Information Technology

Dark web takedowns and arrests are a crucial part of fighting cybercrime, but when one marketplace or malware operation gets disrupted by law enforcement, another is always likely to take its place.Emotet, one of the most prolific and most dangerous forms of malware – which served as a means for cyber criminals to deliver ransomware and other cyberattacks – was disrupted in a police operation earlier this year.

More on privacy

And while the disruption of such a big player in the malware space inevitably has an impact on cybercrime, it doesn’t just disappear – cyber criminals find new means of engaging in malicious online activity. SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)”I’m a big geek for Jurassic Park, and there’s famous line that Jeff Goldblum says: ‘Life finds a way,'” Rick Holland, CISO at Digital Shadows, told ZDNet Security Update.”When I think about cyber-criminal takedowns – Emotet and others – there’s a long history of this as well; cybercrime finds a way. One set of operators gets arrested, goes to jail, but someone will fill their spot. It’s just like water flowing and it’s going to find a way”.In the case of the Emotet disruption, cyber criminals have quickly shifted to Trickbot and other trojans as a means of gaining access to networks for use in cyberattacks – either for deploying their own malware, or leasing out the backdoor for others to plant their own malware or ransomware.

And that’s despite an attempted takedown of Trickbot by a coalition of cybersecurity companies in October.But that doesn’t mean there isn’t a need to fight cybercrime with takedowns and arrests – because even if cyber criminals have to evolve and adapt their tactics, criminal hacking and malware will remain a threat. “I definitely think we need to continue the law enforcement takedowns, it does have an impact, but it is a whack-a-mole because someone will fill that gap,” said Holland. “There’s definitely some impact on the operators themselves if they go to to jail and things like that, but as far as the macro view versus the micro you know it’s going to continue,” he added.SEE: Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this toolHowever, when takedowns are successful, there’s a chance that some lower-level cyber criminals will be frightened off being involved due to the potential prospect of going to jail if they’re caught.”A lot of the bottom feeders, if you will, that are kind of rushing to make money, they’re new to cybercrime, they don’t have as much operational security or experience, so they can be vulnerable just because of a lack of experience that’s there,” said Holland. MORE ON CYBERSECURITY More

Image: Grumpy Turtle Creative
Due to the large geographical range of the Great Barrier Reef — roughly the same size as Italy — researchers have only collected data regularly from approximately 5-10% of the reef. In a bid to ramp up data collection, conservation organisation Citizens of the Great Barrier Reef launched the Great Barrier Reef census project in November. The project aimed to bring together stakeholders across tourism, including visitors and divers, science, research, and business to assist with capturing large-scale reconnaissance data from across the Great Barrier Reef. Phase one of the project saw over 14,000 images collected of about 170 reefs — double than what was originally anticipated — across 680 different sites from the tip of Cape York to the remote southern Swain Reefs. Of those images, approximately 6,000 were submitted by vessels fitted with a Dell device purpose-built to capture images of the reef. “If you put [the distance travelled] against the side of the US, it would go from above Seattle to below the border of Mexico. That’s the kind of range we’re talking about,” Citizens of the Great Barrier Reef CEO Andy Ridley told ZDNet. “We even found a shipwreck up in the north from the 1840s. That kind of gives you an idea of not only how big the place is, but even now you can find a shipwreck that’s been there for nearly 200 years.” Must read: How AI and drones are trying to save the Great Barrier Reef (TechRepublic)

