Information Technology

Panasonic and McAfee are joining forces to establish a vehicle security operations center (SOC) to tackle the ongoing threat of cyberattacks. 

Announced on Tuesday, the new partnership involves both companies jointly creating an SOC to “commercialize vehicle security monitoring services,” with a specific focus on early detection and response.  Smart and intelligent vehicle features, now becoming more common in new models, require connectivity. This is usually established through Bluetooth and internet connections, which — unless properly protected — can also give attackers a chance to establish a foothold into a vehicle’s system. In addition, software vulnerabilities can also be exploited to tamper with a car’s functionality.  While everything from machine learning-based driver assistance, maps, and entertainment apps are being developed in the automotive industry to appeal to modern drivers, cybersecurity is not necessarily being given the same attention — a gap Panasonic and McAfee aim to plug.  This isn’t Panasonic’s first rodeo in vehicle-based cybersecurity. The company has already developed an automotive intrusion detection system, which can be mounted on a car, to scan for evidence of suspicious activities or cyberattack attempts. This data is then transmitted to the vehicle SOC and event system that can analyze the potential threat.  It is this threat data that McAfee can then contribute to, by providing threat intelligence and general support to the vehicle SOC, which is intended to become a global service.  “With the innovative development of autonomous driving, the advancement of digitalization, and the increasing number of connected cars, the risk of cyberattacks against automobiles is increasing every year,” the companies commented. “It has become urgent for the automotive industry to establish mechanisms to protect and monitor vehicles.” Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

The Clop ransomware group has posted financial documents and passport information allegedly belonging to the University of Maryland and the University of California online. 

On March 29, the threat actors began publishing screenshots of data allegedly stolen from the US educational institutes.  These screenshots, including records that allegedly belong to the University of Maryland, Baltimore, show a federal tax document, requests for tuition remission paperwork, an application for the Board of Nursing, passports, and tax summary documents. The leaked data snapshots exposed sensitive information points including the photos and names of individuals, home addresses, Social Security numbers, immigration status, dates of birth, and passport numbers. Sensitive information has been redacted in the screenshots below.The University of California, Merced, also appears to have been subject to the same group’s tactics. Screenshots published by the group, viewed by ZDNet via Kela’s threat intelligence suite Darkbeast, include lists of individuals and their Social Security numbers, retirement documentation, and 2019/2020 benefit adjustment requests. 

In addition, the leaked data appears to include late enrollment benefit application forms for employees and UCPath Blue Shield health savings plan enrollment requests. Clop has been linked to a string of cyberattacks against businesses. Clop is one of many threat groups that will employ a ‘double-extortion’ tactic, in which ransomware may be deployed on a compromised machine first, and then the cybercriminals threaten to make corporate or sensitive stolen datasets public on a leak site unless blackmail demands are met.Earlier this month, the group leaked data allegedly belonging to the universities of Miami and Colorado. On the same day, records allegedly belonging to Shell were also posted online. The oil giant revealed that a cyberattack had occurred through the compromise of Accellion FTA servers earlier this month.On March 22, the REvil ransomware group published what appears to be financial data from tech giant Acer following a ransomware incident. Acer was subject to a $50 million ransom demand, of which it is not known if anything was paid. The company did not confirm that a ransomware attack occurred but did say that IT “abnormalities” had been discovered.  Update 14.20 BST: The University of Maryland, College Park, said the leaked sample files shared appear to relate to the Baltimore campus, UMB, rather than UMD, as listed. ZDNet has reached out to the universities and we will update when we hear back.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Two years after a mass surveillance system with thousands of facial recognition security cameras was introduced to the streets of Serbian capital Belgrade, concern continues to grow about the impact of the technology.The Huawei-based surveillance system sparked controversy when it was initially introduced in 2019. And now human and digital rights organizations in the country are pushing back and warning about the risks that facial recognition software can bring.

More on privacy

During the summer of 2020, the SHARE Foundation, a Belgrade-based digital rights organization that advocates for data privacy and digital security, launched a website called “Thousands of cameras”, as a space where Serbian citizens could share their concerns over the mass surveillance project. “The total loss of anonymity represents a certain loss of our freedom – the awareness that we are under constant surveillance drastically changes our decisions,” it warns.SEE: Network security policy (TechRepublic Premium)People responded to the initiative and started submitting photos and snaps of the cameras that have already been installed and pinpointing their exact locations.”Such infrastructure would enable mass surveillance of all citizens of Belgrade, having in mind that police already confirmed that they would use ID card databases for identification purposes. This is an enormous power that anyone who has access to this system would gain, and it seems that there are not enough sufficient safeguards to prevent the misuse of such power,” Danilo Krivokapic, director of the SHARE Foundation, told ZDNet.During last year, there were several pivotal moments that have highlighted concerns about the introduction of such systems.

