Pages

Thursday, 1 August 2024

2024 milestones: July

Tech highlights for July 2024 included:

- The Australian Department of Home Affairs has issued three mandatory cybersecurity-oriented Directions under the Protective Security Policy Framework that requires government entities to manage foreign ownership, control or influence risks; identify and actively manage the risks associated with vulnerable technologies; and to participate in the Australian Signals Directorate’s Cyber Security Partnership Program.

- The Bank for International Settlements and partners completed the blueprint for phase three of Project Nexus, which will allow ready participants to work towards the next stage of connecting their instant payment systems (IPSs). The Reserve Bank of India will join Bank Negara Malaysia, Bangko Sentral ng Pilipinas, the Monetary Authority of Singapore, the Bank of Thailand and domestic IPS operators in phase four. The Nexus Scheme Organisation will be set up to manage the Nexus scheme and continue the mission to achieve instant cross-border payments at scale. 

- Cloudflare said it offers 'AIndependence' with a one-click button that blocks all AI bots from scraping content from its customers for use in training AI models. The feature is available to all Cloudflare customers, including those in its free tier. 

Source: Cloudflare blog. Chart showing that Cloudflare customers prefer to block AI bots.
Source: Cloudflare blog. Chart showing that Cloudflare customers prefer to block AI bots. Statistics stem from September 2023 and thereafter, when Cloudflare users on any plan could choose specific categories of bots that they want to allow or block, including AI crawlers.

- An update from Crowdstrike affected an estimated 8.5 M of its customers' Windows PCs, leading to outages around the world particularly for aviation, but also for healthcare, finance, and individual businesses. Microsoft and Intel also offered support. As of July 25, Crowdstrike reported that over 97% of affected Windows 'sensors' were back online.

Nathan Wenzler, Chief Security Strategist at Tenable commented roughly a week later: "Thorough testing and performing quality assurance before deploying software updates have been a best practice in the cybersecurity industry for over 25 years. Firms often choose not to invest in testing every update due to the historically low incidence of failures. That is, until an incident of this magnitude occurs.

"Moving forward, this incident will likely spark significant discussions about whether the cost of testing outweighs the risk of potential outages. For example, many organisations will be asking the question about whether or not it will be worth allocating dedicated resources to ensure these sorts of matters are caught in the future by more stringent testing and QA processes, or if they take the risk that another outage like this won’t happen for several more years and the cost of the impact at that time will be less than the cost of the testing process.

"Each organisation will need to determine the best course of action based on their respective needs and risk tolerance."

- The inaugural Esports World Cup began on July 3 in Riyadh and will run till August 25, covering 21 game titles and with US$60 M in prize money. The New Global Sport Conference 2024 is to follow on August 24 and 25.

- Exabeam and LogRhythm completed their merger, creating a new company named Exabeam.

- Huawei launched the Go Cloud, Go Global-Singapore Cloud Alliance .

- Brain Cipher, the group behind the ransomware attack on Indonesia, apologised to the citizens of Indonesia and announced that it would give the decryption key to the Indonesian government for free and delete the data it had captured. The group said it was the last time they would offer a free key and commented that it had taken very little time to encrypt several thousand terabytes of data. Indonesian media separately reported that the key had worked on a small number of datasets.

Nathan Hall, VP and GM Asia Pacific & Japan, Pure Storage commented: "Indonesia's recent ransomware attack, which impacted hundreds of ministries and public institutions including digital immigration services, emphasises the criticality of robust data backup and recovery in the rapid restoration of essential services following an incident.

"Prolonged disruptions to airport operations have translated to passenger inconvenience and
reputational impact to Indonesia's tourism and commerce. Indonesia must prioritise building
resiliency into its cybersecurity infrastructure and implement robust data protection and recovery
measures to rebuild public trust and ensure the security and economic stability of the nation. This
includes incorporating advanced data backup and recovery systems into its data centres that will enable them to restore business operations rapidly."

"Having a robust cyber resiliency strategy featuring immutable data snapshots and rapid restore
solutions can reduce public agencies’ recovery time from weeks to hours. Secure up-to-date offline backups enable public agencies to restore systems independently, eliminate reliance on cybercriminals' decryption keys and undermine the ransomware attacker’s business model," he added.

