Information Technology

Ireland’s health service has taken all of its IT systems offline as a precaution after what the organisation describes as a “significant” ransomware attack.The Health Service Executive (HSE), which is responsible for healthcare and social services across all of Ireland, said it had shut down all IT systems as a “precaution” in order to protect the network from a ransomware attack.

“There is a significant ransomware attack on the HSE IT systems. We have taken the precaution of shutting down all our IT systems in order to protect them from this attack and to allow us fully assess the situation with our own security partners,” HSE said on Twitter.”We apologise for inconvenience caused to patients and to the public and will give further information as it becomes available.”SEE: Network security policy (TechRepublic Premium)HSE said Ireland’s COVID-19 vaccination programme is not affected by the ransomware incident and the National Ambulance Service is operating as normal.Some outpatient appointments are being cancelled because of the cyberattack – Rotunda Hospital Dublin, which provides maternity, neonatal and gynaecology care, said that unless women are 36 weeks pregnant or later, “Due to a serious IT issue all outpatient visits are cancelled today”.

Ransomware is a form of malware that cyber criminals use to encrypt networks then demand a payment – often in Bitcoin – in exchange for the decryption key. Ransom demands can reach millions of dollars.It’s currently not known what variant of ransomware has attacked HSE or how it infiltrated the network, but Paul Reid, chief executive of the HSE, has said the health service is working with the defence forces, the gardaí – the Irish police – and third-party cybersecurity experts in response to the attack.SEE: Ransomware just got very real. And it’s likely to get worseAccording to The Irish Times, Reid told RTÉ’s Morning Ireland that the attack was “significant” and “human operated”, but that no ransom demand had yet to be received. “There has been no ransom demand at this stage. The key thing is to contain the issue,” he said.The ransomware attack against HSE comes in the same week that a ransomware gang walked away with almost $5m in Bitcoin after a successful ransomware attack targeting Colonial Pipeline, one of the largest pipeline operators in the United States.MORE ON CYBERSECURITY More

Cloudflare is testing out the possibility of security keys replacing one of the most irritating aspects of web browsing: the CAPTCHA. 

CAPTCHAs are used to catch out bots that are trawling websites and are often implemented to prevent online services from being abused. These irritating tests, which require you to look at images and pick out objects such as cars, bridges, or bicycles, take up time, frustrate us, and disrupt our browsing activities. You’re also more likely to see them when you are using a virtual private network (VPN).  “CAPTCHAs are effectively businesses putting friction in front of their users, and as anyone who has managed a high-performing online business will tell you, it’s not something you want to do unless you have no choice,” Cloudflare says. To highlight the amount of time lost to these tests, Cloudflare said that based on calculations of an average of 32 seconds to complete a CAPTCHA, one test being performed every 10 days, and 4.6 billion internet users worldwide, roughly “500 human years [are] wasted every single day — just for us to prove our humanity.” On Thursday, Cloudflare research engineer Thibault Meunier said in a blog post that the company was “launching an experiment to end this madness” and get rid of CAPTCHAs completely.  The means to do so? Using security keys as a way to prove we are human. 

Read on: Best security key in 2021 According to Meunier, Cloudflare is going to start with trusted security keys — such as the YubiKey range, HyperFIDO keys, and Thetis FIDO U2F keys — and use these physical authentication devices as a “cryptographic attestation of personhood.” This is how it works: A user is challenged on a website, the user clicks a button along the lines of “I am human,” and is then prompted to use a security device to prove themselves. A hardware security key is then plugged into their PC or tapped on a mobile device to provide a signature — using wireless NFC in the latter example — and a cryptographic attestation is then sent to the challenging website.  Cloudflare says the test takes no more than three clicks and an average of five seconds — potentially a vast improvement on the CAPTCHA’s average of 32 seconds.  “More importantly, this challenge protects users’ privacy since the attestation is not uniquely linked to the user device,” Cloudflare notes. “All device manufacturers trusted by Cloudflare are part of the FIDO Alliance. As such, each hardware key shares its identifier with other keys manufactured in the same batch. From Cloudflare’s perspective, your key looks like all other keys in the batch.” The personhood test relies on the Web Authentication (WebAuthn) Attestation API. All browsers on Ubuntu, macOS, Windows, and iOS 14.5, as well as Chrome on Android v.10+, are compatible.  You can access cloudflarechallenge.com to try out the system. As the rollout is still in its experimental phase, Cloudflare says it is currently in the process of integration with existing challenges — but we will likely spot it more often over time.  “We want to know that you’re human,” Meunier says. “But we’re not interested in which human you are.” In related news this week, GitHub announced security key support for SSH Git operations. The code repository platform said that it eventually hopes to move away from passwords altogether and supporting security keys is a necessary step in the journey — as well as one that can help protect developers now against accidental exposure, account compromise, and malware.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Rapid7 has disclosed the compromise of customer data and partial source code due to the Codecov supply chain attack. 

