Information Technology

Image: Getty Images
The Victorian government plans to invest a total of AU$30 million to upgrade and modernise the IT infrastructure of 28 of the state’s hospitals and health services in a bid to guard against further cyber attacks.The AU$30 million will be divided amongst hospitals across Melbourne and regional and rural health services. Melbourne hospitals will receive a majority share of nearly AU$22 million, while the remaining AU$8 million will be split between regional and rural health services. To be delivered as part of the state government’s Clinical Technology Refresh program, the funding will be used specifically to replace older servers and operating systems with new infrastructure. The state government touted the new infrastructure will reduce IT outages, improve network speed, support the rollout of Wi-Fi at the bedside of patients, as well as enable the loading and viewing of high resolution medical imaging, telehealth, and access to clinical support and pathology results from other hospitals. “We are helping hospitals and health services across Victoria upgrade computers and IT infrastructure to strengthen reliability and cybersecurity,” Victorian Minister for Health Martin Foley said. “This is about protecting our health services from cyber attacks.”Last month, surgeries operated by Eastern Health in Victoria were forced to cancel some patient appointments after experiencing a “cyber incident”. Eastern Health operates the Angliss, Box Hill, Healesville, and Maroondah hospitals, and has many more facilities under management.

In a statement, Eastern Health said it took many of its systems offline in response to the incident.”Many Eastern Health IT systems have been taken off-line as a precaution while we seek to understand and rectify the situation,” it said.”It is important to note, patient safety has not been compromised.”Back in 2019, a similar incident affecting Victoria’s hospitals occurred, which resulted in them disconnecting themselves from the internet in an attempt to quarantine a ransomware infection. At the time, the Victorian Department of Premier and Cabinet revealed the impacted hospitals were in the Gippsland Health Alliance and the South West Alliance of Rural Health.The incident occurred shortly after the Victorian Auditor-General’s Office (VAGO) labelled the state’s public health system as highly vulnerable to cyber attacks, with a report flagging that security weaknesses within the Department of Health and Human Services’ (DHHS) own technology arm are increasing the likelihood of a breach in 61% of the state’s health services.”There are key weaknesses in health services’ physical security, and in their logical security, which covers password management and other user access controls,” VAGO wrote. “Staff awareness of data security is low, which increases the likelihood of success of social engineering techniques such as phishing or tailgating into corporate areas where ICT infrastructure and servers may be located.”In its audit, VAGO probed three health providers — Barwon Health, the Royal Children’s Hospital, and the Royal Victorian Eye and Ear Hospital — and examined how two different areas of the DHHS — the Digital Health branch and Health Technology Solution — provide health services in the state.In probing the health services, VAGO said it was also able to access accounts, including admin ones, using “basic hacking tools”. The accounts had weak passwords and no MFA.”All the audited health services need to do more to protect patient data,” the report said. “We also found that health services do not have appropriate governance and policy frameworks to support data security.”Related Coverage More

ExpressVPN is a popular VPN that’s easy to set up and easy to use. Oddly enough, though, it’s not much of a standout. Compared to other recommended VPN services, pricing is middle of the road, as are performance and features.

Locations: 160Countries: 94Simultaneous connections: 5Kill switch: yesLogging: noPrice: $12.95/month, or 12 months for $99.95Trial: 30-day refund guaranteeSupported platforms: iOS, Android, MacOS, Windows, Linux, game consoles, smart TVs, routers

View Now at ExpressVPN

I tried to find out exactly how many servers and IP addresses ExpressVPN has – since other VPN providers tout their numbers. Unfortunately, all the company told me (which is probably more honest and transparent than their stat-driven competitors) was this:The one place where ExpressVPN does stand out is in its vast number of client implementations. Whatever computing device you have – be it mobile, tablet, laptop or desktop of any OS flavor – ExpressVPN offers a version for your platform. Choosing a fast server connection When I evaluate a VPN, I avoid the big “Connect” button for a while after install. I’m usually far more curious about the various options and settings. In the case of ExpressVPN, I found an option under the “hamburger” menu that I like right away. This isn’t a point-to-point speed test like Fast.com or Speedtest.net. This is a test of all (or a subset) ExpressVPNs servers from your location. It took about five minutes, but it was worth the wait. ExpressVPN scans across all their servers to show which were faster in terms of both download speed and latency. Plus, it adds a speed index to tell you which server is faster overall. For me, here in Oregon, it was no surprise that a West Coast server was the fastest overall. It’s also possible to see servers in different countries and how they stack up.

