Information Technology

Google has removed 15 of 21 Android applications from the official Play Store over the weekend following a report from Czech antivirus maker Avast.
The security firm said the apps were infected with a type of malware known as HiddenAds.
Discovered in 2019, this Android adware strain operates by showing excessive and intrusive ads and by opening mobile browsers on ad-heavy or promotional pages.
In a report published today, Avast malware analyst Jakub Vávra said the apps mimicked popular games, and the criminal group behind this operation relied on social media ads and marketing to draw users to their Play Store pages.
Once users installed any of these apps, the HiddenAds malware would hide the app’s icon (to make it difficult for users to delete the app in the future) and then start bombarding users with ads.
The names and Play Store URLs of all the 21 apps are available in this spreadsheet.

Six of the 21 apps are still available on the Play Store at the time of writing, such as: Shoot Them, Helicopter Shoot, Find 5 Differences – 2020 NEW, Rotate Shape, Cover art Find the Differences – Puzzle Game, and Money Destroyer.
Avast said the apps were downloaded by more than seven million users before it filed its report with Google last week.
Vávra said that it’s easy to fall for these apps and install one on your phone, but there are some patterns and giveaways that can help users identify possibly malicious apps.
“Users need to be vigilant when downloading applications to their phones and are advised to check the applications’ profile, reviews and to be mindful of extensive device permission requests,” Vávra said.
Furthermore, since many of these apps (games) are geared toward kids and usually advertised on social media networks, the Avast malware analyst also encouraged parents to speak and teach their kids about malware and online safety.
Today’s Avast report is just the latest in a long list of Google enforcements against malware operators who manage to sneak their malware past the Play Store’s defenses.
In recent months, Google has also removed 17 Android apps caught engaging in WAP billing fraud, then another 64, then three more, then 56 more apps part of an ad fraud botnet, then 240+ apps that showed out-of-context ads, then another 38 apps that also showed out-of-context ads, and finally, Google deactivated the accounts of six developers for uploading apps tainted with the Cerberus banking trojan. More

Image: Michael Bourgault
More than 100 smart irrigation systems were left exposed online without a password last month, allowing anyone to access and tamper with water irrigation programs for crops, tree plantations, cities, and building complexes.
The exposed irrigation systems were discovered by Security Joes, a small boutique security firm based in Israel.
All were running ICC PRO, a top-shelf smart irrigation system designed by Motorola for use with agricultural, turf, and landscape management.
Security Joes co-founder Ido Naor told ZDNet last month that companies and city officials had installed ICC PRO systems without changing default factory settings, which don’t include a password for the default account.
Naor says the systems could be easily identified online with the help of IoT search engines like Shodan.
Once attackers locate an internet-accessible ICC PRO system, Naor says all they have to do is type in the default admin username and press Enter to access a smart irrigation control panel.
Here, Naor says attackers can pause or stop watering events, change settings, control the water quantity and pressure delivered to pumps, or lock irrigation systems by deleting users.

More than 100 ICC PRO irrigation systems were left exposed online without a password last month when Naor first spotted this issue.
The security researcher said that more than half of the exposed systems were located across Israel, with the rest being spread across the entire globe.
Naor notified CERT Israel last month, which then contacted the affected companies, the vendor (Motorola), and also shared the findings with other CERT teams in other countries.
The exposure started getting better last week. Naor credited Motorola with this development after the company sent a letter to customers about the dangers of leaving irrigation systems exposed online.
As a result of these notifications, the number of internet-accessible ICC PRO instances started going down to 94 last week and to 78 today, as companies started putting their irrigation systems behind firewalls or on private networks.
However, while the situation improved, a large chunk of the systems that are still exposed online today still don’t have a password set up for the default account.
Not related to the April cyberattacks
Naor’s findings come after earlier this year the Israeli government said that Iranian hackers breached water management systems across Israel and tried to alter water levels. Luckily, the breached systems managed only agricultural pumps, most likely linked to irrigation systems.
Following these intrusions, the Israeli cyber-security agency INCD sent out a nationwide alert asking water supply and water treatment facilities to change passwords for their web-based management systems.
Naor said the irrigation systems he discovered last month were not linked to this April’s incidents.
“These systems were found by our monitoring rules that search for open administrative panels in Israel,” Naor told ZDNet.
“Security Joes are constantly on the lookout for emerging threats, trying to be one step ahead of the attackers. One of our missions is to search for administrative interfaces in-the-wild to ensure their resilience to drive-by attackers. We urge organizations and security firms to do the same,” he added.
A 2018 research paperA 2018 research paper, authored by an Israeli research team, argued that water irrigation systems could be targeted with botnet-like coordinated attacks to create water shortages in a certain area by emptying water reserves. More

