A growing number of North Korean IT workers are posing as remote freelancers from other countries in an effort to gain access to companies in Europe, raising concerns about potential espionage, data theft, and operational disruption.

According to Google’s Threat Intelligence Group (GTIG), these workers—who refer to themselves as “warriors”—are securing remote roles with foreign organisations to generate revenue for the Democratic People’s Republic of Korea (DPRK). The activity, previously concentrated in the United States, is now increasingly being observed in European countries such as Germany, the United Kingdom, and Portugal.

Since GTIG’s last report on DPRK IT worker activity, recent crackdowns in the US have made it more difficult for these individuals to secure and maintain employment there. According to a blog post by Jamie Collier, lead adviser for Europe at Google’s Threat Intelligence Group, GTIG has observed a rise in operations globally, with particular growth in Europe over the past few months. Countries targeted include Germany, the UK, and Portugal.

The workers often misrepresent their nationalities, claiming to be from countries such as Italy, Japan, Malaysia, Singapore, Ukraine, the United States, and Vietnam. They find jobs through freelance platforms like Upwork and Freelancer, as well as communication channels such as Telegram. Payments are typically made in cryptocurrency or through digital payment platforms including Wise and Payoneer.

Upwork provided a statement following publication, clarifying it did not receive the initial request for comment. The company said:

“Fraud prevention and compliance with US and international sanctions are critical priorities for Upwork. The tactics outlined in this report represent a challenge that affects the entire online work industry, and Upwork is at the forefront of combating these threats. Any attempt to use a false identity, misrepresent location, or take advantage of Upwork customers is a strict violation of our terms of use, and we take aggressive action to detect, block, and remove bad actors from our platform.

Upwork has long invested in industry-leading security and identity verification measures, deploying advanced technology alongside a dedicated team of global professionals across legal, investigations, intelligence, identity risk management, compliance, anti-money laundering, and machine learning detection. These experts work relentlessly to prevent fraudulent activity before it reaches our customers, and quickly respond to new methodologies and trends.

As fraud tactics evolve, Upwork continuously enhances its proactive screening for attempts to bypass geographic restrictions, monitoring for signs of misrepresentation both before and after contracts begin. Our sophisticated detection tools, paired with strong partnerships with law enforcement and regulatory bodies, enable us to take swift and decisive action when fraudulent behaviour is identified.

While no online platform is immune to fraud, Upwork is setting the standard for trust and safety in the industry. We will continue to invest in cutting-edge fraud prevention measures and vendor solutions, collaborate with industry stakeholders, and innovate to protect our customers and uphold the integrity of our marketplace.”

Freelancer, Telegram, Wise, and Payoneer did not respond to requests for comment.

GTIG reports that since October, there has been an uptick in cases where previously terminated workers attempt to extort their former employers by threatening to leak sensitive company information to competitors. Collier suggested that mounting pressure on these workers may be pushing them toward more aggressive tactics to maintain income.

One case in late 2024 involved a North Korean individual operating under at least 12 separate identities while applying to organisations in the defence and public sectors, reportedly using false references. In the UK, North Korean IT workers have been linked to work ranging from standard web development to more advanced projects in blockchain and artificial intelligence.

Google’s research points to risks associated with bring-your-own-device (BYOD) policies, where employees use personal devices to access internal systems. These setups often lack proper security oversight, making it more difficult to detect unauthorised access.

Authorities in the US and UK have issued multiple warnings about these activities. The FBI has advised firms to improve identity verification practices, while the US Treasury in January sanctioned two individuals and four entities accused of generating revenue for the North Korean government. Officials allege the regime withholds up to 90% of wages earned by these workers.

In a separate legal action, a US federal court in Missouri indicted 14 North Korean nationals in December for allegedly participating in an employment scheme that generated US$88 million over six years. Some of these individuals were reportedly employed by US firms for extended periods, earning hundreds of thousands of dollars without detection.

The UK’s Office of Financial Sanctions Implementation has also responded. In September, it recommended employers implement stricter identity checks, including video interviews, and advised against using cryptocurrency for payments.

Collier noted that North Korea has a long history of engaging in cyber operations to fund its regime. “A decade of diverse cyberattacks (encompassing SWIFT targeting, ransomware, cryptocurrency theft, and supply chain compromise), precedes North Korea’s latest surge,” he wrote.

“This relentless innovation demonstrates a longstanding commitment to fund the regime through cyber operations. Given DPRK IT workers’ operational success, North Korea will likely broaden its global reach. With APAC already impacted by these operations, this problem is set to escalate. These campaigns thrive on ignorance and will likely enjoy particular success in areas of APAC with less awareness of the threat.”

The post Google warns of North Korean freelancers targeting European firms appeared first on TechWire Asia.

The term enshittification was first coined by Corey Doctorow in 2022 in an essay on Amazon, and has spread to all corners of the internet as a term usually coming up in the context of conversations along the lines of ‘the internet isn’t what it used to be.’

