Information Technology

The Office of the Australian Information Commissioner (OAIC) has asked that the powers given to the minister responsible under the pending Critical Infrastructure Bill, which would allow them to step in when a cybersecurity incident has occurred, be further defined to take into account the impact on individuals’ privacy.
The Security Legislation Amendment (Critical Infrastructure) Bill 2020 introduces a government assistance regime that provides powers to protect assets during or following a significant cyber attack. This includes the power to authorise information gathering directions, action directions, and intervention requests.
The Bill proposes that where an appropriate ministerial authorisation is in force, the Department of Home Affairs secretary can compel relevant entities to produce any information that may assist with determining whether power should be exercised in relation to the incident and asset in question.
“The secretary may also direct an entity ‘to do, or refrain from doing, a specified act or thing’,” the OAIC highlighted in its submission [PDF] to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) and its review into the Bill.
“This broad power should be balanced with appropriate safeguards, oversight, and accountability to ensure it is proportionate.”
The OAIC recommended that, in deciding whether or not to give the necessary authorisation, the minister responsible should be required to consider the privacy impacts of the exercise of these powers insofar as they apply to “business critical data” or other data that may include personal information.
“In our view, this would help to build both industry and community trust and confidence in the proposed framework,” the OAIC wrote.

“This requirement to consider privacy could be included in the matters that the Minister must have regard to when determining whether a direction or request is a proportionate response to a cybersecurity incident, as under ss 35AB (8) and (11).”
The OAIC said there is precedent for this approach in the Telecommunications (Interception and Access) Act 1979.
It also recommended the committee consider an amendment to ensure disclosure of protected information is permitted for the purposes of giving effect to the exercise of the information commissioner’s privacy functions.
“The OAIC wishes to ensure that the restrictions on an entity making a record of, using or disclosing protected information under [parts of the] Act do not limit the ability of the OAIC to exercise its privacy functions, or prevent entities from disclosing information required for compliance with and the administration of the Privacy Act,” it said.
The OAIC has also asked for an amendment to the Australian Information Commissioner Act 2010 to permit information sharing between regulatory agencies. The last recommendation is that the explanatory memorandum makes reference to the commissioner’s guidance function to indicate that it is intended that the OAIC is consulted in relation to any guidance on the personal information-handling obligations that would apply to the scheme.
HERE’S MORE More

Image: Proofpoint
Chinese state-sponsored hackers have gone after Tibetan organizations across the world using a malicious Firefox add-on that was configured to steal Gmail and Firefox browser data and then download malware on infected systems.

Special feature

Cyberwar and the Future of Cybersecurity
Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.
Read More

The attacks, discovered by cybersecurity firm Proofpoint this month, have been linked to a group the company tracks under the codename of TA413.
Only Firefox users were targeted
Proofpoint said the attackers targeted Tibetan organizations with spear-phishing emails that lured members on websites where they’d be prompted to install a Flash update to view the site’s content.
These websites contained code that separated users. Only Firefox users with an active Gmail session were prompted to install the malicious add-on.
The Proofpoint team said that while the extension was named “Flash update components,” it was actually a version of the legitimate “Gmail notifier (restartless)” add-on, with additional malicious code. Per the research team, this code could abuse the following functions on infected browsers:
Gmail:
Search emails  
Archive emails  
Receive Gmail notifications  
Read emails  
Alter Firefox browser audio and visual alert features
Label emails  
Marks emails as spam  
Delete messages  
Refresh inbox  
Forward emails  
Perform function searches  
Delete messages from Gmail trash  
Send mail from the compromised account  
Firefox (based on granted browser permissions):
Access user data for all websites
Display notifications
Read and modify privacy settings
Access browser tabs
Firefox add-on also installed malware

