Information Technology

A new report from NTT Application Security has found that applications used by organizations in the education sector have an improving window of exposure despite having lower remediation rates and a higher than average time to fix.This month, the NTT Application Security research team focused on cyberthreats targeting education applications as security concerns in that sector continue to grow with the school year starting. Accelerated online learning environments due to the pandemic and considerable rates of ransomware and phishing attacks against K-12 schools have increased focus on the unique cybersecurity challenges these organizations face. According to the report, although the education sector’s breach exposure has remained relatively consistent this year, it’s taking longer to fix high severity vulnerabilities compared to other industries (206 days vs 201 days). Additionally, applications within the education sector show an increased Window of Exposure (WoE) rate, rising to 57% in August from 53% last month.Setu Kulkarni, vice president of strategy at NTT Application Security, told ZDNet the education sector showed a positive trend as far as WoE is concerned. “As we completed the research, it was surprising to see that less than 50%, actually only 46% of the critical vulnerabilities are ever fixed. That’s a shockingly low remediation rate, but that’s only half of the story. For those 46% of the vulnerabilities that get remediated, on average it takes over 200 days to fix a critical vulnerability once an organization decides to address the vulnerability,” Kulkarni explained. 

“Those two factors are majority contributors to the high breach exposure for applications — that is, applications have an unacceptable WoE to attacks. Moreover, the mix of serious vulnerabilities has remained constant over time and that means, the attackers do not have to try too hard.” Despite the issues, the data indicates that organizations in the education sector are hyper-focused on fixing critical vulnerabilities within some of their web applications and Kulkarni said this approach seems to be working, as the sector’s otherwise stable Window of Exposure metrics are now improving.The education sector has one of the best Window of Exposure metrics (less than one month) across all sectors, according to the report. The researchers found that 53% of applications in the education sector have at least one critical vulnerability exploitable throughout the year, yet 34% of these applications have a Window of Exposure of less than one month. This means that serious vulnerabilities in 34% of applications in the sector get addressed within one month.Kulkarni said that moving forward, there needs to be a focus on reducing the average time to fix critical and high severity vulnerabilities, which are critical to improving the WoE and consequently the overall security posture of applications. “The application security statistics for the education sector indicate a hyper focus among organizations in this sector on a handful of critical web applications and fixing a handful of critical vulnerabilities in those applications,” Kulkarni added. “To accelerate the improvement in the Education sector’s overall application security posture, organizations in the sector should expand their approach to identify their overall attack surface and put in place a systematic program that progressively covers all applications.” Kulkarni also suggested educational organizations provide security training to students and demand that the SaaS and non-SaaS products are thoroughly checked for vulnerabilities. More

Apple released security updates for three vulnerabilities in both macOS Catalina and iOS 12.5.5 that are currently being exploited in the wild. CVE-2021-30869 is an XNU vulnerability found in macOS, iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch that allows malicious applications to execute arbitrary code with kernel privileges.Apple said there are reports that an exploit for the vulnerability exists and said it was addressed “with improved state handling,” noting that it was discovered by Google Threat Analysis Group members Erye Hernandez and Clément Lecigne as well as Ian Beer of Google Project Zero.CVE-2021-30860 was discovered by Citizen Lab and may be connected to the NSO Pegasus spyware that was used to break into Apple devices. The vulnerability affects iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation).There was significant outrage when Citizen Lab released multiple reports this year showing how NSO Pegasus spyware gave certain nation-states and criminal actors full access to Apple devices. CVE-2021-30860, as Citizen Lab described in their latest report, relates to how threat actors could use the processing of a maliciously crafted PDF to execute arbitrary code.Apple admitted in the release that it has been actively exploited and said it was addressed “with improved input validation.”The third vulnerability — CVE-2021-30858 — affects the same devices as the first two and was submitted anonymously. Apple explained that the vulnerability relates to how processing maliciously crafted web content can lead to arbitrary code execution. Like the others, Apple said it was aware that it may have been actively exploited. 

