Information Technology

Between 666 million and 819 million workers in Asia-Pacific will use digital skills by 2025, up from just 149 million today, with the average employee requiring seven new digital skills to keep up with emerging technologies. Businesses then are likely to face severe talent shortage, particularly in data, cloud, and cybersecurity, if they do little to build out these capabilities. 
Singapore, for one, would require 1.2 million digital workers by 2025, up 55% from 2020, including non-digital workers who would need to reskill and new entrants to the workforce, according to commissioned research from Amazon Web Services (AWS), which surveyed 500 digital workers in the country. The report polled 3,196 respondents across six Asia-Pacific markets including Australia, South Korea, India, Japan, and Indonesia.
By 2025, the region’s workers would require 6.8 billion digital skills to carry out their job, up from 1 billion today. This was estimated to require 5.7 billion digital skill trainings over the next five years to ensure the average worker acquired capabilities needed to keep pace with technological advancements. The document referred such trainings as what would be needed to skill one worker from the proficiency level today to the relevant level required in 2025. 
In Singapore, this figured clocked at 23.8 million digital skill trainings needed for the local workforce through to 2025, which would enable the country to plug a 35% gap of such trainings recommended for workers who currently did not possess digital skills or were not in the workforce.

Global pandemic opening up can of security worms
Caught by the sudden onslaught of COVID-19, most businesses lacked or had inadequate security systems in place to support remote work and now have to deal with a new reality that includes a much wider attack surface and less secured user devices.
Read More

To boost their employability, the report further noted, students across Asia-Pacific today should be educated in digital skillsets projected to see the largest spikes in demand, specifically, capabilities in designing and refining new cloud architectures. Demand for such skills in the region was expected to climb 36% over the next five years — the highest growth amongst all digital skills.
Australia had the highest proportion of employees using digital skills today, at 64%, followed by Singapore at 63% and South Korea at 62%. Japan weighed in at 58%, compared to Indonesia’s 19% and India at 12%. 
Singapore, however, led the pack with the highest proportion of workers — at 22% — who were using advanced digital skillsets, such as cloud architecture design, followed by South Korea at 21% and Australia at 20%. 

Demand for skills types differed by market, with Indonesia and South Korea, for instance, likely to see the fastest growing demand for advanced digital content creation skills, such as ability to create customised digital content including web applications. Japan, in comparison, was expected to see the highest demand jump at 30% for advanced cloud skills, such as migrating organisations’ legacy on-premise environment to cloud-based architectures. 
Across the region, in 2025, the report indicated that organisations were likely to challenged by particularly severe skills scarcity in data, cloud, and cybersecurity if they did little to beef up capabilities in these segments. 
For instance, the ability to develop digital security and cyber forensics tools and techniques was projected to be in “severe shortage” by 2025. In fact, 30% of digital workers in Singapore and 48% in India pointed to such skills as necessary to carry out their jobs but that they currently lacked. 
According to AWS, decision makers interviewed for the report suggested this was the result of rising adoption of cloud and data analytics in the region. “With many compliance standards for data integrity written before cloud computing technology was established, it is critical businesses have the expertise to translate these existing standards for cloud security,” the report noted.

(Source: AWS)
RELATED COVERAGE More

Facebook announced on Wednesday it has banned almost all Myanmar military-controlled state and media accounts from its platforms, Facebook and Instagram.
The ban disables the Tatmadaw True News Information Team page, as well as the MRTV and MRTV Live pages as they violated Facebook’s policies by coordinating harm and inciting violence, Facebook APAC emerging countries policy director Rafael Frankel said in a blog post.
The ban comes in response to the Myanmar military inciting a coup at the start of February, which has resulted in the National League for Democracy’s leader Aung San Suu Kyi and other senior political leaders being detained.
Since the coup, the country has been in a state of emergency while suffering from internet and phone service disruptions. The military also temporarily blocked Twitter and Instagram a fortnight ago.
“We’re continuing to treat the situation in Myanmar as an emergency and we remain focused on the safety of our community, and the people of Myanmar more broadly,” Frankel said.  
“We believe the risks of allowing the Tatmadaw on Facebook and Instagram are too great.”
In addition to banning military-controlled state and media accounts, Facebook has also blocked any ads from military-linked commercial entities. Facebook has also reduced the distribution of content on 23 pages and profiles that are either controlled or operated by the Myanmar military so fewer people can see them. 

