Connect with us

NEWS

Strengthening ICT supply chain resilience is everyone’s business

December 13, 2021 2:22 p.m.

By Genie Sugene Gan, Head of Government Affairs, Asia-Pacific, Kaspersky

NotPetya, WannaCry, ShadowPad, and Sunburst may or may not be household names, but these malware, and many more, have unleashed significant harm on the world.

Recently, one such instance of malware was used to attack an IT services company based in Dublin, which supplies security software to scores of large cybersecurity contractors. Working through the company, hackers infected hundreds of its clients worldwide with ransomware, and demanded USD 50,000–5 million from each business in exchange for the decryption key.

Earlier this year, another attack hit an American IT software company, and subsequently infiltrated nine U.S. federal agencies, including the Office of the President, and the Treasury and Commerce Departments.

What these attacks have in common is their modus operandi: hackers targeted software vendors or IT companies to gain backdoor access to their clients’ systems, infecting hundreds and thousands of systems in one go.

This is perhaps how “supply chain” got its name – each part of the process stream is inevitably linked to another. When one part gets affected, a domino effect soon follows. 

The Problem 

ICT supply chain cyberattacks are on the rise – the European Union for Cybersecurity estimates a four-fold growth in attacks in 2021 compared to 2020. The risk is compounded as vulnerabilities can be introduced at any phase of the ICT life cycle: from design – through development, production, distribution, acquisition and deployment – to maintenance.

The impact of these breaches is also set to grow, given the increasing interconnection of IT systems across organizations, sectors and countries. In a 2019 survey by Gartner, 60% of organizations reported working with more than 1000 third parties.

Upon successful infiltration, cybercriminals enjoy free rein to conduct cyber espionage, steal data and intellectual property, or extort money through ransomware attacks, which have been on the rise. From 2019 to 2020, the number of Kaspersky users encountering targeted ransomware – malware used to extort money from high-profile targets such as corporations, government agencies, and municipal organizations – increased by 767%.

While the impact on governments and enterprises may feature more prominently, the wider public is not spared. An attack on a grocery chain could force the temporary closure of scores of supermarkets, or a virus may be unleashed on millions of PC users through a software update (as, for example, occurred in the ShadowHammer3+1 attack, which Kaspersky detected and promptly mitigated in 2019). Taking it further, the compromise of systems providing healthcare or public utilities may disrupt the provision of these essential services. And these are the very day-to-day things that affect individuals like you and me. 

Early Responses

Recognizing the risks and impact of supply chain cyberattacks, more countries are taking action. Since 2020, national cybersecurity strategies were either released or updated across Asia-Pacific, including in Singapore, Malaysia, Australia and Japan. Other countries, like Vietnam, India and Indonesia, are soon expected to release their own national strategies or implementation details too.

But when it comes to ICT supply chain resilience, the solution is more complex in view of the multitude and range of stakeholders involved. Some governments have intervened, with a focus on protecting the ICT supply chains of Critical Information Infrastructure (CII):

  • In 2018, the U.S. Department of Homeland Security established the ICT Supply Chain Risk Management Task Force, a public-private partnership to develop consensus on risk management strategies to enhance global ICT supply chain security. The Task Force has released guidelines on the sharing of supply chain risk information, and risk considerations for managed service provider customers.
  • The Australian Cyber Security Centre also published guides this year for businesses to identify cybersecurity risks associated with supply chains, and to manage these risks.
  • The Cybersecurity Agency of Singapore announced that it will shortly launch a CII Supply Chain Programme for stakeholders to adhere to international best practices and standards for supply chain risk management.

The Way Ahead

The global nature of ICT supply chains necessitates a stronger, coordinated response at every level.

Globally, countries and International Organizations (e.g., INTERPOL, the UN, ASEAN, Europol) have taken steps to tighten cooperation and share best practices:

  • Multilateral platforms – Today, the United Nations Group of Governmental Experts and Open-ended Working Group are platforms that can be used by countries to develop consensus around cyber processes and norms. Conferences such as the UN Internet Governance Forum provide further opportunities to discuss at the working level: in 2020, Kaspersky together with our partners organized a workshop to discuss the need and ways to develop assurance and transparency in global ICT supply chains.
  • Bilateral partnerships – Countries around the region, including Vietnam, India, Japan, Singapore, China and South Korea, have committed to MOUs on various aspects of cybersecurity – an important step in making progress domestically and globally.

While each of these platforms plays an important role in building consensus, exchanging knowledge and best practices, and harmonizing standards, moving forward, it is imperative to have more targeted conversations on global ICT supply chain resilience, given the wide-ranging types of actors and impact involved globally.

Nationally, governments must continue to drive nationwide efforts to establish a baseline level of cybersecurity across sectors through laws, regulations, guidelines, training requirements and awareness building. The examples above provide a sense of some of the measures undertaken by governments. 

