Information Technology

Eftpos has switched on a new AI anti-fraud online capability as the Australian debit payments provider continues to expand its security features.The new capability is underpinned by a fraud detection engine that uses AI and machine learning to predict individual behaviour in real time. The feature was developed as part of a partnership with UK-based financial crime prevention firm Featurespace. “The anti-fraud capability has widespread support from banks and fintechs across the country and will scale quickly in the Australian market next year to provide real benefits for merchants and consumers as Eftpos online market penetration grows,” Eftpos CEO Stephen Benton said.Introducing the anti-fraud capability follows Eftpos going live last week with its two-factor authentication functionality, ahead of a full rollout next year.The rollout of these features is part of Eftpos’ five-year, AU$100 million investment it’s making on digital upgrades to its network, designed to enhance the level of protection up-front for consumers and merchants, rather than retrofitting security to legacy systems. Other security capabilities that exist in Eftpos’ security kit include tokenisation, disputes and chargebacks capability, and its digital identity solution, connectID.

The company added that Eftpos payments are already available online for some card-on-file payments where banks have implemented the service for their merchant customers. Since launching the Eftpos digital service that enables Least Cost Routing last year, Eftpos said it has thus far been subject to zero fraud.”Eftpos’ extension further into online payments will quickly drive much needed large-scale competition and place downward pressure on transaction costs. Currently we are well known as the lowest cost debit payments provider for retailers and small businesses at physical shops, and we want to develop the same reputation in the online environment,” Benton said. LATEST FINANCE NEWS FROM AUSTRALIA More

Tech manufacturing giant Panasonic has confirmed that it’s network was accessed illegally this month during a cyberattack.In a statement released on Friday, the Japanese company said it was attacked on November 11 and determined that “some data on a file server had been accessed during the intrusion.” “After detecting the unauthorized access, the company immediately reported the incident to the relevant authorities and implemented security countermeasures, including steps to prevent external access to the network,” Panasonic said in a statement. “In addition to conducting its own investigation, Panasonic is currently working with a specialist third-party organization to investigate the leak and determine if the breach involved customers’ personal information and/or sensitive information related to social infrastructure.”While no other information was provided in the statement, Japanese outlets Mainichi and NHK said the breach actually started on June 22 and ended on November 3. Panasonic did not respond to requests for comment but confirmed that date in an interview with TechCrunch and said the November 11 date actually refers to when the breach was first discovered.NHK reported that the attacked servers stored information about Panasonic business partners and the company’s technology, noting a ransomware incident last November involving a subsidiary of the company that also leaked business information.  

“We cannot predict whether it will affect our business or business performance, but we cannot deny the possibility of a serious incident,” the company told Mainichi on Friday, which according to The Record reported that the breach may have also involved employee information. Panasonic signed a pact with McAfee in March to create a vehicle security operations center focused exclusively on cyberattacks.  More

Over 300,000 Android smartphone users have downloaded what have turned out to be banking trojans after falling victim to malware which has bypassed detection by the Google Play app store.  Detailed by cybersecurity researchers at ThreatFabric, the four different forms of malware are delivered to victims via malicious versions of commonly downloaded applications, including document scanners, QR code readers, fitness monitors and cryptocurrency apps. The apps often come with the functions which are advertised in order to avoid users getting suspicious.  In each case, the malicious intent of the app is hidden and the process of delivering the malware only begins once the app has been installed, enabling them to bypass Play Store detections.  The most prolific of the four malware families is Anatsa, which has been installed by over 200,000 Android users – researchers describe it as an “advanced” banking trojan which can steal usernames and passwords, and uses accessibility logging to capture everything shown on the user’s screen, while a keylogger allows attackers to record all information entered into the phone.  Anasta malware has been active since January, but appears to have received a substantial push since June – researchers were able to identify six different malicious applications designed to deliver the malware. These include apps which posed as QR code scanners, PDF scanners and cryptocurrency apps, all of which deliver the malware.  One of these apps is a QR code scanner which has been installed by 50,000 users alone and the download page features a large number of positive reviews, something which can encourage people to download the app. Users are directed to the apps via phishing emails or malicious ad campaigns.  After the initial download, users are forced to update the app to continue using it – it’s this update which connects to a command and control server and downloads the Anatsa payload onto the device, providing attackers with the means to steal banking details and other information. 

