China finds itself at the heart of global scrutiny once more. Following its recent shift in tech policy, including the move to phase out AMD and Intel microprocessors in governmental applications, serious allegations have emerged from the U.S. and the UK. Authorities in these countries have leveled charges, imposed sanctions, and accused Beijing of orchestrating a vast cyberespionage campaign, reportedly affecting millions, including lawmakers, academics, journalists, and companies, notably in the defense sector.

Termed Advanced Persistent Threat 31, or “APT31,” this hacking ensemble is characterized by officials as a branch of China’s Ministry of State Security. A broad spectrum of individuals and entities has been identified as targets, encompassing White House personnel, U.S. senators, British legislators, and international officials critical of Beijing, as reported by Reuters.

Although specific victims have not been fully disclosed, it’s clear that over the past decade, these hackers have penetrated defense contractors, dissidents, and various sectors in the U.S., such as steel, energy, and apparel. They’ve also targeted leaders in 5G and wireless technology, extending even to the spouses of prominent U.S. officials and lawmakers.

HOW 5G CONNECTIVITY AND WI-FI 7 WILL SHAPE UP IN 2024

Aaron Raj | 19 December, 2023

Deputy U.S. Attorney General Lisa Monaco stated that the operation aimed to stifle criticism of the Chinese regime, compromise government institutions, and steal trade secrets.

A recent indictment of seven alleged Chinese hackers has brought to light the magnitude of their operations, detailing breaches involving work accounts, personal emails, and more, impacting millions in the U.S. British officials have also highlighted APT31’s hacking of key UK lawmakers and have connected another group of Chinese spies to a significant breach of Britain’s electoral commission.

International reactions and repercussions on the “China hacking”

In response, Chinese officials in the UK and U.S. have dismissed these allegations as unfounded and slanderous.

Amidst these disclosures, the UK and U.S. have sanctioned individuals and entities believed to be linked to China’s state security apparatus and involved in these cyber operations.

This situation intensifies the already heightened tensions between Beijing and Washington over cybersecurity, with each side increasingly accusing the other of espionage. China has retorted with allegations of U.S. cyber intrusions into major Chinese corporations, such as Huawei Technologies.

One notable incident highlighted by U.S. prosecutors involved targeting staffers from a U.S. presidential campaign in 2020, corroborating Google’s reports of malicious emails sent to President Joe Biden’s campaign team, though no breach was confirmed.

The hacking of a significant American public opinion research firm in 2018, during the U.S. midterm elections, underscores the hackers’ strategic interest in political entities for their invaluable intelligence and data.

John Hultquist, chief analyst for U.S. cybersecurity intelligence firm Mandiant, has pointed out the substantial value political organizations offer to espionage efforts, underlining the critical insights and extensive data they provide to actors like APT31 in search of geopolitical intelligence.

The global stage of cyber warfare

The narrative has broadened beyond the initial U.S. and UK accusations against China regarding cyberespionage. The New Zealand government has also come forward, expressing its concerns to the Chinese government about a state-backed cyberattack on New Zealand’s parliament in 2021, discovered by the country’s intelligence services. This incident contributes to the intricate landscape of international cyber tensions.

This exposure of unauthorized access to New Zealand’s parliamentary systems through malicious cyber activities aligns with the allegations of cyberespionage by Britain and the U.S. against China. New Zealand and Australia have both denounced these extensive cyber operations.

New Zealand’s Foreign Minister, Winston Peters, has criticized such foreign interference as unacceptable. He highlighted that New Zealand has conveyed its concerns about cyber activities attributed to Chinese government-sponsored groups targeting democratic institutions in New Zealand and the UK to the Chinese ambassador.

The Chinese Embassy in New Zealand has not yet commented on these accusations.

We reject outright the groundless and irresponsible accusations against China on cyber attacks or intrusions, and have lodged serious démarches to New Zealand’s relevant authorities, expressing strong dissatisfaction and resolute opposition.

Cybersecurity is a global challenge.…

— Wang Xiaolong (@AmbChina2NZ) March 26, 2024

The New Zealand Communications Security Bureau (GCSB), in charge of cybersecurity and signals intelligence, has linked a state-sponsored Chinese entity, known as Advanced Persistent Threat 40 (APT40), to the malicious cyber activities against New Zealand’s parliamentary services and parliamentary counsel office in 2021. The GCSB associates APT40 with the Ministry of State Security, noting that while no sensitive or strategic information was compromised, the attackers extracted technical data, potentially enabling further intrusive activities.

