Information Technology

According to analyst firm IDC, overall security spending is expected to reach nearly $1 billion in Brazil this year, an increase of 10% in relation to 2020.

Government

Of that total, spending on security solutions will reach $860 million, the analyst said, with cloud security becoming a key area of focus for Brazilian IT decision-makers. According to IDC, 2022 will see firms dealing with an increasing number of cyberattacks, a trend that has gathered pace since the start of the COVID-19 pandemic. The research added that managed detection and response (MDR) services will continue to gain ground as the demand for skilled professionals intensifies.The shortage of information security skills is one of the most significant issues facing Brazilian IT organizations, mentioned by 40% of the businesses polled by IDC. In addition, 57% said they will rely on external help to manage and operate environments with modern cybersecurity solutions due to the shortage of professionals to boost internal teams.With over 33 million intrusion attempts in 2021, Brazil is only behind the US, Germany and the UK in terms of ransomware attacks, according to a cyber threats report released by SonicWall. In 2020, Brazil ranked ninth in the same ranking, with 3,8 million ransomware attacks. Also: Investment in data privacy in Brazil falls below global averageAccording to the SonicWall report, Brazil also stands out in terms of malware attacks, which have increased over 61% in 2021, with 210 million attacks in 2021, compared to approximately 130 million seen in the prior year.

According to a separate study released in December 2021 by PwC, the vast majority of Brazilian companies plan to boost their cybersecurity budgets in 2022. The study noted the increase in cyberattacks against local organizations was among the key concerns of senior decision-makers. The study suggests that 45% of Brazilian companies estimate an increase of 10% or more in investments in data security, compared to 26% worldwide. Only 14% of Brazilian leaders expressed the same levels of concern in relation to cybersecurity in 2020, against 8% worldwide. In 2021, 50% of the companies polled by PwC claimed to have allocated up to 10% of their technology budget to security-related actions. More

CISA has published a guide containing free cybersecurity resources and services that may be valuable in incident response. 

Special feature

Cyberwar and the Future of Cybersecurity

Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.

Read More

The US Cybersecurity and Infrastructure Security Agency (CISA) is responsible for monitoring, managing, and reducing risk to the country’s critical infrastructure. The federal agency is also known for issuing alerts relating to high-profile data breaches and vulnerability disclosures. Last month, CISA warned organizations to shore up their defenses in light of the cyberattacks endured by Ukraine’s government, in which IT systems were disrupted, and government-owned website domains were defaced by suspected Russian cybercriminals.  As part of an ongoing initiative to improve the cybersecurity posture of US infrastructure providers, critical services, and state to local governments, CISA has compiled a guide containing advice, resources, and links to services that can help organizations reduce their risk exposure as well as deal with the aftermath of a security incident.  While CISA is keen to emphasize that the federal agency doesn’t endorse the resources for specific use cases, the guide is separated into categories: foundational measures, how to reduce the likelihood of a “damaging” cyberattack; the steps to take to detect an intrusion, incident response, and resources for maximizing resilience to destructive attacks. Also: CISA issues advisory warning of critical vulnerabilities in Airspan Networks MimosaThe list contains a mixture of open source tools and software, services offered by public and private cybersecurity organizations, as well as resources provided by CISA itself for free. 

The federal agency first recommends that companies take basic steps to improve their security, including the implementation of patch cycles to fix known software vulnerabilities, implementing two-factor or multi-factor authentication (2FA/MFA), upgrading legacy and out-of-support software, and replacing default or old passwords. After tackling the above steps, CISA then recommends that organizations check out the additional categories.  The resources include pointers to phishing assessment services, remote penetration tests, distributed denial-of-service (DDoS) protection, Project Shield, repositories for threat data, antivirus tools, forensics software, and backup services, among others.   Skill levels for each service or tool are separated by way of basic or advanced knowledge requirements.  CISA’s list will be continually updated, and the agency intends to create a process for organizations to submit free tools and services for consideration in the future.  See also Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Scam artists have taken advantage of a contract migration initiative to swindle NFTs out of users in an opportunistic phishing attack.