Enshittification was explained at greater length a few months later by Doctorow. It means a three-phrase process that digital platforms go through over time, from initial launch to maturity.

Phase I: Platforms are developed and appeal to users, offering them something they want and find useful. Focus is on users.

Phase II: Platforms change so that they appeal to business customers. The experiences of their initial users deteriorate. Focus is on businesses.

Phase III: Business customers are forced to pay higher prices for a deteriorating service. Focus is on the platform’s profits and its shareholders.

Phase III usually takes place after the business users of a platform are committed financially to using it as part of their workflow. In some cases, companies have built their entire operating model on the platform, and so are utterly committed to it and would find it difficult to extract themselves. The initial users have either left for an alternative platform, or rarely use it.

As an example, the subject at the centre of the first attribution of the word, Amazon, began selling books, CDs, and DVDs online. It had an attractive delivery system in place to make the experience for users easy and cheap.

Since then, its online stores have long since lost any semblance of objectivity in its recommendations for users, preferring instead to present options from suppliers that offer Amazon the best deal to show highlight their goods, like paying for ‘sponsored’ positions in search results – an example of phase II. Users have reported difficulty in discerning what are clearly inferior products presented ahead of better articles in recommendations and searches. In either case, individual users’ needs are ignored in favour of business users (resellers and third-party vendors, in this case).

Some of Amazon’s policies moved early into the final stages of enshittification, phase III (abusing the business users of a platform). As far back as 2012, the company announced that items sold via affiliate links would pay less per sale, a trend that continues to this day. And despite damning evidence presented at national government level in the US [PDF] and elsewhere, independent retailers using Amazon claim its dominance even poses “a threat to [their] survival,” and only 11% of sellers describe their experiences using Amazon as successful [PDF].

The post ‘Ensh*ttification’ is Australia’s Word of the Year appeared first on TechWire Asia.

The Infosec Registered Assessors Programme (IRAP), an initiative set up by the Australian Signals Directorate (ASD) has evaluated the Qualys Cloud Platform, giving it a “Protected” level.

This is a significant achievement for Qualys, which describes itself as an “Enterprise Cyber Risk & Security Platform.” It demonstrates the company’s compliance with the Australian government’s highest and most stringent security standards for handling sensitive customer data.

Managing Director for Australia and New Zealand at Qualys, Sam Salehi, confirmed the significance of this newly-acquired protected status, stating how, “it’s a reflection of [Qualys’] ongoing investment in securing Australia’s public and critical infrastructure sectors. It demonstrates our capability to meet over 1,200 stringent security controls.”

Australian government agencies and commercial entities can now use Qualys more confidently, knowing that its security measures and protections meet high standards. That includes in critical infrastructure sectors, like energy, transportation, telecommunications, and healthcare, where safeguarding sensitive data is of critical importance.

Enterprises and organisations can now deploy Qualys’ solution seamlessly, according to Salehi, safeguarding “their most critical systems and better meet[ing] their compliance requirements.”

Organisations that are striving to adhere to the Australian Cybersecurity Centre’s Essential Eight mitigation strategies and the Australian Government’s Protective Security Policy Framework (PSPF) standards will especially benefit from Qualys Cloud Platform’s adherence with the strict standards. It promises to reduce the overall risk of certain vulnerabilities and support efforts to meet government mandates to protect critical infrastructure and sensitive data.

It has also been announced that Qualys’ Enterprise TruRisk Management has introduced a Risk Operations Centre (ROC) in an effort to integrate various security solutions, therefore improving prioritisation and actionable remediation solutions.

Qualys hopes to redefine cyber risk operations with its newfound protected status and freshly developed ROC, eliminating cyber risk via tailored remediation actions. The efforts are designed to enhance business outcomes by improving security posture, reducing vulnerabilities, and helping organisations respond more effectively to potential threats.

The post Qualys passes Aussie government’s tests appeared first on TechWire Asia.

Australian teenagers under 16 will be locked out of social media platforms under sweeping new laws announced by Prime Minister Anthony Albanese on November 7. The unprecedented ban, which could take effect late next year, marks any country’s most authoritarian stance to shield young people from social media’s influence.

If you think TikTok dances and Instagram stories are harmless teen pursuits, the Australian government disagrees. Its world-first package of measures goes beyond typical age restrictions, introducing biometric verification systems and government ID checks to enforce the ban. Unlike similar policies elsewhere, Australia’s approach offers no wiggle room—not even with parental permission.

While other countries have introduced various forms of social media regulation for young users, Australia’s vigorous enforcement mechanisms break new ground with its absolute stance: no parental consent exceptions, no ‘grandfather clauses’ for existing accounts, and the implementation of sophisticated age verification methods, including biometrics and government-approved.

“Social media is harming our kids, and I’m calling time on it,” Albanese told a news conference, according to Reuters. “If you’re a 14-year-old kid getting this stuff, at a time where you’re going through life’s changes and maturing, it can be a really difficult time, and what we’re doing is listening and then acting.”

