Information Technology

Microsoft has invested an undisclosed amount in cloud data management firm Rubrik as part of plan to jointly develop Zero Trust products built on the Azure cloud. Rubrik and Microsoft plan to provide Microsoft 365, data protection and cloud services on Azure, according to Rubrik. According to a Bloomberg source, Microsoft’s investment was in the “low tens of millions” and valued Rubrik at about $4 billion. The company, which competes with Dell EMC, Commvault and other storage and backup companies, was valued at $3.3 billion in 2019.   Rubrik provides cloud backup and recovery services on Azure, AWS, Google Cloud and Microsoft 365, as well as ransomware recovery services.Microsoft made the investment as it continues its push for organisations to adopt a Zero Trust architecture, which focuses less on hardening the network perimeter and aims to protect BYOD devices and applications that are used at work and home. The partnership will also help customers continue digital transformation projects and push more data to the cloud.Rubrik says its combination with Microsoft’s cloud will allow customers to protect critical applications such as SAP, SQL, Oracle, and VMware, as well as network attached storage (NAS)  devices with Azure. 

The two companies support more than 2,000 mutual customers globally, according to Rubrik. Rubrik, which launched in 2014, is a cloud-native enterprise backup and recovery service targeting customers running storage with legacy software.    Microsoft sees an opportunity to make the cloud a key defence against the rise in ransomware attacks, which often happen as a result of attackers scanning for and finding RDPs and VPNs exposed on the internet. This year has seen an uptick in multi-million-dollar ransomware demands that victims, such as Colonial Pipeline, have paid.”When an attacker tells you they have control to the keys to your data and you can’t get it back without paying a ransom, this allows us to have an alternative source for that data in real time to be able to bring that company back to operational control,” Tyler Bryson, a Microsoft vice president, told Bloomberg.”There’s a lot of backup solutions out there, but even those are vulnerable to having been compromised. If you didn’t design with the modern cloud architecture in mind, you may find you’ve just recovered to something already compromised.”  More

Multiple high-profile foundations and philanthropic organizations came together to criticize Facebook for shutting down the accounts of New York University (NYU) researchers investigating advertising disinformation on the platform.  The open letter was from the NetGain Partnership, which includes the Mozilla Foundation, Ford Foundation, John D. and Catherine T. MacArthur Foundation, the Omidyar Network and more. The group of foundations focus their work on fostering research into emerging technology.The letter, signed by the CEOs and presidents of each organization, lambasts Facebook for their decision to close the accounts of NYU researchers Laura Edelson and Damon McCoy. The two led a team of researchers that ran the Ad Observer browser extension, which allowed Facebook users to let the researchers see what ads pop up when they visit the social media platform.Facebook said in a statement on August 3 that the browser extension violated privacy regulations within Facebook and initially lied about being forced to shut down the project because of a deal with the FTC. The FTC later released its own letter slamming Facebook for lying about this and reiterating their order had no relation to the work of Edelson and McCoy. “The consent decree does not bar Facebook from creating exceptions for good-faith research in the public interest,” said Samuel Levine, acting director of the FTC’s consumer protection bureau. “Indeed, the FTC supports efforts to shed light on opaque business practices, especially around surveillance-based advertising.”The two researchers spent months going back and forth with Facebook but their accounts were shut down as soon as they announced a potential examination of Facebook disinformation about the January 6 attack on Congress. The foundations called Edelson and McCoy’s work “pathbreaking” and said it “brought to light systemic gaps in the Facebook Ad Library, identified misinformation in political ads, and studied Facebook’s amplification of divisive partisan campaigns.” 

