Information Technology

Image: Getty Images/iStockphoto
The New South Wales Police Force is in the process of bringing its back-end into the 21st century, turning to Microsoft and its Azure cloud platform for help.According to Microsoft, the force is retiring, re-architecting, or replacing over 200 legacy systems with cloud-based systems. Part of this transformation is changing the way the force analyses CCTV footage.Labelled as the “AI/ML-infused Insights policing platform”, the system essentially speeds up the processing of data. In one example, NSW Police collected 14,000 pieces of CCTV as part of a murder and assault investigation and analysed it in a manner faster than it previously could.”The AI/ML infused Insights platform ingested this huge volume in five hours and prepared it for analysis by NSW Police Force investigators, a process that would otherwise have taken many weeks to months,” Microsoft said in a case study prepared alongside NSW Police.”Detectives were able to then within days piece together the time sequence of events, movements, and interactions of the person of interest as well as overlay this onto a geospatial platform, visualising the data for detectives and aiding in the preparation of the brief of evidence for Courts.”Leveraging Microsoft Azure cognitive technologies, machine learning, and deep learning capabilities, NSW Police has been able to train the system on image classification allowing it to interpret petabytes of CCTV footage automatically and at speed provide rapid access to leads that officers can pursue to ultimately solve crime faster.”Must read: Human Rights Commission calls for a freeze on ‘high-risk’ facial recognition

The platform can also turn voice to text, allowing for the speedy transcription of police interviews, and can also stitch together CCTV with dash cam footage and then search for objects, including overlaying this on a geospatial solution, the pair added.”Using computer vision it can search to recognise objects, vehicles, locations, such as a backpack, or a tie, or type of shoes a person of interest might be wearing,” NSW Police CITO and executive director of digital technology and innovation Gordon Dunsford said.”The system has been designed with ethics front and centre, and in consultation with privacy experts with a particular focus on avoiding bias,” Microsoft added.Insights is currently hosted internally, but will “shortly” migrate to the cloud. NSW Police, however, is already using a containerisation strategy to parcel up data that needs to be interpreted rapidly, and sending that to Azure for processing.Elsewhere, the force is also working on its Integrated Policing Operating System (IPOS), which will replace the existing 27-year old central database and be used to manage all the data from operations including triple zero calls, arrests and charges, firearms, criminal investigations, forensics, complaints, and public reports.IPOS is based on Mark43’s public safety software.IPOS also provides the force with a single view of a person of interest and can be viewed on an officer’s MobiPol mobile devices. “It can also provide access to important additional information; for example, alerting police to the fact that the address where they are going to apprehend someone is located next to another house where residents are known to be antagonistic to the police through its geofencing capability,” Microsoft added.See also: How Victoria Police handled the Bourke Street incident on social media (TechRepublic)Dunsford said that, at present, officers share MobiPols, but with IPOS there are plans to equip every officer with their own device and access to IPOS.NSW Police also has plans to replace the legacy data store systems with the Digital Evidence Cloud, and has built a small-scale capability that it has trialled with NSW Police’s Forensics Command.Dunsford also wants to understand how low earth orbit (LEO) satellites could be used to support police; how data from the Integrated Connected Officer program which collects data from an officer’s firearm, taser, car, and body worn camera can be ingested into Insights; and how drones could be deployed to collect video that could help identify potentially dangerous situations.Advanced AI and machine learning could, he thinks, be used to train systems to identify everything from the colour, make, and model of vehicles, to a backpack in a crowded street, to finding a particular individual based on their unique gait.In June 2020 Microsoft said that it would not sell or deploy facial recognition to police services.RELATED COVERAGE More

CSIRO chief Dr Larry Marshall trying to explain basic science to a climate science-denying Senator
Image: APH
As with many things, timing is everything, and in the weeks after word drifted out that Australia’s Commonwealth Scientific and Industrial Research Organisation’s (CSIRO) Data61 was binning its secure microkernel research, the world of cyber attacks manifested in the real world in new ways. From oil pipelines, to meat works, to a more traditional Russian-backed phishing campaign, the cyberdial has been turned up and the frequency of attacks, particularly in the ransomware space, has hit deluge-like levels. And yet, while the torrent of malware is far from unexpected, people lining up with jerry cans and fighting with each other because someone might have clicked on a dodgy email certainly is. The need to develop a better foundation, and more secure ways of computing, would appear to be more necessary than ever — but not at the CSIRO, where artificial intelligence is the order of the day. “We think Australia needs artificial intelligence for industry 4.0, for our sovereign capability, for digital agriculture, and to deal with environmental hazards,” CSIRO CEO Dr Larry Marshall told Senate Estimates on Thursday night. “Really putting digital at the heart of Australia’s resilience and recovery as we build back.” One of the problems with the seL4 microkernel and the Trustworthy Systems team that developed it, according to Marshall, was that it supposedly did not provide enough “national benefit”.

