Information Technology

Cloud computing services have become a vital tool for most businesses. It’s a trend that has accelerated recently, with cloud-based services such as Zoom, Microsoft 365 and Google Workspace and many others becoming the collaboration and productivity tools of choice for teams working remotely.While cloud quickly became an essential tool, allowing businesses and employees to continue operating from home, embracing the cloud can also bring additional cybersecurity risks, something that is now increasingly clear. Previously, most people connecting to the corporate network would be doing so from their place of work, and thus accessing their accounts, files and company servers from inside the four walls of the office building, protected by enterprise-grade firewalls and other security tools. The expanded use of cloud applications meant that suddenly this wasn’t the case, with users able to access corporate applications, documents and services from anywhere. That has brought the need for new security tools. Cloud computing security threats

ZDNet Recommends

The best cloud storage services

Free and cheap personal and small business cloud storage services are everywhere. But, which one is best for you? Let’s look at the top cloud storage options.

Read More

While positive for remote workers – because it allows them to continue with some semblance of normality – working remotely also presents an opportunity for cyber criminals, who have quickly taken advantage of the switch to remote working to attempt to break into the networks of organisations that have poorly configured cloud security. SEE: IT Data Center Green Energy Policy (TechRepublic Premium)Corporate VPNs and cloud-based application suites have become prime targets for hackers. If not properly secured, all of these can provide cyber criminals with a simple means of accessing corporate networks. All attackers need to do is get hold of a username and password – by stealing them via a phishing email or using brute force attacks to breach simple passwords – and they’re in. 

Because the intruder is using the legitimate login credentials of someone who is already working remotely, it’s harder to detect unauthorised access, especially considering how the shift to remote working has resulted in some people working different hours to what might be considered core business hours. Attacks against cloud applications can be extremely damaging for victims as cyber criminals could be on the network for weeks or months. Sometimes they steal large amounts of sensitive corporate information; sometimes they might use cloud services as an initial entry point to lay the foundations for a ransomware attack that can lead to them both stealing data and deploying ransomware. That’s why it’s important for businesses using cloud applications to have the correct tools and practices in place to make sure that users can safely use cloud services – no matter where they’re working from – while also being able to use them efficiently.Use multi-factor authentication controls on user accountsOne obvious preventative step is to put strong security controls around how users log in to the cloud services in the first place. Whether that’s a virtual private network (VPN), remote desktop protocol (RDP) service or an office application suite, staff should need more than their username and password to use the services.  “One of the things that’s most important about cloud is identity is king. Identity becomes almost your proxy to absolutely everything. All of a sudden, the identity and its role and how you assign that has all of the power,” says Christian Arndt, cybersecurity director at PwC.  Whether it’s software-based, requiring a user to tap an alert on their smartphone, or hardware-based, requiring the user to use a secure USB key on their computer, multi-factor authentication (MFA) provides an effective line of defence against unauthorised attempts at accessing accounts. According to Microsoft, MFA protects against 99.9% of fraudulent sign-in attempts.  Not only does it block unauthorised users from automatically gaining entry to accounts, the notification sent out by the service, which asks the user if they attempted to log in, can act as an alert that someone is trying to gain access to the account. This can be used to warn the company that they could be the target of malicious hackers. Use encryption The ability to easily store or transfer data is one of the key benefits of using cloud applications, but for organisations that want to ensure the security of their data, its processes shouldn’t involve simply uploading data to the cloud and forgetting about it. There’s an extra step that businesses can take to protect any data uploaded to cloud services – encryption. Just as when it’s stored on regular PCs and servers, encrypting the data renders it unreadable, concealing it to unauthorised or malicious users. Some cloud providers automatically provide this service, employing end-to-end protection of data to and from the cloud, as well as inside it, preventing it from being manipulated or stolen.  Apply security patches as swiftly as possible Like other applications, cloud applications can receive software updates as vendors develop and apply fixes to make their products work better. These updates can also contain patches for security vulnerabilities, as just because an application is hosted by a cloud provider, it doesn’t make it invulnerable to security vulnerabilities and cyberattacks. Critical security patches for VPN and RDP applications have been released by vendors in order to fix security vulnerabilities that put organisations at risk of cyberattacks. If these aren’t applied quickly enough, there’s the potential for cyber criminals to abuse these services as an entry point to the network that can be exploited for further cyberattacks. Use tools to know what’s on your networkCompanies are using more and more cloud services – and keeping track of every cloud app or cloud server ever spun up is hard work. But there are many, many instances of corporate data left exposed by poor use of cloud security. A cloud service can be left open and exposed without an organisation even knowing about it. Exposed public cloud storage resources can be discovered by attackers and that can put the whole organisation at risk. 