But the attack didn’t stop here. Proofpoint said the extension also downloaded and installed the ScanBox malware on infected systems.
A PHP and JavaScript-based reconnaissance framework, this malware is an old tool seen in previous attacks carried out by Chinese cyber-espionage groups.
“Scanbox has been used in numerous campaigns since 2014 to target the Tibetan Diaspora along with other ethnic minorities often targeted by groups aligned with the Chinese state interests,” Proofpoint said in a report today.
The last recorded case of a ScanBox attack dates back to 2019 when Recorded Future reported attacks against visitors of Pakistani and Tibetan websites.
As for its capabilities, Proofpoint says ScanBox is “capable of tracking visitors to specific websites, performing keylogging, and collecting user data that can be leveraged in future intrusion attempts,” making this a dangerous threat to have installed on your systems.
Flash EOL might have helped attackers
In this particular campaign, which Proofpoint codenamed FriarFox, attacks began in January 2021 and continued throughout February.
Although hackers have been using fake Flash update themes for years and most users know to stay away from websites offering Flash updates out of the blue, these attacks are believed to have worked much better than previous ones.
The reason is that Adobe retired Flash Player at the end of 2020, and all Flash content stopped playing inside browsers on January 12, 2021, when Proofpoint also saw the first TA413 FriarFox campaigns targeting Tibetan organizations. More

The UK’s GCHQ has revealed how AI is set be used to boost national security.
Getty Images/iStockphoto
The UK’s top intelligence and security body, GCHQ, is betting big on artificial intelligence: the organization has revealed how it wants to use AI to boost national security.
In a new paper titled “Pioneering a New National Security,” GCHQ’s analysts went to lengths to explain why AI holds the key to better protection of the nation. The volumes of data that the organization deals with, argued GCHQ, places security agencies and law enforcement bodies under huge pressure; AI could ease that burden, improving not only the speed, but also the quality of experts’ decision-making. 
“AI, like so many technologies, offers great promise for society, prosperity and security. It’s impact on GCHQ is equally profound,” said Jeremy Fleming, the director of GCHQ. “AI is already invaluable in many of our missions as we protect the country, its people and way of life. It allows our brilliant analysts to manage vast volumes of complex data and improves decision-making in the face of increasingly complex threats – from protecting children to improving cyber security.” 

Artificial Intelligence

GCHQ is already heavily involved in AI-related projects. Although the organization will not disclose the exact details of its use of the technology, Fleming pointed to various partnerships with AI-related start-ups located around the country, as well as a strategic collaboration with the Alan Turing Institute, which was founded to advance research in AI and data science.  
It is no news, therefore, that the intelligence body has a strong interest in using AI; but the newly published paper suggests that GCHQ is prepared to further ramp up its algorithmic arsenal in the years to come. The threats to the nation are increasing, argued Fleming, and they are coming from hostile states that are themselves armed with AI tools – and the UK should be prepared to face modern-day risk. 
“The nation’s security, prosperity and way of life faces new threats from hostile states, terrorists and serious criminals, often enabled by the global internet. An ever-growing number of those threats are to the UK’s digital homeland – the vital infrastructure and online services that underpin every part of modern life,” said Fleming. 
Almost half of UK businesses have reported a cyberattack in the past 12 months, with a fifth of those leading to a significant loss of money or data, says GCHQ’s paper. AI could help the agency better identify malicious software, and continually update its dictionary of known patterns to anticipate future attacks. The technology could also be used to fight online disinformation and deepfakes, by automatically fact-checking content, but also weeding out botnets and troll farms on social media. 