The newly-unveiled comprehensive package of measures signals a significant shift from the current self-regulatory framework, which has primarily left social media platforms to set their own rules regarding young users. The age verification trial, a cornerstone of the new policy, marks uncharted territory in social media regulation. 

Australia is the only jurisdiction that has attempted to implement such stringent verification methods, making it a test case for whether such measures can effectively restrict youth access to social media platforms. Albanese said legislation will be introduced into the Australian parliament this year, and the laws will come into effect 12 months after being ratified by lawmakers.

“The onus will be on social media platforms to demonstrate they are taking reasonable steps to prevent access,” Albanese said. “The onus won’t be on parents or young people.” Inevitably, the success or failure of Australia’s approach could influence global policy decisions on digital youth protection.

The absence of a parental consent option is particularly noteworthy, as it removes what has traditionally been a common exception in digital age restrictions. This absolute approach suggests a fundamental shift in how governments view the role of parental discretion in children’s digital lives.

The proposed legislation will certainly raise several critical questions about implementation and enforcement. How will the biometric verification system work in practice? What measures will be in place to protect the privacy of young users during the verification process? How will the ban affect Australian teenagers relying on social media platforms for social connection and educational purposes?

From a privacy perspective, there would also eventually be concerns about the collection and storage of biometric data from young people. Nevertheless, social media platforms, which have historically resisted strict regulation, must adapt their operations significantly to comply with these new requirements in the Australian market. 

The technical challenges of implementing robust age verification systems and the complete ban on under-16 access present unprecedented operational challenges for these companies. As the legislation moves toward implementation in late 2025, it will likely spark intensive discussion about the future of social media regulation and youth digital rights globally.

The post Australia sets global precedent with strict teen social media ban appeared first on TechWire Asia.

For several years now, AI has disrupted the public’s ability to trust what it sees, hears, and reads. A noteworthy example is the Republican National Committee’s recent release of an AI-generated ad depicting an imagined nightmarish future in which President Joe Biden is re-elected. The advertisement included computer-generated visuals of devastated communities and border chaos.

In another instance, robocalls falsely claiming to be from Biden discouraged voters in New Hampshire from participating in the 2024 primary. Over the summer, the US Department of Justice shut down a Russian bot operation that used AI to impersonate Americans on social media. OpenAI also took action against an Iranian group using ChatGPT to create misleading social media content.

It is uncertain what direct harm AI can cause to people at present. However, many have expressed grave concerns that the technology facilitates the creation of convincing and misleading information. There have been numerous attempts to regulate AI, with little progress made in areas of major problems, like the technology’s possible influence on the approaching US election in 2024.

A slow-moving effort toward regulation

In an attempt to address the challenges posed by AI, the Biden administration introduced a blueprint for an AI Bill of Rights two years ago, aiming to address issues like algorithmic discrimination and abusive data practices. Following that, an executive order on AI was issued in 2023. US Senate Majority Leader Chuck Schumer also organised an AI summit that included high-profile figures like Bill Gates, Mark Zuckerberg, and Elon Musk. On an international level, the United Kingdom hosted an AI Safety Summit, resulting in the “Bletchley Declaration,” encouraging global collaboration on AI regulation. These findings indicate that the risks of AI-driven election interference have not gone unnoticed.

Despite these efforts, little has been done to explicitly address the use of artificial intelligence in US political campaigns. The two federal agencies with the authority to act, the Federal Communications Commission (FCC) and the Federal Election Commission (FEC), have taken very limited action thus far. For example, the FCC proposed requiring political advertisements on television and radio to disclose the use of AI. However, these regulations are unlikely to go into effect before the 2024 election, and the proposals have already stirred partisan disagreement.

Challenges in regulating AI in politics

The Federal Election Commission recently ruled that it cannot enact new laws to control AI-generated content in political advertisements; instead, it must enforce existing rules against all forms of fraudulent misrepresentation, whether or not AI is used. Advocacy groups, like Public Citizen, say that such a “wait-and-see” strategy is insufficient, since the potential disruption introduced into the election may be too pervasive to combat.

One reason for the absence of decisive action could be the complex legal system governing political speech. The First Amendment protects free speech in the United States and generally permits misleading statements in political ads. Despite this, a majority of Americans in recent polls have voiced a desire for tougher regulations on AI-generated content in elections, with many advocating for the removal of candidates who use AI to deceive voters.

The widespread use of AI creates a big challenge for regulators. The technology is not limited to creating fake news or political advertisements; it can be used in a variety of ways, each with its own level of monitoring. While airbrushing candidate images may appear harmless, creating deepfakes to harm an opponent’s reputation goes too far. The technology is already being used to create personalised campaign messaging, but where should the limits be set? And how do we handle AI-generated memes circulating on social media?