Last week, NFT marketplace OpenSea announced the rollout of contract migrations and an upgrade to make sure inactive, old NFT listings on Ethereum expire safely and to allow OpenSea to “offer new safety features in the future.”The contract migration timeline was set from February 18 to February 25.  NFT holders are required to make the change, and OpenSea published a guide to assist them. After the deadline, any listings that were not migrated would expire, although they could be re-listed after this window without further fees.  However, an attacker saw an opportunity to cash in. Check Point Research has suggested that phishing emails were sent to users, linking them to fraudulent websites. “Some hackers took advantage of the upgrade process and decided to scam NFT users by using the same email from OpenSea and resending it to the OpenSea victims,” the researchers said. Also: How the initial access broker market leads to ransomware attacks

Marketplace users were reportedly urged to click a link and sign a malicious transaction that was crafted to look like a legitimate OpenSea request.  According to the researchers, the attacker created their contract prior to the transition and made use of atomicMatch_, a form of request “capable of stealing all victim NFTS in one transaction.”The wallet connected to the phishing attack held over two million dollars after some of the stolen NFTs were sold, CPR noted, although, at the time of writing, just over $8,000 is left in the account. In total, there have been over 350 transactions from this wallet address, including deposits and withdrawals.  Originally, it was believed that 32 users had their NFTs stolen after falling prey to the phishing attack. “The attack doesn’t appear to be active at this point — we haven’t seen any malicious activity from the attacker’s account in 2 hours,” OpenSea CEO Devin Finzer said on February 20. “Some of the NFTs have been returned. […] We are not aware of any recent phishing emails that have been sent to users, but at this time, we do not know which website was tricking users into maliciously signing messages.” In an update, OpenSea said its team has been working “around the clock” to investigate, and this number of suspected victims has been narrowed down to 17. “Our original count included anyone who had *interacted* with the attacker, rather than those who were victims of the phishing attack,” OpenSea said.  It has now been over 22 hours since the last fraudulent transaction made in the attacker’s wallet.  Nadav Hollander, OpenSea CTO, published a Twitter thread containing the organization’s current understanding of the attack, which the firm does not believe originated from OpenSea.  “All of the malicious orders contain valid signatures from the affected users, indicating that they did sign an order somewhere, at some point in time,” Hollander said. “However, none of these orders were broadcasted to OpenSea at the time of signing.” In addition, the orders were not executed against the new Wyvern 2.3 contract.  Hollander commented: “32 users [note: now estimated to be 17] had NFTs stolen over a relatively short time period. This is extremely unfortunate but suggests a targeted attack as opposed to a systemic issue. This information, coupled with our discussions with impacted users and investigation by security experts, suggests a phishing operation that was executed ahead of the deprecation of the 2.2 contract given the impending invalidation of these collected malicious orders. Even though it appears the attack was made from outside OpenSea, we are actively helping affected users and discussing ways to provide them additional assistance.” Cybersecurity expert Dan Guido also highlighted the inherent security issues with wallets and their exposure to phishing campaigns.  OpenSea continues to investigate.  In other recent NFT news, Fortinet researchers have warned that cyberattackers are jumping on the NFT hype to spread BitRAT malware. See alsoHave a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Not a week goes by that I don’t hear from someone who has lost access to their Apple ID. It can be pretty traumatic — you can lose access to a lot of different features and services.And Apple has several ways for users to get themselves out of a jam.

It’s just they’re all a bit of a hassle.A far easier way is to plan in advance and set up an account recovery contact (or contacts!).What is an account recovery contact?If you lose access to your Apple ID, you can follow the steps on your device to share the onscreen instructions with your recovery contact and request a six-digit code that will allow you to reset your Apple ID password.Oh, and don’t worry. Your account contacts don’t get access to any of your data.

On the iPhone or the iPad, you must be running iOS 15 or later:Tap on Settings and then on your name at the top of the screenTap Password & Security, then Account RecoveryTap on Add Recovery Contact (you’ll need to authenticate with Face ID or Touch ID), and then you can choose your contact (those in your Family Sharing group are added automatically, whereas any other contact will need to accept your request first)It’s that simple.You can also do the same on the Mac, but you must be running macOS Monterey or later:Click on the Apple menu, then go to System PreferencesClick on Apple IDClick Password & SecurityNext to Account Recovery, click on ManageClick on + and then Add Recovery Contact (you will need to authenticate with Touch ID or your password), and then you can choose your contact (those in your Family Sharing group are added automatically, whereas any other contact will need to accept your request first)Again, it’s all quite straightforward.Apple has detailed information on how to set this up, along with information for those who are set as account recovery contacts.I recommend you set up a recovery contact today because having one — or several, you can have up to five — set up can save you a lot of grief down the line. More

Smartphones like the

iPhone

 are home to so much information.

Texts, emails, financial, medical. Then on top of that, smartphones can be used to track our movements and what we do online.It’s vital to keep them secured.But what do you do if someone has figured out a way into your iPhone? How do you even know if someone has found a way into your iPhone?Yeah, scary, isn’t it.Over the past few weeks, I’ve been assisting someone in this exact position. Someone that they trusted turned out not to be worthy of that trust and The first reaction of most people is to change their passcode, but that’s not where I’d start.Note: If someone does have access to your iPhone, either because they’ve guessed your passcode, or by another means, remember that making changes to revoke that access will be noticeable to them.