AI will also help identify grooming behavior in the text of messages in chat rooms to prevent child sexual abuse; it will run across content and metadata to find illegal images that are being exchanged, preventing at the same time human experts from watching traumatically disturbing material. Using similar methods, the technology will assist the fight against drugs, weapons or human trafficking – analyzing large-scale chains of financial transactions to help dismantle some of the 4,772 groups in the UK that are estimated to be involved in serious organized crime.  
But as with any other application of AI, using algorithms for national security purposes doesn’t come without raising ethical questions – in fact, when the stakes are so high, so are concerns with transparency, fairness or trust. At the same time, the nature of intelligence and security services means that it is difficult to reveal all the details of GCHQ’s operations. In other words, compromise will be necessary. 
“In the case of national security, intelligence agencies traditionally operate behind a veil of secrecy and are not inclined to share information about their activities. It’s basically true by definition that their activities need not be explicable,” Robert Farrow, senior research fellow at the Open University, tells ZDNet. 
“However, we know that machine learning can result in biased decision making if it is trained on biased data. If a biased algorithm is used for, say, profiling of potential terrorists by mining data from social networks, decisions might be made about people’s lives with no way for the public to check or evaluate whether the actions taken were ethical.” 
When it comes to transparency, GCHQ’s track-record is questionable at best. The organization has come under public scrutiny numerous times since Edward Snowden, a former contractor at the US National Security Agency, shed light on the agency’s mass surveillance practices. GCHQ’s secretive bulk data collection program was ruled unlawful by independent judicial body the Investigatory Powers Tribunal (IPT).  
Since then, surveillance laws have changed, but the UK’s Investigatory Powers Act (IPA), also known as Snoopers’ Charter, still makes it legal for government agencies like GCHQ to collect and retain some citizen data in bulk.  
GCHQ’s latest paper, perhaps in an attempt to reassure the public on the use of their data, has a strong ethical focus. The agency committed to a fair and transparent use of AI, recognizing that the nature of GCHQ’s operations might impact privacy rights “to some degree”, and pledging adherence to an AI ethical code of practice, which is yet to be established. 
“We need honest, mature conversations about the impact that new technologies could have on society. This needs to happen while systems are being developed, not afterwards. And in doing so we must ensure that we protect our [citizens’] right to privacy and maximize the tremendous upsides inherent in the digital revolution,” said Fleming. 
Many experts welcomed the agency’s renewed focus on ethical considerations, which will ultimately boost public trust and contribute the uptake of a technology that could effectively be a game-changer in protecting the UK’s national security interests. Andrew Dwyer, researcher in computational security at Durham University, explains that AI could even help ease concerns about mass surveillance, by helping GCHQ identify and target the right individuals in the fight against terrorism or trafficking. 
“Of course it is a good thing that GCHQ uses these systems,” Dwyer tells ZDNet. “In this example, it could actually focus surveillance away from mass surveillance as such. This paper is a first step into thinking about the role of AI being applied in national security.” 
But while many will agree that GCHQ’s use of AI is justified and necessary, the deployment of the technology is likely to trigger much debate. Farrow, for instance, believes that an ethical framework is not sufficient: even intelligence agencies should required to provide an account of how algorithms influence decision-making. “What is really needed is for the law to catch up with technological developments and effectively regulate the use of AI,” he argues. 
One thing is certain: privacy groups and digital rights activists will have all eyes on GCHQ’s upcoming ethical code of practice. More

SolarWinds said it spent more than $3 million on cybersecurity costs in the fourth quarter due to its recent breach and sees security-related expenses of $20 million to $25 million in 2021. 

ZDNet Recommends

The $20 million to $25 million security-related expenses include initiatives to bolster product defense, remediation, and consulting fees and insurance costs. 
The company reported its fourth quarter results and had to address its cybersecurity troubles during the three months ended Dec. 31. SolarWinds said that it would face future cybersecurity costs. The company makes IT, network, systems, and database management software.
SolarWinds’ earnings report has cybersecurity costs broken out a few ways. Under generally accepted accounting, “cyber incident costs” were $3.48 million. Those expenses are also listed at $3.16 million depending on the non-GAAP to GAAP reconciliation. 
Recent headlines include:
SolarWinds CEO Sudhakar Ramakrishna said:

The sophisticated cyberattack on us and our customers at the end of the fourth quarter has taught us a great deal about the resiliency of our business, the commitment of our employees, and the support we can expect from our customers and partners.

He added that the investigation into the cybersecurity issues continues and the company will emerge stronger. “We have a strong foundation from which to grow, and to establish a model for the future of the software industry by delivering powerful, affordable, and secure solutions,” he said.

