Information Technology

We are becoming more willing to share health-related information about ourselves if it is used to fight COVID-19.
A new survey has shown that consumer willingness to share more sensitive data – social security numbers, financial information and medical information – is greater in 2020 than in both 2018 and 2019
According to the New york, NY-based scientific research practice foundation ARF’s (Advertising Research Foundation) third annual Privacy Study has shown that contact tracing is considered a key weapon in the fight against COVID-19.
However, one quarter of the respondents expressed an unwillingness to share information about being exposed to someone with the virus.
ARF surveyed 1,200 Americans in April 2020 to discover their views on trust, privacy and terminology surrounding the pandemic.
This report explores shifts in consumer attitudes towards digital privacy, mobile compared to PC usage, and trust in institutions in the context of the COVID-19 pandemic
The survey showed that mask-wearing, though a political touch-point in some parts of the US, is the piece of health information that Americans are most willing to share (83%)
However, almost half (47%) somewhat or strongly disapprove of letting government agencies temporarily gather data from mobile phones to improve compliance with measures to protect public health.
The types of information people are willing and not willing to share have generally remained consistent.
Yet, the willingness to share such information is somewhat greater for people whose jobs have been affected by the pandemic, and significantly greater for those who have known someone with COVID.
Respondents that had their work hours or salary reduced are more willing to share information about a recent doctor’s visit (69%) compared to 57% of those who experienced no impact to their job).
ARF
Whilst most people (92%) would be willing to share their gender or ethnicity (89%) with a website, less than two in five (39%) were willing to share details about their spouse, and only one in three (34%) would share medical information in 2020.
However the percentage of people who would share this information in previous years was 29% in 2018 and 27% in 2019.
Paul Donato, chief research officer, the ARF said: “This year’s report is particularly unique because it captures In 2018 and 2019, there was a general decline in the willingness to share personal information, but some of that reversed in the current survey.
It will be interesting to see how these sentiments evolve along with crisis developments, as well as after the upcoming election.”
The most trusted sources of information about the virus are doctors (76%), scientific and technical experts (68%), and people like themselves (59%), followed by state and local institutions.
Trust in scientists and technical experts rises with increasing education, and the more serious a threat people regard COVID-19, the more they trust the federal government, Congress, and scientists and technical experts.
The willingness to share could become a security issue for many.
Sharing data to help others could rebound on Americans if the proper checks and balances are not in place to protect their data. Making sure that this data is not mis-used against the population could become a huge issue if there ever is a data breach. More

Image: Clinton Naik

IPStorm, a malware botnet that was first spotted last year targeting Windows systems, has evolved to infect other types of platforms, such as Android, Linux, and Mac devices.
Furthermore, the botnet has also quadrupled in size, growing from around 3,000 infected systems in May 2019 to more than 13,500 devices this month.
These latest developments put IPStorm in the class of today’s most dangerous botnets, a classification the malware deserves due to its sustained development across the past year, expansion to multiple platforms, and for the advanced and unique features it possesses.
IPStorm — a short history
Spotted in May 2019 and first described in an Anomali report in June 2019, IPStorm began operating by targeting Windows systems only.
At the time of its discovery, security researchers spotted several unique features specific to IPStorm alone. For example, the malware’s full name of InterPlanetary Storm came from the InterPlanetary File System (IPFS), a peer-to-peer protocol that the malware was using to communicate with infected systems and relay commands.
Second, the malware was also written in the Go programming language. While Go malware has become common today, it was not so common in 2019, making IPStorm one of the few malware strains of its kind.
But the Anomali 2019 report never explained how the malware spread to infect Windows systems. At the time, some security researchers hoped that IPStorm would end up being an experiment that some bored programmer had taken up to play around with IPFS networks, and would eventually abandon it at some point in the future.
But it was not to be. In reports from Bitdefender in June 2020 and from Barracuda earlier today, the two security firms say they’ve spotted new IPStorm versions that are capable of infecting devices running other platforms beyond Windows, such as Android, Linux, and Mac.
And this time, there’s also info on how the botnet spreads, effectively striking down the idea that this was just an experiment and confirming that a well-organized attack infrastructure is currently keeping the botnet alive.
According to Bitdefender and Barracuda, IPStorm targets and infects Android systems by scanning the internet for devices that had left their ADB (Android Debug Bridge) port exposed online.
On the other hand, Linux and Mac devices are infected after the IPStorm gang performs dictionary attacks against SSH services to guess their username and passwords.
After IPStorm gains an initial foothold on these systems, the malware usually checks for the presence of honeypot software, gains boot persistence on the device, and then kills a list of processes that may pose a threat to its operations.
IPStorm’s end goal remains unknown
Nonetheless, despite being active for more than a year, security researchers have yet to figure out one last thing about IPStorm — namely, its end goal.
Security researchers say that IPStorm drops a reverse shell on all infected devices but then leaves these systems alone.
While this backdoor mechanism could be abused in an unlimited number of ways, until now, security researchers have not seen the IPStorm operators doing anything nefarious, such as installing crypto-mining apps, performing DDoS attacks, relaying malicious traffic as part of a proxy network, or sell access to infected systems.
This remains a mystery that security researchers are still chasing to crack, but it’s most likely not going to have a positive outcome for all the infected systems and their owners. More

