Information Technology

The New South Wales Police Force has teamed up with Australia’s major telcos — Telstra, Optus, and TPG — to launch a national SMS geo-targeting alert system to enhance the search for “high-risk” missing persons across the state.
Using the new system, mobile devices in defined areas where police hold grave concerns for the missing person will be sent alerts, a brief description, and information on how to report any sighting of the individual.
NSW Police Force stated the system would be used in cases when a “high-risk” person is missing, which include cases involving people with dementia, children with disabilities, and young people who go missing in large crowds.
“Police always act as quickly as possible to find anyone who is reported missing and this tool will mean the public will be able to assist almost immediately,” Minister for Police David Elliot said.
“The community should never underestimate the crucial role they can play in potentially saving someone from harm and if you receive this message we ask that you keep your eyes out and help police to reunite someone with their loved ones.”
Telstra, Optus, and TPG will roll out the tool by using the existing emergency framework.
“We’re thrilled to be assisting the NSW Police Force Missing Persons Registry with the ability to notify the community in critical missing persons cases and hope it will help our first responders make some happy reunions,” Telstra Enterprise chief customer officer John Ieraci said.

The system was first introduced by states and territories after the 2009 Victorian Black Saturday bushfires where alerts within specific areas were sent in the event of likely emergency situations, such as flood, bushfire, or other extreme weather conditions.
Extending the use of the system to missing persons was established following a review of the state’s police operations that led to the establishment of the Missing Persons Registry and the implementation of new systems and procedures that came into effect in July 2019.
The introduction of such a tool comes at a time when several concerns are being raised about the legislative framework that governs Australia’s intelligence community and the power that they could potentially hold over entities such as those in telecommunications. Some that are currently under the microscope include the pending Critical Infrastructure Bill, Online Safety Bill, and the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020.
Related Coverage More

The federal government has provided advice on how to counter ransomware in Australia, encouraging the use of multifactor authentication and urging businesses to keep software up to date, archive data and back-up, build in security features to systems, and train employees on good cyber hygiene.
The advice was provided in Locked Out: Tackling Australia’s ransomware threat, which is a 14-page document [PDF] prepared by the Cyber Security Industry Advisory Committee. It’s touted by the Department of Home Affairs as “[building] awareness for all Australians and their businesses on the current ransomware threat landscape”.
“Ransomware attacks today present a major threat to Australian organisations,” the paper declared. “In 2020, cyber criminals conducted successful attacks on major Australian organisations at a volume never before experienced.”
The paper presents case studies on attacks, such as the one experienced by Toll last year, in addition to advice on how to protect against ransomware attacks.
“Early detection of a ransomware attack is paramount to minimising impact,” it says.
It also says many of the most impactful ransomware attacks could have been avoided with foundational cybersecurity controls and good cybersecurity hygiene.
“For small businesses, which make up 93% of employing businesses in Australia and provide employment for nearly 45% of Australia’s workforce, the challenge is different,” it continued.

“They don’t have chief security officers, an IT team. or possibly even an IT qualified team member, which is understandable when over half employ less than four people.
“All businesses have valuable data and systems they need to protect. It is vital that they establish strong foundational controls and practice good cybersecurity hygiene practices.”
The paper then pointed readers to the Australian Cyber Security Centre’s (ACSC) not-so essential Essential Eight controls for mitigating cyber attacks.
Dipping its toes into cyber insurance, the paper stated that the critical takeaway is organisations should see cyber insurance as one component of a holistic cybersecurity program, not as a replacement for one.
Two Labor shadow ministry members last month called for a national ransomware strategy focused on reducing the number of such attacks on Australian targets. Shadow Minister for Home Affairs Kristina Keneally and Shadow Assistant Minister for Communications Tim Watts declared that due to ransomware being the biggest threat facing Australia, it was time for a strategy to thwart it.
On Thursday, Watts called the government’s ransomware paper a missed opportunity.
“While Labor welcomes the government’s acknowledgement of the ransomware problem, this report falls short of acknowledging the scale of the AU$1 billion problem,” he said.
“Instead of using the opportunity to launch a debate about the role government can play in shaping the calculus of ransomware gangs sizing up Australian organisations, the Morrison government continues its approach of playing the blame game.”
To Watts, it’s not good enough to tell businesses to defend themselves by “locking their doors to cyber-criminal gangs”.
“As the Australian Cyber Security Centre has warned, ransomware gangs are employing increasingly sophisticated organisational models and pressure tactics to reap record illicit profits,” he said.
Such response, Watts said, was particularly disappointing in the face of the state-backed Hafnium campaign against Microsoft Exchange servers.
“Thousands of Australian servers are potentially vulnerable to a further wave of ransomware attacks exploiting this vulnerability and potentially financially devastating Australian businesses,” Watts continued. “The Morrison Government must do more to actively tackle the ransomware threat and develop a National Ransomware Strategy.”
Following the Microsoft Exchange Server hack, Assistant Minister for Defence Andrew Hastie on Wednesday asked Australian organisations to take immediate steps to urgently patch vulnerable systems.
“The ACSC has identified a large number of Australian organisations yet to patch affected versions of Microsoft Exchange, leaving them exposed to cyber compromise,” Hastie said.
“Australian organisations cannot be complacent when it comes to cybersecurity, which is why all users of Microsoft Exchange are being urged to patch their vulnerable systems.”
Watts called the government’s response delayed.
“Issuing a media release seven days after the vulnerability is disclosed is the cyber equivalent of telling people to shut the gate after the horse has bolted,” he added.
HERE’S MORE More