The bans, which will last indefinitely, were made using the UN Guiding Principles on Business and Human Rights as a guide, Frankel said.
The exceptions to this ban are government ministries and agencies engaged in the provision of essential public services, such as the country’s Ministry of Health and Sport and the Ministry of Education. 
Since the coup occurred, Facebook has expressed concern regarding the situation.
“We are extremely concerned by orders to shut down the internet in Myanmar and we strongly urge the authorities to order the unblocking of all social media services. At this critical time, the people of Myanmar need access to important information and to be able to communicate with their loved ones,” Frankel said in a previous blog post.
Related Coverage More

Image: VMware, ZDNet
More than 6,700 VMware vCenter servers are currently exposed online and vulnerable to a new attack that can allow hackers to take over unpatched devices and effectively take over companies’ entire networks.
Scans for VMware vCenter devices are currently underway, according to threat intelligence firm Bad Packets.

The scans have started earlier today after a Chinese security researcher published proof-of-concept code on their blog for a vulnerability tracked as CVE-2021-21972.
This vulnerability impacts vSphere Client (HTML5), a plugin of VMware vCenter, a type of server usually deployed inside large enterprise networks as a centralized management utility through which IT personnel manage VMware products installed on local workstations.
Last year, security firm Positive Technologies discovered that an attacker could target the HTTPS interface of this vCenter plugin and execute malicious code with elevated privileges on the device without having to authenticate.
Because of the central role of a vCenter server inside corporate networks, the issue was classified as highly critical and privately reported to VMware, which released official patches yesterday, on February 23, 2021.
Due to the large number of companies that run vCenter software on their networks, Positive Technologies initially planned to keep details about this bug secret until system administrators had enough time to test and apply the patch.

However, the proof-of-concept code posted by the Chinese researcher, and others, effectively denied companies any grace period to apply the patch and also started a free-for-all mass-scan for vulnerable vCenter systems left connected online, with hackers hurrying to compromise systems before rival gangs.
Making matters worse, the exploit for this bug is also a one-line cURL request, which makes it easy even for low-skilled threat actors to automate attacks.

According to a Shodan query, more than 6,700 VMware vCenter servers are currently connected to the internet. All these systems are now vulnerable to takeover attacks if administrators failed to apply yesterday’s CVE-2021-21972 patches.
VMware has taken this bug very seriously and has assigned a severity score of 9.8 out of a maximum of 10 and is now urging customers to update their systems as soon as possible.
Due to the critical and central role that VMware vCenter servers play in enterprise networks, a compromise of this device could allow attackers access to any system that’s connected or managed through the central server.
These are the types of devices that threat actors (known as “network access brokers”) like to compromise and then sell on underground cybercrime forums to ransomware gangs, which then encrypt victims’ files and demand huge ransoms.
Since a PoC is now out in the open, Positive Technologies has also decided to publish an in-depth technical report on the bug, so network defenders can learn how the exploit work and prepare additional defenses or forensics tools to detect past attacks. More

Hardly a week goes by without yet another major Windows security problem popping up, while Linux security problems, when looked at closely, usually turn out to be blunders made by incompetent system administration. But Linux can’t rest on its laurels. There are real Linux security concerns that need addressing. That’s where Google and the Linux Foundation come in with a new plan to underwrite two full-time maintainers for Linux kernel security development, Gustavo Silva and Nathan Chancellor. 

ZDNet Recommends

Silva and Chancellor’s exclusive focus will be to maintain and improve kernel security and associated initiatives to ensure Linux’s security. There’s certainly work to be done. 
As the Linux Foundation’s Open Source Security Foundation (OpenSSF) and the Laboratory for Innovation Science at Harvard (LISH) found in its open-source contributor survey, security is often neglected in open-source software development. True Linux has over 20,000 contributors, and as of August 2020, one million commits, but security is not one of their top-of-mind issues. 
Unfortunately, it starts at the top. Linus Torvalds, Linux’s creator, really dislikes people who make improving security in Linux more trouble than it needs to be. In 2017, in his own inestimable style, he called some security developers “f-cking morons.” But Torvalds, while often colorful, also gave direction to security programmers.
From Torvalds’ viewpoint, “Security problems are just bugs. … The only process I’m interested in is the _development_ process, where we find bugs and fix them.” Or, as Torvalds said in 2008, “To me, security is important. But it’s no less important than everything *else* that is also important!”
Torvalds isn’t the only one who sees it that way. Jason A. Donenfeld, creator of Linux’s Wireguard Virtual Private Network (VPN), said on the Linux Kernel Mailing List (LKML) that “some security people scoff at other security people’s obsession with ‘security bugs.'” 
He added: “The security industry is largely obsessed by finding (and selling / using /patching /reporting /showcasing /stockpiling /detecting / stealing) these ‘dangerous/useful’ variety of bugs. And this obsession is continually fulfilled because bugs keep happening — which is just the nature of software development — and so this ‘security bug’ infatuation continues.”