Here’s the process that I follow for securing an iPhone that someone might have gained access to:#1: RebootThere’s a reason we start with a reboot. Bottom line, if someone has compromised an iPhone using a jailbreak or some other exploit, a simple reboot should get rid of it. Instruction on how to reboot your iPhone can be found here. A regular reboot will also help to keep your iPhone running swiftly and smoothly, and it’s something that I do once a week.#2: Change your passcodeIt has to be done. Make it a secure one because this is the key to everything on your phone: birthdays, pet names, names of children, these all such as passcode.Apple has information here on how to change the passcode for versions of iOS ranging from iOS 12 to iOS 15.Also: iOS 15.3.1: A pleasant surprise after the chaos#3: Check for rogue Face ID or fingerprints.You can have more than one face, and set of fingerprints enrolled in your iPhone. To check if someone has added their face to Face ID, tap Settings > Face ID & Passcode and enter your passcode.If you see the option to Set Up an Alternative Appearance, then there’s only one face enrolled, and you’re OK.However, if that option is not visible, there are two faces enrolled (or perhaps you enrolled your face twice). If this is that case, and you’ve not set up your device so someone else can access it, tap on Reset Face ID and go through the enrollment process again (it takes seconds).If your iPhone users the Touch ID fingerprint reader, I recommend deleting all the stored fingerprints and adding them again.Go to Settings > Touch ID & Passcode, then tap on each fingerprint and then tap Delete Fingerprint to remove it.#4: Run an anti-spyware scanIt might be overkill, but it’s better to be on the safe side. My favorite is Certo AntiSpy, and you can get more information about it here. A lower-cost solution that you can run is iVerify. This app is great because it is packed with awesome hints, tips, and tricks on how to secure your iPhone.
#5: Don’t hand your phone to other peopleIt can be hard to set certain boundaries in life, but the one of not passing your unlocked iPhone over to someone else is probably a good one to build. A smartphone is packed with personal information, and it’s OK to want to keep that private. 

More iPhone More

Akamai CEO Tom Leighton touted the company’s expansion this week on the heels of a Q4 earnings report that saw the company bring in a revenue of $905 million for the quarter and $3.5 billion for the full fiscal year. Akamai announced on Tuesday that it is acquiring infrastructure-as-a-service (IaaS) platform provider Linode for about $900 million. Leighton said Linode is a very developer-friendly IaaS provider that makes it very easy to spin up a virtual machine or a container to build and run applications. “By combining that with Akamai, we’re the world’s leaders in content delivery and web security. We make your applications really fast and we protect them from all sorts of attacks. We have the world’s most distributed edge computing platform for applications that need to be scaled up instantly on a global basis to respond to demand and various geographies in a serverless way,” Leighton told ZDNet in an interview. “Putting them together is a very powerful combination because now developers and enterprises will be able to much more easily do the whole thing on Akamai. They can build the apps on Akamai, run them there, deliver them from Akamai and have them be secured as part of Akamai. Akamai becomes the world’s most distributed cloud services provider, all the way from the cloud to the edge, and we’ll make it really easy to build, run and secure your applications online.”He went on to explain that Linode has great customer support and is already in 11 locations, which Akamai is going to “dramatically” expand. Linode does not have much of a sales force today, so Akamai will help them build that out, Leighton said. Akamai will be integrating in more than 250 employees from Linode’s headquarters in Philadelphia, which will bring them to well over 9,000 employees globally. Leighton also noted the September 2021 acquisition of Israel-based Guardicore, a cybersecurity company that offers a micro-segmentation solution to reduce the potential attack surface of corporate networks, secure applications, and meet compliance standards.

Leighton said the two acquisitions are the largest they have done in the last 20 years and noted that since closing the Guardicore deal, they have nearly doubled their initial projections of $30 million to $35 million in revenue for the company. “The micro-segmentation that they do is really important for stopping the impact of ransomware. Ransomware is a huge problem today and the visibility it gives our customers into what’s going on in their internal networks is really important,” he explained.  “When you put it all together, Akamai is now positioned as the most distributed cloud services provider, with three market-leading capabilities and pillars to support growth. That’s a pretty exciting place to be.” Akamai saw significant growth throughout 2021 in their security services, which contributed to revenue increases of 25% year over year and growth in their edge application services, which was up 30% year over year. According to Leighton, the company is expecting the cloud compute category — which includes edge applications, its net storage business and Linode — to reach “well over half a billion dollars in 2023.”While the company has seen growth in overall revenue, their earnings per share may grow a bit less than usual due to the acquisitions. But Leighton predicted the EPS would bounce back next year. “We generate a ton of cash so we’re in a position to make acquisitions that would benefit our customers and shareholders. I’m really excited about the future. We have a great history of innovation in the internet, beginning with the invention of content delivery and then bringing high quality streaming online, application acceleration, and of course, web security,” he said. “We were pioneers in edge computing and now we’re taking a big step forward in cloud computing with Linode.”

