Category Archives: CYBER ATTACKS

How to become a great spy agency in the 21st century: Incubate startups..!!

What results when a top secret intelligence agency turns to entrepreneurs to assist in the building of new tools to protect a nation from cyberattacks? This is it….

Intelligence agencies are great at finding out and keeping secrets, and at working patiently in the shadows. Startups are good at promoting themselves, moving fast, and breaking things—in an effort to build the next big technology. It’s hard to think of two mindsets that are further apart.

However in a world of constantly evolving cybersecurity threats, Britain’s GCHQ spy agency decided to open a startup accelerator to bridge the gap between the two: to see, if it was a little more open, it could help the private sector build tools to prevent cyberattacks in the future..

Britain’s Government Communications Headquarters (GCHQ) has a century-long history of helping to protect the country from threats, both international and domestic.

Although it wouldn’t be known as GCHQ for decades to come, its work began during World War I when a number of intercept stations were established to seize and decrypt messages sent by Germany and its allies. Its most famous incident came in early 1917 when analysts were able to intercept and decrypt a telegram sent by the German foreign minister Count Zimmermann, in which was revealed that Germany planned to reward Mexico with US territory if it joined the war. The release of the message was one of the factors which brought the United States’ firepower into the war.

During World War II, the organisation, then called the Government Code and Cypher School (GC&CS), was located at Bletchley Park where it tirelessly undertook to decrypt Hitler’s “unbreakable” ciphers—work credited with shortening the war significantly.

SEE: Defending against cyberwar: How the cybersecurity elite are working to prevent a digital apocalypse (TechRepublic cover story)

Following the war and having outgrown its previous site, GC&CS was renamed GCHQ. Its headquarters were moved just outside of Cheltenham, Gloucestershire, in the west of England, where it remains today.

It now has 6,000 staff and an annual budget of £2.6bn, while still being tasked to keep Britain safe from a variety of threats including terrorism, serious crime, espionage, and cyberattacks, as well as providing support to law enforcement and the military when required.

But its work is not without controversy. In 2013, whistleblower Edward Snowden lifted the lid on PRISM, an expansive online surveillance programme by GCHQ, along with the US National Security Agency. The programme collected data on all online and telephone communications made inside the UK.

But while the agency is best known for snooping, it also has a secondary role in providing security advice.

“We’re a security organisation. If you drive past us you see a lot of razor wire and that can sometimes create an internal, introverted culture,” said Chris Ensor, deputy director of cyber skills and growth at the National Cyber Security Centre (also known as NCSC, the cybersecurity arm of GCHQ).

“For the last 100 years, GCHQ has had an intelligence mission and a security mission. It’s the intelligence which is portrayed in the news or in films like James Bond and we’re always the spy centre. But actually we’ve had a security mission for a long, long time,” said Ensor.

Threats to national security evolve over time and today cyberattacks are considered to be among the biggest risks to the country—alongside terrorism, espionage, and weapons of mass destruction.

That means GCHQ’s security mission has extended to protecting the UK from cyberattacks and hackers, particularly those targeting critical national infrastructure. Indeed, the NCSC was set up to tackle cyberthreats, replacing three separate cybersecurity organisations: the Centre for Cyber Assessment, Computer Emergency Response Team UK, and GCHQ’s information security arm.

Hackers steal around $400M from Cryptocurrency System ICOs

ICOs are risky, possibly quite lucrative, and also a top target for threat actors looking to cash in.

Anti piracy button on  keyboard.

Cyberattackers have managed to line their pockets with almost $400 million in cryptocurrency by targeting ICOs, a new report states.

According to a new research report (.PDF) by Ernst & Young, over 10 percent of all funds changing hands during these events have been lost or stolen.

This equates to roughly $400 million in cryptocurrency from $3.7 billion in funding between 2015 and 2017.

Initial Coin Offerings (ICOs), or token sale events, have garnered the interest of investors in recent years. The events are an opportunity to fund cryptocurrency or Blockchain-related projects and companies and can prove lucrative in the long term

ICOs have been popular enough to outstrip venture capital investments in Blockchain projects in recent years, despite the potential risks.

These events may be of interest to investors, but they are also a red flag for threat actors looking to cash in fraudulently.

Ethereum marketplace Enigma was gearing up for its ICO when a phishing campaign scammed $500,000 out of investors, while ICOs launched by CoinDash, Veritaserum, and EtherParty were all compromised by attackers a year ago.

These are only the most high-profile names to be targeted through ICOs, however, as the report found a total of 372 ICOs have been attacked in the last two years.

Hackers have been able to steal an average of $1.5 million per month through ICOs, and the report suggests that attackers “are attracted by the rush, absence of a centralized authority, blockchain transaction irreversibility and information chaos” of such events.

“Project founders focus on attracting investors and security is often not prioritized,” the report says. “Hackers successfully take advantage — the more hyped and large-scale the ICO, the more attractive it is for attacks.”

