The article discusses the growing importance of cybersecurity cooperation in the Asia Pacific region, particularly within the Colombo Security Conclave, a forum involving India, Sri Lanka, Maldives, and others. It highlights shared cybersecurity challenges in the region, the Conclave's focus on capacity building and academic collaboration, and India's likely leadership role due to its cybersecurity maturity. The article also mentions the geopolitical competition between India and China in the region and suggests that India's ambition to become a cybersecurity leader will drive its efforts within the Conclave, benefiting both India and its regional partners.
Interview with Ceylon Today Newspaper on Data Privacy and Cybersecurity
The Data Protection Bill in Sri Lanka, modeled after the EU's GDPR, aims to address data privacy concerns by introducing "privacy by design" and granting new rights to data subjects. It applies to international businesses, including tech giants like Meta and Google. The bill also introduces data residency and sovereignty concepts. While it's expected to enhance data protection, implementing data residency requirements for complex IT systems may pose challenges. Overall, the bill is a positive step for Sri Lanka, attracting tech investments and improving data protection in the digital age.
Salient features of the proposed #CyberSecurity bill;
The bill provides for accreditation for cybersecurity services providers.
The draft of the Online Safety Bill has been gazetted.
The gazette has been issued by the Minister of Public Security.
Carjacking incidents, particularly using methods like the 'relay hack,' are on the rise in Sri Lanka. To protect your car's FOB from this type of attack, an affordable solution is to buy a "faraday key pouch" and keep your car key inside it when not in use. #CyberSecurityLK
Comsec Consulting's Threat Response Teams have issued a release regarding a widespread ransomware attack affecting organizations worldwide, including more than 70 countries. Notable targets include the UK's National Health Service (NHS), Spanish banks, Deutsche Bahn, Renault, and many others.
Key points:
The ransomware targets Microsoft Windows systems, encrypting files and blocking access.
The malware spreads through phishing emails and exploits a Microsoft vulnerability described in bulletin MS17-010 using EternalBlue/DoublePulsar, compromising unpatched systems on the same network.
Infection of one computer can compromise the entire network.
Recommended prevention and mitigation measures include patching systems, isolating or shutting down unsupported/unpatched systems, disabling SMBv1 and SMBv2, isolating specific network ports, updating antivirus and antimalware products, and ensuring critical data is regularly backed up.
Employee awareness and reporting of suspicious emails and activities are crucial.
Comsec Consulting is actively monitoring the situation and offers assistance for any related findings or questions.
Organizations are urged to take immediate action to protect their systems and data.
A new ransomware variant, identified as a version of Petya (also known as NotPetya), has recently attacked organizations worldwide. This ransomware is more aggressive than WannaCry, encrypting files and preventing systems from booting. It uses various propagation techniques, including exploiting vulnerabilities and stealing credentials, making it highly dangerous.
To protect your company:
FC Barcelona fans were surprised when the club's Twitter account announced the signing of Angel Di Maria from Paris Saint-Germain. However, it was later revealed that the club's account had been hacked, and they were working to resolve the issue. A group from Saudi Arabia known as OurMine, which has claimed responsibility for other high-profile hacks, was said to be behind the attack.
This report will cover the following critical aspects:
Impacted Emails: It will provide a detailed account of all email accounts affected by the cyberattack, revealing the scope of the breach and its implications for government communication.
Government Data Loss: An assessment of the data loss suffered by government agencies due to the attack, with a focus on understanding its potential impact on national security and public services.
Value of Data Loss: The report will estimate the financial value associated with the data loss, including costs for data recovery, cybersecurity improvements, and the impact on government operations.
Preventative Measures: It will offer a comprehensive overview of actions taken to prevent future cyberattacks of a similar nature.
The Ministry emphasizes its commitment to securing the nation's digital landscape, ensuring that the IT industry can continue driving economic growth and innovation without the constant threat of cyberattacks as the investigation unfolds.