Currently, those images are being analysed in real time as part of phase two of the census project. Involved in analysing the images are what the team described as “citizen scientists” — everyday people from around the globe — who are playing their part to support conservation and coral recovery. Users are encouraged to select a reef image and “colour-in” where they see key elements, such as a coral, sand, and rubble. On average, Citizen receives 1,500 unique visitors a day to its census website, over half from the US, followed by Australia, and then Europe and Asia. “Through a fairly novel analysis technique, we’re asking people to sort of trace around what they see in the image. We give them categories and say, ‘Is this coral a reef? Does it look like hard coral or soft coral?’ … and we collect polygon data from that,” Citizens of the Great Barrier Reef technologist Som Meaden said. “It helps give us a sense of the makeup of the reef, which is going to help us train a computer vision model to better recognise these types of images. “Traditional survey imagery is of very close-up one-by-one metre sort of transects. We’re trying to utilise seascape imagery that a tourist or somebody else might take and be able to get meaningful data from that. We’ve essentially baselined against research data, so we have a good sense of what that means.”
Image: Citizens of the Great Barrier Reef
To date, just over 6,000 analyses have been completed by the public so far, while half of the images uploaded have also been analysed by researchers. The goal is to have all images analysed by the end of April.”We’re relying on the general public to help us analyse all of them multiple times over and hopefully combined, that will give us a very good insight into what the images tell us but also how useful citizen science is in this regard,” Meaden said.”As people analyse an image, we’re sort of saying, is this something that’s been analysed by research before, and we can really grade the performance. As we increase trust as each people analyse images, we can build up a pretty good profile of who’s good at it, who’s not, and we can teach them about the reef at the same time.” Sending up a flareHelping to ensure the census project is always online is Cloudflare’s Project Galileo, which was established to help not-for-profit organisations and artistic groups fend of cyber attacks pro bono. “We’re a tiny team …  [of] five now. But there’s only one technology person, so there’s only so much we can do … we can run a project like census and have thousands of people hitting it a day, analysing images, and uploading images, and be extremely confident that we’re not going to run into any problems,” Meaden said. Meaden boasted that since March, through Project Galileo, the organisation has seen 360GB of data routed via Argo Tunnel with an average response of 75ms, more than 100 hours of video has been watched via Stream, 17,000 images have been secured and served to census participants through Workers, and multiple security events where there were more than 100 requests were blocked by Firewall. “It’s been a very useful [because] all of this has been done on a very insignificant budget,” he said.
Image: Christian Miller
Ridley emphasised that running a project like census needs to be scalable, highly efficiently, but it cannot “cost loads of money”.”The endeavour behind citizens is we’re trying to build a 21st century conservation organisation, so that requires that shared economy approach of how can you scale without needing billions and billions of dollars,” he said. “Although it’s only currently focused on reconnaissance data on reefs, underneath that you’re building infrastructure, so you’re actually building the capacity to do a lot more things across the Great Barrier Reef. “In theory, if you can get the model right, which includes the technical architecture as well, you can scale that beyond the Great Barrier Reef.” Citizens of the Great Barrier Reef plans to make the data, methodology, and technology developed through the project open-sourced at the end of the project.”Much of the world thinks that [the Great Barrier Reef is] already gone but it really hasn’t it; it’s a patchwork. You get some places that are so extraordinary and beautiful that you don’t know whether you should laugh or cry when you come to the surface…. then you get other places that have been hard hit by climate change, by bleaching, by runoffs,” Ridley said.”To be able to get a really broader picture of what’s going on and be able to talk about that, it’s actually very important because if the world thinks it’s gone, there’s not much to fight for.”Obviously, you’re trying to look at how you can build resilience in a system, like the Great Barrier Reef, but many of the lessons you learn here can be applied all around the globe. What we’re trying to do at Citizens is build stuff that can be scaled and shared around the world.” There are plans to launch a scaled-up census in October to survey at least 200 reefs on the Great Barrier Reef while testing the infrastructure’s ability to capture reconnaissance data for another habitat, such as sea grass. Other plans the organisation has its sights set on include trialling the model on reefs such as Ningaloo along the Western Australia coast or the Coral Triangle, a marine area in the western Pacific Ocean that includes waters of Indonesia, Malaysia, the Philippines, Papua New Guinea, Timor Leste, and Solomon Islands.  The Great Reef census project is being delivered in partnership with the Great Barrier Reef Marine Park Authority, the University of Queensland, and the Australian Institute of Marine Science, with support from James Cook University. The project is funded by the partnership between the Australian government’s Reef Trust and the Great Barrier Reef Foundation, the Prior Family Foundation, and the Reef and Rainforest Research Centre. RELATED COVERAGE Budget 2020: Keeping Australia at the forefront of weather and climate modelling The Australian Community Climate and Earth System Simulator quietly picked up AU$7.6 million in funding. Smart coral reefs: This underwater, fish-spotting AI helps protect the rainforest of the sea Intel and Accenture deployed artificial coral reefs equipped with AI to help researchers monitor the health of coral reefs. CSIRO and Microsoft to use AI to tackle man-made environmental problems Artificial intelligence is one technology the pair will be using to look at challenges such as illegal fishing and plastic waste, and to boost farming in Australia. IBM using AI to help prevent Australia’s beaches from washing away IBM and KWP are helping to preserve Australia’s iconic beaches, implementing artificial intelligence to allow scientists to put their time towards addressing coastal erosion, rather than on mapping it. More