Apple said they solved the issue with “improved memory management.” More

For some families, there’s no way around older kids being home alone after school. This isn’t a new phenomenon, but what is new is a host of new technology and devices that make it easier for parents to keep track of and increase the safety of their children in the hours between school and when parents get home from work. And it goes way beyond just having a home security system.While there is no set or agreed-upon age for when it is appropriate to leave kids home alone, the U.S. Children’s Bureau does offer some guidelines with regard to evaluating maturity levels in children. Most parents can’t even rely on the law to determine when it’s OK to leave kids home alone, as according to the Children’s Bureau, only three states (Illinois, Maryland, and Oregon) have such laws on the book.Here are some tips, technologies, and hacks to help parents keep kids safe when they’re home alone after school.Prepare Before Your Child Needs to be Home AloneIs Your Child Ready?Before you decide to leave your kids at home, consider their level of maturity. While some kids may do well being left alone, not everyone would be comfortable in this type of setting. Ask yourself these questions to determine if perhaps you need to make alternate plans:Timing: Is this recurring time home alone or one-time? Will your child be home alone in the morning, afternoon or evening?Comfort level: Is your child scared of being home alone? If they need help, are they comfortable talking to adults such as neighbors or emergency responders?Compliance: Do your children typically follow rules that you set? Do your children avoid telling you when something has gone wrong, and they need help?Responsibility: Are older children responsible for taking care of younger children – and if so, are they mature enough to take on this responsibility? Can your child accurately judge what is and isn’t an emergency and can choose to call 9-1-1?An Emergency Plan Ahead of TimeOne of the best ways to prep your child to stay home alone is to have an open and honest discussion with them. Before the big day comes, sit down with your child and go over what to do in an emergency. Even better, have them write down the answers to these questions themselves, so they’re sure to remember. Want a printable version of these questions?Information that 9-1-1 would need to knowChild’s name and nearest cross streetsTrusted neighbors and friends to reach out to in an emergencyChild Safety TechnologiesSmart Home CameraA smart home camera is one way to help keep your kids safe and give parents some extra peace of mind. “Parents today are living in an interesting time: teeter-tottering with how and when to use tech to keep tabs on their children,” says Ben Nader, general manager of video solutions at Ooma, which makes smart cameras. With DIY home security cameras increasingly making their way into homes, Nader says parents can use these cameras to keep tabs on their kids’ whereabouts. Certain cameras, such as Google Nest cameras, are even unrolling features that allow cameras to detect familiar faces, technology that can give parents additional insight into the comings and goings at home while they’re away. Smart Doorbell Camera