The most common attacks are the substitution of wallet addresses at the time of the event — as we saw with CoinDash — the unauthorized access of private keys and the theft of funds from both wallets and exchanges.

The most common attack vector is phishing, then also by Distributed Denial-of-Service (DDoS) attacks, direct website compromise, employee attacks, and exchange hacking.

Calls have been made for more regulation and tighter security surrounding ICOs, with regulators worldwide now thrashing out methods to legislate these events and protect investor funds.

“As ICOs continue to gain popularity and leading players emerge globally, there is a risk of having the market swamped with quantity over quality of investments,” said Paul Brody, EY Global Innovation Blockchain Leader. “These high-risk investments and the complexity of ICOs need to be managed to ensure their credibility as a means of raising capital for companies, entrepreneurs and investors alike.”

Read also: Venezuela asks other countries to adopt oil-backed cryptocurrency

On Monday, US Securities and Exchange Commission (SEC) regulator Jay Clayton warned businesses not to jump on the Blockchain bandwagon or offer ICOs without the expertise and regulatory support & backing.

The US agency has added ICOs and companies which have changed their name to something Blockchain or cryptocurrency-related without cause to their watch lists in the face of market disruption and surge share pricing due to the trend.

www.scamsfakes.com

ooo

Henry Sapiecha

Australia likely to get its own GDPR

Everyone in the Australian cybersecurity ecosystem has a role to play to ensure the security of the nation, according to Nationals Senator Bridget McKenzie.

The mandatory data breach notifications laws coming into effect in Australia next year will be followed by other laws to ensure everyone in the digital ecosystem — including government divisions, large corporates, small to medium-size enterprises (SMEs), and consumers — are playing their role in keeping Australia “cyber secure”, according to Senator Bridget McKenzie.

McKenzie, who is the chair of the Foreign Affairs, Defence, and Trade Legislation Committee, likened cyber breaches to the “system of disease in the pre-industrial revolution that just swept through”.

“Cyber breaches have the capacity to wipe out industries, wipe out systems, wipe out communities, if every member of that community or that cyber ecosystem isn’t following best practice when it comes to keeping their information secure,” McKenzie told ZDNet at the Australian Computer Society’s Reimagination Thought Leaders’ Summit.

“It’s not just defence’s job or ASIO’s or DSTO’s or the government’s indeed, but every SME and private homeowner needs to have an eye for cybersecurity, making sure their data’s safe.”

McKenzie said mandatory data breach notifications laws, set to come into effect next year, is a step towards keeping organisations alert and accountable, with other laws expected to be introduced in Australia in the upcoming years, possibly similar to those coming into effect next year in the European Union.

The European Union’s (EU) General Data Protection Regulation (GDPR) will require organisations around the world that hold data belonging to individuals from within the EU to provide a high level of protection and explicitly know where every piece of data is stored.

Organisations that fail to comply with the regulation requirements could be fined up to €20 million, or, in the case of an undertaking, up to 4 percent of the total worldwide annual turnover of the preceding financial year — whichever is higher.

“No longer can you say, ‘Oh I’ll leave it to someone else because the flow-on effects, the interconnectedness, the Internet of Things, is such that if one member of that web, if you like, has a security breach, it has flow-on effects for everybody involved,” McKenzie said.

Additionally, Australians need to have the confidence that they can share private information such as their health details and not have it end up in the public sphere, otherwise the nation will not be able to experience the full benefits of technology, McKenzie said.

Shadow Minister for the Digital Economy Ed Husic said, however, that the government has a long way to go in building that confidence, given 50,000 Australians have been affected by a government data breach that occurred in October. He noted that the breach was not a technological error, but a human error.

“How do we build consumer or citizen confidence about protection of privacy?” Husic said. “50,000 people were affected by a data breach across government, releasing details of passwords and credit cards. It’s not all tech related … people often blame tech for this. It’s people and the way that they use data and it’ll be interesting to see the details that come out on this in the next few days.”

“This data breach occurred back in October, no public explanation of it, no detail about what was known, what was being done to fix it. If we want people to be confident that data is being used well by government, then the government’s got a long way to go to build that confidence.”

Husic added that the government needs to lead by example; it should be notifying the public about data breaches if it wants businesses to do the same.

“[The government’s] got to do some things itself. And you can’t lecture business about getting focused on cybersecurity if you’re losing your own moral authority … because you’re not looking after data within your own batch,” he said.

McKenzie believes in Australia’s growing status as a cybersecurity hub, saying that the nation is equipped with the right expertise in this area. She added that Australia is in the process of creating a strong cybersecurity industry capable of exporting.

“Our law enforcement and intelligence agencies are world-class. We’re also part of Five Eyes, which means we have a lot of access to information and technology and collaboration opportunities,” she said. “We lead the world in quantum computing … and it [has the] potential to contribute further to security of data and security of communications particularly in the intelligence and defence spheres.