In May 2020, there were mass rallies in Belgrade in support of the Serbian government, organized by the ruling party in Belgrade, as the country was getting ready to for parliamentary elections in June. Serbian President Aleksandar Vucic later gave a statement in which he stated the exact number of people that were present at the rally – 5,790 supporters of the ruling party. This prompted a debate in Serbian as to whether the surveillance system was actually being deployed to monitor and count the number of the people in rallies and protests.The second event came in July 2020, shortly after the elections. The government, which convincingly won the elections, wanted to add stricter measures against the COVID-19 epidemic in the country and to reintroduce lockdowns. Vucic faced protests where the police had to use force in order to disperse the protesters. After this happened, human rights organization Amnesty International warned about “credible reports” of police use of facial recognition cameras in Belgrade to identify protestors. “Amnesty International opposes use of facial recognition technology for mass surveillance, such as at protests and demonstrations. The new technology is still largely unregulated and tends to disproportionately target specific groups of people, it can have a chilling effect on the right to protest,” the organization noted in its report.According to Krivokapic, the initiative that the SHARE Foundation introduced is a part of opposition to the installation and the use of biometric surveillance not only in Serbia, but across Europe as well, as a part of the ReclaimYourFace movement.”It’s clear that deploying biometric mass surveillance on the streets of Belgrade would be unlawful and against the rights to privacy, since it can’t be considered as necessary and proportionate in a democratic society, which is a requirement proposed by both national and international legal framework in this field.” Krivokapic points out. While Serbian authorities have usually kept quiet about the scope of the project, an official document from the Serbian Ministry of Interior showed that the total number of cameras used for the surveillance system is up to 8,100. In addition to the 2,500 cameras on the traffic poles, the police also bought 3,500 mobile cameras, 600 cameras for the police vehicles and 1,500 body cameras, as a part of the police uniforms.Meanwhile, tech companies are rolling out various camera projects elsewhere across Eastern Europe as well – one of them being currently implemented in the Ukrainian capital of Kyiv. Ukrainian authorities are planning to install more than 3,000 cameras on the main roads and highways in Kyiv. SEE: Facial recognition: Don’t use it to snoop on how staff are feeling, says watchdogWhile an analytical facial recognition system has been in place in Kyiv since 2019, data privacy activists have warned about the overall lack of legal clarity when it comes to this type of technology.And much has been discussed about the shortcomings of facial recognition elsewhere across Europe, too. As ZDNet reported earlier, the Council of Europe recently published new guidelines that should be followed by governments and private companies that are considering the deployment of facial recognition technologies. Some of those guidelines include strict parameters and criteria that law enforcement agencies should adhere to when they find it justifiable to use facial recognition tools.”Facial recognition data is, obviously, tied to users’ immutable physical characteristics which some people find intrusive, and there is an additional burden of ensuring compliance with data protection legislation such as GDPR,” Michal Kratochvil, CEO of 2N Telekomunikace, a Czechia-based manufacturer of IP intercom and access-system technology, told ZDNet.And while the debate about the use of facial recognition is ongoing, with some governments and companies opting against it and others embracing it, citizens themselves, as illustrated in the case with Serbia, could also have the final say on how this and similar technologies will be used in the future.  More

More organisations across six Asia-Pacific markets have been breached this past year, with an average 60.83% needing more than a week to remediate these cybersecurity attacks. They cite lack of budget and skills as key challenges, and express frustration over an apparent lack of understanding about how tough it is to manage cybersecurity risks.Some 68% of respondents in a Sophos study said they had been successfully breached this past year, up from 32% in 2019. Amongst those that were breached, 55% said they suffered “very serious” or “serious” data loss, revealed the survey, which was conducted by Tech Research Asia and polled 900 businesses — with at least 150 employees — in Singapore, India, Japan, Malaysia, Australia, and the Philippines. In addition, 17% faced more than 50 cyber attacks each week. In Singapore, for instance, almost 15% had to deal with at least 50 attempted security attacks or mistakes per week. Some 28% in the city-state eventually were successfully breached in the past year, with 33% describing the resulting data loss as very serious or serious. 

