Cyber Resilience
Powered by :
U.S. Government Emphasises SaaS Data Backup and Ownership
U.S. Strengthens Zero-Trust Security
Vietnam has for the first time launched a national programme to protect children online in an attempt to make the Internet a healthy and safe place for children to learn, socialise, and express themselves. According to a press release, under a decision signed by Prime Minister Phạm Minh Chinh, the national programme on child protection online aims to protect the privacy of children and prevent and handle acts of abuse. The programme includes initiatives in deploying new technologies such as artificial intelligence and big data to automatically collect and analyse early warnings on any content not suitable for children.
Specifically, the programme focuses on supplying children with age-appropriate knowledge and skills so they can protect themselves online. It will also maintain a healthy network environment, develop an ecosystem of Vietnamese applications for children to learn, socialise, and express themselves safely and creatively.
Websites with the national “.vn” domain and those with IP addresses in Vietnam will be required to self-categorise content suitable for children’s ages. Those who provide online services and applications for children have to self-deploy solutions to protect children and assist parents or caregivers in managing children’s use of applications and services. Network operators and digital platform providers such as Google, Facebook, and Zalo will apply artificial intelligence technology and big data analysis to filter videos and clips with malicious content.
Under the programme, businesses will be encouraged to develop information security solutions to protect children on the internet. The programme also integrates online notification channels on issues related to children with the national child protection hotline at 111. This will become the only application on the network environment to reflect and share issues related to children.
Additionally, the programme includes building and integrating into the educational programme the training of digital skillsets for children by age. Children will be taught several skills such as common knowledge of the Internet and social networks; information security skills; personal information protection; and how to recognise abuse.
The implementation of digital skillsets will be piloted in five cities of Ha Noi, HCM City, Hai Phong, Da Nang, and Can Tho. Children can visit the official government website to share issues of online abuse and help them express their voices. A UNICEF survey of children and young people in Vietnam showed that one-fifth of the total number of children surveyed said they have been victims of cyberbullying. Reports from the Department of Child Affairs under the Ministry of Labour, War Invalids, and Social Affairs showed that after nearly 16 years of operating the hotline 111, the department has received over 4 million calls to discuss issues related to children.
There were more than 700,000 cases of child sexual abuse images and videos appearing online in Vietnam last year. On average, more than 60% of children in the country have access to an Internet-connected device. When the programme is implemented, the network to protect children in the online environment will be deployed by inter-agencies of the Ministry of Public Security, the Ministry of Information and Communications, the Department of Child Affairs, and legal consulting units.
When children call the hotline, information will be received and promptly addressed. All children who are victims of abuse on the Internet will be supported and intervened at the request of children themselves or from their relatives and the community as well. All primary, secondary, and high schools will be required to teach knowledge and skills for students to participate in a safe online environment.
Several New Zealand websites caught up in a global internet outage late last night are back up and running this morning.
The outage not only affected New Zealand but also servers in North America, India, Europe, Britain, Australia, Japan and South America although the failure was not geographically universal. Users in some locations, such as Berlin, reported no problems, while others experienced massive failures across the internet. Outages were reported in locations as varied as London, Texas and Australia.
Within minutes of the outage, a content delivery network company (CDN), a cloud computing services provider, acknowledged that its content distribution network was the cause of the problem. The company runs an “edge cloud”, which is designed to speed up loading times for websites, protect them from denial-of-service attacks, and help them deal with bursts of traffic. It is one of the biggest CDN providers in the world. While governments and service providers may still be unsure about what happened and the CDN company not specifically elaborating on the cause, the worldwide disruption is a harsh reality-check of the fragility that an interconnected internet infrastructure can be.
New Zealand was significantly hit with all sites down. Users trying to access the websites experienced their site labelling “503 errors connection failure”. However, with robust critical event management in place, the internet was back up and running again at 10.27 pm after crashing at 9.46 pm.
In an update at 9.58 pm NZT, the CDN firm said that it was investigating the issue. It provided several updates in the following 40 minutes, saying it was continuing to investigate the problem. At 10.44 pm NZT, it was reported that the issue had been identified and that a fix was being implemented but no reason given for the major outage.