“This action by Facebook also cut off access to more than two dozen other researchers and journalists, who relied on Ad Observer data for their research and reporting, including timely work on COVID-19 and vaccine misinformation,” the open letter explained. “This is only the latest example of Facebook’s attempts to curtail journalism and independent, academic research into their business and advertising practices. In the absence of more fulsome disclosure and transparency from the social media industry, independent research efforts have been essential to understanding how disinformation spreads on digital platforms. This research also uncovered how advertisers exploit the industry’s ability to micro-target advertisements, the extent to which bad actors use these platforms to exacerbate societal rifts and inequities, and the costs to civil society.”The influential members of the NetGain Partnership said they stood behind NYU’s Cybersecurity for Democracy project and the larger community of researchers who work on disinformation in social media.  The group’s work proved its worth by what it uncovered about Facebook’s platform, the open letter said, noting that Ad Observer discovered “highly partisan, misleading news sources receive more engagement on Facebook than more reliable news sources.”Facebook, they said, continues to take in advertisements from extremist groups and militias while still publishing discriminatory ads. The social media giant also fails to catch political ads that potentially violate its own rules. Like NYU, Edelson and McCoy explained when the shut down was announced, the open letter reiterates that Ad Observer only collected limited and anonymized information about the users who shared their ads. “When Facebook claims that the tool nonetheless violates the privacy of its ‘users,’ the ‘users’ it is referring to are the paying advertisers, who have already consented to making their ads public,” the open letter said. “Facebook’s latest actions undermine the independent, public-interest research and journalism that many of our foundations support. We believe research on platform and algorithmic transparency, like the work led by Cybersecurity for Democracy, is necessary to make evidence-based policy that is vital to a healthy democracy.” The group demanded Facebook urgently reinstate the accounts attached to the project and change its Terms of Service within the next three months to allow safe harbor for research that is “ethical, protects privacy and is in the public interest.””Our foundations share a vision for an open, secure, and equitable internet space where free expression, economic opportunity, knowledge exchange, and civic engagement can thrive,” the open letter said. “This attempt to impede the efforts of independent researchers is a call for us all to protect that vision, for the good of our communities, and the good of our democracy.” More

Apple is a business.This is the first thing you should know about it. It’s a company that exists to make money.It’s not your friend. It’s not a superhero. It’s not a religion.

As a company, it invites you to buy its products and services. If you don’t like what it has to offer, you’re free to move on.And I think that this confusion is at the heart of a lot of the criticism that Apple has received over the new child safety features that it is introducing. It’s quite a complicated and charged subject, and both Apple’s messaging, along with how the media have reported those messages, have created more confusion.  Add to that the fact that some people get very upset when Apple does something that doesn’t fit in with how they see the company, and it’s a recipe for disaster.However, the other day Apple released a document that went into great detail as to how the system will work, the steps that exist to keep false positives to a minimum, the mechanisms in place to prevent governments, law enforcement, and even malicious or coerced reviewers from abusing the system, and how Apple maintains the end user’s privacy throughout.

According to Apple, “the system is designed so that a user need not trust Apple, any other single entity, or even any set of possibly-colluding entities from the same sovereign jurisdiction (that is, under the control of the same government) to be confident that the system is functioning as advertised.”It’s a deep document, but it’s well worth a read.Must read: Apple iPhone could be forced to use USB-C instead of LightningBut these are just words on a page.It ultimately comes down to one thing.Do you trust Apple?

Well, do you?I think that this is a deep question, and one that goes further than scanning for images of child abuse (something that most people will think is a good thing for Apple to be doing). The trust issue here goes deeper.First, Apple has developed an on-device scanning system that can detect — with great accuracy — specific information. Right now, Apple is using this to filter out CSAM (child sexual abuse material) and to detect sexually explicit images sent or received by children via iMessage, but there’s nothing that prevents that mechanism being used to detect anything, whether it be religious, political, terrorist-related, pro/anti leanings on vaccines, cat photos, or anything else.And that scanning mechanism is backed into its devices.The Apple of the here and now might hand-on-heart swear that this system will only be used for good and that it won’t abuse it, but this is only reassuring to a point.Let’s take some simple but contemporary examples such as COVID-19 anti-vax misinformation, or climate-change denialism. What if Apple decided that it was in the interests of the greater good to identify this material and step in to prevent its dissemination? Might not be a bad thing. Might be a thing that enough people could get behind.And the CSAM mechanism would technically make this possible. Would it be right? One could argue that CSAM is illegal while anti-vax or climate-change misinformation is not.OK, but laws vary from country to country. What if a country asked Apple to step in to identify and report other material that is illegal in that country? Does it become a game of cherry-picking what material to detect and what not to detect based on the PR fallout?What if Apple decided to scan for any and all illegal material? The mechanism to do this is in place.Also, this is not only a question of space, but of time. The people at the helm of Apple today will not be the people at its helm in the future. Will they be so motivated to protect user privacy? Could they become complicit with abusing the system because of governmental pressures?These are all slippery-slope arguments, but that doesn’t eliminate the fact that slippery slopes do indeed exist and that vigilance itself is not a bad thing.Do you trust Apple? More