On a conference call with analysts, Ramakrishna said:

The vast majority of the customers that I have spoken to understand that the cyber incident that affected us and others could have happened to any vendor, and especially a broadly deployed vendor like SolarWinds. Equally, they’re eager to see us address the issue and share our learnings which we are doing. The other opportunity that keeps coming up in these discussions is our ability to provide guidance and input to protect the entire environment of our customers as opposed to just focusing on our products, making us a more strategic partner. The majority of our customers that downloaded a version of the affected code have upgraded to our latest version and continue to renew their contracts with us. While the first priority continues to be ensure the safety and security of our customers our conversations with customers and partners have also given us the opportunity to discuss the strength of our entire portfolio and of our future plans.

Ramakrishna added that through Feb. 17, nine federal agencies and about 100 private sector companies were compromised. “While our attitude will always be that one impacted customer is one too many, we currently believe the total number of customers will be significantly lower than what was originally feared,” he said. “We are applying our learnings from this event and sharing our work more broadly. Internally, we are referring to our work as secure by design. And it’s premised on zero trust principles and developing a best-in-class secure software development model to ensure our customers can have the utmost confidence in our solutions.”
As for the fourth quarter results and outlook, it’s clear SolarWinds will take a hit from cybersecurity expenses. SolarWinds reported fourth quarter net income of $132.7 million on revenue of $265.3 million, up 7.2% from a year ago.
For the first quarter, SolarWinds said sales will be between $247 million and $252 million with non-GAAP earnings between 19 cents a share and 20 cents a share. Wall Street was expecting non-GAAP earnings of 21 cents a share on revenue of $252.7 million.
“We expect to incur significant legal and other professional services expenses associated with the Cyber Incident in future periods,” the company said. 
Overall, SolarWinds executives said that there will be headwinds due to COVID-19 and the cybersecurity incident, but they are confident in the products and demand in the future. 
“We’ve added a level of security and review through tools, processes, automation and where necessary, manual checks around our product development processes that we believe goes well beyond industry norms to ensure the integrity and security of all of our products. We firmly believe that the Orion software platform and related products as well as all of our other products can be used by our customers without risk of the Sunburst malicious code,” Ramakrishna.   More

Cybersecurity reports often talk about threat actors and their malware/hacking operations as self-standing events, but, in reality, the cybercrime ecosystem is much smaller and far more interconnected than the layperson might realize.
Cybercrime groups often have complex supply chains, like real software companies, and they regularly develop relationships within the rest of the e-crime ecosystem to acquire access to essential technology that enables their operations or maximizes their profits.