This is a relatively simple and obvious feature. It’s a wonder more VPN providers don’t offer it. More connection options By default, ExpressVPN provides a very simple startup screen. Just hit the magic button and it will assign you to a server it recommends. Because I live in the Pacific Northwest, Seattle is an obvious choice for location. Many users will prefer to choose a location to connect. The ExpressVPN connection screen is clean and clear. You can choose from one of the recommended locations, as this screen shows. You can also browse through all locations. Or you can use the search bar to quickly pick a destination server at a desired location. The application allows you to set servers as favorites, so if you have a few you regularly return to, they’re easy to find. Settings and options The hamburger menu also provides access to ExpressVPN’s options screens. The General tab provides some insight into the capabilities ExpressVPN offers. While not a particularly unique feature, the fact that you can open the VPN on Windows startup and connect to the last used location when the app launches means that you can set up a default behavior to connect to a VPN as soon as your computer boots up. The app also supports a kill switch option, which you can enable or disable, as well as providing access to local devices like printers while connected to a remote server. It allows for traffic sculpting, too, enabling you to use the VPN for certain apps and not for other apps. This is a key feature if you want VPN protection or location translation for some connections, but want to use the full power and speed of your connection for other applications. The protocol setting screen has a lot of options for protocol geeks. You’re probably best just leaving it on Automatic unless you know what you’re doing or have a very specific preference. The Shortcuts tab simply lets you put a few web addresses on the main screen. The Browsers tab allows you to control the connection directly from a browser extension. Right now, it supports Chrome and Firefox. Edge is not supported. Finally, let’s look at the Advanced tab. ExpressVPN does allow you to share telemetry back to the company, but that option is properly disabled by default. You can eliminate IPv6 detection, a feature most will leave on. It’s always nice to optimize Windows networking. But the option that interests me most is the option to only use ExpressVPN DNS servers. Since a lot of leakage comes via DNS, it’s interesting that ExpressVPN is locking connections to their servers. Let’s see how well that works for them. Performance testing I installed the ExpressVPN application on a fresh, fully-updated Windows 10 install. To do this kind of testing, I always use a fresh install so some other company’s VPN leftovers aren’t clogging up the system and possibly influencing results. I have a 1Gb fiber feed, so my baseline network speed is rockin’ fast. To provide a fair US performance comparison, rather than comparing to my local fiber broadband provider, I used speedtest.net and picked a Comcast server in Chicago to test download speed. For each test, I connected to each server three times. The number shown below is the average result of the three connections. In looking at these numbers, it’s possible to get carried away by the difference in the baseline speed compared to the VPN speed. That’s not the best measurement, mostly because I have broadband over fiber so my connection speed is extremely high. Also, if you look at the baseline speeds between my reviews, you may notice that they differ considerably going to the same cities. Keep in mind that speed tests are entirely dependent on the performance of all the links between the two locations, and that also includes the time of day, how active those servers are, and how slow or fast the internet is on a given day. Normally, I include a connection to Russia among my tests. But because ExpressVPN does not have a server presence in Russia, I was unable to test performance to Rossiyskaya Federatsiya. Here are the results of my tests: Speed Test Server Baseline download speed without VPN (higher is better) Ping speed without VPN (lower is better) Time to connect to VPN Download speed with VPN (higher is better) Ping speed with VPN (lower is better) Leaks Dallas – CenturyLink 237.8Mbps 57ms 7.41 sec 118.17Mbps 101ms No Stockholm, Sweden – RETN 217.75Mbps 176ms 7.45 sec 114.91Mbps 179ms Somewhat Taipei, Taiwan – Taiwan Mobile 455.82Mbps 145ms 8.12 sec 123.73Mbps 172ms Somewhat Perth, Australia – Telstra 180.57Mbps 222ms 7.53 sec 97.83Mbps 223ms No Hyderabad, India – Excitel 366.59Mbps 244ms 7.92 sec 82.88Mbps 244ms No When you use a VPN service, it’s natural for performance to drop. After all, you’re running all your packets through an entirely artificial infrastructure designed to hide your path. The real numbers you should look at are the download speed and the ping speed. Are they high enough to do the work you need to do? For all connections, ExpressVPN was…meh. It wasn’t unusable, but it wasn’t stellar, either. That said, all VPN-based connection speeds were more than enough for almost all kinds of video, so it really was good enough. Ping speeds, on the other hand, were too slow to allow any sort of gaming where responsiveness is required. Ping speed is an indication of how quickly a response gets back after a network request is sent from your computer. The lag limitations here are due to actual physics. If you’re sending a packet across the planet, it will take longer to hear back than if you’re sending a packet across town. Security There are many different ways a VPN can fail you when it comes to security. But one of the most troublesome is when it reveals you as a potentially untrustworthy user. DNSLeak.com and dnsleaktest.com both identified my international connections as possible DNS leaks. This is not the case, because all of them (like the one below for Stockholm) showed the VPN-connected city, rather than my location here in Oregon. But there was another problem. Note that both DNS testing services identified my connection as coming from Security Firewall Ltd. No, that’s not ExpressVPN. But then, there’s this: Yeah, if I were running a site and I was concerned about fraud or VPN usage, I’d block these guys. And so, if your connection appears to be coming from such a concerning set of IPs, I’d call this a security connection fail. Security Firewall Ltd was identified for not just my Sweden connection, but for my Taiwan connection as well.  So if you’re using servers in Sweden and Taiwan and sites you’re connecting to either don’t allow a connection or make usage difficult, you’ll know it’s because, by virtue of your connection through Security Firewall Ltd, you’re considered a potentially troublesome user. Special.