On Thursday, the cybersecurity firm said it was one of the victims of the incident, in which an attacker obtained access to the Codecov Bash uploader script. The cyberattack against Codecov took place on or around January 31, 2021, and was made public on April 15. The organization, which provides code coverage and testing tools, said that a threat actor tampered with the Bash uploader script, thereby compromising the Codecov-actions uploader for GitHub, Codecov CircleCl Orb, and the Codecov Bitrise Step.  This enabled attackers to export data contained in user continuous integration (CI) environments.  Hundreds of clients were potentially impacted, and now, Rapid7 has confirmed that the company was one of them.  Rapid7 says the Bash uploader was used in a limited fashion as it was only set up on a single CI server used to test and build tooling internally for the Managed Detection and Response (MDR) service.  As such, the attacker was kept away from product code, but they were able to access a “small subset of source code repositories” for MDR, internal credentials — all of which have now been rotated — and alert-related data for some MDR customers. 

Rapid7 has reached out to customers impacted by the data breach.  The company pulled in cyberforensics assistance and following an investigation, has concluded that no other corporate systems or production environments were compromised.  Codecov has since removed the unauthorized actor from its systems and is setting up monitoring and auditing tools to try and prevent another supply chain attack from occurring in the future. Impacted customers were notified via email addresses on record and through the Codecov app. Codecov recommends that users of the Bash uploaders between January 31, 2021, and April 1, 2021, who did not perform a checksum validation should re-roll their credentials out of caution.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

The home security industry has been revolutionized with new technology, ranging from smart home sensors to smart locks to security video cameras. But one of the most subtle and effective security measures you can add to your home is a video camera doorbell.These doorbells serve two purposes: they record footage of people who approach your front door, and they alert you with a pleasant chime or jingle when they’re pressed — just like a regular doorbell.Although these devices can be very useful and increase your home’s security, it can be tough to determine which video doorbell you should pick. Luckily for you, we’ve put together a selection of the top video doorbells in 2021.There are tons of top-tier video doorbells on the market, but these models caught our attention over their competitors.

Best overall

Nest

Price: Packages start from $229 annually or $9.54/mo for 24 monthsResolution: 1600 x 1200 FOV: 160 degrees Wired or Battery: Wired Smart Home Compatibility: Amazon Alexa, Google AssistantNest’s Hello video doorbell is one of the best overall. Not only will you enjoy a high-quality video resolution of 1600 x 1200p, but you’ll also be able to use facial recognition technology that can identify who’s knocking on your door before sending you a phone notification, perfect for improving peace of mind.If you have Google Assistant, the Hello doorbell will even announce people as they approach so you’re never surprised by a sudden visitor. It’s a hardwired device and continuously records video. If you like to fiddle with settings, you’ll be able to set up specific recording zones so the camera isn’t constantly alerting you to blowing leaves or random animals. The Nest Aware service, which starts at $6 per month, is an optional subscription that adds even more value to your purchase.

