Researchers at ETH Zurich have identified a series of vulnerabilities in AMD’s CPUs. The vulnerabilities have been identified in CPUs with the Zen 3 and Zen 4 architecture in particular and are present across the board in both desktop and laptop CPUs and APUs with the architecture.
The vulnerability, identified now as “Inception”, takes advantage of speculative execution, a technique where a computer predicts and performs operations it anticipates needing in the future. Using an attack method called Training in Transient Execution (TTE), the affected CPUs can be manipulated to believe that they have seen a certain set of instructions before even if it has never happened before.
In the simplest of terms, the exploit acts exactly like how Leonardo DiCaprio and his team did in the movie “Inception”. Similar to how they were able to plant an idea to retrieve information, the vulnerability in AMD CPUs can do the same thing.
In fact, XDA Developers described that “Inception” takes its name from the movie of the same title, where the central concept involves implanting an idea in someone’s dream. In the exploit context, researchers metaphorically implant an “idea” into the CPU during its “dream-like” state, causing it to execute incorrect instructions. This manipulation of the CPU’s control flow is the core mechanism exploited by Inception.
Exploiting A Kernel Memory Breach
The vulnerability poses a serious security threat as “Inception” is an end-to-end exploit that can covertly leak sensitive information from Zen 3 and Zen 4 processors. The exploit can access confidential kernel memory, including sensitive files like “/etc/shadow” on Linux systems. This file holds hashed user account passwords, typically safeguarded and accessible only to the root user.
According to XDA Developers, with a leakage rate of up to 39 bytes per second, Inception has the capability to retrieve these passwords within 40 minutes.
Exploitation of Speculative Execution
The workings of Inception draw parallels to a similar exploit named Zenbleed. ETH Zurich researchers leveraged the TTE technique to craft an attack capable of infiltrating AMD Zen CPUs. This involves manipulating speculative execution to carry out actions that may not be immediately necessary, a strategy often used to optimise processing.
A central component in this attack is the Branch Target Buffer (BTB) and the Return Stack Buffer (RSB). Inception disrupts branch prediction during the transient window by introducing fresh predictions into the branch predictor. This action creates more powerful transient windows, which can then be exploited to overflow the Return Stack Buffer. Ultimately, this allows Inception to take control of the CPU.
Preventing Exploitation and Mitigation Strategy
AMD has acknowledged the vulnerability in a recent bulletin. The company has released a µcode patch for the affected processors which can be applied via a BIOS update.
According to XDA Developers, like Intel’s “Spectre” vulnerability, effective mitigation strategies remain challenging. One proposed mitigation approach involves flushing the branch predictor during context switches. However, this could inflict significant performance degradation.
If you are using one of the following processors, it would be best to check for a BIOS update.
Desktop CPUs & APUs:
3rd & 4th Gen AMD EPYC CPUs
Ryzen 5000 & 4000 Series Desktop Processors (including CPUs like Ryzen 5 5600G or Ryzen 7 4700G APUs)
Ryzen 7000 Series Desktop Processors
Ryzen Threadripper PRO 5000WX Series Processors
Mobile CPUs:
Ryzen 5000 Series Mobile Processors
Ryzen 6000 Series Processors (with Radeon Graphics)
Ryzen 7035 Series Processors (with Radeon Graphics)
Ryzen 7030 Series Processors (with Radeon Graphics)
Ryzen 7040 Series Processors (with Radeon Graphics)
Cybersecurity is a big talking point today. It is not a new thing; it really has been a concern since the digital age. There are always going to be perpetrators out in the wild who try to cheat, game systems, and even do harm to others for their own benefit. The most recent security threat, and still is one of the biggest threats to cybersecurity, is ransomware.
The thing is, while there are numerous talks about how cyber security should be implemented in corporations and company devices, we often forget that the cyber-first world encourages users to also use their own personal devices for work and at work – your smartphones for example. Where your organization’s issued devices are locked down and secured, your own devices are not. Where Your organization implements security measures on their own back-end digital infrastructure, your own devices are often left untouched. Where your company protects itself, you are left unprotected. So, what do you do?
You get yourself a protection plan of yourself of course. You get yourself Kaspersky’s latest and most comprehensive protection program. For 2023 Kaspersky introduces products that are more streamlined than ever and more comprehensive for all kinds of budget. With updated UI, the Kaspersky protection suites are also made to be more intuitive than ever while offering the most comprehensive protection and control back to users. Their latest suites also offer protection for Windows, Mac, Android, and even iOS.
Kaspersky Standard, or Plus, or Premium
The product naming scheme has become even more simplified than before too. Now you pick between the Standard, Plus, and Premium protection plans that offer different coverage and protection layers. Of course, they come with different price points too.
