Information Technology

China has called out 33 mobile apps for collecting more user data than it deemed necessary to offer their service. These companies, which include Baidu and Tencent Holdings, have been given less than a fortnight to plug the gaps. The Cyberspace Administration of China (CAC) said in a brief statement Saturday that these apps had breached local regulations, primarily, for capturing personal data that were not relevant to their service. Citing complaints from the public, the government agency said operators of the apps were found to have infringed the rules after authorities assessed several popular apps, including map navigation apps. These apps also gathered personal information without consent from their users, according to CAC.Amongst the list of 33 were apps from Sogou, Baidu, Tencent, QQ, and Zhejiang Jianxin Technology. These operators now had 10 working days to rectify the issue, failing which, they would be subject to penalties laid out by the regulations, CAC said.The government agency in March released regulations that prohibited mobile app developers from refusing to offer basic services to consumers who did not want to provide personal data that were unnecessary for the provision of such services. It said the legislation would provide greater clarity on the types of data deemed as necessary for commonly used apps, including ride-hailing, instant messaging, online retail, and map navigation. For instance, ride-hailing apps would need access to their users’ phone number, payment details, and location, CAC said.It added that the new regulations were needed as mobile apps grew increasingly popular and the collection of a wide range of personal data became prevalent. It noted that several apps sought personal information by bundling their services and prevented consumers from using basic functions, if they refused to authorise the use of their data. 

The legislation would regulate these operators’ access to data and safeguard consumers’ personal information, said CAC.The Chinese government in recent months had ramped up efforts to crack down on tech monopolies and their increasing influence and safeguard consumers’ rights on digital platforms. E-commerce giant Alibaba Group last month was hit with a record 18.2 billion yuan ($2.77 billion) fine for breaching China’s antitrust regulations and “abusing [its] market dominance”. The country’s State Administration for Market Regulation said Alibaba had been abusing its strong market position since 2015 to prevent merchants from using other online e-commerce platforms. Such practices impacted the free movement of goods and services, infringing on a merchant’s business interests, and were in breach of local anti-monopoly laws, the government agency said.RELATED COVERAGE More

Ransomware is a growing international problem and it needs global cooperation in order to prevent attacks and take the fight to the cyber criminals behind the disruptive malware campaigns.A paper by the Institute for Security and Technology’s (IST) Ransomware Task Force (RTF) – a coalition of cybersecurity companies, government agencies, law enforcement organisations, technology firms, academic institutions and others – has 48 recommendations to help curb the threat of ransomware and the risk it poses to businesses, and society as a whole, across the globe.

Members of the group include Microsoft, Palo Alto Networks, the Global Cyber Alliance, FireEye, Crowdstrike, the US Department of Justice, Europol and the UK’s National Crime Agency.SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)  Some of the solutions suggested include governments giving a helping hand to organisations affected by ransomware and providing them with the required cybersecurity support so they don’t fall victim in the first place. Others focus on more direct action, such as taking the fight to ransomware gangs by disrupting their infrastructure, or even regulating Bitcoin and other cryptocurrencies that cyber criminals use to anonymously demand ransom payments from victims.Ransomware attacks involve cyber criminals compromising the networks of organisations – often via phishing attacks, stolen Remote Desktop Protocol (RDP) credentials or exploiting software vulnerabilities – and then encrypting as many files and servers with malware as possible.