After another year of ransomware and supply chain attacks, Microsoft is talking up its role in helping to put US President Joe Biden’s May Executive Order on cybersecurity into practice.Microsoft is one of 18 cybersecurity companies that was selected to work with the National Institute of Standards and Technology (NIST) to develop Zero Trust designs that federal agencies can implement under Executive Order 14028.Instead of focusing on hardening the network perimeter, Zero Trust assumes that an organisation has already been breached and includes a design that acknowledges data needs to be protected both within and outside the network, across managed and unmanaged devices. Other vendors in the Zero Trust consortium include Amazon Web Services, Appgate, Cisco, F5, FireEye, IBM, McAfee, MobileIron, Okta, Palo Alto Networks, PC Matic, Radiant Logic, SailPoint Technologies, Symantec, Tenable, and Zscaler. Google and its BeyondCorp zero trust initiative is notably absent.   Biden’s order demanded CISA and NIST to create benchmarks for organisations managing critical infrastructure. It followed the SolarWinds hack targeting primarily federal agencies and US tech companies, the Exchange email server attacks, and the Colonial Pipeline ransomware attack. The SolarWinds attack, in particular, highlighted the need for zero trust, with the attacks occurring amid the mass shift towards remote work during the pandemic.The vendors in the project will be working with NIST’s National Cybersecurity Center of Excellence (NCCoE) to “develop practical, interoperable approaches to designing and building Zero Trust architectures” that are commercially available from US cybersecurity firms.Microsoft has previously identified five scenarios where zero trust can help agencies meet Biden’s order, including endpoint detection and response, multi-factor authentication, and continuous monitoring. 

Azure Active Directory is central to Microsoft’s plans for most of the five scenarios, which includes SaaS applications, legacy applications, protecting remote sever administration tools, and cloud segmentation. Azure also plays a key role in ‘micro-segmentation’ of the network. While Biden’s order only applies to federal agencies, the White House did encourage the private sector to take “ambitious measures” in the same direction.       Microsoft notes its proposed example solutions will include commercial and open-source products. Separately, the Linux Foundation has thrown its support behind Biden’s order to develop a Software Bill of Materials (SBOM), or a “formal record containing the details and supply chain relationships of various components used in building software.”The Zero Trust proposals from vendors are meant to align with NIST SP 800-207, Zero Trust Architecture, which was developed through meetings with Federal Chief Information Officer (CIO) Council, federal agencies, and industry. More

There’s been a rise in cyber attacks using a form of ransomware that first appeared almost two years ago. But despite being relatively old, it’s still proving successful for cyber criminals. Cybersecurity researchers at Trend Micro have detailed an increase in LockBit ransomware campaigns since the start of July. This ransomware-as-a-service first appeared in September 2019 and has been relatively successful, but has seen a surge in activity this summer.  

In adverts on underground forums, LockBit’s authors claim that LockBit 2.0 is one of the fastest file-encrypting ransomware variants in the market today. And those claims have proven interesting to cyber criminals seeking to make money from ransomware. Trend Micro researchers have seen a number of LockBit ransomware campaigns in recent weeks, predominantly targeting organisations in Chile, but also the UK, Italy and Taiwan. While LockBit has remained under the radar for much of this year, it hit the headlines with an attack against professional services firm Accenture. LockBit also appears to have benefited from the apparent disappearance of ransomware gangs including REvil and Darkside, with a significant number of affiliates of those operators turning towards LockBit as their new means of performing ransomware attacks.  The attackers often gain entry to networks using compromised Remote Desktop Protocol (RDP) or VPN accounts which have been leaked or stolen; alternatively, LockBit attacks sometimes attempt to recruit insiders to help gain access through legitimate login credentials. SEE: A winning strategy for cybersecurity (ZDNet special report)

