The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and the UK’s National Cyber Security Centre (NCSC) released a Cybersecurity Advisory today exposing malicious cyber activities against the U.S. and global organisations, starting from mid-2019 and likely ongoing. This advisory is being released as part of the NSA’s routine and continuing cybersecurity mission to warn network defenders of nation-state threats.
The advisory details how another country has targeted hundreds of U.S. and foreign organisations using brute force access to penetrate government and private sector victim networks. The advisory reveals the Tactics, Techniques, and Procedures (TTPs) used in their campaign to exploit targeted networks, access credentials, move laterally, and collect and exfiltrate data. It also arms system administrators with the mitigations needed to counter this threat.
Malicious cyber actors use brute force techniques to discover valid credentials often through extensive login attempts, sometimes with previously leaked usernames and passwords or by guessing with variations of the most common passwords. While the brute force technique is not new, in this case, the cyber actors uniquely leveraged software containers to easily scale their brute force attempts.
Once valid credentials were discovered, the cyber actors combined them with various publicly known vulnerabilities to gain further access into victim networks. This, along with various techniques also detailed in the advisory, allowed the actors to evade defences and collect and exfiltrate various information in the networks, including mailboxes.
The advisory warns system administrators that exploitation is almost certainly ongoing. Targets have been global but primarily focused on the U.S. and Europe. Targets include government and military, defence contractors, energy companies, higher education, logistics companies, law firms, media companies, political consultants or political parties, and think tanks.
NSA encourages Department of Defense (DoD), National Security Systems (NSS), and Defence Industrial Base (DIB) system administrators to immediately review the indicators of the compromise included in the advisory and to apply the recommended mitigations. The most effective mitigation is the use of multi-factor authentication, which is not guessable during brute force access attempts.
As with mitigations for other credential theft techniques, organisations can take the following measures to ensure strong access control:
- Use multi-factor authentication with strong factors and require regular reauthentication. Strong authentication factors are not guessable, so they would not be guessed during brute force attempts.
- Enable time-out and lock-out features whenever password authentication is needed. Time-out features should increase in duration with additional failed login attempts. Lock-out features should temporarily disable accounts after many consecutive failed attempts. This can force slower brute force attempts, making them infeasible.
- For protocols that support human interaction, utilise captchas to hinder automated access attempts.
- Change all default credentials and disable protocols that use weak authentication (e.g., clear-text passwords, or outdated and vulnerable authentication or encryption protocols) or do not support multi-factor authentication. Always configure access controls on cloud resources carefully to ensure that only well-maintained and well-authenticated accounts have access.
- Employ appropriate network segmentation and restrictions to limit access and utilise additional attributes (such as device information, environment, access path) when making access decisions, with the desired state being a Zero Trust security model
- Use automated tools to audit access logs for security concerns and identify anomalous access requests.
- Some services can check passwords against common password dictionaries when users change passwords, denying many poor password choices before they are set. This makes brute-force password guessing far more difficult.
As part of the ongoing response, agencies across the U.S. government announced new resources and initiatives to protect American businesses and communities from ransomware attacks. As reported by OpenGov Asia, the U.S. Department of Homeland Security (DHS) and the U.S. Department of Justice (DOJ), together with federal partners, has launched a new website to combat the threat of ransomware.
StopRansomware.gov establishes a one-stop hub for ransomware resources for individuals, businesses, and other organisations. The new website is a collaborative effort across the federal government and the first joint website created to help private and public organisations mitigate their ransomware risk.
The Institute for Digital Molecular Analytics and Science (IDMxS), which aims to promote the science of analysing biological molecules (biomolecules) using information technology and data science, was recently established by Nanyang Technological University, Singapore (NTU Singapore). This could pave the way for real-time environmental or health data monitoring and analysis, like how real-time traffic data can be obtained on mobile devices.