Wirecard has been instructed to stop offering its payment services and return all customers’ funds in Singapore. The order comes months after the German payments vendor filed for insolvency in the wake of its accounting scandal. 
The Monetary Authority of Singapore (MAS) told Wirecard entities in the city-state to cease their payment services and return customers’ funds by October 14 this year. 

The industry regulator said in a statement Wednesday that it had been monitoring Wirecard’s ability to continue providing its services in Singapore following the company’s insolvency filing in Germany, such as keeping customers’ funds in Singapore banks and helping them switch to alternative service providers.
Its local office had told MAS it was unable to maintain payment processing services to several merchants. The regulator then determined it was “in the interest of the public” for Wirecard to cease its payment services here, so there was greater certainty for customers to decide on their appropriate course of action, for instance, to look for alternative service providers. 
The service cessation would affect credit card payments at local merchants that used Wirecard’s services and the use of pre-paid cards issued by Wirecard. Other forms of e-payments such as PayNow and SGQR remain available, said MAS, adding that Wirecard customers that had yet to make alternative arrangements should do so quickly.  
According to the regulator, Wirecard’s primary business activities in Singapore encompassed processing payments for merchants and helping companies issue pre-paid cards. It noted that Wirecard’s local entities currently were not licensed by MAS. Pointing to the country’s Payment Services (Exemption for Specified Period) Regulations 2019, MAS said the exemption was established to provide a grace period — from six months to a year — for entities providing certain regulated payment services to apply for the relevant licence. 
Such entities were permitted to provide the regulated payment service without a licence during the grace period, though, MAS might issue directions to such entities. Effective from January 28, the Payment Services Act governs the provision of payment services in Singapore including merchant acquisition services as well as services already regulated by previous legislations, such as money-changing and cross-border money transfer services. 
Wirecard had been embroiled in an accounting scandal in which $2.1 billion was reportedly missing, leading to the arrest of its former chief executive alleged to have inflated the company’s accounts. The issue was raised by auditor EY, which identified two banks in the Philippines that allegedly were holding the funds, though, both denied Wirecard was ever a client. 
An accounting executive in its Singapore outfit also was involved in fraud allegations, but left the company in April, according to a Bloomberg report, which pointed to several alleged accounting oversights involving some employees based here.
RELATED COVERAGE More