A doorbell camera is another option. “Parents tell their kids not to answer the door, but kids tend to ignore this rule when the uninvited guest might be a friend,” warns Justin Lavelle, chief communications officer with BeenVerified, an online background check platform. “While peepholes are a safety precaution, they do not prevent strangers from seeing your child through adjacent windows, nor can some children reach the peepholes.”He recommends a smart doorbell camera or video doorbell that detects movement approaching your front door or someone ringing the doorbell and sends a notification to you. This allows parents to stay on top of visitors to the front door while they’re away and kids are home alone. “Nest, Ring, Swann, and Arlo are just a few of the many brands offering such surveillance devices that connect to your smartphone via Wi-Fi and app,” he says. “Some smart doorbells even have a feature that allows homeowners to communicate with their surprise house guest from a remote location.” GPS Watch for KidsWhile a smart camera is great when kids come home from school, they don’t offer much for the time between a kid leaving school and getting home. A GPS watch for kids gives parents additional visibility into a kid’s journey home. These watches have GPS capability that allows parents to look up the exact location of the watch, so as long as a kid is wearing the watch, the parent can make sure they’re where they need to be. Another common feature for these watches allows parents to program a set number of phone numbers the child can communicate with by phone call or text. Sten Kirkbak, the co-founder of XPLORA, a European maker of GPS watches for kids, points out certain watches can also specify geolocated safety zones. “If the child enters or leaves the area, the parent will be notified,” Kirkbak says.Tracking AppsIn lieu of getting a GPS watch, Lavelle recommends downloading a tracking app. “Having a tracking app installed on a smartphone will let you know your kids’ exact location; thus, if there is any trouble (like taking the wrong turn home), you can give them the help they need.” If your kids are old enough to have smartphones and they’re responsible enough to keep up with them, this is one of the most inexpensive ways to monitor their location. A few such kid-tracking apps include Footprints, AngelSense, and Life360.  Computer Monitoring SoftwareKids often come home from school and jump on the computer — and the Internet — to start doing homework. However, the Internet can also pose risks if kids are unsupervised when using it. “With no one there to monitor what websites they’re accessing, kids may come across inappropriate content that is not healthy for young eyes to see,” warns Lavelle.Also, you don’t know who they may be interacting with online. “Children are susceptible to trusting strangers they meet online and giving out personal information,” he says.”Such software as K9 Web Protection, Norton Family Online, and Net Nanny allows parents to control what their children have access to on the internet.” Lavelle also recommends parents set timers for how long kids can play games on the computer, to limit eye strain and balance online time with more active time.”With the number of children and teens online growing year after year, instances of cyberbullying, sexting and online threats continue to flourish just as quickly,” says Titania Jordan, chief parenting officer at Bark, a parental internet monitoring company. Smart Locks and Home Security SystemsA home security system can help protect kids from intruders and also detects smoke and carbon monoxide leaks. However, kids who are home alone will need to know how to disarm the system to reduce false alarms and also communicate verbal passwords to the alarm company. If law enforcement is routinely dispatched to a home for no reason, it could result in penalties and fines depending on local ordinances.Tips and Tricks To Prepare for Being Home AloneDaily ChatsWhile technology can help keep kids safe when they’re home alone after school, communication is also crucial. For example, Kirkbak recommends quick morning chats before school. “These chats are a great way to ensure your kids know where they need to go when the bell rings,” he says. “These briefs help reinforce the message that good communication between kids and parents regarding each other’s whereabouts is important.” These kinds of conversations can help kids understand they shouldn’t make spontaneous decisions to stop off at a friend’s house without asking for permission or communicating their plans.Baby StepsAlso, if this is the first time your kids are staying home alone, you may need to ease them into the process. “Since processes like deactivating the internal alarm might be too stressful to begin with, maybe consider turning that off for the first couple of days until they have built up more confidence,” Kirkbak says.”You might also consider small things, like keeping some lights on in the hallway to avoid a completely dark house on return, or perhaps leaving on the radio and leaving out a little surprise, to help create a more welcoming and homely atmosphere for a child to come home to.” Sten Kirkbak, co-founder of XPLORA, a European maker of GPS watches for kids.Have a Backup PlanIn addition, it’s a good idea to have a backup plan. For example, even if you use smartphones or smartwatches, consider what would happen if your kids lost their devices. One way to address this is to print physical copies of phone numbers that can be posted on the fridge or put in your kids’ backpacks, so they will always have a way to contact someone in the event of an emergency.  Know Your NeighborsIt could also be a good idea to make sure your kid knows to go to a trusted neighbor who can provide assistance when circumstances merit.

ZDNet Recommends More

With the frequency and severity of malware attacks growing practically every day, the files and folders on our computers have never been more at risk. Sure, there have been solutions for strong protection available, but they tend to be so cumbersome and inconvenient to use that few of us would bother. Fortunately, a lifetime subscription to the powerful yet easy-to-use GhostVolt Encryption Software is currently very affordable.GhostVolt will automatically add enterprise-level 256-bit AES encryption to your data and permanently maintains it on your computer or home network. For added security, the program will automatically log you out after a period of inactivity. It will even check your passwords against over 600 million exposed ones.