According to the GCSB, a notable portion of the malicious cyber events targeting nationally significant organizations last year were traced back to state-sponsored actors, not exclusively China. The bureau also criticized similar cyber activities linked to Russia.

Judith Collins, the minister responsible for the GCSB, stated that cyberespionage efforts targeting democratic institutions are universally condemnable.

Towards a unified stance against cyber intrusions

This development follows charges, sanctions, and accusations by American and British officials against Beijing, accusing it of conducting a widespread cyberespionage campaign that allegedly affected millions globally, including lawmakers, academics, journalists, and businesses, such as defense contractors. The group behind these activities, identified as Advanced Persistent Threat 31 or “APT31,” is said to be an extension of China’s Ministry of State Security, with a broad list of global targets reported by officials from the two countries.

CHINA’S NEW TECH POLICIES CHALLENGE INTEL AND AMD IN A SHIFTING LANDSCAPE

Muhammad Zulhusni | 26 March, 2024

A joint statement from Australia’s Foreign Minister Penny Wong and Home Affairs Minister Clare O’Neil criticized the continuous cyber targeting of democratic institutions, emphasizing the adverse impact on democratic and open societies like Australia. They stated that such behavior is unacceptable and must cease.

In 2019, Australian intelligence attributed a cyberattack on its national parliament and the country’s three largest political parties before the general election to China, though the Australian government has not officially confirmed the perpetrator.

Well, it looks like the cyber saga is thickening, with China in the hot seat for allegedly orchestrating a vast network of cyberespionage that spans continents. The U.S., UK, New Zealand, and Australia are ramping up their cybersecurity defenses and calling out China’s actions on the global stage. It’s a classic case of “your move, China,” as the international community tightens its ranks against these cyber intrusions.

But what does the future hold? Well, if history has taught us anything, it’s that with every action comes a reaction. China might double down on its cybersecurity measures and retaliate, or perhaps, just perhaps, this international spotlight could usher in a new era of cyber diplomacy. In a world where technology continues to blur the lines between the possible and the impossible, who’s to say what the future might hold? One thing’s for sure: the global dialogue on cybersecurity is heating up.

The post Global concerns rise over alleged cyber hacking activities linked to China appeared first on Tech Wire Asia.

It’s now well known that usernames and passwords aren’t enough to securely access online services. A recent study highlighted more than 80% of all hacking-related breaches happen due to compromised and weak credentials, with three billion username/password combinations stolen in 2016 alone.

As such, the implementation of two-factor authentication (2FA) has become a necessity. Generally, 2FA aims to provide an additional layer of security to the relatively vulnerable username/password system.

It works too. Figures suggest users who enabled 2FA ended up blocking about 99.9% of automated attacks.

But as with any good cybersecurity solution, attackers can quickly come up with ways to circumvent it. They can bypass 2FA through the one-time codes sent as an SMS to a user’s smartphone.

Yet many critical online services in Australia still use SMS-based one-time codes, including myGov and the Big 4 banks: ANZ, Commonwealth Bank, NAB, and Westpac.

Read more:
A computer can guess more than 100,000,000,000 passwords per second. Still think yours is secure?

So what’s the problem with SMS?

Major vendors such as Microsoft have urged users to abandon 2FA solutions that leverage SMS and voice calls. This is because SMS is renowned for having infamously poor security, leaving it open to a host of different attacks.

For example, SIM swapping has been demonstrated as a way to circumvent 2FA. SIM swapping involves an attacker convincing a victims’s mobile service provider they themselves are the victim, and then requesting the victim’s phone number be switched to a device of their choice.

SMS-based one-time codes are also shown to be compromised through readily available tools such as Modlishka by leveraging a technique called reverse proxy. This facilitates communication between the victim and a service being impersonated.

So in the case of Modlishka, it will intercept communication between a genuine service and a victim and will track and record the victims’s interactions with the service, including any login credentials they may use).

In addition to these existing vulnerabilities, our team have found additional vulnerabilities in SMS-based 2FA. One particular attack exploits a feature provided on the Google Play Store to automatically install apps from the web to your android device.

If an attacker has access to your credentials and manages to log into your Google Play account on a laptop (although you will receive a prompt), they can then install any app they’d like automatically onto your smartphone.

The attack on Android

Our experiments revealed a malicious actor can remotely access a user’s SMS-based 2FA with little effort, through the use of a popular app (name and type withheld for security reasons) designed to synchronise user’s notifications across different devices.

Specifically, attackers can leverage a compromised email/password combination connected to a Google account (such as username@gmail.com) to nefariously install a readily-available message mirroring app on a victim’s smartphone via Google Play.