Given the integrated nature of ICT supply chain resilience, there is a particular need to develop core principles (e.g., security-by-design), technical standards and legislative/regulatory frameworks to ensure a consistent level of cybersecurity and accountability across stakeholders. Self-assessment tools can also be published in addition to facilitate implementation.

Individually, everyone is responsible for ensuring our collective cybersecurity. Naturally, businesses that develop products and maintain systems must lead the way. 

At Kaspersky, we believe that transparency in the components within and connections across software supply chains is the best way to ensure the integrity and trustworthiness of our digital infrastructure. Our commitment to this principle is evidenced by our Global Transparency Initiative, where, among other things, we: 

  • Welcome third parties to review our source code. More recently, we made it easier for our partners and the public to understand what is inside our products by providing a software bill of materials – a list of all the components, information about them, and the relationships between them. 
  • Practice responsible vulnerability disclosure, and have on many occasions, alerted IT companies regarding vulnerabilities in their systems, averting several potentially significant cyberattacks.

Cybersecurity is everyone’s business because our collective cybersecurity is only as strong as that of the weakest link among us. To remain ahead of the game, a holistic approach involving all stakeholders is required. We must look beyond playing catch-up and reacting to cyberthreats. It is imperative to take a long-term approach in designing the cybersecurity ecosystem, which includes building a strong talent pipeline to meet the needs of CERTs, forensic analysis teams, and IT departments, and designing CII that is secure-by-design. 

The ideas above are by no means an exhaustive list, but hopefully, they provide an idea of where to begin – together – in view of the long way that lies ahead of us.

Continue Reading
Advertisement

Click to comment

Leave a Reply

Your email address will not be published.

NEWS

How to watch NSFW/NSFL content safely and discreetly

February 12, 2024 1:55 p.m.

Want to hide your guilty pleasures from prying eyes? Do it properly, suggests Kaspersky experts

You may have already heard about NSFW (not-safe-for-work) or NSFL (not-safe-for-life) and what it means to your self-preservation or at the very least, your reputation. 

If you’re still clueless, it refers to online content that is best viewed in private. Examples would be medications you take, gifts you were checking out for your loved ones and sensitive videos you watched before bed.  

“The kind and amount of information that we can now access through the internet is almost limitless. And many of us are happy to do things online. On the flipside, our research shows some prefer to keep those habits to themselves. In fact, many see the Internet as a place to hide,” said Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky. 

In a study by Kaspersky on digital privacy, almost half of respondents (41%) said they apply additional measures when browsing the Internet to hide their information from the websites they visit. The same study revealed that family members, colleagues and the government are the top three groups of people we don’t want to know certain things about us. 

“With online content at our fingertips, people will read and watch online whatever they want to. Whichever it is, we recommend doing it safely. Remember your digital reputation is closely linked to your personal reputation. With a stroke of unfortunate luck, your online habit or personal information can accidentally become available to others, despite your wishes. Not only would it make you a target of malware but it could end up costing you your job,” added Yeo. 

This article explains who can catch sight of your online activities and how to make sure your secrets are safe.

  1. Your family

You likely share a computer and a Wifi network with your family. This means your partner, kids, or parents—anyone you share a home with—could discover traces of your online activities. Here are what could give you away:

  • Browser history It remembers the websites you visit and suggests them the next time you want to visit one of them. It can come in handy but can lead to some awkward moments like if your partner or your child types in the letter P (for Pinterest) and gets a suggestion for P(ornhub). 
  • Targeted advertising When you open a website, the browser saves cookie files on your computer, which allows the site to remember things about you (like your username, pages you viewed, contents of your shopping cart, etc). They also give ad network-partners of the website’s owner information about you for suggesting similar content. The giants of the Web, such as Google, will not show erotic banners, of course. But less-scrupulous ad networks may. 

Tip: It’s best to go into incognito mode before watching private videos, to avoid embarrassment later. Using it avoids leaving browsing traces for your family to discover. Some browsers such as Yandex.Browser will suggest it if you open a porn site. By running in incognito mode, your browser stores no cookies and no search history. Your family will see none of those treacherous suggestions in the address bar.

As for the cookies and browser history you have already accumulated, clear them. Open the browser’s settings: In Chrome, for example, the option will be visible immediately, and in Firefox, you will need to go to the Privacy & Security tab.

  1. Internet giants

Cookies are not the only way to find out about your interests, so incognito mode will not hide information about your hobbies from big Internet corporations. Facebook will still learn about the things you like if you visit websites that are integrated with its analytics and advertising modules — and you would not believe how many of those are around. 

Google will still remember what you searched for and what sites you opened in Chrome. This year, Pornhub revealed that the Philippines topped its website viewership for the fourth consecutive year. The website shared that they’ve monitored getting more female viewers than male viewers in the country through the demographics data tracking of Google Analytics.

