Information Technology

Almost two-thirds of information security professionals believe that cyberwarfare is a threat to their organisation as nation-state-backed cyberattacks become more common and larger in scale – and the concerns are even higher for chief information security officers, with almost three-quarters considering cyberwar a threat to their organisations.
But there’s still a significant proportion who don’t believe that cyberwarfare is a threat to their businesses and over a quarter of companies don’t have any strategy for how to protect themselves from cyberattacks launched using tools developed by nation states.

More on privacy

The attitudes of thousands of information security professionals have been detailed in Bitdefender’s global 10 in 10 Study, which set out what the security industry thinks about the challenges that businesses are facing – and a significant number of professionals believe cyberwarfare represents an imminent threat.
“Dependency on technology is at an all-time high and if someone were to take out the internet connection at home or at the office, no one would be able to get anything done. And with that in mind, that’s why CIOs believe cyberwarfare is a threat to their organisations,” said Liviu Arsene, global cybersecurity researcher at Bitdefender.
SEE: Cybersecurity: Let’s get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic) 
Security professionals polled in the research said the consequences of falling victim to an attack launched as part of a cyberwarfare campaign that worried them ranged from loss of information or loss of reputation, to business interruptions, fines and job losses.
And in the majority of cases, it’s likely that the organisations that fall victim to cyberattacks conduced by nation states might not even be the intended targets at all.
For example, the NotPetya cyberattack shut down networks around the world after doing billions of dollars of damage in an attack that was mostly likely launched by the Russian military intelligence and that spiralled out of control. The intended target was in Ukraine, but the interconnected nature of the web meant that the malware caused damage far beyond what was intended.
“Cyberwarfare is interesting because unlike kinetic weaponry — which is used in traditional warfare — it hasn’t become more precise. It’s actually become harder to put boundaries around and to control,” said Dr Jessica Barker, socio-technical lead at Cygenta and chair of ClubCISO.
“Something that is born of a nation-state attack can then morph and be used in other kinds of attacks. I think that’s a lot of the reason why organisations and professionals now understand that they can be caught up in cyberwarfare in many different layers, for many different reasons,” she added.
But while many organisations understand the potential risks posed by being caught in the crossfire of a cyberwarfare campaign, some executives don’t see it as a problem or don’t have a plan on how to deal with it.
“The reason that a quarter of security professionals don’t really have a strategy to protect against cyberwarfare is likely to do with complacency. They’ve never had to deal with an attack or seen one at wide-scale, so haven’t invested the time in protecting against it,” said Arsene.
“They probably think they’re too small to be targeted or they haven’t had an incident they’ve had to recover from,” he added.
SEE: Cybersecurity: This is how much top hackers are earning from bug bounties
However, incidents like NotPetya, the WannaCry ransomware and others have demonstrated that organisations of all sizes can find themselves the unwitting victim of a nation-stated-developed cyber operation.
In many cases, even nation-state-backed cyberattacks look to take advantage of known vulnerabilities, so ensuring that patches and security updates are applied as soon as possible can go a long way to protecting against attacks.
It’s also recommended that organisations keep a firm grip on the threat landscape, so they’re aware of the potential threats and attacks they could be facing – and are prepared for them if they do become real.
MORE ON CYBERSECURITY More

Need a high-performance security router for your business? The new Netgear BR200 has been specifically designed to create a secure site-2-site VPN and firewall rapidly.
The Netgear BR200 Insight Managed Business Router has been designed to be easy to set up, and features a built-in firewall, VLAN management, and remote cloud monitoring, and can be managed from anywhere you have an internet connection.
The firewall brings with it everything you need to protect your network — Includes stateful packet inspection (SPI), port/service blocking, DoS prevention and more.
At the core of the BR200 is a 1.7GHz dual-core processor, offering enough power to drive up to 256 VLANs.
Must read: Five iOS 14 and iPadOS 14 security and privacy features you need to know about