Although internet disruptions are rare, they are unavoidable. No matter how competent your internet service provider is, unexpected circumstances can emerge and create an outage, potentially leaving people stranded in the middle of whatever online activity there were engaged in at the time.
The outage occurred when the CDN developed technical difficulties, disrupting national and international news sites, causing other domains to crash and being unavailable for up to an hour. CDNs are global networks of servers that work together to provide content over a large area and deliver it to users more rapidly, regardless of where they are in the world. Content can be cached to a CDN server near users so that it does not have to be fetched from the original server each time. The technology is thought to improve reliability by distributing website delivery over multiple sites rather than depending on a single data centre.
When a CDN malfunctions, an outage occurs, bringing all websites around the world to be offline. One of the main features of CDNs is that they have redundancy in place to prevent crashes like the one that had occurred. It is this that makes the outage a significant incident. It’s currently unknown whether the CDN outage was caused by a cyber-attack or a server breach.
Regardless, all internet service providers, big or small, are susceptible to internet outages. An internet outage usually means any issue that prohibits access to the internet. As a result, when an error message is displayed or the browser times out while loading a web page, the global network connection may not have necessarily failed. It is more likely because of a technical issue or could be local connection challenges. These can range in severity from large-scale failures to minor problems. Common causes when an outage occurs are when a server is down for maintenance or is overloaded.
As a follow-up of a ransomware attack against the largest U.S. pipeline, the Department of Justice (DOJ) announced that it has seized 63.7 bitcoins currently valued at approximately $2.3 million from a bitcoin wallet that ransomware actors used to collect a cyber ransom payment from a victim. The DOJ says following the money remains one of the most basic, yet powerful tools they have.
Ransom payments are the fuel that propels the digital extortion engine. The announcement demonstrates that the U.S. will use all available tools to make these attacks more costly and less profitable for criminal enterprises.
The DOJ will continue to target the entire ransomware ecosystem to disrupt and deter these attacks. This announcement also demonstrates the value of early notification to law enforcement as the pipeline company quickly notified the Federal Bureau of Investigation (FBI) about the ransomware attack.
The FBI stated that there is no place beyond the reach of the FBI to conceal illicit funds that will prevent them from imposing risk and consequences upon malicious cyber actors. They will continue to use all of their available resources and leverage their domestic and international partnerships to disrupt ransomware attacks and protect private sector partners and the American public.
Cybercriminals are employing ever more elaborate schemes to convert technology into tools of digital extortion. The U.S. government needs to continue improving the cyber resiliency of its critical infrastructure across the nation. They will also continue developing advanced methods to improve their ability to track and recover digital ransom payments.
As reported by OpenGov Asia, the largest U.S. Gasoline Pipeline was the victim of a highly publicised ransomware attack resulting in the company took certain systems offline to contain the threat. These actions temporarily halted all pipeline operations and affected some of their IT systems, which they are actively in the process of restoring. The company reported to the FBI that its computer network was accessed by a cybercriminal organisation it had received and paid a ransom demand for approximately 75 bitcoins.
Law enforcement was able to track multiple transfers of bitcoin and identify that approximately 63.7 bitcoins, representing the proceeds of the victim’s ransom payment, had been transferred to a specific address. The FBI has the “private key” or the rough equivalent of a password needed to access assets accessible from the specific Bitcoin address. This bitcoin represents proceeds traceable to a computer intrusion and property involved in money laundering and may be seized pursuant to criminal and civil forfeiture statutes.
The Task Force prioritises the disruption, investigation, and prosecution of ransomware and digital extortion activity by tracking and dismantling the development and deployment of malware, identifying the cybercriminals responsible, and holding those individuals accountable for their crimes. The Task Force also strategically targets the ransomware criminal ecosystem as a whole and collaborates with domestic and foreign government agencies as well as private sector partners to combat this significant criminal threat.
Due to the ongoing cybersecurity threat to pipeline systems and associated infrastructure, the Department of Homeland Security (DHS) has issued the first cybersecurity regulation for the pipeline sector, as reported by OpenGov Asia. The regulation aims to better identify, protect against, and respond to threats to critical companies. The cybersecurity landscape is constantly evolving therefore public and private sectors must adapt to address new and emerging threats.