With the Standard package starting at MYR 70/year (1 device), you get the full might of Kaspersky’s antivirus program that will also detect and remove viruses or malware even before you get your Kaspersky security suite. On top of that, you get real-time protection against the latest known threats to your devices. Kaspersky standard also comes with Safe Browsing and Anti-Phishing suites alongside Firewall and Network Monitor to further protect yourself from malicious websites, downloads, extensions, and even applications. Unlike older cybersecurity suites that tend to slow your PC down, the new Kaspersky security suite offers Quick Startup, PC Speed-up, and Disk Cleanup Tools to ensure that your PC is always working optimally. If you game on your devices too, Kaspersky offers a Game and Do Not Disturb modes to ensure that your devices work to offer the best performance for your games while ensuring that you are not disturbed in an intense battle.
The Plus suite from MYR 96/year (1 device) onward adds an unlimited VPN subscription and Premium Password Manager to the mix. You also have access to Data Leak Checker that monitors the internet and dark web for compromised personal data while offering steps to ensure that your data is always protected. The plan also offers users the ability to monitor their home network and the devices that are connected to the network.
The Premium plan offers the full might of what Kaspersky can offer you for MYR 139/year (1 device) onward. On top of everything you get from the Standard and Plus plans, you also get Kaspersky’s identity protection suite and premium technical support that can even help you install your Kaspersky application for you, if it is too much of a hassle for yourself to do. They also offer the occasional PC health checks done by a professional if you need. In terms of identity protection, they offer something they call an Identity Protection Wallet that stores copies of your sensitive data including identification documents and even licenses in an encrypted format. There is also a one-year free subscription of Kaspsersky Safe Kids suite to further protect your family.
Price and Availability
Kaspersky’s Standard, Plus, and Premium protection plan is now available for MYR 70/year onward (Standard, 1 device) all the way to MYR 195/year (Premium, 5 devices). You can get them from Kaspersky’s website or authorized retailers across the nation. If you choose to get your Kaspersky protection suite now from their website, you are entitled to a 17% introductory discount for your 1-year subscription.
Hacks, lost accounts and compromised emails may be a thing of the past with companies moving towards a “passwordless future”. Google is the latest to bring this future to the present with its introduction of “Passkeys”, a new way to log in to your Google accounts moving forward.
“Passkeys” will use biometrics like facial recognition and fingerprints to log in to your accounts. How? Well, it will use your smartphone. Yes, this also means that you’ll be able to use your screen lock PIN to log in to your Google account. However, it also makes your password obsolete. So, you won’t need to have that notebook or that codenamed document on your PC with all your passwords recorded. According to Google, these passkeys resist online attacks like phishing and are more secure than SMS one-time codes.
That said, Google isn’t forcing all users to immediately migrate over to using passkeys. Instead, users will be able to opt-in to using Passkeys in addition to their password and two-factor authentication (2FA) by going to g.co/passkeys. For companies using Google Workspaces, administrators will soon be able to activate passkeys for their end users.
Setting up passkeys for your Google account is pretty straightforward. You can either use the g.co/passkeys link or look under your account’s security settings. You will now see a new setting called passkeys. There you will be given the option to activate passkeys for your account. It will automatically turn your most recently used Android devices into passkeys. So, you may want to clean up the list of devices with access to your account. Once you activate the feature, you’ll be prompted on your phone or Windows device when you sign in to verify your identity.
Are you excited for a “passwordless future”? Sound off in the comments below.
Cybersecurity company ESET released its latest APT Activity Report, shedding light on coordinated threats to cybersecurity across the globe for 2022. Advanced Persistent Threats or APT, are broadly defined as targeted cyberattacks by either a single person or a coordinated team over a long period of time. Typically the objective is to obtain sensitive data from the target, which includes intellectual property, sensitive information such as financial details, a website takeover or even sabotage. The report compiles data from the period from September to December 2022 analyzed by ESET researchers.
ESET reports on APT threats for the end of 2022.
Ukraine targeted by new malware from Russian-APT Sandworm
During this period, the most notable cyberattack campaigns observed were perpetrated by Russian-aligned APTs targeting Ukraine. The most prominent was an attack by the APT group Sandworm in October targetting an energy sector company in Ukraine. Sandworm used a previously unknown wiper for the attack, a malware that deletes all the files on affected hard drives. ESET has named this wiper, NikoWiper, and it was found to be based on SDelete, Microsoft’s command line for secure file deletion.
Cyberattacks on Ukrainian energy sector linked to Russian-aligned APT Sandworm. Image source: Bleeping Computer
The Sandworm attack against the Ukrainian energy company in October 2022 coincided with the same period of the Russian military attacks. Russian forces launched missile strikes targeted at energy infrastructure too, suggesting some form of coordination and shared objectives. While ESET does not have evidence for this coordination, ESET’s report has noted that APT groups have been known to be operated by a nation-state or state-sponsored threat actors.
