Cybersecurity
Cyber attack tied to China boosts development bank’s chief
The cyberattack crested just as finance officials from across Latin America were descending on Washington to commemorate the 60th anniversary of the Inter-American Development Bank.
On Sept. 24, 2019, requests from more than 15,000 internet addresses throughout China flooded the bank’s website, knocking part of it intermittently offline. To unclog the network, the bank took the drastic step of blocking all traffic from China.
But the attackers persisted, and as officials gathered for a day of conferences with athletes, academics and celebrity chefs the bombardment intensified.
Details of the attack, which has not been previously reported, are contained in an IDB internal document reviewed by The Associated Press.
News of the attack is surfacing just as the bank’s new president, Mauricio Claver-Carone, seeks to leverage his hawkish views on China from his time in the Trump administration to outmaneuver those in Washington and beyond still fuming over his politically charged election last year.
Claver-Carone, the former National Security Council’s senior director for Western Hemisphere affairs, chaired last week in Colombia his first annual meeting of the IDB since he was elected last fall over the objections of Democrats and some regional governments who complained he was breaking the longstanding tradition of a Latin American being at the helm.
A geopolitical ideologue, Claver-Carone seems in no rush to abandon his disdain for Beijing’s growing influence in Washington’s backyard. In sharp contrast to his predecessor, Luis Alberto Moreno of Colombia, who eagerly promoted Chinese investment in the region, Claver-Carone recently floated the possibility of inviting Taiwan, the island democracy claimed by the communist Beijing government as part of its territory.
In curtailing China’s influence, Claver-Carone is looking to curry favor with Democrats who question his leadership but share his mistrust of Beijing. If he succeeds, they can help him deliver on what was the main pledge of his unorthodox candidacy: U.S. support for a capital increase so the bank can help the region dig out from a pandemic-induced recession that’s the worst in more than a century.
There are early signs he may be making some headway. This month, a bipartisan group of five lawmakers led by Sen. Bob Menendez, head of the Senate Foreign Relations Committee, proposed legislation authorizing an $80 billion capital increase that would boost lending at the Washington-based bank by 60%.
“People need to accept that he won,” said Dan Runde, a former official with the U.S. Agency for International Development in the George W. Bush administration and an expert on multilateral institutions at the Center for Strategic and International Studies. “Those who are not happy haven’t gone through the five stages of grief yet. They’re stuck somewhere between denial and anger.”
But Sen. Patrick Leahy, the powerful chairman of the Senate Appropriations Committee, has yet to sign on after warning last year that the choice of Claver-Carone, a “polarizing American,” to lead the IDB would hurt — not help — the case for a funding boost. There’s also an expectation that some in the region who supported Claver-Carone when Trump was in office — such as Brazil and Colombia — might switch allegiances to appeal to the new sheriff in town: President Joe Biden.
“The argument that an underfunded bank is an opportunity for China is very compelling,” said Dan Restrepo, who served in the same National Security Council role as Claver-Carone during the Obama administration. “But it doesn’t answer how you adequately fund the bank and with what leadership.”
As far as cyber-disruptions go, the attack against the IDB was too small to generate concern beyond the bank. Last year, more than 10 million similar distributed denial of service (DDoS) attacks were observed throughout the world, according to digital security firm NETSCOUT.
But occurring amid the IDB’s gala celebration it was fraught with symbolism.
The bash in Washington was hastily organized after the Trump administration six months earlier rallied allies to force the cancellation of the IDB gathering in the Chinese city of Chengdu, which was to be something of a breaking out party for China a decade after it joined the bank.
While the U.S. had been trying to derail the meeting for months, China’s denial of a visa to a representative of Venezuelan opposition leader Juan Guaidó gave it the opportunity to act decisively. While the IDB and the bulk of nations in Latin America recognize Guaidó as Venezuela’s legitimate leader, China is a staunch ally of President Nicolás Maduro
Claver-Carone was the U.S. official driving the diplomatic standoff with China at the IDB. As the top White House official for Latin America, he was also the architect of “America Rising,” a program that sought to curb the inroads being made by China in Latin America, where it has displaced the U.S. as the top trading partner in countries such as Argentina, Brazil, and Chile.
According to the IDB document, on Sept. 19, 2019, traffic to the IDB website surged to more than four times normal levels, forcing the main website and publications page offline. At first, the bank defended itself by blocking individual IP addresses.
But then “the attackers switched tactics and started to throw requests from more than 15,000 IP addresses spread throughout China,” according to the internal document. “By Tuesday 24th evening all income traffic from China was blocked, a decision the allowed us to come back online.”
Unthwarted, the attackers pivoted again, this time relying on 180,000 IP addresses from countries including Singapore and Japan. In all, the attack lasted for months but was effectively contained after three weeks when the bank turned to Amazon to build a more robust firewall.
