Connect with us


May ransomware blight all the cyber stragglers and let God sort them out



Image: Getty Images

The threat of ransomware dominates the cyber news right now, and rightly so. But this week Rachael Falk, chief executive officer of Australia’s Cyber Security Cooperative Research Centre, made a very good point.

Ransomware is “totally foreseeable and preventable because it’s a known problem”, Falk told a panel discussion at the Australian Strategy Policy Institute (ASPI) on Tuesday.

“It’s known that ransomware is out there. And it’s known that, invariably, the cyber criminals get into organisations through stealing credentials that they get on the dark web [or a user] clicking on a link and a vulnerability,” she said.

“We’re not talking about some sort of nation-state really funky sort of zero day that’s happening. This is going on the world over, so it’s entirely foreseeable.”

There are “four or five steps you could take that could significantly mitigate this risk,” Falk said. These are patching, multi-factor authentication, and all the stuff in the Australian Signals Directorate’s Essential Eight baseline mitigation strategies.

The latest Essential Eight Maturity Model even comes with detailed checklists for Windows-based networks.

“Companies are on notice that this is a risk for them,” Falk said. “There’s a known problem often, and a known fix, but people haven’t done it.”

So given this laziness, given that cyber wake-up calls have been ignored since the 1970s, and given that organisations continue to willfully fail to follow the advice they’re given, your correspondent has a question.

Has the time come to let Darwinism loose? Should we let all these lazy organisations get hacked, and just let God sort them out?

“I love that approach,” Falk said. “It is glacial-like movement, and I think the only change now that might accelerate it is legislation, which obviously government is potentially seeking to introduce at the moment,” she said, referring to proposed changes to critical infrastructure laws.

Maybe we’ll only start paying attention when there’s more 5G, more device-to-device communication, and more personal dependence on the network.

“I kind of wonder, though, in a macabre kind of way, will the test be when people just can’t use their phones for half an hour,” Falk said.

“That’s when you’ll get people going, oh, we just have to have law about this because we can’t cope with [no] iPhones, internet, fridge, streaming, Netflix, you name it.”

OK, we’re joking. Probably.

In cybersecurity as in public health, blaming the victim is counterproductive. And in many cases it’s the customers and citizens who’d really suffer from ransomware and other cyber attacks that take out an organisation.

“It could really, really impact life, and be a threat and risk to life. So I think people have to start thinking about this as not some sort of a joke,” Falk said.

“The fact that we joke about, oh, the internet being down for 30 minutes, it could be the matter of a medical procedure is stopped and someone dies halfway through.”

In Germany last year, for example, a patient died following a ransomware attack on a hospital in Duesseldorf, which caused her to be re-routed to a hospital more than 30 kilometres away. A police investigation found that she probably would have died anyway, but next time we may not be so lucky.

ASPI’s ransomware policy recommendations

Fortunately, a global consensus on how to tackle ransomware does seem to be emerging.

Just one example is a new report from ASPI’s International Cyber Policy Centre, Exfiltrate, encrypt, extort: The global rise of ransomware and Australia’s policy options, of which Falk is co-author.

On the vexed question of whether organisations should pay a ransom or not, the report recommends that paying them should not be criminalised. Instead, there should be a “mandatory reporting regime … without fear of legal repercussions”.

This would be a major step in transparency. Out of all the major ransomware incidents in Australia — Toll Holdings, BlueScope Steel, Lion Dairy and Drinks, legal document-management services firm Law in Order, Nine Entertainment, Eastern Health in Victoria, Uniting Care Qld, and JBS Foods — only JBS has admitted to paying a ransom of $11 million.

Such a scheme has already been proposed by Labor in its Ransomware Payments Bill 2021 introduced onto parliament last month as part of its national ransomware strategy.

The ASPI report recommends expanding the role of the ASD’s Australian Cyber Security Centre (ACSC) to include the real-time distribution of publicly available alerts.

ACSC should also publish a list of ransomware threat actors and aliases, giving details of their modus operandi and key target sectors, along with suggested mitigation methods.

The ASD is already known to be using its classified capabilities to warn of impending ransomware attacks.

The report also recommends tackling the “low-hanging fruit” of incentivisation and education.

This includes incentives such as tax breaks for cyber investment, grants, or subsidy programs; a “concerted nationwide public ransomware education campaign, led by the ACSC, across all media”; and a “business-focused multi-media public education campaign”, also led by the ACSC.

“[This campaign should] educate organisations of all sizes and their people about basic cybersecurity and cyber hygiene. It should focus on the key areas of patching, multifactor authentication, legacy technology, and human error.”