1 WAN and 4 LAN gigabit Ethernet ports
LAN-to-WAN throughput: 924Mbps
Remote cloud management and monitoring all from a single pane of glass
IPSec site-2-site VPN configuration through the mobile app and web portal
OpenVPN remote VPN from the device GUI
Firewall capabilities to protect against intrusion and secure your business
VLAN Configurations
$140 at Amazon
“Today’s businesses need powerful and secure networking solutions that are also easy to set up and manage,” said Richard Jonker, vice president of product line management for SMB products at Netgear. “Netgear Business is leveraging the intuitive simplicity of the Insight Management solution to implement the industry’s easiest to manage and most affordable router, with full VLAN and IPSec VPN set up.”
The router can be controlled using Netgear’s Insight Remote Management solution, which works via an app on iOS or Android, or using any web browser, and there are three subscription plan levels: Insight Pro, Insight Premium and Insight Basic.
The BR200 comes with a year’s free Insight subscription for remote management, and no additional hardware or cloud keys are required.
And a high-performance security router does not need to break the bank! The Netgear BR200 is priced at $139.99, which, for the package, is very reasonable considering what you are getting for the money. More

The Netgear BR200 Insight Managed Business Router has been designed to be easy to set up, and features a built-in firewall, VLAN management, and remote cloud monitoring, and can be managed from anywhere you have an internet connection.
Read More Read Less More

Security firm Group-IB says it identified a new cybercrime group that, for the past six months, has repeatedly and intentionally targeted Russian businesses with malware and ransomware attacks.
Named OldGremlin, Group-IB says the hackers are behind targeted attacks with a new strain ransomware called TinyCryptor (aka decr1pt).
“They have been trying to target only Russian companies so far,” Oleg Skulkin, Group-IB’s senior DFIR analyst, told ZDNet this week.
“This is very unusual for Russian-speaking gangs who have this unspoken rule about not working within Russia and post-Soviet countries.”
How attacks unfold
OldGremlin attacks usually begin with spear-phishing emails carrying malware-laced ZIP files, which will usually infect the victim org with a backdoor trojan named TinyNode. This grants the attackers an initial foothold on the company’s network, where the hackers spread laterally to other systems and then deploy the ransomware in the final stage of their attacks.
Once a network is encrypted, the OldGremlin crew usually asks for around $50,000 in ransom payments using messages left on infected systems and leading back to a ProtonMail address.
Skulkin says Group-IB has identified the OldGremlin group in August, but the group’s attacks date back to March, with their phishing emails using a wide variety of lures, ranging from posing as journalists looking for an interview to using the anti-government rallies in Belarus as a conversation starter.
Image: Group-IB
As Skulkin noted, attacks against Russian entities are rare but have happened before. Usually, groups like Silence and Cobalt started small in Russia before expanding operations outward, to nearby countries first, and then to targets all over the world.
“If they are Russian, then it’d be unusual but not unheard of. Just a few weeks ago, we noticed an Initial Access Broker offering an RCE for a Russian bank on a Russian-speaking forum, and MagBo offers multiple webshells on Russian websites,” KELA product manager Raveed Laeb, told ZDNet in an interview this week.
“There is also a possibility that they’re not Russian but do operate out of CIS countries – for example, anti-Russian Ukrainian nationals probably have a double incentive for attacking Russian entities, both financial and ideological,” Laeb added. More

Image: Roberto Cortese

Online e-commerce giant Shopify is working with the FBI and other law enforcement agencies to investigate a security breach caused by two rogue employees.
The company said two members of its support team accessed and tried to obtain customer transaction details from Shopify shop owners (merchants).
Shopify estimated the number of stores that might be affected by the employees’ actions at less than 200. The company boasted more than one million registered merchants in its latest quarterly filings.
The e-commerce giant said the incident is not the result of a vulnerability in its platform but the actions of rogue employees.
“We immediately terminated these individuals’ access to our Shopify network and referred the incident to law enforcement,” the company said in a prepared statement. “We are currently working with the FBI and other international agencies in their investigation of these criminal acts.”
An investigation into the security breach is still in its early phases. Shopify promised to notify impacted merchants and customers as relevant.
The transaction data that the rogue employees might have gained access to includes basic contact information, such as email, name, and address, as well as order details, like products and services purchased.
Shopify said payment card numbers or other sensitive personal or financial information was not included in the data the staffers could have accessed.
Another incident caused by malicious insiders
The incident disclosed by Shopify is the third incident of a “malicious insider” in the past month. Instacart and Tesla acknowledged similar incidents last month.
Instacart said two employees working for a company providing tech support services for Instacart shoppers “may have reviewed more shopper profiles than was necessary in their roles as support agents.” The company had to notify 2,180 shoppers as a result of this breach.
A week after the Instacart incident, Tesla CEO Elon Musk also admitted that his company was targeted by a Russian cybercrime gang, which tried to recruit one of its US employees and have them install malware on the internal network of its super-factory located in Sparks, Nevada.
While the Instacart incident resulted in a breach for the company, the Tesla employee resisted recruitment efforts and reported the incident to Tesla and authorities. More