“So it’s difficult to see an opportunity to build an industry in Australia, or to derive a national benefit from that technology, and given priorities are artificial intelligence, we chose to pursue that and focus our resources where we thought we could drive greater national benefit,” Marshall said. “The challenge with that technology … it’s very mature and it is open source.” During the hearing, Marshall waved articles listing CSIRO’s high ranking among global research organisations, but seL4 has been similarly regarded as first class research. One has to walk a long way to find a mathematically proven secure kernel. “This is an instance of Aus policy directly leading to undermining Australian cybersecurity,” security researcher Vanessa Teague said in reaction to CSIRO’s decision. “It’s hard to think of better world-leading Aus cybersecurity research than [seL4 Foundation].” Chair of the seL4 Foundation Gernot Heiser rebutted CSIRO claims that seL4 was mature technology in a blog post. “The group is not accidentally called ‘Trustworthy Systems’ (and not, say, the ‘seL4 Research Group’). seL4 is only the starting point for achieving trustworthiness in computer systems. It’s as if over 100 years ago people said combustion engines are a solved problem once it was shown they could power a car,” he wrote. “Fact is that, while seL4 is mature enough to be deployed in the real world, there’s plenty of fundamental research work left on seL4 itself, and there is far more research left on how to achieve real-world trustworthy computer systems. It’s not that just sprinkling a bit of seL4 fairy dust over a system will make it trustworthy.” Heiser laid out the work to be done on temporal isolation of processes, especially on systems where critical real-time workloads run at the same time, but he added the research was under threat as the CSIRO had handed back some money from the US Air Force. The University of New South Wales has backed Trustworthy Systems until the end of 2021, with Heiser stating it gives some breathing space to “line up more pathways”. In recent years, the push has been on in Australia to commercialise the country’s research, and this seems to be the rock that Trustworthy Systems has tripped on. “Unfortunately that technology was licensed [to Qualcomm] for a one-time fee,” Marshall said. “And when I say unfortunately, that technology has gone through two billion mobile devices, but unfortunately, there’s no ongoing royalty arrangement with that deal that was done back in at that time.” Keep in mind that the CSIRO loves royalty payments and will sue to ensure it gets its cut. The organisation boasts it got AU$430 million in settlements over its Wi-Fi patents. The open-source nature of seL4 does not lend itself to this type of outcome. Marshall said it would be great if a company was spun out around the work and if it could figure how to make money. “Our conclusion was that’s not really feasible in Australia, which is why we chose to discontinue the work,” he said. Given the current environment, where Australian politicians are calling on ASD to use its classified powers to blast away ransomware groups, and who knows what the political response from Moscow, Pyongyang, and Beijing would be to that; local law enforcement continue to say dumb stuff about encryption; and Australia’s strategic rivals are using current weaknesses to be downright awful to parts of their population, a little research on the defensive side of computing would be useful. The seL4 kernel isn’t going to be powering any desktop or server near you anytime soon, but it could go some way to making IoT devices look less like Swiss cheese to bad actors. It could even end up being the underpinning of CSIRO’s “artificial intelligence for industry 4.0” systems — whatever they are — or help inform the new OSes that are being developed. In a worst case scenario for CSIRO where it kept seL4 but it didn’t yield rivers of gold, it could still push research in vital areas of cybersecurity, increase Australia’s research reputation, and show that the nation isn’t completely full of the cyber ignorant. But alas, the world of secure kernels is not as sexy and pitch-friendly as the buzzword-laden AI realm, and Trustworthy Systems has been forced to shift from a national research organisation that has been subject to funding cuts, into a university sector that has seen far more drastic cuts. For our national benefit, hopefully the upcoming AI research yields more than a better chatbot. ZDNET’S MONDAY MORNING OPENER  The Monday Morning Opener is our opening salvo for the week in tech. Since we run a global site, this editorial publishes on Monday at 8:00am AEST in Sydney, Australia, which is 6:00pm Eastern Time on Sunday in the US. It is written by a member of ZDNet’s global editorial board, which is comprised of our lead editors across Asia, Australia, Europe, and North America.  PREVIOUSLY ON MONDAY MORNING OPENER: More

