Search This Blog

Showing posts with label Data protection. Show all posts

Threat from Cyberspace Pushing Data Budgets Up and Delaying Digital Transformation

 

A new report has revealed that the cost of data backup is rising due to the growing threat from cybercrime. This includes the requirement to guarantee the consistency and dependability of hybrid cloud data protection in order to counteract potential losses from a ransomware attack. 

More than 4,300 IT leaders were polled for the Data Protection Trends Report, and many of them claimed that there was a "availability gap" between how quickly their businesses needed a system to be recovered and how quickly IT could get it back online. This issue is serious because, according to the survey, 85% of respondents experienced a cyberattack in the previous year. 

Making sure the data protection provided by Infrastructure as a Service and Software as a Service solutions corresponds with that provided by workloads focused on data centres was one of the top priorities for IT leaders polled for the survey this year.

More than half of those surveyed in the study, which was commissioned by data protection software vendor Veeam, also mentioned a "protection gap" between the amount of data they can lose and the frequency with which IT protects it. These gaps, according to more than half of those surveyed, have led them to consider switching primary data protection providers this year.

Many of those surveyed claimed that ransomware is "winning," with cyberattacks causing the most significant outages for businesses in 2020, 2021, and 2022, despite all of these efforts to increase backup reliability and spend on cybersecurity tools. 

Hackers' increasing threat to data budgets

In the past 12 months, at least 85% of all study participants reported experiencing an attack, up from 76% the year before. Data recovery was noted as a major concern, with many claiming that only 55% of encrypted data was recoverable following a ransomware attack.

This was partially due to the increase in attacks. Due to the strain that ransomware protection and recovery put on budgets and staff, it is also harder to implement digital transformation. Resources intended for digital transformation initiatives have been diverted as IT teams must concentrate on the unstable cyber security landscape. 

According to Veeam's researchers, cyberattacks "not only drain operational budgets from ransoms to recovery efforts, but they also reduce organisations' ability to modernise for their future success, forcing them to pay for prevention and mitigation of the status quo."

With 52% of respondents already using containers and 40% of organisations planning to do so soon, Kubernetes is proving to be one of the major forces behind bettering data security strategies. Despite this, the report's authors discovered that most organisations only protect the underlying storage rather than the workloads themselves. 

The CTO and senior vice president of product strategy at Veeam, Danny Allan, stated that "IT leaders are facing a dual challenge. They are building and supporting increasingly complex hybrid environments, while the volume and sophistication of cyberattacks is increasing. This is a major concern as leaders think through how they mitigate and recover business operations from any type of disruption.”

New Zealand Government Launches Open Banking for Consumers

 

The New Zealand Government declared last month that open banking is coming to the island nation. This much-needed reform is the first step in making New Zealand's financial ecosystem livelier and more competitive. 

As the nation gets ready for this new banking model, it must learn a lot from what Europe and the United Kingdom have gone through, especially with regard to worries about governance and data protection. 

Advantages of open banking 

A consumer data rights (CDR) framework, a system for safely and securely transferring personal data across multiple service providers, facilitates open banking. It means that Kiwis will be able to compare mortgage rates and other financial products more readily. 

Open banking is gaining popularity around the world because it assists in the integration of new financial service providers into the financial ecosystem, making it more sustainable, efficient, nimble, and inventive. 

It allows people who have many accounts at different banks to view all of their transactions in a single interface using account aggregator software. The customer will subsequently be able to swiftly transfer funds between accounts. The same application, with the use of artificial intelligence, can assist customers in organizing their finances by recommending financial products with better rates and terms. 

Additionally, it enables small and medium-sized businesses to better monitor their cash flow, reconcile payments, and manage inventories. Business owners can also combine their financial information with their accounting service provider through open banking. 

Learnings from Europe 

But what can New Zealand learn from the experiences of those nations that have already implemented open banking as it enters this brave new world? There are two recent reports from the UK and Europe that demonstrate some of the process's benefits and drawbacks. 

The European Commission's amended Payment Services Directive 2 (PSD2) proposal included open banking in July 2013. Open banking is now a global endeavor, with the United Kingdom and continental Europe viewed as global leaders. There are at least 410 third-party providers in Europe alone. 

The UK's Competition and Markets Authority announced the findings of an investigation of their open banking experience in May 2022. The authority's examination revealed issues about corporate governance problems, late account delivery, conflict management, procurement, and value for money, as well as the need for human resource changes. 

The problems were mostly caused by governance failings at the Open Banking Implementation Entity (OBIE). The nine biggest banks in the UK were required to implement open banking, and the OBIE was tasked with monitoring their success. Because there were not enough checks and balances on the trustees' decision-making, too much authority was given to one of them. Internal controls and the risk management system were also deficient. 

The UK government has recognized the issue and is working to strengthen OBIE's governance structure. 