I didn’t see this problem universally. When connecting to Australia, the DNS identified ServersAustralia as the ISP. When testing a connection to India, the ISP was identified as Host1Plus. Both have relatively benign reputations. It’s weird, though, unless ExpressVPN simply didn’t know about Security Firewall Ltd’s bad Google juice. I would have thought that since ExpressVPN is providing its own DNS, it would have changed up DNS entries for providers that have a tarnished reputation.

What are the pros and cons of ExpressVPN?

Pros:clean user interfaceeasy to set upthat great performance scan across all serversenormous library of device supportCons:relatively higher price than competitorsnon-standout performance and featuresthat weird Security Firewall Ltd thing  

The bottom line I like ExpressVPN, I do. It’s a breeze to set up and configure. I like how you can determine server speed across the entire network. And searching, saving, and configuring locations is dead simple. But there are a few things that might hold this product back versus its competitors. It’s more expensive than many. That’s not to say it’s wildly overpriced. But at $99 a year, it’s going to have trouble holding its own against those with cheaper plans. Performance was also not standout. Like I said above, it’s good enough for video, so performance really is good enough to get the job done. It’s just not a wow — except in the ping sense. There, it’s wow, pings take soooo long. Connection speed wasn’t annoying either. But then there’s that connection to Security Firewall Ltd. You never want an account to be associated with high fraud risk ISPs or IP addresses. Also, if you’re trying to hide the fact that you’re using a VPN, this might not do it. So, let’s use my two-criteria metric on ExpressVPN: If you’re counting on this VPN to protect your life: Don’t use it.If you’re counting on this VPN to protect coffee shop surfing: Sure, it’s fine.And there you go. There’s nothing really standout about ExpressVPN, but it’s fine. I’d use it when out and about, sipping my peanut butter mocha. Mmm. Peanut butter mocha…You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.

ZDNet Recommends More

Whether you’re writing corporate policies for business workers or university policies for faculty and staff, crafting an effective IT policy can be a daunting and expensive task. You could spend hours writing a policies and procedures manual yourself, but consider how much your time is worth. According to job site Glassdoor, the average salary of an IT Director in the U.S. is over $140,000 (depending on geographic location, company, education, etc.). Over a year, that salary breaks down to about $67 per hour. If it takes you one work day to write an IT policy, that single policy cost you $536 ($67 x 8 hours). Don’t have time to write a business or university policy? You can pay a consultant hundreds of dollars to create one for you, but there’s a better way. Download a policy template from TechRepublic Premium. For less than what it would cost to create a single policy, TechRepublic Premium subscribers get access to over 100 ready-made IT policies. Just need one or two policies? We’ve got you covered. You can also purchase individual technology policies if that’s all you need. Once you download one of our information technology policy templates, you can customize it to fit your company’s needs. Here’s a sample of the types of policies in our library. IT security policies Security incident response policy: The Security Incident Response Policy describes the organization’s process for minimizing and mitigating the results of an information technology security-related incident, such as a data breach, malware infection, insider breach, distributed denial of service attack (DDoS attack) and even equipment loss or theft. The policy’s purpose is to define for employees, IT department staff and users the process to be followed when experiencing an IT-security incident. Data encryption policy: The policy’s purpose is to define for employees, computer users and IT department staff the encryption requirements to be used on all computer, device, desktop, laptop, server, network storage and storage area network disks and drives that access or store organization information to prevent unauthorized access to organization communications, email, records, files, databases, application data and other material.