“We’ve really got some technical expertise, but also I think a richness around governance frameworks and excellence in regulatory frameworks that can also assist other governments and other organisations worldwide to understand best practices in the area.”

In September, Ambassador for Cyber Affairs Dr Tobias Feakin communicated a similar sentiment, saying Australia has an international standing in cybersecurity, and brings “key qualities” to the table.

Australia has also played a role in the creation of international peacetime norms for cyberspace, including chairing the first United Nations Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (UN GGE) in 2013, and helping develop the 11 international norms agreed to in subsequent UN GGE meetings.

“We have regional knowledge beyond most. We have a trusted diplomatic brand, and that’s something that we intend to capitalise on. We have strategic and economic interests in the region. And we have long-standing development partnerships across the region already,” Feakin said at the second annual SINET61 conference in Sydney.

“We need to capitalise on those, make the most of them. Not just for us as a government, [and] for regional partners as well, but also for our private sector … We see this issue as central to our economic future,” he said.

“It’s only this year that it’s just reached the point, of tipping over, to 50 percent of all internet users living in the Asia-Pacific. But really, still, there’s huge economic growth to unravel there, because still 60 percent of all households don’t have internet coverage.”

Last month, launching the International Cyber Engagement Strategy, Foreign Minister Julie Bishop said that for the purpose of national security, cyberspace cannot be an ungoverned space.

“Just as we have international rules that guide how states behave, and how states should behave towards each other, the international rules-based order that’s been in place for about 70 years, so too must states acknowledge that activities in cyberspace are governed by the same set of rules as military and security activities in traditional domains,” Bishop said in October.

“The 2016 US presidential election focused the world’s attention on the potential for cyber operations to interfere with democratic processes. This cannot be allowed to continue. It strikes at the very heart of the sovereignty of nations.”

According to the International Cyber Engagement Strategy, Australia will develop an international “architecture for cooperation” including mechanisms to respond to unacceptable behaviour in cyberspace in a timely manner.

“Australia’s responses to malicious cyber activity could comprise law enforcement or diplomatic, economic, or military measures as appropriate for the circumstances. This could include, but is not restricted to, offensive cyber capabilities that disrupt, deny, or degrade the computers or computer networks of adversaries,” the strategy states.

The strategy also implies that the nation has the capability to identify the source of cyber attacks.

“Depending on the seriousness and nature of an incident, Australia has the capability to attribute malicious cyber activity in a timely manner to several levels of granularity — ranging from the broad category of adversary through to specific states and individuals,” the strategy states.

In September, the federal government pledged AU$50 million over seven years for the cybersecurity cooperative research centre (CRC), with over AU$89 million in further funding to come from 25 industry, research, and government partners.

The cybersecurity CRC will deliver solutions to increase the security of critical infrastructure, the government said at the time, which includes “frameworks, products, and approaches that will service existing and future ICT enterprises across a broad range of platforms and operating systems”.

Assistant Minister for Industry, Innovation and Science Craig Laundy said the activities of the cybersecurity CRC will contribute to the objectives laid out in Australia’s AU$240 million Cyber Security Strategy, which is aimed at defending the nation’s cyber networks from organised criminals and state-sponsored attackers.

Related Coverage

Just one day after its release, iOS 11.1 hacked by security researchers

The bugs were found in Apple’s Safari web browser.

With a physical key, Google says it can protect you from nation-state hackers

When two-factor doesn’t cut it against the most sophisticated adversary, Google thinks it has an answer.

IoT security: Keeping users on their toes means staying on yours

IoT has introduced new vulnerabilities that can put your network at risk. Providing users with ongoing security training — and examples that relate to their work — will help keep your data safe.

Hacking group targets banks with stealthy trojan malware campaign

Stolen credentials are used to launch attacks which include the ability to stream live video of the screens of infected users.

This destructive wiper ransomware was used to hide a stealthy hacking campaign

“ONI” ransomware deployed on hundreds of machines in an effort by attackers to cover tracks of “Night of the Devil” campaign — which exploited leaked-NSA exploits.

www.scamsfakes.com

www.crimefiles.net

Henry Sapiecha

ASIO restructuring strategy and resources in the face of cyber threat

The country’s intelligence agency has aligned its resources to focus on the growing threat of cyber espionage targeting ‘a range’ of Australian interests.

In the wake of accusations from United States intelligence agencies that Russia hacked into Democratic Party emails, thus helping Donald Trump to election victory last year, a report from Australia’s intelligence agency said the country’s national security resources are focused on preventing foreign threat actors from “targeting a range of Australian interests”.

In its 2016-17 Annual Report [PDF], the Australian Security Intelligence Organisation (ASIO) explained that Australia continued to be a target of espionage and foreign interference, noting in particular that foreign intelligence services sought access to privileged and/or classified information on Australia’s alliances and partnerships; the country’s position on international diplomatic, economic, and military issues; as well as energy and mineral resources, and innovations in science and technology-related fields.

