Ukraine says defence ministry and banks hacked | Google has been forced to withdraw more than 100 phone apps | European Commission sets out a 6 billion-euro satellite communications plan
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
Ukraine said its defence ministry and two banks had been hacked on Tuesday, appearing to blame Russia, as the West sought evidence from Moscow of a partial troop pullback. Reuters
Google has been forced to withdraw more than 100 phone apps from its store after a company backed by Telstra Ventures uncovered a multibillion-dollar scam. The Australian
The European Commission on Tuesday set out a 6 billion-euro ($6.8 billion) satellite communications plan, part of a push to cut the European Union's dependence on foreign companies and protect key communications services and surveillance data against any outside interference. The move comes amid growing concerns over Russian and Chinese military advances in outer space and a surge in satellite launches. Reuters
ASPI ICPC
The dangers of a ‘zero trust’ digital world
The Strategist
Lesley Seebeck
But the physical world doesn’t map easily onto the digital. Perimeter-based approaches fail in an ever-shifting network of highly interconnected systems, where even physical disconnection does not suffice for separation, given wi-fi, Bluetooth and other electromagnetic phenomena. And because software is ever-changing—that’s one of its strengths—digital systems are never complete or fully known. That means static structures and single solutions, such as walls and checkpoints, generally fail to prevent evolving threats.
Webinar: Indigenous Technologies: Innovations Powering the Continuation of our Oldest Civilisations
The Sydney Dialogue
Indigenous technology entrepreneurs are blending their ancient cultures with new technologies in ways that are transforming the oldest civilisations on earth and challenging perceptions about the way new and emerging technology can be harnessed. In this panel discussion, Indigenous tech entrepreneurs and thought leaders will look ahead at how the world’s oldest societies will co-exist in a technology fuelled future.
The World
Years of hacks against aviation, transportation industries tied to one group, researchers say
CyberScoop
Jared Lynch
Analysts have noticed various attempts in recent years by hackers trying to breach entities in the aviation and aerospace industries, as well as related transportation fields. The operators typically use of off-the-shelf malware and deploy digital lures that refer to industry-specific topics like airline cargo conferences or machine parts. It now appears that most of those incidents were by the same group, according to cybersecurity firm Proofpoint.
Cybersecurity: These countries are the new hacking threats to fear as offensive campaigns escalate
ZD Net
Danny Palmer
Outside of major hacking threats like Russia and China, other countries are increasingly turning to cyberattacks and data theft - and the rise of cloud services is helping them.
Twitter launches beta test of anti-abuse tool ‘Safety Mode,’ adds prompts to enable it
Tech Crunch
Sarah Perez
Twitter is broadening access to a feature called Safety Mode, designed to give users a set of tools to defend themselves against the toxicity and abuse that is still far too often a problem on its platform. First introduced to a small group of testers last September, Safety Mode will today launch into beta for more users across English-speaking markets, including the U.S., U.K., Canada, Australia, Ireland and New Zealand.
Cyberwarfare in Ukraine poses a threat to the global system
Financial Times
Keith Alexander
Even if there is ultimately no attempt to invade Ukraine with conventional forces, there is widespread consensus that President Vladimir Putin has put himself in a position where he must do something. A cyber attack — which is easy and comparatively cheap — is likely to top that list. As Russia showed during the 2008 Georgia conflict, hacking government systems as well as financial and energy sectors can cause chaos.
Australia
Google withdraws apps in hacking scam
The Australian
Jared Lynch
Google has been forced to withdraw more than 100 phone apps from its store after a company backed by Telstra Ventures uncovered a multibillion-dollar scam.
Western Australia sets out digital to-do list in first roadmap release.
ZD Net
Aimee Chanthadavong
The hard border state is running 22 projects across 12 government agencies to get it a step closer to achieving its whole-of-government digital strategy.
Cybersafe cultures depend on transparency, empathy and diversity
IT News
Velvet-Belle Templeman
Effective security teams are encouraging transparency, empathy and, diversity, equity and inclusion (DE&I) in building a cyber safe culture. Digital Nation Australia spoke to Mandy Andress, CISO at enterprise search platform Elastic about how security has shifted from a traditional “black box” function, to one that relies on a variety of perspectives for its success.
China
It’s not just 5G: China’s telecom strategy needs to be countered in space
Breaking Defense
Gabe Arrington
In Washington the consensus is well set that China’s strategy for 5G has created a telecommunications nightmare for American interests. What is less clear is how to proceed. In the following op-ed, Lt. Col. Gabe Arrington suggests that the Biden administration needs to look up to space to provide a counter for China’s telecommunications plan.
China emerges as leader in vulnerability exploitation
Computer Weekly
Alex Scroxton
China-nexus threat actors are getting better and quicker at weaponising and deploying exploits for newly discovered common vulnerabilities and exposures (CVEs), and in the past 12 months leveraged new vulnerabilities at a “significantly elevated” rate when compared to 2020, according to CrowdStrike’s eighth annual Global threat report.“ For years, Chinese actors relied on exploits that required user interaction, whether by opening malicious document or other files attached to emails or visiting websites hosting malicious code,” wrote the report’s authors.