Huawei rotating chairman Guo Ping.
Huawei’s rotating chairman Guo Ping has announced the company will continue to do everything it can to strengthen its supply chain, despite continuing to encounter “great pressure” and being continuously “attacked”.
“Huawei is in a difficult situation these days. Non-stop aggression has put us under significant pressure,” he said on Wednesday, during his keynote at Connect 2020. 
“We’re still assessing the specific impacts. Right now, survival is the goal.”
Ping elaborated on this point, specifying that the continuous attacks he referred to have been coming from the US government.
“The US has been continuously attacking us and they have modified their laws for the third time, and that has posed great challenges to our production and operation,” he said, speaking to media.
In August, US government expanded its restrictions on the Chinese tech giant by barring it from purchasing chips made by foreign manufacturers using US technology. It also added another 38 affiliates of Huawei to the Entity List, including Huawei Cloud Singapore and Huawei Cloud France.  
The United States also put a ban on US companies from buying, installing, or using foreign-made telecommunications equipment, citing cyber-espionage fears. The ban effectively targeted Chinese equipment providers, like Huawei, although no names were mentioned in the executive order.    
See also: Huawei rebukes US attempts to stymie foreign competition with chip rule
Despite the chipset ban, Ping said the company has “sufficient stock” to support its business.
“As for our chipsets for mobile phones, as we consume hundreds of millions of chipsets every year, we are still looking for ways to address the chipset for smartphones. But we also have been aware that US chip vendors are actively applying for licences to continue to supply to Huawei from the US government,” he said.
Ping also took the opportunity on Wednesday to plead for “openness and cooperation”.
“We hope the US government will give their rules and regulations a second thought,” he said. 
“If they are willing to supply to us, we’d be willing to buy from them. At the same time, we’ll continue to adhere to our procurement strategy … we believe a neutral benefit and collaboration is the best model for the global industry.”
In the meantime, Huawei continues to be locked out from participating in building out 5G networks worldwide. The most recent occurrence was in Canada when local carriers Bell and Telus both announced they would not be continuing the use of Huawei equipment in their respective 5G networks.
Although not officially banned, Huawei has also not made inroads in New Zealand either, after GCSB prevented Spark from using Huawei kit in November 2018. 
Meanwhile, in the United Kingdom, although the UK government decided to limit the involvement of Huawei in January — restricting it to a 35% cap of all radio equipment and preventing the Chinese giant from supplying any equipment for the core of any network, as well as banning the use of Huawei equipment at sensitive locations such as nuclear sites and military bases — reports last month said that the decision to allow Huawei to participate would be reviewed. 
On Wednesday, Huawei also spoke about the company’s decision last year to cut its headcount in Australia, which could result in as many as 400 redundancies over the next five years thanks to the ban placed on the company for 5G rollouts by the Australian government.
“Australia is a small market for us. It has never been a priority,” Huawei board executive director David Wang said.
“We always prioritise our resources to serve high-quality customers. Because resources are limited, we need to fully utilise them to support the customers who really need us and support them to become successful. We make business adjustments according to the status or situation in different markets.”
Despite remaining pressures, the company announced it is focused on combining connectivity, computing, cloud, artificial intelligence, and industry application technologies to deliver value to customers.
 “There are huge opportunities in that,” Ping said.
Off the back of this commitment, the company together with Intel jointly launched the FusionServer Pro 2488H V6, the newest member of the FusionServer Pro product family.
Running on x86 architecture, FusionServer Pro 2488H V6 houses four 3rd Gen Intel Xeon Scalable processors in a 2U space, 48 DDR4 DIMMs to support up to 18TB, and 11 PCIe slots for local storage.
It comes as Intel was granted a licence by the US government to continue supplying certain products to Huawei, as reported by Reuters.
Updated 23 September 2020, 6:36pm (AEST): Comment about Australian market attributed to Huawei board executive director David Wang.
Related Coverage More