Despite the slow pace of legislative action, some US states have taken steps to regulate AI in elections. California, for example, was the first state to pass laws prohibiting the use of manipulated media in political campaigns, and more than 20 other states have followed suit with similar regulations.

The global context: AI’s impact on elections

Concerns about AI-generated disinformation in elections have surfaced globally. For example, in last year’s Slovakian election, deepfakes were used to defame a political leader, perhaps affecting the result in favour of his pro-Russia opponent. Similarly, in January, the Chinese government was accused of tampering with the Taiwanese election using AI-generated deepfakes. A deluge of dangerous AI-authored content emerged in the UK ahead of the July 4 election, including a deepfake of BBC reporter Sarah Campbell, that claimed that Prime Minister Rishi Sunak had approved a fraudulent investment platform. Meanwhile, during India’s general election, deepfakes of deceased leaders were used to influence votes.

In some circumstances, AI plays a more complex role in campaigns. In Indonesia, a former general running for president used an AI-generated cartoon to connect with younger people, raising questions about his involvement in the country’s military regime, although in that instance, there was no blatant deception. Despite being imprisoned, Pakistani opposition leader Imran Khan addressed his supporters via an AI-generated video, circumventing efforts to silence him. In Belarus, the official opposition used an AI-generated “candidate” – a chatbot posing as a 35-year-old Minsk resident – as part of efforts to engage voters at a time when the country’s opposition exists mainly in exile.

International efforts like the Bletchley Declaration are a good start, but much more work has to be done. Legislative proposals like the AI Transparency in Elections Act, the Honest Ads Act, and the Protect Elections From Deceptive AI Act show promise in the US, but their success is questionable owing to resistance from civil liberties organisations and the tech industry.

This regulatory uncertainty presents an opportunity for tech companies. In the absence of clear rules, platforms can continue to offer AI tools, ad space, and data to political campaigns subject to only minimal oversight. While some tech companies have made voluntary pledges to limit AI’s role in elections, safeguards are frequently easy to bypass and unlikely to provide a long-term solution.

What’s next? The need for comprehensive reform

As Greg Schneier and others have noted, the fragmented regulatory environment makes it difficult to effectively address AI’s impact on elections. US agencies often find themselves in jurisdictional battles over which organisation should take the lead. Meanwhile, the public is left to navigate an increasingly complex landscape in which artificial intelligence is utilised to both inform and mislead. To stay up with the rapid advancements in AI, stronger governance, transparency, and reforms are important.

The upcoming elections in the US present a pivotal moment for addressing the issue of using AI in political campaigns. With concerns about election disinformation growing globally, it is critical for governments and regulatory bodies to act decisively and, more importantly, quickly to ensure fair and transparent elections – both now and in the future.

The post AI’s growing influence: How election integrity is at risk worldwide appeared first on TechWire Asia.

So what does this departure from adland signal to the industry? And how should all those thousands of brands and enterprises affected prepare for the future? We spoke with key industry leaders to find out.

Growth by acquisition

In the early days, it was reported Oracle spent billions on entering the advertising game, acquiring nearly a dozen adtech companies over a decade. These included data firms DataLogix, bought in 2014 for US$1.2bn, and brand safety platform Moat, purchased in 2017 for a reported US$850m.

“Oracle acquired several ad tech companies (2014-2017) focusing on data supply, including Datalogix, Moat, BlueKai, Grapeshot, and Crosswise,” said Sam Bessey, Lead Solutions Consultant at Amperity. “Their strategy emphasised being a data platform rather than focusing on first-party data or inventory.”

Jonathan Reeve, Vice President APAC at Eagle Eye, agreed growing by acquisition rather than organically was one of the biggest challenges Oracle faced, especially given the fast-paced nature of the adtech landscape that needs frictionless systems and processes to function.

“We often see a cultural clash due to different work styles, communication methods, and company values which can create friction and ultimately lead to key team members [leaving the] the acquired business,” he explained.

“There is also the technical challenge of merging the technology and processes, with different systems, data formats, and workflows needing to be integrated to avoid operational disruptions for clients. As Oracle has found, this can be expensive, time-consuming, and require significant technical expertise which distracts from the core business.”

Lost through the shifting sands of adtech times

According to Juan Mendoza, CEO and Founder of The Martech Weekly, Oracle pulling back from the advertising industry is no surprise given the raft of acquisitions without completely adapting and shape-shifting to meet modern data privacy needs.

Mendoza is no stranger to the Oracle adtech saga. He’s an Australian entrepreneur based in Melbourne and worked for The Lumery, Conversionry and Fusion MusicTech before starting a marketing and technology newsletter The Martech Weekly (TMW).

“We’re not surprised by Oracle’s pull back from the advertising industry in the slightest,” he said. “The fracturing advertising landscape is creating opportunities for different types of adtech, such as Data Collaboration Platforms, to make a play for advertisers that are struggling through signal loss. Perhaps Oracle was burnt by the shifting sands of adtech too many times to consider repurposing any of its adtech acquisitions for the privacy-compliant world of today.”