USA
US security and intelligence agencies prep for potential Russian hacking threats
CNN
Sean Lyngaas
The meeting - which convened officials from the White House, intelligence agencies, Department of Homeland Security and other agencies via videoconference -underscores how the Biden administration sees cyberspace as a key front in the tensions over Russia’s threat to invade Ukraine. One issue raised was the possibility of an uptick in ransomware attacks on US companies by Russian-speaking criminal gangs, two of the officials said. Another point of discussion was how the US can provide cybersecurity assistance for Ukraine, whose government faced a string of cyberattacks in mid-January, two of the US officials said.
US-China tech war: Washington’s latest unverified list hits at the most vulnerable parts of China’s technology supply chain
South China Morning Post
Che Pan
The US added 33 Chinese entities, mostly hi-tech manufacturers to its unverified list (UVL) last week, citing the inability to verify their ownership. The UVL differs from the better-known Entity List, which restricts access to US exports unless the exporter secures a license.
US accuses financial website of spreading Russian propaganda
ABC News
Nomaan Merchant
U.S. intelligence officials on Tuesday accused a conservative financial news website with a significant American readership of amplifying Kremlin propaganda and alleged five media outlets targeting Ukrainians have taken direction from Russian spies.
Tripwire for real war? Cyber's fuzzy rules of engagement
ABC News
Frank Bajak
The danger is in the uncertainty about what crosses a digital red line. Cyberattacks, including those that cripple critical infrastructure with ransomware, have been on the rise for years and often go unpunished. It’s unclear how grave a malicious cyber operation by a state actor would have to be to cross the threshold to an act of war. “The rules are fuzzy,” said Max Smeets, director of the European Cyber Conflict Research Initiative. “It’s not clear what is allowed, what isn’t allowed.” The United States and other NATO members have threatened crippling sanctions against Russia if it sends troops into Ukraine. Less clear is whether such sanctions, whose secondary effects could also hurt Europe, would be imposed if Russia were to seriously damage Ukrainian critical infrastructure — power, telecommunications, finance, railways — with cyberattacks in lieu of invading.
Southeast Asia
Cybersecurity policy responses to mitigate cyberattacks and data leaks
The Jakarta Post
Genie Sugene Gan and Pratama Persadha
News of alleged data leaks and cyberattacks have continued to make headlines in Indonesia over the past two years. Cyberattacks and data leaks have a wide-ranging impact on various sectors – from health and the digital economy to tourism. Government agencies have not been spared and are continually plagued with having to deal with cyberattacks that have been exacerbated during the long-drawn-out pandemic. Just recently, in January 2022, the data of six million Indonesian patients was allegedly leaked after attackers targeted the Health Ministry's central computer system.
South & Central Asia
Foxconn to build chip plant in India with local metals company
Nikkei Asia
Lauly Li and Cheng Ting-Fang
Major iPhone assembler Foxconn on Monday said it plans to build a chip plant with Indian natural resources conglomerate Vedanta, making the Taiwanese company the first major foreign tech manufacturer to respond to the South Asian country's call to bring chip production onshore. The two companies agreed to set up a joint venture for the project, with Foxconn to invest $118.7 million and hold a 40% share, the iPhone assembler said. Vedanta Chairman Anil Agarwal will be the chairman of the venture, which is aimed at meeting massive demand from the local electronics industry.
Europe
EU lays out $6.8 billion satellite communication plan in space race
Reuters
Foo Yun Chee
The European Commission on Tuesday set out a 6 billion-euro ($6.8 billion) satellite communications plan, part of a push to cut the European Union's dependence on foreign companies and protect key communications services and surveillance data against any outside interference. The move comes amid growing concerns over Russian and Chinese military advances in outer space and a surge in satellite launches.
Ukraine faces cyber attack as West demands proof of Russian troop pullback
Reuters
Maria Tsvetkova and Andrea Shalal
Ukraine said its defence ministry and two banks had been hacked on Tuesday, appearing to blame Russia, as the West sought evidence from Moscow of a partial troop pullback.
Russia, Nato and the battle for credibility in the Ukraine crisis
Mint
Nitin Pai
Last week, financial industry regulators in Europe and the United States alerted banks to tighten their cyber security in anticipation of possible attacks by Russia-linked hackers. Going by Russia’s actions against Estonia, Georgia and Ukraine over the past 15 years, there are grounds to expect cyber-attacks during an escalating political crisis or ahead of a Russian military operation.
Dutch intelligence service warns public about online recruitment by foreign spies
Intelnews.org
Matthijs R. Koot
Last week, the Dutch General Intelligence and Security Service (AIVD) launched an awareness campaign dubbed ‘Check before connecting’. The purpose of the campaign is to inform the Dutch public about risks of foreign actors using fake accounts on social media, in efforts to acquire sensitive business information. According to the AIVD, such online campaigns frequently target and recruit employees of Dutch private sector companies. The awareness campaign is carried out via Twitter, Instagram and LinkedIn. It is aimed at raising awareness in society at-large. The AIVD will publish a number of fictitious practical examples over time, in order to educate the public.