The Security Directive will require critical pipeline owners and operators to report confirmed and potential cybersecurity incidents to the DHS Cybersecurity and Infrastructure Security Agency (CISA) and to designate a Cybersecurity Coordinator, to be available 24 hours a day, seven days a week. It will also require critical pipeline owners and operators to review their current practices as well as to identify any gaps and related remediation measures to address cyber-related risks and report the results to TSA and CISA within 30 days.
This fresh TSA security directive highlights the critical role that CISA plays as the country’s national cyber defence centre. Last December, Congress, through the National Defense Authorisation Act, empowered CISA to execute its mission to secure federal civilian government networks and the nation’s critical infrastructure from physical and cyber threats.
New Zealanders who want to keep their mobile phone number when switching providers – known as number porting – will now receive an authentication message through SMS to help prevent fraud.
Number porting fraud has been relatively rare in Aotearoa, with government cybersecurity agency CERT NZ saying less than 10 Kiwis had been hit by the scam before March last year. But because it can give hackers access to so much of the victim’s online life, the impact can be devastating with the average loss worth around USD 20,000.
Once a fraudster has access to the victim’s mobile phone number, they then can take advantage of the two-factor authentication used by online banks to authenticate logins and large money transfers. Now, with the new SMS authentication system, it will alert the user if their mobile provider has received a request to port their phone number and it will highlight that they should contact their mobile provider and bank immediately if they did not request it.
Number porting was put in place in 2007 to make it easy for consumers to retain their existing phone number when changing mobile providers, said the NZ Telecommunications Forum Communications Director. However, as the industry became concerned recently about the potential for fraudsters to exploit the Number Porting process, these new security measures will add another layer of protection for customers.
A more advanced SMS solution, which will require customers to reply to an SMS confirming they want to port their number, is under development and is expected to be rolled out in October 2021.
As reported by OpenGov Asia, the number of cybersecurity attacks being reported in New Zealand is on the rise. The data comes from CERT NZ’s annual summary for 2020, which has been released recently. It showed the agency received nearly 8,000 reports of cybersecurity incidents last year, a 65% increase from the year before.
According to the agency, they are developing a much richer understanding of the types of threats and issues that are affecting New Zealanders, and New Zealand businesses. Phishing and credential harvesting (where an attacker collects personal data) were the most reported form of attacks and were up 76% in 2019. Behind those were scams and fraud reports, which are up by 11%.
According to experts, there are simple things every citizen can do to try and ensure their safety online. The advice nowadays is to make sure that passwords are unique and long. Users can do that easily by looking around the room and naming four random objects they see – a “really good way” of making a unique password. While forgetting passwords is a reason people reuse the same ones again, uniqueness is important so that if you lose a password someone cannot access more of your online accounts.
Another way is two-step or two-factor authentication, which involves a second step to logging in, like an SMS message with a unique code or approving the log in via a third-party app. Experts say that this is beneficial because if a user gets phished (if they accidentally give out their password), someone else needs a second step to access the account.
Phishing is where the attacker sends a fake message designed to trick the victim into revealing sensitive information, like passwords. Even cyber specialists benefit from that added layer of security.
Another would be automatic backups; users must make sure that their phones and other devices are backed up to places like Google Drive or Microsoft OneDrive.
Alternatively, citizens like Kiwis in New Zealand can call government organisations like CERT NZ, which supports businesses, organisations and individuals affected by cybersecurity incidents.
The U.S has been the target of several large scale cyberattacks in the last few weeks – a trend that seems to be continuing from last year. Most recently, it was determined that a food processing giant was the target of an organised cybersecurity attack, affecting some of the servers supporting its North American and Australian IT systems.
The company took immediate action, suspending all affected systems, notifying authorities and activating the company’s global network of IT professionals and third-party experts to resolve the situation. The company’s backup servers were not affected, and it is actively working with an Incident Response firm to restore its systems as soon as possible.