Information security policy: From sales reports to employee social security numbers, IT is tasked with protecting your organisation’s private and confidential data. To accomplish this, you need to define acceptable and unacceptable use of systems and identify responsibilities for employees, information technology staff, and supervisors/managers. This policy offers a comprehensive outline for establishing standards, rules and guidelines to secure your company’s sensitive data. VPN usage policy: Using a VPN to access internal resources comes with responsibilities to uphold network security, as well as to safely and equitably use company information resources. This policy will help you enforce security standards when it comes to VPN use. Password management policy: Employee passwords are the first line of defense in securing the organization from inappropriate or malicious access to data and services.  Password-driven security may not be the perfect solution, but the alternatives haven’t gained much traction. This password policy defines best practices that will make password protection as strong and manageable as possible. Mobile device security policy: More and more users are conducting business on mobile devices. This can be due to increases in remote workers, travel, global workforces, or just being on-the-go. This policy provides guidelines for mobile device security needs in order to protect businesses and their employees from security threats. Identity theft protection policy: Help protect your employees and customers from identity theft. This policy outlines precautions for reducing risk, signs to watch out for, and steps to take if you suspect identity theft has occurred. Remote access policy: This policy outlines guidelines and processes for requesting, obtaining, using, and terminating remote access to organization networks, systems, and data. User privilege policy: This policy provides guidelines for the delegation of user privileges on organization-owned systems and guidance for high-privilege and administrator accounts. Perimeter security policy: While security principles should apply throughout the organization, locking down the perimeter and ensuring only necessary connections get through is an especially critical goal. This policy provides guidelines for securing your organization’s network perimeter from potential vulnerabilities. Security awareness and training policy: A security policy is only as valuable as the knowledge and efforts of those who adhere to it, whether IT staff or regular users. This policy is designed to help your information technology staff guide employees toward understanding and adhering to best security practices that are relevant to their job responsibilities and avoid a potential security incident. IT emergency response and disaster recovery policies Disaster recovery policy and business continuity plan: Natural and man-made disasters can jeopardize the operations and future of any company, so it’s critical to develop a plan to help ensure ongoing business processes in a crisis. This download explains what needs to go into your DR/BC plan to help your organization prepare for-and recover from-a potential disaster. Severe weather and emergency policy: This policy template offers guidelines for responding to severe weather activity and other emergencies. The download includes both a PDF version and an RTF document to make customization easier. Resource and data recovery policy: All employees should be familiar with the processes for recovering information if it becomes lost, inaccessible, or compromised. This policy provides guidelines for the recovery of data from company-owned or company-purchased resources, equipment, and/or services. Incident response policy: Whether initiated with criminal intent or not, unauthorized access to an enterprise network or campus network is an all too common occurrence. Every enterprise needs to establish a plan of action to assess and then recover from unauthorized access to its network. This policy provides a foundation from which to start building your specific procedures. IT personnel policies Contract work policy: It’s common practice for companies to leverage contractors in order to offload work to specialized individuals or reduce costs associated with certain tasks and responsibilities. Our Contract work policy can help your company establish guidelines for retaining, overseeing and terminating contracts including orientation, access and role determinations and business considerations. IT training policy: Successful IT departments are defined not only by the technology they deploy and manage, but by the skills and capabilities of their people. This IT training policy is designed to help workers identify training options that fit within their overall career development track and get the necessary approvals for enrollment and reimbursement. Employee Performance Review Policy: A good performance review emphasizes the positives and seeks to turn weak areas into measurable goals to strengthen employee abilities and adherence to job responsibilities. It also solicits input from employees to address any issues or concerns they may have with their role at the company. TechRepublic Premium’s Performance Review Policy and the accompanying review template can help you answer these questions and implement fair, effective and comprehensive reviews for your staff. Third party vendor policy: Many businesses rely on outside companies, known as third party organizations, to handle their data or services.This policy provides guidelines for establishing qualified third party vendors with whom to do business and what requirements or regulations should be imposed upon their operational processes. Moonlighting policy: Moonlighting, is especially frequent in technology where people with varying skills and backgrounds may find their abilities in demand by multiple companies. This policy provides guidelines for permissible employee moonlighting practices to establish expectations for both workers and organizations. Drug and alcohol abuse policy: This policy provides a working framework for establishing rules and procedures that prohibit drug and alcohol use on company premises or in company vehicles.  Employee non-compete agreement: Don’t let your valuable corporate assets, proprietary information, or intellectual property walk out the door when an employee leaves the company. Workplace safety policy: This policy will help ensure that your company facilities are safe for all employees, visitors, contractors, and customers.  