More ransomware attacks and spearphising campaigns
ESET reports that Sandworm also used ransomware in the same attack, with the final objective appearing to be data loss or destruction. In this case, ransomware will be used to lock the files in company computers but Sandworm will not offer the decryption key for a ransom, as in a typical ransomware attack. More ransomware attacks were observed in this period, with the Prestige ransomware, associated with Russian-based threat actor IRIDIUM, deployed against logistics companies in Poland and Ukraine. Also in October, ESET discovered and reported on Twitter, a new ransomware in Ukraine written in .NET they named RansomBoggs. Other Russian APTs such as Callisto and Gamaredon were conducting spear-phishing campaigns in Ukraine. These are email or communication-based scams intended to steal credentials or other sensitive information.
Chinese-based APTs Goblin Panda and Mustang Panda beginning to target European countries. Image source: SOCradar
Chinese-based APTs Target EU and Other Global Cyber Threats
Cyber threats were reported in other parts of the world as well. Chinese-based APT Goblin Panda, which typically targets the United States, have recently begun targeting European countries, a similar trend seen in another Chinese-APT, Mustang Panda. A Goblin Panda backdoor was found in a government organisation in the European Union, named TurboSlate by ESET. Similarly in Switzerland, ESET detected a Korplug loader used by Mustang Panda in an energy and engineering organisation. In Iran, the APT POLONIUM has targeted both Iranian companies and their foreign subsidiaries while the APT MuddyWater had likely compromised a security service provider. Cryptocurrency firms have more bad luck as North-Korean APTs were detected to target these firms and crypto exchanges globally with old exploits.
For full details on ESETs findings, the APT Activity Report for T3 2022 can be found on WeLiveSecurity here.
The unprecedented disruption the world faced during the past two years forced governments to rewrite the rulebook on how they serve their citizens. During the COVID-19 pandemic, public sector organizations across Asia Pacific and Japan (APJ) had to act quickly to find digital solutions to everyday challenges to keep citizens safe and productive. Enabled by cloud technology, digitized government agencies became better equipped to offer citizen, educational, and healthcare services, which helped improve and even save lives.
As we emerge from the crisis, the experience, momentum, and lessons learned have heightened potential for leaders to drive digitization as a priority to deliver their national agendas. Public sector organizations across APJ are pivoting from the pandemic and looking ahead to how digital transformation enabled by cloud can help to seize opportunities to deliver faster, more innovative, and modernized citizen services.
Scaling Digitization for Public Sector Organizations
According to a Gartner survey in 2021, digitally advanced government organizations realize more benefits of modernization, including higher efficiency, cost reductions, greater workforce productivity, compliance, and transparency. Research by Amazon Web Services (AWS) Cloud Economics shows that AWS customers in ASEAN – across commercial and public sectors – who migrated to AWS are seeing an acceleration in innovation, with an approximate 29% reduction in time-to-market for new features and applications, about 41% increase in employee efficiency, and an improvement of about 37% in operational resiliency through less downtime of services.
In the last year, AWS has signed six government cloud services agreements across APJ to boost digitization, supporting these governments with our network of local partners as they move their customers and themselves to the cloud, including Malaysia, and Thailand in ASEAN. These initiatives help governments save lives, provide critical citizen services, and support learner outcomes – ultimately changing the way society engages, educates, and does business for good. They also enable opportunities for local businesses on the AWS Partner Network to work closely with public sector customers to solve some of the biggest community challenges.
Enabling Security, Resilience, and Continuity through the Cloud
Aside from accelerating the speed and scale of digitization, leveraging the cloud also ensures security, resilience, and continuity. This creates a safe and reliable environment for students to learn, employees to work remotely, and citizens to access government services and healthcare.
In Indonesia, when the Bali Provincial Government launched its Smart Island initiative to transform the Indonesian island into a digital province, the Communication, Information, and Statistics Agency of Bali (Diskominfos) migrated its data to AWS cloud from an on-premises infrastructure. Launching an attendance system using machine learning technology, it enabled 19,820 public service employees to sign in to the office virtually, saving almost 69% in monthly costs for its attendance system. Many of Bali’s other critical applications are also built using AWS solutions, including a traditional village census system, a health facility oxygen monitoring system, and an asset management system.
By digitally transforming on the cloud, the public sector can rapidly scale services to meet spikes in demand, wind-down operations to reduce costs, and innovate widely using the latest cloud technology.
More Digital Skills Needed to Support Digitization
As the digitization momentum accelerates, governments across APJ will also need to prioritize digital skills training for their workforce in order to unlock the cloud’s full potential. The recent “Building Skills for the Changing Workforce” report produced by AWS and AlphaBeta shows that Australia, India, Indonesia, Japan, New Zealand, Singapore, and South Korea will need to train an estimated 86 million more workers in digital skills collectively over the next year to keep pace with technological advancements – equivalent to 14% of their current total workforce. The report also noted that three of the five most demanded digital skills by 2025 will be cloud-related.