ZDNet Recommends

According to cybersecurity firm CrowdStrike, these third-party technologies can be classified into three categories: services, distribution, and monetization.
Breaking down each, the services category usually includes:
Access brokers – threat actors who breach corporate networks and sell access into a company’s internal network to other gangs.
DDoS attack tools – also known as DDoS booters or DDoS-for-hire, these groups provide access to web-based panels from where anyone can launch a DDoS attack against a target.
Anonymity and encryption – threat actors who sell access to private proxy and VPN networks, so hackers can disguise their location and origin of their attacks.
Phishing kits – threat actors who create and maintain phishing kits, web-based tools used to automate phishing attacks, and the collection of phished credentials.
Hardware for sale – threat actors who sell custom-made hardware, such as ATM skimmers, network sniffing devices, and more.
Ransomware – also known as Ransomware-as-a-Service, or RaaS, these groups sell access to ransomware strains or a web-based panel where other gangs can build their own custom ransomware.
Crime-as-a-Service – similar to RaaS, but these groups provide access to banking trojans or other forms of malware.
Loaders – also known as “bot installs,” these are threat actors who already infected computers, smartphones, and servers with their own malware and offer to “load/install” another group’s malware on the same system, so the other group can monetize it through ransomware, banking trojans, info-stealers, etc.
Counter antivirus service/checkers – these are private web portals where malware devs can upload their samples and have them tested against the engines of modern antivirus systems without the fear of the malware’s detection being shared with the AV maker.
Malware packing services – these are web-based or desktop-based tools that malware developers use to scramble their malware strain’s code and make it harder to detect by antivirus software.
Credit/debit card testing services – these are tools that hackers use to test if the payment card numbers they acquired are in a valid format and if the card is (still) valid.
Webinject kits – these are specialized tools, usually used together with banking trojans, to allow a banking trojan gang to insert malicious code inside a victim’s browser while they visit an e-banking (or any other) site.
Hosting & infrastructure – also known as bulletproof hosting providers, their name is self-evident as they provide private web hosting infrastructure specifically tailored for criminal gangs.
Recruiting for criminal purposes – these are specialized groups that recruit, bribe, or trick normal citizens into participating in a cybercrime operation (e.g., someone who travels to the US in an attempt to bribe a Tesla employee to run a malicious tool inside the company’s internal network).
On the other hand, distribution services include the likes of:
Groups that run spam campaigns on social networks or instant messaging apps.
Groups specialized in email spam distribution.
Groups who develop and sell exploit kits.
Groups who purchase traffic from hacked sites and distribute it to malicious web pages that usually host exploit kits, tech support scams, financial scams, phishing kits, and others.
As for monetization services, Crowdstrike says this category usually includes:
Money mule services – groups who offer to physically show up and pick up money from hacked ATMs, receive money in their bank accounts, and then redirected to the hackers, their preferred money laundering or reshipping fraud service.
Money laundering – groups who often operate networks of shell companies through which they move funds from hacked bank accounts, ATM cash-outs, or cryptocurrency heists. Some money laundering services also operate on the dark web as Bitcoin mixing services.
Reshipping fraud networks – groups that take stolen funds, purchase real products, ship the products to another country. The products, usually luxury goods like cars, electronics, or jewelry, are then resold and converted into clean fiat currency that’s transferred to the hackers who contracted their services.
Dump shops – groups that sell data from hacked companies via specialized websites and social media channels.
Ransom payments & extortion – groups specialized in extorting victims, and which can be contracted by other gangs in possession of stolen data.
Collection and sale of payment card information – also known as carding shops, these are typically forums where cybercrime groups go to sell stolen payment card data.
Cryptocurrency services – a form of money laundering, these services offer to “mix” stolen funds and help hackers lose the trail of stolen funds.
Wire fraud – as the name says, groups that are specialized in performing wire fraud, such as BEC scams.
Image: CrowdStrike
Tracking all the connections between groups and their suppliers and who works with who is almost impossible today due to the broad use of encrypted communication channels between parties.

However, in the realm of malware attacks, some signs of cooperation can be observed by the way the malware moves from attackers to infected hosts.
Although these connections can never be fully verified, it’s also pretty obvious that when the Emotet malware is downloading the TrickBot malware that the two gangs are cooperating as part of a “loader” mechanism provided by the Emotet crew for the TrickBot gang.
In its 2021 Global Threat Report, released on Monday, security firm CrowdStrike has, for the first time, summarized some of the connections that currently exist on the cybercrime underground between various e-crime operators.
The company uses its own nomenclature for e-crime groups, so some group names might sound different from what we’ve seen before. However, CrowdStrike also provides an interactive index so anyone can learn more about each group and link it to the names used by other companies.

Image: CrowdStrike
What the chart above shows is that enablers play just as important a role in cyber-intrusions as the groups executing the intrusion.
As Chainalysis pointed out in a separate report last month, law enforcement agencies are most likely to achieve better results in disrupting cybercrime operations when targeting these shared service suppliers, as they could end up disrupting the activities of multiple cybercrime groups at once.
Furthermore, there are also other benefits. For example, while top-tier cybercrime gangs often have top-notch operational security (OpSec) and don’t reveal any details about their operations, targeting lower-tier enablers, who don’t always protect their identities, could providing law enforcement agencies with data that could help them unmask and track down the bigger groups. More

More hacking groups than ever before are targeting industrial environments as cyber attackers attempt to infiltrate the networks of companies providing vital services, including electric power, water, oil and gas, and manufacturing.
Threats include cyber-criminal groups looking to steal information or encrypt systems with ransomware, as well as nation-state-backed hacking operations attempting to determine the potential disruption they could cause with cyberattacks against operational technology (OT).

