Singapore Wants to Register Hackers in New Law

Singapore is one of the most advanced and important countries for information security. However, a likely new local law is dividing opinions: any ethical hacker who wants to operate in the country will have to take a license.

Ethical hacking is the term used for the individual who modifies the internal aspects of devices, programs and computer networks for the “common good” without taking any kind of advantage.

The law is not yet implemented, however, if any hacker is caught – or if any individual wants to help some company via penetration tests, for example – acting without the license, will have to pay $114 Thousand and face up to two years in prison.

As noted by <a href="https://qz.com/1026300/singapores-government-wants-to-license-hackers/&quot; target=

Singapore is one of the most advanced and important countries for information security. However, a likely new local law is dividing opinions: any ethical hacker who wants to operate in the country will have to take a license.

Ethical hacking is the term used for the individual who modifies the internal aspects of devices, programs and computer networks for the “common good” without taking any kind of advantage.

The law is not yet implemented, however, if any hacker is caught – or if any individual wants to help some company via penetration tests, for example – acting without the license, will have to pay $114 Thousand and face up to two years in prison.

As noted by Joon Ian Wong of Quartz, the law is likely to be sanctioned. This is because it “is in line with the reputation of extreme order” present in Singapore – Wong lived in the country for a while.

The other side

The law is a real danger even for the local telecommunications market. Usually, teens and youngsters start hacking out of curiosity. They track videos on YouTube, read forum tutorials, chat online, and virtually conduct their studies on the internet. Most of them test the tools as a way of learning. With the law, they can be arrested.

In addition to the arrest of young hackers entering the world, the law preventing young people from testing tools ultimately inhibits their willingness to act in this segment. With that, many young people who wish to work professionally in the areas of technology and telecommunications will be discouraged.

Going further: the law could lead to better hackers. More applications and tools that hide IPs and identities can be developed. If the license is paid, ethical hackers without pocket money will start working off the government radar – and there are VPNs, Tors, encryption and various technologies to shut down the authorities.

Get Access to the World’s Largest Collection of Cybercrimes

Cybercrime is a problem that has become increasingly dangerous and evolved. With that in mind, the UN has developed the Cybercrime Repository as a way to strengthen international cooperation in the fight against cybercrime.

Currently, the repository is the only tool worldwide available to file laws, cases and cybercrime practices in a database available for research. The information is divided into topics such as global cybernetic investigations, solicitation of stored traffic data, as well as incidents and real-time traffic collections.

According to Loide Lungamenti, head of the United Nations Office on Drugs and Crime (UNODC), the repository facilitates international cooperation by helping authorities to identify applicable crime laws elsewhere.

Lungamenti also claims that more than 80% of cybercrimes work as a form of organized activity, such as creating malware that requires cash val

Cybercrime is a problem that has become increasingly dangerous and evolved. With that in mind, the UN has developed the Cybercrime Repository as a way to strengthen international cooperation in the fight against cybercrime.

Currently, the repository is the only tool worldwide available to file laws, cases and cybercrime practices in a database available for research. The information is divided into topics such as global cybernetic investigations, solicitation of stored traffic data, as well as incidents and real-time traffic collections.

According to Loide Lungamenti, head of the United Nations Office on Drugs and Crime (UNODC), the repository facilitates international cooperation by helping authorities to identify applicable crime laws elsewhere.

Lungamenti also claims that more than 80% of cybercrimes work as a form of organized activity, such as creating malware that requires cash value for the retrieval of personal information. And the danger is not only in computers and mobile devices but also in IoT (Internet of Things) devices, so all care and prevention are not enough.

Guiding the authorities correctly, the repository will allow the identification of future crimes based on those that have already occurred. Thus, it will be easier to know how to act and the right decisions to make when it comes to being prevented.

The Repository can be accessed here.

Cybercrime Will Cost Businesses Nearly $8 Trillion Over Next 5 Years

Jupiter research firm has published a report highlighting the financial impact that cybercrime can have on businesses. In this report, the researcher estimates that computer attacks (piracy, theft of personal data, etc.) will cost businesses around the world close to $8 trillion over the next five years.

The report indicates that this threshold will be reached very quickly because of the significant progress of Internet connectivity which has come to a very high-level today. There is also a lack of security in the companies.