Tech Earnings More

There’s a lot of FUD about how Linux is being shown recently to be less secure than proprietary systems. That’s nonsense. But, now there are hard facts from Google’s Project Zero, Google’s security research team, showing Linux’s developers do a faster job of fixing security bugs than anyone else, including Google.

Project Zero looked at fixed bugs that had been reported between January 2019 and December 2021. The researchers found that open-source programmers fixed Linux issues in an average of only 25 days. In addition, Linux’s developers have been improving their speed in patching security holes from 32 days in 2019 to just 15 in 2021. Its competition didn’t do nearly as well. For instance, Apple, 69 days; Google, 44 days; and Mozilla, 46 days. Coming in at the bottom was Microsoft, 83 days, and Oracle, albeit with only a handful of security problems, with 109 days. By Project Zero’s count, others, which included primarily open-source organizations and companies such as Apache, Canonical, Github, and Kubernetes, came in with a respectable 44 days. Generally, everyone’s getting faster at fixing security bugs. In 2021, vendors took an average of 52 days to fix reported security vulnerabilities. Only three years ago the average was 80 days. In particular, the Project Zero crew noted that Microsoft, Apple, and Linux all significantly reduced their time to fix over the last two years.As for mobile operating systems, Apple iOS with an average of 70 days is a nose better than Android with its 72 days. On the other hand, iOS had far more bugs, 72, than Android with its 10 problems.Browsers problems are also being fixed at a faster pace. Chrome fixed its 40 problems with an average of just under 30 days. Mozilla Firefox, with a mere 8 security holes, patched them in an average of 37.8 days. Webkit, Apple’s web browser engine, which is primarily used by Safari, has a much poorer track record. Webkit’s programmers take an average of over 72 days to fix bugs.Project Zero gives developers 90-days to fix security problems. Besides the average now being well below the 90-day deadline, the team has also seen a dropoff in vendors missing the deadline or the additional 14-day grace period. 

Last year, only a single bug, a Google Android security problem, exceeded its fix deadline, though 14% of bugs required the extra two weeks. Still, everyone’s doing a much better job of fixing security bugs than they’ve been doing in years past. Why? The Project Zero crew suspects it’s because “responsible disclosure policies have become the de-facto standard in the industry, and vendors are more equipped to react rapidly to reports with differing deadlines.” Companies have also been learning best practices from each other with the increase in transparency. I credit much of this to the growth of open-source development methods. People are realizing that it’s to everyone’s advantage to fix bugs together. Related Stories: More

Google has expanded plans to limit data tracking on its Chrome browser by extending that coverage to apps running on Android devices. The Privacy Sandbox project aims to limit the amount of user data that advertisers can gather from browsing and app usage.

But details are scant, and it’s not happening just yet.Google will begin by allowing developers to review initial design proposals and share feedback. Over the year, Google plans to release developer previews, with a beta being available by the end of the year.And it’s clear that Google is worried that by making changes too quickly, it could upend its app ecosystem.”Currently over 90 percent of the apps on Google Play are free,” writes Anthony Chavez, VP of Product Management, Android Security & Privacy at Google, “providing access to valuable content and services to billions of users. Digital advertising plays a key role in making this possible. But in order to ensure a healthy app ecosystem — benefiting users, developers and businesses — the industry must continue to evolve how digital advertising works to improve user privacy.”It seems that right out of the gate, Google is worried that making apps more private could scare off developers from making free apps (although where they might go is unclear).

“We know this initiative needs input from across the industry in order to succeed. We’ve already heard from many partners about their interest in working together to improve ads privacy on Android, and invite more organizations to participate.” Google also took the opportunity to take a pop at Apple at its App Tracking Transparency feature: “We realize that other platforms have taken a different approach to ads privacy, bluntly restricting existing technologies used by developers and advertisers. We believe that — without first providing a privacy-preserving alternative path — such approaches can be ineffective and lead to worse outcomes for user privacy and developer businesses.”One of those businesses is Meta (Facebook), which estimates the changes that Apple made will cost it $10 billion this year alone.Problem is, Apple’s path has been effective for the people that matter — the users. And users, when given a choice as to whether they want apps to track them or not, have overwhelmingly chosen to retain their privacy. Apple also paved the way for greater transparency by forcing app developers to outline how data collected by apps would be used.It’s clear that Google feels it needs to make some positive sounds with regards to privacy, but it’s also clear that simply handing the reigns of control to users isn’t what Google wants to do, and instead, the company wants to come up with a solution that’s more within its control.What does this mean for users? It means that if you want privacy on a mobile device, the choice is clear — you should be ditching Android and buying an iPhone.

ZDNet Recommends More