This is a realistic scenario since it’s common for users to use the same credentials across a variety of services. Using a password manager is an effective way to make your first line of authentication — your username/password login — more secure.

Once the app is installed, the attacker can apply simple social engineering techniques to convince the user to enable the permissions required for the app to function properly.

For example, they may pretend to be calling from a legitimate service provider to persuade the user to enable the permissions. After this they can remotely receive all communications sent to the victim’s phone, including one-time codes used for 2FA.

Although multiple conditions must be fulfilled for the aforementioned attack to work, it still demonstrates the fragile nature of SMS-based 2FA methods.

More importantly, this attack doesn’t need high-end technical capabilities. It simply requires insight into how these specific apps work and how to intelligently use them (along with social engineering) to target a victim.

The threat is even more real when the attacker is a trusted individual (e.g., a family member) with access to the victim’s smartphone.

What’s the alternative?

To remain protected online, you should check whether your initial line of defence is secure. First check your password to see if it’s compromised. There are a number of security programs that will let you do this. And make sure you’re using a well-crafted password.

We also recommend you limit the use of SMS as a 2FA method if you can. You can instead use app-based one-time codes, such as through Google Authenticator. In this case the code is generated within the Google Authenticator app on your device itself, rather than being sent to you.

However, this approach can also be compromised by hackers using some sophisticated malware. A better alternative would be to use dedicated hardware devices such as YubiKey.

These are small USB (or near-field communication-enabled) devices that provide a streamlined way to enable 2FA across different services.

Such physical devices need to be plugged into or brought into close proximity of a login device as a part of 2FA, therefore mitigating the risks associated with visible one-time codes, such as codes sent by SMS.

It must be stressed an underlying condition to any 2FA alternative is the user themselves must have some level of active participation and responsibility.

At the same time, further work must be carried out by service providers, developers and researchers to develop more accessible and secure authentication methods.

Essentially, these methods need to go beyond 2FA and towards a multi-factor authentication environment, where multiple methods of authentication are simultaneously deployed and combined as needed.

Read more:
Can I still be hacked with 2FA enabled?

Syed Wajid Ali Shah, Research Fellow, Centre for Cyber Security Research and Innovation, Deakin University; Jongkil Jay Jeong, CyberCRC Research Fellow, Centre for Cyber Security Research and Innovation (CSRI), Deakin University, and Robin Doss, Research Director, Centre for Cyber Security Research and Innovation, Deakin University

This article is republished from The Conversation under a Creative Commons license. Read the original article.

The post How hackers can use message mirroring apps to see all your SMS texts — and bypass 2FA security appeared first on Tech Wire Asia.

IS YOUR COUNTRY ON THE CRYPTOCURRENCY MINING MALWARE HITLIST?

Tech Wire Asia | 2 February, 2018

According to McAfee Asia Pacific Chief Technology Officer Ian Yip, this rapid surge in growth is attributed to the lower cost of entry and advancements in technology such as machine learning and AI.

The report from McAfee, in collaboration with the Center for Strategic and International Studies (CSIS), says that cybercriminals have been adopting new tech at great speed over the last three years, which has led to conducting criminal activity in cyberspace getting easier.

It seems that today, cybercriminals are using ransomware to outsource a majority of their work to skilled contractors.

“Ransomware-as-a-service cloud providers efficiently scale attacks to target millions of systems, and attacks are automated to require minimal human involvement,” McAfee Chief Technology Officer Steve Grobman for said in a statement.

“Add to these factors cryptocurrencies that ease rapid monetization, while minimizing the risk of arrest, and you must conclude that the US$600 billion cybercrime figure reflects the extent to which our technological accomplishments have transformed the criminal economy as dramatically as they have every other portion of our economy,” Grobman said.

There are currently more than 6,000 online criminal marketplaces selling ransomware products and service. Source: Shutterstock

The report finds that ransomware is the fastest-growing tool that cybercriminals use in their attacks. Companies of all sizes and industries are being targeted by cybercriminals who encrypt and hold their data hostage until a ransom is paid.

The FBI reported US$209 million in ransom was paid in the first quarter of 2016, compared to just US$24 million in ransom payments in all of 2015.

Ransomware is being increasingly more commercialized, with toolkits available online for just a few dollars, reaching up to US$3000 for specialized offerings. There are currently more than 6,000 online criminal marketplaces selling ransomware products and services, with over 45,000 different products available to even the most amateur of cybercriminals.

How much do hackers pay for #ransomware toolkits?