ASIO called the threat from espionage and foreign interference to Australian interests “extensive, unrelenting, and increasingly sophisticated”.

“Foreign intelligence services are targeting a range of Australian interests, including clandestine acquisition of intellectual property, science and technology, and commercially sensitive information,” the report explains.

“Foreign intelligence services are also using a wider range of techniques to obtain intelligence and clandestinely interfere in Australia’s affairs, notably including covert influence operations in addition to the tried and tested human-enabled collection, technical collection, and exploitation of the internet and information technology.”

During the reported period, ASIO said it identified foreign powers clandestinely seeking to shape the opinions of members of the Australian public, media organisations, and government officials, motivated by the appeal of “advancing their country’s own political objectives”.

As highlighted by ASIO, rapid technological change continued to provide people who are engaging in activities that threaten Australia’s security with new tools to conceal their activities from security and law enforcement agencies. In particular, ASIO said the use of encrypted communications by security intelligence targets was — and still is — an area of particular concern.

“Australia continues to be a target of espionage through cyber means; the cyber threat is persistent, sophisticated, and not limited by geography,” ASIO warned.

“Increasingly, foreign states have acquired, or are in the process of acquiring, cyber espionage capabilities designed to satisfy strategic, operational, and commercial intelligence requirements.”

Watching carefully the area of investment flows, ASIO said that while Australia’s open and transparent economy, which invites foreign investment, is a welcome and important contributor to Australia’s national wealth, it is not without national security risks.

“For example, foreign intelligence services are interested in accessing bulk data sets and privileged public or private sector information, including Australian intellectual property. Developing and implementing effective mitigation strategies for these issues is critical to reducing the threat to an acceptable level,” the report says.

Another emerging issue of potential national security concern to ASIO is the lack of diversity of ownership within certain infrastructure sectors.

The agency also said that the number of cybersecurity incidents either detected or reported within Australia represents a fraction of the total threat the country legitimately faces.

While technology provided security and law enforcement agencies with new opportunities to identify activities of security concern, ASIO said building and maintaining technical collection capabilities to stay ahead of the threats proved to be resource intensive.

“Transforming existing agency information and communications technology infrastructure to effectively exploit new capabilities, manage the large volume and variety of data available, and to be adapted easily to new technologies is a major challenge, and one that will require significant, ongoing investment,” the agency wrote.

“In addition to technological challenges in the operating environment, we faced heightened threats to our staff, facilities, and information.”

ASIO said such challenges required the diversion of resources to “ensure the security and effectiveness” of the agency’s operations.

Throughout the period, ASIO said it worked closely with Australia’s national security partner agencies, which included work to progress shared national security objectives through joint agency bodies such as the federal, state, and territory Joint Counter Terrorism Teams (JCTT), the National Threat Assessment Centre (NTAC), the Jihadist Network Mapping and Targeting Unit, and the Australian Cyber Security Centre (ACSC).

Similarly, work with international peers was maintained with over 350 partner agencies in 130 countries, ASIO explained.

The intelligence agency specifically worked with counter-terrorism prosecution in New South Wales, Victoria, and Queensland, providing assistance and evidence on telecommunications intercepts, physical surveillance, listening, and tracking devices.

“In 2016-17, we continued to work closely with telecommunications companies regarding the security risks associated with the use of certain companies in their supply chains and risks arising from foreign ownership arrangements,” the report says.

“We provided sensitive briefings to the Australian government and the telecommunications sector to outline the threat and, where possible, recommended appropriate mitigation measures.”

ASIO said that through its work with ACSC, it regularly observed cyber espionage activity targeting Australia.

“Foreign state-sponsored adversaries targeted the networks of the Australian government, industry, and individuals to gain access to information and progress other intelligence objectives,” the agency wrote.

“ASIO provided support to the ACSC’s investigations of these harmful activities as well as the centre’s work to remediate compromised systems. The number of countries pursuing cyber espionage programs is expected to increase … as technology evolves, there will be an increase in the sophistication and complexity of attacks.”

It isn’t just foreign threats on ASIO’s radar, with the agency noting it remained alert to, and investigated threats from, malicious insiders.

“Those trusted employees and contractors who deliberately breach their duty to maintain the security of privileged information,” ASIO explained. “These investigations continued to be complex, resource-intensive, and highly sensitive.”

In-house, ASIO said it also worked to build an enterprise technology program to enable the agency to “excel in using technology and data” to achieve its purpose.

“Given the increasing opportunities and challenges brought about by rapid advances in technology, it is imperative that ASIO is a ‘data-enabled organisation’, connected to its partners, accountable to the people, innovative in its approach, and sustainable for the long term,” the report says.