LockBit has also gained success by following in the footsteps of prominent ransomware groups using certain tactics, techniques and procedures (TTPs) during attacks. For example, LockBit now uses Ryuk’s Wake-on-LAN feature, sending packets to wake offline devices in order to help move laterally around networks and compromise as many machines as possible.LockBit also uses a tool previously deployed by Egregor ransomware, using printers on the network to print out ransom notes. “They were heavily influenced by the Maze ransomware gang and when they shut down, they appear to have shifted their focus to Ryuk and Egregor ransomware gangs TTPs,” Jon Clay, VP of threat intelligence at Trend Micro, told ZDNet. “What we can take away from this is many malicious actor gangs likely follow the news of how successful other gangs are and look to model their TTPs themselves. Ransomware has evolved over time in order to continue to be successful for its creators,” he added. Like many of the most disruptive ransomware variants, LockBit also adds a double extortion element to attacks, stealing data from the victim and threatening to leak it if the ransom isn’t paid within a set period.  “The LockBit gang has been around for a while now and continue to update their TTPs in order to have successful attack campaigns,” said Clay. It’s expected that LockBit ransomware attacks will continue to be a cybersecurity threat for some time, particularly given that the group is actively advertising for additional affiliates. But while ransomware groups are aggressively persistent, there are actions which information security teams can take to help protect networks from attack. This includes applying the latest security patches and updates to operating systems and software, so cyber criminals can’t exploit known vulnerabilities to help launch attacks. Organisations should also apply multi-factor authentication across the network, making it harder for cyber criminals to use stolen credentials to help facilitate attacks. MORE ON CYBERSECURITY More

GitHub is urging its base of users to enable two-factor authentication as the platform shakes up how it protects accounts from compromise. 

ZDNet Recommends

The best password manager

Everyone needs a password manager. It’s the only way to maintain unique, hard-to-guess credentials for every secure site you and your team access daily.

Read More

In a blog post this week, Github’s Mike Hanley explained that beginning on August 13, GitHub stopped accepting account passwords when authenticating Git operations. The platform now requires people to use stronger authentication factors like personal access tokens, SSH keys, or OAuth or GitHub App installation tokens for all authenticated Git operations on GitHub.com. Hanley added that in addition to ditching passwords, GitHub has taken other measures like investing in verified devices, preventing the use of compromised passwords, supporting WebAuthn and more. GitHub announced the move in December. “If you have not done so already, please take this moment to enable 2FA for your GitHub account. The benefits of multifactor authentication are widely documented and protect against a wide range of attacks, such as phishing,” Hanley said. “There are a number of options available for using 2FA on GitHub, including: Physical security keys, such as YubiKeys. Virtual security keys built-in to your personal devices, such as laptops and phones that support. WebAuthn-enabled technologies, like Windows Hello or Face ID/Touch ID. Time-based One-Time Password (TOTP) authenticator apps Short Message Service (SMS).”Hanley added that Github was pushing users to take advantage of security keys or TOTPs instead of SMS, noting that it “does not provide the same level of protection and it is no longer recommended under NIST 800-63B.” According to Hanley, the strongest methods involve the WebAuthn secure authentication standard, some of which may even include physical security keys. 

“We are excited and optimistic about WebAuthn, which is why we have invested early and will continue to invest in it at GitHub,” Hanley said. Hanley went on to explain that once a user secures their account, they can also use a GPG key stored on their security key to digitally sign their git commits. Mark Risher, senior director of product management for Google’s Identity and Security Platforms, told ZDNet that they were excited to see GitHub move beyond passwords and instead opt for strong authentication for secure sign in. Google has been one of the leading companies behind the effort to make passwords a thing of the past.”Passwords alone are simply no longer enough for sensitive and high-risk activities; they’re too difficult to manage and too easy to steal,” Risher said. “Strong authentication has become not just important but essential to better protecting our accounts, so GitHub’s move is a huge step in the right direction, especially as we look toward a future without passwords.” More

T-Mobile has released an update on the recent claims that a hacker gained access to the names, addresses, PIN numbers, social security numbers and more of millions of T-Mobile customers.While initially denying the hacker’s claims that they had the information of 100 million T-Mobile customers, the telecom giant admitted that more than eight million customers had their information lost in the cyberattack. “Our preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile. Importantly, no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers,” T-Mobile’s public relations team said in a statement. “At this time, we have also been able to confirm approximately 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs were also exposed.”The company said it will be sending out letters to victims and is offering affected customers two years of free identity protection services with McAfee’s ID Theft Protection Service.They also urged all T-Mobile postpaid customers to change their PIN numbers through their T-Mobile account online or through contacting the Customer Care team by dialing 611. T-Mobile reiterated that their investigation did not uncover evidence that any postpaid account PINs were compromised. The company will additionally be offering an “extra step” to protect the accounts of postpaid customers. 