The European Commission recently held a public consultation on its 2013 directive as well as the commission's work on open banking. Because of worries about privacy, data protection, and digital security, the majority of respondents were hesitant to share financial information. There was a pervasive impression that they had little control over how their data was used. 

Giving service providers access to their data, according to 84% of those who responded to the public survey, poses security and privacy hazards. Furthermore, 57% of respondents stated that financial service providers who store their data only occasionally seek approval before sharing it with other financial or third-party service providers. 

Requirement of unambiguous regulations 

The European and British experiences demonstrate the challenges associated with open banking adoption and public perception. The two papers' concerns about governance and data security should be carefully considered by the New Zealand government. 

The development of an effective board oversight and risk management plan is critical. To foster trust and transparency, a consent management mechanism should be implemented. There should also be a high-level structure in place to monitor and supervise all data holders and users. 

The implementation of open banking in New Zealand should result in a power shift away from traditional banks and toward a thriving financial technology sector. It should also provide traditional banks the opportunity to innovate and become far more responsive to customer wants.

DDoS Attacks Can Be Mitigated by AI

A DDoS protection system is necessary since DDoS attacks are so common. Numerous media and web-based consumer platforms are supported by AI machine learning algorithms currently. AI does not need the ten-year development cycles of nuclear weapons or bombers to be deployed or even upgraded because it is mostly software running on commercial processors.

Along with speed and accuracy, the rate of false positives shows how effective your detection is; the smaller the number, the better. Up until recently, neutralizing a DDoS assault of 2Tbps in scale might also block 100Gbps to 200Gbps of valid network traffic due to the industry-accepted rate of 5% to 10% false positives.  

Investment may be necessary for the implementation of ML and AI technologies. Based on the expertise working across numerous sectors, researchers have found important factors that can make any AI/ML implementation much more effective, resulting in a successful deployment as opposed to AI technology remaining on the stand and improved return on investment.

Ways ML/AI technologies can be utilized

1. Finding operational challenges:

The first step to the successful adoption of any AI or ML solution is to pinpoint the business issues the organization is attempting to solve with AI/ML and secure support from all important stakeholders. The roadmap for getting there can be created by being clear about the preferred result and evaluating use cases motivated by business imperatives and quantitative success factors of an AI/ML implementation. 

2. Data accessibility:

To develop the AI/ML model, a sufficient database that is pertinent to the business challenge being addressed must be made available. Organizations may encounter circumstances where such data is not yet accessible. The company should next devise and carry out a plan to begin gathering pertinent data while concentrating on other business issues that can be helped by accessible data science. 

3. Adopting optimal algorithms to perform:

It is frequently preferable to use a model or method with fewer parameters. Examining model validity is a crucial stage in this process, can the chosen model provide rationales and explanations in simple English that can be understood. Reasons for judgments made by an expert or algorithm are necessary in some regulated businesses. . In such cases, model explainability packages like LIME or SHAP can offer explanations that are simple enough for humans to understand.

4. Approach to operationalization:

It is apparent that a successful deployment requires clarity regarding how the forecasts and insights from AI/ML fit into routine operations. The model scores and insights will be used in what ways by the organization? In the operational workflow, how does the AI/ML model fit? Will technology entirely replace parts of the present manual processes, or will it only be utilized to support the analysts' judgment? Will the solution be applied on-premises or in the cloud? A clear plan that answers these issues will help to ensure that the solution is implemented and does not remain on the back burner.

5. Educating, enabling, and skilling:

Building teams with specialists in multiple fields of the AI/ML domain is crucial, of course. Confirm that the resources and expertise necessary to support the functioning of the AI/ML solution are accessible. Any skills shortages should be filled by either retraining the current workforce or hiring fresh talent with the necessary qualifications.

AI/ML algorithms now make it possible to identify DDoS activity early and put in place quick, precise, and effective mitigation procedures to resist such attacks.

Experts can protect our networks from harmful DDoS attacks, keep the functioning of the service, and provide user protection online by integrating big data analytics and AI/ML into every phase of a thorough DDoS security strategy. 

Data Security can be Enhanced Via Web Scraping

Web information aids security professionals in understanding potential weaknesses in their own systems, threats that might come from outside organizations' networks, and prospective threats that might come via the World Wide Web. 

In reality, automated tests that can find the presence of potential malware, phishing links, various types of fraud, information breaches, and counterfeiting schemes are performed using this database of public Web data.

Web scraping: What is it?

Large volumes of data can be automatically gathered from websites via web scraping. The majority of this data is unstructured and is shown in HTML format, t is transformed into structured data in a spreadsheet or database so that it can be used in a variety of applications.

These include utilizing online services, certain APIs, or even writing one's own code from scratch for web scraping. The company doing the scraping is aware of the sites to visit and the information to be collected. There are APIs on a lot of big websites, including Google, Twitter, Facebook, StackOverflow, etc., which let users access their data in a structured manner. 