From July 2018, Australia’s new Home Affairs ministry will be responsible for ASIO, Australian Federal Police, Border Force, Australian Criminal Intelligence Commission, Austrac, and the office of transport security. It will see Attorney-General George Brandis hand over some national security responsibility to Minister for Immigration and Border Protection Peter Dutton.

Of the ministerial changes and the recommendations of the 2017 Independent Intelligence Review, ASIO Director-General of Security Duncan Lewis said he believes the new measures will play an important role in strengthening the agency’s strategic direction, effectiveness, and coordination of Australia’s national security and intelligence efforts, at a time when “the nation is facing complex, long-term threats” to its security.

Henry Sapiecha

Telstra launches Sydney cybersecurity centre Australia

Telstra now has security operations centres live in Sydney, Melbourne, and Canberra, and is also launching its learning initiative to help businesses educate staff members on cybersecurity.

Telstra’s Sydney SOC

(Image: Corinne Reichert/ZDNet)

Telstra has launched its Sydney-based cybersecurity centre, with the telecommunications provider also announcing a new “secure internet initiative”.

With the latest security operations centre (SOC) officially open for customers from Thursday, Telstra now has centres live in Sydney, Melbourne, and Canberra ahead of launching more across the globe, Telstra CEO Andy Penn told ZDNet.

“There will be more [centres] in the next year or two,” the chief executive told ZDNet during the Sydney SOC launch on Thursday afternoon.

“The thing to bear in mind, though, is that they’re virtual; this centre is virtually connected to the centre in Melbourne, and every future centre that we’ll have will be virtually connected as well, plus they’ll have 24/7 capabilities.

“So in that sense, these centres once established have the capacity to service thousands of customers and as our business grows — particularly internationally with our submarine cable network where we have about 400,000 kilometres of submarine cable network where we’re doing all the data transmission services for international customers — we’ll build out more centres as that demand requires, but we certainly have plans for a small number of extra centres internationally.”

According to Penn, Telstra’s position as Australia’s largest telecommunications service provider gives it the responsibility and obligation of delivering services that will protect its customers domestically and globally.

“Today, we’re announcing a new initiative that will add significantly to our existing capabilities … it is the creation of a new network of security operations centres,” he said.

“These centres support our global network of more than 500 cybersecurity experts, and will uniquely position Telstra to better monitor, detect, and respond to security incidents for all of our customers. The security operations centres will provide enterprise customers with access to our world-class security teams and increase visibility and insight for managing their business cyber risk.”

Telstra built the security centres to an Australian Security and Intelligence Organisation (ASIO) T4 standard, with all cables colour coded and physically separated according to what level of intelligence is carried across them, and the centre’s entry guarded by a time-sensitive airlock equipped with biometric security including facial recognition, gait recognition, and a retina scanner that can read from up to 10 metres away.

Under the T4 security standard, audio and video cannot be recorded inside the SOCs, and all mobile devices are required to be locked away prior to entering the centre.

The Sydney centre took seven months to build, with Telstra saying it took “an agile approach to both software and facilities”. In this regard, Telstra used open-source project Apache Metron, around which it built managed services applications and capabilities in order to remove the cost of developing commercial software, which it said meant more money spent on analysts.

Telstra’s SOC management platform is run on Microsoft Azure, with the centres also utilising the capabilities of software development company Readify and advanced security analytics technology Cognevo, both of which were acquired by Telstra last year.

“The future of security is machine intelligence coupled with human expertise,” Penn said.

“With the volumes of data we are seeing today driven by technology innovation, it is impossible to see the patterns and trends without machine learning. These new centres and our dynamic security offerings give us exactly this capability.”

Available 24/7, the Sydney and Melbourne centres “have the ability to aggregate data in a central point where it can be analysed for hostile intent”, Penn explained. The two SOCs are identical, with each housing 14 analysts at all times to support thousands of customers.

If one centre has an outage, services can be immediately switched over to the other, Telstra said.

While Penn would not disclose how much the centre is worth, he said it is “a fair bit bigger” than Optus’ AU$7 million centre unveiled last year.

Telstra additionally announced the establishment of a learning and development program to increase knowledge of cybersafety within organisations.

“Cybersecurity is a team sport,” Penn said, adding that Telstra fully supports the federal government’s cybersecurity strategy.

“The security operations centres and the secure internet initiatives reinforce Telstra’s commitment to working with the government and industry to create a cybersecure Australia.”

Minister Assisting the Prime Minister for Cyber Security Dan Tehan welcomed the arrival of Telstra’s new SOC, saying it demonstrates that as a telco provider, Telstra is “incredibly well placed” for dealing with cybersecurity.

“Cyber risk is there and it’s growing — we’re seeing cyber espionage, we’re seeing cybercrime, and we’re seeing hacktivism,” Tehan said during the SOC launch in Sydney, adding that there needs to be a “whole-of-community approach” to dealing with it.