File management couldn’t be easier since the app is designed just like your regular file explorer, so there’s no learning curve. You can just add your files and folders as you normally would, and they will also be automatically re-encrypted after any editing. You can both preview and share files securely.Many convenience features are built-in, including integration with Microsoft OneDrive, light and dark modes, backup encryption keys, and more. The program is multilingual, as well, for English, Spanish, French, German, Italian, and Portuguese. Users are really satisfied with GhostVolt, rating it 4.3 out of 5 stars on TrustPilot and 4.7 out of 5 stars on Softpedia.If you tend to use a laptop more often than a desktop and spend any time at all on public Wi-Fi networks, and want to take even further precautions, you might like this powerful VPN bundled with two extra displays. But GhostVolt will offer you the ultimate in privacy and protection against data or identity theft. Because the encryption will completely obscure all of your personal information, so it will be unreadable to criminals even if it is stolen, hacked, or breached.You really don’t want to pass up this opportunity to protect all of your most sensitive files when it is so easy and affordable to do; get GhostVolt Encryption Software: Lifetime Subscription while it is on sale for only $29.99. More

Canada-based VoIP provider VoIP.ms is still battling a week-long, massive ransom distributed denial of-service (DDoS) attack. 

ZDNet Recommends

The best VoIP services: Replicate a traditional office phone at home

Are you transitioning your on-premises workforce to a work-at-home powerhouse? Do you need to put a business phone on every desk, even if those desks are in the corner of a spare bedroom? If you’re trying to replicate a traditional office phone PBX remotely, we have 12 recommendations that should get you talking.

Read More

The company, which provides internet telephony services to businesses across the US and Canada, was hit by a DDoS attack on September 16, with the company confirming via Twitter: “At the moment we carry on with the labor of alleviating the effects caused by the massive DDoS directed at our infrastructure. We continue to work full-on re-establishing all of our services so we can have you connected.”SEE: Four months on from a sophisticated cyberattack, Alaska’s health department is still recoveringAs reported by BleepingComputer earlier this week, the attack also affected its domain name service (DNS) infrastructure. Its website remains hard to access some days after the attacks were first acknowledged. In an update on Wednesday, VoIP.ms apologized to customers and confirmed it was still being targeted by what it described as a ‘ransom DDoS attack’ . VoIP.ms says it has over 80,000 customers in 125 countries.    

All our resources are still working at stabilizing our website and voice servers due to the ongoing DDoS attacks. We understand the significance of the impact on our clients’ operations and want to reassure you that all of our efforts are being put into recovering our service.— VoIP.ms (@voipms) September 22, 2021

DDoS attacks are becoming more frequent, more disruptive and increasingly include ransom demands, according to recent research. VoIP.ms’s website currently indicates it is using CDN provider Cloudflare “to protect itself from online attacks”.Cloudflare in August helped block what it claimed was the largest DDoS attack on record, which emanated from about 20 000 compromised internet-connected devices in 125 countries. Variants of the Mirai botnet still plague the internet, some five years after the original Mirai DDoS was open-sourced following a massive attack on the blog Krebs on Security in 2016.  

According to Ars Technica, VoIP.ms is requiring visitors to solve captchas before allowing them to access the site. After completing the captcha challenge, the VoIP.ms website currently displays the message: “A Distributed Denial of Service (DDoS) attack continues to be targeted at our Websites and POP servers. Our team is deploying continuous efforts to stop this however the service is being intermittently affected.”In a Facebook post on Wednesday, the company said: “We have not stopped on all duties required to have our website and voice servers safe from the attack that has been directed to us, we have all the team, plus professional help working minute by minute on controlling the issues and having all crucial services going as expected, Please stay tuned, thanks.”SEE: Half of businesses can’t spot these signs of insider cybersecurity threatsBleepingComputer reported that the attackers have asked for one bitcoin, worth around $45,000 today, to stop the DDoS attacks.Two UK VoIP companies suffered DDoS attacks earlier this month, as reported by The Register: UK-based Voip Unlimited said it was hit with a “colossal ransom demand” after the DDoS attack. Mark Pillow, MD of Voip Unlimited, told The Register that industry body UK Comms Council had reported that other companies had also been affected by DDoS attacks and ransoms from ‘REvil’. However, there is no way of knowing whether this is related to the prolific ransomware attack group of the same name. More