Severance Policy: The Severance Policy outlines the differences between simple departure scenarios where the employee is paid a final check for the time they worked and any unused vacation hours, as well as more complex situations. Interviewing guidelines policy: This policy will help organizations conduct useful and appropriate interviews with potential new hires, both from a proper methodology perspective and a legal standpoint. Employee objectives policy: Defining objectives is a prime way to motivate employees, giving them tangible proof of their accomplishments, their progress, and their contributions to the business. However, it’s important to follow certain guidelines to provide an effective framework for establishing objectives, monitoring them, and helping employees complete them. Personnel screening policy: This policy provides guidelines for screening employment candidates, either as full-time or part-time employees, or contingent workers, including temporary, volunteer, intern, contract, consultant, offshore, or 1099 workers) for high-risk roles. It aims to ensure that candidates meet regulatory and circumstantial requirements for employment. Telecommuting policy: This policy describes the organization’s processes for requesting, obtaining, using, and terminating access to organization networks, systems, and data for the purpose of enabling staff members to regularly work remotely on a formal basis. IT staff systems/data access policy: IT pros typically have access to company servers, network devices, and data so they can perform their jobs. However, that access entails risk, including exposure of confidential information and interruption in essential business services. This policy offers guidelines for governing access to critical systems and confidential data. Ergonomics policy: A safe and healthy work environment provides the foundation for all employees to be at their most productive. Not only does it promote productivity in the workforce, it also helps prevent accidents, lawsuits, and in extreme cases, serious injury and potentially loss of life. This policy establishes procedures to help ensure a safe, ergonomically healthy environment. IT asset management policies IT Hardware inventory policy: This policy describes guidelines your organization can follow to track, process, and decommission IT equipment. Asset control policy: This customizable policy template includes procedures and protocols for supporting effective organizational asset management specifically focused on electronic devices. IT hardware procurement policy: A strong hardware procurement policy will ensure that requirements are followed and that all purchases are subject to the same screening and approval processes. BYOD Policy: Our BYOD (Bring Your Own Device) Policy describes the steps your employees must take when connecting personal devices to the organization’s systems and networks. Home usage of company-owned equipment policy: Employees who work from home often use company-supplied systems and devices, which helps ensure that they have consistent, state-of-the-art equipment to do their work. However, organizations should provide usage guidelines, such as this policy, covering the responsibilities of IT staff and employees. Hardware decommissioning policy: When decommissioning hardware, standard and well-documented practices are critical. The steps outlined in this policy will guide your staff methodically through the process. Assets won’t be unnecessarily wasted or placed in the wrong hands, data stored on this hardware will be preserved as needed (or securely purged), and all ancillary information regarding hardware (asset tags, location, status, etc.) will be updated. Acceptable Use Policy: Equipment: Employees rely on IT to provide the equipment they need to get things done. This policy template assists in directing employees to use that equipment safely and within organizational guidelines. IT software management policies Software usage policy: This policy is designed to help companies specify the applications that are allowed for installation and use on computer systems and mobile devices systems owned by the organization. It also covers the appropriate usage of these applications by company employees and support staff. Development lifecycle policy: Software development is a complex process which involves a specific series of steps (known as the development lifecycle) to transform a concept into a deliverable product. The purpose of this policy is to provide guidelines for establishing and following a development lifecycle system. Patch management policy: A comprehensive patching strategy is a must in order to reap the benefits, however a willy-nilly approach can result in unexpected downtime, dissatisfied users and even more technical support headaches. This policy provides guidelines for the appropriate application of patches. Artificial intelligence ethics policy: Artificial intelligence has the power to help businesses as well as employees by providing greater data insights, better threat protection, more efficient automation and other advances. However, if misused, artificial intelligence can be a detriment to individuals, organizations, and society overall. This policy offers guidelines for the appropriate use of and ethics involving artificial Intelligence. Scheduled downtime policy: IT departments must regularly perform maintenance, upgrades, and other service on the organization’s servers, systems, and networks. Communicating scheduled downtime in advance to the proper contacts helps ensure that routine maintenance and service tasks do not surprise other departments or staff, and it enables others within the organization to prepare and plan accordingly. Internet and email usage policy: This policy sets forth guidelines for the use of the internet, as well as internet-powered electronic communications services, including email, proprietary group messaging services (e.g., Slack), and social networking services (e.g., Facebook, Twitter) in business contexts. It also covers Internet of Things (IoT) use, and bring-your-own-device (BYOD) practices. Virtualization policy: Virtualization platforms are available from a number of vendors, but it’s still critical to maintain your virtualization environment to avoid unnecessary resource consumption, out of-compliance systems or applications, data loss, security breaches, and other negative outcomes. This policy defines responsibilities for both end users and the IT department to ensure that the virtualized resources are deployed and maintained effectively. Machine automation policy guidelines: Many industries rely on machine automation implementations to save money and reduce risk. However, along with the benefits comes the critical need to implement policies for its proper use. This set of guidelines will help your organization keep its machine automation safe, reliable, and in compliance. Software automation policy guidelines: Software automation is used for many business and IT processes, depending on industry vertical and individual company business and IT needs. Because this automation is far-reaching, policy considerations touch on many areas. This set of guidelines will help you cover all the bases as you build a comprehensive software automation policy. About TechRepublic Premium TechRepublic Premium solves your toughest IT issues and helps jumpstart your career or next project. Complex tech topics are distilled into concise, yet comprehensive primers that keep you (and your CEO, CFO, and boardroom) ahead of the curve. Save time and effort with our ready-made policies, templates, lunch-and-learn presentations, and return-on-investment calculators. We have the information, documents, and tools every IT department needs – from the enterprise business unit to the one-person shop – all in one place. More