While there is no indication the site was breached, “the downtime affected our digital presence and had a negative impact in different communication endeavors,” the document says. “It also made our vulnerabilities explicit for third parties, which could potentially make us the target of new attacks and impact the reputation of the IDB brand.”
Still, it’s impossible to know who was behind the attack.
While China has some of the world’s most skilled hackers, security experts say that doesn’t necessarily mean it is behind the attacks. Poorly protected computers can be hijacked and marshaled from anywhere in the world and turned into botnets for unleashing DDoS attacks.
“A targeted attack this long has an obvious financial or political motive — you don’t troll for three weeks,” said Tord Lundstrom, a digital security expert at Qurium, a Swedish non-profit organization. “But determining whether China was behind it, or someone is just trying to make it look like it was, is very hard to determine without additional digital forensic information.”
China’s foreign ministry didn’t respond directly to questions about whether the government knew about the incident at the IDB or was involved but said in a statement that it strongly opposes cyber attacks
“Linking cyber attacks directly to a government is a highly sensitive political issue,” the ministry statement said. “All parties should jointly resolve the hacking issue through dialogue and cooperation and avoid politicizing the issue.”
Claver-Carone declined to be interviewed while the IDB said it does not comment on internal cybersecurity issues. Nonetheless, three people at the bank told the AP they recall China being openly blamed for the attack in briefings back in 2019 to discuss the fallout. The people spoke to the AP on the condition of anonymity to discuss internal deliberations.
On paper, China has a minuscule 0.004% of the IDB’s voting shares, the smallest stake of any of the bank’s 48 members. But membership has been a cheap way for China to expand its reach in Latin America. Chinese companies are able to bid on IDB-financed projects, rub shoulders with political leaders and pick up valuable economic intelligence that would be harder to acquire on its own.
China is also the second-largest non-borrowing shareholder in IDB Invest, the bank’s private lending arm, with nearly 6% of shares, thanks to a reorganization in 2015 when the Obama administration refused to pony up additional resources and saw the U.S.’ stake diluted to 13%.
The IDB also manages a $2 billion fund made up entirely of contributions from China. Over the years the IDB also hosted more than a dozen business summits connecting Latin American entrepreneurs with Chinese investors.
“For too long the IDB was too friendly with the Chinese Communist Party,” said Runde. “The Bank and its shareholders did not hold China accountable when it ruined the 60th Anniversary for the IDB. This too cozy relationship has to change.”
China has made no secret of its tense relationship with Claver-Carone. In a symbolic rebuke, Yi Gang, the head of China’s central bank, refrained from voting in the special meeting last year when Claver-Carone was elected, according to a person who attended the meeting on the condition of anonymity to discuss the closed-door discussion.
Rebecca Ray, a Boston University economist who tracks China’s investment in the region, said the touchy politics around China can be a double-edged sword. While Claver-Carone’s attempts to isolate Beijing may play well in the U.S. Congress and help him secure additional funding it could ultimately end up undermining the IDB’s mission at a time of great need for financing to build infrastructure, improve health care and reduce poverty in the region.
She noted that as the IDB has lagged other multilateral institutions in securing more funding, three Latin American countries — Brazil, Ecuador, and Uruguay — have joined the Asian Infrastructure Investment Bank, China’s answer to the World Bank and one which the U.S. opposes.
“Sidelining China may end up limiting China’s willingness to keep playing an active role, which would not be popular in the region,” said Ray. “As long as the need for financing remains high, countries will keep turning to China because that’s where the money is.”
MIAMI (AP) — By JOSHUA GOODMAN
When it comes to ensuring the highest levels of cybersecurity for any establishment, password management in network security is one of the most paramount factors in guaranteeing security. As one of the essential cybersecurity measures, password management is a critical element for any online activity, whether for software or hardware. Everything is protected with a password.
What is Password Manager and How does it Work?
To those not familiar with the concept, password management’s significance exceeds the creation of a strong password to protect your data or account. It is a cybersecurity system. A system that manages any saved login credentials, all while guaranteeing a safeguarded relocation of data from one device to another. When coming up with a valid password, a few factors must be taken into account, such as the potential of being exposed to high risks and identity theft.
For any establishment, the correct password manager helps to monitor any activity and amounts of logins for servers people work on. As a software application, it is developed for storing and managing online credentials. With the increased available platforms and programs requiring safety credentials, the risk of losing or forgetting a password has never been higher. User password management, such as Google password manager, helps users with a handful of passwords for essential web applications.
By providing the needed digital space to generate and store any, and all passwords in one location, password management in network security keeps any data safe and secure in various ways, including biometrics data.
Why Use Password Manager?