Reeve agreed that the growing impact in martech of data privacy restrictions and regulatory hurdles hit Oracle hard. “These changes at Oracle reflect wider trends and we’re going to see many more significant changes over the next couple of years,” he said.

“Changes in data privacy regulations and user tracking limitations made it harder for Oracle to compete in the adtech market,” Reeve added. “Stricter regulations like the European Union’s General Data Protection Regulation (GDPR) further restricted Oracle’s adtech ambitions. We’re likely to see continued fallout from these changes, especially Google’s postponed phasing out of third-party cookies in its Chrome browser.”

How to prepare for the aftermath

So the list of changes goes on. Adapting to Apple’s IDFA changes, Meta’s third-party data access restrictions, privacy regulations (GDPR, APP, CCPA) and the shift towards Meta and Google for audience building are just the tip of the iceberg of shifts Oracle had to face, highlights Bessey. So what does Oracle shutting its ad business mean for local customers across APAC?

Sam Bessey said, “The impact on customers includes potentially reduced ability to connect, target, and measure using second and third-party signals, as well as an increased focus on first-party data assets.”

According to Bessey, companies recognise the importance of building robust first-party data assets in an increasingly privacy-focused landscape. In response to Oracle’s announcement, companies are adopting strategies that range between two main approaches:

• Replace Oracle tools with alternative DMPs and digital identity services. Those without a solid first-party data asset will have to choose this path.
• Explore new approaches: retail media networks, data clean rooms, and increasingly targeted direct onboarding to ‘walled garden’ platforms, as these are normally some of the strongest performing channels.
• Those without a solid first-party data asset can explore these rich opportunities.

“Ultimately, organisations with robust first-party data assets will have the most flexibility and adaptability in this evolving landscape,” Bessey concluded. “Shifting focus on a first-party data strategy can be achieved several initiatives such as retail media networks and data clean rooms.”

The post Experts weigh in on Oracle’s departure from adland appeared first on TechWire Asia.

The United States House of Representatives has taken a decisive step against the popular social media app TikTok, owned by Chinese company ByteDance, by passing a crucial bill. This legislation compels ByteDance to divest its U.S. operations within six months or face a nationwide ban.

Legislative moves against TikTok amid 2024 election concerns

The bill’s passage signifies a crucial moment in the ongoing discourse over balancing national security with free expression and innovation rights. It spotlights the intricate motivations behind the proposed ban, the political dynamics involved, and the extensive implications for U.S. tech policy and the landscape of global digital governance.

Central to the initiative to ban TikTok is the escalating concern among U.S. lawmakers regarding the app’s potential exploitation by the Chinese government. According to Director of National Intelligence Avril Haines, U.S. officials have raised alarms about TikTok’s management being “beholden to the Chinese government,” emphasizing concerns.

The U.S. Department of Justice amplifies these concerns with warnings about the risks posed by ByteDance’s Beijing headquarters to American users’ privacy and data security, in the context of China’s notoriety for surveillance and censorship.

Reuters has highlighted that the bill’s passage is a clear display of significant bipartisan agreement in an otherwise divided political environment, securing an overwhelming majority with 352 votes for and 65 against. Sponsored by Mike Gallagher, the Republican head of the House’s select committee on China, and Democrat Representative Raja Krishnamoorthi, the legislation has garnered extensive support across party lines, though it has faced some opposition.

Implementing the ban: Challenges and implications

Arizona Senate candidate, Alexandria Ocasio-Cortez highlighted, “There are serious antitrust and privacy questions here, and any national security concerns should be laid out to the public prior to a vote.” This situation underscores the complex interplay of technology, privacy, and national security in legislative processes.

Implementing such a ban presents practical hurdles. Questions linger about whether China would permit the sale of TikTok’s U.S. assets or if such a divestiture could realistically be achieved within the designated timeframe.

Furthermore, the ban would impose restrictions on app stores and web hosting services, potentially transforming the manner—or indeed, the possibility—of TikTok’s access by U.S. users. This strategy echoes actions taken by nations like India and Nepal, which have cited national security reasons for banning TikTok, and mirrors measures by the U.S. and its allies to restrict the app on government-owned devices.

The potential prohibition of TikTok bears significant political weight, especially with the 2024 election on the horizon. TikTok has become a critical platform for engaging younger voters, which has traditionally leaned towards the Democratic Party. The active use of TikTok by the Biden campaign illustrates the app’s pivotal role in connecting with this demographic.

Nonetheless, as House Republicans point out, this proposed ban could signify ‘the most substantial threat to the app since the Trump administration,’ potentially stripping the Democrats of a vital engagement tool.