The Australian Bureau of Statistics (ABS) has a little over four months to complete preparations for the 2021 Census, and hopes it will avoid the embarrassment that plagued the agency nearly five years ago.The 2021 Census will be built using the Amazon Web Services cloud through a contract awarded to PwC Australia.The change of approach is expected to counter any repeats of what occurred in 2016, when the ABS experienced a series of small denial-of-service (DDoS) attacks, suffered a hardware router failure, and baulked at a false positive report of data being exfiltrated which resulted in the Census website being shut down and citizens unable to complete their online submissions.The Census was run on on-premises infrastructure procured from tech giant IBM.Read more: Censusfail: An omnishambles of fabulous proportionsFacing Senate Estimates on Wednesday night, Deputy Australian statistician Teresa Dickinson said preparations for the next Census are well advanced. “Census day is the 10th of August, and we are on track. In our metrics, where we measure progress against the Census, many of the sub programs of work are ‘green’, there are a few that remain ‘amber’, and the reason is that we still have some testing and defect remediation to do on our technical work,” Dickinson said. “But we are on track to do that, by the time the form goes live.”

In response to the omnishambles that was the 2016 Census, there have been three reviews that made 36 recommendations, 29 of which were directed at the ABS and agreed upon. There was also a report prepared by the Australian National Audit Office (ANAO).”We had a number of reviews … which made quite a number of recommendations. All those recommendations have been actioned,” Dickinson said. “And as part of actioning those recommendations, we’ve done a great deal around cybersecurity.”She said the ABS has worked very closely with cybersecurity experts in building the completely new system. Further funding, she disclosed, was provided to the Bureau largely to “mitigate cybersecurity risk”.ANAO in November labelled the preparation for the 2021 Census by the ABS as “partly effective”.It said generally appropriate frameworks have been established to cover the Census IT systems and data handling, and the procurement of IT suppliers, but that the ABS has not put in place arrangements for ensuring improvements to its architecture framework, change management processes, and cybersecurity measures will be implemented ahead of the 2021 Census.”The ABS has been partly effective in addressing key Census risks, implementing past Census recommendations, and ensuring timely delivery of the 2021 Census,” the auditor added. “Further management attention is required on the implementation and assessment of risk controls.”Additionally, Dickinson confirmed it has over 50 suppliers and partners working on the Census.LATEST FROM CANBERRA More

Brazil is a world leader in phishing attacks, with one in five Internet users in the country targeted at least once in 2020, according to research. According to the report on phishing by cybersecurity firm Kaspersky, Brazil tops a list of five countries with the highest rate of users targeted for data theft throughout last year. The other nations cited are Portugal, France, Tunisia and French Guiana.The number of phishing attacks against mobile devices increased by more than 120% between February and March 2020 alone, according to the study. Factors behind the increase in scams include the boost in internet usage and access to services online such as internet and mobile banking and online shopping as a result of social distancing measures, as well as large-scale adoption of remote work and the anxiety around information about the pandemic.

The pandemic was a recurring theme of phishing attacks during 2020, according to the research. Techniques used wit a view of obtaining online account credentials and bank passwords ranged from websites offering face masks and hand sanitizers at times of scarcity, to bogus websites for registrations for social assistance programs and, more recently, fraudulent registration webpages for the Covid-19 vaccine. On the other hand, the Kaspersky study noted there was an improvement in the level of awareness of security threats online among Internet users. Despite the growth in phishing attacks, there was one particular aspect that has seen a decline relation to 2019: that year, more than 30% of Brazilians had tried, at least once, to open a link that led to a phishing page, compared to approximately 20% in 2020. “This demonstrates that campaigns and warnings about this type of scam means that users are more alert – but it does not mean that we do not need to evolve, as the statistics are still very bad”, said Fabio Assolini, senior security analyst at Kaspersky Brazil.Moreover, the study noted the percentage of victims of phishing attacks in Brazil is above the world average – 20% against the global average of 13%. According to Assolini, this disparity can be explained by the difficulty Internet users in Brazil have when it comes to recognizing fake emails, – 30% of Brazilians can’t tell whether an email is not genuine, according to previous research by the cybersecurity firm.