Cybersecurity researchers have detailed a ransomware campaign that clearly borrows attack techniques used by nation-state-backed hacking and cyber-espionage operations.  The campaign came to light when cyber criminals attempted to launch a ransomware attack against an unspecified product safety testing organisation. The attack was detected and stopped before it was successful, but provided cybersecurity researchers at eSentire with enough information to analyse the tactics, techniques and procedures being used.

ZDNet Recommends

The best cyber insurance

The cyber insurance industry is likely to go mainstream and is a simple cost of doing business. Here are a few options to consider.

Read More

As eSentire’s security research team began to investigate the incident, they said they “discovered some very curious findings, relating to both the threat group behind the attack, as well as the tools and techniques used in the attack”.  SEE: A winning strategy for cybersecurity (ZDNet special report) The attack methods used in attempted ransomware campaign resembled techniques previously attributed to state-backed Chinese hacking operations including APT27 – also known as Emissary Panda.  eSentire said the low quality of the ransomware and the lack of any known ransomware breaches by this ‘Hello Ransomware’, along with the attackers’ use of intrusion and reconnaissance methods that are typically associated with sophisticated groups, raises the question of whether the ransomware is the primary goal of the operators.  “Or are the cyber criminals dropping ransomware into their target victims’ IT environment to simply distract from their real motive – cyber espionage?” eSentire said.

While all of this doesn’t necessarily mean that those behind the ransomware are working out of or on behalf of China, it demonstrates how cyber criminals can mimic the tactics used by advanced government-backed hacking groups in an effort to deliver malware.  Techniques deployed in the attempted attack in July include the use of SharePoint exploits and China Chopper, a stealthy remote access tool that provides a backdoor onto compromised systems, often distributed onto web servers. While commonly used by Chinese APT groups, China Chopper web shell is widely available and is popular with a variety of attackers, both state-backed and cyber criminal.  But the use of these exploits and China Chopper aren’t the only techniques the attackers behind ransomware use alongside APT groups, such as using Mimikatz for password scraping and privilege escalation, attempts to disable security monitoring, as well as dropping PowerShell command executions via masquerading as a legitimate anti-virus provider – in this case, mimicking Kaspersky.   There are also time delays between different steps of the attack in an effort to avoid detection. These time delays also suggest a hands-on human touch when carrying out the attacks, something that’s common with APT groups.  While the methodology is the same as that used by nation-state hacking groups, it would be unusual for a state-sponsored group to directly engage in ransomware attacks. Wannacry ransomware, deployed by North Korea, is an infamous example of an attempted ransomware attack by a state, but on the whole, ransomware is the domain of cyber criminals.  There’s the possibility that those behind ransomware are performing a false flag operation, deploying tactics known to be used by a particular operation because it leads any investigation away from them. It’s also well-known that the tactics are an effective means of compromising networks – meaning they’re perfect for ransomware attacks.  Like other forms of ransomware, Hello encrypts files – in this case with a .hello extension – and demands a ransom from victims in exchange for the decryption key. The ransom note is fairly basic, using Notepad to present a ransom note telling the victim to email the attackers to negotiate a deal.   Hello ransomware is also quite basic by the standards of top ransomware in 2021 because there’s no threat to leak stolen data and no leak site for publishing stolen data on. It also isn’t run on a ransomware-as-a-service model, like many of the most prolific ransomware variants today, meaning that it stands out.  Despite all this, the hands-on nature of attacks indicates that whoever is behind Hello ransomware knows what they’re doing.  “Hello ransomware is an exception of ransomware evolution. There’s nothing particularly sophisticated about the ransomware itself, or even the initial access vector, a two-year-old SharePoint vulnerability,” Keegan Keplinger, research and reporting lead at eSentire, told ZDNet.  “It is the post-compromise actions which can really be considered sophisticated,” he added. 