The company is not aware of any evidence at this time that any customer, supplier or employee data has been compromised or misused as a result of the situation. Resolution of the incident will take time, which may delay certain transactions with customers and suppliers. However, thousands of employees at processing plants in the United States, Canada and Australia had their shifts cancelled after the cyberattack.
According to an article, White House deputy press secretary Karine Jean-Pierre said Tuesday the Cybersecurity and Infrastructure Security Agency and the FBI are investigating the incident and the U.S. Department of Agriculture (USDA) is assessing the impacts on supply. The company notified the administration that the ransom demand came from a criminal organisation.
The attack has sparked concerns about the nation’s supply chain at a time of rising meat prices due to a continued labour shortage around the country that began during the coronavirus pandemic. Industry analysts said that the disruption has already had an impact. The USDA, Department of Homeland Security and other agencies are closely monitoring the meat and poultry supply. The agencies are also working with agricultural processors to ensure products move efficiently and that no price manipulation occurs as a result of the cyberattack.
As reported by OpenGov Asia, a cyberattack also happened to the largest U.S. Gasoline Pipeline. After the attack, the pipeline company proactively took certain systems offline to contain the threat. These actions temporarily halted all pipeline operations and affected some of their IT systems, which they are actively in the process of restoring.
The pipeline company remained in contact with law enforcement and other federal agencies, including the Department of Energy who is leading the Federal Government response. The company’s highest priority is to maintain the operational security of its pipeline. Their personnel have taken additional precautionary measures to help further monitor and protect the safety and security of its pipeline.
The pipeline company’s operations team is developing a system restart plan. While their mainlines remain offline, some smaller lateral lines between terminals and delivery points are now operational. They are in the process of restoring service to other laterals and will bring our full system back online only when they believe it is safe to do and in full compliance with the approval of all federal regulations.
This incident highlights the increasing risk ransomware is posing to critical national industrial infrastructure, not just businesses. It also marks the rise of an insidious criminal IT ecosystem worth tens of millions of pounds. It is unlike anything the cyber-security industry has ever seen before.
A total of 722,865 small-medium scale enterprises (SMSE) have been reported and more than 5,537 phone numbers believed to be used in scams have been blocked on the ScamShield app since its launch, said the Singapore Police Force (SPF) and National Crime Prevention Council (NCPC).
Loan-related scams, as well as sports and betting scams, where scammers use SMSEs to promote illegal gambling and online casino betting, are among the most common scam types reported on the app, said the senior investigating officer at the Anti-Scam Centre (ASC). The ASC added that loan scams are the most common message scams reported on the app. They make up 30 to 40% of the total message scams filtered by the app.
Early last month, the ASC detected a phishing scam disguised as a job listing, where potential victims were prompted to click on URL links leading to phishing websites. ASC immediately blocked these phishing websites, said SPF and NCPC.
In late April this year, the centre also detected a recurring trend where potential victims received spoof SMSEs masquerading as banks, claiming that victims’ bank cards had been suspended and provided contact numbers to call for assistance.
In response, ASC reached out to telecommunication companies to suspend the contact numbers involved. Of the total reported SMSEs and phone numbers, about 10 to 15% are non-scam related reports. Users can submit any message (or call) they deem to be a scam. The agency received submissions where messages are not entirely scam related, such as advertisements for tuition, advertisements for condo units, and private apartments. The agency makes sure that they do not block all numbers that are being submitted right on the spot. They vow to do a lot of background screening before deciding whether to block the number.
As reported by OpenGov Asia, the app uses artificial intelligence to identify keywords in messages from unknown contacts, these messages will be moved into a junk folder created on the user’s phone by the app, similar to email structure.
ScamShield has been jointly developed with the National Crime Prevention Council and Government Technology Agency, is available only on iOS devices and can be downloaded from Apple’s App Store for free.
The app blocks a call from a database of blocked numbers, managed centrally by the NCPC and SPF. Users can report scam-appearing messages and calls through the app, which will be added to the database and shared with the police. The council added that ScamShield does not have access to the user’s contact list, location or personal data. The app does not require users to register with their mobile numbers either. Mr Desmond Tan, Minister of State for Home Affairs said that the number of scam cases has been on the rise and asked people to be vigilant when giving personal information to anyone.