Cyberattacks targeting healthcare are putting patients at unnecessary risk and more must be done to hold the cyber criminals involved to account, warns the CyberPeace Institute, an international body dedicated to protecting the vulnerable in cyberspace.
The healthcare industry has been under increased strain over the past year due to the impact of the COVID-19 pandemic, which has prompted some cyber criminals to conduct ransomware campaigns and other cyberattacks.

More on privacy

Faced with a ransomware attack, a hospital might pay the cyber criminals the ransom they demand in return for the decryption key because it’s perceived to be the quickest and easiest way to restore the network – and, therefore, the most direct route to restoring patient care.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)
That doesn’t stop the incident being traumatic for staff, who might suddenly find themselves unable to be involved in procedures, while patients may get sent to other hospitals for treatment – something that could prove risky if time is a factor. But even months on from a cyberattack, patient care can remain affected.
“There’s a real-time impact and a long-lasting impact,” Stéphane Duguin, CEO of the CyberPeace Institute, told ZDNet.
“When hospitals and healthcare are hit by ransomware, what is the quality of care you could hope for in these entities like six months afterwards, or one year afterwards? It’s quite concerning because you have more chance to get care of less good quality, if you go into this hospital with a condition, the care might take longer than it did before an attack,” Duguin said.

Because of this, the CyberPeace Institute paper, entitled ‘Playing with Lives’, argues that cyberattacks on healthcare are attacks on society as a whole, potentially creating threats to human life – particularly when campaigns are targeting hospitals and healthcare organisations during a pandemic.
One of the key reasons why cyber criminals target healthcare is because it’s often based around what the report describes as “fragile digital infrastructure”. Healthcare networks are complex because of the variety of specialist devices connected to them. They’re also vulnerable because of the amount of legacy infrastructure on the network, which might not even be supported with security updates.
It was the continued use of legacy infrastructure across the network that left the UK’s National Health Service (NHS) so vulnerable to the WannaCry ransomware attack. Although a patch was available before the incident, the nature of healthcare meant it was difficult to shut down sections of the network in order to apply the update.
The use of legacy infrastructure is tied to what the report describes as a “resource gap” in healthcare, which means that cybersecurity in the sector is under-financed, making it hard to distribute the necessary resources to fully protect hardware and software across the network.
SEE: Cybercrime groups are selling their hacking skills. Some countries are buying
Ultimately, cyber criminals are carrying out campaigns like ransomware attacks because they’re seeking easy money; extorting funds from hospitals whose networks have been compromised provides a means of gaining exactly that.
Unfortunately, ransomware gangs rarely face consequences for their actions, and Dunguin argues that governments and law enforcement should put more resources into bringing cyber-criminal gangs to justice.
“Government should also play a part in reducing the number of attacks by going after criminal groups and making sure that it’s not a risk-free crime for cyber criminals,” he said.
MORE ON CYBERSECURITY More

A new analysis on the state of cybersecurity in K-12 schools across the US has revealed a record-breaking number of security incidents in 2020. 