Cyber criminals are targeting vulnerable Microsoft Exchange servers with cryptocurrency mining malware in a campaign designed to secretly use the processing power of compromised systems to make money.  Zero-day vulnerabilities in Microsoft Exchange Server were detailed last month when Microsoft released critical security updates to prevent the exploitation of vulnerable systems.

Exchange attacks

Cyber attackers ranging from nation-state-linked hacking groups to ransomware gangs have rushed to take advantage of unpatched Exchange servers — but they’re not the only ones. SEE: Network security policy (TechRepublic Premium) Cybersecurity researchers at Sophos have identified attackers attempting to take advantage of the Microsoft Exchange Server ProxyLogon exploit to secretly install a Monero cryptominer on Exchange servers. “Server hardware is pretty desirable for cryptojacking because it usually has a higher performance than a desktop or laptop. Because the vulnerability permits the attackers to simply scan the whole internet for available, vulnerable machines, and then roll them into the network, it’s basically free money rolling in for the attackers,” Andrew Brandt, principal threat researcher at Sophos, told ZDNet. Monero isn’t nearly as valuable as Bitcoin, but it’s easier to mine and, crucially for cyber criminals, provides greater anonymity, making the owner of the wallet — and those behind attacks — harder to trace.

While being compromised by a cryptocurrency miner might not sound as bad as a ransomware attack or the loss of sensitive data, it still represents a concern for organisations. That’s because it means cyber attackers have been able to secretly gain access to the network and, crucially, that the organisation still hasn’t applied the critical updates designed to protect against all manner of attacks. According to analysis by Sophos, the Monero wallet of the attacker behind this campaign began receiving funds from mining on March 9, just a few days after the Exchange vulnerabilities came to light, suggesting the attacker was quick off the mark in exploiting unpatched servers. The attacks begin with a PowerShell command that retrieves a file from a previously compromised server’s Outlook Web Access logon path, which in turn downloads executable payloads to install the Monero miner. Researchers note that the executable appears to contain a modified version of a tool that’s publicly available on Github; when the content is run on a compromised server, evidence of installation is deleted, while the mining process runs in memory. SEE: Cybercrime groups are selling their hacking skills. Some countries are buying It’s unlikely that the operators of servers that have been hijacked by crypto-mining malware will notice there’s an issue — unless the attacker gets greedy and uses an extensive amount of processing power that’s easily identified as unusual. To protect networks against attacks that exploit the vulnerabilities in Microsoft Exchange Server, organisations are urged to apply the critical security updates as a matter of immediate priority. “A lot of this speaks to the need for servers, especially internet-facing servers, to be running modern endpoint protection on them. Other than that, Microsoft has spelled out pretty clearly what’s needed to patch the vulnerabilities, so admins need to just be diligent and do those things,” said Brandt.

MORE ON CYBERSECURITY More

Microsoft’s latest preview for its advanced security product Microsoft Defender for Endpoint now supports unmanaged devices running Windows, Linux, macOS, iOS and Android as well as network devices.The public preview of Microsoft Defender for Endpoint aims to address the rise in post-pandemic hybrid work environments, where people may be using their own computers and devices from home and then bringing them to work and plugging them into the corporate network.

“The riskiest threat is the one you don’t know about. Unmanaged devices are literally one of your weakest links,” says David Weston, Microsoft’s director of enterprise and OS security.   “Smart attackers go there first. With work-from-home, the threat has grown exponentially, making discovering and applying security controls to these devices mission critical.”   SEE: Network security policy (TechRepublic Premium)Microsoft Defender for Endpoint is different to Microsoft Defender antivirus, which is built into all Windows 10 devices. Instead, it offers enterprise security teams incident response and investigation tools and lives as an instance in the Azure cloud. It was formerly known as Microsoft Defender Advanced Threat Protection.The new capabilities should make it easier to discover and secure unmanaged PCs, mobile devices, servers, and network devices on a business network.

It’s meant to help IT teams more easily configure devices for patching when there are operating system or software bugs, as well as address BYO apps and devices, including routers, firewalls, WLAN controllers. “Once network devices are discovered, security administrators will receive the latest security recommendations and vulnerabilities on them,” Microsoft says. “Discovered endpoints (such as workstations, servers, and mobile devices) can be onboarded to Microsoft Defender for Endpoints, allowing all its deep protection capabilities.”IT security teams can test out the public preview for unmanaged devices by turning on preview features for Microsoft Defender for Endpoint. The product is available with Standard and Basic discovery, however for the public preview all customers will have Basic. It uses “unicast or broadcast network events captured by the onboarded devices to discover unmanaged endpoints,” Microsoft explains in a blogpost.”Basic discovery uses the SenseNDR.exe binary for passive network data collection and no network traffic will be initiated.”SEE: Ransomware: Why we’re now facing a perfect stormOn May 10, Microsoft plans to automatically switch all tenants from Basic to its recommended Standard discovery, which is an active discovery method that relies on managed devices to probe the network for unmanaged devices. It then relies on interfaces on discovered devices to collect threat, vulnerability and metadata used for device fingerprinting.Microsoft says it has built in privacy controls for preventing the feature from discovering private devices used at home, such as smart devices, TVs, and gaming consoles.”There is built-in logic to prevent this, and a level of control to define what networks this discovery process runs against. The logic was designed to differentiate between corporate networks and non-corporate networks, to avoid discovery of private or public devices not controlled by the organization. Strict conditions are in place to ensure such devices won’t be discovered and presented in the portal,” Microsoft explains. More

In late March, the Australian Parliament suffered an IT disruption that resulted in MPs and senators losing access to email over the weekend, with some complaining into the week that their access was “patchy”.Facing Senators during an Estimates spill-over hearing on Wednesday, Australian Security Intelligence Organisation (ASIO) Director-General Mike Burgess was asked about the incident and whether or not his agency has received a briefing on it. “No, we wouldn’t typically receive a briefing on the outage,” he replied. “But of course, we are charged with looking at threats to security, including potential espionage and foreign interference, so we do pay attention to activities, and we do have an understanding of what happened there.”He said the incident wasn’t for him to comment on, suggesting senators direct their questions to others. He did say he was not concerned directly by that outage.”Of course, it’s a useful time to highlight that espionage, including cyber espionage, is alive and well,” he said. “And there’ll be people who have cracks at networks and mobile devices, but that’s not [just] nation states, that could be criminals or individuals acting alone. “There’s a range of reasons networks can be disrupted, but it may not be for cyber adversary or criminal means, it could actually be just an action network operators take that cause of disruption.”