The findings of the study contained in the report “The Future of Cybercrime & Security: Enterprise Threats & Mitigation 2017-2022,” also indicates that the number of stolen and personal data files could reach

Jupiter research firm has published a report highlighting the financial impact that cybercrime can have on businesses. In this report, the researcher estimates that computer attacks (piracy, theft of personal data, etc.) will cost businesses around the world close to $8 trillion over the next five years.

The report indicates that this threshold will be reached very quickly because of the significant progress of Internet connectivity which has come to a very high-level today. There is also a lack of security in the companies.

The findings of the study contained in the report “The Future of Cybercrime & Security: Enterprise Threats & Mitigation 2017-2022,” also indicates that the number of stolen and personal data files could reach 2.8 billion in 2017 alone. According to Jupiter research firm, this figure could reach five billion By the year 2020, almost double what is expected in 2017.

The report’s analysis shows that very often, most major problems occur when organizations try to integrate new innovations, without paying particular attention to safety aspects. That said, it is clear that many companies seek to solve the problem of cybersecurity, by deploying new and innovative solutions. However, according to the report, these attempts failed to produce satisfactory results.

Jupiter’s analysis also highlights the need for businesses to spend more money on cybersecurity (maintenance of their systems, etc.). However, it seems that SMEs (small and medium-sized enterprises) are particularly at risk from cyber attacks, especially since they spend less than $ 4,000 per year on security measures.

Jupiter is not expecting a substantial increase in this amount over the next five years. These SMEs also tend to run old software that ransomware to the like WannaCry operates to commit their packages.

Attacks on hospital infrastructure show that inadequate security policies can now cost both lives and money. The report adds that companies of all sizes need to find the time and budget to improve and secure their systems against cybercrime.

Artificial Intelligence: Friend or Enemy of Cybersecurity?

Security strategies must undergo a radical revolution. Tomorrow’s security devices will need to see and operate internally among them to recognize changes in the interconnected environments and thus automatically be able to anticipate risks, update and enforce policies.

Devices must have the ability to monitor and share critical information and synchronize their responses to detect threats.

Sounds very futuristic? Not really. A new technology that has recently grabbed attention lays the foundation for such an automation approach. This has been called Intent-Based Network Security (IBNS).

This technology provides extended visibility across the entire distributed network and enables integrated security solutions to automatically adapt to changes in network configurations a

Security strategies must undergo a radical revolution. Tomorrow’s security devices will need to see and operate internally among them to recognize changes in the interconnected environments and thus automatically be able to anticipate risks, update and enforce policies.

Devices must have the ability to monitor and share critical information and synchronize their responses to detect threats.

Sounds very futuristic? Not really. A new technology that has recently grabbed attention lays the foundation for such an automation approach. This has been called Intent-Based Network Security (IBNS).

This technology provides extended visibility across the entire distributed network and enables integrated security solutions to automatically adapt to changes in network configurations and change needs with a synchronized response against threats.

These solutions can also dynamically divide network segments, isolate affected devices, and get rid of malware. Similarly, new security measures and countermeasures can be automatically upgraded as new devices, services, and workloads are moved or deployed to and from anywhere in the network and from devices to the cloud.

The tightly integrated automated security allows for a general response against threats far greater than the total of all individual security solutions that protect the network.

Artificial intelligence and machine learning have become significant allies for cybersecurity. Mechanical learning will be reinforced by devices packed with information from the Internet of Things and by predictive applications that help to safeguard the network. But securing those “things” and information, which are ready targets or entry points for cybercriminals, is a challenge in itself.

The quality of intelligence

One of the greatest challenges of using artificial intelligence and machine learning lies in the caliber of intelligence. Today, Intelligence against cyber threats is highly prone to false positives due to the volatile nature of IoT.

Threats can change in a matter of seconds; one device can be flushed out, infect the next and then re-emptied back into a full low latency cycle.

Improving the quality of intelligence against threats is extremely important as IT teams increasingly transfer control to artificial intelligence to perform work that they otherwise should do. This is an exercise in trust, and this is a unique challenge.

As an industry, we can not transfer total control to an automated device, but we need to balance operational control with essential execution that can be performed by the staff. These work relationships will really make artificial intelligence and machine learning applications for cyber defense really effective.