IDMxS, NTU’s newest national Research Centre of Excellence (RCE), is funded with a total investment of over S$160 million over 10 years, with the majority coming from NTU and the National University of Singapore and S$94 million coming from the Singapore Ministry of Education.
Digital molecular analytics, a novel scientific discipline that analyses individual molecules to discover, identify, and measure biomolecules with extraordinary accuracy, is at the core of the work done at IDMxS.
Such a science will open many new areas of research, such as the creation of diagnostic testing capabilities that may then inspire the creation of new technologies and commercial spinoffs, including blood testing kits that can generate findings instantly using nothing more than a smartphone camera.
The interdisciplinary centre is anticipated to house 100 full-time researchers and employees with backgrounds ranging throughout the spectrum of engineering and science, from optics, computer science, and artificial intelligence (AI) to biology, medical technology, and chemistry.
Postgraduate students from NTU will have exceptional chances for interdisciplinary education and training that spans the molecular sciences and information technology through the graduate programme of IDMxS. More than 30 PhD students will receive support from the Centre, four of whom have already begun their studies. As clinical diagnostics become more digital, IDMxS will also create continuing education programmes aimed at developing and modernising the healthcare workforce.
By fusing the fields of biology and information technology – which have each recently undergone revolutionary changes – IDMxS will create the new science of digital molecular analytics. The objective is to develop tools that can track environmental data, such as air and water quality, and health information, like viral infections or molecular signatures that signal the existence of a disease, in real-time. To develop innovative solutions for issues with health, sickness, and environmental monitoring, this process begins with the development of fundamental science.
The ability to simultaneously gather a variety of data types from a biological sample and use tools like AI and machine learning algorithms to analyse and interpret the enormous volume of data that would otherwise be impossible for humans to make sense of is at the core of IDMxS’ digital molecular analytical strategies. The research centre intends to someday spin out solutions like widely used software using digital molecular analytics.
Moreover, making blood sample test kits is one potential use for digital molecular analytics that IDMxS is investigating. The goal of this research is to create a tool that can recognise the various chemicals responsible for illnesses, infections, and diseases.
This suggests that a physician might someday be able to take a blood sample, analyse it with a smartphone camera, and obtain an accurate, real-time reading next to the patient at the doctor’s table. A similar idea might do away with the necessity for additional time-consuming laboratory tests.
The extensive surveillance of illnesses spread by insects like dengue and malaria is another project that is now under development. Researchers can one day create an imaging system that can swiftly detect and monitor dengue among the mosquito population by recognising and analysing the chemicals that make up the dengue virus. Such studies might also be used to track other airborne infections and infectious diseases, in addition to insect-borne diseases that affect urban health.
In a bid to become a digital airline, the Vietnam Airlines Engineering Company Ltd (VAECO), a subsidiary of Vietnam Airlines, has signed a cooperation agreement with private players to deploy an aircraft maintenance and engineering management software system. Under the agreement, the system will provide technical management tools, manage the maintenance programme more closely, and more efficiently synchronise data. This will contribute to reducing maintenance costs and time, improving the operational readiness factor for the fleet.
The software also provides tools for planning, controlling maintenance procedures, and managing human resources to optimise production processes. It will minimise labour costs for recording and data entry and work control, leading to an overall increase in labour productivity, by an estimated 15-20%
The software provides synchronous information about failure status, maintenance history, and the status of spare parts. This enables technicians to make effective and timely repair decisions. It is expected to reduce flight stoppages, delays, and cancellations.
Furthermore, the system will shorten the aircraft maintenance time and create favourable conditions for the airline to concentrate human resources to expand the outside maintenance market share. The Deputy General Director of Vietnam Airlines, Nguyen Chien Thang, noted that the new technology will make an important contribution to helping VAECO become a leading aircraft maintenance service provider in the region while accelerating digital transformation.