Image: Adobe

The UK’s cyber-security agency warned on Wednesday of the dangers and complications that may arise from not removing Adobe Flash Player and continuing to use the software past its end-of-life (EoL) date of December 31, 2020.
Problematic scenarios include enterprise and other networks where legacy web apps and desktop software still use Flash to display multimedia content or support features like file uploads, file explorers, loading screens, and more.
The UK National Cyber Security Centre (NCSC) fears that some system administrators —with disregard for the security of their network— might make the wrong decision and disable update mechanisms in these applications or web browsers so employees can continue using these apps.
“Just to be clear: You should not disable browser and/or platform updates as a way of continuing to use Adobe Flash Player after 2020,” the agency said on Wednesday. [Emphasis by the NCSC]
“Instead, we encourage you to work alongside your suppliers to remove Flash dependencies. Any vendors that are unwilling, or unable, to do this should, themselves, be considered risky.”
Some software providers like SAS, Citrix, Articulate, and others have already released updates and customer guidelines in preparation for the Flash EOL. Others may have not, and system administrators may need to intervene and remove the software from their networks and find a Flash-free alternative.
But if there’s one thing that IT administrators can’t say is that they’ve been taken by surprise. Adobe gave companies a three-year start to prepare for the Flash EOL, having first announced it in 2017.
Browser makers like Apple, Google, Microsoft, and Mozilla have all announced they also planned to remove Flash from their products by the end of 2020 or late January 2021, making playing any Flash content inside their products impossible.
In a recent update to the Flash EOL page, Adobe itself has asked companies to be proactive about the EOL and remove the software even before the end of the year, even planning to manually prompt users to uninstall Fash later this year.
This is the second time that the NCSC has stepped forward to issue a warning to UK IT admins about a soon-to-be EOL software application. The agency published a similar alert in August 2019 to urge software developers to migrate their code to Python 3.x as the Python 2.x branch was nearing its scheduled EOL date of January 1, 2020. More

The Select Committee on Foreign Interference through Social Media has been tasked with probing the risk posed to the nation’s democracy by foreign interference through social media.
Twitter, Google, Tiktok, and Facebook have previously made submissions to the inquiry, with the plan for representatives from each of the social media platforms to eventually face the committee.
TikTok was probed on Friday, using its time to clarify data protection rules, its plans to prevent distressing videos from being viewed on its platform, and how it wasn’t asked to provide assistance to a government investigation, among other things. Facebook was due to appear alongside TikTok, but blamed a scheduling issue for pulling out.
The latest submission [PDF] to the committee as part of its inquiry comes from the Middle Kingdom, by way of popular chat app WeChat.
WeChat is owned and operated by WeChat International Pte Ltd, an entity incorporated in Singapore. WeChat International is a wholly owned subsidiary of Tencent Holdings Limited, which is a global technology giant incorporated in the Cayman Islands and listed on the Main Board of the Stock Exchange of Hong Kong.
Globally, WeChat boasts over 1.2 billion monthly active users. As at 21 September 2020, WeChat had approximately 690,000 daily active users in Australia.
US President Donald Trump in August claimed that apps developed in China are a threat to national security, making an executive order to ban WeChat alongside TikTok. Although that ban was later blocked by the US district court, WeChat has taken the opportunity in its submission to the Australian committee to explain how western users of the app are treated differently to those in mainland China.
Firstly, the specific app used is regional.
WeChat is operated by WeChat International, and is designed for users outside of mainland China. It said WeChat is not governed by PRC law.
Weixin is designed for users in the PRC, is operated by a PRC entity, and is governed by PRC law. In addition to different governing laws, Weixin and WeChat make use of different server architectures. WeChat servers are all located outside of mainland China.
How a user first registers an account determines whether they are a WeChat or Weixin user.
“For instance, users who register with a PRC mobile phone number will be a Weixin user, while users who register with an Australian mobile phone number will be a WeChat user,” it wrote.
“WeChat does allow users to access and use certain Weixin functions through the WeChat application. Where this occurs, the user is clearly informed that the access and use of these functions is subject to the relevant Weixin terms of service.”
When it comes to countering foreign interference and misinformation on its platform for Australian users, WeChat said it prohibits spam content; accounts that coordinate, spread, distribute, or participate in inauthentic behaviour, including in relation to false news, disinformation, or misinformation in relation to a topic or individual; the creation of fake accounts or accounts that misrepresent the identity of the user; content which breaches any applicable laws or regulations; and content which may constitute a genuine risk of harm or direct threat to public safety.
“For example, we prohibit the advertising and sale of COVID-19 home testing kits and have worked with relevant Australian authorities to enforce this in the past year,” it said.
It also said that it has previously met with and worked with the Department of Home Affairs and the Australian Electoral Commission in the context of the Australian Federal Election.
Similarly, it has discussed Australia’s Foreign Influence Transparency Scheme with the Attorney-General’s Department and is “committed” to working with Australian regulators and authorities in “respect of any complaint or request that may arise”.
MORE RELATED TO THE INQUIRY More