Because there is still a shortage of talent in cybersecurity, products and services must be developed with greater automation in order to correlate intelligence against threats and thus, determine the level of risk to synchronize a coordinated response automatically.

By the time managers try to tackle a problem on their own, it is too late, even causing a major problem or generating more work. This can be handled automatically, using a direct exchange of intelligence between detection and prevention products or with assisted mitigation, which is a combination of people and technology working together.

Automation also allows security teams to allocate more time to the business goals of the company, rather than spending time in the routine administration of cybersecurity.

In the future, artificial intelligence in cybersecurity will constantly adapt to the growth of the attack surface. Today, we are barely connecting points, sharing information and applying that information to systems.

People are making these complex decisions, which require a correlation of intelligence from humans. It is expected that in the coming years, a mature artificial intelligence system may be able to make complex decisions for itself.

What is not feasible is total automation; That is, transfer 100% of the control to the machines so that they make the decisions all the time. People and machines must work together.

The next generation of “conscious” malware will use artificial intelligence to behave like a human, perform reconnaissance activities, identify targets, choose attack methods, and intelligently evade detection systems.

Just as organizations can use artificial intelligence to improve their security posture, cybercriminals can also start using it to develop smarter malware.

It guided by offensive intelligence set and analysis such as the types of devices deployed in the segment of a network, traffic flow, applications being used, transaction details or the time of day in which they occur.

The longer a threat remains within the network, the greater the ability to operate independently, to blend into the environment, to select tools based on the target platform, and eventually to take countermeasures based on the security tools found in the place.

This is precisely the reason why an approach is needed where security solutions for networks, accesses, devices, applications, data centers and cloud work together as an integrated and collaborative system.

Learn 7 Lessons About WannaCry

In last few days, a new cybercrime gained prominence, WannaCry. It is a type of malicious code classified as ransomware, of those who “hijack” data from computers to demand money in return for giving back access to its owner.

Once the machine is infected, the virus encrypts the files and displays a screen in which it demands a payment of the ransom, usually in electronic money (bitcoins). Bitcoins, like cash, leaves no trace when it moves and allows circular values among criminals.

The most interesting thing about WannaCry is that it explores a vulnerability of the Windows operating system, known for at least two months. The vulnerability allows remote code execution through a vulnerability in the Service Message Block (SMB) service.

What does the episode leave us?

1. Growth of cyber threats

Threats grow in terms of magnitude and aggressiveness. With increasing connectivity, each

In last few days, a new cybercrime gained prominence, WannaCry. It is a type of malicious code classified as ransomware, of those who “hijack” data from computers to demand money in return for giving back access to its owner.

Once the machine is infected, the virus encrypts the files and displays a screen in which it demands a payment of the ransom, usually in electronic money (bitcoins). Bitcoins, like cash, leaves no trace when it moves and allows circular values among criminals.

The most interesting thing about WannaCry is that it explores a vulnerability of the Windows operating system, known for at least two months. The vulnerability allows remote code execution through a vulnerability in the Service Message Block (SMB) service.

What does the episode leave us?

1. Growth of cyber threats

Threats grow in terms of magnitude and aggressiveness. With increasing connectivity, each new threat has the potential to infect more computers.

2. Cyber crime is growing

This new threat also reminds us that cyber crime is increasing, as threats increasingly have a financial motivation. They become more dangerous because the criminal organizations that run them have more and more resources to develop sophisticated “weapons” and act globally with them.

3. Real impact on business

During the last few days have seen news of companies that were contaminated and had to pay for the rescue of their data, and others decided to disconnect their equipment. In both cases, the impact in terms of cost (either by the payment of the ransom or by the loss of productivity) is evident.

4. Prevention is fundamental and starts with small things

The vulnerability is known about two months ago when Microsoft published a bulletin recommending the update of Windows systems to correct it. A Patch Management job, complemented by Vulnerability Management, would have avoided that headache.

5. Microsegment the network

The use of tools for micro-segmentation reduces the damage. By isolating systems by microsegments, the lateral movement performed by the malware is contained, and it does not contaminate a large number of networked computers.

Opting for software micro-segmentation, focusing initially on more critical systems will allow rapid adoption, with no impact on the network architecture. In the medium and long term, this technique will increase security and simplify the network by reducing the complexity of internal firewalls and segmentation via VLANs.