“If they don’t listen to us, do they deserve it?” is the question being asked in a new study exploring modern attitudes surrounding the legitimacy of cybercriminal activities. 
Today, the breadth and scope of cyberattacks are vast. Unsecured cloud servers and data theft has created a lucrative trade in carding forums, identity theft and online fraud are rampant; the mass sale of PII dumps is common; ransomware attacks on hospitals cause patient deaths, attacks launched against utilities prompt city-wide blackouts, and state-sponsored groups covertly conduct cyberespionage for political or financial gain.
Often, cyberattack attribution can be difficult — but not always. So-called hacktivists, for example, may claim responsibility for website defacement and other kinds of attacks for political, religious, or social purposes. 
TechRepublic: New York financial watchdog calls for social media cybersecurity regulator after Twitter hack of Biden and Obama accounts
Over the past decade, hacktivism became commonly associated with the Anonymous collective and LulzSec offshoot, which opportunistically aligned with various social campaigns over the years, extending protests from the sidewalk to the digital realm. 
Website defacement, distributed denial-of-service (DDoS) attacks, and doxxing are common trajectories for these groups — with members often anonymous and based worldwide — and as using tools for these purposes became easily accessible and cheap, everyone from a black hat to a script kiddie could take advantage. 
It is important to note, however, that the general public can become collateral damage in such attacks if their online accounts or data is compromised.
Despite 2020 — and the overall year it has been — hacktivism incidents, on the whole, appear to have waned. However, as shown when Anonymous’ social media accounts suddenly gained millions of new followers during the Black Lives Matter protests sparked by the death of George Floyd, there may still be an undercurrent of support for such activities when social injustice is felt — or the belief that voices are being ignored. 
In a research paper, “If they don’t listen to us, they deserve it”: The effect of external efficacy and anger on the perceived legitimacy of hacking,” published September 30 in the academic journal Group Processes & Intergroup Relations, researchers have examined how disappointment in social systems could change how we view, and whether or not we would support, hacktivism. 
University of Kent academics Maria Heering, Giovanni Travaglino, Dominic Abrams, and Emily Goldsack conducted two studies in which participants were presented with “unfair” grading practices and the exploitation of their work in university and online platform settings.
They were then told that upper management was either willing or unwilling to investigate their complaint. 
See also: SEC issues Kik $5 million penalty over illegal cryptocurrency offering
In the next part of the study, participants were told that the authority’s website had been defaced and access was disrupted over the course of several days. 
Including responses from 259 undergraduates and 225 non-students, respectively, the studies build upon a “social banditry” framework proposed by Travaglino in 2017, in which “despite acting illegally,” the activities of ‘bandits’ that gave “otherwise voiceless masses with an opportunity to express their grievances” could secure the support of community members. 
When an authority was considered unresponsive and their complaints were not taken seriously, participants reported anger — and the perception of the legitimacy of the hacktivists’ attacks increased, making them “more likely to legitimize the hackers’ disruptive actions as a way to manifest their own anger against the organization.”
“Support for hackers is a key expression of vicarious dissent because hackers’ actions are highly visible and public, require expertise that laypeople do not generally have, and often (but not exclusively) may be aimed at government agencies, corporations and other powerful entities,” the paper reads. 
In other words, it may be that members of the general public that feel ignored and powerless in an unjust situation may be more inclined to support today’s digital Robin Hood figures — no matter other potential consequences, such as data loss or theft, operational disruption, business cost, or whether or not the criminal actions force an authority to rethink their position.
CNET: Voting by text or tweet isn’t a thing. Don’t be fooled
The team says that in the future, it may also be worth exploring how such ‘bandits’ may lose support, such as if their actions are seen as “selfish” rather than “getting back” at authority.
“While this study explored individuals’ feelings of anger, there is certainly more to be explored in this research area,” Heering commented. “For example, there might be important differences between the psychological determinations of individuals’ support for humorous, relatively harmless forms of hacking, and more serious and dangerous ones.”
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