Researchers even suggest the possibility that the ransomware could be laid down as a distraction while laying the foundations for something else.   SEE: Four months on from a sophisticated cyberattack, Alaska’s health department is still recovering “There is a stark difference between the sophisticated intrusion capabilities, used in conjunction with the seemingly simplistic Hello Ransomware. This, in addition to the little-publicised success of the Hello ransomware campaigns, also bring the actors’ motivations into question,” said Keplinger.  The campaign remains mysterious, but while the attack targeting the safety testing organisation was stopped before it was able to encrypt the network, others might not be so lucky.  Steps that businesses can take to help avoid falling victim to ransomware – and many other forms of cyberattacks – include applying security patches for known vulnerabilities in a timely manner and using multi-factor authentication across the network to make it more difficult for intruders to move around networks.  More

A new hacking group targeting entities worldwide to spy on them has been unmasked by researchers.  Dubbed FamousSparrow by ESET, on Thursday, the team said that the advanced persistent threat (APT) group — many of whom are state-sponsored — is a new entry to the cyberespionage space.  Believed to have been active since at least 2019, the APT has been linked to attacks against governments, international organizations, engineering firms, legal companies, and the hospitality sector.   Victims are located in Europe, the United Kingdom, Israel, Saudi Arabia, Taiwan, Burkina Faso in West Africa, and the Americas — including Brazil, Canada, and Guatemala. 
ESET
ESET says that current threat data indicates that FamousSparrow is a separate group independent from other active APTs, however, there do appear to be several overlaps. In one case, exploit tools used by the threat actors were set up with a command-and-control (C2) server linked to the DRDControl APT, and in another, a variant of a loader employed by SparklingGoblin appears to have been in use.

What makes this new APT interesting is that the group joined at least 10 other APT groups that exploited ProxyLogon, a chain of zero-day vulnerabilities disclosed in March which was used to compromise Microsoft Exchange servers worldwide.  The researchers say that ProxyLogon was first exploited by the group on March 3, before Microsoft released emergency patches to the public, which indicates “it is yet another APT group that had access to the details of the ProxyLogon vulnerability chain in March 2021.”

The APT tends to compromise internet-facing applications as its initial attack vector, and this does not only include Microsoft Exchange servers — Microsoft SharePoint and Oracle Opera are in the line of fire, too.  FamousSparrow is the only known APT to make use of a custom backdoor, dubbed SparrowDoor by the team. The backdoor is deployed via a loader and DLL search order hijacking, and once established, a link to the attacker’s C2 is created for the exfiltration of data.  In addition, FamousSparrow accounts for two customized versions of the open source, post-exploit password tool Mimikatz, a legitimate penetration testing kit that has been widely abused by cybercriminals. A version of this tool is dropped upon initial infection, as well as the NetBIOS scanner, Nbtscan, and a utility for gathering in-memory data, such as credentials.  “This is another reminder that it is critical to patch internet-facing applications quickly, or, if quick patching is not possible, to not expose them to the internet at all,” the researchers commented. “The targeting, which includes governments worldwide, suggests that FamousSparrow’s intent is espionage.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Australia and New Zealand Group (ANZ) chief executive Shayne Elliot has encouraged the Standing Committee of Economics to prioritise the need to raise further awareness, as well as recommend additional steps industry and government could take, to address the rising number of scams.In fronting the committee, which is currently undertaking a review of the four major banks and other financial institutions, Elliot highlighted that for the first eights months of 2021, ANZ had seen a 73% increase in scams being detected or reported by customers, compared to the same time last year. Over the same period, ANZ retail customers sent AU$77 million to scammers, of which the bank was able to claw back almost AU$19 million, Elliot said.He also noted that ANZ has blocked over 15 million malicious emails every month, and has blocked between 15 to 20 million attacks on its website, including DDoS attacks, during the period. “The most prevalent and successful scam involves criminals gaining remote access to consumer customer computers and the devices. We’ve also seen a year-on-year increase in investment scams of around 53% and a high proportion of these involve cryptocurrency,” Elliot continued.”There’s good work going on within the industry and government to tackle the problem. For example, the Australian Banking Association launched a scams awareness campaign yesterday. However, more needs to be done. “This committee could help by inquiring into the problem, raising further awareness of the dangers, and recommending additional steps industry and government could take.”