Tehan and Penn

Tehan said the Australian cybersecurity centre’s unclassified-level stage one is “nearly ready” to be online, with the entire centre aiming to be fully operational next year.

The federal government has been moving towards a greater focus on cybersecurity, with Prime Minister Malcolm Turnbull initially pledging AU$30 million through to 2019-20 in December 2015 as part of the government’s AU$1.1 billion National  Science and Innovation Agenda to establish the Cyber Security Growth Centre.

The government announced in November that it would be launching the AU$4.5 million Academic Centres of Cyber Security Excellence with the aim of improving Australia’s cybersecurity through education and research, with Turnbull and Tehan receiving cyber defence education at the Australian Signals Directorate.

The government in February also pledged AU$1.9 million to universities delivering specialised cybersecurity training in a bid to combat the skills shortage in cyber-related fields.

During the 2017 Federal Budget, the government further pledged AU$10.7 million over four years to establish the Cyber Security Advisory Office (CSAO) to work with government agencies to manage cyber and digital risks and vulnerabilities to “provide strengthened central governance and assurance for cybersecurity and broader project vulnerability across government”.

Having launched its own managed security services earlier this year, Penn last week told ZDNet during Telstra’s FY17 financial results call that Telstra has “deep” skills in cyber.

“We’ve got deep, deep, deep skills in cyber because of our own need to protect our networks, but also we provide a very significant dynamic service for our enterprise customers, and this is really a significant investment in really building that service for our enterprise customers,” Penn told ZDNet.

The chief executive also told ZDNet that Telstra will likely upgrade its existing SOC in Canberra.

Henry Sapiecha

Telstra launching cybersecurity centres internationally

Telstra is utilising its ‘deep, deep skills in cyber’ by launching security operations centres in Sydney, Melbourne, and across the globe, as well as likely upgrading its existing facility in Canberra.

Telstra will be opening cybersecurity centres internationally following the launch of its security operations centres (SOCs) in Sydney and Melbourne over the next few weeks, CEO Andy Penn has announced.

Speaking during Telstra’s FY17 financial results call, Penn said Australia’s incumbent telecommunications provider is currently looking at locations for international SOCs, but would not disclose the sites.

However, he added that the two new Australian centres will be launching “very soon … in the coming weeks”.

“There’s no doubt that large enterprises and even smaller enterprises today are becoming increasingly concerned by cybersecurity risks that they face,” Penn told ZDNet.

“There’s virtually no technology innovation that’s happening today that isn’t intended to be connected. That means it’s across a network, and what’s critical is those innovations and that technology is protected from a cyber perspective.

“We’ve got deep, deep, deep skills in cyber because of our own need to protect our networks, but also we provide a very significant dynamic service for our enterprise customers, and this is really a significant investment in really building that service for our enterprise customers.”

Penn told ZDNet that Telstra will also likely upgrade its existing SOC in Canberra.

“We have a dynamic product offering which is integrated with some of the best data analytics globally and the best access to data globally, so that’s actually the fundamental offering, and then the security operations themselves actually enable ourselves on behalf of our customers, or our customers, to monitor 24/7 effectively the cyber activity on their networks,” Penn told ZDNet.

“You need the data analytics and you need the artificial intelligence and the machine learning capabilities to process what’s actually happening deeply at the network level, and you need the sensors deep within the network, and that’s the dynamic security offering that is already launched. We’ve already got customers on that who are very pleased with that offering, and then we’re supporting that with the security operations centres.”

Penn said Telstra has the “smartest” network in Australia, with the telco currently also upgrading its fibre-optic network to allow for terabit capacity.

“We have commenced the rollout of our next-gen optical fibre and transmission network; Tasmania was the first state to benefit from this upgrade,” the chief executive said.

“This will increase Telstra’s network capacity to 1 terabit per second, and has already done so on each of Telstra’s two subsea cables running across the Bass Strait. We’re already rolling this out to the rest of the country, and there is future potential to increase the capacity to 100 terabits per second.”

In addition, Penn spruiked the company’s Cat-M1 Internet of Things (IoT) network, built in conjunction with Ericsson and switched on earlier this month on the 4GX network.

“Cat-M1 will give us the platform for the significant growth we expect to see in IoT,” Penn said.

Telstra currently has more than 8,600 mobile towers, 5,000 telephone exchanges, 200,000 switches and routers, 240,000km of optical fibre cable, and 400,000km of submarine cable.

Telstra TV 2

Penn also announced the launch of the Telstra TV 2, saying that Telstra remains “committed to Foxtel” despite its dropping revenue and is in discussions with co-owner News Corp on how best to structure and arrange Foxtel in future.

“We’re about to dial it up again,” Penn said, detailing that the Telstra TV 2 will include all streaming and catch-up TV services along with a linked mobile app, making it “a real Australian first”.