In Thailand, the Ministry of Digital Economy and Society is collaborating with AWS to train more than 1,200 public sector employees with cloud skills, so they can implement cloud technologies at scale, make better data-driven business decisions, and innovate new services to drive improved outcomes for citizens. In Indonesia, its Information and Communication Technology Training and Development Center (BPPTIK Kominfo) worked with AWS to get its employees up to speed on cloud knowledge, in support of Indonesia’s goal of creating a pool of about 9 million digital professionals by 2030 as part of its national digital information agenda. And in Malaysia, AWS has worked to provide cloud training for the Malaysian Administration Modernization and Management Planning Unit (MAMPU) to help accelerate their cloud use and fulfil mission-critical needs. This is in addition to the training of over 3.5 million users across Asia Pacific since 2018.
Looking ahead, we will need to move beyond business as usual to close the skills gap and create conditions for successful digitization. Governments, educators, and industries across APJ will need to collaborate more closely than ever to give all individuals the opportunity to build and deepen their digital skills that will support digitization momentum now and in the future.
Closer Collaboration Needed to Unlock the Potential of APJ
As societies and communities across APJ continue to evolve, organizations of all kinds – from governments to industries to non-profits – will need to come together to solve some of the biggest issues we are facing, from helping marginalized communities to addressing climate change.
This is why AWS launched Cloud Innovation Centers (CIC), to serve as a platform for public and private sector organizations to collaborate, solve challenges, and test new ideas with AWS’s technology expertise. In Singapore, AWS is partnering with East Coast Town Council and Accenture on a six-month pilot to deploy cloud-powered sustainability solutions in municipal estate management, to support Singapore’s move towards its net zero carbon emissions goal by 2040.
We encourage collaborations between governments, industry, and cloud services providers to enable long-term scaling of digital programs. The momentum has been established, so let’s continue to ride the wave and work together to keep digitization at the forefront of the region’s push for progress as we pivot from pandemic to prosperity.
Cloud technology has been an integral component in paving the way for organizations across industries to undergo digital transformation. Globally, 50% of organizations are adopting a cloud-native approach to support both employees and customers, and the number of connected devices is expected to climb to 55.9 billion by 2025.
In Malaysia, we’ve also seen swift progress in cloud adoption – with the most recent milestone being the upgrade of the Malaysian Government’s Public Sector Data Centre (PDSA) into a hybrid cloud service called MyGovCloud. The pace of cloud adoption is expected to accelerate following the government’s decision to provide conditional approval to Microsoft, Google, Amazon, and Telekom Malaysia to build and manage hyperscale data centres and cloud services in Malaysia.
With cloud-based systems becoming a key component of organizations’ operations and infrastructures, malicious actors have been turning to the cloud, taking advantage of weaknesses in cloud security to perform various malicious activities — leading to new complexity regarding effective attack surface risk management.
Why Malaysian Businesses Need Better Risk Management
The shift to the cloud and dramatic increase in connectivity gives malicious actors new and often unmanaged attack vectors to target.
As revealed in Trend Micro’s semi-yearly Cyber Risk Index (CRI) report, 67% of organizations in Malaysia report they are likely to be breached in the next 12 months – indicating a dire need for local organizations to be better prepared in managing cyber risks.
To better reduce the risk of cyberattacks, enterprises must first understand how cyberattackers are exploiting the cloud for their own benefit and bridge security gaps by proactively anticipating data breaches.
One of the most common ways that organizations put themselves in a vulnerable position to be attacked is through misconfigurations of the cloud. While misconfigurations might seem straightforward and avoidable, they are the most significant risk to cloud environments – making up 65 to 70% of all security challenges in the cloud. This is especially true for organizations that have been pushed to migrate quickly to the cloud since remote work became the new norm.
Malicious actors are also turning to low-effort by high-impact attack strategies in gaining access to cloud applications and services. On top of exploiting new vulnerabilities in an enterprise’s network, cyberattackers will persistently exploit known vulnerabilities from past years as many enterprises still lack the ability to get full visibility on environments that are left unpatched.
How Malaysian Businesses can Stay Prepared
Since criminals can execute their attacks more effectively, they can also target a larger number of organizations, potentially leading to an increase in overall attacks. Organizations now have much less time to detect and respond to these incidents, and this will be expounded as the business model of cybercriminals matures further.
With that in mind, enterprises must strengthen their security posture foundations to defend against evolving cyberthreats. Among the key cybersecurity strategies to adopt include:
Automating everything
We live in a world where skills shortages and commercial demands have combined to expose organizations to escalating levels of cyber risk. In the cloud, it leads to misconfigurations and the risk of knock-on data breaches, as well as unpatched assets which are exposed to the latest exploits. The bad news is that cybercriminals and nation states are getting better at scanning for systems which may be vulnerable in this way.