$179 at Crutchfield

$230 at Best Buy

$229 at HP

Wider field-of-view

Ring

Price: $249.99 Resolution: 1536 x 1536 FOV: 150 x 150 degrees Wired or Battery: Wired Smart Home Compatibility: IFTTT, Amazon Alexa, Google HomeFor those interested in a doorbell camera that can give them a wider field-of-view, Ring’s Video Doorbell Pro 2 is a good pick (as are many of its other security products). It can work with the Amazon Alexa, IFTTT, and Google Home smart home networks.More importantly, you’ll enjoy a field-of-view of 150 x 150 degrees. The camera’s square aspect ratio does a great job of showing almost all of even the largest front porches, preventing someone from hiding in the corner. Motion zones can be customized to prevent false alarms and video quality overall is as excellent as the field-of-view. However, this camera is wired, and there’s a required Ring Protect subscription ($30 per year) if you want to unlock most of the device’s features.

$250 at Crutchfield

Good for pet owners

Arlo

Price: The wired doorbell is currently on sale for $129.99, and the wireless doorbell sells for $199.99.Resolution: 1536 x 1536 FOV: 180 degrees Wired or Battery: Wired Smart Home Compatibility: Amazon Alexa, Google AssistantIf you have several pets and want to keep an eye on them, Arlo’s Video doorbell could be a good choice. With fantastic audio and video quality, it’s a top-tier video doorbell option that works with both Google Assistant and Amazon Alexa, enabling you to receive audio notifications and live stream video footage.It also includes motion sensitivity and optional video storage that requires an additional subscription fee. It’s a smart, advanced doorbell, and is capable of differentiating between people and animals and can alert you when a recognized person or pet comes to your door.

$118 at Amazon

$130 at Best Buy

$122 at Walmart

Apple HomeKit support

Logitech

Price: Prices start at $199.99Resolution: 1200 x 1600 FOV: 160 degrees Wired or Battery: Wired Smart Home Compatibility: Apple HomeKitIf your home uses Apple HomeKit devices, your options for a video doorbell are somewhat limited. Fortunately, the Logitech Circle View doorbell camera is an excellent pick, with a 3:4 aspect ratio that offers plenty of visibility for your front porch and works in conjunction with facial identification technology.The setup process isn’t the easiest, but this doorbell camera provides secure cloud storage (albeit for an expensive fee) and a slim profile that makes it a great choice for homeowners that appreciate a modern, minimalist aesthetic.

$199 at Logitech

A non-traditional option

Ring

Price: $149.99Resolution: 1920 x 1080 FOV: 155 x 90 degrees Wired or Battery: Battery Smart Home Compatibility: Amazon AlexaRing also makes the Peephole Cam, the best pick by far for those who don’t have traditional doorbells or live in apartment buildings. This video doorbell camera replaces a regular peephole and allows you to see through your door electronically. It’s incredibly easy to install and doesn’t damage the door, so it won’t compromise your security deposit.This battery-operated device has to be charged once per month, but it’s well worth this minor inconvenience thanks to its good video quality, affordability, and Amazon Alexa integration capabilities. Unfortunately, it is not compatible with Google Assistant.

$149 at Ring

What should you look for in a video doorbell?

Although all video doorbells will transmit or record video and play a doorbell sound when rung, they can differ significantly across their other aspects. Here’s what we’d recommend you look for when choosing a video doorbell for your home.Good resolution and field of viewYou should strive to get a video doorbell camera with enough resolution for your needs. Video doorbell camera resolution can range from 480p to 1080p or even 4K resolution. While 4K resolution is not necessary for most people, 1080p can provide a crisp, clear picture and is the way to go if you don’t mind spending a little extra cash on your doorbell camera. In addition, detail and color will be more vibrant, and individuals will be easier to recognize with better video resolution.Motion detectionYou might also look into motion detection for your doorbell camera. Many doorbell cameras have motion sensors built-in by default, so they will alert you if someone is approaching or leaving your door. Motion detection features are best used if you want to monitor who comes to your home and when.Night visionSimilarly, night vision functionality adds even more practical value to your video doorbell. Night vision cameras will continue to transmit and/or record video in black and white, and will allow you to clearly see who approaches your door even if there isn’t enough ambient light for color. This, in turn, can provide better security — for example, it may help you identify someone who attempts to break in while you are away on vacation.Power sourceDoorbell cameras are typically powered through one of two methods: hardwiring into existing wires with your regular doorbell, or battery packs. Battery-powered options are better if you don’t have a traditional doorbell installed in your home already. By contrast, hardwiring is more convenient and secure if you do have a traditional doorbell.Smart home integration and cloud storageConsider whether you want your video doorbell to connect with your smart home network, especially if you want to control it through voice commands. Smart home network integration is also excellent if you want to store video recordings in the cloud or on other non-SD card storage devices. Through smart home integration, you’ll gain greater control over your video doorbell, including its extra features, such as permissions, face recognition, and more.Cloud storage is also important to consider. Most doorbell video cameras have optional cloud storage subscription services. These require a monthly or annual fee, but mean you never have to worry about switching out microSD cards.FeaturesBefore buying a video doorbell, investigate all the advertised features that it provides, such as two-way audio so you can talk to whoever is on the other side of your door without opening the door, or facial recognition technology. Most video doorbell owners will at least want the ability to set recognition zones, preventing false alarms from sending push notifications to their phones all day when leaves blow by.