Organisations will in many cases only become aware they’ve been infected when they see a ransom note on the screens of machines across their network. Often, the victims feel as if they’ve got no option but to pay the ransom – which can amount to millions of dollars – in order to restore the network.Ransomware has been around for a number of years, but the cyber criminals behind the attacks are getting bolder, demanding ever-growing ransoms from targets and in many cases blackmailing organisations into payment by threatening to leak sensitive data stolen from the compromised network. And it isn’t just sophisticated criminal gangs that are causing problems; the rise of ransomware as a service means that almost anyone with the skills required to navigate underground forums on the dark web can acquire and use ransomware, safe in the knowledge that they’ll probably never face being arrested for their actions.”The tools are available to malicious actors to ramp up the scale of what they want to do and be able to get away with it. That’s what happens as technology diffuses into society and you have inadvertent ramifications which have to be dealt with,” says Philip Reiner, executive director of the RTF and CEO of IST. “We’re grappling with that as a global society and we have to come up with better solutions for the problems it presents.”Ransomware isn’t new, it’s existed in one form of another for decades and the threat has been rising over the past five years in particular. While it’s perceived as a cybersecurity problem, a ransomware attack has much wider ramifications than just taking computer networks offline. Ransomware attacks are increasingly targeting critical infrastructure, and crucially, over the course of the past year, healthcare. But many organisations still aren’t taking the necessary precautions to protect against ransomware, such as applying security patches, backing up the network or avoiding the use of default login credentials. These concerns are viewed as issues for IT alone, when in reality it’s a risk that needs the focus of the entire business. “We have to stop seeing leaders think of this as a niche computer problem; it’s not, it’s a whole business event. You should think about ransomware in the same way you think about flooding or a hurricane – this is a thing that will close your business down,” says Jen Ellis, vice president of community and public affairs at Rapid7 and one of the RTF working group co-chairs.”But we don’t. We think about it as a niche computer event and we don’t recognise the impact it has on the entire business. We don’t recognise the impact it has on society.”In 2017, the global WannaCry attack demonstrated the impact ransomware can have on people’s everyday lives when National Health Service (NHS) hospitals across the UK fell victim to the attack, forcing the cancellation of appointments and people who came for treatment being turned away. But years later, the problem of ransomware has got worse and in some cases hospitals around the world are now actively being targeted by cyber criminals.”You would think there would be no greater wake-up call than that, yet here we are years later having these same conversations. There’s a real problem with how people think about and categorise ransomware,” says Ellis.To help organisations recognise the threat posed by ransomware – no matter the sector their organisation is in – the RTF paper recommends that ransomware is designated a national security threat and accompanied by a sustained public-private campaign alerting businesses to the risks of ransomware, as well as helping organisations prepare for being faced with an attack.But the Ransomware Task Force isn’t just suggesting that governments, cybersecurity companies and industry are there to help organisations know what to do if faced by a ransomware attack – one of the key recommendations of the report is for cybersecurity companies and law enforcement to take the fight to the cyber-criminal groups behind the attacks. A recent operation involving Europol, the FBI and other law enforcement agencies around the world resulted in the takedown of Emotet, a prolific malware botnet used by cyber criminals – and something that had become a key component of many ransomware attacks.

Many cyber criminals switched to using other malware like Trickbot, but some will have taken the fall of Emotet as a sign to give up, because finding new tools makes it that little bit harder to make money from ransomware. “If you’re screwing with infrastructure, like going after Emotet, you’re making it harder,” says Chris Painter, president of the Global Forum on Cyber Expertise and former senior director for cyber policy at the White House. In line with this, the paper recommends that the pace of infrastructure takedowns and the disruption of ransomware operations should increase – ultimately with the aim of arrests and bringing criminals who develop and deploy ransomware to justice.SEE: This company was hit by ransomware. Here’s what they did next, and why they didn’t pay upIt’s notoriously difficult to apprehend members of ransomware groups, especially when it’s an international problem. More often than not, the organisation that comes under a ransomware attack faces an extortion demand from someone who is in another country entirely.And that’s a particular problem for European and North American governments, when large quantities of ransomware attacks by some of the most prolific groups appear to originate from Russia and former-Soviet states – countries that are highly unlikely to extradite suspected cyber criminals.But identifying cyber criminals isn’t impossible – the United States has indicted individuals from Russia for the NotPetya cyberattacks, as well as naming and shaming three North Koreans for their involvement in the WannaCry ransomware attack. Meanwhile, Europol has previously arrested individuals for being involved in ransomware attacks, demonstrating that, while difficult, it isn’t impossible to track cyber criminals down and bring them to justice.One key factor that has allowed ransomware to succeed is that attackers are able to demand payments in Bitcoin and other cryptocurrency. The nature of cryptocurrency means that transactions are difficult to trace and, by the time the Bitcoin has been laundered, it’s almost impossible to trace back to the perpetrator of a ransomware attack.The Ransomware Task Force suggests that in order to make it more difficult for cyber criminals to cash out their illicit earnings, there needs to be disruption of the system that facilities the payment of ransoms – and that means regulating Bitcoin and other cryptocurrency.”It’s recognising that cryptocurrency has a place and there’s a reason for it, but also recognising that it’s notoriously being used by criminals – is there more that can be done there to make it harder for criminals to use it, or make it less advantageous to them,” says Ellis.Recommendations in the report for decreasing criminal profits include requiring cryptocurrency exchanges to comply with existing laws and to encourage information exchange with law enforcement. The idea is that by applying additional regulation to cryptocurrency, it allows legitimate investors and users to continue using the likes of Bitcoin and Monero, but makes it harder for cyber criminals and ransomware gangs to use it as an easy means of cashing what they’ve extorted out of victims – to the extent that, if it’s too difficult, they won’t bother with attacks in the first place. “If they’re using cryptocurrencies as a way to hide, if you have more compliance with existing regulations, it makes it tougher for them,” says Painter.The paper offers 48 recommendations and has been presented to the White House. It’s hoped that with cooperation across the board, businesses can be provided with the tools required to prevent ransomware attacks, governments can get more hands-on with providing help, and law enforcement can hunt down ransomware attackers – but it’s only going to work if ransomware is viewed as global problem, rather than one for individual organisations or governments to fight alone.”What’s really important is that this has an international perspective on it, because it’s not an American problem, it’s an international problem,” says Reiner.MORE ON CYBERSECURITY More