Senate’s deliberation on TikTok: The road ahead in 2024 and beyond

As this bill heads to the Senate, its future is uncertain. Senate Majority Leader Chuck Schumer has indicated that the Senate will deliberate on the legislation, albeit without a definitive schedule. Senator Maria Cantwell, chair of the Senate Commerce Committee, has voiced a preference for “legislation that can withstand judicial scrutiny,” suggesting a thorough and cautious evaluation of the bill’s implications. This sentiment mirrors a broader aspiration among senators to address threats from foreign apps in a comprehensive manner, avoiding piecemeal legislative efforts.

The TikTok debate encapsulates the broader challenges facing digital platform regulation in an era marked by intense global technology competition and digital sovereignty concerns. TikTok CEO Shou Zi Chew’s engagements on Capitol Hill, where he cautioned that the bill “could lead to TikTok’s ban in the United States,” underscore the high stakes for the company and its millions of American users. Senator Ron Wyden’s remark that “history teaches us that haste in tech legislation often leads to errors” emphasizes the importance of deliberate and informed policy-making.

This legislative push against TikTok marks a pivotal point in the intersection of technology, politics, and national security. With bipartisan momentum to mitigate perceived threats from foreign-owned applications, the outcome of this endeavor will profoundly affect the future of digital communication, political mobilization, and international relations in the digital epoch. As the Senate contemplates its next steps, the broader discussion on balancing security concerns against the benefits of a globally interconnected digital ecosystem continues to evolve.

The looming decision on TikTok’s fate in the United States is a testament to the complex interplay between constitutional freedoms and cybersecurity imperatives. Senate Majority Leader Chuck Schumer’s cautious stance on advancing the bill, juxtaposed with President Biden’s readiness to sign it into law, highlights the nuanced deliberations that define the legislative process.

This scenario is reminiscent of previous attempts to regulate TikTok, including an executive order by former President Donald Trump that encountered legal obstacles. Public sentiment on TikTok remains divided, reflecting broader debates on privacy, security, and freedom of expression in the digital age.

In response to the legislative proceedings, TikTok has launched an extensive lobbying campaign, emphasizing the platform’s commitment to data security and its integral role in the lives of millions for personal and business purposes. This includes engaging its vast creator community, though this strategy has faced criticism. The potential hurdles for TikTok extend beyond legislative challenges, encompassing antitrust concerns and the complexities of divesting U.S. operations under the scrutiny of both U.S. and Chinese authorities.

The business community and investors are keenly observing these developments, considering ByteDance’s valuation and the broader implications for the digital market landscape. Should the bill become law, it would signify a pivotal shift in how social media platforms operate within the U.S., potentially redefining the digital space for American users and content creators alike.

The discourse surrounding TikTok’s proposed ban highlights the ongoing tensions between technological innovation and regulatory oversight and signals a potential shift in the digital competitive landscape. A ban could inadvertently benefit competitors like Meta’s Instagram Reels, illustrating the intricate dynamics in the global tech ecosystem. This scenario underlines the wide-ranging consequences of regulatory actions, shaping the future of digital interaction, political discourse, and international tech competition.

The global dimension of TikTok’s regulatory challenges

Beyond the United States, TikTok faces regulatory scrutiny worldwide, emphasizing the global dimension of its challenges.

Italy’s antitrust authority has imposed a fine of 10 million euros (US$10.94 million) on TikTok for not sufficiently monitoring content that could harm minors or vulnerable individuals. TikTok, a subsidiary of the Chinese corporation ByteDance, faces global regulatory scrutiny, alongside other social media platforms like Facebook and Instagram, to enhance protection for underage users.

The Italian watchdog criticized TikTok for not effectively preventing the distribution of dangerous content, such as videos promoting the ‘French scar’ challenge, and for failing to adhere to its safety assurances. Despite TikTok’s claim of limiting the visibility of such videos to users under 18, Italy’s AGCOM demanded their removal last month, criticizing TikTok for failing to effectively prevent the distribution of dangerous content and for not adhering to its own safety assurances.

In addition to Italy’s actions, TikTok is confronting challenges in the United States, where a proposed bill could ban the app unless ByteDance divests its U.S. operations within six months, reflecting ongoing national security concerns over Chinese technology.

Simultaneously, Canada is examining TikTok’s expansion proposal for national security implications, which might lead to mitigation requests or block the expansion. This scrutiny comes as Canada previously prohibited TikTok on government devices due to privacy and security risks, and its privacy commissioner is investigating the app’s data practices. Despite these challenges, TikTok has expressed its commitment to ensuring the safety and security of its platform for users in Canada.

As we move towards the 2024 election, the future of TikTok is becoming a hot topic amid legislative scrutiny and concerns over national security. With bipartisan worries about data privacy and security front and center, this legislation has kicked off a nuanced debate about the role of digital platforms in the U.S. As this conversation unfolds, it’s set to have significant implications for the digital competitive scene, political dialogue, and how Americans interact with social media as the election gets closer. It’s a complex issue that’s drawing a lot of attention, shaping up to be a key discussion point as we head into the next election cycle.