Can you install a video doorbell by yourself?

Sometimes. Most DIY video doorbells use battery packs and don’t require you to mess with any wires to install them fully. However, doorbell cameras that do integrate with existing doorbells on your door may require an expert technician for safe installation. Fortunately, most video doorbells that require this include installation fees as a part of your initial purchase price.

What’s the difference between local storage and cloud storage for video doorbells?

Depending on the video doorbell you choose, it will either use local storage or cloud storage.With local storage, your doorbell camera will only record and store a set amount of footage using hardware like a microSD card. MicroSD cards can accommodate between 16 and 128 GB. If you want to keep recording people at your front door, you’ll need to switch the cards out from time to time or erase the data on them before replacement.Cloud-based storage is more advanced and theoretically allows for endless recording. This method only works with doorbell cameras that can connect to a smart home or Wi-Fi network. But keep in mind that cloud-based storage doorbell video cameras usually incur a monthly fee to pay for the storage space.

How did we select these video doorbells?

Top-tier video doorbells prioritize features and functionality above other aspects, like price. For this reason, we selected video doorbells with a variety of excellent attributes and perks, like high resolution, facial identification, Wi-Fi connectivity, and footage transmitting to the cloud or other storage solutions.We also specifically looked for doorbells that would be manageable to install, even if you don’t have a lot of handyman skills. With luck, one of the above video doorbell choices will be a perfect fit for your home.

ZDNet Recommends More

Ciaran Martin’s categorisation of cyber harms seen during his time at the UK’s National Cyber Security Centre.
Image: Ciaran Martin
“Look where we are now in the United States,” says Ciaran Martin, formerly the founding CEO of the UK’s National Cyber Security Centre (NCSC), now a professor at the University of Oxford. “We have official government advice in force today asking people not to panic buy gasoline, or petrol as we call it over here, and put it in plastic bags,” he told the AusCERT cybersecurity conference on Thursday. “If you wanted an illustration of the impact of cyber harms, it will be hard to think of a better one.” Martin is of course referring to the Colonial Pipelines ransomware attack and subsequent shutdown of their operations. The company paid the almost $5 million ransom, but it wasn’t enough to stop the disruption. “In a sense, this feeds all those warnings over years, over decades, about really difficult cyber impacts — cyberwar, cybergeddon, and all the rest of it,” Martin said. It feeds the narrative that NCSC technical director Dr Ian Levy has called the winged ninja cyber monkeys. “[They’re] just sitting there in bedrooms in suburban England, suburban Australia. Teenagers, unstoppable, hacking everything, and there was nothing we could do to stop them,” Martin said.