How Do Web Scrapers Operate?

Web scrapers have the power to extract all the data from specified websites or the precise data that a user requires. If you wanted to find out what kinds of peelers were available, for instance, you might want to scrape an Amazon page, but you might only need information on the models of the various peelers, not the feedback from customers.

Therefore, the URLs are first provided when a web scraper intends to scrape a website. Then, all of the websites' HTML code is loaded. A more sophisticated scraper might also extract all of the CSS and Javascript parts. The scraper then extracts the necessary data from this HTML code and outputs it in the manner that the user has chosen. The data is typically stored as an Excel spreadsheet or a CSV file, but it is also possible to save it in other formats, such as JSON files.

Cybersecurity Via Web Scraping

1. Monitoring for Potential Attacks on Institutions

Some of the top firms' security teams use open Web data collecting networks to acquire data on potential online threat actors and analyze malware. 

Additionally, they continuously and automatically check the public domain for potentially harmful websites or links using Web scraping techniques. For instance, security teams can instantly recognize several phishing websites that aim to steal important customer or business data like usernames, passwords, or credit card information.

2. Scraping the Web for Cybersecurity 

Web data collecting is used by a variety of cybersecurity companies to evaluate the risk that various domains pose for fraud and viruses. In order to properly assess the risk, cybersecurity firms can utilize this to contact potentially harmful websites as a 'victim' or a legitimate user to see how the website might target an unwary visitor. 

3. Analysis and Reduction of Threats

Public Web data collecting networks are used by threat intelligence companies to get information from a variety of sources, including blogs, public social media channels, and hackers, in order to find fresh information on a range of potential dangers. 

Their insights are based on this Web data collecting, which they subsequently disseminate to a wide range of customers that want to strengthen their own system security.

Despite being utilized often in business, lawful web scraping is still a touchy subject. Where personal information is scraped, this is the most evident. Users of LinkedIn, for instance, are aggressively marketing their personal information since the platform essentially functions as a professional CV showcase. Less desirable is having those details gathered in bulk, compiled, and sold to random people.

An organization's visibility and capacity to respond to online threats across the large online terrain in real-time are both improved by integrating with Web data collecting networks.








Ways Firms can Establish Data Governance

 


According to a new analysis, maintaining structured data was cited by two-thirds of business IT leaders as its prime focus, with unstructured data rated as less critical. Likewise, a remarkably huge portion probably needs to be safeguarding sensitive information.  

Unstructured data, which can be found in many different formats throughout an organization, poses a number of unacknowledged operational threats to companies. Losing track of data opens a corporation up to bad actors and leaves it vulnerable to financial audits and other types of inspection.

Can businesses make sure that their enterprise, alongside their networks of external and agency partners, is up to the challenge of maintaining compliance with constantly changing regulations, navigating the deprecation of third-party cookies, and keeping a promise of privacy to clients?

We are listing below the three ways in which they can establish data governance.

1. Identify the content

Analyzing data is the first step in controlling it. It covers everything from abandoned USB keys to written notes to service records and survey results.

Unstructured data, such as video, audio, social media posts, and scanned documents, make up a considerable portion of data (80% to 90%). Official data governance requires knowing where this record is, where it is kept, and who has exposure to it within the company. Completing a comprehensive digital inventory with all data is the initial step in efficient governance. 

2. Dark data: Inform the staff

Schooling in data security must be a core component of all job-related training and start from day one. Every member of the company, from the admin officer to the CEO, should get used to the organization's security regulations. Create formal processes and update them as applicable. 

3. Employ effective monitoring

Investing in data analysis software is simply the start of building a successful data governance system. Additionally, the company requires professionals who can act as data owners and administrators. 

The ownership and governance duties cannot be grafted onto executive job descriptions because a complete data inventory may require tracking and monitoring as many as 100,000 unstructured files. Instead, including data privacy, protection, and security in the design process necessitates automation and the focus of experts. 

Information governance, which has a broader focus on how information is used throughout an organization, is connected to data governance. However, these concepts are typically seen as distinct disciplines with related goals.

Software for data catalogs is present in many platforms for data governance and metadata management. An organization's diverse teams are given the ability to manage data voluntarily thanks to a layer of cross-functional review tools, resulting in effective data governance with constructed checks and balances.

Safeguarding Edge Data in the Age of Decentralisation

 

The new paradigm shift toward data decentralization may signal a shift in how organizations approach edge protection. Cyberattacks can intensify existing security issues while exposing new gaps at the perimeter, posing several challenges for IT and security personnel. Infrastructure must be resilient to the security flaws introduced by the massive proliferation of devices that generate, capture, and consume data outside of the traditional data center. 

The need for a holistic cyber resiliency strategy has never been greater — not only for safeguarding data at the edge but for strengthening protection from all endpoints of a business to centralized data centers and public clouds.

