Connect with us


Australian telco sector looking down the barrel of a prescribed security standard

Home Affairs will be looking to co-design a cyber standard with Australian telcos should the Critical Infrastructure Bill be passed.



telco-server-rack-gettyimages.jpg Image: Getty Images

The Department of Home Affairs has brushed aside industry concerns that the Security of Critical Infrastructure Act (SoCI Act) duplicates obligations found in the Telecommunications Sector Security Reforms (TSSR).

As far as the department is concerned, rather than overlapping regimes, there would be “one continuum” of regulation where the Telecommunications Act is paramount, but parts of the SoCI Act would be “activated” to fill in gaps.

“The explanatory memorandum for the Security of Critical Infrastructure Act amendments very clearly states that, where primary legislation exists that regulates the activities of a critical infrastructure sector, that primary legislation remains operant,” Home Affairs deputy secretary for national resilience and cybersecurity Marc Ablong told the Parliamentary Joint Committee on Intelligence and Security on Thursday.

“To the degree that we need to look at amendments to that act — minor in nature — to ensure that it is consistent with the positive security obligations that are set out in the [SoCI] Bill, we would do that to the Telco Act.”

Two such gaps in the Telco Act that Ablong identified were the ability of government to assist companies facing a significant cyber attack and the enhanced cybersecurity obligations.

“We don’t consider them to be rival regulatory regimes but parts of the one continuum that starts with companies very much recognising that they have a unique position as telcos. To the degree that the existing regulatory regime set out in part 14 can suffice, it will suffice,” he said.

“To the degree that it can’t suffice, that’s when the Security of Critical Infrastructure Act amendments will apply. But we don’t intend this to come as any surprise to the industry.”

One area where the TSSR is ambiguous is its requirement for carriage service providers to “do their best” to protect telecommunication networks and facilities, and both telcos and the department believe it needs clarification.

“We’d suggest that a higher standard than just doing your best might be required,” Ablong said. “To the degree that the language in the TSSR says, ‘Do your best,’ we might replace it with, ‘You are required to meet standard X,’ whatever the standard is that we and the industry come to a common view on in the co-design process.”

How the positive security obligation looks for each sector will be a co-design process with industry of looking at primary legislation and working out what needs to be added, the deputy secretary said.

“The obligation for the telco sector would be different to that for the banking sector, for instance,” Ablong said.

“The process of co-designing with industry and providing them with information about, ‘Here are the threats we think your industry will face over the foreseeable future; this is where we think your primary legislation requires you, or obliges you, to meet a certain security requirement; and this is what more we think you could add to your ability to meet an obligation under the Critical Infrastructure Act,’ is very much a co-design process.”

In the end, Ablong said the solution could be to replace the “Do their best” wording with a standard, whether it is the Essential Eight from the ACSC, or a standard from NIST or the UK’s National Cyber Security Centre.

“Ultimately, in the conversations that we have been having with industry … the first question is: To what standard do you hold yourself as an industry? Then you would ask: What are the measures that you’re using to assure yourself that, against the risks which we’ve talked about, you are able to deal with those risks?,” he said.

“If somebody says to me, ‘I use the NIST standards’ and another industry says, ‘I use the NCSC standards from the UK’, both of those are suitably robust that, for most intents and purposes, we would probably say, ‘That’s good enough’.”

Earlier in the day, Telstra and Optus raised concerns that the Critical Infrastructure Centre needed to provide more proactive advice to telcos, rather than just responding to alerts from telcos when changes to services, systems, or equipment could have a “material adverse effect” on their ability to meet TSSR obligations.

“Currently we get really good and detailed advice, but it has to be triggered by us putting in a notification or providing a briefing, and then that advice will come back,” Telstra national cybersecurity principal Jennifer Stockwell said.

“It will be very detailed and will help us to understand the risk for that particular project, but it would be very helpful to have more upfront, because then, when I’m working day to day with our network engineers and operational staff, I can provide them with the guardrails to start with, and that really helps decision-making and speeds up projects.”

In December, Optus revealed it was responsible for over half of TSSR notifications.

“Optus has reviewed the TSSR status of well over 150 projects and proposed changes over the last two years and submitted formal TSSR notifications for 36 of them,” it said at the time.

“The time for the resolution of these notifications has varied between 30 days to eight months.”

On Thursday, Telstra regulatory principal John Laughlin said Australia’s largest telco took a different approach.

“We have deliberately taken an approach where we notify on mitigated risk,” he said.