In these circumstances, it could be useful to employ cloud security posture management (CSPM) tools. These can help organisations identify and remediate potential security issues around misconfiguration and compliance in the cloud, providing a means of reducing the attack surface available to hackers to examine, and helping to keep the cloud infrastructure secure against potential attacks and data breaches. “Cloud security posture management is a technology that evaluates configuration drift in a changing environment, and will alert you if things are somehow out of sync with what your baseline is and that may indicate that there’s something in the system that means more can be exploited for compromise purposes,” says Merritt Maxim, VP and research director at Forrester. SEE: Network security policy (TechRepublic Premium)CSPM is an automated procedure and the use of automated management tools can help security teams stay on top of alerts and developments. Cloud infrastructure can be vast and having to manually comb through the services to find errors and abnormalities would be too much for a human – especially if there are dozens of different cloud services on the network. Automating those processes can, therefore, help keep the cloud environment secure. “You don’t have enough people to manage 100 different tools in the environment that changes everyday, so I would say try to consolidate on platforms that solve a big problem and apply automation,” says TJ Gonen, head of cloud security at Check Point Software, a cybersecurity company. Ensure the separation of administrator and user accountsCloud services can be complex and some members of the IT team will have highly privileged access to the service to help manage the cloud. A compromise of a high-level administrator account could give an attacker extensive control over the network and the ability to perform any action the administrator privileges allow, which could be extremely damaging for the company using cloud services.It’s, therefore, imperative that administrator accounts are secured with tools such as multi-factor authentication and that admin-level privileges are only provided to employees who need them to do their jobs. According to the NCSC, admin-level devices should not be able to directly browse the web or read emails, as these could put the account at risk of being compromised.It’s also important to ensure that regular users who don’t need administrative privileges don’t have them, because – in the event of account compromise – an attacker could quickly exploit this access to gain control of cloud services.Use backups as contingency planBut while cloud services can – and have – provided organisations around the world with benefits, it’s important not to rely on cloud for security entirely. While tools like two-factor authentication and automated alerts can help secure networks, no network is impossible to breach – and that’s especially true if extra security measures haven’t been applied. SEE: Ransomware: Paying up won’t stop you from getting hit again, says cybersecurity chiefThat’s why a good cloud security strategy should also involve storing backups of data and storing it offline, so in the event of an event that makes cloud services unavailable, there’s something there for the company to work with. Use cloud applications that are simple for your employees to useThere’s something else that organisations can do to ensure the security of cloud – and that’s provide their employees with the correct tools in the first place. Cloud application suites can make collaboration easier for everyone, but they also need to be accessible and intuitive to use, or organisations run the risk of employees not wanting to use them.  A business could set up the most secure enterprise cloud suite possible, but if it’s too difficult to use, employees, frustrated with not being able to do their jobs, could turn to public cloud tools instead. This issue could lead to corporate data being stored in personal accounts, creating greater risk of theft, especially if a user doesn’t have two-factor authentication or other controls in place to protect their personal account.  Information being stolen from a personal account could potentially lead to an extensive data breach or wider compromise of the organisation as a whole. Therefore, for a business to ensure it has a secure cloud security strategy, not only should it be using tools like multi-factor authentication, encryption and offline backups to protect data as much as possible, the business must also make sure that all these tools are simple to use to encourage employees to use them correctly and follow best practices for cloud security. MORE ON CYBERSECURITY  More

Microsoft has released a workaround for a privilege elevation flaw that affects all versions of Windows 10 and could give attackers the ability to access data and create new accounts on systems. Microsoft this week confirmed a serious elevation of privilege flaw, tagged as CVE-2021-36934, that could allow a local attacker to run their own code with system privileges. 