ScamShield is easy to deploy in 3 simple steps and has many security features.
Download from App Store
- Search for Scamshield on the App Store or click on this link. Do not download applications that are not from the official Apple Store.
- Block known scam callers
- ScamShield compares an incoming call against a list maintained by the Singapore Police Force to determine if the number has been used for illegal purposes and blocks it.
Open Settings
- Tap Phone
- Tap Call Blocking & Identification
- Enable Scamshield
- Filter Scam SMSes
On receipt of an SMS from an unknown contact, ScamShield will determine if the SMS is a scam using an on-device algorithm and filter the messages to a junk SMS folder. Scam SMSes will be sent to NCPC and SPF for collation. This keeps the app updated and will help protect others from such scam calls and messages. To Enable auto spam SMS filter:
Open Settings
- Tap Messages
- Tap Unknown & Spam
- Enable Scamshield
Report Scam Messages
People can also report scam messages from other chat apps such as WhatsApp, Wechat, IMO, Viber, etc. They can forward the messages via ScamShield’s in-app reporting function. The Council have said that the app will be available soon for Android users once some issues have been resolved.
Due to the ongoing cybersecurity threat to pipeline systems and associated infrastructure, the Department of Homeland Security (DHS) has issued the first cybersecurity regulation for the pipeline sector. The regulation aims to better identify, protect against, and respond to threats to critical companies.
The cybersecurity landscape is constantly evolving therefore public and private sectors must adapt to address new and emerging threats. As reported by OpenGov Asia, the recent ransomware attack on a major petroleum pipeline demonstrates that the cybersecurity of pipeline systems is critical to homeland security. Colonial Pipeline shut down all pipeline operations after it was hacked by a cyber-criminal gang.
The incident also highlights the increasing risk ransomware is posing to critical national industrial infrastructure, not just businesses. It also marks the rise of an insidious criminal IT ecosystem worth tens of millions of pounds. It is unlike anything the cyber-security industry has ever seen before. To deal with the threat, DHS will continue to work closely with their private sector partners to support its operations and increase the resilience of the nation’s critical infrastructure.
The Security Directive will require critical pipeline owners and operators to report confirmed and potential cybersecurity incidents to the DHS Cybersecurity and Infrastructure Security Agency (CISA) and to designate a Cybersecurity Coordinator, to be available 24 hours a day, seven days a week. It will also require critical pipeline owners and operators to review their current practices as well as to identify any gaps and related remediation measures to address cyber-related risks and report the results to TSA and CISA within 30 days.
DHS’s Transportation Security Administration (TSA) is also considering follow-on mandatory measures that will further support the pipeline industry in enhancing its cybersecurity and that strengthen the public-private partnership so critical to the cybersecurity of their homeland.
Since 2001, TSA has worked closely with pipeline owners and operators as well as its partners across the federal government to enhance the physical security preparedness of U.S. hazardous liquid and natural gas pipeline systems. As the nation’s lead agency for protecting critical infrastructure against cybersecurity threats, CISA provides cybersecurity resources to mitigate potential risks, including through a dedicated hub that disseminates information to organisations, communities, and individuals about how to better protect against ransomware attacks.
This new TSA Security Directive also highlights the critical role that CISA plays as the country’s national cyber defence centre. Last December, Congress, through the National Defense Authorisation Act, empowered CISA to execute its mission to secure federal civilian government networks and the nation’s critical infrastructure from physical and cyber threats.
As reported by OpenGov Asia, the regulation is also part of the Biden administration’s efforts to bolster security for national infrastructure after persistent and increasingly sophisticated malicious cyberattacks. These attacks threaten the public sector, the private sector, and ultimately the American people’s security and privacy. The federal government also seeks to carefully examine what occurred during any major cyber incident and apply lessons learned.
The U.S. President has issued a policy that states that the prevention, detection, assessment, and remediation of cyber incidents is a top priority and essential to national and economic security. The government must lead by example. All federal information systems should meet or exceed the standards and requirements for cybersecurity outlined in and issued according to this order.