“We need to improve our digital education”, Assolini pointed out. “[Not being able to recognize threats] makes us vulnerable and prone to falling into ‘must-see promotions’ and other online scams.” More

Head of the Australian Cyber Security Centre (ACSC) Abigail Bradshaw has told senators “10s of organisations” have so far reached out to her agency regarding vulnerable Microsoft Exchange servers.”We have had feedback from 10s of organisations who have spotted the indicators of compromise and whom we’ve assisted,” Bradshaw said. “The fact that people are engaging us on the basis that they’ve identified indicators of compromise is evidence both of the fact that they’ve seen the advice because they’ve run the specific scripts, but also an understanding that they understand and are able to spot for themselves where there are vulnerabilities on their systems.”Must read: Everything you need to know about the Microsoft Exchange Server hackBradshaw’s remarks were in response to senators raising concerns on Wednesday night that around 7,000 servers in Australia were vulnerable to the threat, with 11,000 Australian IPs found as potentially vulnerable.”We have also used what we call part of our cyber hygiene improvement program, which has been funded under the Cyber Enhanced Situational Awareness and Response funding, which gives the ACSC capacity to run scans on externally facing internet connections, which has assisted us to observe the number of systems that still require patching, which means that we have some familiarity with the numbers of servers that were identified,” Bradshaw explained.She said the ACSC has been monitoring those flagged as vulnerable “extraordinarily closely” by running constant scans. She said the ACSC has observed a “very substantial degree of patching”. “And as a consequence, many, many fewer servers, which remain vulnerable since that date,” she said.

Here’s more: Microsoft: 92% of vulnerable exchange servers are now patched, mitigatedThe ACSC has also engaged directly with managing director of Microsoft Australia Steven Worrall, Bradshaw said, in regards to the results of its scanning.”[We] engage them on how we can assist them to get to any residual Microsoft customers who might be running that particular server,” she added. Director-General of the Australian Signals Directorate (ASD) Rachel Noble said her organisation was first made aware of the Microsoft Exchange issue on March 3, resulting in the ACSC sending out an email blast to its 63,500 subscribers. The ACSC also wrote directly to 100 of its Commonwealth government CISOs and an additional 50 in state and territory governments.RELATED COVERAGE More

Facebook said it has disrupted a network of hackers tied to China who were attempting to distribute malware via malicious links shared under fake personas. The social network’s cyber espionage investigations team has taken action against the group, disabled their accounts and notified the roughly 500 users who were targeted.

The hackers — believed to be part of the Earth Empusa or Evil Eye groups — were targeting activists, journalists and dissidents, predominantly among Uyghurs from Xinjiang in China, living abroad in Turkey, Kazakhstan, the US, Syria, Australia, and Canada. Facebook said the highly focused campaign was aimed at collecting information about these targets by infecting their devices with malicious code for surveillance purposes. The links that were shared through Facebook included links to both legitimate and lookalike news websites, as well as to fake Android app stores. In the case of the news websites, Facebook’s head of cyber espionage investigations Mike Dvilyanski said the hackers were able to compromise legitimate websites frequently visited by their targets in a process known as a watering hole campaign intended to infect devices with malware. The hackers also created lookalike domains for Turkish news websites and injected malicious code that would infect the target’s device with malware. Similarly, third-party lookalike app stores were built to trick targets into downloading Uyghur-themed apps with malicious code that would allow the hackers to exploit the devices they were installed on. Facebook said the group took steps to conceal their activity by only infecting people with iOS malware when they passed certain technical checks, including IP address, operating system, browser, and country and language settings.On Facebook, the malicious infrastructure was blocked and the accounts were taken down. Facebook said its cyber team first became aware of the hacking efforts in mid-2020 based on intensification of the activity on the Facebook platform. It’s believed that the efforts extend back to 2019.