Download the #SecurityThreatReport for the answer: https://t.co/yqfpiQgnBM pic.twitter.com/74rSsjSgyo

— Symantec (@symantec) May 31, 2017

Also outlined in the report is the finding that banks continue to be a favorite target for cybercriminals. Government-backed attacks are considered to be the most dangerous, with China being found to be the most active in cyber espionage. Russia, North Korea, and Iran were found to be the most active in hacking financial institutions.

The post Cybercrimes cost global economy nearly $600b appeared first on Tech Wire Asia.

A private security company, FireEye has identified a North Korean cyber infiltration group called APT37 which has raised its sites from its previous concentration on purely South Korean targets to a more scattergun approach to cyber espionage.

At the same time, US authorities have formulated potential plans for a series of what it terms “bloody nose” attacks on targets in North Korea, which will focus on digital warfare rather than a conventional attack, according to UK news organization, The Daily Telegraph.

The new targets for the APT37 group, as revealed by FireEye, include a Middle Eastern company which had previously worked with North Korean authorities in telecommunications but whose venture had ‘gone south’. Furthermore, individuals working for Olympic organizations, a journalist associated with human rights issues in North Korea, and a Japanese party concerned with UN missions on sanctions have also been affected.

While the number & type of targets for the North Korean attacks have changed and broadened, the methods employed by the group remain much the same. Focusing primarily on phishing attacks in the first instance, the group sends Microsoft Office documents to its targets which, once open, drop malicious payloads into machines’ systems.

NORTH KOREA USES FLASH SURVEILLANCE

Tech Wire Asia | 2 February, 2018

The variants of malware deployed in this way collect system information, take screenshots and remotely download further code from sites controlled by the group.

The hacking group seems quite quick to adopt newly publicised vulnerabilities, developing their specific tactics after only a few weeks from when vulnerabilities are publicised. FireEye’s report states this aspect “suggest[s] a high operational tempo and specialized expertise.”

According to sources for The Telegraph, for the last few months, the US has been laying the groundwork for cyber attacks against North Korea which will be routed through South Korea and Japan, where the US has a significant military presence. Preparations include installation of network infrastructure such as fibre cables, and the setting up of virtual listening posts from where government agents will attempt to access the North Korean Internet.

American analysts with experience in other areas such as the war on drugs are being reassigned to the new Korea Mission Centre, which is being run by the CIA.

In addition to our core behavioral/sandbox detection of #APT37 (Reaper), @FireEye develops resilient named detections for custom malware.

This provides customer context and telemetry.

It's probably a good time to make sure you aren't seeing these alerts: https://t.co/73LwHWfTXo pic.twitter.com/4jmcSbfwdO

— Nick Carr (@ItsReallyNick) February 20, 2018

The cyber war between North Korea and the rest of the world has heated up recently, with reports of the rogue state being behind the theft of ¥58 billion from Japanese cryptocurrency exchange Coincheck at the beginning of this year.

North Korea is thought to have mobilized around 6000 individuals to wage a virtual war against its enemies, and the choice of battleground may well suit an American administration particularly sensitive to physical casualties among US personnel in conventional conflicts, with the associated imagery of body bags being flown home.

RANSOMWARE DARK WEB ECONOMY GROWING AT ANNUAL RATE OF 2,500PC

Tech Wire Asia | 13 October, 2017

As well as previous attacks laid at the door of the North Koreans such as the WannaCry incidents, a further malware instance termed “DogCall” and a wiper tool “RUHappy” have also been deployed.

“An individual we believe to be the developer behind several APT37 malware payloads inadvertently disclosed personal data showing that the actor was operating from an IP address and access point associated with North Korea,” said FireEye.

The post North Korea and US scale up for wider cyber war appeared first on Tech Wire Asia.

Despite the growing investments in cybersecurity projects, enterprises seem to be fighting a losing battle against hackers who make away with cash, data, and corporate secrets from company servers almost effortlessly.

WHY CYBERSECURITY ISN’T A STATIC ART FORM

Tech Wire Asia | 30 January, 2018

To help these enterprises, Apple, Cisco, Aon, and Allianz have teamed up to launch a new cyber risk management solution for businesses.

“Ransomware is an evolving risk that impacts every level of an enterprise. Organizations urgently need to be managing these risks from both the technical and the financial perspective,” Aon Cyber Solutions CEO Jason Hogg said.

The solution comprises of cyber resilience evaluation services from Aon, secure technology from Cisco and Apple, and options for enhanced cyber insurance coverage from Allianz.

The new solution is designed to help a wider range of organizations better manage and protect themselves from cyber risk associated with ransomware and other malware-related threats, which are the most common threats faced by organizations today.