Better digital attack surface management starts with the right tooling. Solutions such as Trend Micro Cloud One enable and automates platform-agnostic cloud security administration and cloud threat detection and response, which can help security teams improve the efficiency of threat investigation and response, as well as reduce the risk of a security breach.
Empowering employees with resources and tools to ensure cloud operational excellence
Many enterprises are already well on their way in the world of cloud, with more and more security teams using cloud infrastructure services and developing cloud-native applications. However, this can often be a steep learning curve for cloud architects and developers – leaving gaps in protection, compliance, and visibility.
To improve the situation, organizations need to provide resources to employees to ensure that the cloud service configurations adhere to industry best practices and compliance standards. One such way is to use tools that automatically scan cloud services against best practices, relieving teams from having to manually check for misconfigurations.
Adopt a Shared Responsibility Model
Clouds aren’t secure or insecure, they’re as secure as you make them. Instead of “who is more secure – AWS, Azure, or Google Cloud?” ask “what have I done to make all of my clouds as secure as I need them?”
Security in the cloud works using the Shared Responsibility Model – which dictates who is responsible for any operational task in the cloud and security is simply a subset of those tasks. Security self-service for the cloud is fully here in all its forms, and understanding this model is critical to success in the cloud.
While increased cloud adoption allows organizations to be more agile, scalable, and cost-efficient, the benefits of using cloud services and technologies are no longer just reaped by legitimate companies, but also cybercriminals who keep up with the trend. As criminals accelerate attacks and expand their capabilities, businesses must adopt a solid cybersecurity strategy to stay a step ahead.
Cybersecurity has come leaps and bounds since we first started exploring the internet. Technology and the knowledge surrounding it have also progressed significantly. With that, so too has our understanding of the need to secure and protect our connections.
Cisco has recently issued an advisory to customers to upgrade their routers. The advisory comes in light of a vulnerability which allows a remote attacker to execute arbitrary code in a series of routers. This would cause a Denial of Service condition which would prevent access to the internet and connected servers.
Source: Cisco
The vulnerability affects relatively dated business routers – specifically, the Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers. Malicious actors are able to access root privileges through the web management interface of the routers. While Cisco is aware of the exploit, it seems like the company has no plans to patch the vulnerability in these dated devices. Of course, the company has announced the end-of-life status in an advisory released back in 2019.
The only silver lining for those planning to continue using the aforementioned routers is that the vulnerability can only be exploited if the web management interface is enabled. This can be determined by checking the status within the settings of the router. That said, it is definitely advisable to update to a more current router for better coverage and connectivity if not anything else.
While many aspects of edge computing are not new, the overall picture continues to evolve quickly. For example, “edge computing” encompasses the distributed retail store branch systems that have been around for decades. The term has also swallowed all manner of local factory floor and telecommunications provider computing systems, albeit in a more connected and less proprietary fashion than was the historical norm.
However, even if we see echoes of older architectures in certain edge computing deployments, we also see developing edge trends that are genuinely new or at least quite different from what existed previously. These trends are helping IT and business leaders solve problems in industries ranging from telco to automotive, for example, as both sensor data and machine learning data proliferates.
Edge computing trends that should be on your radar
Here, edge experts explore six trends that IT and business leaders should focus on in 2022:
1. Edge workloads get fatter
One big change we are seeing is that there is more computing and more storage out on the edge. Decentralized systems have often existed more to reduce reliance on network links than to perform tasks that could not practically be done in a central location assuming reasonably reliable communications. But, that is changing.
IoT has always involved at least collecting data almost by definition. However, what could be a trickle has now turned into a flood as the data required for machine learning (ML) applications flows in from a multitude of sensors. But, even if training models are often developed in a centralized data centre, the ongoing application of those models is usually pushed out to the edge of the network. This limits network bandwidth requirements and allows for rapid local action, such as shutting down a machine in response to anomalous sensor readings. The goal is to deliver insights and take action at the moment they’re needed.
2. RISC-V gains ground
Of course, workloads that are both data- and compute-intensive need hardware on which to run. The specifics vary depending upon the application and the tradeoffs required between performance, power, cost, and so forth. Traditionally the choice has usually come down to either something custom, ARM, or x86. None are fully open, although ARM and x86 have developed a large ecosystem of supporting hardware and software over time, largely driven by the lead processor component designers.
But RISC-V is a new and intriguing open hardware-based instruction set architecture.
Why intriguing? Here’s how Red Hat Global Emerging Technology Evangelist Yan Fisher puts it: “The unique aspect of RISC-V is that its design process and the specification are truly open. The design reflects the community’s decisions based on collective experience and research.”
This open approach, and an active ecosystem to go along with it, is already helping to drive RISC-V design wins across a broad range of industries. Calista Redmond, CEO of RISC-V International, observes that: “With the shift to edge computing, we are seeing a massive investment in RISC-V across the ecosystem, from multinational companies like Alibaba, Andes Technology, and NXP to startups like SiFive, Esperanto Technologies, and GreenWaves Technologies designing innovative edge-AI RISC-V solutions.”