Security teams are in place in less than a third of Brazilian organizations, even though most businesses frequently suffer cyberattacks, according to new research. Some 57% of businesses from the education, financial services, insurance, technology and telecommunications, health and retail are targeted by cybercriminals frequently, according to a survey by Instituto Datafolha commissioned by Mastercard.On the other hand, the study has found that only 32% of the organizations polled have dedicated cybersecurity teams. While 80% of respondents claimed digital security matters are important to them and most have some kind of plan in place to deal with potential cyberattacks, this is not among the budgetary priorities for 39% of those polled.

Among the segments analyzed in the survey, financial services, insurance, technology and telecommunications are among the most prepared in terms of cybersecurity readiness. Conversely, the education and healthcare sectors are the most vulnerable. According to the survey, the areas most susceptible to hacker attacks are the finance department and customer databases. The Mastercard/Datafolha survey interviewed 351 decision-makers in Brazil in February 2021. The survey echoes the findings of a separate study on perceptions of cybersecurity risk in Latin America since the start of the Covid-19 crisis, carried out by consulting firm Marsh on behalf of Microsoft. Most Brazilian companies have not increased their investments in information and cyber security since the emergence of the pandemic despite an increase in threats, the study noted, adding that the majority of Brazilian companies invests 10% or less of their IT budget in that area. More

The FBI and Justice Department upped the ante on the rhetoric around ransomware attacks on Thursday and Friday, telling a number of news outlets that cyberattacks will be treated with almost the same level of concern as terrorist attacks.Christopher Wray, the director of the FBI, compared the government’s fight against ransomware to the situation the country faced after 9/11 in an interview with The Wall Street Journal. He added that the FBI has identified nearly 100 different types of ransomware, each of which has already been implicated in attacks. He also took direct aim at the Russian government, singling them out for harboring many of those behind the different brands of ransomware. But he also revealed that the FBI has had limited success working with some private sector cybersecurity officials in obtaining encryption keys without paying any ransoms. The comments came after three significant developments in the government’s response to the recent wave of ransomware attacks on companies in critical industries like Colonial Pipeline and global meat processor JBS. Anne Neuberger, deputy assistant to the President and deputy National Security Advisor for Cyber and Emerging Technology, sent a letter to private sector leaders on Thursday urging them to prepare for potential attacks and implement a number of security measures to prevent an incident. Senior Justice Department officials then told Reuters that memos had been sent out to all US Attorney’s Offices explaining that ransomware attacks would be investigated in a manner similar to incidents of terrorism. Technology journalist Kim Zetter shared a snippet of a memo sent by Deputy Attorney General Lisa Monaco that said urgent reports should be filed whenever a US Attorney’s Office learns about a new ransomware attack. The memo adds that officials should notify a newly created ransomware task force about any new developments in cases, potential emergencies or incidents that will “generate national media or Congressional attention.”