But before diving into the perks of a holistic framework for cyber resiliency, it may help to get a deeper understanding of why the edge is often susceptible to cyberattacks, and how adhering to some tried-and-true security best practices can help tighten up edge defenses.

The consequences of human error

According to conventional IT wisdom, security is only as strong as its weakest link: humans. Human error can be the difference between an unsuccessful attack and one that causes application downtime, data loss or financial loss. According to IDC, more than half of new enterprise IT infrastructure will be at the edge by 2023. In addition, Gartner predicts that by 2025, 75% of enterprise-generated data will be created and processed outside of a traditional data center.

The concern is securing and protecting critical data in edge environments where the attack surface is growing exponentially and near-instant data access is required.

With so much data flowing in and out of an organization's endpoints, the function of humans in ensuring its security is amplified. For example, failing to practice basic cyber hygiene (reusing passwords, opening phishing emails, or downloading malicious software) can hand over the keys to the kingdom to a cyber-criminal without anyone in IT knowing.

In addition to the risks linked with disregarding standard security protocols, end-users may bring unauthorized devices to the workplace, creating additional blind spots for the IT organization. While capitalizing on edge data is essential for expansion in today's digital economy, how can we overcome the challenge of securing an expanding attack surface as cyber threats become more sophisticated and invasive than ever?

A multi-layered approach

It may feel like there are no simple answers, but organizations may start by addressing three fundamental key elements for security and data protection: Confidentiality, Integrity, and Availability (CIA).
  • Confidentiality: Data is protected from unauthorized observation or disclosure both in transit, in use, and when stored.
  • Integrity: Data is protected from being altered, stolen, or deleted by unauthorized attackers.
  • Availability: Data is highly available to only authorized users as required.
In addition to following CIA principles, organizations should consider implementing a multi-layered strategy for securing and safeguarding infrastructure and data at the edge. This typically falls into three categories: the physical layer, the operational layer, and the application layer.

Physical layer:

Physical security is built into data centers, with a set of policies and protocols in place to prevent unauthorized access and to avoid physical damage or loss of IT infrastructure and data stored in them. At the edge, however, servers and other IT infrastructure are likely to be housed beside an assembly line, in the stockroom of a retail store, or even in the base of a streetlight. Evaluate the following best practices for physical security at the edge:

  • Controlling infrastructure and devices from start to finish, from the supply chain and factory to operation and disposal.
  • Preventing systems from being modified or accessed without permission.
  • Safeguarding vulnerable access points, such as open ports, from bad actors.
  • Preventing data loss if a device or system is stolen or tampered with.
Operational layer

Beyond physical security, once IT infrastructure is functional at the edge, it is vulnerable to a new set of vulnerabilities. Infrastructure is deployed and managed in the data center using a set of tightly controlled processes and procedures. Edge environments, on the other hand, tend to lag in specific security software and necessary updates, including data protection. Endpoint security is difficult to achieve compared to a centralized data center due to the large number of devices deployed and the lack of visibility into the devices. Consider the following best practices for securing IT infrastructure at the edge:
  • Using an uncompromised image to ensure a secure boot spin-up for infrastructure.
  • Controlling system access, such as locking down ports to prevent physical access.
  • Installing applications into a known secure environment.
Application layer:

Data protection looks a lot like traditional data center security once you get to the application layer. However, the high volume of data transfer, combined with a large number of endpoints inherent in edge computing, creates attack vectors as data travels between the edge, the core data center, the cloud, and the back.

Best practices to consider for application security at the edge include:
  • Securing external connection points.
  • Identifying and locking down exposures related to backup and replication.
  • Assuring that application traffic is coming from known resources.

Apple Improves iCloud Data End-to-End Encryption

Apple took a step further in its continuous effort to offer people even better ways to safeguard private data when it unveiled new cutting-edge security capabilities aimed at defending against attacks on user data in the cloud. 

Advanced Data Protection allows trusted devices of iCloud users sole access to the data encryption for the majority of their data. It is already available in the U.S. for participants in the Apple Beta Software Program and will be available to all U.S. customers by the end of the year.

According to a press release from Apple, the only essential categories excluded from Advanced-Data Protection are iCloud Mail, Contacts, and Calendar due to the necessity to interoperate with the worldwide email, contacts, and calendar systems.

Apple apparently abandoned plans to provide end-to-end encryption to iCloud backups after the FBI objected. Privacy organizations like the Electronic Frontier Foundation have long urged Apple to do this.

These new features join a number of other safeguards that make Apple products the most secure on the market, including the setups directly into our specially made chips with efficient system encryption and data protections and features like Lockdown Mode, which provides an extremely high level of optional security for users like journalists, human rights activists, and diplomats. Apple is committed to enhancing device and cloud security or continuously introducing additional safeguards.