More on privacy

According to cybersecurity researchers at Dragos, four new hacking groups targeting industrial systems have been detected over the past year – and there’s an increased amount of investment from cyber attackers targeting industry and industrial control systems.
SEE: Security Awareness and Training policy (TechRepublic Premium)
The four new groups identified over the course of the past year – named by researchers as Stibnite, Talonite, Kamacite, and Vanadinite – come in addition to 11 previously identified hacking groups targeting industrial control systems.
Some of these new groups have very specific targets – for example, Stibnite focuses on wind turbine companies that generate electric power in Azerbaijan, while Talonite almost exclusively focuses on attempting to gain access to electricity providers in the US.
The remainder of the new hacking groups are more generalised in their targeting; Kamacite – which Dragos links to the Sandworm group – has targeted industrial operations of energy companies across North America and Europe.

Meanwhile, Vanadinite conducts operations against energy, manufacturing and transport across North America, Europe, Australia and Asia, with a focus on information gathering and ICS compromise.
The discovery of four additional hacking operations targeting industrial systems does represent a cause for concern – but their discovery also indicates that there’s increasing visibility of threats to industrial systems. These threats might have been missed in previous years.
“The more visibility we build in the OT space, the greater understanding of its threat landscape and the adversaries active there we can identify,” Sergio Caltagirone, vice president of threat intelligence at Dragos, told ZDNet.
“OT network attacks requires a different approach than traditional IT security. IT incidents see high frequency, relatively low-impact incidents and effects when compared to OT attacks that are lower frequency, but have potentially very high impacts and effects”.
However, according to the research paper, visibility remains an issue for industrial networks, with 90% of organisations examined by Dragos not having a full grasp of their own OT network, something that could help cyber attackers remain undetected.
In many cases, hackers are able to combine this lack of visibility with the ability to hide in plain sight by abusing legitimate login credentials to help move around the network.
Often, campaigns targeting industrial systems involve phishing attacks or the exploitation of remote services, allowing the attackers to use real accounts to perform malicious activity while helping to avoid being detected as suspicious.
“The lack of visibility raises risks significantly because it allows adversaries freedom to conduct operations unimpeded, time to understand the victim environment to locate their objectives, achieve their desired effects and satisfy the intent for conducting a compromise,” said Caltagirone.
This activity could have physical effects away from a network environment, as recently demonstrated when a malicious hacker was able to modify the chemical properties of drinking water after compromising the network of the water treatment facility for the city of Oldsmar, Florida.
There’s also examples where cyber attackers have gained access to electrical power grids to the extent that they were able to shut down power.
SEE: Phishing: These are the most common techniques used to attack your PC
However, there are cybersecurity procedures that industrial organisations can undertake in order to boost visibility of their own networks and help protect systems from cyber intrusions.
These include identifying which assets exercise control over critical operations and prioritizing security in order to help make them more difficult for attackers to gain access to – and setting up procedures that make attacks easier to identify.
Organisations should also attempt to apply network segmentation, separating operational technology from information technology, so that in the event of attackers compromising the IT network, it’s not simple for them to move laterally to OT controls on the same network.
Login credentials should also be properly secured via the use of multi-factor authentication, while organisations should attempt to avoid the use of default login credentials to help provide additional barriers to remote attackers.

MORE ON CYBERSECURITY More

Between 666 million and 819 million workers in Asia-Pacific will use digital skills by 2025, up from just 149 million today, with the average employee requiring seven new digital skills to keep up with emerging technologies. Businesses then are likely to face severe talent shortage, particularly in data, cloud, and cybersecurity, if they do little to build out these capabilities. 
Singapore, for one, would require 1.2 million digital workers by 2025, up 55% from 2020, including non-digital workers who would need to reskill and new entrants to the workforce, according to commissioned research from Amazon Web Services (AWS), which surveyed 500 digital workers in the country. The report polled 3,196 respondents across six Asia-Pacific markets including Australia, South Korea, India, Japan, and Indonesia.
By 2025, the region’s workers would require 6.8 billion digital skills to carry out their job, up from 1 billion today. This was estimated to require 5.7 billion digital skill trainings over the next five years to ensure the average worker acquired capabilities needed to keep pace with technological advancements. The document referred such trainings as what would be needed to skill one worker from the proficiency level today to the relevant level required in 2025. 
In Singapore, this figured clocked at 23.8 million digital skill trainings needed for the local workforce through to 2025, which would enable the country to plug a 35% gap of such trainings recommended for workers who currently did not possess digital skills or were not in the workforce.