“The panic on the east coast of the US at the moment seems to be fuelling that narrative. Except it’s wrong. It’s absolutely wrong.” In Martin’s view, what’s happening is something much more prosaic. “We have a bunch of criminals, they’re in over their heads, operating out of Russia. They’ve even issued a partial apology for what they’ve done, because what they were trying to do, yet again, is exploit basic weaknesses in corporate security all over the world to make money. And they’ve gone too far,” he said. This ransomware crew didn’t realise they were hacking the IT systems of a pipeline company. They didn’t realise that would cause the company “for whatever reason” to shut down the pipeline. According to Martin, this has been just another “accidental spiralling out of control”, where a series of structural weaknesses in the way we do cybersecurity and the way organisations are incentivised has led to “a public impact which is very, very serious”. Four years ago this week, for example, malware that was being used as part of North Korea’s continuing attempts to steal or otherwise gain hard currency went viral. That resulted in ransomware problems for the UK’s National Heath Service, but it also took out the passenger information screens at German railway stations. The following month, Russia’s NotPetya attack on a Ukrainian software company caused global disruptions. It forced shipping giant Maersk to reinstall 4,000 servers and 45,000 PCs, and cost them hundreds of millions of dollars. It even shut down production at Cadbury’s chocolate factory in Tasmania, Australia. “I’m sure it was not central to the Russia-Ukraine tensions,” Martin said. We need absolutely to demystify cybersecurity “Cyber threats, cyber risks, they’re not catastrophes. Cyber harms are the aggregation of small harms. Hype, fear, uncertainty, doubt, that is our enemy,” he said. When he left the NCSC in August 2020, Martin produced a simple taxonomy of cyber harms, based on what he’d actually seen during his six and a half years with the organisation. It boiled down to three simple categories: Getting robbed for cash, intellectual property, or other data; getting weakened by espionage, political interference, or pre-positioning for a later attack; and getting hurt. The last category included cyber attacks that destroyed data, ransomware, and what he called “catastrophic cyber attacks” — and that final category had an asterisk against it. “That’s because that is the one thing that has not happened,” Martin said. “There have been all sorts of cyber attacks. There have been many, many of them, and the one thing that we can still say, thankfully, is that the official death toll caused by cyber harms is zero.” In Germany last year a patient died following a ransomware attack on a hospital in Duesseldorf, which caused her to be re-routed to a hospital more than 30 kilometres away. However, a police investigation found that she probably would have died anyway. Martin pointed to the large number of examples of “very, very basic security lapses, leading to quite high impact, including “a very controversial election leak”. During the lead-up to the UK’s general election in 2019, someone working for former trade minister Liam Fox had used a personal Gmail account to bypass restrictions on working from home. Fox’s personal email was hacked by Russia. Eventually, a 451-page dossier of emails, including classified documents relating to US-UK trade talks, ended up in the hands of opposition leader Jeremy Corbyn. “We need absolutely to demystify cybersecurity. We have to treat it as an ordinary business risk,” Martin said. “This is the reality of cyber harms. It’s not glamorous. It’s not individual catastrophes. It’s all sorts of nebulous, pernicious, nasty little incidents, exploiting basic weaknesses to add up to a big, big social problem.” Related Coverage More

Organisations that continue to disregard the need to ensure they have adopted basic cybersecurity hygiene practices should be taken to task. This will be critical, especially as cybercriminals turn their attention to sectors where cyber threats can result in real-world risks, as demonstrated in the US Colonial Pipeline attack. In many of my conversations with cybersecurity experts, there is a shared sense of frustration that businesses still are failing to get some of the most basic things right. Default passwords are left unchanged, frontline staff and employees are still falling for common scams and phishing attacks, and major businesses think nothing of using technology that are decades old. Just this month, UOB Bank revealed an employee had fallen prey to a China police impersonation scam that compromised the personal data of 1,166 customers, including their mobile number and account balance. This specific impersonation use case had been flagged as a common scam tactic and even featured in a crime prevention TV programme months before. That an employee of a major bank still could have fallen for it is shocking. 

It begs the question whether its frontline staff or any employee with access to customer data has been adequately trained as well as regularly updated on how they should deal with potential cyber threats. Should such inertia continue to fester, there’s real cause for concern ahead especially as cyber attackers turn their attention towards operational technology (OT) sectors, such as power, water, and transport. As it is, businesses seem ill-prepared to cope with the growing threat. Consider the stats. Some 68% of businesses in Asia-Pacific were breached last year, up from 32% in 2019, and 17% had to deal with more than 50 cyber attacks or errors a week. And they took way too long to pick themselves up after an attack, with an average of 60.83% needing more than a week to remediate the attacks, citing lack of funds and skillsets as their key challenges. in Singapore, 28% had been breached in the past year, with almost 15% having to deal with at least 50 attempted cyber attacks a week. Some 33% described the resulting data loss as very serious or serious. 