The Commonwealth Scientific and Industrial Research Organisation’s (CSIRO) Data61 has announced alongside the Monash Blockchain Technology Centre a blockchain protocol they claim is secure against quantum computers while also protecting the privacy of its users and their transactions.
The protocol, MatRiCT, is patented by CSIRO and now licensed to Australian cryptocurrency developer HCash.
Hcash will be incorporating the protocol into its own systems and transforming its existing cryptocurrency, HyperCash, into one that is claimed to be quantum safe and privacy protecting, but according to Data61, the technology could be applied to more than cryptocurrencies.
It highlighted potential applications such as digital health, banking, finance, and government services, as well as services which may require accountability to prevent illegal use.
Data61 researchers said blockchain-based cryptocurrencies like Bitcoin and Ethereum are vulnerable to attacks by quantum computers, as they are capable of performing complex calculations and processing substantial amounts of data to break blockchains.
“Quantum computing can compromise the signatures or keys used to authenticate transactions, as well as the integrity of blockchains themselves,” research fellow at Monash University and Data61’s Distributed Systems Security Group Dr Muhammed Esgin said.
“Once this occurs, the underlying cryptocurrency could be altered, leading to theft, double spend or forgery, and users’ privacy may be jeopardised.
“Existing cryptocurrencies tend to either be quantum-safe or privacy-preserving, but for the first time our new protocol achieves both in a practical and deployable way.” 
See also: How blockchain will disrupt business (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)
MatRiCT is based on “hard lattice problems”, which are quantum secure, and introduces three features: The shortest quantum-secure ring signature scheme to date, which Data61 said authenticates activity and transactions using only the signature; a zero-knowledge proof method, which it said hides sensitive transaction information; and an auditability function, which is touted as helping prevent illegal cryptocurrency use.
“The protocol is designed to address the inefficiencies in previous blockchain protocols such as complex authentication procedures, thereby speeding up calculation efficiencies and using less energy to resolve, leading to significant cost savings,” Monash University quantum-safe cryptography expert Associate Professor Ron Steinfeld said.
“Our new protocol is significantly faster and more efficient, as the identity signatures and proof required when conducting transactions are the shortest to date, thereby requiring less data communication, speeding up the transaction processing time, and reducing the amount of energy required to complete transactions.”
RELATED COVERAGE
University of South Australia says blockchain at odds with privacy obligations
Asks for more work to be done to ensure the technology conforms to privacy rights and expectations.
Australia to focus on blockchain potential with new roadmap
Blockchain offers the nation jobs and growth, the government has said.
How the industry expects to secure information in a quantum world
With all of the good a quantum computer promises, one of the side effects is that it will be able to break the mechanisms currently used to secure information. But the industry is onto it, and Australia’s QuintessenceLabs is playing a key role.
Australia’s ambitious plan to win the quantum race
Professor Michelle Simmons thinks Australia has what it takes to be the first to the finish line in the international quantum computing race. More

Image via CBS News YouTube channel
Social networking giant Twitter said today that it removed around 130 Iranian Twitter accounts for attempting to disrupt the public conversation during last night’s first Presidential Debate for the US 2020 Presidential Election.
Twitter said it learned of the accounts following a tip from the US Federal Bureau of Investigations.
“We identified these accounts quickly, removed them from Twitter, and shared full details with our peers, as standard,” the social network said today.
“They [the accounts] had very low engagement and did not make an impact on the public conversation,” it added.

Image: Twitter
Twitter said it plans to publish details about the removed accounts and their tweets on its Transparency portal’s section for influence operations.
The social network said earlier this year it was expecting to see attempts to manipulate the public discussion about the upcoming US Presidential Election as November 3 drew nearer. In August, Twitter also removed user accounts for sharing the same message about planning to vote for Donald Trump using a technique the company described as copypasta.
The company also began to label tweets as misleading if they provided inaccurate information about voting and the electoral process. Twitter used this new feature to put warning labels on several of Donald Trumps tweets throughout the summer and the early autumn.
Today’s crackdown also marks the second time this month that Twitter has intervened to take down an influence operation on its website following an FBI tip. Twitter previously removed accounts tied to PeaceData, a news site that published misleading articles about world politics, which the FBI claimed was a Russian influence operation. More