While the bug is important, the attacker must have already gained the ability to execute code on the target system in order to exploit the flaw, according to Microsoft. SEE: Network security policy (TechRepublic Premium)The bug affects the Security Accounts Manager (SAM) database in all versions of Windows 10 from version 1809. It may be more urgent to patch or mitigate because details of the flaw are publicly available. The SAM database is a sensitive component of Windows 10 since it is the location for storing user accounts, credentials and domain information. While credentials are hashed in SAM, the flaw gives attackers the opportunity to exfiltrate the hashed credentials and crack them offline.    “An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database,” Microsoft says in an advisory. 

“An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”Per The Record, the flaw was found by Jonas Lyk over the weekend. The issue is being referred to as SeriousSAM. Lyk discovered shadow copies of SAM were available for attackers to exploit while probing a preview of Windows 11, Microsoft’s next version of Windows. SEE: GDPR: Fines increased by 40% last year, and they’re about to get a lot biggerSecurity firm Blumira explains why CVE-2021-36934 is a serious flaw.  “The SYSTEM and SAM credential database files have been updated to include the Read ACL set for all Users for some versions of Windows,” the company notes in a blogpost. “This means that any authenticated user has the capability to extract these cached credentials on the host and use them for offline cracking, or pass-the-hash depending on the environment configuration.”The US CERT coordination center notes several more ways the bug can impact affected Windows 10 machines. An attacker could:Extract and leverage account password hashes.Discover the original Windows installation password.Obtain DPAPI computer keys, which can be used to decrypt all computer private keys.Obtain a computer machine account, which can be used in a silver ticket attack. More

It seems that a delay in Apple pushing out the iPadOS 14.7 update was responsible also for the delayed publication of the security content of both iOS and iPadOS 14.7.But now that iPadOS has been released, we have the full picture… and yes, you need to update, and do it promptly.Must read: Don’t make this common, fatal iPhone or Android mistakeWe already knew that the Wi-Fi bug that could cause denial of service was addressed, but there are over two dozen more bugs fixed in these releases.For example, there are four WebKit bugs, three of which that could cause a malicious webpage to run code.The Measure app — do you even use that app? — has seven vulnerabilities fixed, and there’s also a fix for a Find My bug that may allow a malicious application to access Find My data.This is a pretty big set of bugfixes, on top of the items listed in the release notes:MagSafe Battery Pack‌ supports iPhone 12, iPhone 12 mini, iPhone 12 Pro and iPhone 12 Pro Max.Apple Card‌ Family adds the option to combine credit limits and share one co-owned account with an existing ‌Apple Card‌ user.The home app adds the ability to manage timers on ‌HomePod‌.Air quality information is now available in Weather and Maps for Canada, France, Italy, Netherlands, South Korea, and Spain.The podcasts library allows you to choose to see all shows or only followed shows.Share playlist menu option missing in Apple Music.Dolby Atmos and ‌Apple Music‌ lossless audio playback may unexpectedly stop.The battery service message that may have disappeared after reboot on some iPhone 11 models is restored.Braille displays could show invalid information while composing Mail messages.

To install the update, go to Settings > General > Software Update and download it from there. More

Image: Getty Images
Earlier this year, Australia’s Productivity Commission released an interim report that looked into vulnerable supply chains, focusing on imports. A final report is now sitting with the government and expected to focus on exports.The purpose of the work led by the Productivity Commission is explained as examining the nature and source of risks to the effective functioning of the Australian economy and Australians’ wellbeing associated with disruptions to global supply chains, and to identify any significant vulnerabilities and possible approaches to managing them.”Improvements in technology and trade liberalisation have made it easier and cheaper to source many goods and services from overseas. This has brought benefits from specialisation and economies of scale. It has also lifted the complexity of supply chains — modern supply chains often rely on inputs from across the globe and can consist of thousands of firms,” the report [PDF] said, using the Toyota supply chain as an example, which consists of over 2,100 suppliers.”This intricate web of economic interdependencies means that a supply chain is potentially exposed to the many types of shocks that can affect every business, both in Australia and overseas: Geopolitical (for example, a trade war), environmental (a natural disaster), economic (a financial crisis), societal (a pandemic), and infrastructure-related (cyber attacks).”While the interim report was prepared ahead of the Colonial Pipeline and Kaseya ransomware attacks, and in the same month as when the details of the Microsoft Exchange vulnerabilities emerged, it was compiled with knowledge of many other cyber incidents affecting supply chains but it was still light on the “cyber”.In its submission [PDF] to the Productivity Commission, IBM said cybersecurity should be highlighted as the biggest risk to supply chain productivity. It said, however, part of the challenge was that there is no single, functional definition of supply chain security and mitigating this risk would be a “moving target and mounting challenge”. “Supply chains are increasingly complex global networks comprised of large and growing volumes of third-party partners who need access to data and must provide assurances they can control who sees that data,” it wrote. “Further challenges are introduced by today’s constraints on staff, budgets, rapid unforeseen changes to policy or geopolitics, partner strategies, and the supply and demand mix.”