3. Virtual Radio Access Networks (vRAN) become an increasingly important edge use case
A radio access network is responsible for enabling and connecting devices such as smartphones or internet of things (IoT) devices to a mobile network. As part of 5G deployments, carriers are shifting to a more flexible vRAN approach whereby the high-level logical RAN components are disaggregated by decoupling hardware and software, as well as using cloud technology for automated deployment and scaling and workload placement.
Hanen Garcia, Red Hat Telco Solutions Manager, and Ishu Verma, Red Hat Emerging Technology Evangelist, note that “One study indicates deployment of virtual RAN (vRAN)/Open RAN (oRAN) solutions realize network TCO savings of up to 44% compared to traditional distributed/centralized RAN configurations.” They add that: “Through this modernization, communications service providers (CSPs) can simplify network operations and improve flexibility, availability, and efficiency—all while serving an increasing number of use cases. Cloud-native and container-based RAN solutions provide lower costs, improved ease of upgrades and modifications, ability to scale horizontally, and with less vendor lock-in than proprietary or VM-based solutions.”
4. Scale drives operational approaches
Many aspects of an edge-computing architecture can be different from one that’s implemented solely within the walls of a data centre. Devices and computers may have weak physical security and no IT staff on-site. Network connectivity may be unreliable. Good bandwidth and low latencies aren’t a given. But many of the most pressing challenges relate to scale; there may be thousands (or more) network endpoints.
Kris Murphy, Senior Principal Software Engineer at Red Hat, identifies four primary steps you must take in order to deal with scale: “Standardize ruthlessly, minimize operational ‘surface area,’ pull whenever possible over push, and automate the small things.”
For example, she recommends doing transactional, which is to say atomic, updates so that a system can’t end up only partially updated and therefore in an ill-defined state. When updating, she also argues that it’s a good practice for endpoints to pull updates because “egress connectivity is more likely available.” One should also take care to limit peak loads by not doing all updates at the same time.
5. Edge computing needs attestation
With resources at the edge tight, capabilities that require little to no local resources are the pragmatic options to consider. Furthermore, any approach needs to be highly scalable or otherwise, the uses and benefits become extremely limited. One option that stands out is the Keylime project. “Technologies like Keylime, which can verify that computing devices boot up and remain in a trusted state of operation at scale should be considered for broad deployment, especially for resource-constrained environments” as described by Ben Fischer, Red Hat Emerging Technology Evangelist.
Keylime provides remote boot and runtime attestation using Integrity Measurement Architecture (IMA) and leverages Trusted Platform Modules (TPMs) which are common to most laptop, desktop, and server motherboards. If no hardware TPM is available, a virtual, or vTPM, can be loaded to provide the requisite TPM functionality. Boot and runtime attestation is a means to verify that the edge device boots to a known trusted state and maintains that state while running. In other words, if something unexpected happens, such as a rogue process, the expected state would change, which would be reflected in the measurement and would take the edge device offline, because it entered an untrusted state. This device could be investigated and remediated and put back into service again in a trusted state.
6. Confidential Computing becomes more important at the edge
Security at the edge requires broad preparation. Availability of resources, such as network connectivity, electricity, staff, equipment, and functionality vary widely but are far less than what would be available in a data centre. These limited resources limit the capabilities for ensuring availability and security. Besides encrypting local storage and connections to more centralized systems, confidential computing offers the ability to encrypt data while it is in use by the edge computing device.
This protects both the data being processed and the software processing the data from being captured or manipulated. Fischer argues that “confidential computing on edge computing devices will become a foundational security technology for computing at the edge, due to the limited edge resources.”
According to the Confidential Computing Consortium’s (CCC) report by the Everest group, Confidential Computing – The Next Frontier in Data Security, “Confidential computing in a distributed edge network can also help realize new efficiencies without affecting data or IP privacy by building a secure foundation to scale analytics at the edge without compromising data security.” Additionally, confidential computing “ensures only authorized commands and code are executed by edge and IoT devices. Use of confidential computing at the IoT and edge devices and back end helps control critical infrastructure by preventing tampering with code of data being communicated across interfaces.“
Confidential computing applications at the edge range from autonomous vehicles to collecting sensitive information.
Diverse applications across industries
The diversity of these edge computing trends reflects both the diversity and scale of edge workloads. There are some common threads – multiple physical footprints, the use of cloud-native and container technologies, an increasing use of machine learning. However, telco applications often have little in common with industrial IoT use cases, which in turn differ from those in the automotive industry. But whatever industry you look at, you’ll find interesting things happening at the edge in 2022.
Unprecedented – that seems to be the word of the decade. In the past five years alone, we’ve seen so many things change; big tech players have faded into the ether, the world has gone through a global pandemic and now, we’re dealing with an increase in data breaches and leaks that could affect all of us. Most recently the world saw Facebook and its services go offline and the massive Twitch.tv breach. While Facebook has said that the issue is simply an error in their network settings, we cannot deny that their credibility has been called into question in recent weeks.