Things will only get worse as businesses in the region and around the world rush to adopt tools that facilitate remote work, leaving their networks vulnerable to attacks. As it is, 54.7% viewed enabling and managing remote workforces a top ICT challenge and another 49.7% felt likewise about securing remote workers. As online adoption grows, supply chains will widen as businesses rush to cope with the spike in transactions. This means attack surfaces, too, will expand and it is crucial that enterprises get the fundamentals right to better mitigate potential security risks. When cyber risks become physical threatsAnd in the case of the Colonial Pipeline, the risks can be severe. The privately-held pipeline operator supplies 45% of the East Coast’s fuel, including gasoline, diesel, jet fuel, home-heating oil, and fuel for the US military. It transports more than 100 million gallons of fuel a day across an area that spans Texas to New York.The cyber attack forced the company to temporarily shut its operations and freeze IT systems to contain the infection. It triggered supply shortage concerns and pushed gasoline futures to their highest level in three years. It also prompted the US Department of Transportation to invoke emergency powers to make it easier to transport fuel by road.Colonial Pipeline reportedly paid the ransomware group responsible for the attack $5 million to decrypt locked systems.That it paid up shouldn’t come as a surprise, since a majority of businesses in Asia-Pacific also choose to pay up after falling victim to ransomware attacks. These include 88% in Australia and 78% in Singapore that have forked out the ransom in full or in part. 

Global pandemic opening up can of security worms

Caught by the sudden onslaught of COVID-19, most businesses lacked or had inadequate security systems in place to support remote work and now have to deal with a new reality that includes a much wider attack surface and less secured user devices.

Read More

On its part, Singapore has recognised the risks cybersecurity attacks pose to its critical infrastructures. Early this month, it created a cybersecurity expert panel focused on OT, with the first meeting slated to take place in September. The move comes months after the country last October unveiled a new cybersecurity blueprint that looked to safeguard its core digital infrastructure. In particular, the government pointed to OT systems, where a successful attack can manifest as a severe disruption in the physical world. Such systems, including those in the energy, water, and transport sectors, are critical for delivering essential services and supporting the economy. In forming the OT expert panel, Singapore’s Cyber Security Agency Chief Executive David Koh said: “While OT systems were traditionally separated from the internet, increasing digitalisation has led to more IT and OT integration. Hence, it is crucial for OT systems to be better protected from cyber threats to prevent outages of critical services that could result in serious real-world consequences.”The ransomware attack against the Colonial Pipeline has clearly demonstrated that the consequences are real and, no doubt, more are coming our way. That Singapore has put strong focus on OT is a positive step forward. And it is hoping the expert panel will provide some guidance on a range of issues, including governance policies, OT technologies, supply chain, threat intelligent information sharing, and incident response. However, with most of the industry still stuck in apparent inertia, firmer action is necessary to ensure businesses across all sectors, including OT, do not slip up. This should encompass even the simplest and most basic rules, such as outlawing the use of software that is more than 15 years old or mandating that all employees–including senior management–chalk up minimum training hours a year on cybersecurity threat management. In addition, all organisations that have encountered a security incident should be required to detail how their systems were breached. An abridged version of the attack, excluding specifics that can further compromise the company’s security, also should be publicly released. It should no longer be sufficient for any company to simply say the attack was “sophisticated” without giving any other information to justify that description. In the Colonial Pipeline case, details have been slow to trickle out, with the US government yet to receive any information from the oil pipeline operator. The Biden administration had expressed frustration over what they perceived to be weak security protocols on Colonial Pipeline’s part as well as well a lack of readiness to deal with cyberattacks.It is clearly time for all organisations, not just those in Asia, to get a grip. Because if they don’t, they won’t just be losing millions in ransom payments, actual physical lives will be at risk. Transport and healthcare operators, in particular, should take heed. And with cybercriminals increasingly skilled in their craft, future attacks will indeed be so complex it will put to shame use of the word “sophisticated” that appears in almost every statement companies currently make to describe the breach they suffered.Be better. Because when it comes to cybersecurity, that is what many businesses have yet to be.RELATED COVERAGE More