“We only lodge a notification after all the systems and controls are in place, where we still believe that there’s a material adverse effect to our ability to meet the security obligation.”

Stockwell added that Telstra only notifies on the end solution.

“The unmitigated risk is a risk that is not going to be realised, provided we have the adequate mitigating controls in place,” she said.

“It’s really important to mention that early engagement with the critical infrastructure centre and the ability to have that early engagement is critical to inform those controls so that we put all the appropriate mitigations in place, taking into account the full understanding of the threat landscape.”

Whether through bad preparation or obfuscation, Laughlin was unable to provide the committee with the number of notifications Telstra had provided, except to say it was “substantially less” than Optus.

The differences in notification thresholds is one of the reasons Home Affairs wants to have a “conversation” with telcos in the co-design phase to see if the government and private sector have different views on risk.

“If they have been thinking about it purely from the perspective of, for instance, somebody’s ability to cut the trunk cables and therefore their inability to provide a service to a portion of Australia, we would be equally concerned about the ability of somebody to hack in or intercept communications carried over their networks, but if they don’t consider that to be a material risk, then they’re not going to notify us or report about those sorts of things,” Ablong said.

The deputy secretary added the Critical Infrastructure Bill was necessary in light of the recent Colonial Pipeline incident.

“The critical infrastructure amendments … very much cover what is required in order for Australia to have greater assurance that the sorts of things that we saw with the Colonial Pipeline, for instance, in the United States are less likely to happen here, that we have taken all necessary measures to protect our critical infrastructure and for the entities involved in those sectors of the economy that might be considered critical infrastructure to have protected themselves.”

On the other side of the fence is the Communications Alliance, which has put forward a proposal to either repeal the TSSR notification obligations or exempt telcos that fall under the Critical Infrastructure Bill.

“We would very much prefer the certainty that comes with repealing provisions that could create duplication, as opposed to relying on the goodwill and best endeavours of agencies over time to avoid that through positive decisions of their own,” Comms Alliance CEO John Stanton said.

“Time moves on, people move on, and it would be preferable from our point of view if the requirements and obligations were clear and in legislation rather than subject to executive decision-making.”

Related Coverage

“We don’t consider them to be rival regulatory regimes but parts of the one continuum that starts with companies very much recognising that they have a unique position as telcos. To the degree that the existing regulatory regime set out in part 14 can suffice, it will suffice,” he said.




Apple releases emergency update for older iPhones and iPads

If you’re running iOS 12, this is an update for you.



Apple is getting pretty committed to the idea of pushing out security updates to older iPhones and iPads. Not only will the company continue to support iOS 14 come the release of iOS 15, we are also seeing a trickle of patches for older versions of iOS.

If you have an iPhone or iPad that’s still running iOS 12 — because that was the end of the line for your device — then Apple has released an emergency update that you need to download and install as soon as possible.


Because of the three security fixes contained in this update, two “may have been actively exploited.” In other words, the bad guys might already be using the vulnerabilities to compromise smartphones and tablets.

Must read: Apple will finally give iPhone and iPad users an important choice to make

iOS 12.5,4 is available for the following devices:

  • iPhone 5s
  • iPhone 6
  • iPhone 6 Plus
  • iPad Air
  • iPad mini 2
  • iPad mini 3
  • iPod touch (6th generation)

To check what version your device is running, tap on Settings > General, then on Software Update. Here you will see what version your iPhone of iPad is running along with any updates.

Note that if you have stayed on iOS 12 but the device is compatible with later versions, then this update will not be available to you. Your path is to upgrade to the latest release of iOS 14 or iPadOS 14.

There have been several high-profile security issuers plaguing iPhone and iPads over the past few months, and while for some there’s a hesitancy to install updates, it is the first and best line of defense against attack.

And iOS 12 and later will do it for you. Tap on Settings > General > Software Update > Customize Automatic Updates and then turn on Install iOS Updates.

Because of the three security fixes contained in this update, two “may have been actively exploited.” In other words, the bad guys might already be using the vulnerabilities to compromise smartphones and tablets.



Continue Reading


SSD market to reach $51.5 billion in revenue by 2025: IDC

The IDC is predicting that SSD unit shipments will increase with a CAGR of 7.8% in coming years.



The International Data Corporation is expecting an increase in worldwide solid state drive (SSD) revenue and shipments over the next four years, according to a newly published forecast of the market.