Through the encryption of users’ logins, a reliable password manager protects your credentials and cannot be accessed until the master password is submitted. In this case, no password is stored on the device itself or even on the manager’s servers. While some might think that storing all of your important passwords in one place might be hazardous, the truth is, password managers are the safest bet to safeguard all your passwords, as the chances of a password manager being breached are extremely low and almost very unlikely to happen.
Without getting into all the technical terms as to why password managers are the safest option, these applications can be perceived as the lesser evil. While users will still need to create one master password – preferably to be long and a bit complicated – it will guarantee the protection of any login credential for any account or credit card information.
The ideal password managers to download are backed by two-factor authenticators, where users are asked for a one-time code alongside the password whenever a new login into a new device takes place.
Password Management Best Practices in Network Security
In terms of obtaining the highest level of protection for network security, few practices are applicable to almost anyone to ensure the highest level of user password management.
1. Training
Training the team and raising awareness of potential password threats is one of the most important things to consider. Team members working on network security have to understand the risk of cybersecurity and the importance of implementing the right measure to protect and secure any account credential.
2. Enforcement of Reliable and Strong Passwords
Enforcing the creation of strong passwords and establishing they follow the best practices for network security to protect the network and its data while respecting the integrity, confidentiality, and accessibility of the network’s computer systems.
This includes performing a thorough network audit, deploying network and security devices, disabling file sharing features, updating antivirus and anti-malware software, securing all routers, using a private IP address, and finally establishing a network security maintenance system.
3. Multi-factor Authentication
Endorsing your password management with two-factor authentication is like adding another solid layer of protection to your accounts and their passwords. Multi-factor authentication ensures that only people responsible for the network have access to its sensitive data.
Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Cybersecurity space to stay informed and up-to-date with our daily articles.
We are all well aware of the troubles opening a fishy link can lead us to. Luring users to click on a given link has been of one the well-known techniques to get access to the device, install virus and malware or even go as far as creating a full ransomware attack. To protect your computer and private information, there are multiple techniques to check links without opening them. What is important though is never to open the link if it is suspicious.
Visually Inspect the Link
When you are not dealing with a shortened URL, the best way to go thoroughly through the link to see if there is any spelling mistake. Attackers usually tend to change a minimum number of letters so that you are unable to tell the difference. For instance, things like www.goagle.com instead of www.google.com should catch your attention with the second ‘o’ of Google replaced with an ‘a’.
Verify that Links in an Email Come from a Credible Source
Emails are the best sources for phishing attacks. These kinds of attacks are used to steal some sensitive information such as passwords and credit card information. The best way to avoid these kinds of attacks is to authenticate the sender. For that purpose, do not only check the name of the sender, you need to double-check the email the sender is using. In general, attackers use credible sender names with emails which do not correspond to the promoted identity. Next time you get an email from your bank like “XBank”, check that the sender email is person@Xbank.com rather than person@anyothermailclient.com.
Use Link Checker or Link Scanner
Many websites actually provide link checking or link scanning features. This is a very neat technique to simple check the link before clicking on it.
VirusTotal
www.virustotal.com is an excellent website for this task. This online tool practically does the job of an anti-virus. When you go to the website, you have the possibility to analyze files and URL for malware or any other security breach. Once you submit your file or enter the URL, the website will use different tools and software, then provide you with a detailed output from each of these tools. If you are unsure if a given software is credible enough, you can compare it to the output of other platforms on a single website.
Use a Short URL Expander
Sometimes attackers try to shorten URLs to hide any malicious intention. Analyzing shortened URL is not straightforward. To overcome this problem, copy the provided URL without opening it and use specific websites that actually expand the provided URLs. Then, you can analyze the original URL for possible security breaches. Many websites are there to do this task. Just search for “short URL expander” on your search engine and use the top provided websites.
Upgrade your Anti-Virus with Internet Security Features
Anti-virus software is commonly used to protect personal computers from viruses and other malware. While these are available for free, you can easily upgrade them to include internet security features for a small monthly fee. This will bring major improvement to your internet browsing experience including custom-made safe browsing tools.
Use Google Transparency Report
Google provide a nice tool to check for the safety of websites. To do so, visit https://transparencyreport.google.com and enter the URL in question. The Google source will then provide you with a safety report of that website.
Simply Hover Over the Link
The nicest solution is kept to the end. When you hover over a link in your email client or web browser, a small square appears including all the information related to the chosen URL. These details can be used to give a preliminary indication whether to trust the source.
Final Thoughts
Suspicious links are everywhere! To make sure they don’t catch you by surprise, follow the highlighted and you’ll be safe to go.
“Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Cybersecurity space to stay informed and up-to-date with our daily articles.”