A highly sophisticated botnet is believed to have infected hundreds of thousands of websites by attacking their underlying content management system (CMS) platforms.

Named KashmirBlack, the botnet started operating in November 2019.
Security researchers from Imperva —who analyzed the botnet last week in a two-part series— said the botnet’s primary purpose appears to be to infect websites and then use their servers for cryptocurrency mining, redirecting a site’s legitimate traffic to spam pages, and to a lesser degree, showing web defacements.
Imperva said the botnet started out small, but after months of constant growth, it has evolved into a sophisticated behemoth capable of attacking thousands of sites per day.
The biggest changes occurred in May this year when the botnet increased both its command-and-control (C&C) infrastructure, but also its exploit arsenal.
Nowadays, KashmirBlack is “managed by one C&C (Command and Control) server and uses more than 60 – mostly innocent surrogate – servers as part of its infrastructure,” Imperva said.
“[The botnet] handles hundreds of bots, each communicating with the C&C to receive new targets, perform brute force attacks, install backdoors, and expand the size of the botnet.”

Image: Imperva
KashmirBlack expands by scanning the internet for sites using outdated software and then using exploits for known vulnerabilities to infect the site and its underlying server.
Some of the hacked servers are then used for spam or crypto-mining, but also to attack other sites and keep the botnet alive.
Since November 2019, Imperva says it has seen the botnet abuse 16 vulnerabilities:
The exploits listed above allowed KashmirBlack operators to attack sites running CMS platforms like WordPress, Joomla!, PrestaShop, Magneto, Drupal, vBulletin, osCommerce, OpenCart, and Yeager.
Some exploits attacked the CMS itself, while others attacked some of their inner components and libraries.
“During our research we witnessed its evolution from a medium-volume botnet with basic abilities to a massive infrastructure that is here to stay,” Imperva researchers said on Friday.
Based on multiple clues it found, Imperva researchers said they believed the botnet was the work of a hacker named Exect1337, a member of the Indonesian hacker crew PhantomGhost. More