Currently, Vietnam Airlines is the airline with the largest fleet in Vietnam, with more than 100 aircraft including Boeing 787, Airbus A350, A321, A321neom, and ATR72. The airline is constantly modernising its fleet, as well as improving its aircraft maintenance capacity and mastering new technologies.
In January, the airline launched two e-commerce platforms VNAMAZING, VNAMALL as well as its Vietnam Airlines Gift Card. The services were the first of their kind in the domestic aviation sector. VNAMAZING offers online tourism services including tour and accommodation bookings. VNAMALL provides a wide range of aviation and non-aviation goods and services.
As OpenGov Asia reported, the Vietnam Airlines Gift Card is a product available on VNAMALL, which can be used to exchange airline tickets or avail of business class upgrade benefits on flights operated by Vietnam Airlines, Pacific Airlines, and VASCO. An official from Vietnam Airlines said that the airline considers e-commerce development one of its top priorities.
In August, the carrier announced that passengers using the airline’s air service can now access a free-of-charge news-reader application called PressReader for Vietnamese and international publications. The application provides more than 7,000 digital newspaper and magazine titles available in over 70 languages. According to Vietnam Airlines, passengers can use the application 24 hours before the scheduled departure time and 24 hours after landing.
To use the app, passengers must download the Vietnam Airlines app, choose the PressReader button, and verify their booking code and flight information. Articles can be read online or downloaded for offline reading.
Most recently, Vietnam Airlines launched an online check-in service for passengers departing from Phu Bai airport in the central province of Thua Thien-Hue. The move increases efficiency and improves customer experience and convenience. Passengers are now able to check in via the official portal or the Vietnam Airlines application within 24 hours to one hour ahead of departure.
The seven best smart cities in Indonesia were announced at the Ministry of Communication and Informatics seminar and exhibition on the Movement Towards Smart Cities (Smart City) in 2022 in Jakarta. Representatives from 141 regencies attend the event in a framework for evaluating the implementation of the Smart City 2022 program.
District/city officials who have succeeded in developing a master plan under the Smart City development in their respective regions attended. The session was organised to showcase the commitment of all regional leaders so that the community see the benefits and progress, said Bambang Dwi Anggono, Director of Government Information Application Services (LAIP) of the Ministry of Communication and Information.
The five best cities and two districts took the Smart City award in the following categories:
- Smart Governance: City of Bandung,
- Smart Branding: Surakarta City,
- Smart Economy: Semarang City,
- Smart Society: City of Yogyakarta,
- Smart Living: Demak Regency,
- Smart Environment: Madiun City, and
- National Priority Tourism Area: Wonogiri
The Smart City initiative is a strategic step toward addressing development plans holistically. The programme aims to harmonise regional government sectors and regional initiative programmes with other regional governments, the central government, the business world, and even other countries. Local governments can work together with other local governments, businesses, academia, and the general public to launch various initiatives that will have a positive impact.
The Smart City Movement aims to guide regions and cities across Indonesia in designing digital-based development that considers each region’s potential and challenges. Furthermore, the Smart City programme can bring innovations from Jakarta to other areas, ensuring an even distribution of development programmes.
The Ministry of Communication and Information has facilitated interconnection with relevant parties in the Smart City development. In addition, the Ministry, through the LAIP Directorate, intends to include 50 regencies/cities in the Smart City master plan assistance in 2023.
“We hope that regional leaders (regents/mayors) will have the courage to innovate and make breakthroughs for the good of society. Correspondingly, we encourage regional heads to become change agents in these breakthroughs (SPBE),” said Bambang Dwi Anggono.
The Ministry intends to implement Smart Province next year. The Smart Province programme will select two provinces in 2023 to prepare the master plan. Smart Province development conceptualises development innovations at the provincial level and coordinates Smart City development at the district level within its jurisdiction. Two provinces will be selected to help prepare the master plan.
Semuel Abrijani Pangerapan, Director General of Informatics Applications at the Ministry of Communication and Information, emphasised the importance of digital transformation as a foundation for building smart cities.