What makes enterprises especially vulnerable is the fact that the security technology market is fragmented and that there is a shortage of security skills, which makes it difficult for businesses to find the right partners to fight against constantly evolving cyber terrorists.

2017: A WATERSHED YEAR FOR CYBERSECURITY

Samantha Cheh | 27 December, 2017

“Phone, iPad and Mac are the best tools for work, offering the world’s best user experience and the strongest security. We’re thrilled that insurance industry leaders recognize that Apple products provide superior cyber protection, and that we have the opportunity to help make enhanced cyber insurance more accessible to our customers,” Apple CEO Tim Cook said.

The tech giants aim to provide a comprehensive cybersecurity solution | Source: Pexels

The new solution covers the primary dimensions of cyber protection for businesses. The key elements of the offering include:

Cyber Resilience Evaluation: Aon cybersecurity professionals will assess interested customers’ cybersecurity posture and recommend ways to help improve their cybersecurity defenses.

Cyber Insurance: Allianz, based on its evaluation of the Cisco and Apple technical foundation of the solution, determined that customers using Cisco Ransomware Defense, and/or qualified Apple products might be eligible for the Allianz-developed enhanced cyber insurance offering.

Enhancements include market-leading policy coverage terms and conditions, including potentially qualifying for lower, or even no, deductibles in certain cases.

Cisco Ransomware Defense is part of Cisco’s integrated security portfolio that leverages industry leading threat intelligence from Cisco Talos to see threats once, and block them everywhere

The solution includes advanced email security, next-generation endpoint protection and cloud-delivered malicious internet site blocking, to strengthen an organization’s defenses against malware, ransomware and other cyber threats.

YOU DON’T HAVE TO BE A CYBERSECURITY EXPERT TO PROTECT YOUR SMALL BUSINESS

Tech Wire Asia | 5 January, 2018

Apple products: iPhone, iPad and Mac give employees the best experiences at work with the strong security that businesses need.

The tight integration of hardware, software and services on iOS devices ensures that each component of the system is trusted, from initial boot-up to installing third-party apps.

Users benefit from always-on hardware encryption, as well as support for secure networking protocols like Transport Layer Security (TLS) and VPN out of the box.

Incident Response Services: Organizations will have access to Cisco and Aon’s Incident Response teams in the event of a malware attack.

The post Apple, Cisco team up to help enterprises fight cybercrime appeared first on Tech Wire Asia.

It has created a world where the United States president wages war over Twitter, people are creating Instagram accounts for their newborn children (and even pets), and self-validation is dependent on the number of likes we receive on a single photo.

YOU DON’T HAVE TO BE A CYBERSECURITY EXPERT TO PROTECT YOUR SMALL BUSINESS

Tech Wire Asia | 5 January, 2018

Research has estimated that by 2019 there will be around 2.77 billion social media users around the globe, with a whopping 47 percent of people in Southeast Asia being active users.

It should come as no surprise then, that the primary platforms cybercriminals choose to target both individuals, businesses, and governments on are through email, mobile and social media.

Thus, with the growing popularity of social media comes the increase in vulnerability to cyberattacks. Platforms such as Facebook, WhatsApp and Twitter have become a breeding ground for a variety of threats.

Here are the latest threats to keep a vigil eye out for on social:

WhatsApp video calling invite

Source: Shutterstock

Many WhatsApp users have reported being targeted by a scam involving being invited to download the popular platform’s video calling service.

The fraudulent invitation leads its unsuspecting victims to a website called “Whatappvideostart”. Once this is activated, it compromises the security of the user’s smartphone and discloses account information and passwords to the attackers.

CHIP-LEVEL EXPLOITS: WHAT YOU NEED TO KNOW

Tech Wire Asia | 9 January, 2018

Because the scammer makes the message look like it’s coming from the user’s known contact or from the company whose services they’re using, this leaves the victim often not suspecting a thing.

To avoid this particular scam, ensure you update your app only from the official WhatsApp site.

If it sounds too good to be true, it probably is

Source: Shutterstock

As well as the video-calling scam, several WhatsApp users have been targeted by phishing scams which offer them desirable prizes.

A specific example is a message offering free flights with the well-known airline, Emirates. The link takes users to a fake survey which they’re prompted to complete in order to win two free tickets. Users are then told these can be claimed once they’ve shared the link with 10 of their WhatsApp contacts, spreading the scam further.

WHATSAPP BUSINESS FINALLY LAUNCHES IN SELECT MARKETS – AND IT’S FREE FOR NOW

Tech Wire Asia | 19 January, 2018

Then, the user is taken to a new domain for the final step of the scam, where it asks users to sign up with their phone number. With all steps completed, users are then notified that they haven’t won anything.