Big Blue called out the interim report for only making cursory mention of both cyber attacks as an infrastructure-related risk and broader technology implications. The report does mention some technology implications, however, these are limited to the Internet of Things and cyber risk.”This is a significant gap,” it said. “Widespread situational awareness across supply chain elements is needed so that any vulnerabilities are quickly discovered and remediated, and any consequences of exploitation be detected as soon as possible.”Security should not be seen as a separate consideration to any of the technology or infrastructure concerns above, but as overall embedded ‘security by design’ across the supply chain network.”In addition to mentioning IoT, the report also touched on blockchain and artificial intelligence.”Technological advances have made it easier for firms to understand their supply chains. Advances in tracking technologies, data analytics, and machine learning have made it easier to predict where and when disruptions might occur. These advances have also made it easier to access real-time information about disruptions, facilitating a quicker response and recovery,” the report said.One of the risks and costs associated with the use of IoT, the report said, was the increased vulnerability of a chain to cyber attacks. It also said blockchain has applicability in record-keeping, for example to track the origin of goods and establish trust in shared supplier information. For AI, the report noted many companies have used the tech to automate many aspects of supply chain management, including warehouse operations, transport and logistics, and inventory management.IBM would argue the use of AI, blockchain, and adopting cyber resilience centres — such as underway at the Port of Los Angeles, in partnership with IBM — demonstrated a security-by-design approach and ensured that risk management could be a key factor in the supply chain enabled by technology. “It’s critical that this risk management approach considers all elements of the supply chain, so that maturity can rise equally and therefore limit opportunities for adversaries to exploit any link in the chain,” IBM said.Elsewhere in IBM’s submission, it said “infrastructure needs to give greater attention to how emerging technology is mutually exclusive to IT systems”.”With a focus on maintaining supply chain productivity, Australia cannot afford to simply ‘react’ to another ‘black swan’ event (eg, another pandemic). Whilst technology investment is inevitable to drive resilience and transparency, this topic should be considered from two capabilities: Becoming cognitive (adopting a level of AI, blockchain, IoT, and automation maturity); and on the cloud (embracing a combination of public, private, and mainframe modernisation),” it wrote. “Supply chain workflows are ideal to leverage AI, blockchain, IoT, and automation to reach new levels of responsiveness. These workflows challenge siloed processes allowing supply chains to work as a consortium rather than individual partnerships.”RELATED COVERAGE More

Image: Getty Images
The Cyberspace Administration of China (CAC) on Wednesday passed a special action to ban people under the age of 16 from appearing in content within online live-streaming and video platforms.The special action explains that digital platforms will be required to clear various content where minors are involved, which includes gaming, fundraising, violent, and vulgar content. In addition, digital platforms have been called to investigate cyberbullying and violent behaviours that reside within their communities, forums, or groups. The special action was made in response to soft pornographic images of children appearing on various digital platforms, such as Kuaishou, Tencent QQ, Taobao, Sina Weibo, and Xiaohongshu, the CAC said.All of these platforms have been fined for displaying the content, while also being ordered to remove flagged content and ban accounts that show this type of content.According to the CAC, the flagged content was used as part of efforts to garner traffic and views.The CAC added that moving forward it would take a “zero tolerance” approach towards enforcing these new rules, with the internet regulator saying companies would need to more carefully monitor the content present on their digital platforms.The crackdown on inappropriate content involving minors comes shortly after the government publicly made known it was ramping up scrutiny against local tech giants.