However, cybersecurity requires more than government action. Protecting the U.S. from malicious cyber actors requires the government to partner with the private sector. The private sector must adapt to the continuously changing threat environment and ensure its products are built and operate securely, and partner with the government to foster more secure cyberspace. The digital infrastructure should be trustworthy and transparent so that people will trust the infrastructure.
Over the past few years, Marine Corps Systems Command (MCSC) has begun acquiring new, cutting-edge communication technology to support future battlefield objectives, particularly those that may affect the Indo-Pacific battlespace. Due to future naval warfare that will require increased mobility and active communication to circumvent difficult situations, improving battlefield communication is a major aspect of the Marine Corps’ modernisation efforts to meet this future fight.
The modernisation investments provide Marines capabilities with redundancy and resiliency across the electromagnetic spectrum so Marines can communicate, conduct command and control, increase situational awareness and enable informed decision-making in the battlespace.
The electromagnetic spectrum encompasses the entire range of wavelengths or frequencies of electromagnetic radiation emitted through communication devices, such as radios and tablets. Marine Corps intends to operate effectively in this complex and dynamic environment against adversaries looking to do the same.
To support this goal, the Marine Corps has invested in capabilities that improve communication and increase situational awareness. They ensure that Marines’ communication and navigation systems can continue to operate in a denied, degraded and low-bandwidth electromagnetic environment.
Navigating this environment requires providing the right set of command and control, communication, and situational awareness applications and services when disconnected from the Marine Corps Enterprise Network.
In recent years, MCSC has focused its efforts on providing Marines with ways to securely and effectively transmit data while on-the-move in an ever-evolving battlespace. Networking On-the-Move (NOTM) is a mobile, satellite communication system that enables Marines to connect to networks and communicate while mobile or stationary on the battlefield, enabling flexibility when portions of the electronic spectrum are denied.
The NOTM capabilities provide Marines with internet on the move, similar to inflight internet or cellular service while driving. Marines can employ NOTM to securely transmit critical information to commanders and increase situational awareness in hostile environments. The vehicle kit, which began fielding in 2015, comprises both air and ground capabilities Marines to seamlessly share data and communicate over video and by voice. NOTM can be used on most ground and air platforms.
Navigation systems are also important when operating in electromagnetic environments. The Military GPS User Equipment (MGUE) is a next-generation, handheld navigation capability that provides positioning, navigation and timing capabilities to warfighters while executing missions. MGUE enables Marines to operate in an increasingly contested electromagnetic environment. MGUE is effectively a GPS modernisation program designed to increase resiliency and PNT capability in the current and future contested environments. It reflects a natural evolution of GPS technologies.
MCSC has also been developing a family of systems to create an advantage for Marines and joint forces in electronic warfare. In 2020, MCSC began developing the MAGTF Electronic Warfare Ground Family of
Systems (MEGFoS), which helps Marines sense, attack and defend against electromagnetic threats.
MEGFoS is a series of portable technologies that can be used at fixed sites, on tactical vehicles or while dismounted to manoeuvre effectively within the electromagnetic spectrum. It includes common, multiservice interfaces to share information across the joint forces.MEGFoS helps Marines sense, attack and defend against electromagnetic threats, said Bailey. These capabilities comprise a vehicle-mounted electronic technology and counter radio-controlled improvised explosive devices.
This family of systems will enable Marines to command the electromagnetic spectrum against a peer adversary, providing the Marine Corps with the ability to manoeuvre effectively inside the spectrum and deny their adversaries that ability. MCSC also oversees intelligence systems that will help the Marine Corps achieve future goals.
Increased, effective communication is a catalyst in meeting future objectives on the battlefield, said Bailey. This cannot be accomplished without innovative equipment and modern wargaming analytical tools tailored to a 21st-century battlespace.
MCSC is delivering modern capabilities designed to communicate data, support critical decision-making and enable action. The purpose is to deliver the information to Marines in a usable way that makes sense, so they can make decisions that render desired outcomes in communications-disadvantaged environments. Their goal is to make sure the Marines are never in a fair fight and they hope that these investments will give Marines that competitive advantage.