Rejecting the characterisation it was an “attack”, Burgess reiterated his position. “As the director of security, I’m not concerned, by what I’ve seen,” he repeated.”From my point of view of, ‘is espionage or cyber espionage being occurred?’ I’m not concerned by that incident.”Of course, in the broad, any network connected to the internet is subject to that frequently and the levels of cyber espionage attempts in this country are pretty high, so I remain concerned about that and through the actions of others, the [Australian Cyber Security Centre] that is dealing with the terms of that outage, I am not concerned.”Burgess was also asked to provide his opinion on the status of the Department of Parliamentary Services networks.”We do not concern ourselves with cybersecurity details,” he said. “We’re more focused on actually the threats coming at this country, including the Department of Parliamentary Services networks, how they do that as a matter for this Parliament and the Department of Parliamentary Services, and in terms of technical advice they receive, they take that from the Australian Signals Directorate’s Cyber Security Centre.”Burgess said ASIO would approach the department if it had security concerns around espionage, foreign interference, sabotage, or any security concerns that it cares about.”We would get involved if there was activities occurring, which caused us to choose to investigate, to make sure that a human or some espionage or cyber espionage was occurring or had occurred — we would investigate such matters and we do that in concert with the people we needed to,” he added.The parliamentary network and Australia’s political parties were not successfully defended during an attack in February 2019.For eight days, the attacker described as a state actor was able to remain on the network, affecting everyone with an Australian Parliament House email address, including politicians and all of their staff.  RELATED COVERAGE More

More networks, industries, and machines will be interconnected as 5G become more widely available, making security an even bigger challenge for businesses in Asia-Pacific. Along with this, they also will have to deal with the increased complexity of managing 5G infrastructures, including the use of network slicing.  Beyond just providing consumers with faster data speeds, the emergence of 5G networks would see more industries and devices connected as enterprises tapped the lower latency the technology could deliver, said John Harrington, Nokia’s senior vice president and head of Asia-Pacific Japan.  The COVID-19 pandemic also had accelerated the digitalisation of physical industries such as energy and transport and their reliance on high-speed, digital connectivity, he said in a call with ZDNet. 

Singapore, for instance, was giving out grants to drive the development and adoption of 5G products and services, focusing on key technology areas that encompassed Internet of Things (IoT), robotics, and artificial intelligence (AI), and verticals such as urban mobility and maritime.  Pointing to its use in smart cars and manufacturing, Harrington said 5G could drive significant economic growth opportunities and value for the Asian region.  GSMA, in fact, had projected Asia-Pacific to be the world’s largest 5G region by 2025, hitting 675 million connections–or more than half of the global volume. The industry group, though, had revised its 2020 projection of 5G connections to be 20% lower than its previous forecast, due to the global pandemic.  It said the region’s growth would be led by markets such as China, Japan, and South Korea, with mobile operators investing $331 billion building out their 5G networks. GSMA further estimated that 24 markets across Asia-Pacific would have launched 5G by 2025, including China where 28% of mobile connections would run on 5G networks and account for a third of the world’s 5G connections.

With the increased interconnectivity, security would be a major challenge for organisations here, Harrington noted. He stressed the need to ensure networks were secured and trusted, even as they adhered to industry open standards to drive competition. This would be essential as 5G played a key role in critical infrastructures, he said, such as its use to facilitate real-time video streaming to monitor the performance of cranes or the remote operations of such equipment. These networks also would have increased complexity to maintain and ensure their reliability, he added. The use of network slicing, for instance, could be difficult to manage unless companies acquired the know-how to do so, he said.  Pitched as a prominent feature of 5G, network slicing is touted to enable connectivity and data processing that is customised to the customer’s specific requirements. Nokia last October unveiled a 4G and 5G automation network slicing offering that it said could slash costs associated with boosting networking capacity.  Last month, it also announced plans to cut up to 10,000 jobs and take the EUR 600 million savings to invest in new products and research, including 5G and cloud. Asked about the impact of the restructuring on its Asia-Pacific business, Harrington declined to comment on specific markets, but said the move was necessary to simplify Nokia’s operations and make it “easier to do business with” the vendor. He added that the company had been through a series of mergers and acquisitions, making it necessary to review its organisational structure and make it more nimble and easier to work with. The job cuts were part of this reorganisation and efforts to reduce some of its costs and improve its margins, he said. According to Harrington, Nokia has 19 5G customers in Asia-Pacific, including Globe in the Philippines as well as M1 and StarHub in Singapore, both of which are joint 5G licensees in the city-state.RELATED COVERAGE More