Despite the fact that the great majority of users will never be the target of extremely sophisticated assaults, the functionality adds an essential degree of security for users. If a highly skilled opponent, such as a state-sponsored attacker, were ever to be successful in accessing cloud servers and inserting its personal device to spy on these encrypted communications, conversations between users who have activated iMessage Contact Key Verification receive immediate alerts.

According to an Apple official, the company has been trying to add hardware keys for some time, but most recent version of FIDO standards, it was cautious about implementation and usability. A recent increase in the availability of the keys, the spokesman added, as well as evolving and intensifying threats, were further driving factors for the business.

How Con Artists are Getting Conned? Here’s All You Need to Know

 

Scammers keep demonstrating how evil never sleeps. While their goals—to acquire peoples' financial and personal information—remain the same, their strategies frequently change to stay relevant. In fact, con artists have improved their methods and abilities to the point where some of them even con fellow con artists since their familiarity with the techniques makes it simpler to evade discovery and extort something from them. 

According to a recent Sophos study, cybercriminals are allegedly defrauding one another of millions of dollars and utilizing arbitration to settle disputes over the schemes. The findings also reveal how attackers carry out their schemes against one another using tried-and-true techniques, some of which are decades old, such as typosquatting, phishing, backdoored software, and false marketplaces. 

Let's go through each technique one at a time for those who are not familiar with how they operate: 

Typosquatting: An attack that targets users who inadvertently enter the incorrect website address into their browser's URL field. Internet users frequently have no notion that the websites they are viewing or buying from are phony. This identity theft could be used by dishonest website operators to trick users into disclosing their personal information. 

Phishing: An online scam in which victims are duped by receiving emails purporting to be from banks, mortgage lenders, or internet service providers. 

Backdoor malware: Malware that bypasses standard authentication procedures to access the system.  As a result, application resources are accessible remotely, giving attackers the ability to remotely update malware and run system commands. 

Fake marketplace: The website acts as a launchpad for scams like fraudulent goods, catfishing, and even hacking. 

Hackers and fraudsters are now more prevalent than only knowledgeable software developers and computer specialists. Today's technology is so user-friendly that "noobs" could be in charge of a fraud occurrence that costs companies and clients millions of dollars. 

The number of fraud incidents rose by more than doubling (178%) in Asia-Pacific alone in the first quarter of 2021 compared to the same time in 2020. The two most frequent occurrence categories are online banking fraud and account takeovers, with increases of 250 percent and 650 percent, respectively. 

Scammers getting the taste of their own medicine 

For this research, BreachForums, an English-language cybercrime forum and marketplace that focuses on data leaks, as well as Exploit and XSS, were examined by Sophos X-Ops experts. Russian-language cybercrime forums Exploit and XSS provide access-as-a-service (AaaS) listings. All three locations have dedicated arbitration rooms. 

Even while it occasionally causes chaos between "plaintiffs and defendants," the scamming of fraudsters is lucrative. Some alleged offenders simply disappear or call the complainants themselves "rippers." Sophos examined 600 scams over the course of a year, with claims ranging from US$ 2 to US$ 160,000, costing hackers more than US$ 2.5 million between them on just three sites. 

Not all scams are conducted merely for financial gain. Matt Wixey, a Senior Security Researcher at Sophos, claims that interpersonal conflicts and rivalries were common. They also found cases where con artists would defraud those who had defrauded them. 

“In one case, we found a trolling contest set up to get revenge on a scammer trying to trick users into paying US$ 250 to join a fake underground forum. The ‘winner’ of the contest received US$ 100,” Wixey stated. Additionally, Sophos discovered that the dispute resolution and arbitration procedures left a wealth of unused intelligence behind, which security professionals and law enforcement might use to better understand and stop cybercriminal tactics.

Twitter's Brussels Staff Sacked by Musk 

After a conflict on how the social network's content should be regulated in the Union, Elon Musk shut down Twitter's entire Brussels headquarters.

Twitter's connection with the European Union, which has some of the most robust regulations controlling the digital world and is frequently at the forefront of global regulation in the sector, may be strained by the closing of the company's Brussels center. 

Platforms like Twitter are required by one guideline to remove anything that is prohibited in any of the EU bloc's member states. For instance, tweets influencing elections or content advocating hate speech would need to be removed in jurisdictions where such communication is prohibited. 

Another obligation is that social media sites like Twitter must demonstrate to the European Commission, the executive arm of the EU, that they are making a sufficient effort to stop the spread of content that is not illegal but may be damaging. Disinformation falls under this category. This summer, businesses will need to demonstrate how they are handling such positions. 

Musk will need to abide by the GDPR, a set of ground-breaking EU data protection laws that mandate Twitter have a data protection officer in the EU. 

The present proposal forbids the use of algorithms that have been demonstrated to be biased against individuals, which may have an influence on Twitter's face-cropping tools, which have been presented to favor youthful, slim women.