One thing that worries us is the scale and the size of the companies being targeted by attackers now. We can’t deny the size of Facebook; in fact, we interact with one or more of its platforms or products on daily basis. However, when it comes to Twitch.tv, not many are aware that the platform is actually an Amazon property. Yep – you read that right – Amazon.
These companies are large players that we depend on for everything from shopping to keeping in contact with loved ones. As a matter of fact, Amazon powers a significant portion of the internet with its web services AWS.
Noticing this, we were wondering – How can we, as consumers and regular Janes and Joes, prepare and protect ourselves from data breaches?
Attackers & Malicious Actors Are Becoming More Brazen
It comes as no surprise that attackers and malicious actors are becoming more brazen with their attacks and demands. In the case of Twitch’s breach, a slew of hate-related events plaguing the platform spurred it. It was a retaliation against what the individual(s) saw as a lack of action on the platform’s part.
Managing Director at Trend Micro Malaysia, Goh Chee Hoh, notes that “The primary motive for the hacker is not to reveal user information or monetary, but to disrupt and encourage competition in the online video streaming space, where the earnings exposure of the top streamers on the platform becomes part of the collateral damage.”
It would seem like we are more at risk of becoming collateral damage as malicious actors continue to target larger corporations. In Twitch’s breach, vigilante justice saw the earnings of the platform’s top streamers became collateral damage. Mr Goh also highlights this in his statement, “It sounds like the perpetrator carried out the attack as a form of vigilantism, in their own perspective.”
So, how does this affect us? For one thing, we can expect even more daring attacks. Large companies like Google, Facebook and even Microsoft won’t be spared. There’s no denying that we interact with one, if not more, of these companies or their services on a daily basis. Some have more of our data than others. That’s where we’re at the most risk.
Companies Need to Learn from Twitch’s Breach
Before we can talk about how we can protect ourselves from breaches, we have to talk about how companies can better protect us, as their users. We already know that many of them have processes, protocols and software in place for protection but there’s always a chance that these measures aren’t enough. I mean, human error is something we can never plan for completely.
Checks and Balances are Key to Maintaining Cyber security
Candid Wuest, Vice President of Cyber Protection Research at Acronis, highlights this in his comment on the Twitch breach, “Companies should learn that they need to verify and monitor configuration changes. With IT infrastructure becoming more and more complex the risk of errors raises as well.” Mr Wuest’s statement does seem to apply to the recent Facebook outage as well.
However, his colleague, Topher Tebow, an analyst at Acronis, goes a step further and highlights the need for zero-trust environments in today’s climate. He advises that companies should have “proper monitoring in place to detect malicious activity on the network, including data being moved out of the network. Many companies assume that if an authorized user is moving data, that the behaviour is most likely acceptable, but if a user’s credentials were compromised or the account was hijacked in some other way, data flowing to an unusual source could allow a security team to detect and block an attack early on if proper monitoring is in place.”
Complement with Proper Cyber security Solutions
Of course, even with these measures, companies need to have a proper defence firewall. Mr Goh does advise that companies should “adopt a multi-layered defence approach, by having security controls at various entry points of the system, from emails, laptops, to servers and networks.” In the case of the Twitch breach, an added layer that integrates with their native cloud services would have provided an extra layer for malicious actors to deal with which could have prevented the breach.
There really isn’t an excuse in this day and age for companies not to have these measures in place. Cyber security firms like Trend Micro and Acronis have been talking about a multilayered approach for years. It is even more crucial that companies take these measures as they embrace the cloud and work from anywhere. What’s more, digital-native companies should be the front line when it comes to the adoption of these measures.
What Can We do if Our Data is Compromised in a Breach?
The biggest pain point for us as consumers comes after the fact – when data breaches have already occurred. To be honest, we don’t really have control of what happens in the aftermath of a data breach. But, we can ensure that we minimise the potential damage that can occur in the wake of a breach.
Our First line of Defense: Change Them Passwords
In any data breach, the first thing we should do as users is to update our passwords. There are multiple ways to ensure you have a strong enough password to protect yourself. The first is to make sure you have a mix of characters, symbols and numbers. Doing this will make it harder for your password to be cracked.
On top of that, it goes without saying that longer passwords will take longer to crack. However, keep in mind that passwords that are too long have diminishing returns when it comes to remembering them. Another thing to remember is that dictionary words even with symbols replacing alphabets are less secure. While it is easy to remember, we’re in a world where AI has made it possible to understand and decode these even faster than ever.
In addition, keep in mind that the more you use the same password, the less secure it is. In fact, you become more at risk in a data breach. Therefore, use multiple different passwords; preferably a unique one for each service you use. It goes without saying, don’t use your banking passwords for anything else.