The best advice to avoid these kinds of scams: If it’s too good, it probably is. If you’re uncertain about something, it’s best to double check the legitimacy with the official company behind the “supposed” offer.

‘Be careful who you’re friends with’

Source: Shutterstock

Facebook is another platform that’s become a hotbed for phishing and malware attacks.

One of the latest scams on the popular social media platform appears to a very trusted source; your own friends.

The scam works by sending the victim a message from a Facebook friend asking for urgent help to recover their account, since they’ve added you as one of their “Trusted Contacts”.

According to a public security alert published by AccessNow, this attack is initiated by an already compromised account of one of your friends, who sends a message to you asking for “urgent help” to gain access back into their account.

HOW CYBERCRIMINALS BECAME ‘THE NEW MAFIA’

Tech Wire Asia | 1 January, 2018

The hacker (who’s hiding behind the identity of your friend) asks you to check your email for a recovery code to then share with the attacker.

However, this “recovery code” is actually a “Forgot my password” request initiated by the hacker, in an attempt to hijack your Facebook account.

The best way to protect yourself from this scam is to be extremely vigilant to every recovery email you receive. The above procedure is not how Facebook’s Trusted Contacts feature actually works, so make sure you familiarize yourself on the feature before accepting anything.

The above scams are only a few examples of the many lurking around the social media world.

And with social media platforms continuing to grow and have an all-encompassing presence in our daily lives, it is crucial that both individuals and businesses keep a vigilant eye on such vulnerabilities.

The post Social media scams on the rise: Here’s what you should look out for appeared first on Tech Wire Asia.

There exist a host of tools available for white hat cybersecurity testers, which with a little application can easily be used for ill. And this situation emanates from a technology used commonly to bridge the airwaves from computer or phone to the wireless access point on the wall: WPA2.

WPA2 is an old technology and has been around for close on 15 years, and traffic on WPA2 networks is susceptible. Therefore it’s fairly easy to hack or KRACK into. The process is as follows:

• Set up wi-fi hardware to listen in to a network
• Listen to all the packets going to and from the wi-fi point on the network
• Wait for someone to connect a device to said network
• Read the exchange of password (or key) between connecting machine and wi-fi access point
• Use the key to connect to private network

Doing some wifi security research today. This setup will make you think twice about using public wifi without https again. #infosec #wifi #wifipineapple #privatedetective #privateinvestigator #oklahoma #oklahomacity #okc #edmond #edmondok #edmondoklahoma #ssl #wirelesssecurity

A post shared by 1 to 1 Risk Control (@oklahomapi) on Aug 27, 2017 at 3:05pm PDT

However, the body in charge of wi-fi protocols has finally released the next generation of wireless security protocol, WPA3.

WPA3 will be available later this year for both personal and enterprise wi-fi networks and offers much-improved security and privacy for users and their networks.

Features are said to include:

• Individualized data movements more strongly encrypted
• Protection against so-called brute force password attacks, where hackers use lists of well-known passwords in freely-available text files to repeatedly try to log into a wi-fi network
• Simple yet relatively secure measures for simple devices such as IoT devices
• Availability of 192-bit security for organizations such as government agencies who need higher levels of security than default

After almost two decades, #WPA3 is here to fix the #WiFisecurity sins of the past @adesignmedia
–> WPA3-certified devices are expected to ship later this year, though it is unlikely that current devices will be updated to the new protocol.

— aDesignMedia® (@adesignmedia) January 9, 2018

However, until new hardware can be certified by the Wi-Fi Alliance to be WPA3-compliant, it won’t in all likelihood reach the market. Devices are therefore expected to start to arrive in the next few months, rather than immediately.

“Security is a foundation of Wi-Fi Alliance certification programs, and we are excited to introduce new features to the Wi-Fi CERTIFIED family of security solutions,” said Edgar Figueroa, president and CEO of Wi-Fi Alliance. “The Wi-Fi CERTIFIED designation means Wi-Fi devices meet the highest standards for interoperability and security protections.”

“Wi-Fi security technologies may live for decades, so it’s important they are continually updated to ensure they meet the needs of the Wi-Fi industry,” said Joe Hoffman, SAR Insight & Consulting. “Wi-Fi is evolving to maintain its high-level of security as industry demands increase.”

The post WPA3’s announcement ends wide-open wi-fi appeared first on Tech Wire Asia.

In fact, according to Fortinet’s Q3 Threat Landscape Report this week, small and medium businesses (SMBs) are even more vulnerable to cyberattacks than larger companies.