Twitter might also be obligated to monitor private conversations for grooming or images of child sexual abuse under the EU's Child Sexual Abuse Materials proposal. In the EU, there is still discussion about them.

In order to comply with the DSA, Twitter will need to put in a lot more effort, such as creating a system that allows users to flag illegal content with ease and hiring enough moderators to examine the content in every EU member state.

Twitter won't have to publish a risk analysis until next summer, but it will have to disclose its user count in February, which initiates the commission oversight process.

Two lawsuits that might hold social media corporations accountable for their algorithms that encourage dangerous or unlawful information are scheduled for hearings before the US Supreme Court. This might fundamentally alter how US businesses regulate content. 

7 Minutes a Day, Malicious Cyber Criminals Strike, Here's How to Defend

 


There has been an increase in malicious cyberattacks targeting Australian businesses over the last few years. As a result, these businesses are being advised to raise their standards when protecting customer information. 

In a new report published by the Australian Cyber Security Centre (ASCS), it has been found sophisticated state and criminal actors are striking more frequently, with a cyber crime being reported every seven minutes, according to the paper. 

In the wake of the "concerning" report that was released by the Department of Homeland Security, Cyber Security Minister Clare O'Neil put businesses on notice that they will need to handle the cyber data of their customers more securely and effectively. 

During the past financial year, the Cyber Security Agency received over 76,000 reports from the community about cyber-related issues, which was a 13 percent increase from last year's number. 

The number of publicly reported security holes also increased by 25 percent over the previous year. 

An estimated $100 million has been lost by Australians with compromised email systems. This amounts to an average of $64,000 in compromised emails reported to the authorities, each time.

Fraudulent emails are sent by scammers who send emails purporting to be businesses to solicit payments. For example, a real estate agent will ask for a deposit on a property. 

Richard Marles, the Deputy Prime Minister, has said that everyone needs to be more alert to possible threats. 

"In comparison to cyberspace, the environment in which we live is much more challenging. Although there are many pickpockets around, this appears to be happening at an unprecedented level," he told ABC radio station. 

Keeping yourself safe does not have to be complicated. There are several simple steps anyone can take to do so. 

The measures include not clicking on links in text messages or emails that are not marked as such, ensuring that their software is up-to-date, and taking additional care when dealing with their data. 

In a recent interview, Marles said the government was investing heavily in the cybersecurity sector. In response to this, the company updated its systems and considered a public education campaign. 

There has been a study that suggests small businesses lose on average $39,000 as a result of cyberattacks, and the figure reaches $88,000 for medium-sized businesses as a result of these attacks. 

It has been reported that the average loss was $112,000 in Western Australia and $26,000 in the Northern Territory, according to the Australian Bureau of Statistics. 

As per the NSW government, the average loss was almost $70,000, and the losses in all other states and territories were between $50,000 and $50,000 on average. 

Cyber incidents affect about a third of the total number of computers in the state and Commonwealth of Australia, with the Commonwealth and state governments at risk. 

As a result, the next big target was healthcare systems. This is mainly because cybercriminals are targeting vulnerable businesses that are more likely to pay a ransom when they want their data back. Therefore, health systems are the ideal next target. 

Abigail Bradshaw, the agency's director, said that cyber threats are continually evolving and that they are more frequently targeting the country's critical infrastructure, which is becoming more widespread. 

As a result of the program, more than 24 million malicious domain requests have been blocked. In addition, 29,000 attacks on Australian services have been taken down. Furthermore, 185 ransomware movements have been stopped, which represents an increase of 75 percent. 

Besides this, the agency was also involved in five successful operations, which included the shutdown of online criminal marketplaces as well as foreign scam networks. 

How to protect yourself 


As part of its recommendations, the ACSC urges individuals to take steps to protect themselves from cybercrime. 

  • Information that is critical to the organization should be protected by updated devices 
  • Turn on multi-factor authentication to make the system more secure 
  • Make sure that you regularly back up your devices 
  • Passphrases should be set up to ensure their security 
  • You should report scams and keep an eye out for threats if you come across them

Australian Government Plans Privacy Overhaul after Attacks on Multiple Organizations

 

Two weeks after the Medibank hack, the Australian government has decided to introduce legislative reforms on cybersecurity regulation that would increase penalties for companies that fail to guard customers’ personal data. 

Australia’s largest health insurer said on Wednesday a hacker accessed the data of all its 4 million customers which included personal information like names, dates of birth, addresses, and gender identities, as well as Medicare numbers and health claims. 

The malicious actor claimed to have extracted nearly 200GB of files and has provided 1,000 records to the insurer to prove they have the data claimed. The hacker also threatened to leak the diagnoses and treatments of high-profile customers if the insurer fails to pay the ransom. 

According to the Health insurer, its priority was to discover the specific data stolen in relation to each customer and to share that information with those customers. 