The IDC said SSD unit shipments are expected to grow with a compound annual growth rate (CAGR) of 7.8% and revenues are slated to increase at a CAGR of 9.2% from now until 2025. The market will reach $51.5 billion in revenue by 2025, according to IDC.

IDC also predicted that SSD capacity shipments worldwide will expand further at a 2020–2025 CAGR of 33.0%.

Jeff Janukowicz, research vice president at IDC, explained that the worldwide demand for SSDs has increased because the pandemic has accelerated the need for transformation.

The steep increases are driven by growing demands for storage that expanded throughout the COVID-19 pandemic as millions increasingly worked and schooled from home, using their own devices in many instances.

Demand for PCs has skyrocketed and the IDC said higher SSD demand is also reflected in the enterprise market, where companies are making investments in both cloud and traditional IT.

“IDC believes that most of the long-term trends remain intact, enabling broader SSD adoption over the forecast period, and worldwide SSD units and capacity shipped are higher than the prior forecast thanks to increasing demand from client devices, enterprise storage customers, and cloud service providers,” Janukowicz said.

The IDC added that there have been some key developments in the SSD market globally, including:

  • The pricing of SSDs is still volatile and elevated because of the increased demand.

  • Technological advancements, like NAND flash, will emerge in the next few years and “will continue to enable more cost-effective solutions helping to further increase demand for SSDs.”

  • Client SSDs are in higher demand because of permanent moves toward remote work and remote schooling.

  • Demand for SSDs among cloud and traditional IT market segments has continued to hold strong.

  • IDC believes lower prices will help “drive demand elasticity and system optimization around flash.”

The report also predicts similar growth in the HDD industry because of how COVID-19 has affected the markets for enterprise storage systems, PCs, personal and entry-level storage devices, video surveillance systems, and consumer electronics products. Worldwide HDD industry petabyte shipments are slated to see a compound annual growth rate of 18.5% through 2025, according to IDC.

Edward Burns, research director for IDC, noted that the client HDD market has had a long-term secular decline due to rising SSD attach rates. But the COVID-19 pandemic has over the near term increased the demand for certain types of HDDs, particularly mobile HDDs as well as capacity-optimized HDDs, Burns added.

Jeff Janukowicz, research vice president at IDC, explained that the worldwide demand for SSDs has increased because the pandemic has accelerated the need for transformation.



Continue Reading


Avaddon ransomware group closes shop, sends all 2,934 decryption keys to BleepingComputer

Bleeping Computer worked with Emisoft to create a free decryptor that any Avaddon victim can use.



Avaddon ransomware group, one of the most prolific ransomware groups in 2021, has announced that they are shutting the operation down and giving thousands of victims a decryption tool for free.

BleepingComputer’s Lawrence Abrams said he was sent an anonymous email with a password and link to a ZIP file named, “Decryption Keys Ransomware Avaddon.”

The file had decryption keys for 2,934 victims of the Avaddon ransomware. The startling figure is another example of how many organizations never disclose attacks, as some reports have previously attributed just 88 attacks to Avaddon.

Abrams worked with Emsisoft chief technology officer Fabian Wosar and Coveware’s Michael Gillespie to check the files and verify the decryption keys. Emsisoft created a free tool that Avaddon victims can use to decrypt files.

Ransomware gangs — like those behind Crysis, AES-NI, Shade, FilesLocker, Ziggy — have at times released decryption keys and shut down for a variety of reasons. A free Avaddon decryption tool was released by a student in Spain in February but the gang quickly updated their code to make it foolproof again.

“This isn’t new and isn’t without precedence. Several ransomware threat actors have released the key database or master keys when they decide to shut down their operations,” Wosar told ZDNet.

“Ultimately, the key database we obtained suggests that they had at least 2,934 victims. Given the average Avaddon ransom at about $600,000 and average payment rates for ransomware, you can probably come up with a decent estimate of how much Avaddon generated.”

Wosar added that the people behind Avaddon had probably made enough money doing ransomware that they had no reason to continue.

According to Wosar, ransom negotiators have been noticing an urgency when dealing with Avaddon operators in recent weeks. Negotiators with the gang are caving “instantly to even the most meager counter offers during the past couple of days.”

“So this would suggest that this has been a planned shutdown and winding down of operations and didn’t surprise the people involved,” Wosar explained.

Data from RecordedFuture has shown that Avaddon accounted for nearly 24% of all ransomware incidents since the attack on Colonial Pipeline in May. An eSentire report on ransomware said Avaddon was first seen in February 2019 and operated as a ransomware-as-a-service model, with the developers giving affiliates a negotiable 65% of all ransoms.