Global pandemic opening up can of security worms

Caught by the sudden onslaught of COVID-19, most businesses lacked or had inadequate security systems in place to support remote work and now have to deal with a new reality that includes a much wider attack surface and less secured user devices.

Read More

While Singapore had the least number of respondents that were breached, 75% said they needed at least a week to remediate the cyber attack — the highest across the region. Some 68% of their Australian counterparts admitted to also taking more than a week to remediate cyber attacks, as did 65% in India, 64% in Malaysia, 55% in the Philippines, and 38% in Japan. Japanese organisations, in fact, were able to recover the fastest from a breach, with 62% needing under a week to do so. Across the region, respondents pointed to ransomware, malware, and phishing as the top three security threats. They also cited poorly designed or vulnerable supplier systems as a top risk they expected in 2023, fuelled in part by concerns they might be targeted as a result of third-party vulnerabilities and security and other technology vendors being breached. Some 53% acknowledged they also were ill-prepared for the security requirements brought about by the abrupt need to support remote work amidst the COVID-19 pandemic. In spite of this, 54% had yet to update their cybersecurity strategy in the past year, up by 3% from 2019., 

When asked if they had a team that could detect and manage security threats, just 52% replied positively, up from 50% in 2019. For 75% in Singapore, the pandemic was the biggest driver for their organisation to upgrade their security tools and strategy in the past year. The study further revealed that respondents were most frustrated over assumptions within the organisation that cybersecurity was easy to manage and threats exaggerated. They also were expressed exasperation over the lack of budget to deal and the inability to employ adequate security professionals.Some 59% acknowledged their company’s lack of cybersecurity skills was challenging, with 62% struggling to recruit the necessary skillsets. In addition, 59% said their cybersecurity budget was insufficient. Another 67% said they faced difficulties keeping abreast of the cybersecurity landscape Sophos’ global solutions engineer Aaron Bugal said the “disturbing attitude” that cybersecurity incidents were exaggerated needed to be addressed. “It is confounding that this attitude prevails even when the end of 2020 showed us just how bad a global supply-chain attack could be,” Bugal said. “If that wasn’t enough, the more recent zero-day vulnerabilities in widely deployed email platforms demonstrates the desperate need for unification when it comes to cyber resilience. Everybody needs to play a part, and to play a part, we all need to understand the risk.”RELATED COVERAGE More

Image: Getty Images/iStockphoto
Communications Minister Paul Fletcher said on Tuesday that Australian telcos have blocked over 55 million scam calls since the industry got a new scam call code in December. Under the code, telcos need to block not only calls originating in their networks, but also those transiting the network. Carriers are required to look for characteristics of scam calls, share information with other telcos and regulators, block numbers being used for scams including those from overseas, and take measures to combat number spoofing. “In 2020, Australians lost AU$48 million to scam calls,” Fletcher said. “The Morrison government is serious about tackling scams and it is pleasing to see that more than 55 million scam calls have been blocked as a result of the Reducing Scam Calls Code.” When the code was introduced, ACMA said telcos had blocked over 30 million scam calls in the year prior. Last month, Telstra said it was blocking approximately 6.5 million suspected scam calls a month, at times up to 500,000 a day, thanks to automating the former manual process that sat at around 1 million monthly scam calls. The system that Telstra built in-house forms the third leg of its Cleaner Pipes program. In May, the company kicked off with DNS filtering to fight against botnets, trojans, and other types of malware, and extended to blocking phishing text messages purporting to be from myGov or Centrelink before they hit the phones of customers.

“If you think you are receiving a scam call, our simple advice is: Hang up,” Telstra CEO Andy Penn advised customers. Elsewhere in the scam space, the ACCC said Australian businesses had reported losing more than AU$14 million due to payment redirection or business email compromise scams to Scamwatch, with losses in 2021 set to be five times higher. In a business email compromise scam, the attacker will trick the victim into transferring funds into their account, sometimes by impersonating a legitimate customer or supplier, pretending to be the boss demanding an urgent transfer of funds, or just straight up sending fake invoices. “Scammers tend to target new or junior employees, or even volunteers, as they are less likely to be familiar with their employer’s finance processes or the types of requests to expect from their supervisors,” ACCC deputy chair Delia Rickard said. “We recommend organisations ensure their staff are well trained in the company’s payment processes and remain aware of payment redirection scams.” Rickard added that people should not rush and double-check that an email is legitimate. “Whenever there is a request to change payment details, always check with the organisation using stored contact details, rather than those in the requesting communication,” the deputy chair said. Related Coverage More