2017 HAS CHANGED HOW BUSINESSES AND CUSTOMERS THINK ABOUT CYBERSECURITY

Samantha Cheh | 21 November, 2017

Why is this? Anthony Giandomenico, senior security strategist and researcher at Fortinet, said this vulnerability comes from SMBs’ faster adoption of cloud services.

Additionally, Giandomenico tells Tech Republic that smaller firms also tend to have less advanced security programs in place.

According to Fortinet’s report:

“… it may be that companies of this size represent a good ‘bang for the buck’ for criminals. Smaller firms likely have less protection but also less (or less valuable) data. Larger firms certainly have the data, but also greater resources with which to protect it.

“Midsize firms typically have a large enough digital footprint to attract attention, enough valuable data to make them a worthwhile target, and yet not nearly the resources of their larger counterparts.”

The report which tracked exploits, malware, and top botnets in the third quarter of 2017, also noted an increase in attempted attacks heading into the busy holiday shopping season.

So, if you run an SMB and think you’re never going to be the target of cyber criminals, think again. It’s time to start putting a security plan in place. Here’s what you should include in your thought process when putting together a strategy:

Understand emerging trends and evolving risks

It is crucial that your SMB begins with having a good understanding of vulnerabilities that can impact your business. Some of the most common cyberattack methods to be aware of include phishing emails, malware threats, keylogging, and identity theft.

GODADDY INDIA ROLLS OUT DEDICATED SME PROGRAM TO BOOST CYBERSECURITY

Simon Alvarez | 20 November, 2017

Know everything your company is responsible for

Giandomenico advises companies to ensure they are fully aware of all the assets they own and are responsible for. After all, you can’t protect something if you don’t know about it.

Password management

Perhaps one of the most common reasons why businesses can be compromised is due to the same passwords being used between accounts and devices. Hackers can easily use a single password to cause a large amount of damage to your company.

To decrease risk of threat, a unique password should be used for each account, using a mix of letters, numbers, and symbols. These passwords should also be changed on a regular basis.

CONTAINER SHIPS AT MASSIVE RISK: SECURITY LATEST

Tech Wire Asia | 20 November, 2017

Password managers such as LastPass seeks to address this issue by creating unique passwords for each of your accounts, and storing them securely so you don’t need to remember them. Using a variety of encryption algorithms and tools such as finger recognition, password manager software can provide high security to your business accounts.

Practice good cyber hygiene

The Fortinet report found in multiple instances, organizations would often see the same botnet several times. Why? Because they did not have a good response plan. For your company, it is important to document any areas of vulnerability in order to best prepare yourself for any threats.

The post Your small business is more vulnerable to cyberattacks than you think appeared first on Tech Wire Asia.

The issue arises from the complete lack of security in the BAPLIE EDIFACT, a messaging system used to exchange information between shipping lines, port authorities, and ships, to create plans used to load each ship: which locations will house which container, in short.

The messaging system was developed originally by the Shipping Message Development Group (SMDG).

Pen Test Partners have published blog posts which show that even simple manipulation of the messages exchanged in the BAPLIE EDIFACT could result in loss of life, wholesale fraud, or massive costs to shipping organizations, port authorities, and ultimately, leave countries without essential goods.

WIKILEAKS’ JULIAN ASSANGE OFFERS TO SHARE CIA HACKING TOOLS WITH TECH FIRMS

Reuters | 10 March, 2017

Until recently, loading plans were exchanged by floppy disk between ports and ships and are still exchanged, in many cases, by means of a USB stick changing hands. BAPLIE EDIFACT is contained in a simple CSV file which shows how each ship should be loaded/unloaded.

By changing the simple codes in the document, a range of malicious activities could be instigated, ranging from the merely annoying and slightly time-wasting, right up to a loss of life. By changing the VGM (verified gross mass) record for any container, for instance, the port could load a ship incorrectly, with heavier containers positioned high above the ship’s center of gravity, or (perhaps in combination with this), off to one side, causing massive instability and a dangerous list (lean).

Loading plans for a container ship showing different load weights & types. Source: Pen Test Partners.

Additionally, the codes in the CSV document also describe the special nature of loads or their particular requirements. For instance, loads that require refrigeration could be marked for loading away from power sources, meaning their contents would deteriorate, and the ensuing smell/effluent taint other containers’ contents.

Alternatively, notifications of a container’s explosive contents or low flashpoint temperature could be removed or altered, meaning that lives and cargos are put at risk.