At the start of this month, China’s State Council issued a statement indicating it would crack down on the corporate sector across a range of areas, spanning from anti-trust to cybersecurity to fintech.A day prior to that statement being made, Didi was removed from Chinese app stores following an order from the government to do so, with CAC releasing a statement that it had put Didi under a cybersecurity review to “prevent national data security risks” and safeguard public interest.Beyond Didi, other Chinese tech giants like Alibaba and Tencent have come under government scrutiny in recent months, with Alibaba being hit with a record 18.2 billion yuan fine. 33 other mobile apps have also been called out by Beijing for collecting more user data than deemed necessary when offering services.RELATED COVERAGE More

Just when Narendra Modi’s Hindu nationalist government is trying to recover from widespread international and local condemnation for its culpability in India’s COVID apocalypse, it is now being derided for what some are calling India’s Watergate.A powerful surveillance tool called Pegasus, made by Israeli firm NSO and licensed only to governments, was allegedly used in India to snoop on mobile phones of up to 1,000 people over the past six years, according to a groundbreaking global collaborative investigation by a consortium called the Pegasus Project.The Project comprised more than 80 journalists working for 17 media organisations around the world, including the Guardian, India’s The Wire and the Washington Post.Indian targets were people from a variety of professions, including journalists, political opponents, or critics of Modi’s policies.Opposition party leader Rajiv Gandhi was reportedly selected twice for surveillance. So was ace political strategist Prashant Kishor, who helped Modi win the 2016 election but has since become a critic of the politician. Kishore recently engineered a stunning defeat of Modi and the BJP in the West Bengal state elections, but little did he know at the time that his phone had been hacked up to the day it was examined for breaches, according to the report.Social justice and labour activists who have pushed back against what they see are anti-democratic and regressive laws over the last few years were also reportedly targeted by the surveillance tool, along with Tibetan Buddhist clerics, and the head of the Bill and Melinda Gates Foundation. All up, around 1,000 numbers were apparently listed for surveillance but the investigation could not provide a precise figure unless devices were examined.

The Indian government has strongly rejected the report.”The allegations regarding government surveillance on specific people have no concrete basis or truth associated with it whatsoever,” India’s ministry of electronics and information technology said in a statement. “Any interception, monitoring, or decryption of any information through any computer resource is done as per due process of law.”NSO Group, the maker of Pegasus, has also strongly denied any involvement and said that “NSO Group will continue to investigate all credible claims of misuse and take appropriate action based on the results of these investigations”.WHAT IS PEGASUS?In Greek mythology, Pegasus is known for being a white-winged horse, but these days the Israeli spyware of the same name could now be the more well known of the two.The spyware allows customers to hack into mobile phones and peek into messages, camera feeds, and microphones — in other words a person’s entire life. The developer of the tech NSO says it flogs the software to governments as a tool to fight terrorism and crime.It isn’t clear how many of the thousand or so numbers selected for surveillance in India were actually snooped upon.However, the Washington Post reported that a sampling of 22 smartphones in India for evidence of hacking through forensic analysis revealed that 10 had been successfully infected with Pegasus.Eight of the remaining 12 phones tested as inconclusive but were all Android phones, which apparently do not log the information required to detect the intrusion.All-in-all, 50,000 such phone numbers around the world belonging to politicians, judges, lawyers, teachers and others have apparently been tapped by various governments.Currently, this ignominious club includes the governments of Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Hungary, the United Arab Emirates, and India.The bank of 50,000 numbers around the world was first accessed by the nonprofit journalism organisation Forbidden Stories and Amnesty International before they both later roped in media organisations to be part of the Pegasus project.Forbidden Stories coordinated the investigation while and Amnesty’s International’s Security Lab spearheaded the forensic analyses.While the Indian government has strongly refuted the report, observers have pointed out that any plans to snoop on citizens have to be approved by senior officials at the Home Ministry, which means they do not require judicial oversight to go ahead.RELATED COVERAGE More

For years it has pushed an ambitious plan to lead the global stage with its unabashed adoption of technology, but Singapore now appears to have forgotten its smart nation roots amidst a current COVID-19 outbreak. In managing the spread, the government could have leveraged the strides it made in using data and technology–instead, it has chosen simply to revert to tighter restrictions that may erode public confidence and have long-term impact on local businesses.  Just weeks before, Singapore had championed its vision of an “endemic norm” where COVID-19 could be managed as a less threatening disease much like influenza or chickenpox.  “The bad news is that COVID-19 may never go away. The good news is that it is possible to live normally with it in our midst,” the country’s COVID-19 taskforce, comprising its health, finance, and trade ministers, wrote in an opinion piece published June 24 by local daily The Straits Times.