There will also be a webpage designed to help victims understand what happened and what they should do. “We have already proactively reset ALL of the PINs on these accounts to help protect these customers, and we will be notifying accordingly right away. No Metro by T-Mobile, former Sprint prepaid, or Boost customers had their names or PINs exposed,” a T-Mobile spokesperson said, admitting that social security numbers, names, dates of birth, and driver’s license information had been accessed.”We have also confirmed that there was some additional information from inactive prepaid accounts accessed through prepaid billing files. No customer financial information, credit card information, debit or other payment information or SSN was in this inactive file.”T-Mobile called the attack “highly sophisticated” and said the investigation has been “exhaustive,” adding that law enforcement was contacted. They confirmed what the hacker said earlier this week — that the access point used to gain entry to T-Mobile’s systems had been closed.”We take our customers’ protection very seriously and we will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in light of this malicious attack,” T-Mobile explained. The company has been under fire since an unknown cyberattacker boasted about stealing 106GB of data. They offered a sample of the stolen data on an underground forum allegedly containing 30 million social security numbers and driver’s licenses for the price of six Bitcoin. The unnamed hacker later spoke to Bleeping Computer and shared a screenshot of their SSH connection to a production server running Oracle. They did not try to ransom T-Mobile because they already had buyers online, according to their interview with the news outlet.The hackers also told another security researcher that they carried out the attack in retaliation for the treatment of John Erin Binns, a cybercriminal implicated by US law enforcement in the Satori botnet conspiracy.”The breach was done to retaliate against the US for the kidnapping and torture of John Erin Binns (CIA Raven-1) in Germany by CIA and Turkish intelligence agents in 2019,” the hacker allegedly told Alon Gal, co-founder of cybercrime intelligence firm Hudson Rock.”We did it to harm US infrastructure.” More

Image: Getty Images
Twitter said on Wednesday it was conducting a test that would allow users in the United States, South Korea, and Australia to report misleading tweets. The option will appear to users after clicking on the button to report a tweet. “We’re assessing if this is an effective approach so we’re starting small,” Twitter’s safety account said. “We may not take action on and cannot respond to each report in the experiment, but your input will help us identify trends so that we can improve the speed and scale of our broader misinformation work.” In February, Twitter was joined by Facebook, Google, Microsoft, Redbubble, and TikTok in signing up to the Australian Code of Practice on Disinformation and Misinformation. Political advertising is not misinformation or disinformation for the purposes of the code. In its first transparency report under the code released in May, Twitter said it had taken action against 3.5 million accounts globally for violation of rules, including suspending 1 million accounts and removing 4.5 million pieces of content. For 3,400 accounts globally, it was in relation to misleading information about COVID-19.

In Australia specifically, 37,000 Australian Twitter accounts were actioned for violating Twitter rules, resulting in 7,200 accounts being suspending and 47,000 pieces of content authored by an Australian account being removed. Twitter began automatically labelling tweets it regarded as having misleading information about COVID-19 and its vaccines, as well as a strike system that includes temporary account locks and can led to permanent suspension. While the system has led to the repeated suspension of misinformation peddlers such as US congresswoman Marjorie Taylor Greene, the system cannot handle sarcasm from users attempting humour on the topics of COVID-19 and 5G. In April, the Australian Department of Health published a page attempting to dispell any link between vaccines and internet connectivity. “COVID-19 vaccines do not — and cannot — connect you to the internet,” it stated. “Some people believe that hydrogels are needed for electronic implants, which can connect to the internet. The Pfizer mRNA vaccine does not use hydrogels as a component.” Related Coverage More