Elliot detailed that for “serious attacks” and when the bank can identify the perpetrator, it works with the likes of Austrac, national security teams, and the police to deal with these attacks but urged more needs to be done to help customers who cannot protect themselves.The average age of scam victims is 59 and 44% are over the age of 65, Elliot reported. “Thankfully, the Australian banking system and it’s not just an entity that is investing heavily in the area … our concern is more to do with our customers who either don’t have the resources or don’t see the need to do this, so it’s a growing issue.”On topic of cryptocurrency, Elliot admits it is an area the bank “struggles” to understand in terms of how to service it while remaining compliant to obligations, such as money laundering sanctions and anti-terrorism financing. “That’s not to say that that’s a forever policy, but right now that’s difficult,” he said. “Just to give you an example, at the moment, we understand if you’re a crypto exchange you may apply for an Austrac licence but that’s not transparent to me. I have no way of knowing or getting access to whether that licence has been granted or not, so it’s quite a difficult area.”For now, we have a policy of not providing banking to the crypto exchange world, in particular. But as I said, it’s not a forever policy, it will depend on how things emerge in that space and how we can do so safely.”A similar view was shared by Commonwealth Bank of Australia chief Matt Comyn who faced the committee on Thursday morning.”We have very specific requirements when we bank someone, we need to understand the remitter and beneficiary. We have certain obligations. Some elements — and there’s a large dispersion of different types of players in the crypto space — is unquestionably fraud and scam. There are also some reputable players. It is by definition a higher risk industry and category,” he said.Such discussions coincide with the release of a whitepaper Cyber Threats and Data Recovery Challenges for FMIs, developed by the Working Group on Cyber Resilience, an industry working group that includes representatives including the Reserve Bank of Australia and the Federal Reserve Bank of New York. The paper highlights the need for greater industry collaboration around: The creation of design principles for housing critical data sets in data bunkers and third-party sites; the need for further guidelines for minimising contagion; the adoption of common standards for assessing third-party risks to the ecosystem; the delivery of industry-wide cyber exercises by an independent party; and a common, yet flexible, definition of service criticality and its prioritisation around resumption.On Thursday, the Australian Securities and Investments Commission (ASIC) also noted it was concerned that social media posts were being used to coordinate pump and dump activity in listed stocks, which could potentially result in market manipulation and therefore in breach of the Corporations Act 2001.As ASIC puts it, pump and dump activity can occur when a person buys shares in a company and starts an organised program to seek to increase the share price using social media and online forums to create a sense of excitement in a stock or spread false news about the company’s prospects. They then sell their shares and take a profit, leaving other shareholders to suffer as share prices fall. ASIC said that it has recently observed “blatant attempts” of such activities, using its real-time surveillance system and by integrating trade data from third parties to identify networks of connected parties and to analyse trading patterns. “Market participants, as gatekeepers, should take active steps to identify and stop potential market misconduct. They should consider the circumstances of all orders that enter a market through their systems, and be aware of indicators of manipulative trading,” ASIC commissioner Cathie Armour said. Related Coverage More