The second most prolific of the malware families detailed by researchers at ThreatFabric is Alien, an Android banking trojan which can also steal two-factor authentication capabilities and which has been active for over a year. The malware has received 95,000 installations via malicious apps in the Play Store.  SEE: A winning strategy for cybersecurity (ZDNet special report) One of these is a gym and fitness training app which when comes with a supporting website designed to enhance the legitimacy, but close inspection of the site reveals placeholder text all over it. The website also serves as the command and control centre for the Alien malware.  Like Anasta, the initial download doesn’t contain malware, but users are asked to install a fake update – disguised as a package of new fitness regimes – which distributes the payload.   The other two forms of malware which have been dropped using similar methods in recent months are Hydra and Ermac, which have a combined total of at least 15,000 downloads. ThreatFabric has linked Hydra and Ermac to Brunhilda, a cyber criminal group known to target Android devices with banking malware. Both Hydra and Ermac provide attackers with access to the device required to steal banking information.  ThreatFabric has reported all of the malicious apps to Google and they’ve either already been removed or are under review. Cyber criminals will continually attempt to find ways to bypass protections to deliver mobile malware, which is becoming increasingly attractive to cyber criminals.  “The Android banking malware echo-system is evolving rapidly. These numbers that we are observing now are the result of a slow but inevitable shift of focus from criminals towards the mobile landscape. With this in mind, the Google Play Store is the most attractive platform to use to serve malware,” Dario Durando, mobile malware specialist at ThreatFabric told ZDNet.  The convincing nature of the malicious apps means that they can be hard to identify as a potential threat, but there are steps users can take to avoid infection  “A good rule of thumb is to always check updates and always be very careful before granting accessibility services privileges – which will be requested by the malicious payload, after the “update” installation –  and be wary of applications that ask to install additional software,” said Durando. ZDNet attempted to contact Google for comment but hadn’t received a response at the time of publication. 
MORE ON CYBERSECURITY  More

Police have arrested 1,003 individuals across 22 jurisdictions in the last few months as part of an Interpol-coordinated operation against online financial crimes, including the business email compromise (BEC) scams. 

ZDNet Recommends

Law enforcement across 20 nations made the arrests between June and September which involved various forms of online fraud crime, including romance scams, investment fraud and money laundering linked to online gambling. Some 2,350 bank accounts were seized as part of Interpol’s Operation HAECHI-II. “Far from the common notion of online fraud as a relatively low-level and low stakes type of criminality, the results of Operation HAECHI-II show that transnational organized crime groups have been using the Internet to extract millions from their victims before funneling the illicit cash to bank accounts across the globe,” the international criminal police organisation said.The operation specifically targeted BEC, or email fraud, which involves tricking staff into wiring large sums to supposed suppliers or contractors, often by using emails that appear to be sent by someone more senior in the organisation. The FBI estimated that BEC scams cost US businesses $1.8 billion in 2020, dwarfing the reported $29 million in losses attributed to ransomware. The scammers have also taken a leaf from the ransomware business by moving to a services-based model where components are rented out to different parties.  Interpol highlighted a case in Colombia where a textiles company lost more than $8 million to a BEC scam. “The perpetrators impersonated the legal representative of the company, giving the order to transfer more than $16 million to two Chinese bank accounts. Half of the money was transferred before the company uncovered the fraud and alerted the Colombian judicial authorities, which in turn quickly contacted Interpol’s financial crime unit through their National Central Bureau in Bogota,” Interpol said. 

To freeze the transferred funds, Interpol worked with its bureaus in Beijing, Bogota and Hong Kong.   “Intercepting the illicit proceeds of online financial crimes before they disappear into the pockets of money mules is a race against time, and we have worked closely with the Attorney General’s Office to move as decisively as possible,” said General Jorge Luis Vargas Valencia, Director General of the Colombian National Police.BEC is an international banking problem that is difficult for law enforcement to address across jurisdictions. The FBI set up the IC3’s Recovery Asset Team (RAT) in February 2018 to handle communications between banks and FBI field offices to freeze funds in cases where victims transferred funds to domestic accounts. However, IC3 has worked with US consulates in foreign territories, such as Hong Kong, to freeze multimillion-dollar transfers headed to bank accounts in China.Interpol notes that in another case, a company in Slovenia transferred $800,000 to money mule accounts in China. The transfer was stopped after Slovenian Criminal Police contacted Interpol and connected with peers at Interpol in Beijing. Operation HAECHI-II involved law enforcement from Angola, Brunei, Cambodia, Colombia, China, India, Indonesia, Ireland, Japan, Korea (Rep. of), Laos, Malaysia, Maldives, Philippines, Romania, Singapore, Slovenia, Spain, Thailand, and Vietnam. More

European Union members have a collective cybersecurity skills shortage that may be partially addressed by a surge in new graduates — but even that potential solution is not without its problems.Supply chain component strains are affecting all industries right now, but one supply chain problem that pre-existed the pandemic is the mismatch between supply and demand for cybersecurity staff.ENISA, the EU’s transnational cybersecurity agency, has now raised a flag about the enduring labor market supply problem and says it won’t be resolved despite a doubling of the number of graduates in the next two years.See also: Managers aren’t worried about keeping their IT workers happy. That’s bad for everyone.”The number of skilled and qualified workers is not enough to meet the demand, and national labour markets are disrupted worldwide, Europe included, as a consequence,” ENISA says in a new report. “The number of graduates in the next 2-3 years is expected to double. However, gender balance is still an issue with only 20% of female students enrolled.”Free market competition for security professionals also impacts the supply of expertise to the public sector and central banks, which don’t pay as much as banks and insurance companies. 