The company had previously said the breach was thought to be limited to its subsidiary AHM and foreign students. 

“Our investigation has now established that this criminal has accessed all our private health insurance customers' personal data and significant amounts of their health claims data,” Medibank chief executive David Koczkar stated. This is a terrible crime – this is a crime designed to cause maximum harm to the most vulnerable members of our community.” 

Legislative reform 

Cyberattacks on Optus, Medibank, and MyDeal have forced the Australian government to introduce legislative reforms on cybersecurity regulation. Last month on September 21, the hackers stole the personal data of almost 10 million current and former customers of Optus, the country’s second-biggest telecom. 

Two weeks later, the hackers targeted MyDeal, an online retail intermediary that lost the data of 2.2 million customers. 

“As the Optus, Medibank, and MyDeal cyberattacks have recently highlighted, data breaches have the potential to cause serious financial and emotional harm to Australians, and this is unacceptable. Governments, businesses, and other organizations have an obligation to protect Australians’ personal data, not to treat it as a commercial asset,” Attorney-General Mark Dreyfus stated during the introduction of amendments to the Privacy Act to Parliament. 

The government is keeping a close eye on firms that collect more customer data than necessary to make money from it in ways unrelated to the services for which the information was provided. The penalties for serious breaches of the Privacy Act would increase from 2.2 million Australian dollars ($1.4 million) now to AU$50 million ($32 million) under the proposed amendments, Dreyfus added.

Swiss Army Bans WhatsApp at Work

 

A spokesman for the Swiss army announced Thursday that the use of WhatsApp while on duty has been prohibited, in favour of a Swiss messaging service regarded more safe in terms of data security. 

Using other messaging applications like Signal and Telegram on soldiers' personal phones during service activities is likewise barred. 

Commanders and chiefs of staff got an email from headquarters at the end of December advising that their troops switch to the Swiss-based Threema. According to army spokesman Daniel Reist, the recommendation applies "to everyone," including conscripts serving in the military and those returning for refresher courses. 

Switzerland is known for its neutrality. However, the landlocked European country's long-standing position is one of armed neutrality and has mandatory conscription for men.

During operations to assist hospitals and the vaccination campaign in Switzerland's efforts to prevent the Covid-19 pandemic, the concern of using messaging apps on duty came up, as per Reist. The Swiss army will bear the cost of downloading Threema, which is already used by other Swiss public agencies, for four Swiss francs ($4.35, 3.85 euros). 

Other messaging services, such as WhatsApp, are governed by the US Cloud Act, which permits US authorities to access data held by US operators, even if it is stored on servers located outside of the nation. Threema, which claims to have ten million users, describes itself as an instant messenger that collects as little data as possible. It is not supported by advertisements. 

The company states on its website, "All communication is end-to-end encrypted, and the app is open source." 

According to an army spokesman mentioned in a Tamedia daily report, data security is one of the reasons for the policy change. As per local surveys, WhatsApp is the most popular messenger app among 16- to 64-year-olds in Switzerland.

Flaw on Voters’ Portal Patched, Possible Data Leak Avoided

 

An independent security researcher discovered a significant flaw in the National Voters Service Portal (NVSP) and notified the Computer Emergency Response Team (CERT), which collaborated with technical specialists to patch the vulnerability. 

Sai Krishna Kothapalli, the founder and CEO of Hackrew, a Hyderabad-based cybersecurity business, states he discovered the flaw while downloading his Elector Photo Identity Card (EPIC), which provided him accessibility to other voters' registered phone numbers. A simple script could make available the phone numbers of all the voters in a Lok Sabha or Assembly constituency. 

Mr Kothapalli, a graduate of the Indian Institute of Technology, Guwahati, alerted the CERT on October 22, 2021, through a vulnerability submission. Though that he was supposed to receive an acknowledgement within 72 hours, he received a response on December 7, 2021, stating that the emergency response team was in contact with the relevant officials to take appropriate measures. He confirmed that the vulnerability had been addressed on December 14, 2021. 

Mr Kothapalli stated, “The plugging of the loophole has not only prevented a major data leak — exposing the personal mobile phone numbers of several crores of voters across the country — but averted a possible scam during the process of elections. By accessing a mobile number, and using another vulnerability I found, we can send an SMS that will appear as if it came from credible Government IDs. For instance, we can send a message to a voter giving some misleading information that could deprive him/her of casting the vote. So one can imagine this on a larger scale, impacting crores of votes across India.” 

The security researcher explained that he discovered the flaw after visiting the NVPS portal to download his e-EPIC. The system would send an OTP to the registered mobile phone for further authentication after submitting the EPIC number and State name. 

“This is where the vulnerability got exposed. While the OTP went to the voter’s mobile number, the response sent to the browser had the voter’s un-redacted phone number. While this is not visible on the screen, any person with the basic technical know-how of how websites work can figure out how to get it,” he added. 