“Access to the best content is critically important to us as demand for media continues to grow. At the same time, the media market is changing with new participants and increased competition,” Telstra added.

Telstra’s media revenue grew by 8.2 percent to AU$935 million thanks to uptake of both the Telstra TV and “Foxtel from Telstra”. Foxtel from Telstra made AU$777 million in revenue, growing by 8.1 percent due to 57,000 additional subscribers, and there are now 827,000 Telstra TV devices in the market.

Underpinning Telstra’s SOCs is its suite of managed security services announced in March and launched in July, Penn said, in addition to the company’s 500 “cybersecurity experts”.

The Telstra TV originally launched in October 2015.

WannaCry researcher denies in court about creating banking malware

The security researcher rose to fame for curbing the spread of the WannaCry ransomware recently

A security researcher who helped curb a global outbreak of the WannaCry ransomware earlier this year has told a court he is not guilty of charges of allegedly creating a notorious banking malware.

Marcus Hutchins, 22, said he was not guilty during a hearing at a Las Vegas court after he was arrested and detained earlier this week.

The news was confirmed by his attorney Adrian Lobo, speaking on Facebook Live to local reporter Christy Wilcox, at the court house.

Hutchins was granted bail on a bond of $30,000 during a hearing at a Las Vegas court.

But he will “not be released today lawyers says could not get bail in time,” according to Wilcox in a tweet.

He will not be allowed access to devices with an internet connection, said Wilcox, and he will be tagged to be monitored at all times.

Hutchins, also known as @MalwareTechBlog, stormed to fame earlier this year after he found a kill switch in the malware, known as WannaCry, amid a global epidemic of ransomware in May.

By registering a domain found in the code, he stopped the spread of the malware.

The Justice Department announced Thursday that it was charging Hutchins with malicious activity, unrelated to the WannaCry cyberattack.

The security researcher, a British native, was arrested shortly before boarding a flight home. He had been attending the Def Con security conference late last month. He was briefly detained in a federal detention facility in Nevada, then later questioned by the FBI at its field office in Las Vegas.

Hutchins was later indicted, along with an unnamed defendant, on six charges relating to allegations that he created the Kronos malware, a trojan that can steal banking usernames and passwords from victims’ computers.

He was also charged with five other counts, including wiretapping — thought to relate to the interception of passwords; and violating the controversial Computer Fraud and Abuse Act, which serve as the basis of US hacking laws.

Hutchins will appear at a court in Wisconsin, where the case was filed, on August 8.

Developing… more soon. www.crimefiles.net

Henry Sapiecha

Global cyber-attack: Security blogger halts ransomware ‘by accident’

 

A UK security researcher has told the BBC how he “accidentally” halted the spread of the malicious ransomware that has affected hundreds of organisations, including the UK’s NHS.

The 22-year-old man, known by the pseudonym MalwareTech, had taken a week off work, but decided to investigate the ransomware after hearing about the global cyber-attack.

He managed to bring the spread to a halt when he found what appeared to be a “kill switch” in the rogue software’s code.

“It was actually partly accidental,” he told the BBC, after spending the night investigating. “I have not slept a wink.”

Although his discovery did not repair the damage done by the ransomware, it did stop it spreading to new computers, and he has been hailed an “accidental hero”.

“I would say that’s correct,” he told the BBC.

Cyber-attack scale ‘unprecedented’

NHS ‘robust’ after cyber-attack

“The attention has been slightly overwhelming. The boss gave me another week off to make up for this train-wreck of a vacation.”

What exactly did he discover?

The researcher first noticed that the malware was trying to contact a specific web address every time it infected a new computer.

But the web address it was trying to contact – a long jumble of letters – had not been registered.

MalwareTech decided to register it, and bought it for $10.69 (£8). Owning it would let him see where computers were accessing it from, and give him an idea of how widespread the ransomware was.

By doing so, he unexpectedly triggered part of the ransomware’s code that told it to stop spreading.

Analysis: How did it start?

What is the ransomware?

This type of code is known as a “kill switch”, which some attackers use to halt the spread of their software if things get out of hand.

He tested his discovery and was delighted when he managed to trigger the ransomware on demand.

“Now you probably can’t picture a grown man jumping around with the excitement of having just been ‘ransomwared’, but this was me,” he said in a blog post.

MalwareTech now thinks the code was originally designed to thwart researchers trying to investigate the ransomware, but it backfired by letting them remotely disable it.

Does this mean the ransomware is defeated?

While the registration of the web address appears to have stopped one strain of the ransomware spreading from device-to-device, it does not repair computers that are already infected.

Security experts have also warned that new variants of the malware that ignore the “kill switch” will appear.

“This variant shouldn’t be spreading any further, however there’ll almost certainly be copycats,” said security researcher Troy Hunt in a blog post.

MalwareTech warned: “We have stopped this one, but there will be another one coming and it will not be stoppable by us.