On Wednesday, during the K-12 Cybersecurity Leadership Symposium, the research, titled “The State of K-12 Cybersecurity: 2020 Year in Review,” was released. 
The 25-page report is the result of work between the K12 Security Information Exchange, led by Doug Levin as National Director, and the K-12 Cybersecurity Resource Center. 
The independent research focuses on the infrastructure supporting primary and secondary-level education in the United States. 
Last year, students and teachers worldwide were forced to abandon the classroom and shift to remote learning platforms without warning. This disruption continues, and while the report acknowledges the “heroic” efforts of IT staff, the analysis also says that “school district responses to the COVID-19 pandemic also revealed significant gaps and critical failures in the resiliency and security of the K-12 educational technology ecosystem.”
“Indeed, the 2020 calendar year saw a record-breaking number of publicly-disclosed school cyber incidents,” the report says. “Moreover, many of these incidents were significant: resulting in school closures, millions of dollars of stolen taxpayer dollars, and student data breaches directly linked to identity theft and credit fraud.”
The K-12 Cyber Incident Map, as shown below, cataloged 408 school incidents across the year that have been publicly disclosed. These include student and staff data breaches, ransomware outbreaks, phishing and social engineering, denial-of-service (DoS) attacks, and more. 

K-12 incident rates have increased by 18% year-over-year. The most common cybersecurity incident was a form of data breach, followed by DoS and ransomware. In many data breach cases, sensitive information belonging to staff and students were compromised. 
“Other” incidents include website defacement, unauthorized email account access, and remote class invasions — also known as Zoombombing. 

Incidents increased the most during summer and fall, most likely due to the increased reliance by schools on technology to keep lessons on track. The research also notes that as school staff became remote employees, device and account privileges may have increased, creating a larger attack surface for threat actors. 
“School districts should revisit their contingency plans for continuity of operations during emergencies, with a focus on IT systems used in teaching and learning and district operations,” the report notes. “While no one can predict whether another global pandemic will close schools to in-person learning, important lessons can and should be drawn from this experience to ensure that if such an event (or something like it) occurs again in the future, districts are better prepared.”
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Cybersecurity experts have always recommended the use of VPNs whenever you go online. And while no one can contest their efficacy when it comes to protecting your data and rendering you anonymous on the internet, there’s no denying that VPNs cost a pretty penny. An annual subscription to a well-known VPN service can already set you back a hundred dollars.

If you want to take cybersecurity into your own hands, you always have the option to go beyond a VPN subscription. The Deeper Connect Nano is a decentralized VPN and firewall device that eliminates the need to pay monthly fees for VPN services. An ultra-portable tool, you can bring it anywhere you go and still remain protected when you go online.
Unlike a VPN that reroutes your connection to various servers, this device serves as client and server, and your IP address automatically changes based on routing rules. There’s no middle man that manages your network for you. It’s serverless and distributed, so none of your data be logged, leaked, hacked, or even subpoenaed. It also blocks ads, trackers, and malware across the entire network, as well as lets you browse and stream online without bottlenecks.
Here’s a closer look at how it works:
[embedded content]
Since it’s primarily designed to protect your data, it’s worth noting that it has a 7-layer firewall that secures your entire home or business network. It even filters NSFW and NSFC on all internet devices, making it ideal for use in the workplace and at home. Set up is pretty straightforward, too. With a plug-and-play design, you can get immediate access to free, secure, and private internet wherever you go.
The Deeper Connect Nano was so impressive that it managed to garner $1 million in contributions on IndieGogo. Now, you can also be a proud owner of this cybersecurity marvel for 33% off. For a limited time, you can get it on sale for $199.99.
Prices subject to change.

ZDNet Recommends More

Microsoft has expanded advanced features in the AccountGuard service ahead of upcoming elections. 

AccountGuard is a selective program for individuals and organizations that may face a higher risk of attack or account compromise due to their involvement in politics. 
The service includes cybersecurity guidance, access to webinars and workshops, notifications when a threat or “compromise by a known nation-state actor” against an Office 365 account linked to a member occurs, alerts relating to Hotmail and Outlook accounts, and damage control recommendations if a cyberattack is successful.  
Participants also have a point of contact in the Microsoft Defending Democracy Program team. 
This week, Microsoft expanded the offering to all AccountGuard members in 31 democracies to include identity and access management protections at no further cost. 
“The addition of new features to AccountGuard provides new ways to protect online accounts for political parties, candidates and their staff, health care workers, human rights defenders, journalists and certain other customers who are at greatest risk from nation-state hackers,” Microsoft says. 
The company’s expansion includes multi-factor authentication, single sign-on services for cloud apps, conditional access policy implementation, and privileged identity management (PIM) — the creation of time and approval-based access policies for sensitive and important resources. 