Global pandemic opening up can of security worms
Caught by the sudden onslaught of COVID-19, most businesses lacked or had inadequate security systems in place to support remote work and now have to deal with a new reality that includes a much wider attack surface and less secured user devices.
Read More

To boost their employability, the report further noted, students across Asia-Pacific today should be educated in digital skillsets projected to see the largest spikes in demand, specifically, capabilities in designing and refining new cloud architectures. Demand for such skills in the region was expected to climb 36% over the next five years — the highest growth amongst all digital skills.
Australia had the highest proportion of employees using digital skills today, at 64%, followed by Singapore at 63% and South Korea at 62%. Japan weighed in at 58%, compared to Indonesia’s 19% and India at 12%. 
Singapore, however, led the pack with the highest proportion of workers — at 22% — who were using advanced digital skillsets, such as cloud architecture design, followed by South Korea at 21% and Australia at 20%. 

Demand for skills types differed by market, with Indonesia and South Korea, for instance, likely to see the fastest growing demand for advanced digital content creation skills, such as ability to create customised digital content including web applications. Japan, in comparison, was expected to see the highest demand jump at 30% for advanced cloud skills, such as migrating organisations’ legacy on-premise environment to cloud-based architectures. 
Across the region, in 2025, the report indicated that organisations were likely to challenged by particularly severe skills scarcity in data, cloud, and cybersecurity if they did little to beef up capabilities in these segments. 
For instance, the ability to develop digital security and cyber forensics tools and techniques was projected to be in “severe shortage” by 2025. In fact, 30% of digital workers in Singapore and 48% in India pointed to such skills as necessary to carry out their jobs but that they currently lacked. 
According to AWS, decision makers interviewed for the report suggested this was the result of rising adoption of cloud and data analytics in the region. “With many compliance standards for data integrity written before cloud computing technology was established, it is critical businesses have the expertise to translate these existing standards for cloud security,” the report noted.

(Source: AWS)
RELATED COVERAGE More

Facebook announced on Wednesday it has banned almost all Myanmar military-controlled state and media accounts from its platforms, Facebook and Instagram.
The ban disables the Tatmadaw True News Information Team page, as well as the MRTV and MRTV Live pages as they violated Facebook’s policies by coordinating harm and inciting violence, Facebook APAC emerging countries policy director Rafael Frankel said in a blog post.
The ban comes in response to the Myanmar military inciting a coup at the start of February, which has resulted in the National League for Democracy’s leader Aung San Suu Kyi and other senior political leaders being detained.
Since the coup, the country has been in a state of emergency while suffering from internet and phone service disruptions. The military also temporarily blocked Twitter and Instagram a fortnight ago.
“We’re continuing to treat the situation in Myanmar as an emergency and we remain focused on the safety of our community, and the people of Myanmar more broadly,” Frankel said.  
“We believe the risks of allowing the Tatmadaw on Facebook and Instagram are too great.”
In addition to banning military-controlled state and media accounts, Facebook has also blocked any ads from military-linked commercial entities. Facebook has also reduced the distribution of content on 23 pages and profiles that are either controlled or operated by the Myanmar military so fewer people can see them. 

The bans, which will last indefinitely, were made using the UN Guiding Principles on Business and Human Rights as a guide, Frankel said.
The exceptions to this ban are government ministries and agencies engaged in the provision of essential public services, such as the country’s Ministry of Health and Sport and the Ministry of Education. 
Since the coup occurred, Facebook has expressed concern regarding the situation.
“We are extremely concerned by orders to shut down the internet in Myanmar and we strongly urge the authorities to order the unblocking of all social media services. At this critical time, the people of Myanmar need access to important information and to be able to communicate with their loved ones,” Frankel said in a previous blog post.
Related Coverage More