“Creating a Smart City begins with digital transformation; from there, every local government understands what is required. Because each Regional Government has unique characteristics. But, in the end, everything will point to the holistic Smart City that we taught,” he was quoted as saying.
He also stressed the importance of creating a master plan for the long-term development of Smart Cities as establishing a smart city would take 15 to 20 years. As a result, the Ministry has created a programme to educate local entities on constructing a Smart City.
The Ministry of Digital Economy and Society (MDES) has sped up the development of technology to keep up with the fast changes in the economy, society, and way of life. This is especially important for the year 2023 when people’s activities around the world are expected to rely more on digital systems, such as finances, business, information management, transportation, and many other things.
The Digital Post ID was recently introduced by Chaiwut Thanakmanusorn, Minister of Digital Economy and Society (DES). The system is currently undergoing testing by the necessary organisations and is anticipated to be implemented by 2023.
The government agency is making strides to improve digital innovation infrastructure. According to the Digital Economy Promotion Master Plan (2018 – 2022), there is a proposal to alter the form of addressing information into a digital address, known as Digital Post ID by designating the Thai Post Office as a regulating body.
The MDES runs projects to improve Thailand’s delivery system, which has been based on five-digit postal codes for more than 40 years. This is done by making it easier to find people in Thailand with a digital 1post ID code that can be turned into their address coordinates down to the household level.
To facilitate having a digital post ID In the future, post offices or logistics providers will have QR code label printers that digitally affix a post ID to parcels or envelopes. Personal information will not be displayed on the box or envelope’s address, so both the recipient and sender may rest assured that their privacy will be protected.
The application must be installed on the device to scan the QR Code and display the sender-recipient information, and the QR Code has a single usage. In addition, access to various information is restricted in accordance with the Personal Data Protection Act 2019 principles. In addition, it will ensure the purchase of e-Commerce products more because it may connect the delivery routes.
The Digital Post ID service provided by Thailand Post is an extremely helpful one that helps to maintain the safety and confidentiality of the documents owned by individuals. In addition, Thailand is rapidly embracing digital technology, and the country is becoming increasingly well-connected. With a population of over 69 million, the country is home to a wide range of Internet users, and digital technology is growing rapidly.
The Thai government has been proactive in promoting digital technology and has implemented several initiatives to help the country keep up with the rest of the world. This includes increasing access to high-speed Internet, encouraging digital literacy, and investing in the development of digital infrastructure.
The government has also been encouraging the use of mobile phones, tablets and laptops. These devices are becoming increasingly popular and are being used by people of all ages to access information and services.
The Thai government has also been investing in the development of cloud computing services. This has enabled businesses in the country to store their data securely and access it quickly and easily. Cloud computing has also enabled businesses to reduce their costs, as they can access services without having to invest in physical infrastructure. Furthermore, the Thai government is promoting the development of e-commerce and online payment systems
The Infocomm Media Development Authority (IMDA) announced the launch of a S$5 million Virtual Production Innovation Fund to support the local media industry in developing the capabilities needed to harness virtual production technology to maintain the local media industry’s competitiveness as the international partner of choice to create premium IP.
To enable the camera to capture actors and visual effects in real time, virtual production technology uses LED panels to produce realistic background landscapes for television or movie sequences driven by video game engines. The site, road closures, location costs, permits, weather, set construction, and space rental will no longer be necessary for production.
With the help of technology, Singapore has a rare chance to get over some of its physical constraints, like the lack of suitable locations for on-location filming and room for large sets.
The ability of the storytellers to reproduce historical sites or any other environment will allow them to generate content that was previously impossible. This will revolutionise the creative process of storytelling.
The adoption of virtual production by the media sector is further encouraged by the strong signals emanating from international media giants that this technology will be widely employed in the creation of movies and television shows and will become the standard in the next years.