“The Avaddon threat actors are also said to offer their victims 24/7 support and resources on purchasing Bitcoin, testing files for decryption, and other challenges that may hinder victims from paying the ransom,” the report said.

“What’s interesting about this ransomware group is the design of its Dark Web blog site. They not only claim to provide full dumps of their victims’ documents, but they also feature a Countdown Clock, showing how much time each victim has left to pay. And to further twist their victims’ arms, they threaten to DDoS their website if they don’t agree to pay immediately.”

img-8885-1.jpg DomainTools

The group has a lengthy list of prominent victims that include Henry Oil & Gas, European insurance giant AXA, computer hardware company EVGA, software company Vistex, insurance broker Letton Percival, the Indonesian government’s airport company PT Angkasa Pura I, Acer Finance and dozens of healthcare organizations like Bridgeway Senior Healthcare in New Jersey, Capital Medical Center in Olympia, Washington and others.

The gang made a note of publishing the data stolen during ransomware attacks on its dark web site, DomainTools researcher Chad Anderson told ZDNet last month.

Both the FBI and the Australian Cyber Security Centre released notices last month warning healthcare institutions about the threat of Avaddon ransomware.

screen-shot-2021-06-11-at-10-11-24-pm.png Australian Cyber Security Centre

The notice said “Avaddon threat actors demand ransom payment via Bitcoin (BTC), with an average demand of BTC 0.73 (approximately USD $40,000) with the lure of a decryption tool offered (‘Avaddon General Decryptor’) if payment is made.”

The group was also implicated in multiple attacks on manufacturing companies across South America and Europe, according to the Australian Cyber Security Centre.

Cybersecurity firm Flashpoint said that alongside REvil, LockBit, and Conti, Avaddon was one of the most prolific ransomware groups currently active.

Digital Shadows’ Photon Research Team told ZDNet in May that a forum representative for the Avaddon ransomware took to the Exploit forum to announce new rules for affiliates that included bans on targeting “the public, education, healthcare, and charity sectors.”

The group also banned affiliates from attacking Russia or any other CIS countries. US President Joe Biden is expected to press Russian President Vladimir Putin on ransomware attacks at a summit in Geneva on June 16.

“This isn’t new and isn’t without precedence. Several ransomware threat actors have released the key database or master keys when they decide to shut down their operations,” Wosar told ZDNet.



Continue Reading


CNBC3 hours ago

Oracle guidance misses expectations, stock drops

Oracle reported better-than-expected results and showed accelerating growth compared with the immediate impact of the coronavirus last year.

Ventureburn16 hours ago

Wayja releases SA’s first peer-to-peer betting app

Wayja launches its cashless peer-to-peer betting app, available on the Wayja site and on all major app stores by December...

ZDNET22 hours ago

Apple releases emergency update for older iPhones and iPads

If you're running iOS 12, this is an update for you.

Crunchbase1 day ago

Macrometa Locks Down $20M To Be The Amazon Prime Of Edge Computing

Palo Alto, California-based edge compute company Macrometa closed a $20 million Series A less than eight months after announcing its...

Cointelegraph1 day ago

Crypto miners eye cheap power in Texas, but fears aired over impact on the grid

Can Texas meet the electricity demands of migrating Chinese Bitcoin miners?

Coinpedia2 days ago

Bitcoin Cash Price Prediction, Will BCH Hit Incredible Surges At $1000?

According to Coinpedia's formulated Bitcoin Cash price prediction, the coin's price may strike a maximum of $1417.33 by the year...

Blockchain news2 days ago

US Space Force Makes its Foray into the NFT Metaverse

The United States Space Force is launching an NFT series named after Neil Armstrong.

Reuters2 days ago

EXCLUSIVE Galp to hold off on LNG investment until Mozambique ensures security

Portugal's Galp Energia (GALP.LS), a partner in an Exxon Mobil-led gas consortium in Mozambique, will not invest in onshore plants...

Techcrunch2 days ago

Golden Gate Ventures forecasts a record number of exits in Southeast Asia – TechCrunch

Despite the pandemic’s economic impact, Southeast Asia’s startup ecosystem has proven to be very resilient. In fact, a new report...

Bioengineer2 days ago

Physical activity reduces cardiovascular risk in rheumatic patients

People with diseases such as rheumatoid arthritis and lupus are more likely to have heart attacks, angina, and strokes. A


    Select language