Cybersecurity and artificial intelligence (AI) are two very trending topics at the moment. AI has been the pivotal elements modifying business strategies, improving decision-making processes, and triggering automation in every industry in the world. The latest sentience debate is a clear indicator on serious and advanced AI is becoming nowadays. Cybersecurity is the other important element of today’s technological world. With an increasing reliance on data and the move to online services that require an individual’s biometrics, security essential in preventing data thefts and associated cybercrimes. AI has undeniably improved cybersecurity practices by allowing a real-time analysis of internet traffic to discover possible threats at the earliest and take defensive actions. This important learning process hides however several disadvantages of AI in cybersecurity.
What Are the Downsides to AI in Cybersecurity?
The touted advantages of AI in cybersecurity are real and very useful. However, the increasing adoption of AI solutions for security is actually causing problems at different levels.
Hackers Use AI as Well
When it comes to maturity in technology, hackers are the best at it. These individuals sitting behind computer screens logging data and doing advanced analytics to identify any loophole or vulnerability they can use to their benefits. The use of AI as far as cybersecurity is concerned is a double-edged sword. It is actually a race of who can develop a better algorithm that caters better to the data which is circulating online. In this sense, the use of AI is a big threat to security.
Another issue is that while a company is analyzing and learning from data to discover threats, a hacker is concurrently analyzing the company’s cyber-defense mechanisms and policies to find “open doors’ that will take it into the system to complete the intended attack.
Data Confidentiality
AI algorithms are associated with the analysis with large volumes of data, a key requirement for the developed algorithms to produce accurate outputs. The data a company deals with contains normal traffic related to daily transactions and activities, but also sensitive information related to the clients including their biometrics and personal information. What happens to our data when it goes to the AI-agent though is another thing. Protecting the data is key when AI is used for cybersecurity reasons. The secrecy of the clients’ data should not be compromised for any reason.
Increasing Need for Data
The field of cybersecurity is constantly evolving with ingenious attacks and threats emerging every now and then. Browser-in-the-browser attacks and increasingly advanced ransomware attacks have been notable examples in 2022. In order to discover attacks at a later stage, the AI algorithm needs to have data to do the proper training. The increasingly dynamic environment with threats emerging and evolving will lead to a surge in the required volumes of data, which can potentially not be readily available to have a fast response to the attack itself. Whether it is the ability of AI to keep track of the exponential growth in data or the availability of data for the AI-algorithm to produce results is a big disadvantage of this approach for cybersecurity
Will Cybersecurity be Replaced by AI?
With the drive towards more and more automation, it is questionable whether this can be applied as well for cybersecurity practices. AI can certainly assist in processing and learning from data and produce insights. However, the real decision maker in such as sensitive area where no errors can be tolerated is the cybersecurity expert himself. The only way for AI to replace cybersecurity is when it becomes sentient or developed enough to think and act like humans do. There is still a long way for that to concretize.
Explainable or interpretable AI is a key intermediate step in reaching this target. First, we need to understand how AI produces results. Proper cybersecurity practices require a reduction in bias while optimizing the performance of the algorithm.
How Will AI Affect Cybersecurity Jobs?
The adoption of AI will certainly cause major shifts in the cybersecurity job market as in the case in other industries, but probably at a smaller scale. The level of skill and experience needed to thwart cyberattacks will safeguard the need for security experts to provide the final decision regarding suspicious data patterns.
On the other hand, the incorporation of AI will call for new skilled workers that can manage and optimize the performance of the algorithms. Another alternative would be for existing workforce to be upskilled and retrained to handle the new analysis tools.
Summary
As data is becoming the basic unit for decision making, AI has invaded all industries and businesses, including cybersecurity. Companies are starting to incorporate learning algorithms to their offered services in order to have a more intelligent management of the different security threats. However, the role of AI in cybersecurity should be considered with enough judgment. The addition of AI would increase the complexity in the data management process, notably in terms of data privacy and the continuous need for more data.
“Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Cybersecurity and Artificial Intelligence space to stay informed and up-to-date with our daily articles.”
Volkswagen to Develop New Semiconductor with STMicro Amid Chip Crunch
Facebook’s Growth Woes in India: Too Much Nudity, Not Enough Women
Exclusive-U.S. Probes China’s Huawei over Equipment Near Missile Silos
What are the Ethical Issues in Biometrics?
NEOM: A $500 Billion smart-city to be built in Saudi Arabia
5 Reasons Why… Telecoms is Important in Society
Advantages and drawbacks of Voice Recognition Technology
SIM Box Fraud – A Growing Concern
Cisco VP highlights need for inclusivity when entering the 4IR
Salt Edge looks to steer digitalization of EU’s banking sector
Ian Terblanche, Global Strategic Sales & Channel Director at Sigfox