The post What’s happening with TikTok as 2024 progresses? Is a ban in the U.S. imminent? appeared first on TechWire Asia.

Spoilers: the LockBit ransomware group is back. Despite several law enforcement agencies coming together to disrupt the ransomware group’s operations, there are now reports that the cybercriminal gang is back in action.

According to a report by Reuters, the ransomware group claims to have restored its servers and be back in business. The cybercriminal gang initially had its services disrupted by a joint operation from international law enforcement agencies which included the FBI, Europol and the UK’s National Crime Agency.

The operation claimed to have taken over several key assets of the ransomware group, including sites and platforms they use to run their activities. Several members of the ransomware group were also arrested and indicted.

LockBit released a statement stating that law enforcement had hacked their dark web site using a vulnerability in the PHP programming language, which is widely used to build websites and online applications.

“All other servers with backup blogs that did not have PHP installed are unaffected and will continue to give out data stolen from the attacked companies,” said the statement, which was posted in English and Russian on a new version of Lockbit’s dark web site.

A spokesperson for Britain’s National Crime Agency, which led the international effort to seize Lockbit’s operations, told Reuters that the group “remains completely compromised.”

“We recognized LockBit would likely attempt to regroup and rebuild its systems. However, we have gathered a huge amount of intelligence about it and those associated with it, and our work to target and disrupt them continues,” the spokesperson said.

The Guardian reported that the US charged two Russian nationals with deploying LockBit ransomware against companies and groups around the world. Police in Poland also made an arrest, and in Ukraine, police arrested a father and son they said carried out attacks using LockBit’s malicious software.

The ransomware group also posted on its new site that it plans to attack US government sites more often. Its revamped website, launched on Saturday, showed a number of purported hacking victims.

Preparing for a LockBit ransomware group retaliation

Tech Wire Asia caught up with Christopher Budd, director for Sophos X-Ops on the latest updates. Budd shared his views on the recent takedown of LockBit’s site and the need for businesses to be even more prepared to deal with retaliation from the ransomware group.

“Following word that LockBit’s website may be back up and running, it’s important to note another risk that groups like LockBit pose. Even if a ‘take down’ is 100% effective at nabbing all the members of LockBit, its infrastructure and malware, it won’t stop the malware that’s already in the wild and now outside of that group’s control.

“New Sophos X-Ops threat intelligence on exploitation attacks of ScreenConnect vulnerabilities highlights this very real threat. Malware in these attacks was built using the LockBit 3 ransomware builder tool that was leaked in 2022, meaning the malware used in these attacks may not have originated with the actual LockBit developers. Because of that leak, there is malware out there being used in attacks that are outside of the control of the LockBit group.

“This underscores another, often overlooked way in which these criminal groups threaten everyone: their offensive capabilities become part of the broader threat environment, subject to no one’s control. You can be threatened and attacked by the malware developed by a group like LockBit without being threatened and attacked by the group directly,” commented Budd.

Sophos X-Ops has been tracking the evolution of LockBit over the past four and a half years. According to an analysis by the Sophos X-Ops Incident Response team, LockBit has been among the top 10 most reported ransomware infections since 2020; with the demise of Conti in early 2022, LockBit vaulted to the top of the charts. It ultimately accounted for one in five of all ransomware infections seen by Sophos’s IR in 2023 – comparable in ubiquity in that data to Conti at its peak.  

Meanwhile, Dean Houari, director of security technology and strategy at Akamai, pointed out that ransomware gangs are nimble and a variant of the LockBit gang could fill the void and soon take over with even more damaging tools.

“The most effective security strategy is to prevent attackers from accessing and encrypting the data on critical servers and have a backup in the event they are able to breach an environment. Now is the time for organizations to reassess the state of their security postures. A thorough understanding of attack surfaces, along with strong processes and playbooks to prevent and recover from ransomware attacks are essential,” said Houari.

Houari also explained that implementing a zero-trust architecture starting with software-defined micro-segmentation to prevent lateral movement post-breach is critical.

“Full network visibility to identify indicators of compromise (IoCs) will enable a more offensive posture against ransomware attacks and allow compliance with local cybersecurity regulations,” he added.

The post Is the LockBit ransomware group back? appeared first on TechWire Asia.

The LockBit cybercriminal group is one of the most notorious ransomware groups in the world. Known for its ransomware attacks, the LockBit group is also responsible for popularizing its Ransomware-as-a-Service model, in which it sells its ransomware to other operators for a cut of the profits of future attacks.

Active since 2019, the LockBit group has developed several variants of its ransomware, each causing more havoc than the last. The variants include .abcd, LockBit 1.0, LockBit 2.0, LockBit 3.0, and LockBit Green. The group has targeted various industries and countries, but especially the healthcare and education sectors in the United States, India, and Brazil.