While Torvalds and Donenfeld recognize the importance of securing Linux, too many developers hear their disdain for security researchers while missing that they both regard fixing real security bugs as necessary work. The result? On average, open-source programmers use just 2.27% of their total contribution time on security. Worst still, most open-source developers feel little desire to spend more of their time and effort on security. 
As David A. Wheeler, The Linux Foundation’s director of open-source supply chain security, said in the Report on the 2020 FOSS Contributor Survey: “It is clear from the 2020 findings that we need to take steps to improve security without overburdening contributors.” 
The solution, the report authors suggested, was to devote money and resources to specific security purposes. This includes adding security-related tools to the continuous integration (CI) pipeline, security audits, and computing resources. In other words, make it easier for developers to add security to their projects.
Specifically, OpenSSF and LISH suggested:
Funding security audits of critical open-source projects and require that the audits produce specific, mergeable changes. 
Rewrite portions or entire components of FOSS projects prone to vulnerabilities to produce a substantially more secure result (e.g., contribute a rewrite in a memory-safe language). 
Prioritize secure software development best practices. 
Companies should make secure software development training a requirement for hiring or continued professional development for their paid FOSS developers. 
Use badging programs, mentoring programs, and the influence of respected FOSS contributors to encourage projects and their contributors to develop and maintain secure software development practices. 
Encourage projects to incorporate security tools and automated tests as part of their continuous integration (CI) pipeline; ideally as part of their default code management platform. 
By Google providing funds to underwrite two full-time Linux security maintainers signals the importance of security in the ongoing sustainability of open-source software. “At Google, security is always top of mind and we understand the critical role it plays to the sustainability of open-source software,” said Dan Lorenc, Google staff software engineer, in a statement. “We’re honored to support the efforts of both Gustavo Silva and Nathan Chancellor as they work to enhance the security of the Linux kernel.”
Chancellor’s work will be focused on triaging and fixing all bugs found with Clang/LLVM compilers while working on establishing CI systems to support Clang and LLVM compiler tools. Two years ago, Chancellor started contributing to mainline Linux under the ClangBuiltLinux project, which is a collaborative effort to get the Linux kernel building with Clang and LLVM. 
The Linux kernel has always traditionally been compiled with GNU toolchains such as GCC and binutils. The more modern Clang and LLVM utilities enable developers to create cleaner and more secure builds. Linux distributions such as Android, ChromeOS, and OpenMandriva already use Clang-built kernels.
Chancellor has been working on the Linux kernel for four and a half years. “I hope that more and more people will start to use the LLVM compiler infrastructure project and contribute fixes to it and the kernel — it will go a long way toward improving Linux security for everyone,” said Chancellor. 
Gustavo Silva’s full-time Linux security work is currently dedicated to eliminating several classes of buffer overflows by transforming all instances of zero-length and one-element arrays into flexible-array members, which is the preferred and least error-prone mechanism to declare such variable-length types. Silva is also working on fixing bugs before they hit the mainline, while proactively developing defense mechanisms that cut off whole classes of vulnerabilities. Before that, Silva led the effort to eliminate implicit switch fall-throughs in the Linux kernel Silva sent his first kernel patch in 2010 and is an active member of the Kernel Self Protection Project (KSPP). He is consistently one of the top five most active kernel developers since 2017 with more than 2,000 mainline commits. Silva’s work has impacted 27 different stable trees, going all the way down to Linux v3.16. 
“We are working towards building a high-quality kernel that is reliable, robust, and more resistant to attack every time,” said Silva. “Through these efforts, we hope people, maintainers, in particular, will recognize the importance of adopting changes that will make their code less prone to common errors.”
“Ensuring the security of the Linux kernel is extremely important as it’s a critical part of modern computing and infrastructure. It requires us all to assist in any way we can to ensure that it is sustainably secure,” added Wheeler. “We extend a special thanks to Google for underwriting Gustavo and Nathan’s Linux kernel security development work along with a thank you to all the maintainers, developers, and organizations who have made the Linux kernel a collaborative global success.”
Google has recently been putting more resources behind security for all open-source software. The company recently proposed a framework, “Know, Prevent, Fix,” for how we can think about open-source vulnerabilities and concrete areas to address first, including:
Consensus on metadata and identity standards: We need consensus on fundamentals to tackle these complex problems as an industry. Agreements on metadata details and identities will enable automation, reduce the effort required to update software, and minimize the impact of vulnerabilities.
Increased transparency and review for critical software: For software that is critical to security, we need to agree on development processes that ensure sufficient review, avoid unilateral changes, and transparently lead to well-defined, verifiable official versions.
Going back to Linux in specific, funding Linux kernel security and development is a collaborative effort that needs support from everyone. To support work like this, discussions are taking place in the Securing Critical Projects Working Group inside the OpenSSF.  If you want to be involved in the work, now’s your chance. It’s not just Google and top Linux developers, everyone who works with Linux needs to be involved.
Related Stories: More