Finally, the report recommends creating a “dedicated cross-departmental ransomware taskforce”, including state and territory representatives, to share threat intelligence and develop policy proposals.

Your correspondent finds none of these recommendations unreasonable, though there are perhaps questions about whether ACSC is currently well-equipped to run an effective and engaging major public information campaign.

Nevertheless, given how slowly Australian organisations have adapted to cyber risks over the last couple of decades, maybe we need a little less carrot and a bit more stick.

Related Coverage

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.



Microsoft: Zero Trust security just hit the mainstream



Zero Trust, the borderless security strategy being pushed by vendors, has fully caught on in the enterprise, according to Microsoft’s latest survey of cybersecurity defenders. 

Microsoft, IBM, Google, AWS, Cisco and others in the cybersecurity industry have been banging the ‘zero trust’ drum for the past few years. 

The case for zero trust was made clearer after this year’s software supply chain attacks on US tech firms, which came amid a mass shift to remote work that demonstrated the need to protect information inside and beyond a trusted environment in a world that spans BYOD, home networks, VPNs, cloud services and more.

As Microsoft has argued, part of zero trust is assuming the corporate network has already been breached, either by hackers targeting that network through phishing or malware, or via an employee’s compromised home device connecting to the network.

The message has gotten through to organizations. Microsoft’s survey of 1,200 security decision makers over the past year found that 96% of consider Zero Trust to be critical to their organization. 

Zero trust will also soon be compulsory for federal agencies, helping standardize the concept in the broader market. US president Joe Biden’s cybersecurity executive order in May mandated agencies move to zero-trust as-a-service architectures and enable two-factor authentication (2FA) within 180 days. 

The Commerce Department’s NIST followed up last week by calling on 18 of the US’s biggest cybersecurity vendors to demonstrate how they would implement a zero trust architecture.    

Microsoft found that 76 percent or organizations are in the process of implementing a Zero Trust architecture — up six percent from last year.

“The shift to hybrid work, accelerated by COVID-19, is also driving the move towards broader adoption of Zero Trust with 81 percent of organizations having already begun the move toward a hybrid workplace,” writes Vasu Jakkal, Microsoft corporate vice president of security, compliance and identity.

“Zero Trust will be critical to help maintain security amid the IT complexity that comes with hybrid work.”

The top reasons for adopting Zero Trust included increased security and compliance agility, speed of threat detection and remediation, and simplicity and availability of security analytics, according to Jakkal. 

It’s all about confirming everything is secure, across identity, endpoints, the network, and other resources using signals and data.

Biden this week highlighted the real-world stakes at play with recent ransomware and supply chain attacks on critical infrastructure, telling the US intelligence community that a major hack would likely be the reason the US enters “a real shooting war with a major power”. The US president yesterday signed a memorandum addressing cybersecurity for critical infrastructure, ordering CISA and NIST to create benchmarks for organizations managing critical infrastructure.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.


Continue Reading


Apple broke bad news to iPhone fans



We’ve known this was a problem.

I expected that if there was any time when Apple top brass would mention it, it would be during the earnings call.

And that’s when it happened.

Apple, like most other tech firms, is feeling the pinch due to component shortages.

A word that came up a lot during the call was “constraints.” It was up to Apple CFO Luca Maestri to break the bad news.

“… we expect supply constraints during the September quarter to be greater than what we experienced during the June quarter. The constraints will primarily impact iPhone and iPad.”

Must read: Don’t buy these Apple products: July 2021 edition

Normally, I’d put this down to scarcity marketing — “get in there quick with your iPhone orders, because otherwise you’ll miss out and the cool kids will laugh at you” sort of thing — but these supply constraints are real and is affecting almost every company that is involved in making things.

CEO Tim Cook went on to fill in some more details about the constraints.

“The majority of constraints we’re seeing are of the variety that I think others are saying that are I would classify as industry shortage. We do have some shortages, in addition to that, that are where the demand has been so great and so beyond our own expectation that it’s difficult to get the entire set of parts within the lead times that we try to get those. So it’s a little bit of that as well.”

A little bit of this, a little bit of that.

On the whole, Apple does like to underpromise and overdeliver, especially where Wall Street is concerned, so it doesn’t surprise me that there’s this air of caution.

It makes sense.

The landscape is changing rapidly.

But I think that it’s interesting and somewhat telling that Apple was willing to make such a statement, a statement that caused stocks to fall as a result.

This statement was not made lightly.

If you’re someone who likes getting a new iPhone as soon as they’re out, you might have to work a little harder this year.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.


Continue Reading


Attention iPhone users: Soon it will be easier for you to switch to Android



Apple has had a “Move to iOS” app in the Google Play store for years.