The team laid out a roadmap to get the nation towards this “new norm”, which centred on vaccination, testing, treatment, and social responsibility.  “History has shown that every pandemic will run its course,” the ministers persuaded. “We must harness all our energy, resources and creativity to transit as quickly as we can to the desired end-state. Science and human ingenuity will eventually prevail over COVID-19.” However, it seems the virus continues to prevail as Singapore on July 22 reverts to restrictions from which it had just emerged a month ago, with F&B dine-in barred and social gatherings limited to two. Only days earlier, the government had said it would allow dine-in to continue for up to two in a group or five if everyone in the group were vaccinated.  The latest lockdown came as two large clusters surfaced in the local community, pushing daily infections from single-digit figures less than two weeks ago to 182 on July 20 and 179 on July 21. 

Health Minister Ong Ye Kung last week said hospital capacity, specifically intensive care units (ICUs), was a key consideration in deciding Singapore’s safety measures. If capacity was under pressure, measures would need to “tighten up” so capacity could be preserved and hospitals could function properly, Ong said.  However, even with the spike in daily cases, the number of ICU patients had remained at one and patients needing oxygen supplementation also stagnant at five for the past five days.  According to Ong, Singapore has an ICU capacity of some 1,000 beds for COVID-19 cases, which clearly is far from being under pressure at the current numbers. The country also is on track to have two-thirds of the population fully vaccinated by August 9, up from 49% that currently are vaccinated or more than 2.7 million people. To date, more than 6.8 million doses of the COVID-19 vaccine have been administered.As further indication we’re in a better shape today than we were 18 months ago, people I speak with today are less concerned about falling critically ill from catching COVID-19 than they are about the inconvenience of having to quarantine if they come in close contact with an infected individual.So it’s baffling why the government has deemed it necessary to reinstate restrictions now, so prematurely, and so soon after it preached the need for its population to accept living with a new endemic norm. The knee-jerk reaction suggests a sense of panic and risks eroding public confidence that this vision of a new norm can actualise. Technology can facilitate new endemic norm   More importantly, there are opportunities here for Singapore to better leverage its aggressive adoption of technology, especially in the past 18 months since the start of the pandemic.   For one, it had invested significant efforts in developing and pushing the rollout of TraceTogether, its COVID-19 contact tracing platform. The adoption rate of the app and token has hit more than 90% of the local population.  It is widely used alongside SafeEntry, a digital checkin tool that collects visitors’ personal data when they enter venues such as supermarkets, restaurants, shopping malls, and workplaces. 

Singapore wants widespread AI use in smart nation drive

With the launch of its national artificial intelligence (AI) strategy, alongside a slew of initiatives, the Singapore government aims to fuel AI adoption to generate economic value and provide a global platform on which to develop and testbed AI applications.