Image: Getty Images
The Australian Cyber Security Centre (ACSC), and the overseeing Australian Signals Directorate (ASD), know who attacked the email system of the Australian Parliament House, but they are not saying who it is. “Attribution is a matter for government, and is made only when in the national interest,” it said in response to Senate Estimates Questions on Notice. Many of the questions were passed off onto the Department of Parliamentary Service (DPS), which revealed earlier this week that it had pulled down and replaced its mobile device management (MDM) system as a result of the attack. “The attack did not cause an outage of the DPS systems. DPS shut down the MDM system. This action was taken to protect system security while investigation and remediation were undertaken,” DPS said. “To restore services, DPS brought forward the rollout of an advanced mobile services solution that replaced the legacy MDM. The new solution provides greater security and functionality for mobile devices. This rollout was a complex activity and extended the outage experienced by users.” The legacy MDM system remains in use in a limited capacity. One tidbit ASD did part with was agreeing that the attacker was unsophisticated and that the ACSC was involved in “searching for any potential implants” in the APH Exchange server.

An unsophisticated attack would have had a higher than expected chance of succeeding, thanks to the lack of 2FA. “Before users came back on line after this incident, they were asked to implement new security controls to access APH emails via mobile handsets — namely multi-factor authentication,” Senator Kimberley Kitching said in a question. “In the course of providing cybersecurity advice and assistance to DPS following the incident, the ACSC provided broad advice on security controls,” the ASD said. ASD said there was no “specific threat” that led to the introduction of 2FA, and instead pointed to its Essential Eight advice first published in 2017. DPS said earlier this week it had seen no evidence of any email accounts being compromised due to the attack, and the attack had nothing to do with recent Exchange vulnerabilities. In another answer, ASD said no code review has been completed on the systems of the Australian Electoral Commission, but it has “conducted a vulnerability assessment and partnered with the AEC to conduct multiple uplift activities on the AEC network.” Related Coverage More

HelpSystems has announced the acquisition of Agari and Beyond Security as the firm continues to expand its cybersecurity portfolio. 

The financial details of the transactions were not disclosed. Headquartered in Cupertino, California, Beyond Security is a provider of automated vulnerability assessment and compliance solutions. The firm’s products, beSecure, beSource, and beStorm, cover vulnerability scanning and management, code analysis, and black box testing.  “The team and solutions from Beyond Security will fit into HelpSystems’ popular infrastructure protection portfolio featuring Digital Defense, Core Security, and Cobalt Strike,” the company says.  This is the second acquisition made public by HelpSystems this week. On Thursday, the company also announced a deal to secure Agari, a Software as a Service (SaaS) solutions provider for phishing protection based in Foster City, California.  Email, when combined with social engineering, leads to business email compromise (BEC) and may result in wider compromise of enterprise networks. Agari solutions attempt to filter out phishing attempts using data science, machine learning (ML), and cloud computing. 

Agari is also a founding member of the consortium which created the Domain Message Authentication Reporting Conformance (DMARC) email authentication standard, a technical standard designed to prevent phishing, spam, and spoofing.  “Cybercriminals increasingly use email as a prime way to infiltrate businesses and gain access to sensitive data and IP, causing untold damage in terms of cost and reputation,” commented Kate Bolseth, HelpSystems chief executive. “We’re thrilled to welcome Agari and their email phishing defense prowess to the HelpSystems family. Agari will be a notable asset to HelpSystems as we work together to give global customers new tools for securing their valuable data and achieving peace of mind.” The purchases build upon the acquisition of Texas-based Digital Defense in February, a company that develops SaaS vulnerability scanning, network asset analysis, and risk score generation software to assist IT teams in patch and remediation efforts.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More