Come December, NSW Police will formally kick off the modernisation project of its mainframe, after operating with the same core system for the last 24 years.
The project will see NSW Police, together with Unisys and Mark43, replace the force’s central database, which is used for everyday operations, including logging criminal incidents to intelligence gathering, and pressing charges, which will have a new integrated policing operation system (IPOS).
“After more than 20 years of trying to do something with the mainframe, I’m hoping we’ll finally crack it with IPOS, a born-in-the-cloud policing platform that will do the things that police need and deserve, in terms of a mobile-first digital platform,” NSW Police chief information and technology officer Gordon Dunsford told ZDNet.
Expected to take five years to complete, the IPOS project will be carried out in three phases.
The first phase — anticipated to take 18 months to finish — will see the delivery of new computer-aided dispatch (CAD) system, which would house everything from triple zero calls to crime reporting, as well as forensic management that will enable police to process DNA samples in real-time, instead of having to send them off to a lab.
Other modules that will be revamped as part of IPOS include investigation management, evidence and forensic data management, charge and custody management, and case management.
“It’s a marathon with lots of little sprints,” Dunsford said.
He added that one of the other key components in delivering the IPOS project would see NSW Police integrate with other law enforcement agencies and their systems, which will be possible through the organisation’s partnership with Mulesoft.
“For us going into IPOS sets us up for our future … we’re integrating in real-time with a lot of federal systems, a lot of other jurisdictions, right through to Interpol … from a technology perspective, so the integration platform for us is absolutely what we need, and it will take us into the future and beyond,” Dunsford said.
While delivering IPOS would be, as Dunsford has put it, the piece de resistance, there are other projects running alongside it.
This includes continuing the rollout of the NSW Police firearms registry to all firearm dealers across NSW, which began in August. Built using Salesforce, the platform has been designed to provide police and firearm dealers access to real-time information about firearms that are being bought, sold, and traded across borders.
“This will keep the community safer and help avoid incidents where people are getting firearms when they shouldn’t,” Dunsford said. 
Read: Cops are getting full URLs under Australia’s data retention scheme  
Additionally, the police force is also undergoing a cybersecurity transformation, which is being funded as part of the AU$240 million the NSW government set aside to bolster its cybersecurity capabilities.
“When I started, we didn’t really have a strong cyber capability,” Dunsford said. “We had firewalls and did all that very basic 1980s thing of putting firewalls all round the place. But putting a firewall ring around the organisation is not good enough in this world … [especially as] police is a target when it comes to cybersecurity people … because they want the joy of being able to break into a law enforcement organisation.”
NSW Police also recently went to market for its “integrated” connected officer program, which Dunsford described it as being “more or less an IoT project” that will involve replacing the frontline’s existing glocks, body-worn videos, tasers, and the technology in their cars.
As part of this project so far, two concept cars have been created and will shortly be field tested, Dunsford said. Each have been designed to create a “consumer feel” and features an in-car screen integrated with applications to enable computer dispatch, radio, messaging, automatic number plate recognition, light mode controls, and voice control.
The concept car also features nano-sat capabilities underpinned by work carried out in partnership with Starlink. 
“We’re starting to work with them on providing high-speed broadband to every police vehicle, and from there we can use it as a mini data centre … that sits on a vehicles’ CAN bus (controller area network), which is essentially the in-car technology we write or put applications onto,” Dunsford explained.
Dunsford said with all these projects going on, the organisation is starting to look a lot different — and for the better — than when he started with the force nearly three years ago.
He noted that the aim of the digital overhaul has been to shift the force from being focused on responding to crimes to preventing and disrupting crime. “The idea is to support police, and enable them to do their jobs not only smarter and faster but get outcomes for victims and prevent crimes,” Dunsford said.
He pointed out, for instance, since introducing an artificial intelligence-based video analytics platform NSW Police have been able to speed up their investigations, such as in the case against Mert Nay, who allegedly murdered one woman and stabbed another last August in Sydney.
“A homicide strike force was set up and they collected 14,000 pieces of CCTV. They would normally have had to go into a little dark room and then catalogue every little piece of that CCTV by the second to say, ‘Here he was on George Street after he committed the alleged murder before he ran up and down the street, and eventually, some civilians and firies got a milk crate over his head, and arrested him’.
“That normally would’ve taken detective months to go through … [but] using our insights platform, they were able to load the 14,000 pieces of CCTV and dashcam footage and do it in five hours.”
See also: How Victoria Police handled the Bourke Street incident on social media (TechRepublic)
At the same time, police officers no longer need to handle paper-based workflows and processes, following the digitisation of 200 disparate policing assets onto a single ServiceNow cloud-hosted platform called BluePortal.
“We’ve done that so [police] can order PolAir, dog squad, forensics, you name it, you bring them all to an event that a commander wants to run,” Dunsford continued. “For example, if you want to kick the door of a drug house, do a risk assessment, and spit out the operational orders, you can do that all on the Blue Portal platform.”
A similar experience has also been created for citizens on the NSW Police Community Portal. They can now use it to report a crime.
“All but extremely heinous types of crimes are put digitally now through our completely re-engineered designed and modernised community portal. You can now go on there and say, ‘I’ve been assaulted’. You can do that online on your mobile phone platform anywhere any time,” Dunsford said.
Related Coverage More

Even during COVID-19 times, Vietnam’s GDP growth has been remarkable. After several years of sitting at around 7%, it only dropped to 2.8% this year.
The nation also has a bold investment plan and a growing cybersecurity community.
But it also has strict rules such as a controversial cybersecurity law that targets “anti-state” content. It’s also the target of cyber attacks from nations such as China.