Tip: Fortunately, not all companies want to collect all of the data they can about you. Privacy-centric browsers like Firefox and search engines such as DuckDuckGo and Startpage.com, along with the Private Browsing feature in Kaspersky products can help prevent tracking by advertising networks and Internet giants. 

  1. Your ISP

Few will pause to think that their ISP, as well as the owner of the free Wi-Fi they are using, can monitor their traffic. We suggest you put some safety measures in place, which is not nearly as hard as it may sound, unless you like the thought of your passions becoming some mischievous ISP employee’s source of entertainment.

Tip: Use a secure connection like a VPN (virtual private network) to dodge those whose curiosity gets the better of them. Doing so will encrypt your traffic so strongly that the ISP will see nothing but gibberish.

  1. Porn scammers

Scammers who email you saying they have infected your computer with malware and used a Web camera to make a video of your naughty pleasures really have no idea if you have been watching porn or not. They are simply mass-mailing their threats in the hope that someone will bite. 

Tip: Do not fret. Never pay scammers who claim to have caught you watching adult content. If you receive an email like that, send it straight to spam.

Remember safety measures

Although the creators of well-known porn websites protect their reputations, it is not impossible to get your device infected while searching for adult videos. From time to time, cybercriminals hack networks that display ads on such websites or attempt to pass off a fake.

The malware is unlikely to hack your webcam, but it may very well block your screen with an explicit picture or start displaying gobs of explicit ads in your browser. So, remember these safety measures.

  1. Choose websites you know. Avoid opening questionable websites from search results that promise premium content free.
  2. Download apps from official sources only.
  3. Do not click on links in ads, even if they are hard to resist.
  4. Use a robust protective solution such as Kaspersky Premium. It will block a malicious program, should one attempt to infect your device. 
Continue Reading

NEWS

Celebrate Chinese New Year at Honolulu Cafe

February 10, 2024 5:34 p.m.

Celebrate Chinese New Year at Honolulu Cafe.

Try their best- seller Roasted Pork Belly and Egg Tarts.

Roasted Pork Belly
Egg tarts

Honolulu Cafe located at SM Aura, Robinson’s Place Manila and Greenbelt 5.

Continue Reading

NEWS

DITO breaking barriers with lowest postpaid plan, UNLI 5G Offers

February 1, 2024 6:21 p.m.

DITO Telecommunity, the fastest-growing telecommunications provider in the country, disrupts the postpaid market with its newest and most affordable postpaid plans- DITO Mobile Postpaid FLEXPlan 388 and UNLIMITED 5G data offering for all SIM-Only plans- both designed to provide Filipinos with data-packed plans at the most affordable prices. 

The new FLEXPlan 388 SIM-Only is DITO’s starter plan for individuals who want to start their postpaid journey. Customers can enjoy a total of 50GB of data; the usual 25GB plus an additional 25GB of 5G data, UNLI all-net calls & texts, and a bonus 12-month Prime Video subscription- all these with absolutely no lock-in period. 

In addition to all these values, DITO is also giving all new FLEXPlan 388 subscribers a special introductory offer of PHP 288 per month for the first three months, valid for a limited period.

“In time for the new year, our DITO Mobile Postpaid FLEXPlan 388 is our best and lowest postpaid deal yet since we launched our postpaid plans last year. Introducing this plan is a testament to our commitment to providing equal access to everyone, ensuring that our customers receive exceptional value-for-money plans without spending much,” said Evelyn Jimenez, DITO Chief Commercial Officer. 

Customers can apply for DITO FLEXPlan 388 SIM-Only via the DITO App, DITO Website, DITO Experience Stores, and device retail partners.

Additionally, DITO revamps its SIM-Only Plans and introduces UNLIMITED 5G data offerings for SIM-Only Plans for as low as Php 888, which comes with 40GB of 4G data per month. 

image.png

All SIM-Only plans come with UNLI all-net calls and texts and no lock-in period. Customers can also enjoy DITO’s Advance Pay feature for SIM-Only Plans, which allows advance payments for monthly subscription fees with up to 40% discount! 

“Meanwhile, we also revamped our SIM-Only plans and added UNLIMITED 5G data offerings because we want to provide our customers with limitless browsing experience and unparalleled 5G service to elevate their digital lifestyles at very affordable costs,” Jimenez added. 

To enjoy UNLI 5G postpaid plans, customers can apply via the DITO App, DITO Website, or DITO Experience Stores nationwide. 

“At DITO, we ensure that our connectivity meets affordability. We aim to bridge the gap between our customers’ digital dreams and reality. We want to democratize the postpaid market and give every individual the chance to experience the benefits of mobile postpaid,” Jimenez concluded. 

For more updates on the latest postpaid offers, visit https://dito.ph/postpaid.  

Continue Reading