“Measuring impact and intent can be challenging but we do know even for the small number of users around the world, the consequences [of being hacked] can be very high and that is why the team took this so seriously,” said Nathaniel Gleicher, head of security policy for Facebook. “It’s a small number of targets, under 500 for the entire campaign, but that is only for the aspects that touched Facebook in some way. The majority of what this threat actor has done took place off Facebook.”RELATED: More

IBM on Wednesday announced a new suite of security services that aim to help enterprises apply a unified security approach across dispersed hybrid cloud environments. 

IBM said the expanded Security Services for Cloud portfolio is designed to help companies connect and simplify cloud security across ecosystems, bringing together IBM and third-party technologies alongside support to manage security across cloud environments including AWS, Google Cloud, IBM Cloud and Microsoft Azure.The new services leverage AI and automation to help enterprises identify and prioritize risks, respond to potential threats across cloud environments, and connect that data with their broader security operations and on-premises systems, IBM said.”Cloud security can appear daunting, with defenders facing an expansive attack surface, shared responsibility models and rapidly evolving cloud platforms and tools,” said Vikram Chhabra, Global Director of Offering Management and Strategy for IBM Security Services. “We cannot assume that legacy approaches for security will work in this new operating model – instead, security should be modernized specifically for the hybrid cloud era, with a strategy based on zero trust principles that bring together context, collaboration and visibility across any cloud environment.”Updates to the portfolio include new advisory and managed security services that reduce the risk of cloud misconfigurations and provide insights into potential risks and threats. IBM is also rolling out new container security services including integration with IBM Security X-Force Red vulnerability management, which identifies and ranks container-related vulnerabilities in order to prioritize remediation. More

Researchers have discovered hundreds of fleeceware mobile apps on Google Play and the Apple App Store that are earning their developers millions of dollars. 

While stalkerware, spyware, and malvertising apps infect devices for spying, data theft, and in order to bombard users with ads to generate fraudulent revenue, fleeceware apps attempt to lure handset owners to download software before charging them extortionate ‘subscription’ fees. Often enticed with ‘free’ trials, users will then be overcharged to use the app, which in some cases can reach upward of $3,000 per year.  Software subscriptions, such as for professional services, enterprise solutions, and creative platforms can be expensive — but unlike these legitimate offerings, there is generally nothing special about fleeceware.  Developers rake in the proceeds from their creations, and while not illegal, it can be hard for users to figure out how to escape subscription charges — and it appears this method of generating app revenue continues to rise in popularity.  This week, Avast researchers said they have found a total of 204 fleeceware apps on both Apple’s App Store and the Google Play Store.  A total of 134 apps have been found on Apple’s iOS platform with an estimated 500 million downloads and projected revenues of $365 million. 

When it comes to Google Play, 70 fleeceware apps have been discovered with 500 million downloads and a profit margin of $38.5 million for the time they have been active and available.  Predominant fleeceware app trends include astrology, horoscopes, photo and filter software, music lessons, cartoon creation, QR code/PDF document scanners, and video clip editing.  The majority of fleeceware apps examined by Avast offer a three-day trial before subscriptions begin.  “Once the trial is over, the user is charged a recurring high subscription fee, generating substantial revenue for the developers,” the researchers say. “There’s also the possibility that users forget to cancel the free trial, resulting in expensive fees.” These apps do generally provide the features they advertise, but even if just a handful of users fail to notice subscription payments going out, then this creates revenue far beyond what the software is likely to be worth. Subscriptions range from weekly to monthly charges of everything from $4 to $66 a week.  Even if a user deletes the app after they notice outgoing payments, this does not mean their subscription stops — which allows the developer to cash in further. Google and Apple are not responsible for refunds after a certain time period, and while the companies may choose to refund as a goodwill gesture in some cases — such as when children rack up huge bills through in-app purchases — they are not obliged to do so. Therefore, the only options may be to try and contact developers directly or to request a bank chargeback.  Both companies warn of active subscriptions when an app is deleted, but Avast says “it’s evident that fleeceware apps continue to bring in revenue.” Apple and Google have provided support pages to help mobile users manage app subscriptions.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More