SAP has reached a settlement with US investigators to close a prosecution relating to the violation of economic sanctions and the illegal export of software to Iran. 

The cloud software vendor admitted to violating existing sanctions and an embargo placed on the country by the United States.  According to the US Department of Justice (DOJ), SAP violated both the Export Administration Regulations and the Iranian Transactions and Sanctions Regulations “thousands” of times over a period of six years.  On Thursday, the DoJ said the investigation into SAP’s practices — a global case also involving the Department of the Treasury, Office of Foreign Assets Control (OFAC), Department of Commerce, and Bureau of Industry and Security (BIS) — revealed two “principle” ways that economic sanctions had been broken.  From 2010 to 2017, SAP and overseas partners exported US-origin software — including upgrades and security fixes — to users in Iran over 20,000 times. The majority of ‘exports’ went to a total of 14 “Iranian-controlled front companies” located in countries including Turkey, UAB, and Germany, whereas others were directly downloaded from Iranian IPs.  During the same time period, SAP’s Cloud Business Group (CBGs) units allowed over 2,300 users in Iran to access US-based cloud services.  “Beginning in 2011, SAP acquired various CBGs and became aware, through pre-acquisition due diligence as well as post-acquisition export control-specific audits, that these companies lacked adequate export control and sanctions compliance processes,” the DoJ claims. “Yet, SAP made the decision to allow these companies to continue to operate as standalone entities after acquiring them and failed to fully integrate them into SAP’s more robust export controls and sanctions compliance program.”

SAP, as noted by US investigators, voluntarily admitted to the accusations, leading to a settlement worth $8 million to avoid further action and prosecution. Under the terms of the agreement, SAP will hand over $5.14 million in “ill-gotten gain.” The software giant has also spent over $27 million on remediation and compliance, including the development of geolocation IP blocking, the removal of user accounts that would violate sanctions, and the hiring of staff specialized in export controls.  “SAP will suffer the penalties for its violations of the Iran sanctions, but these would have been far worse had they not disclosed, cooperated, and remediated,” commented Assistant Attorney General John Demers. “We hope that other businesses, software or otherwise, will heed this lesson.” In a statement, SAP said the company “aims for the highest standards of corporate integrity” and welcomes the settlement.  “SAP conducted a thorough and extensive investigation into historical export controls and economic sanctions violations,” SAP said. “We accept full responsibility for past conduct, and we have enhanced our internal controls to ensure compliance with applicable laws. Our significant remediation efforts, combined with our full and proactive cooperation with US authorities, have led to a mutually agreeable resolution of the Iran investigation without the imposition of an external monitor.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