This unprecedented boom in attacks can be in part attributed to the COVID-19 pandemic.  
Getty Images/iStockphoto
More data records have been compromised in 2020 alone than in the past 15 years combined, in what is described as a mounting “data breach crisis” in the latest study from analysis firm Canalys. Over the past 12 months, 31 billion data records have been compromised, found Canalys. This is up 171% from the previous year, and constitutes well over half of the 55 billion data records that have been compromised in total since 2005. Cases of ransomware – a specific type of attack that encrypts servers and data to block access to a computer system until a sum of money is paid – have been on the rise, with the number of reported incidents up 60% compared to 2019. 

“Prioritize cybersecurity and invest in broadening protection, detection and response measures or face disaster,” said Canalys chief analyst Matthew Ball.According to Canalys, this unprecedented boom in attacks can be in part attributed to the COVID-19 pandemic, which forced organizations across the world to digitize at pace, without putting enough thought into the new security requirements that come with doing business online. Retailers had to switch to online selling, while the hospitality sector turned to new platforms for home delivery, and manufacturers digitized supply chains to improve the accuracy of production lines. Meanwhile, organizations across the globe switched entire workforces to WFH almost overnight: the number of employees working remotely, in fact, has jumped from 31 million before the pandemic, to just under 500 million. To keep businesses afloat, money was invested in digital technologies and the cloud, to move processes online and adapt to new ways of working. Cybersecurity concerns, however, were all-too-often put on hold, noted Canalys.  

“Organizations had to implement business continuity measures quickly in response to the COVID-19 pandemic or risk going out of business,” reads the report. “These measures were often at the expense of cybersecurity and bypassed longstanding corporate policies, leaving many exposed to exploitation by highly organized and sophisticated threat actors, as well as other more opportunistic hackers. “For many, cybersecurity was an afterthought, as they had to focus primarily on staying in business.” More data records have been compromised in 2020 alone than in the past 15 years combined.  
Image: Canalys
The fast-paced digitization of business, in effect, has opened up many new attack vectors for threat actors to exploit. With employees now accessing company information from many different locations, and more data being stored and processed outside of traditional, office-based IT environments, new security measures are needed.  Yet businesses do not seem to have taken this seriously enough. While investment in cybersecurity did grow by up to 10% compared to the previous year, other priorities took precedence: for example, cloud services grew 33%, while cloud software services grew 20% during the same period. Investment in cybersecurity also compares poorly to the growth of collaboration tools, remote desktops, notebook PCs and even home printing. In other words, the pace of digital transformation was not matched by sufficient safeguarding of networks against cyber threats. A similar observation was recently made by the head of the UK’s national cyber security centre (NCSC) Lindy Cameron, who reiterated that cybersecurity should be viewed with the same importance to CEOs as finance, legal, or any other important department of the company. The fragile digital infrastructure that often underpins healthcare networks is a prime target for attackers.  
Image: Canalys
But although the global health crisis largely contributed to the rise of such attacks, Canalys notes that the trend is not limited to the pandemic. COVID-19 only accelerated a worrying pattern that was already emerging in previous years: in 2019, for instance, the number of compromised data records had already increased by 200% compared to the previous year. Datasets are getting larger, and organizations are collecting increasingly sensitive information about their customers, either as part of their digital transformation process or to personalize products and services. At the same time, threat actors are becoming ever-more successful, for example using automated bots to drive sophisticated attacks. Canalys, as a result, called for business executives to change their mindset from “if” a breach will affect their company to “when”. “Prioritize cybersecurity and invest in broadening protection, detection and response measures or face disaster,” concludes the report. “This is the stark reality for organization in 2021. For many, it is too late.”  More

The official PHP Git server has been compromised in a potential attempt to plant malware in the code base of the PHP project. 

On Sunday, PHP programming language developer and maintainer Nikita Popov said that two malicious commits were added to the php-src repository in both his name and that of PHP creator Rasmus Lerdorf. The malicious commits, which appeared to be signed off under the names of Popov and Lerdorf (1,2), were masked as simple typographical errors that needed to be resolved.  However, instead of escaping detection by appearing so benign, contributors that took a closer look at the “Fix typo” commits noted malicious code that triggered arbitrary code within the useragent HTTP header if a string began with content related to Zerodium. As noted by Bleeping Computer, the code appears to be designed to implant a backdoor and create a scenario in which remote code execution (RCE) may be possible.  Popov said the development team is not sure exactly how the attack took place, but clues indicate that the official git.php.net server was likely compromised, rather than individual Git accounts.  A comment, “REMOVETHIS: sold to zerodium, mid 2017,” was included in the script. There is no indication, however, that the exploit seller has any involvement in the cyberattack. 