As well as the melodramatic, terrorist-inspired visions of smelly, listing, capsizing and exploding ships, the time taken to correct misloads is considerable – containers are stacked dozens deep far inside a ship’s hold. Corrections to the load can, therefore, take hours, if not days to correct.

In order to keep costs as low as possible, every ship is loaded with very exact amounts of fuel and ballast, according to their load and the distance to be traveled. Changing the load details of a ship can therefore easily throw out these calculations, meaning that ships could be cast adrift at sea, or at best, overladen with unnecessary expensive fuel that in itself, adds to the load burden.

GODADDY INDIA ROLLS OUT DEDICATED SME PROGRAM TO BOOST CYBERSECURITY

Simon Alvarez | 20 November, 2017

The integrity of the BAPLIE messaging system is critical for shipping, according to Pen Test Partners’s Ken Munro:

“I strongly encourage all operators, ports, and terminals to carry out a thorough review of their EDI systems to ensure that message tampering isn’t possible […] Already there is evidence of theft of valuable items from containers in port, potentially through insider access by criminals to load information. It doesn’t take much imagination to see some far more serious attacks.”

having been involved in container shipping it is no surprise we get bio security issues.. the system is totally ridiculous & doomed to #fail

— Double D Works Ltd (@DoubleDworks) May 11, 2012

As Munro alludes, criminals less interested in destabilizing or delaying ships but rather wanting to steal goods by rerouting containers, have used “COPRAR/COPARN/CODECO/COARRI” messages instead of BAPLIE. These cover shipping to terminal messaging and have been compromised by operators at ports physically changing codes at the dockside for quick gains – rerouting or concealing drugs traffic or for simple theft of whole containers.

Because ship-board systems are often offline for months at a time, they rarely get much attention or updating. Their precarious nature is however at odds with the six and seven figure sums at stake that are put in jeopardy by even the slightest modification of data that has scant, if any, protection.

Port authorities and shipping lines need to tend to their security laurels as soon as possible, it transpires.

The post Container ships at massive risk: security latest appeared first on Tech Wire Asia.

Cybersecurity researchers from China’s Zhejiang University recently discovered the phone hijacking method which allows hackers to make calls, send text messages and browse malicious websites on your phones, via voice-controlled assistants like Apple’s Siri and Amazon’s Alexa. Essentially, the cyber criminals would be able to take control of your device.

SEE ALSO: US president Donald Trump accuses China of hacking Democratic emails

The hacking method has been called DolphinAttack, in which two teams of the researchers found that the phones could be hijacked through the AI assistants with commands broadcasted at high frequencies above 20kHz; sounds audible to animals like dolphins but can’t be heard by humans, the BBC reported.

As voice-controlled assistants were available in many smartphones, the feature works by responding to a “wake word” to be activated to take orders from the user.

Using a loudspeaker to broadcast voice commands in ultrasonic frequencies, the researchers said they were able to activate the voice-controlled assistant on a range Android and Apple devices from several feet away, which is sufficient in a real-life scenario. The mode of attack could even unlock doors if you used a smart lock for your home.

And since the attack works on almost all major voice recognition platforms, popular smart phones like the iPhone, Nexus, or Samsung were all vulnerable.

Cause for alarm

By hijacking the phone, attackers can use it as a spying tool to make outgoing video and phone calls and see the surroundings of the device. The hack also enables attackers to send out fake text messages, put up online posts, and even mark fake events to a calendar.

By turning on the “airplane mode” of the phones, the hackers can also deny the user network service and take them offline from wireless communications.

A total of 7 systems on 16 devices were tested against the method and it worked on all of them including Siri, Google Assistant, Samsung S Voice, Huawei HiVoice, Cortana, and Alexa. Apart from smart phones, DolphinAttack worked on iPads, MacBooks, and even on an Audi Q3 vehicle.

SEE ALSO: WikiLeaks’ Julian Assange offers to share CIA hacking tools with tech firms

Even more alarming is the fact that the attack works even if the hacker did not have direct access to the targeted device, despite the user taking all necessary security precautions, The Hacker News reported

Prevention

Device manufacturers were advised to make key alterations to counter the risk by making their devices ignore voice commands above 20kHz

“A microphone shall be enhanced and designed to suppress any acoustic signals whose frequencies are in the ultrasound range. For instance, the microphone of iPhone 6 Plus can resist to inaudible voice commands well,” the researchers were quoted as saying.

The researchers added users could also prevent such attacks by disabling their voice assistant apps.

Next month, the research team is expected to present their findings ACM Conference on Computer and Communications Security in Dallas, Texas.

The post Hackers can take control of your phone with ‘DolphinAttack’ appeared first on Tech Wire Asia.