Facebook was due to appear before the Senate’s Select Committee on Foreign Interference through Social Media on Friday, alongside controversial video-sharing platform TikTok.
While TikTok’s name is still on the schedule, Facebook has pulled out.  
A statement from the committee said it has been in communication with Facebook to arrange its appearance at a public hearing, saying the social media giant was initially willing to participate and had been tentatively confirmed as a witness for the hearing before its decision to cancel.  
“Facebook has since stated that key personnel are not willing to make themselves available on this date,” the committee said.
“Facebook has expressed a preference for any appearance to be after the US election.”
A Facebook spokesperson told ZDNet it intends to cooperate with the committee, but a “scheduling issue” has meant testimony cannot occur this coming Friday.
“We are committed to cooperating with the Senate Committee on this inquiry and answering the questions they may have. Due to a scheduling issue we’ve requested to appear at a later day,” the spokesperson said.
The committee was stood up in December to inquire into, and report on, the risk posed to Australia’s democracy by foreign interference through social media.
Read more: Countering foreign interference and social media misinformation in Australia
Committee chair Senator Jenny McAllister on Wednesday thanked TikTok for its “constructive” approach to the inquiry and its willingness to appear before the committee. Meanwhile, she said it was “disappointing Facebook has not adopted the same approach”.
“Facebook’s platform has been used by malicious actors to run sophisticated disinformation campaigns in elections around the globe,” McAllister said.
With 84% of the nation’s population on Facebook — around 17 million Australians use the site every month — McAllister believes the public deserves to know how the company manages the risks presented by the platform to Australia’s democracy and public discourse.
“Facebook claims they can be trusted to support Australia’s democratic processes but seem unwilling to participate in our processes of democratic accountability,” she said.
“As chair of the inquiry, I will be talking to my colleagues about options we have to ensure that Facebook answers the legitimate questions Australians have for the platform.”
Must read: Facebook comments manifest into real world as neo-luddites torch 5G towers   
Earlier this month before a House of Representatives Committee, Facebook said that during the quarter when the 2019 Australian federal election was held, it removed around 1.5 billion fake accounts from its platform.
“These fake accounts are the things that people try to use to share harmful content,” Facebook vice president of public policy Simon Milner said at the time.
“Almost 100% of that was removed because of our actions, using artificial intelligence to find these accounts and get rid of them. We spend a lot of effort trying to protect our platform from fake accounts.”
During the 2019 election period, there were approximately 10 million unique people involved in 45 million interactions related to the election.
Only 17 individual pieces of information were fact-checked during this period.
“Once a post has been found, we use artificial intelligence to apply the same treatment to similar posts that make the same claim … the ultimate number of posts that would have received fact treatment would be a number much higher, in the thousands,” Facebook’s Australia and New Zealand public policy manager Joshua Machin added.
The pair admitted, however, that Facebook does not fact-check political advertising “because we believe it’s important for the debate to play out”.
“I would say Facebook does the same as any media platform. If you see a billboard … an ad for a campaign … because that person is trying to target that constituency, an opponent might think that that ad contains false information and they have an opportunity to respond to that, beat that with an ad further down the road,” Milner said.
“There’s no expectation that the company that enabled you to put that ad on that billboard had to put something on it saying, ‘Hey, this information has been marked as false’, so we apply exactly the same approach on our service when it comes to political advertising.
“We don’t think it’s right that we should be the arbiters of truth.”
MORE FROM FACEBOOK More

Watch this: ZDNet’s Mary Jo Foley and Larry Dignan discuss everything you need to know about the news out of Microsoft’s Ignite conference. 

New perpetual Office clients for Windows and Mac, as well as on-premises versions of Exchange, SharePoint and Skype for Business are coming in the second half of next year.

Microsoft is adding three new edge-computing devices and moving ahead, with various Azure-branded services that are part of its hybrid-cloud family.

Microsoft’s Azure Communication Services (ACS) will give customers and partners access to the same voice, video, chat and texting services that Microsoft uses to power Teams.

Project Cortex is going to be delivered as a number of add-ons to existing Microsoft products, starting with SharePoint. The change in strategy is the result of ‘user feedback,’ Microsoft execs say.

The wait is over: Microsoft’s ‘Chredge’ browser will be available to Insider testers in preview starting in October.

Microsoft has plans to add new meeting, calling, search, insights and other new features to Teams over the next several months. Where’s the Teams-fatigue-fighting feature?

At its annual Ignite conference, Microsoft adds a huge slate of enhancements to its banner BI platform.

Microsoft Threat Protection, Defender ATP, Azure Security Center, and others brought under the Microsoft Defender umbrella brand.

Microsoft has added a second Ignite IT pro event, slated for early 2021, to its conference calendar. More