Read More

This can be integrated in the backend with HealthHub, a healthcare portal and mobile app that enables citizens to manage and view their medical information, including their vaccination status.  Together, they could be used to facilitate, for instance, a mandate to provide entry only to vaccinated individuals at these locations and all other venues, such as hawker centres and food courts, the government identifies as essential in containing any potential outbreak.  An integrated TraceTogether, SafeEntry, and HealthHub system should be set up to automatically pull only the visitor’s vaccination status, so any data security risks can be mitigated and privacy concerns quelled. When the individual’s vaccinated status is verified, the reader automatically beeps green, and the visitor is cleared to enter the venue.  This will ease the burden of business owners and venue operators to manually check every visitor’s vaccination status and minimise human error in carrying out such checks.  Above all, mandating vaccinated-only entry will encourage recalcitrant individuals to get their shots and compel them to also exercise social responsibility along with the rest of the local population. In particular, the COVID-19 ministerial taskforce has highlighted the urgent need to push vaccination rates of elderly folks, of whom some 200,000 above 60 years remain unvaccinated. The health ministry also has collected at least a year’s worth of data on COVID-19 cases and there is a corresponding timeline worth of contact tracing data, thanks to the early rollout of TraceTogether. Here, machine learning and artificial intelligence (AI) can be applied against geosocial data, so vulnerable groups such as the elderly can be quickly identified in emerging clusters and isolated. AI-powered forecasts can further help with healthcare resource management. In the UK, for instance, the NHS in February began trials of a machine-learning system to anticipate demand for equipment such as ICU beds and ventilators triggered by COVID-19. Singapore already has earmarked AI as a critical technology that can create economic value and enhance citizen lives, investing significant resources in driving its development and adoption here. Hence, it shouldn’t be a far reach to leverage this in its COVID-19 efforts.  Given enough thought, I’m pretty sure there are several other ways technology can be better used to help Singapore navigate its way towards a new endemic norm. Ways that may prove more effective than simply rolling in and out restrictions whenever a cluster deemed big enough emerges.  As it is, businesses have shuttered and others struggle to cope with the disruptions. Small F&B businesses, in particular well-loved hawkers, that are passed down over generations also risk folding under the COVID-19 curbs, taking with them decades-old recipes and heritage.  There is a clear case study to be learnt here for business leaders. It is pointless having a strong vision and policy roadmap if you lack the gumption and stamina to see it through. And when there’s panic at the top, it can trickle down to the rest of the organisation. It also suggests a lack of resilience and resolve amongst the leadership team, who really should be navigating the ship with conviction, rather than the lack of.  Ironically, Singapore last September retained its pole position for the second year in a global smart city index, thanks partly to its use of technology in combating the COVID-19 pandemic. The IMD-SUTD Smart City Index, which is a collaboration between IMD and Singapore University of Technology and Design (SUTD), defines a smart city as “an urban setting that applies technology to enhance the benefits and diminish the shortcomings of urbanisation for its citizens”. Can it continue to do so as it attempts to shift towards a new endemic norm? With its smart nation strides, Singapore is in a good position to do so–if it harnesses all its “energy, resources, and creativity” so “science and human ingenuity” will eventually prevail. RELATED COVERAGE More

The Justice Department announced that 22-year-old Joseph O’Connor has been arrested by Spanish National Police in Estepona, Spain after he was indicted for allegedly hacking into Twitter and taking over prominent accounts like those owned by President Joe Biden and former President Barack Obama. O’Connor was charged in the US District Court for the Northern District of California with three counts of conspiracy to intentionally access a computer without authorization and obtaining information from a protected computer, along with six other counts. O’Connor is also facing charges for cyberstalking a juvenile victim and for his involvement in an effort to take over TikTok and Snapchat user accounts.According to a lengthy report released by the New York State Department of Financial Services in October, O’Connor and at least three others pretended to work for Twitter’s Information Technology department in July 2020. The hackers called employees purporting to be part of the IT team addressing VPN issues “and then persuaded employees to enter their credentials into a website designed to look identical to the real VPN login website.”From there, the hackers gained access to Twitter’s backend and used prominent accounts of politicians and celebrities to trick people into sending them Bitcoin. “I am giving back to the community,” the messages said before providing a link. In addition to Obama and Biden, the hackers also took over the accounts of Benjamin Netanyahu, Warren Buffet, Bill Gates, Elon Musk, Michael Bloomberg, Kim Kardashian and Kanye West. 

Twitter shut down all of the accounts once the scam tweets were sent out.The hackers only ended up stealing about $118,000 worth of Bitcoin and were only able to access the direct messages of about 30 of the accounts they stole, according to the report. The DOJ said it worked with the FBI, Secret Service and IRS-Criminal Investigation Cyber Unit on the case as well as the The UK’s National Crime Agency.Graham Ivan Clark, a Florida 17-year-old, pleaded guilty to a raft of charges related to the hack and was given a three-year prison sentence.In addition to O’Connor and Clark, UK national Mason Sheppard is also facing charges along with Florida resident Nima Fazeli. Twitter has faced significant backlash from regulators concerned about how easy it was for four people — two of whom were teenagers at the time — to gain access to the accounts of some of the world’s most powerful people. “The fact that Twitter was vulnerable to an unsophisticated attack shows that self-regulation is not the answer,” New York state official Linda Lacewell in a statement.  More