While some malware authors will try to create an air of legitimacy around their products to cover themselves from potential criminal cases in the future, one developer of a cryptocurrency stealer isn’t even trying.  According to Palo Alto Networks, malware authors peddling their creations in underground forums will often pretend their products are for educational or research purposes only — a limp attempt to create a legal defense, just in case.  However, a developer making the rounds with a new commodity cryptocurrency stealer has been described as “shameless” by the team.  Indeed, the malware — named WeSteal — is marketed as the “leading way to make money in 2021.” 
Palo Alto Networks
Cryptocurrency theft malware, WeSupply Crypto Stealer, has been sold online since May 2020 by a developer under the name WeSupply, and another actor, ComplexCodes, started selling WeSteal in mid-February this year.  An investigation into the sellers, thought to be co-conspirators, has also revealed potential ties to the sale of account access for streaming services including Netflix, Disney+, Doordash, and Hulu.  The team believes that WeSteal is an evolution of the WeSupply Crypto Stealer project. Marketing includes “WeSupply — You profit” and claims that WeSteal is the “world’s most advanced crypto stealer.”

An advertisement for the malware includes features such as a victim tracker panel, automatic start, antivirus software circumvention, and the claim that the malware leverages zero-day exploits. “It steals all Bitcoin (BTC) and Ethereum (ETH) coming in and out of a victim’s wallet through the clipboard, it also has plenty of features like the GUI/Panel which is just like a RAT [Remote Access Trojan],” the advert reads. 
Palo Alto Networks
Litecoin, Bitcoin Cash, and Monero have also been added to the cryptocurrency list.  

The researcher’s analysis of the Python-based malware revealed that the malware scans for strings related to wallet identifiers copied to a victim’s clipboard. When these are found, the wallet addresses are replaced with attacker-controlled wallets, which means any transfers of cryptocurrencies end up in the operator’s pocket. While the malware is also described as having RAT capabilities, the researchers are not convinced, believing that WeSteal has something closer to a simple command-and-control (C2) communication structure rather than containing features usually associated with Trojans — such as keylogging, credential exfiltration, and webcam hijacking.  The WeSteal developers offer C2s as a service and also appear to run some form of customer ‘service’ — however, the current user base appears to be small. “WeSteal is a shameless piece of commodity malware with a single, illicit function,” the researchers say. “Its simplicity is matched by a likely simple effectiveness in the theft of cryptocurrency. It’s surprising that customers trust their “victims” to the potential control of the malware author, who no doubt could, in turn, usurp them, stealing the victim “bots” or replacing customers’ wallets [..] it’s also surprising the malware author would risk criminal prosecution for what must surely be a small amount of profit.” A Remote Access Trojan (RAT), WeControl, was also added to the developer’s roster after the report was published and awaits further analysis.   Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

The Internet Systems Consortium (ISC) has released an advisory outlining a trio of vulnerabilities that could impact the safety of DNS systems. 

This week, the organization said the vulnerabilities impact ISC Berkeley Internet Name Domain (BIND) 9, widely used as a DNS system and maintained as an open source project.The first vulnerability is tracked as CVE-2021-25216 and has been issued a CVSS severity score of 8.1 (32-bit) or 7.4 (64-bit). Threat actors can remotely trigger the flaw by performing a buffer overflow attack against BIND’s GSSAPI security policy negotiation mechanism for the GSS-TSIG protocol, potentially leading to wider exploits including crashes and remote code execution. However, under configurations using default BIND settings, vulnerable code paths are not exposed — unless a server’s values (tkey-gssapi-keytab/tkey-gssapi-credential) are set otherwise.  “Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers,” the advisory reads. “For servers that meet these conditions, the ISC SPNEGO implementation is vulnerable to various attacks, depending on the CPU architecture for which BIND was built.” The second security flaw, CVE-2021-25215, has earned a CVSS score of 7.5. CVE-2021-25215 is a remotely-exploitable flaw found in the way DNAME records are processed and may cause process crashes due to failed assertions.  The least dangerous bug, tracked as CVE-2021-25214, has been issued a CVSS score of 6.5. This issue was found in incremental zone transfers (IXFR) and if a named server receives a malformed IXFR, this causes the named process to crash due to a failed assertion.