Image: Oleksii Leonov (CC BY 2.0)The Ukrainian government said today that Russian hackers compromised a government file-sharing system as part of an attempt to disseminate malicious documents to other government agencies.
The target of the attack was the System of Electronic Interaction of Executive Bodies (SEI EB), a web-based portal used by Ukrainian government agencies to circulate documents between each other and public authorities.
In a statement published today, officials with Ukraine’s National Security and Defense Council said the purpose of the attack was “the mass contamination of information resources of public authorities.”
Ukrainian officials said the attackers uploaded documents on this portal that contained macro scripts. If users downloaded any of these documents and allowed the scripts to execute (usually by pressing the “Enable Editing” button inside Office apps), the macros would secretly download malware that would allow the hackers to take control of a victim’s computer.
Ukraine links the attacks to Russian cyberspies
“The methods and means of carrying out this cyberattack allow [us] to connect it with one of the hacker spy groups from the Russian Federation,” NSDC officials said.
Even if most state-sponsored hacker groups have been assigned names by the cyber-security industry, Ukrainian officials did not attribute the attack to a specific Russian activity cluster.
Officials did, however, publish indicators of compromise (IOCs) used in the attacks. They include:
Domains: enterox.ru
IP addresses: 109.68.212.97
Link (URL): http://109.68.212.97/infant.php

Today’s NSDC security alert is the second warning the agency has published this week. The agency also warned on Monday that Russian hackers launched DDoS attacks last week that targeted the websites of the Security Service of Ukraine, the National Security and Defense Council of Ukraine, and resources of other state institutions and strategic enterprises. More

Many charities are encouraging individuals and organisations to donate their old laptops, tablets and other devices, and while many want to support good causes, it can be hard to know how to make sure devices are in the right state to hand over.

ZDNet Recommends

The UK’s National Cyber Security Centre (NCSC) has issued advice on erasing data from devices so they can be passed on as safely as possible.
Firstly, donors should be encouraged to erase all of the data on the laptop or tablet before they give it to charity – because failure to do so could result in their personal data like usernames and passwords being available to others.
The NCSC notes that users should be encouraged to do this themselves, so they have the most control possible over their data, including backing up any information or files they want to keep before erasing the data from the device.
SEE: Technology in education: The latest products and trends (free PDF) (TechRepublic)
Secondly, charities which receive donations of laptops and other computers should erase data on donated devices – even if the user says they’ve already deleted the data. By performing a factory reset like this, it will revert the laptop to as if it was being used for the first time, allowing the new user to set it up as the please.
This also prevents information preciously stored on the device from being shared and will also prevent most malware that could have potentially been installed on the laptop from compromising the new user.

It’s also recommended that the charities which are providing laptops to schoolchildren are selective about what devices they pass on and don’t give out any computers which are reliant on an operating system which is no longer supported by its manufacturer.
This is because unsupported operating systems no longer receive security updates from their manufacturers, something which leaves users unprotected against new vulnerabilities, malware and other cyber attacks.
It’s recommended that devices which can’t be donated due to being out of support are recycled instead.
MORE ON CYBERSECURITY More

Credit: Microsoft
Microsoft is continuing to roll out more vertical cloud packages tailored for specific vertical industries. On February 24, the company announced three more of these “industry clouds” for financial services, manufacturing and nonprofit. These supplement the already-announced Microsoft cloud packages for healthcare and retail.These industry clouds package together common data models, cross-cloud connectors, workflows, application programming interfaces and industry-specific components and standards. They are designed for use with Azure, Microsoft 365, Dynamics 365, Power Platform tools and other Microsoft services and are meant to connect front-end productivity tasks to backend data management, officials said.
Also: Top cloud providers in 2021: AWS, Microsoft Azure, and Google Cloud, hybrid, SaaS players”Other industry clouds are just about one business process or one use case,” said Alysa Taylor, Corporate Vice President of Business Applications and Global Industry.Microsoft, for its part, is pulling together multiple scenarios into a single vertical cloud. In the past, systems integrators inside and outside companies would be the ones creating these kinds of templates and custom solutions. But the company still is looking to involve partners in extending and tailoring these cloud packages, Taylor said.There are productivity and security pieces that are common across Microsoft’s vertical clouds, such as Teams collaboration, Office apps and Power BI analytics. Engineering teams from Office, Dynamics, Azure and other parts of the company are meeting bi-weekly to build out these vertical clouds, Taylor said. But there are also capabilities in each that are unique to specific industries.The Microsoft Cloud for Financial Services, for example, includes features such as a prebuilt Loan Manager and Banking customer engagement. The public preview of the Financial Services cloud is slated for March 2021.The Microsoft Cloud for Manufacturing will adhere to standards from the OPC Foundation, Open Manufacturing Platform and Digital Twins Consortium. The Manufacturing Cloud will be available for public preview by the end of June 2021.And the Microsoft Cloud for Nonprofit includes donor-management, volunteer management and fundraising functionality. The public preview is slated to be out by the end of June.Microsoft also announced today that its previously announced Microsoft Cloud for Retail will be in public preview as of March 2021. And the first update to the Microsoft Cloud for Healthcare will be available in April, which will add support for eight new languages, plus features for virtual health, remote patient monitoring, care coordination and patient self-service.
Taylor said Microsoft is in the planning phase right now to determine which additional verticals it will be targeting with industry clouds in the coming months. More