“Urgent Reports should be submitted, for instance, when a United States Attorney’s Office learns of a ransomware attack on critical infrastructure or upon a municipal government in their District,” Monaco wrote. Reuters reported that the new guidance also said senior Justice Department officials need to be notified of any cybercrime cases involving cryptocurrency exchanges, botnets, digital money laundering, illicit online forums, “bulletproof hosting services” and counter anti-virus services. Rep. Jim Langevin told ZDNet that the memo from Neuberger was a sign that President Joe Biden was taking the ransomware incidents seriously, but he urged the White House to give CISA more power to issue similar guidelines.”The advice in the White House memo is sound, and I hope corporate leaders will adopt a more risk-informed cybersecurity posture as soon as possible,” Langevin said. “However, I also hope the President will follow Congress’s direction and empower CISA to make similar recommendations moving forward.”Cybersecurity experts said that while the guidance from the White House was helpful, it did little to address the underlying problems thousands of organizations face when trying to protect themselves. Robert Haynes, open source evangelist with Checkmarx, said it was critical for organizations to identify the impact of the loss of different systems on their ability to operate. For most businesses, Haynes noted, the threat of a ransomware attack, the cost of the ransom itself and the huge impact on operations should be motivation enough to take these threats extremely seriously. “The primary focus needs to be on prevention, and then mitigation assuming total loss of systems. Leaders should be aware that the recovery time will involve rebuilding systems and restoring data, even with a successful recovery of encrypted files,” Haynes said. “The risks are real and the disruption, no matter how good your data protection solutions are, can be costly.”Dirk Schrader, global vice president at New Net Technologies, suggested the government find a way to make it a requirement for organizations to report any case of ransomware to authorities and strongly discourage ransom payments. But he noted that companies may not be willing to report a ransomware incident if that will delay the return to normal operations. Kevin Breen, director of cyber threat research at Immersive Labs, explained that valuable advice from the White House, like having offline backups, was nice to say but can cause friction within enterprises because they are typically hard to implement and costly. The same goes for other guidance shared by Neuberger like network segmentation. “If you’re not already doing it, implementation may be complex,” he said, adding that incident response tests will be key for preparing any organization for an attack.”These need to be done with a higher cadence than traditionally, and across the entire workforce to take into account the impact on technical, legal, communications and other cross functional teams.”The Justice Department’s efforts to create a centrally coordinated response will give authorities a deeper pool of evidence and data while also helping with the identification and targeting of the entire chain, Breen added, noting that it may also help add legislative teeth to mitigation efforts.Breen went on to say that the other measures being taken by the FBI and Justice Department were happening because ransomware gangs had “poked the sleeping giant one time too many.” More

Cyberattackers are now using the notoriety of the Colonial Pipeline ransomware attack to leverage further phishing attacks, according to the findings of a cybersecurity company. It is common for attackers to use widely-covered news events to get people to click on malicious emails and links, and cybersecurity firm INKY said it recently received multiple helpdesk emails about curious emails their customers were receiving. INKY customers reported receiving emails that discuss the ransomware attack on Colonial Pipeline and ask them to download “ransomware system updates” in order to protect their organization from a similar fate. The malicious links take users to websites with convincing names — ms-sysupdate.com and selectivepatch.com — both of which are newly created and registered with NameCheap. The same domain that sent the emails also controlled the links, INKY explained in a blog post. 
INKY
The people behind the attack were able to make the fake websites look even more convincing by designing them with the logo and images from the target company. A download button on the page downloads a “Cobalt Strike” file onto the user’s computer called “Ransomware_Update.exe.”In March, Red Canary’s 2021 Threat Detection Report listed “Cobalt Strike” as the second most frequently detected threat and the INKY report notes that Talos Intelligence found it was involved in 66% of all ransomware attacks in Q4 of 2020. Bukar Alibe, data analyst for INKY, said they began to see the phishing attack just a few weeks after news broke that the pipeline paid millions to the DarkSide ransomware group in order to restore the company’s systems.  

“In this environment, phishers tried to exploit people’s anxiety, offering them a software update that would ‘fix’ the problem via a highly targeted email that used design language that could plausibly be the recipient’s company’s own,” Alibe wrote. “All the recipient had to do was click the big blue button, and the malware would be injected.”In addition to capitalizing on the fear around ransomware, the attackers made the emails and fake website look like it came from the user’s own company, giving them an air of legitimacy, Alibe added. The attackers were also able to get past many phishing systems by using new domains. 
INKY
“If it looks as if it was sent by the company itself (e.g., from HR, IT or Finance), does it in fact originate from an email server under the company’s control? If it looks like the HR or IT Departments but deviates from the norm, that should be a flag,” the blog post said. Alibe urged IT teams to notify employees that they will “not be asked to download certain file types” because these kinds of phishing emails seek to exploit employees desire to do the right thing by following purported security guidelines. Alibe noted that the attack was targeted toward two companies and said IT teams should expect more attacks along the same lines. “We would not be surprised if we see attackers use the recent Nobelium-USAID phishing campaign as a lure,” Alibe said.  More