The ISC is not aware of any active exploits for any of the bugs.   Vulnerabilities in BIND are treated seriously as it can take just one bug, successfully exploited, to cause widespread disruption to services. “Most of the vulnerabilities discovered in BIND 9 are ways to trigger INSIST or ASSERT failures, which cause BIND to exit,” the ISC says. “When an external user can reliably cause the BIND process to exit, that is a very effective denial of service (DoS) attack. Nanny scripts can restart BIND 9, but in some cases, it may take hours to reload, and the server is vulnerable to being shut down again.” Subscribers are notified of security flaws ahead of public disclosure, and if patches have not been applied for the latest trio of vulnerabilities, fixes should be issued as quickly as possible.  BIND 9.11.31, 9.16.15, and 9.17.12 all contain patches and the appropriate update should be applied.  CISA has also issued an alert on the security issues.  In other security news this week, Microsoft has disclosed bad memory allocation operations in code used in Internet of Things (IoT) and industrial technologies, with a range of vulnerabilities classified under the name “BadAlloc”. Microsoft is working with the US Department of Homeland Security (DHS) to alert impacted vendors.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Australia’s eSafety Commissioner is set to receive sweeping new powers like the ability to order the removal of material that seriously harms adults, with the looming passage of the Online Safety Act. Tech firms, as well as experts and civil liberties groups, have taken issue with the Act, such as with its rushed nature, the harm it can cause to the adult industry, and the overbearing powers it affords to eSafety, as some examples. Current eSafety Commissioner Julie Inman Grant has even previously admitted that details of how the measures legislated in the Online Safety Bill 2021 would be overseen are still being worked out.The Bill contains six priority areas, including an adult cyber abuse scheme to remove material that seriously harms adults; an image-based abuse scheme to remove intimate images that have been shared without consent; Basic Online Safety Expectations (BOSE) for the eSafety Commissioner to hold services accountable; and an online content scheme for the removal of “harmful” material through take-down powers.Appearing before the Parliamentary Joint Committee on Intelligence and Security as part of its inquiry into extremist movements and radicalism in Australia, Inman Grant said while the threshold is quite high in the new powers around take-down requests, it will give her agency a fair amount of leeway to look at intersectional factors, such as the intent behind the post. “I think that the language is deliberately — it’s constrained in a way to give us some latitude … we have to look at the messenger, we have to look at the message, and we have to look at the target,” she said on Thursday.The Act also will not apply to groups of people, rather simply individuals. The commissioner guessed this was due to striking a balance on freedom of expression.”To give us a broader set of powers to target a group or target in mass, I think would probably raise a lot more questions about human rights,” she said.