Zerodium’s chief executive Chaouki Bekrar labeled the culprit as a “troll,” commenting that “likely, the researcher(s) who found this bug/exploit tried to sell it to many entities but none wanted to buy this crap, so they burned it for fun.” The commits were detected and reverted before they made it downstream or impacted users. An investigation into the security incident is now underway and the team is scouring the repository for any other signs of malicious activity. In the meantime, however, the development team has decided now is the right time to move permanently to GitHub.  “We have decided that maintaining our own git infrastructure is an unnecessary security risk, and that we will discontinue the git.php.net server,” Popov said. “Instead, the repositories on GitHub, which were previously only mirrors, will become canonical. This means that changes should be pushed directly to GitHub rather than to git.php.net.” Developers with previous write access to the project’s repositories will now need to join the PHP group on GitHub. The security incident can be described as a supply-chain attack, in which threat actors will target an open source project, library, or another component that is relied upon by a large user base. By compromising one core target, it may then be possible for malicious code to trickle down to a wide-reaching number of systems.  A recent example is the SolarWinds fiasco, in which the vendor was breached and a malicious update for its Orion software was planted. Once this malware was deployed, tens of thousands of organizations were compromised including Microsoft, FireEye, and Mimecast.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

The US Department of Justice (DoJ) has charged 474 individuals for participating in COVID-19 scams and fraudulent activity. 

To some cybercriminals, the coronavirus pandemic is nothing more than an opportunity for profit. We’ve seen everything from fake COVID ‘treatments’ and protective equipment suppliers touting their goods online to phishing email and text vaccine appointment campaigns, and now, dubious vendors are going so far as to try and sell counterfeit vaccines and proof documents in the underground. Law enforcement worldwide has tried to clamp down on such activities and organizations including the World Health Organization (WHO) are constantly releasing advice on the latest scams. In an update published last week, the DoJ said that 474 defendants to date have been publicly charged “with criminal offenses based on fraud schemes connected to the COVID-19 pandemic.” The US agency says that these alleged criminals are responsible for trying to fraudulently obtain at least $569 million from consumers and the US government itself across 56 federal districts.  Investigations conducted by law enforcement have revealed a variety of scams including operations targeting the US Paycheck Protection Program (PPP), Economic Injury Disaster Loan (EIDL) program, and Unemployment Insurance (UI) scheme, all designed to assist businesses and citizens during the pandemic.  In total, 120 individuals have been charged with PPE fraud, including:Business owners inflating payroll expenses to secure large loansShell company creators with no actual payroll applying for financial helpOrganized criminal gangs submitting carbon-copy applications for loans under the names of different companies

One of the department’s latest COVID-19-related convictions centered around Dinesh Sah, a resident of Coppell, Texas. The 55-year-old pleaded guilty last week for conducting fraud to obtain $24.8 million in PPP loans and laundering the payments.  When it comes to EIDL, designed to provide SMB loans, criminals have also applied for assistance on behalf of non-existent, new, and shell companies.  UI fraud is rife, too, with at least 140 individuals suspected of committing these activities. The DoJ says suspects include “identity thieves to prison inmates” who have conducted identity theft to apply for unemployment benefits. In one case, a defendant from Virginia pleaded guilty to obtaining close to half a million dollars on behalf of individuals ineligible for UI, including those currently incarcerated.  “We will not allow American citizens or the critical benefits programs that have been created to assist them to be preyed upon by those seeking to take advantage of this national emergency,” said Acting Assistant Attorney General Brian Boynton of the DoJ’s Civil Division. “We are proud to work with our law enforcement partners to hold wrongdoers accountable and to safeguard taxpayer funds.”  In other coronavirus news, Facebook has frozen a page belonging to Venezuelan President Nicolás Maduro for repeatedly breaking the social media giant’s rules on COVID-19 misinformation, including the promotion of fake herbal cures for the disease. As a result, the Venezuelan official will be unable to post for 30 days. False coronavirus claims were previously deleted and hidden by Facebook and Twitter after being published by former US President Donald Trump. Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More