Russia
Americas
Canada's Trudeau Enacts Emergencies Act, and Crypto Is Included
Coin Desk
Stephen Alpher
The government is broadening the scope of Canada's anti-money laundering and counter-terrorist financing rules to now cover crowdfunding platforms and the payment service providers they use. These changes, said Freeland, cover all forms of transactions, including digital assets such as crypto. The Tallycoin bitcoin fundraiser had reportedly raised more than 20 bitcoin (BTC) – or nearly $1 million – for the truckers. The organizers have shut down the fundraising page, and are asking for all to "stay tuned" about next steps.
Middle East
Cloud protection a priority as Mena spending against cyber threats is set to grow
The National News
Alvin R. Cabral
Businesses in the Middle East and North Africa region will increase their spending against cyber threats by 11.2 per cent to $2.8 billion in 2022, with cloud infrastructure remaining the most important component to safeguard, the latest study from Gartner said.
Arab banks are well prepared to counter cyber-security challenges
Khaleej Times
Joydeep Sengupta
Arab banks and financial institutions face several challenges nowadays. The spread of Omicron variant of Covid-19 worldwide and in the Arab region, has resumed the economic uncertainty, and resulted in revising the economic growth outlook, reflecting a possible deterioration in economic activities, which in turn may pose a challenge for banks operational performance. In parallel, the increase reliance on technology and digitisation in economic activities makes banks and financial institutions in particular subject to more challenges related to cybercrimes and anti-money laundering and terrorism financing operations.
Gender and Women in Cyber
Political choices' expose women to gender-based online disinformation, media freedom conference hears
Press Gazette
Bron Maher
Politicians and tech giants have been urged to take action against “gendered disinformation”, while journalists were told pushing online platforms to reveal their algorithms could help. A panel about the spread of gender-based disinformation, held on Thursday at the third annual Global Conference for Media Freedom in Tallinn, Estonia, heard “political choices” are leaving women and marginalised groups vulnerable to harassment online.
Misc
TikTok Can Circumvent Apple and Google Privacy Protections and Access Full User Data, 2 Studies Say
The Wrap
Antoninette Siu
TikTok can circumvent security protections on Apple and Google app stores and uses device tracking that gives TikTok’s Beijing-based parent company ByteDance full access to user data, according to the summaries of two major studies obtained by TheWrap that appear to confirm longstanding concerns raised by privacy experts about the popular video-sharing app.
Don't be Google': The rise of privacy focused startups
The Australian
Joseph Boyle
Startups are taking on Google Analytics, a product used by more than half of the world's websites to understand people's browsing habits.
Events and Podcasts
Increasing Resilience in a Post-Pandemic World
The Sydney Dialogue
Covid-19 has created unprecedented disruption to our economic, health, and travel systems. The pandemic has demonstrated the importance of governments, scientists, and industry leaders working together to ensure healthy and thriving communities. How will this relationship re-write itself in the wake of the pandemic? In this panel discussion, speakers will look at how governments, scientists and industry leaders can better work together to protect global health and promote economic recovery using technology. Streaming on Monday 21st February at 5:30pm AEDT.
ASPI Webinar Launch: The future of assistance to law enforcement in an end-to-end encrypted world
ASPI
ASPI’s International Cyber Policy Centre is delighted to invite you to the online launch of its new report ‘The future of assistance to law enforcement in an end-to-end encrypted world’. Join report author Tom Uren alongside panellists Brendan Dowling, First Assistant Secretary of the Department of Home Affairs Digital and Policy Division, and Clair Deevy, Director of Public Policy at WhatsApp for a discussion on how encryption has affected assistance to law enforcement, moderated by ASPI's Fergus Hanson.
Research
From Online Mass Incidents to Defiant Enclaves: Political Dissent on China’s Internet
The University of Chicago Press Journals
Shen Yang and Fengshi Wu
This article examines political criticism and oppositional discourses on China’s Internet from 2012, near the end of Hu Jintao’s era, up through the current Xi Jinping administration. We focus on two main types of Internet activity in which criticism and discourses emerge—online mass incidents and defiant enclaves—and compare their discursive elements. The core messages and critiques by leading activists and dissidents and their followers in the latter have become more multilayered, radical, and antiregime. Both types of political dissent are alive and persist, but the potential for them to connect various social grievances has declined in recent years, as state control over the Internet and digital spaces has significantly tightened.
Jobs
ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice. Analysts usually have at least 5 years, often 7-10 years’ of work experience. Senior analysts usually have a minimum of 15 years relevant work experience and, in addition to research, they take on a leadership role in the centre and tend to be involved in staff and project management, fundraising and stakeholder engagement.
ICPC Data Analyst
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has an outstanding opportunity for talented Data Analysts to join its growing centre. ASPI’s ICPC undertakes complex research on some of the most challenging issues at the intersection of technology and public policy. How do we develop international norms to deter information operations and coercive diplomacy, how should we build international cooperation on the development of emerging critical technologies, what is the right balance between regulation and innovation? We deliver empirical research that is policy-relevant and we’re looking for people who can help us analyse data at scale.