More Asian SMB focus on security More

In 2018, Singapore suffered its worst ever data breach when inadequate cybersecurity at SingHealth saw a quarter of the population’s medical records stolen.
The subsequent official review recommended remedies that should already be basic security policies.
Two years after the SingHealth hack, Singapore’s cybersecurity is being improved by everything from the fintech-oriented @-Wise Cybersecurity Centre of Excellence to mandatory standards for home routers.

More Asian SMB focus on security More

Image: US State Department
The US Department of State announced on Friday that it signed four more European nations to 5G security statements.
The Slovak Republic, Bulgaria, and North Macedonia all made a joint declaration with the United States, while Kosovo signed a memorandum of understanding. The text of all four were very similar.
“To promote a vibrant and robust 5G ecosystem, the Slovak Republic and the United States believe that a rigorous evaluation of suppliers and supply chains should take into account the rule of law; the security environment; ethical supplier practices; and a supplier’s compliance with security standards and best practices,” one of the declarations read.
The declarations fall under Washington’s Clean Network program announced in August to cover carriers, app stores, cloud computing, and subsea cables.
“Huawei, an arm of the PRC surveillance state, is trading on the innovations and reputations of leading US and foreign companies,” United States Secretary of State Mike Pompeo said at the time.
“These companies should remove their apps from Huawei’s app store to ensure they are not partnering with a human rights abuser.”
Since that time, the US has claimed that much of Europe — whether by government bans or major telcos choosing to not use equipment from Huawei or ZTE — have joined of its Clean Network program.
Also on Friday, Huawei announced its third-quarter results, which saw revenue increase almost 10% to 671 billion yuan, with its net margin sitting at 8%. At the same time last year, the company reported revenue grew 24% to 611 billion yuan, with the net margin being 8.7%.
“Throughout the first three quarters of 2020, Huawei’s business results basically met expectations,” the company said.
“As the world grapples with COVID-19, Huawei’s global supply chain is being put under intense pressure and its production and operations face significant challenges. The company continues to do its best to find solutions, survive and forge forward, and fulfill its obligations to customers and suppliers.”
Earlier last week, the Saudi Data and AI Authority (SDAIA) signed a partnership with Huawei to create a National AI Capability Development Program in the Arabian kingdom.
“Through the National AI Capability Development Program and our cooperation with Huawei, Saudi Arabia can not only continue acquiring the most cutting-edge technologies, but also learn from successful experiences internationally in adopting best practices,” CEO of the National Center for Artificial Intelligence at SDAIA Dr Majid Altuwaijri said.
SDAIA also signed a smart city agreement with Alibaba Cloud.
“Alibaba Cloud’s AI platform will empower KSA cities to intelligently manage city services and to create new smart solutions that will make them more resilient and responsive to the needs of the citizens,” SDAIA said.
Related Coverage
Huawei Mate 40 series: Flagship phones with limited appeal outside China
Huawei has launched an impressive-looking range of high-end Mate-series smartphones. But the US technology ban continues to cast a long shadow over the Chinese company’s operations.
Not in America? Forget about a mmwave 5G handset this year
Remember the bad old days of needing to scan phone specifications to note supported spectrum bands? They’re back.
Sweden bans Huawei and ZTE equipment from 5G rollout
The decision comes a few weeks ahead of the country’s 5G auction.
5G is no reason to buy the iPhone 12 – or any phone
Sorry, but 5G will not be giving your new iPhone, or any other 5G capable smartphone, super Gigabit speed almost anywhere. More