“There’s a lot of money in this, there is no reason for them to stop. It’s not much effort for them to change the code and start over.”

Henry Sapiecha

Massive international cyber attack hits computers across Europe, Asia and Russia

London: A huge cyber attack struck computers across Europe and Asia on Friday, crippling health services and closing emergency rooms in Britain.

The attack involved ransomware, a kind of malware that encrypts data and locks out the user. According to security experts, it exploited a vulnerability that was discovered and developed by the National Security Agency (NSA) in the US.

The hacking tool was leaked by a group calling itself the Shadow Brokers, which has been dumping stolen NSA hacking tools online since the beginning of last year. Microsoft rolled out a patch for the vulnerability last March, but hackers took advantage of the fact that vulnerable targets – particularly hospitals – had yet to update their systems.

The malware was circulated by email; targets were sent an encrypted, compressed file that, once loaded, allowed the ransomware to infiltrate its targets.

Employees of Britain’s National Health Service (NHS) were warned about the ransomware threat early on Friday, but by then it was too late.

As the disruptions rippled through hospitals, doctors’ offices and ambulance services across Britain, the NHS declared the attack a “major incident” and patients were asked to only seek assistance for serious medical emergencies.

Hospitals and telecommunications companies across Europe, Russia and Asia were affected, according to MalwareHunterTeam, a security firm that tracks ransomware attacks.

Spain’s Telefonica and Russia’s MegaFon were among the telecommunications targets.

Attacks were being reported in Britain and 11 other countries, including Turkey, Vietnam, the Philippines, Japan, with the majority of affected computers in Russia. The computers all appeared to be hit with the same ransomware, and similar ransom messages demanding about $US300 to unlock their data.

The attack on the NHS seemed perhaps the most audacious of the attacks, because it had life-or-death implications for hospitals and ambulance services.

Tom Donnelly, a spokesman for NHS Digital, the arm of the health service that handles cybersecurity, said in a phone interview that 16 organisations, including “hospitals and other kinds of clinician services,” had been hit. Officials later updated that number to at least 25.

Hospitals and doctors’ surgeries were forced to turn away patients and cancel appointments as the attack crippled computer systems.

The Spanish government said a large number of companies, including telecommunications giant Telefonica, had been infected. Portugal Telecom was also hit but no services were impacted, a spokeswoman for the company said.

“Seeing a large telco like Telefonica get hit is going to get everybody worried. Now ransomware is affecting larger companies with more sophisticated security operations,” Chris Wysopal, chief technology officer with cyber security firm Veracode, said.

In Spain, some big firms took pre-emptive steps to thwart ransomware attacks following a warning from the National Cryptology Centre of “a massive ransomware attack.” It said hackers used a version of a virus known as WannaCry that targets Microsoft Corp’s widely used Windows operating system.

Iberdrola and Gas Natural, along with Vodafone’s unit in Spain, asked staff to turn off computers or cut off internet access in case they had been compromised, representatives from the firms said.

Reuters

www.scamsfakes.com

www.crimefiles.net

Henry Sapiecha

Ransomware: These four industries are attacked the most frequently.

Ransomware is a threat to all sectors — but these are the ones most under attack, states a new study

A ransomware attack against any business could be potentially devastating, but there are some sectors which are more at risk from file-encrypting attacks than others, as cybercriminals prey on industries which can’t afford to not have access to their networks.

Ransomware has boomed over the last 18 months, growing from an annoyance which targeted home PC users with moderate ransom demands, to a billion-dollar industry, with cybercriminals holding high-profile or deep-pocketed targets to ransom for tens of thousands of dollars.

While some cybercriminals might be attempting to compromise any organisation possible with a generic attack, professional threat actors will create specially tailored attacks in order to make them look as authentic as possible — even by making the message look like it comes from a colleague.

Ransomware is most often delivered via a phishing email, which arguably provides an explanation as to why NTT Security‘s Global Threat Intelligence Report lists business and professional services as the sector most likely to be targeted by ransomware.

Given that opening financial spreadsheets, job applications, and other email attachments is at the very heart of this modern sector, it makes sense that over a quarter of ransomware attacks (28 percent) were directed at business and professional services firms over the course of a year.

Meanwhile, 19 percent of ransomware attacks were targeted at government and government agencies. Healthcare is the next highest-profile target for cybercriminals, accounting for 15 percent of attacks. It was a ransomware attack against an LA hospital which infamously highlighted the problem, taking the network offline for days until the hospital paid a $17,000 Bitcoin ransom.

Ransomware attacks against the retail industry account for a further 15 percent of all incidents. All other industries make up the remaining 23 percent, according to the NTT Security report.

Ransomware has become one of the biggest menaces on the web. This ZDNet guide contains everything you need to know about it: how it started, why it’s booming, how to protect against it, and what to do if your PC suffers an attack.

www.crimefiles.net

www.scamsfakes.com

Henry Sapiecha