Two-Factor Authentication is Your Friend
As we’re moving on in a digital world, more and more of our services are using two-factor authentication. These measures, while cumbersome, will ensure that access to your accounts is more secure. This is implemented in multiple ways across different platforms using email, SMS or an app.
Using two-factor authentication adds an additional layer to access your account. In most cases, it will notify you when your account is being accessed. This will allow you to react immediately. Many of these two-factor authentication steps allow you to immediately lock down your account and change your password.
Be Vigilant
We will need to be vigilant in the wake of a data breach even if we are not directly affected by it. Acronis’ Candid Wuest reminds us that “data stolen in data breaches is often reused in personalized phishing emails”. With this in mind, keep an eye out for fishy emails or even Nigerian princes. Sometimes information from breaches can allow malicious actors to socially engineer phishing attacks that can mimic emails that you will find urgent or pertinent.
If you had banking or payment information linked to a breached account, you may have to monitor your bills more closely. Your other option is to cancel or change the card in question to make sure that you are able to minimise damage.
It’s a Question of When Not If
The biggest lesson all of us, consumers and companies alike, can take away from the recent breach of Twitch is this; it’s no longer a question of if we will be breached but when we will. It’s an inevitable fact as we progress into a more digital world. As more of our information is placed in the cloud and with corporations, they are increasingly made available to malicious actors if not protected effectively.
The fallout from a data breach is not pretty. More so now when countries have legislation that protects the general public from their data being abused. For companies, the fallout can affect their bottom line as customers look for more secure options. In addition, with GDPR and similar legislation, they could be facing fines for not effectively protecting the collected data.
For regular users like you and me, we have the added headache of trying to make sure we minimise our exposure. Everything from changing our passwords to activating two-factor authentication to even calling the bank to cancel cards; are added inconveniences that could affect our choice in services moving forwards.
Big tech and data breaches are becoming inseparable. We’ve been getting news of breach after breach since early this year. Nearly every tech space from Facebook to Neopets has been breached in the recent past. The latest platform added to that list is the popular streaming platform – Twitch.
Twitch’s data breach could be one of the largest to date. A whopping 125GB of data was uploaded to a (now removed) thread on 4Chan by an anonymous user. The data contained within the files date back to the early beginnings of Twitch. Everything from the platforms source code to their most recent Git commits has been uploaded. Together with this, payout information to the platform’s largest creators since 2019 have also been uploaded.
In addition to this data, the leak also contains data on Twitch’s network backbone which runs on AWS. It apparently contains some proprietary SDKs (Software Development Kits) and also information on “Every other property that Twitch owns” including IGDB and CurseForge. It seems like an unannounced competitor to Steam called Vapor for Amazon Game Studios is also contained within the files. Basically, it seems like everything and anything related to Twitch is within the 125GB.
Some users who have been looking through the data have also found that encrypted passwords and user information. So, it goes without saying that you should change your Twitch password if you have an account and activate two-factor authentication. You can do this in the privacy settings on Twitch itself.
Source: Ars Technica
The leaker made their motives crystal clear in their post. Noting, “Their community is also a disgusting toxic cesspool, so to foster more disruption and competition in the online video streaming space, we have completely pwned them.” The hackers also ended the post with #DoBetterTwitch. More worryingly, the 125GB of data was labelled as “part one” which indicates there could be more incoming.
It’s probably apt to mention that the leak comes in the wake of the #ADayOffTwitch protest by creators who are trying to get the platform to take hate raids more seriously. The platform has been plagued by users who have used the Raid and tags features to actively harass others. While Twitch has been trying to be proactive, the most it has done is provide streamers with tools to try to control raids and even sue perpetrators.
The breach has since been confirmed by Twitch itself on Twitter.
We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.
A cybersecurity firm, Acronis, has chimed in calling the breach “one of the most severe data breaches of late”. In fact, they say that there is, “a lot more damage now in store for Twitch”. Candid Wuest, Vice President of Cybersecurity Research at Acronis, also noted that “While [it is] yet unclear how the breach happened, it’s already harming Twitch on all the fronts that count – revenue, operations, users, influencers, market positioning.” He also noted that Twitch could be at greater risk as the availability of the source code will make it easier for malicious actors to attack the site. More importantly, the company is advising that users be wary and change their passwords as well as activate two-factor authentication on their accounts.
Candid Wuest, Vice President of Cybersecurity Research, Acronis
“Leaked data could contain nearly the full digital footprint of Twitch, making it one of the most severe data breaches of late. The 125 GB of data leaked so far might just be the start, according to the comments of the attacker. Internal network plans and marketing plans for future products could now be misused by attackers or sold to competitors. If the source code is exposed, we will see a spike in vulnerabilities discovered in related software. Having access to the source code makes it easy to find weak spots.“
Candid Wuest, Vice President of Cybersecurity Research, Acronis