"Maintaining uninterrupted operations and protecting critical services also requires a paradigm shift as legacy data storage solutions are no longer adequate. Traditional tape or disk-based backups are generally optimised for backup purposes but are often not efficient for recovery, often resulting in lengthy restoration times and high failure rates. A more sustainable alternative is flash-based data storage, which can significantly enhance data resilience and operational continuity in Indonesia’s critical sectors. Advanced flash-based storage offers recovery speeds of hundreds of terabytes per hour and can restore ransomware-immune backups typically within minutes or hours, at any scale."

- The RockYou2024 Password Database added nearly 10 billion actual passwords gathered from 2021 to 2024 onto the dark web. Satnam Narang, Sr Staff Research Engineer, Tenable said: “These data breaches are valuable to hackers because, unfortunately, users have a tendency to re-use passwords across multiple services. This practice of password re-use makes it easier for hackers to utilise techniques such as credential stuffing, where hackers 'stuff' these 'credentials' on other websites in hopes of successfully logging in.

“The reality is that data breaches have become so commonplace today that it serves as a reminder of the importance of password hygiene. The RockYou2024 collection of passwords is just one of the most recent examples of combining data from disparate breaches to create a single list of login credentials (username and password combinations).

“We can’t put the blame on users' shoulders, because the prevalence of many different apps and services requires them to create accounts and it’s simply easier to use the same password. This is where services like password managers can be extremely beneficial to users. Password managers are designed to create strong and unique passwords and can be used to assist users in logging into websites without having to remember various passwords. Users only have to remember a single password that controls their password manager account.

“Additionally, for more sensitive services, like email or banking, users should also be utilising two-factor authentication where available. App-based two-factor authentication, where a one-time passcode (OTP) of numbers is randomly generated every 60 seconds, can also be used to prevent hackers from accessing an account. This is because, while the hacker may be able to obtain stolen passwords from another breach, they are unlikely to have physical access to someone’s mobile device, so they will not be able to input the OTP.

“Data breaches won’t stop happening. This is why it is critically important that users adopt better password hygiene, such as through using password managers, and also consider enhancing account security through the use of two-factor authentication, especially app-based two-factor authentication.” 

- Microsoft, earlier impacted in the Crowdstrike incident, had another global outage due to a distributed denial of service attack that was amplified due to "an error in the implementation of our defenses". Impacted services included Azure App Services, Application Insights, Azure IoT Central, Azure Log Search Alerts, Azure Policy, as well as the Azure portal and a subset of Microsoft 365 and Microsoft Purview services.

- Salesforce strengthened its presence in Indonesia.

- Samsung launched a smart ring.

Source: Samsung. Samsung Electronics introduced the Galaxy Ring, Galaxy Watch7 and Galaxy Watch Ultra,1 expanding the power of Galaxy AI2 to more people through wearables designed to provide end-to-end wellness experiences3 for everyone.

- Singapore turned off 3G on 31 July.

Anna Yip, Deputy CEO, CEO Business Development, Singtel Singapore said: "While the majority of Singtel’s customers have switched to 4G and 5G networks, Singtel will be retiring its 3G network progressively from November 2024 to give a small number of customers, comprising users on older mobile devices or SIM cards that cannot connect to newer 4G and 5G networks, more time to make the change."

According to Yip, the freed-up spectrum formerly used for 3G will be repurposed to improve 5G services.

- Singtel teamed up with AIS and Maxis to fight digital scams. Singtel also announced that TM and Nxera, its regional data centre arm, held a groundbreaking ceremony for a 64 MW data centre in Johor, Malaysia.

1 Availability may vary depending on market, model and the paired smartphone. All functionalities, features, specifications and other product information provided in this document including, but not limited to, the benefits, design, pricing, components, performance, availability and capabilities of the product are subject to change without notice.

2 Samsung does not make any promises, assurances or guarantees as to the accuracy, completeness or reliability of the output provided by AI features. Samsung account login may be required to use certain Samsung AI features. Galaxy AI service may be limited for minors in certain regions with age restrictions over AI usage. Galaxy AI features will be provided for free until the end of 2025 on supported Samsung Galaxy devices. Different terms may apply for AI features provided by third parties.

3 Intended for general wellness and fitness purposes only. Not intended for use in the detection, diagnosis, treatment, monitoring or management of any medical condition or disease. Any health-related information accessed through the device and/or application should not be treated as medical advice. Users should seek any medical advice from a physician. Certain features may vary by market, carrier or the paired device.

No comments:

Post a Comment