Facial recognition opponents rejoiced this week after the local government of King County, Washington voted to ban local police from using the technology. The move was notable for a number of reasons. The ACLU of Washington said in a statement that the new King County ban on police use of facial recognition software was the first in the country to be county-wide and cover multiple cities. Electronic Frontier Foundation senior staff attorney Adam Schwartz added that it was the most populous government body to institute a ban, with more than two million residents within its borders. The ban was also hailed among privacy advocates as a direct shot at Microsoft and Amazon, both of which have headquarters in King County’s biggest city: Seattle. “The movement to ban this tech is growing across the country. Even when 100% accurate, this technology ends up disproportionately harming marginalized communities. No technology should outweigh the people’s right to privacy,” the ACLU of Washington said in a statement. Last year, at the height of the protests over police brutality and racism, there was a movement in Congress around the idea that there should be legislation governing how and when police can use facial recognition software. Multiple studies from MIT, Harvard, the ACLU and other organizations have repeatedly proven that all facial recognition platforms have particular difficulty in distinguishing the faces of people with darker skin. In 2020, at least three cases emerged involving people of color who were detained and arrested based on mistakes made by a facial recognition software in use by a local police force. The Detroit Police Department was forced to apologize and change its policies after they erroneously arrested Robert Williams in front of his wife, children and neighbors based on a faulty match.Despite the national concern about how the technology functions, little has been done to stop police departments, airports, arena operators and other organizations from deploying facial recognition software widely. Multiple bills on the issue from both Republicans and Democrats have languished in the Senate and House.

In place of federal action, dozens of cities, towns and counties have stepped up to the plate to pass local bans on police department use of the technology. Both the Electronic Frontier Foundation and advocacy group Fight For The Future have created maps showing the thousands of businesses and law enforcement bodies currently using some form of facial recognition.But Fight For The Future has also built out interactive maps showing every city and town that has instituted local bans on police use of the technology. Four governments in California — the city councils of Oakland, San Francisco, Alameda and Berkeley — have passed facial recognition bans while multiple cities and towns in Massachusetts have passed some form of legislation either banning or regulating the technology. There are also bans in Portland, Oregon; Jackson, Mississippi; Madison, Wisconsin; Minneapolis; New Orleans; Pittsburgh; and Portland, Maine. The only governments to pass statewide legislation banning or regulating facial recognition use by police are Vermont and Virginia. In May, Massachusetts passed a limited set of rules that force police to get a warrant before running someone’s photo through a facial recognition database. “The growing list of cities, counties, and states banning facial recognition shows just how toxic the tech, and just how powerful our movement, have become,” Caitlin Seeley George, campaign director for Fight For The Future, told ZDNet.

“More communities are coming together to fight this racist, biased tech, and bans are gaining momentum in Baltimore, MD, New York City, and even Nebraska. All of these efforts are critical to protecting people now, and are also building momentum and support for a federal ban on facial recognition that would protect everyone from this technology.”She added that private companies are also shying away from the technology, and a number of the larger retailers in the US have said they don’t use or plan to use facial recognition in their stores. The only city that has banned corporations from using facial recognition is Portland.Schwartz explained that there is growing public demand for government bans on the use of the technology and said the Electronic Frontier Foundation is optimistic that more states and cities will begin passing bans or regulations on it.  While Schwartz said that the Electronic Frontier Foundation did not support bans on corporate use of facial recognition software, he noted that one of the easiest first steps local communities can take is forcing police departments to at least obtain warrants before being able to put photos through a facial recognition system. “Those false arrests are physically dangerous to people and the technology is racially discriminatory because of the disparate error rates with the technology. It is an Orwellian invasion of privacy because of all of the cameras that are out in public and the increasing integration of those cameras into one big network,” Schwartz said. “Facial recognition chills and deters people from showing up to protests in public places because they’re worried about face recognition spying on them and making a record of their dissent. People at protests have been identified by the police and people who are fully innocent have been misidentified.”See also: More

Ireland’s health service is still suffering from significant disruption more than three weeks after falling victim to a ransomware attack.The Health Service Executive (HSE), which is responsible for healthcare and social services across Ireland, shut down all of its IT systems following the attack last month.

ZDNet Recommends

Many of these systems were shut down as a “precaution” in order to stop the spread of the ransomware, which HSE described as a variant of Conti ransomware. SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)  The health service vowed not to pay the ransom – which has been reported as a demand for $20 million in Bitcoin – and Dublin’s High Court issued an injunction against Conti in an effort to prevent the criminals leaking stolen data for not being paid.HSE has been providing regular updates following the cyberattack and as of 3 June – three weeks after the initial incident – services around Ireland continue to see what’s described as “significant impacts and disruptions to services”.Essential and urgent services, including COVID-19 vaccinations, are operating, but patients are still being warned they could face delays and cancellations to appointments because “systems are not functioning as usual” due to “critical IT systems” still being out of action.