6. Monitoring Malware Behavior

New threats will emerge at all times, which will be unknown to traditional security tools that work with known malware signatures and standards.

The use of event correction tools is a necessary control, but it is not enough. Preparing for new malware requires a smarter SOC that identifies anomalous behaviors even when a new attack with unknown signature is present.

In the case of WannaCry, communication through the SMB gate, the behavior of moving laterally within the network, and the address of its “master” it tries to contact, are typical signs that something strange is happening and will allow a Smart SOC detect the new threat in time.

7. Response to incidents

Once the new threat is detected, a rapid response is required. Automatic or manual responses could block suspicious traffic and remove contaminated equipment from the network.

The use of an Adaptive Security Architecture is recommended to respond dynamically, changing the architecture of subnetworks as the contaminations are identified. One example is to quarantine contaminated equipment and prevent it from polluting others.

Cybersecurity is Not Only Technology But Laws

Cybersecurity is a critical issue that must also be seen from the legal and regulatory arena. Cyber security, security, and integrity of people, their assets, countries, and information, are many angles that address cybersecurity, a term coined to identify these types of risks and limit the different strategies to protect assets.

Cybersecurity has always existed, the only difference being that in the past maybe 12 or 18 months we have had a dramatic increase in the number of attacks and in the number of penetration strategies for information theft or to change things.

Specifically, from the point of view of security infrastructure, cybersecurity should be thought of as a tactic, with a series of processes involving different types of actions, in particular, to be able to have information protection.

Based on the fact that you can not assure what is not possible to see, wh

Cybersecurity is a critical issue that must also be seen from the legal and regulatory arena. Cyber security, security, and integrity of people, their assets, countries, and information, are many angles that address cybersecurity, a term coined to identify these types of risks and limit the different strategies to protect assets.

Cybersecurity has always existed, the only difference being that in the past maybe 12 or 18 months we have had a dramatic increase in the number of attacks and in the number of penetration strategies for information theft or to change things.

Specifically, from the point of view of security infrastructure, cybersecurity should be thought of as a tactic, with a series of processes involving different types of actions, in particular, to be able to have information protection.

Based on the fact that you can not assure what is not possible to see, what we used to know as video surveillance, physical security in the streets, shopping malls, university campuses, today, all that is transferred to the computer world and that world can only be protected from a viewpoint of visibility of information and traffic data moving from one site to another.

Transparency in the handling of information, from the governments themselves, particularly from the point of view of the protection and safeguarding of mission-critical information, is a strategic operation for a country. An obvious example of this is the cybercrime attack on strategic facilities in Ukraine, where cybercriminals penetrated the GRID system of electricity, which had the country practically detained for almost two days.

These types of attacks will be much more recurring, and some countries can support this level of attacks. Unfortunately, current technology is on the side of attackers; it is not on the side of those who protect it.

China passed a cybersecurity law with effect from June 1, 2017. This controversial law will have both adverse and beneficial effects, depending on the position with which it is analyzed. This law significantly strengthens access and control of information in a country that is criticized for the level of intervention in virtually everything that involves the Internet and communications.

Its provisions apply specifically to what the law calls “Critical Information Infrastructure” (CII), which defines as key industries holding data that may pose a national security or public interest risk if they are damaged or lost. Companies in the energy, finance, transportation, telecommunications, medicine and health, electricity, water, gas and social security sectors have been identified as CII.

From the point of view of cybersecurity, everyone mistakenly acknowledges that the subject of cybersecurity is in the hands of experts and perhaps in the highest technical sense itself. Cybersecurity is a crucial issue that should be present in all users with a mobile device in their hands, taking care that the applications they have on their phones.

What countries are doing today is radically changing their cybersecurity agenda in an urgent manner and the reason is that no country in the world is 100% protected.

Cybersecurity risks have grown dramatically over the past 18 months. In many cases, they have exceeded any political agenda from the point of view of protection of information and the more connected the countries.

Europe and Asia are regions where they begin to have an entirely different and advanced technological and cybersecurity agenda. At the end of the day, what marks a real advance is the legislation from information technologies and from the point of view of data protection.

Cybersecurity becomes a set of strategies and actions that are not just a single technology or product but are processes, structures, legal decisions, laws that together must evolve continuously and quickly.