She said it’s a case of “writing the playbook” as it unfolds, given there’s no similar law internationally to help guide the Act. Inman Grant said she has tried to set expectations that she isn’t about to conduct “large scale rapid fire”.”Because every single removal notice or remedial action that we take is going to have to stand up in a court of law, it’s going to have to withstand scrutiny from the AAT, from the Ombudsman, and others,” she said. “So the threshold is high, it’s really probably going to target the worst of the worst in terms of targeted online abuse.”Of concern to the commissioner is that social media platforms have vast access to all sorts of signals that are happening on their platforms, yet they often step in when it’s too late.”I think what we saw with the Capitol Hill siege is it wasn’t really until the 11th hour that they consistently enforced their own policies,” she said. “So I think we’ve seen a real selective application of enforcement of some of these policies and we need to see more consistency.”AVOIDING WHACK-A-MOLEShe believes the BOSE will go some way to fixing that. Without setting these expectations, Inman Grant said she would be trying to energise her team to “play a big game of whack-a-mole”.On finding the same perpetrators using the same modus operandi to target others, Inman Grant said it’s a prime example of where safety by design is so important. “You’re building the digital roads, where are your guard rails, where are your embedded seatbelts, and what are you doing to pick up the signals?,” she said. “I don’t care what it is, whether you’re using natural language processing to look at common language that might be used or IP addresses, there are a range of signals that they can — they should be treating this like an arms race, they should be playing the game of whack-a-mole, rather than victims and the regulators.”The safety by design initiative kicked off in 2018 with the major platforms. Currently, eSafety is engaged with about 180 different technology companies and activists through the initiative.Inman Grant called it a “cultural change issue”, that is, tweaking the industry-wide ethos that moving fast and breaking things gets results.”How do we stop breaking us all?,” she questioned. “Because you’re so quick to get out the next feature, the next product, that you’re not assessing risk upfront and building safety protections at the front end. “I mean, how many times do we have to see a tech wreck moment when companies — even a startup company — should know better.”The solution, she said, isn’t the government prescribing technology fixes, rather a duty of care should be reinforced when companies aren’t doing the right thing, such as through initiatives like safety by design. Inman Grant said the BOSE will, to a certain degree, force a level of transparency.”We’re holding them to account for abuse that’s happening on their platforms, we’re serving as a safety net, when things fall through the cracks, and we’re telling them to take it down,” she said. “Platforms are the intermediaries … the platforms [are] allowing this to happen, but we are fundamentally talking about human behaviour, human malfeasance, criminal acts online targeting people.”Inman Grant said eSafety is currently working with the venture capital and investor community, “because they’re often the adults in the room” on developing an interactive safety by design assessment tool, one for startups and one for medium-sized and large companies, that should be made public within the next three weeks.LIKE THE REAL WORLD, JUST DIGITAL”It’s only been 50 years since seatbelts have been required in cars and there was a lot of pushback for that. It’s now guided by international standards. We’re talking about standard product liability — you’re not allowed to produce goods that injure people, with food safety standards you’re not allowed to poison people or make them sick — these should not be standards or requirements that technology companies should be shunning,” the commissioner said.”The internet has become an essential utility … they need to live under these rules as well. And if they’re not going to do it voluntarily, then they’re going to have a patchwork of laws and regulations because governments are going to regulate them in varying ways.”Inman Grant said eSafety is engaging with the social media platforms every day, and has garnered an 85% success rate in the removal of non-consensually shared intimate images and videos.”It tends to be what we would call the ‘rogue porn sites’ that are resistant to take down,” Inman Grant said. “And of course, we see a lot of similarities in terms of the hosting services and the kinds of sites that host paedophile networks or pro terrorist or gore content.”She said eSafety saw a spike in terms of all forms of online abuse over the COVID period, but it wasn’t due to the reason many would think.”We often talk about seeing a lot of child sexual abuse on the dark web, but we saw a lot more on the open web and out in the open on places like Twitter, Instagram, and Facebook —  up to 650% in some cases from the from the year prior,” she said.”It wasn’t just that simplistic explanation that more kids were online unsupervised [and there were more] predators targeting them, that certainly did happen, but really what was happening is a lot of the companies have outsourced their content moderation services to third parties, and many of these are in the Philippines and Romania, in developing countries where these workers were sent home and couldn’t look at the content.”She said with the content moderation workforce unable to view the content and the preponderance of more people online, created a “perfect storm”. “You saw some of the companies using more AI and analytic tools, but they’re still really very imperfect. And almost all of the platforms that do use AI tools always use a portion of human moderation because it’s just not up to par.”RELATED COVERAGE More

Image: Getty Images
The Australian Federal Police (AFP) on Thursday revealed executing a search warrant at a premises in Wollongong, New South Wales, regarding an alleged fraudulent technical support business.The AFP said the search warrant was executed following an investigation under Operation Rayko, which was focused on an Australian business that purports to offer genuine Microsoft technology support to Australian customers.It alleged the business instead linked Australian victims to offshore scammers who would request remote access to their computers.”Once the scammers had access to the computer, they would convince their victims to purchase new software to fix genuine computer issues,” AFP said. “That software was outdated and sold at an inflated price.”AFP said while remotely accessing a victim’s computer, the scammers deactivated antivirus software and other protection programs, and conducted further unauthorised remote access.The company in question, AFP said, has a professional website, an Australian 1800 business number, and uses Microsoft logos to give its operations an air of legitimacy.The AFP said it worked closely with Microsoft to gather information about the products being sold and offshore entities linked to the Australian business.