Finally, Google is planning a similar tool for those wanting to switch from iOS to Android.

Switching platforms is hard. It’s possible, but the deeper you are into an ecosystem, the harder it is to switch without that move costing you a lot of time, effort, money, and you can never fully replicate some features.

Currently, if you want to switch platforms, you first have to squirt all your iPhone data such as photos to Google Drive, and then download it all back to your new Android smartphone. It works, but you don’t get a seamless switch for things like apps.

This is about to change.

Must read: Why you need to urgently update all your iPhones, iPads, and Macs – NOW!

The eagle-eyed folks over at 9to5Google have spotted some changes to Google’s Data Restore Tool that mentions a “Switch to Android” app for iOS that transfers the data over a Wi-Fi connection between the two devices.

It’s worth bearing in mind that no switch is going to be perfect. Some apps are exclusive to certain platforms, and even where they are not, any paid apps will need to be repurchased for the new platform.

Switching from iOS to Android will also mean losing iMessage, which for many is an unacceptable loss.

Currently, there’s no “Switch to Android” app in the Apple App Store, but it might be worth keeping an eye out for it.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.


Continue Reading


NBN stumps up AU$5.2 million in credit for July lockdowns




The company responsible for the National Broadband Network said on Thursday it would provide AU$5.2 million in the form of a “COVID-19 relief credit payment” to cover overage charges due to bandwidth spikes caused by lockdowns in New South Wales, Victoria, and South Australia.

NBN said the credit would cover July and be allocated on each retailers’ share of total national overage. It added it would waive charges for ISPs breaching CVC utilisation conditions for the final week of July. The company reiterated it was still introducing its Superfast Plus rebate to lower the price to get users onto 250Mbps and 1Gbps plans.

After lockdowns were imposed in NSW and Victoria, NBN said it saw peak bandwidth of almost 20.4Tbps on the Saturday night of July 17, which represented an 8% increase on the week prior. On July 24, NBN said it saw bandwidth top out at 19.93Tbps.

The company took the opportunity to also bat away ideas to reinstate the CVC holiday for retailers introduced last year.

“NBN Co’s previous offer of additional capacity at no additional costs to internet retailers, which was in market from March 2020 and transitioned out by 31 January 2021, was originally intended as a short-term measure to assist retailers’ adjustment to the initial increase in customers’ data consumption at the onset of COVID restrictions,” NBN executive general manager for commercial Ken Walliss said.

“It was the right thing to do at the time, but it came at a cost, some of which was borne by taxpayers. If this had continued, it would have potentially impacted NBN Co’s ability to invest in network upgrades to deliver faster speeds and additional capacity to meet the historical annual growth in data demand.”

The company pointed to higher CVC inclusions, the ability to nationally pool CVC, and its current pricing and Special Access Undertaking processes as ways it was supporting the industry.

Related Coverage

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.


Continue Reading
Ecommerce5 days ago

How professional videos can help e-commerce brands attract more customers

Blockchain2 days ago

Everything you should know about Coinbase

Blockchain1 day ago

CryptoHawk Provides Subscribers 2-month Returns of 44.5% on BTC and 22.1% on ETH

Cyber Security1 day ago

What is a Remote Access Code?

Gaming4 days ago

SCCG Management and Data Sports Group Partner to Deliver Sports Content and Analytics to the Media Industry

Startups1 day ago

From Red Gold to Olympic Gold: Seedo Corp. Seeks Solutions for Athletes and More

Gaming3 days ago

How to win the war on betting

Gaming3 days ago

How to master poker

Cleantech1 day ago

Why food production is as dangerous for the planet as fossil fuels

Blockchain1 day ago

Had Enough of Crypto? Here are Some Alternatives!

AR/VR1 day ago

nDreams Appoints ex Codemasters CEO as Non-Executive Chair of the Board

Blockchain1 day ago

GBA Names New United Kingdom Chapter President

Cleantech1 day ago

To sell EVs, are automakers ready to ditch dealerships?

AR/VR1 day ago

Ven VR Adventure Arrives on Oculus Quest Next Week

Cleantech1 day ago

Green bonds are beating all expectations in the post-pandemic recovery

Cleantech1 day ago

You’ve set a bold climate goal, so now what?

Blockchain1 day ago

From Around the Web: 10 Awesome Stories About Bitcoin

Blockchain2 days ago

Unique Network Chosen As Exclusive Blockchain Partner for United Nations Associated NFT Climate Initiative

Cyber Security2 days ago

What is Service Desk?

AR/VR2 days ago

The Walking Dead: Saints & Sinners Aftershocks Confirmed for Late September