sns gem” that could “lead to RCE in Discourse via a maliciously crafted request.”Developers noted that to work around the issue without updating, “requests with a path starting /webhooks/aws could be blocked at an upstream proxy.”The popular open source discussion platform attracts millions of users every month, prompting the message from CISA urging updates to be pushed through. Researchers have detailed the finer points of the problem in blog posts and reported the issue to Discourse, which did not respond to requests for comment. BleepingComputer conducted a search on Shodan that found all Discourse SaaS instances have been patched. Saryu Nayyar, CEO of cybersecurity company Gurucul, said Discourse “continues to make news after researchers discovered a vulnerability that enabled attackers to invoke OS commands at the Administrator level.” 

“It’s critically important for both systems administrators and individual users to keep up with security information from software providers and to install patches promptly. We can’t rely on Microsoft or other OS vendors to automatically push patches to our systems. Users of Discourse software should test and install this patch as their most important priority,” Nayyar said. “Most user computers don’t have computer admin access. If the only admin access on a computer is through the network administrator account, if you can execute using admin access, hackers have the potential to send a command that can compromise the entire network.”Haystack Solutions CEO Doug Britton said the vulnerability is dangerous because it can be run remotely without already being an authenticated user on the victim server.”Level 10 bugs are undoubtedly the most serious vulnerabilities. Discourse is a major communications platform,” Britton said.  More

A major ransomware operation was prevented from making millions of dollars after cybersecurity researchers discovered a flaw in the ransomware that enabled encrypted files to be recovered without paying a ransom to cyber criminals.

learn more

Cybersecurity researchers at Emsisoft have detailed how they were secretly able to foil the cyber criminals behind BlackMatter ransomware, saving several victims from having to pay the ransom. After keeping what they were doing under wraps to avoid the cyber criminals finding out, researchers have now disclosed how they were undermining BlackMatter by providing decryption keys to victims of their attacks. BlackMatter has been active in its current incarnation since July this year, but has actually been around for a lot longer than that because the consensus among information security analysts is that BlackMatter is a rebranded version of DarkSide ransomware.  DarkSide became notorious earlier this year as the culprits behind the Colonial Pipeline ransomware attack. The incident led to shortages of gas and fuel across the US North Eastern seaboard while the criminals walked away with millions of dollars when Colonial paid the ransom. But the impact of the attack didn’t go unnoticed and shortly after the White House vowed action against those responsible, DarkSide lost control of part of their critical infrastructure and some of their Bitcoin wallets were seized. The group seemed to go dark after that.  However, DarkSide soon re-emerged as BlackMatter and the cyber criminals behind it don’t appear to have been put off by finding themselves in the sights of the US government. They have gone onto launch a string of ransomware attacks against companies in North America. 

Posts by BlackMatter on underground forums offering to buy access to compromised networks in the USA, Canada, the UK, and Australia claimed that BlackMatter wouldn’t go after hospitals or state institutions. But this was untrue, and in addition to critical infrastructure in the form of several agricultural companies, the group has also struck blood testing facilities. SEE: A winning strategy for cybersecurity (ZDNet special report)     “The gang’s claim that attacks on the critical infrastructure and certain other sectors was empty: it attacked the very organisations it said it would not,” Brett Callow, threat analyst at Emsisoft told ZDNet.   “So why did they make the claim in the first place? It may have been an attempt to avoid attracting immediate attention from law enforcement agencies in the aftermath of the Colonial Pipeline incident or, perhaps, they believed that companies would be more inclined to negotiate if they didn’t appear to be thugs who attacked hospitals”. In December last year, Emsisoft researchers noticed a mistake made by the DarkSide operators that allowed the decryption of data encrypted by the Windows version of the ransomware without the need for a ransom to be paid — although the criminals fixed it in January.   However, it turns out that the ransomware group made a similar mistake once again when they rebranded, and researchers uncovered a flaw in the BlackMatter ransomware payload which allowed victims to recover files without paying the ransom. After uncovering the second vulnerability, Emsisoft worked with others to provide as many BlackMatter victims as possible with the decryption key before they paid the ransom, a move that has prevented cyber criminals from pocketing tens of millions of dollars.  Unfortunately, BlackMatter eventually figured out that something was wrong and closed the loophole.  “BlackMatter will likely have suspected something was amiss when their revenue started to dip, and will have become more suspicious the longer it went on. Unfortunately, it’s inevitable that gangs will realise they have a problem in these situations. All we can do is work quickly and quietly to help as many victims as we possibly can while the windows of opportunity exist,” said Callow.  “This effort shows the importance of public-private sector collaboration. Working together, we can put a big dent in the profitability of cybercrime, and that’s a key element in combatting the ransomware problem,” he added. Ransomware remains a major information security issue and the best way to avoid having to react to attack is to not become a victim in the first place. Cybersecurity strategies like applying security patches in a timely manner, ensuring multi-factor authentication is applied across the network, and only providing users with the access they need — for example, by not giving admin privileges to people who don’t need them — can all help prevent ransomware attacks.  As for BlackMatter, it’s likely they’ll carry on — but their mistakes may have damaged their reputation in cyber criminal circles.  “I wouldn’t be at all surprised if the operators were to abandon the BlackMatter name and rebrand. Their reputation will be in the  toilet. Their repeated mistakes have cost affiliates money. Lots of money,” said Callow.
MORE ON CYBERSECURITY More

Intelligence agency GCHQ has signed a deal with Amazon Web Services (AWS) to host classified material and boost the use of artificial intelligence for espionage purposes. Although the procurement of cloud infrastructure from AWS was signed off by GCHQ, it will also be used by sister spy services MI5 and MI6, and the Ministry of Defence during joint operations, according to the Financial Times. 

ZDNet Recommends

The deal had not been made public and was signed earlier this year, according to the report. It is worth £500m to £1bn over the next decade, FT sources said. SEE: These stealthy hackers avoid Windows but target Linux as they look to steal phone dataIn a February opinion piece for the Financial Times, GCHQ director Jeremy Fleming said that the agencies “expect AI to be at the heart of this transformation and we want to be transparent about its use.”So-called “good AI” would allow “analysts to deal with ever increasing volumes and complexity of data, improving the quality and speed of decision-making.”This could include identifying and countering troll farms peddling fake news, as well as tracking networks that traffic people, drugs or weapons, Fleming noted.

AWS has a range of AI-powered tools, including its controversial Rekognition image video analysis platform, speech-to-text/text-to speech, translation and text analysis, and a secret region purpose-built for the US intelligence community. The CIA in November awarded its C2E contract to a panel of providers including Amazon, Google, IBM, Microsoft and Oracle, as FedScoop reported at the time. That contract was previously awarded solely to AWS in 2013. AWS will host GCHQ’s and its sister agencies’ top-secret information. Spooks should find it easier to share information from field locations overseas and use AWS tools like speech recognition and machine translation for faster processing of intercepted recordings. It will also gives spies the tools to run faster searches on each others’ databases.SEE: Ransomware: Industrial services top the hit list – but cyber criminals are diversifyingCiaran Martin, the former head of the GCHQ’s National Cyber Security Centre, said the deal with AWS was “not about collecting or hoarding more data,” but was to “use existing large amounts of data more effectively”.Selecting a US cloud provider raises some questions about the UK’s digital sovereignty. FT sources said GCHQ initially sought a UK provider but couldn’t find a domestic player with the required scale or capabilities.  More