During the search, AFP investigators seized documents and electronic devices, which will be subject to analysis by AFP Cybercrime Operations. The investigation is ongoing and the AFP is not ruling out charges as a result of the search warrant activity, it said.”Police are assessing evidence seized and will continue to work with Microsoft and IDCARE to determine how many Australian customers may have been affected by these types of scams,” the AFP said.AFP Commander Goldsmid took the opportunity to caution people to only download software from the Microsoft store or official Microsoft partner websites. He said the public needs to be aware of the risks associated with unlicensed businesses and carefully vet who they allow to access their computers.”Be wary of downloading software from third-party sites, as some of them might be outdated or may have been modified to include malware and other threats,” he said.”In this instance the offending involved charging victims for products they didn’t need, and products the business was not authorised to sell. However, the consequences can be much worse — allowing scammers access to your computer may put you at risk of malware, computer viruses, or even the theft of your identification details and sensitive personal information via remote access that can occur without your knowledge.”Goldsmid said it’s an important reminder of how scams have evolved.”They’re not as obvious as an email from a Nigerian prince anymore,” he added. “Modern-day scammers are very technologically savvy and they will exploit victims’ trust in respected institutions to gain a profit.”MORE FROM THE AFP More

Singapore and Thailand have inked a bilateral agreement that enables users in both nations to transfer funds using the recipient’s mobile number. The pact taps the respective country’s peer-to-peer payment systems and is part of a regional payment initiative to ease cross-border payments. The new partnership helped establish connectivity between Singapore’s PayNow and Thailand’s PromptPay platforms, to enable fund transfers of up to SG$1,000 ($753.4) or THB25,000 ($793.96) using mobile numbers. Touted as the first of its kind globally, the deal was the result of “years of extensive collaboration” between the two countries’ central banks, according to a joint statement released by the Monetary Authority of Singapore (MAS) and Bank of Thailand (BOT).

Global pandemic opening up can of security worms

Caught by the sudden onslaught of COVID-19, most businesses lacked or had inadequate security systems in place to support remote work and now have to deal with a new reality that includes a much wider attack surface and less secured user devices.

Read More

Customers of participating banks in both countries would not be required to provide information such as the recipient’s full name or bank account, needing only a mobile number to facilitate the cross-border payment. The service would work in the same way PayNow and PromptPay transfers were carried out, with senders tapping their mobile banking or payment apps to make peer-to-peer fund transfers. Such transactions typically are completed within minutes, rather than an average of one to two working days for the usual cross-border remittance services. Banks participating on both platforms had pledged to set their fees against market rates, according to MAS and BOT. “The fees will be affordably priced and transparently displayed to senders prior to confirming their transfers,” they said. “Senders will also be able to view the applicable foreign exchange charges prior to sending their funds, with these rates benchmarked closely to prevailing market rates.”The connectivity between PayNow and PromptPay was part of efforts initiated under Asean Payment Connectivity, which was set up in 2019 to drive faster, cheaper, and more transparent cross-border payment pacts. The new Singapore-Thailand digital payment deal would continue to expand to include more participants and offer bigger transfer limits to facilitate business transactions, both countries said.

BOT’s governor Sethaput Suthiwartnarueput noted that PromptPay also supported QR-enabled cross-border payments with Japan, Lao PDR, Cambodia, and Vietnam. “Today’s PayNow-PromptPay linkage…will effectively address customers’ long-standing pain points in the area of cross-border transfers and remittances, including long transaction times and high costs,” Suthiwartnarueput said.MAS’ managing director Ravi Menon added: “[The partnership] shows that existing payments infrastructure and the banking system have the potential to provide seamless cross-border payment options to retail customers.”MAS’ shared objective with BOT is to work with our Asean counterparts to expand this bilateral linkage into a network of linked retail payment systems across Asean. With the rise of the digital economy, we want to empower individuals and businesses in the region with simple, swift, and secure cross-border payments through just a few clicks on their mobile phones,” Menon said.RELATED COVERAGE More