Microsoft’s access options were made available to political parties ahead of the US 2020 elections, and with similar events coming up in countries including the Netherlands, Finland, and Germany, the firm’s rollout is intended to stop “hack and leak” attempts before they have a chance to begin. 
In addition, the Redmond giant has announced the expansion of an existing partnership with Yubico. Yubico manufactures YubiKey, a physical dongle for multi-factor authentication designed to reduce the risk of phishing attempts and account takeovers. 
As of now, up to 25,000 YubiKeys will be offered to AccountGuard members. Depending on the size of the organization applying, a number of free keys may be on offer. 
In April last year, Microsoft made the service available for healthcare entities and human rights groups, saying that these organizations would maintain access during the COVID-19 pandemic.
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

OVHcloud has suffered a disastrous fire that has engulfed some of the firm’s data centers. 

On March 10, OVHcloud founder and chairman Octave Klaba started a Twitter thread updating customers on the situation, which has claimed at least one data center. 
OVHcloud is a global cloud, dedicated server, and managed bare metal services provider catering to over 1.5 million customers. 
The company manages 27 data centers in countries including the US, UK, France, and Australia. 
As data centers manage vast quantities of data for customers, providers have to be stringent when it comes to security. OVHcloud restricts physical access to employees only and security personnel are always on-site — but this has not stopped a fire from breaking out. 
“We have a major incident on SBG2,” Klaba said. “The fire declared in the building. Firefighters were immediately on the scene but could not control the fire in SBG2. The whole site has been isolated which impacts all services in SGB1-4.”
The impacted data centers, located in Strasbourg, France, includes SBG2, which has been completely destroyed. Part of SBG1 has been destroyed, too, but firefighters were able to protect SBG3. SBG4 has not been impacted by the fire. Klaba says that “everyone is safe.”

Images shared on social media appear to show the extent of the fire.
“Firefighters continue to cool the buildings with the water,” the executive said. “We don’t have the access to the site. That is why SBG1, SBG3, SBG4 won’t be restarted today.”
The fire has now been quelled but an assessment of the overall damage caused to OVHcloud’s data centers may take some time. Impacted clients have been urged to turn to backups to minimize downtime and disruption.
“We recommend [you] activate your Disaster Recovery Plan,” Klaba added. 
At the time of writing, Klaba is on-site. In an update, the executive said:

“We finished to shutdown the UPS in SBG3. Now they are off. We are looking to enter into SBG3 and check the servers. The goal is to create a plan to restart , at least SBG3/SBG4, maybe SBG1. To do so, we need to check the network rooms too.”

Update 10.19 am GMT: According to Klaba, “all servers in SBG3” are okay, while still non-operational, and the company is working on a way to restart them. Work on verifying SBG1 is now underway. 
ZDNet has reached out to OVHcloud and will update when we hear back. 
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Following reports that live feeds from over 150,000 of its security cameras were exposed, including those situated in prisons, hospitals, schools, police stations, and Tesla factories, Verkada has disabled accounts to prevent further access.
According to Bloomberg, a group of hackers accessed the data collected by the Silicon Valley startup. The hackers are reported as saying they also have access to the full video archive of all Verkada customers.
Bloomberg claims to have sighted footage validating the details of the breach.
Verkada has described itself as bringing “the ease of use that consumer security solutions provide, to the levels of scale and protection that businesses and organisations require”.
Commentary provided to Bloomberg from the hackers claiming responsibility for the incident said the breach intended to show the pervasiveness of video surveillance and the ease with which systems could be broken into.
“We have disabled all internal administrator accounts to prevent any unauthorised access,” a Verkada spokesperson told ZDNet.
 “Our internal security team and external security firm are investigating the scale and scope of this issue, and we have notified law enforcement.”

The startup claims over 5,200 customers, including Cloudflare, Equinox, the Salvation Army, and Tesla. It is understood customers of the startup have been made aware of the issue.
LATEST SECURITY NEWS More