To strengthen capabilities in virtual production and ensure that the media companies and talent can keep up with international production methods to remain competitive, IMDA will pursue a two-pronged strategy to prepare the media sector for the future.
The National Film and Television School (NFTS) in the UK has collaborated with IMDA to adapt the school’s Certificate in Virtual Production course to the requirements of the sector to train media professionals to use this technology.
From December 2022 to April 2023, fifteen professors, trainers, and media professionals from Singapore will participate in virtual lectures and undergo hands-on training at NFTS’s virtual production facilities.
Over the course of the following 12 months, several masterclasses and workshops given by professionals from the business will be offered. A Singapore-based firm that specialises in developing immersive experiences, held a display to exhibit how virtual production can enhance imaginative storytelling.
Hands-on demonstrations will be given by guest speakers from virtual production leaders. They will discuss and explore best practices in the workflow to inventive ways to use different technology in storytelling.
Local businesses can also test out virtual production to realise their creative ideas for brief pieces of content, such as music videos, short films, and brand advertisements, among others. Companies can submit their suggested content concepts from now until February 15, 2023.
The capacity to best utilise virtual production technologies to realise a project’s creative vision will be taken into consideration while evaluating proposals.
Additionally, IMDA is working to organise an industry challenge with an internationally renowned gaming company. This challenge will encourage organisations to experiment with and use the cutting-edge real-time 3D creation tool developed by this gaming company. Currently, the aforementioned tool powers globally popular video games.
Teams whose concepts are shortlisted will receive personalised coaching and training from the gaming company. In addition, they will receive prize money from IMDA to assist with content creation.
Since virtual production technology has advanced in recent years, the country is now able to produce visual effects in real-time without building actual sets, thereby overcoming the constraints of scale, complexity, and space.
India will Chair the Global Partnership on Artificial Intelligence (GPAI), an international initiative to support the responsible and human-centric development and use of artificial intelligence (AI).
The Minister of State for Electronics and Information Technology (MeitY), Rajeev Chandrasekhar, represented India virtually at the GPAI meeting held in Tokyo for the symbolic takeover from France, which is the outgoing Council Chair.
Chandrasekhar stated that the country would work in close cooperation with member states to put in place a framework to fully exploit the power of AI for the good of consumers across the globe. This means ensuring there are adequate guardrails to prevent misuse and user harm.
According to the Minister, India is building an ecosystem of modern cyber laws and frameworks based on three principles: openness, safety, and trust and accountability. With a National Programme on AI and National Data Governance Framework Policy (NDGFP) in place as well as one of the world’s largest publicly accessible datasets programmes in the works, the Minister reiterated India’s commitment to using AI to catalyse innovation and create good, trusted applications.
The NDGFP strives to ensure equitable access to non-personal data and improve institutional frameworks for government data sharing, promote principles around privacy and security by design, and encourage the use of anonymisation tools. It also aims to standardise the way the government collects and manages data. The NDGFP along with an envisaged Indian Data Management Office (IDMO) shall catalyse the next-gen AI and data-led research and startup ecosystem.
Through the datasets programmes, anonymised non-personal data will be available for the entire AI ecosystem. The AI market globally was nearly US$ 59.67 billion in 2021 and is projected to grow at a compound annual growth rate (CAGR) of 39.4% to reach around US$ 422.37 billion by 2028. With the rapid growth of AI and machine learning (ML), experts predict that most businesses will shift to AI-powered systems, apps, security systems, data analysis, and other applications in the future. AI is expected to add US$ 967 billion to India’s economy by 2035 and US$ 450–500 billion to India’s GDP by 2025, accounting for 10% of the country’s US $5 trillion GDP target.
A government official outlined India’s priorities as Chair GPAI next year, stating that the country would focus on promoting greater involvement of the global south in the conversation regarding the use of AI for solving societal problems. The country has also emphasised the need for the responsible and ethical use of AI.