ENISA separates the terms cybersecurity “skills gap” and “skills shortage” in a new report that explores how to solve the problem. The former refers to a lack of appropriate skills in the workforce to perform cybersecurity tasks within a professional setting. The latter refers to “unfilled or hard-to-fill vacancies that have arisen as a consequence of a lack of qualified candidates for posts.”ENISA says there are 126 higher education programs from 25 countries that meet the EU’s definition of a cybersecurity program. For example, a master’s degree requires at least 40% of the taught modules to address cybersecurity topics. Using this definition, master’s-level qualifications constitute 77% of ENISA’s Cybersecurity Higher Education Database (CyberHEAD). Remote learning became the norm during the pandemic. Still, ENISA found that only 14% of higher education cybersecurity programs are purely online, while 57% are classroom-only, and 29% are a blend of face-to-face and online learning. Online may help reduce geographic barriers to entry, argues ENISA. The language was another barrier to entry. Of the EU programs included in the database, there were 16 languages, with 38% taught in English, 17% in Spanish, 11% in German, 7% in Italian, 5% in French, 4% in Greek, and 4% in Portuguese. ENISA argues that an “even higher percentage of English-based programs also presents additional benefits” by producing graduates who are confident at interacting in an international setting. University fees are another barrier to entry. Some 71% of programs required fees to enrol.  In terms of placing new graduates in the private and public sectors, ENISA found that compulsory internships were only part of 34% of EU programs. Only 23% of programs prepared students for specific professional certifications, such as CISSP, ISO 27001 and CompTIA Security+.See also: The secret to being more creative at work? Why timing could be the key.On the question of gender, women made up at least 20% of cybersecurity programs in only six EU nations: Romania (50%), Latvia (47%), Bulgaria (42%), Lithuania (31%), France (20%,) and Sweden (20%). “Unfortunately, these statistics mean that, overall, most HEI programmes in Europe have particularly low levels of gender diversity,” ENISA notes. ENISA made several recommendations to address the EU cybersecurity skills shortage and gap: Increase enrolments and graduates in cybersecurity programs by diversifying the content, levels and languages used in the higher education curriculaProvide scholarships, especially for underrepresented groups, and promote cybersecurity as a diverse field Adopt a common framework for cybersecurity roles, competencies, skills and knowledgePromote challenges and competitions in cybersecurity skillsIncrease collaborations between member states in sharing program results and lessons learntSupport the analysis of demographics (including the diversity) of new students and graduates in cybersecurity More

The federal government has announced it will amend telecommunications legislation to provide telcos with the ability to block scam SMS messages. “The regulatory amendment we have enacted provides the telecommunications sector with the authority they need to block malicious SMS messages at scale and protect the Australian public from scammers,” Minister for Home Affairs Karen Andrews said. “The Morrison government is committed to collaborating with industry to tackle new and emerging threats to the Australian community, including scams that exploit digital technologies for nefarious ends.” The changes entail amending the Telecommunications (Interception and Access) Act 1979 (TIA Act) so that telcos can intercept malicious SMS messages to be able to block them.The regulatory amendments have been in development for some time, with Home Affairs secretary Mike Pezzullo telling Senate Estimates that his department had been in talks with the telecommunications industry to provide more powers to telcos for blocking spam and malicious content through the TIA Act.Telstra CEO Andy Penn said in light of the regulatory changes, his telco was now developing a new cyber safety capability designed to automatically detect and block scam SMS messages as they travel across its network. The capability is currently being run as a pilot inside Telstra so that any scam SMS messages sent to its staff can help “train” the systems to spot the difference between a legitimate and a malicious SMS. This latest capability is part of Telstra’s Cleaner Pipes initiative that commenced last year.