According to the Cybersecurity and Infrastructure Security Agency (CISA), the gang extorted around US$91 million since 2020 in close to 1,700 attacks against various organizations in the country. The group is known for its fast and efficient encryption capabilities, its use of a tool called StealBit to automate the exfiltration of data, and its recruitment of insiders and network access brokers to help them breach their targets.

In November 2023, CISA, Federal Bureau of Investigation (FBI), Multi-State Information Sharing & Analysis Center (MS-ISAC), and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) released a joint Cybersecurity Advisory (CSA) to disseminate IOCs, TTPs, and detection methods associated with LockBit 3.0 ransomware exploiting CVE-2023-4966, labeled Citrix Bleed, affecting Citrix NetScaler web application delivery control (ADC) and NetScaler Gateway appliances.

This was after the LockBit ransomware group leaked more than 43GB of files from Boeing after the company refused to pay a ransom. Other notable victims are Continental automotive giant, the UK Royal Mail, the Italian Internal Revenue Service, and the City of Oakland.

Disrupting the LockBit ransomware group

Law enforcement agencies have been trying their best to take down the LockBit ransomware group. Over the years, there have been several attempts at disrupting and derailing the gang’s modus operandi. Yet, the ransomware gang continues to evade law enforcement agencies.

In the end, law enforcement agencies came together to share intel and investigations which eventually led to the crippling of the ransomware gang’s operations. Operation Cronos is a joint operation between law enforcement agencies from 11 countries that was focused on taking down the LockBit group.

In a report by Bleeping Computer, there is now a banner displayed on LockBit’s data leak website which states that the site is now under the control of the National Crime Agency of the United Kingdom.

“The site is now under the control of law enforcement. This site is now under the control of The National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, ‘Operation Cronos,'” the banner states.

BleepingComputer also reported an NCA spokesperson confirming the disruption and that the operation is still ongoing and developing.

“The NCA can confirm that LockBit services have been disrupted as a result of international law enforcement action. This is an ongoing and developing operation,” said the spokesperson.

“We have hacked the hackers,” Graeme Biggar, director general of the National Crime Agency, told journalists. “We have taken control of their infrastructure, seized their source code and obtained keys that will help victims decrypt their systems.”

Apart from the data leak site, law enforcement agencies also took down LockBit’s affiliate panel and added a message saying LockBit source code, chats, and victim information were also seized.

“Law enforcement has taken control of Lockbit’s platform and obtained all the information held on there. This information relates to the Lockbit group and you, their affiliate. We have source code, details of the victims you have attacked, the amount of money extorted, the data stolen, chats, and much, much more,” the message displayed on the LockBit panel reads.

“You can thank Lockbitsupp and their flawed infrastructure for this situation… we may be in touch with you very soon. Have a nice day. Regards, The National Crime Agency of the UK, the FBI, Europol, and the Operation Cronos Law Enforcement Task Force.”

Meanwhile, CNN reported analysts saying that LockBit has members or criminal partners in Eastern Europe, Russia and China. Like other cash-flush ransomware groups, LockBit rents out its ransomware to “affiliates,” who use the malicious code in attacks, and then takes a cut of the ransom paid out by victims.

“It is highly unlikely core members of the LockBit group will be arrested as part of this operation since they are based in Russia,” Allan Liska, a ransomware expert with cybersecurity firm Recorded Future, told CNN.

Nonetheless, he said, the law enforcement seizure of LockBit’s website “means there will be a significant, if short-lived, impact on the ransomware ecosystem and a slow-down in attacks,” Liska said.

Reuters reported that the United States has charged two Russian nationals with deploying Lockbit ransomware against companies and groups around the world. Police in Poland and Ukraine made two arrests.

It’s not over yet

Despite law enforcement agencies taking control of several sites belonging to the LockBit group, the ransomware gang was still operating on other platforms. In fact, some reports show some of the gang’s other dark websites are still up. This includes sites used to host data and send private messages to the gang.

In a Tweet by VX-Underground, the LockBit group said it will now use Tox (a chat application) for communication “with targets who have failed payment transactions, please note that the servers with the stolen data are intact.” The group also stated that “the FBI couldn’t get them and they will be published in a new blog after the rebuild.”

The actions by law enforcement agencies could also challenge the ransomware gang to regroup and launch more severe ransomware attacks in the future. This is because the main culprits responsible for running these sites have yet to be arrested.

Chester Wisniewski, Director, Global Field CTO, Sophos commented, “We shouldn’t celebrate too soon though. Much of its infrastructure is still online, which likely means it is outside the grasp of the police and the criminals have not been reported to have been apprehended. Even if we don’t always get a complete victory, like has happened with Qakbot, imposing disruption, fueling their fear of getting caught and increasing the friction of operating their criminal syndicate is still a win. We must continue to band together to raise their costs ever higher until we can put all of them where they belong – in jail.”

As the end of the day though, this is still a big win as it is a rare and significant achievement in the fight against ransomware.

The post FBI and UK crime agency finally disrupt Lockbit cyber-gang appeared first on TechWire Asia.