GPAI is a congregation of 25 member countries, including the United States, the United Kingdom, the European Union, Australia, Canada, France, Germany, Italy, Japan, Mexico, New Zealand, the Republic of Korea, and Singapore. In 2020, India joined the group as a founding member. It is a first-of-its-type initiative that aims to better understand the challenges and opportunities around AI. It works in collaboration with partners and international organisations, leading experts from industry, civil society, governments, and academia. These stakeholders collaborate to promote the responsible evolution of AI and guide the development and use of the technology, grounded in human rights, inclusion, diversity, innovation, and economic growth.
The Hong Kong Polytechnic University (PolyU) recently announced that a PolyU-supported start-up has successfully developed the Nano Multi-rings Defocus Incorporated Lens for controlling the progression of myopia (or short-sightedness).
The start-up collaborated with the State Key Laboratory of Ultra-precision Machining Technology (The Hong Kong Polytechnic University) (SKL-UPMT) and the School of Optometry of PolyU to create the new solution by integrating DISC technology and Ultra-precision Nano Multi-rings Machining Technology, offering children and adolescents a convenient, non-invasive and effective option to delay myopia progression.
PolyU holds the patents for both DISC technology and Ultra-precision Nano Multi-rings Machining Technology. The launch of the Nano Multi-rings Defocus Incorporated Lens signifies the University’s long-term commitment to driving research and innovation and its continuous effort in facilitating knowledge transfer and research commercialisation by supporting cutting-edge technology start-ups.
PolyU’s School of Optometry invented the novel DISC technology, which is proven to retard the myopia progression of children by 60%. The method produces a clear image on the retina and a defocused or blurred image in front of the retina simultaneously, enabling children to have clear vision while controlling the development of myopia. Based on this technology, the DISC-SH soft contact lens was introduced in 2018.
The Ultra-precision Nano Multi-rings Machining Technology, developed by SKL-UPMT, merges advanced optics design, ultra-precision machining and ultra-precision measurement technologies, and ultra-precision mould-making to apply DISC technology in spectacle lens production. By employing an ultra-precision process, the new spectacle lens provides added comfort for wearers, while offering more stable vision. The non-invasive design also makes it more suitable for children of different ages.
The Visiting Chair Professor of the School of Optometry of PolyU and Co-founder of the start-up noted that the partnership with SKL-UPMT and the School of Optometry to launch the new Nano Multi-rings Defocus Incorporated Lens resulted in a breakthrough in DISC technology. This initiative helps address the spiralling myopia problem among children, especially in markets with a relatively high ratio of myopes such as Hong Kong, Singapore and mainland China.
The Professor of the Department of Industrial and Systems Engineering and Director of SKL-UPMT at PolyU stated that ultra-precision machining technology is a multi-disciplinary advanced manufacturing technology, which is the backbone of crucial industries like optometry, semiconductors, advanced optics, aerospace, energy, biomedical and new materials development.
He noted that SKL-UPMT is at the forefront of the development and application of technologies and have a proven track record in designing and implementing new methods, process, systems and facilities in ultra-precision machining and ultra-precision measurement.
The locally developed Ultra-precision Nano Multi-rings Machining Technology was extended to fine-tune and manufacture optometric products and will continue to create new technologies and solutions for diverse industries to benefit society. In doing so, Hong Kong and mainland China’s competence and strategic advantages in design and advanced manufacturing will be furthered, he said.
The Nano Multi-rings Defocus Incorporated Lens is expected to be rolled out in Hong Kong and mainland China soon. The company will continue collaborating with PolyU to develop new myopia control products based on DISC technology to protect the vision health of children and adolescents.
Founded by PolyU’s professor and alumni, the start-up has received financial support from the PolyU Micro Fund and the PolyU Tech Launchpad Fund. In 2018, the company secured a licence from PolyU for commercialising DISC technology, which the start-up manufactures and distributes DISC lenses at its authorised optometric clinics and fitting centres.