Services like blood tests and diagnostics are taking much longer to operate than usual because the ongoing fallout means doctors, nurses and other staff are relying on manual processes in the meantime.According to HSE, this is expected to continue for “a number of weeks” as efforts are made to safely deploy a decryption tool to the restore 2,000 IT systems – each consisting of infrastructure, multiple servers and devices – affected by the ransomware, based on clinical priority. Despite the attempt at an injunction, HSE has warned the public that criminals could attempt to exploit the confusion and worry around the safety of their medical data to scam and defraud people.”People receiving any suspicious calls, texts or other contacts seeking personal or banking details are advised to report these contacts to their local Garda station or the Garda confidential line 1800 666111,” said an HSE statement.SEE: This company was hit by ransomware. Here’s what they did next, and why they didn’t pay upThe HSE incident is just one of a string of high-profile ransomware attacks to have hit organisations around the world in recent weeks. Colonial Pipeline, which supplies almost half of fuel to the United States eastern seaboard, was hit by a ransomware attack and paid cyber criminals using Darkside ransomware over $4 million in Bitcoin in exchange for the decryption key.Meat processor JBS was recently hit with a ransomware attack by the REvil criminal group, while Fujifilm has also fallen victim to a ransomware attack in recent days.The rise in ransomware attacks has led to the White House urging organisations to take the threat posed by cyber criminals seriously.”All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location,” said Anne Neuberger, deputy assistant to the president and deputy national security advisor for cyber and emerging technology.”Much as our homes have locks and alarm systems and our office buildings have guards and security to meet the threat of theft, we urge you to take ransomware crime seriously and ensure your corporate cyber defenses match the threat.”MORE ON CYBERSECURITY More

A financial crime monitoring platform has just announced the results of its latest financial crime report. The report from  Feedzai analyzes 12B global transactions from January to March of this year in order to identify the latest fraud, banking, and consumer trends.

The top line results are … dispiriting.Bank fraud attacks have increased 159% over the past year and phone banking fraud has seen a 728% increase. Over 90% of fraud attacks occurred online, and California, where I live, won the unwelcome distinction as the top state for fraud. Take that, New York.The jumps follow a post-pandemic logic. Coming out of lockdown, people are starting to spend more money locally and internationally. The time covered by the report saw a 410% increase in international transactions. Transaction volumes are increasing back to pre-pandemic levels, and fraud has followed close behind. At the same time, an increased reliance on digital services during the pandemic has placed consumers more at risk for online and phone fraud, particularly among consumers who previously preferred to shop in stores and may be less digitally savvy.”The world may have paused in 2020, but financial criminals did not,” says Jaime Ferreira, Senior Director of Global Data Science at Feedzai. “Reliance on digital forms of shopping, banking, and payments actually made it easier for fraudsters to attack more people, more quickly. As fewer consumers feel the need to walk into a bank branch or a mall we need to adapt financial services and payments to protect consumers. And as consumers, we need to continue to be vigilant and educate ourselves on how to stay safe.”

ZDNet Recommends

According to the report, banking is the primary channel for fraudsters, whether online, in-person, or by phone. I recently listed an item on Craigslist and was met with a barrage of scams, some obvious, some rather elegant, all directed at perpetrating some form of rip-off, including attempting to access my bank account. With many bank branches closed or operating during limited hours during the pandemic, banking has shifted primarily online and over the phone, the perfect sandboxes for cheats.Following California, the states with the highest fraud were Florida, Washington, Arkansas, and New York. Interestingly, Android devices see 1.9 times more fraud than iOS devices, despite having only half the transaction volume of iOS. The report suggests Apple’s tighter control of apps on the App Store makes it more difficult for fraudsters to infiltrate the platform.

All of this speaks to a need for greater vigilance than ever, which may be a tough message to sell as parts of the world that believe the worst of the pandemic is behind them cast a collective sigh of relief and shake off the dust heading into summer. The Feedzai Financial Crime Report Q2 2021 can be found in its entirety here. More