Since electoral rolls containing EPIC numbers, names, and other election-related and personal details of a voter are published and accessible online for anyone to access, all that is required is to write a simple script to obtain all voters in a constituency's personal phone numbers, names, father/name, husband's EPIC numbers, and constituency names. 

He further added, “This is the most dangerous and highly effective way you can abuse the vulnerability. Since names are visible, huge sections of the country can be targeted based on religion, caste or language in election-related scams in this way.”

Pegasus Spyware Reportedly Hacked iPhones of U.S. State Department & Diplomats

 

An unidentified party used NSO Group's Pegasus spyware to attack the Apple iPhones of at least nine US State Department officials, as per a report published Friday by Reuters. 

After receiving a query about the incident, NSO Group indicated in an email to The Register that it had barred an unnamed customer's access to its system, but it has yet to determine whether its software was engaged. 

An NSO spokesperson told The Register in an email, "Once the inquiry was received, and before any investigation under our compliance policy, we have decided to immediately terminate relevant customers’ access to the system, due to the severity of the allegations." 

"To this point, we haven’t received any information nor the phone numbers, nor any indication that NSO’s tools were used in this case." 

The Israel-based firm, which was recently sanctioned by the US for reportedly selling intrusion software to repressive regimes and is being sued by Apple and Meta's (Facebook's) WhatsApp for allegedly assisting the hacking of their customers, says it will work cooperatively with any relevant government authority and share what it learns from its investigation. 

NSO's spokesperson stated, “To clarify, the installation of our software by the customer occurs via phone numbers. As stated before, NSO’s technologies are blocked from working on US (+1) numbers. Once the software is sold to the licensed customer, NSO has no way to know who the targets of the customers are, as such, we were not and could not have been aware of this case." 

According to Reuters, the impacted State Department officials were situated in Uganda or were focused on Ugandan issues, therefore their phone numbers had a foreign nation prefix rather than a US prefix. When Apple launched its complaint against the NSO Group on November 23rd, the iPhone maker also stated that it will tell iPhone customers who have been the target of state-sponsored hacking. On the same day, Norbert Mao, a communist, was assassinated. On the same day, Norbert Mao, a lawyer and the President of Uganda's Democratic Party, tweeted that he'd gotten an Apple threat notification. 

According to the Washington Post, NSO's Pegasus software was involved in the attempted or accomplished hacking of 37 phones linked to journalists and rights activists, including two women connected to Saudi journalist Jamal Khashoggi. The findings contradicted NSO Group's claims that their software was only licenced for battling terrorists and law enforcement, according to the report. 

The NSO Group released its 2021 Transparency and Responsibility Report [PDF] the same month, insisting that its software is only used against groups with few sympathisers, such as terrorists, criminals, and pedophiles. 

Several reports from cybersecurity research and human rights organisations, not to mention UN, EU, and US claims about the firm, have disputed that assertion. The US State Department refused The Register's request for confirmation of the Reuters claim but said the agency takes its obligation to protect its data seriously. They were also told that the Biden-Harris administration is seeking to limit the use of repressive digital tools.

Amazon Fined With EUR 746 Million By Luxembourg Over Data Protection

 

Amazon has been fined 746 million ($880 million) Euros by the Luxembourg government over data protection rules. Despite its powerful presence across the globe, the American multinational technology company that focuses on e-commerce, digital streaming, cloud computing, and artificial intelligence, has continued to make headlines for various reasons, at times even serious allegations. Interestingly, it also falls under the category of "frightful five" which is a name given to the five most valuable tech giants that collectively influence almost everything that happens in the tech world. Amazon has undoubtedly become an integral part of most households, not only just American but worldwide. In terms of power, Amazon is a leading player both economically and socially. 

According to authorities, Amazon broke the EU’s data protection rules. It is assumed that the fine that has been charged for a data protection violation is the largest since the passage of the regulation. 

The Luxembourg National Commission for Data Protection had issued a notice on July 16. In the wake of which, Amazon said in a securities filing, "Amazon’s processing of personal data did not comply with the EU General Data Protection Regulation."

"We believe the CNPD's decision to be without merit and intend to defend ourselves vigorously in this matter," the company added, using the organization's French acronym. 

The Securities and Exchange Commission (SEC) document did not disclose any further technical details, but Amazon was sued by a European consumer group for using personal credentials for marketing purposes without authorization. Also, the Luxembourg agency declined to comment on further inquiries by saying that its investigations are confidential. 

Following the allegations, Amazon was already fined by French authorities 35 million Euros last year for not following laws on browser "cookies" that track users. Meanwhile, Google (another of "frightful five") had also been charged with a fine of 100 million Euros for similar data protection rules. Alongside, Facebook, yet another giant firm labeled under "frightful five" is also under investigation in Ireland for leaked data.