Andrews also announced that a new Joint Policing Cybercrime Coordination Centre — the JPC3 — will be operational from March 2022, which will specifically focus on preventing cyber criminals from scamming, stealing, and defrauding Australians. The JPC3’s operations will be led by Australian Federal Police (AFP) assistant commissioner Justine Gough, who will become the AFP’s first full-time executive dedicated to countering cyber crime. “AFP-led JPC3 will target at scale those cyber criminals who trick firms using business email compromise or unleash mass phishing attacks, which can scam individuals out of personal information or money,” the AFP said. With Andrews announcing these new cyber initiatives, the AFP simultaneously said it has prevented cyber criminals from stealing AU$24 million from local superannuation accounts through a newly unveiled operation. Under Operation Zinger, the AFP said it shut down a criminal marketplace dealing in the online sale of cybercrime software, which contained over 500,000 compromised online credentials. By examining 500 gigabytes of data, the AFP was able to determine victims and offenders. The AFP then proceeded to contact 20 superannuation companies and facilitated the remediation of more than 25 managed super information systems to protect 681 matched super accounts attached to members and 35 matched super accounts attached to employers. The AFP has also charged a Sydney man for stealing more than AU$100,000 in an illegal SMS phishing scam that targeted the banks and telecommunications accounts of more than 450 victims. The phishing scam entailed luring victims onto a phony webpage, via SMS, and asking them to provide personal information. The charged individual then used this information to access victims’ telephone and bank accounts. He also created new accounts without their knowledge. The AFP worked with Commonwealth Bank of Australia, National Australia Bank, and Telstra to identify victims who had entered information into these phony webpages. The companies also placed additional security protocols on those account holders, helping prevent more than AU$4 million from being stolen from the accounts of another 16,000 Australians, the AFP said.  The charged individual, if found guilty, could face up to 26 years of imprisonment.All of the new measures follow the theme of countering cyber threats, much like other initiatives announced by Home Affairs in recent months such as the Critical Infrastructure Bill that is currently waiting for Royal Assent, its national ransomware action plan, and new principles for critical technology supply chain security. RELATED COVERAGE More

This is that time of year when people are busy looking for gifts for friends and family. Socks.After shave.Chocolates.How about giving someone a gift that will keep them and their data safe?That’s a gift that will keep giving throughout 2022 and beyond.So, how do you give someone added security, without breaking the bank?

Give an Yubico Yubikey security key.So, what is a YubiKey?A YubiKey is the ultimate line of defense against having your online accounts taken over. And with prices starting at $45, it’s one of those indispensable gadgets for the 21st century.A hardware authentication device made by Yubico, it’s used to secure access to online accounts, computers, and networks. The Yubikey 5 Series look like small USB flash drives and come in a range of different connectors — USB-A, USB-C, and USB-C and Lightning combo. There are versions that also include support for NFC.It offers two-factor authentication (also known as multi-factor authentication or two-step verification) for hundreds of online services, from Facebook, Google, and Twitter, to more specific services such as Coinbase, Salesforce, and Login.gov. Your YubiKey can also be used to secure password storage services such as Bitwarden , Password Safe , and LastPass.And the great think is that if someone already has one, you’ve got them a backup key (which I highly recommend having).There are two models of YubiKey that I highly recommend.

First is the YubiKey 5 NFC. This not only features a USB-A r USB-C connector (depending on the version you buy), but it also has built-in NFC capability, making it a great choice for laptops, desktops, iPhone, and Android devices.

This YubiKey features a USB-C connector on one end and a Lightning connector on the other. It’s the perfect for iPhone/iPad/Mac users as it covers it all.Perfect for those who don’t need NFC capability. More

Most Brazilian professionals working remotely believe they are responsible for the integrity and security of corporate data, according to a global study on consumer security attitudes. The 2021 Unisys Security Index reveals that two-thirds of Brazilians working remotely stated they are primarily responsible for keeping their employers’ data secure. Of the respondents who believe they are primarily responsible for the integrity of corporate data, 41% also place that responsibility on application providers. Only 21% of those polled hold their employers accountable for data security.

ZDNet Recommends

Best security key 2021

While robust passwords go a long way to securing your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

Read More

The results suggest that most Brazilians have a high degree of responsibility in relation to the corporate data they work with, according to Alexis Aguirre, director at Unisys Cybersecurity for Latin America. On the other hand, Aguirre noted corporate attitudes contrast with the lack of knowledge among the population about the various types of digital security fraud. “It is clear that in addition to investing in technology, it is essential to train people, as users are generally the gateway through which cybercriminals focus their actions, especially using social engineering techniques,” Aguirre adds. The Unisys study polled 11,000 consumers across 11 countries, including 1,000 Brazilian participants. The research has also covered the lack of awareness about security issues among Brazilians, with the minority of respondents stating they are aware of crimes such as SIM jacking and SMS phishing.On the other hand, separate research has found that Brazilians are concerned about the security of their data. A study carried out by Datafolha institute on behalf of Mastercard has found that fear of cyber attacks is high among Brazilian users, with 73% of respondents reported having suffered some kind of digital threat, such as receiving fake messages from companies and stolen passwords. Fostering a data protection culture in Brazil is one of the main initial objectives of the National Data Protection Authority (ANPD), a body set up in 2020. As part of efforts to raise awareness on the issue among the general public, ANPD launched a a data protection guide in September detailing how data holders can protect their data and listing steps that should be taken in case of incidents related to cybersecurity. More