Image: Llyass Seddoug

Special feature

Cyberwar and the Future of Cybersecurity
Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.
Read More

A hacker group previously associated with the North Korean regime has been spotted launching spear-phishing attacks to compromise officials part of the United Nations Security Council.
The attacks, disclosed in a UN report last month, have taken place this year and have targeted at least 28 UN officials, including at least 11 individuals representing six countries of the UN Security Council.
UN officials said they learned of the attacks after being alerted by an unnamed UN member state (country).
The attacks were attributed to a North Korean hacker group known in the cyber-security community by the codename of Kimsuky.
According to the UN report, Kimsuky operations took place across March and April this year and consisted of a series of spear-phishing campaigns aimed at the Gmail accounts of UN officials.
The emails were designed to look like UN security alerts or requests for interviews from reporters, both designed to convince officials to access phishing pages or run malware files on their systems.
The country which reported the Kimsuky attacks to the UN Security Council also said that similar campaigns were also carried out against members of its own government, with some of the attacks taking place via WhatsApp, and not just email.
Furthermore, the same country informed the UN that Kimsuky attacks have extremely persistent with the North Korean hacker group pursuing “certain individuals throughout the ‘lifetime’ of their [government] career.”

Similar Kimsuky attacks detailed in a previous UN report as well
The UN report, which tracks and details North Korea’s response to international sanctions, also noted that this campaign has been active for more than a year.
In a similar report published in March, the UN Security Council revealed two other Kimsuky campaigns against its sitting panel officials.
The first was a series of spear-phishing attacks against 38 email addresses associated with Security Council officials — all of whom were members of the Security Council at the time of the attack.
The second were the operations detailed in a report from the National Cybersecurity Agency of France [PDF]. Dating back to August 2019, these were spear-phishing attacks against officials from China, France, Belgium, Peru, and South Africa, all of whom were members of the UN Security Council at the time of the attacks.
Kimsuky has a long history of going after the UN
But these attacks did not stop in April, as stated in the most recent UN report on North Korea, and the Kimsuky group has continued to target the UN, as part of its broader efforts to spy on UN decision-making in regards to North Korean affairs and possible plans on imposing new sanctions.
“We are definitely still observing targeting of the United Nations – something that has been going on for quite some time and has been continuous in the past six months,” Sveva Vittoria Scenarelli, a senior analyst in PwC’s Threat Intelligence team, told ZDNet today.
“From our visibility, we are seeing Kimsuky particularly focused on the OHCHR (the UN’s Office of the High Commissioner for Human Rights). For example, we’re seeing domains pretending to be OHCHR intranets,” Scenarelli added.
The PwC analyst, who is an expert in Kimsuky operations, says most of the group’s operations are spear-phishing attacks aimed at obtaining a victim’s credentials for various online accounts. Other spear-phishing operations also aim to get the victims infected with malware.
“Sometimes both types of operations are conducted against the same target,” Scenarelli said.
Asked about the information put forward by the unnamed country that some Kimsuky operations had targeted select officials throughout the lifetime of their government careers, Scenarelli said this was typical of Kimsuky’s past campaigns.
“We have most definitely observed Kimsuky targeting specific individuals — in fact, up to the present moment — even going as far as registering Internet domains containing the individual targets’ names, the PwC analyst said.
“It’s not as much of an isolated case — rather, we assess that specific individuals are targeted because of their role and the information they have access to. So in this sense, this kind of targeting is highly likely to be driven by specific objectives, be these intelligence collection or something else,” Scenarelli added.
“As to whether the targeting continues for the entirety of targets’ career, this might depend on the individual target. Though we do not have direct visibility at this level of specificity, we’d assess it is likely that Kimsuky might continue to target that individual so long as they are presumed to have access to information of interest, and so long as Kimsuky’s strategic objectives require the threat actor to gain access to certain information.
“If all needed information is acquired, or if these strategic objectives change, then Kimsuky might focus its targeting somewhere else, which is a “pivot” that we’ve seen the threat actor make before.”
Scenarelli is set to hold a talk on Kimsuky operations today at the Virus Bulletin 2020 security conference. This article is unrelated to her presentation. More