A botnet used for illicit cryptocurrency mining activities is abusing Bitcoin (BTC) transactions to stay under the radar. 

According to new research published by Akamai on Tuesday, the technique is being harnessed by operators of a long-running cryptocurrency mining botnet campaign, in which BTC blockchain transactions are being exploited to hide backup command-and-control (C2) server addresses. 
Botnets rely on C2 servers to receive commands from cyberattackers. Law enforcement and security teams are constantly finding and taking down these C2 servers in order to render campaigns defunct — but if backups are in play, takedowns can be more difficult. 
Akamai says that botnet operators are able to hide backup C2 IP addresses via the blockchain, and this is described as a “simple, yet effective, way to defeat takedown attempts.”
The attack chain begins with the exploit of remote code execution (RCE) vulnerabilities impacting software including Hadoop Yarn and Elasticsearch, such as CVE-2015-1427 and CVE-2019-9082. 
In some attacks, rather than outright system hijacking, RCEs are also being modified to create Redis server scanners that find additional Redis targets for cryptocurrency mining purposes. 
A shell script is deployed to trigger an RCE on a vulnerable system and Skidmap mining malware is deployed. The initial script may also kill off existing miners, modify SSH keys, or disable security features. 

Cron jobs — time-based job schedulers — and rootkits are used to maintain persistence and further distribute the malware. However, in order to maintain and re-infect target systems, domains and static IP addresses are used — and these addresses are eventually identified and killed by security teams. 
“Predictably these domains and IP addresses get identified, burned, and/or seized,” the researchers say. “The operators of this campaign expected this and included backup infrastructure where infections could fail over and download an updated infection that would, in turn, update the infected machine to use new domains and infrastructure.”
In December, Akamai noted a BTC wallet address was being included in new variants of the cryptomining malware. Additionally, a URL for a wallet-checking API and bash one-liners were found, and it appears that the wallet data being fetched by the API was being used to calculate an IP address. 
This IP address is then used to maintain persistence. The researchers say that by fetching addresses via the wallet API, the malware’s operators are able to obfuscate and stash configuration data on the blockchain. 
“By pushing a small amount of BTC into the wallet, they can recover infected systems that have been orphaned,” Akamai says. “They essentially have devised a method of distributing configuration information in a medium that is effectively unseizable and uncensorable.”
To convert wallet data into an IP address, the operators use four bash one-liner scripts to send an HTTP request to the blockchain explorer API for the given wallet, and then the Satoshi values — the smallest, pre-defined value of BTC units — of the most recent two transactions are then converted into the backup C2 IP. 
“The infection is using the wallet address as a DNS like record, and the transaction values as a type of A record,” Akamai explains. “In Fig. 2 [below], the variable aa contains the Bitcoin wallet address, variable bb contains the API endpoint that returns the latest two transactions used to generate the IP address, and variable cc contains the final C2 IP address after the conversion process is completed. To achieve this conversion, four nested Bash one-liners (one each, per-octet) are concatenated together. While the mess of cURLs, seds, awks, and pipes is hard to make sense of at first glance, it’s a fairly simple technique.”

Bash script example of Satoshis to C2 IP conversion
Akamai
Akamai estimates that to date, over $30,000 in Monero (XMR) has been mined by the operators.
“The technique isn’t perfect,” the researchers noted. “There are improvements that can be made, which we’ve excluded from this write-up to avoid providing pointers and feedback to the botnet developers. Adoption of this technique could be very problematic, and it will likely gain popularity in the near future.”
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More