Image: Nvidia/Volvo
The importance of semiconductors in society has reached such a point that supply chain constraints in the sector are having drastic impacts on other parts of society. Last week, American auto giants General Motors and Ford said they would idle some of their factories due to a shortage of semiconductors, sending tens of thousands of workers onto approximately 75% pay, the Washington Post reported. It is expected that worldwide production drops will be measured in the millions. In the wake of such developments, Nvidia CEO Jensen Huang has said the automotive supply chain needs to be re-engineered. “The automotive industry supply chain has to be reinvented — that’s very clear,” he told journalists this week after delivering the GTC 2021 keynote. “What the industry experienced was unfortunate, and hopefully in the future, unnecessary.” Huang is not without a horse in the race, with Nvidia announcing its Atlan automotive processor this week, which is due literally to hit the road in 2025. “That has the ability to replace at least four of the major ECUs [electronic control units], the most complex ECUs in the car, and unify it in software into one programmable system — I think that that’s the right direction — to take the car industry from integration of a whole bunch of embedded controllers into a software-defined future where the computer inside is much more sophisticated and powerful.”

Even though major tech companies have been hit by the shortages and Nvidia’s latest GPU are rarer than hen’s teeth for consumers, Huang said other sectors were “largely unaffected” compared to automakers. “All my colleagues in the automotive industry recognise the importance to re-engineer the supply chain,” he said. “So that it’s much more direct to the source and reduce the number of layers and layers and layers and layers of responsibility, passing, that ultimately leads to the building of a car.” For supply matters much more closer to Nvidia’s GPU bread and butter, Huang said it was a case of consumers clambering for products made on a “leading edge process” and semiconductor manufacturers were all feeling pressure. “TSMC and Samsung and Intel are feeling great demand and great pressure,” he said. Everything announced at Nvidia’s GTC 2021: A data center CPU, SDK for quantum simulations and more “I think that we just have to recognise that leading edge process cannot be a fraction of the overall capacity of the industry, it has to be a larger percentage of it, and I think these leading edge semiconductor companies are aware of that and they’re mindful of that. “But it will take a couple of years before we get leading edge capacity to the level that that is supportive of the global demand of digital technology.” The big announcement during the company’s keynote on Monday was its Arm-based Grace CPU aimed at the AI and high-performance markets.Grace systems will be able to train a one trillion parameter natural language processing model 10x faster than today’s state-of-the-art Nvidia DGX-based systems, which use x86 CPUs. With Nvidia’s 4th Gen NVLink interconnect able to run at 900 Gbps between Grace and the GPUs, which the company said gives 30x higher aggregate bandwidth compared to today’s leading servers. The first supercomputers from HPE using Grace are slated for 2023. Due to its language processing capabilities, Huang said he expected the major cloud providers to all be customers, because they have language models that must be kept up to date. “Language is drifting very quickly and therefore the concept of model decay is a very significant thing,” he said. “For example … if you asked about ‘pandemic’ two years ago, it would come up with very different results, and very different answers than today. “You can’t afford to train your models, your language models, very infrequently, you need to make sure you train them very frequently.” An additional bonus to Nvidia will be that customer support spans every language, and each language demands a different model. “They’ll be used by insurance companies, they’ll be used by financial companies, they’ll be used by any company with a lot of customer service, and it will have to be replicated for every language, the language of every domain, whether it’s financial services in English, its financial services in Japanese — very different,” Huang said. “Healthcare in English, healthcare in Russian — very different — and so all of these different domains, every single combination.” Grace is being manufactured at TSMC using a “very advanced process”. Nvidia is not a cybersecurity company Among the slew of announcements on Monday was the Morpheus framework, which is designed to allow real-time packet inspection over all traffic flowing in a data centre when combined with Nvidia’s Bluefield data processors and an EGX analysis node. “The applications are disaggregated meaning a single application doesn’t run on one computer, it runs on many computers. And  the way they communicate is … unsecured,” Huang said. “The combination between the fact that you’re cloud native, you’re hybrid cloud, and the fact that your data centre is disaggregated, exposed the inside of the data centre tremendously, and you have to assume that the intruder is already inside. According to the Nvidia founder, inspecting every packet in a data centre would not be possible without the company’s hardware and AI chips, but that does not mean the company is getting into the cyber game itself. “We create this end-to-end system, we create the platform, and then cybersecurity companies … they’re so excited about this because finally they have the system necessary to deploy their cybersecurity algorithms — and that’s what they do,” he said. “We’ll create a platform, think of it as a computer system, and they provide the applications and services, and so we’re not a cybersecurity company, but we’re going to be a computing company that enables a computing platform that enables cybersecurity.” Those working with Nvidia on Morpheus include Cloudflare, F5, Fortinet, Canonical, Red Hat, and VMware. Related Coverage More