A Tongan cybersecurity expert says the country’s health data hack is a “wake-up call” for the whole region.

Siosaia Vaipuna, a former director of Tonga’s cybersecurity agency, spoke to RNZ Pacific in the wake of the June 15 cyberattack on the country’s Health Ministry.

Vaipuna said Tonga and other Pacific nations were vulnerable to data breaches due to the lack of awareness and cybersecurity systems in the region.

“There’s increasing digital connectivity in the region, and we’re sort of . . . the newcomers to the internet,” he said.

“I think the connectivity is moving faster than the online safety awareness activity [and] that makes not just Tonga, but the Pacific more vulnerable and targeted.”

Since the data breach, the Tongan government has said “a small amount” of information from the attack was published online. This included confidential information, it said in a statement.

Reporting on the attack has also attributed the breach to the group Inc Ransomware.

Vaipuna said the group was well-known and had previously focused on targeting organisations in Europe and the US.

New Zealand attack
However, earlier this month, it targeted the Waiwhetū health organisation in Aotearoa New Zealand. That attack reportedly included the theft of patient consent forms and education and training data.

“This type of criminal group usually employs a double-extortion tactic,” Vaipuna said.

It could encrypt data and then demand money to decrypt, he said.

“The other ransom is where they are demanding payment so that they don’t release the information that they hold to the public or sell it on to other cybercriminals.”

In the current Tonga cyberattack, media reports say that Inc Ransomware wanted a ransom of US$1 million for the information it accessed. The Tongan government has said it has not paid anything.

Vaipuna said more needed to be done to raise awareness in the region around cybersecurity and online safety systems, particularly among government departments.

“I think this is a wake-up call. The cyberattacks are not just happening in movies or on the news or somewhere else, they are actually happening right on our doorstep and impacting on our people.

Extra vigilance warning
“And the right attention and resources should rightfully be allocated to the organisations and to teams that are tasked with dealing with cybersecurity matters.”

The Tongan government has also warned people to be extra vigilant when online.

It said more information accessed in the cyberattack may be published online, and that may include patient information and medical records.

“Our biggest concern is for vulnerable groups of people who are most acutely impacted by information breaches of this kind,” the government said.

It said that it would contact these people directly.

The country’s ongoing response was also being aided by experts from Australia’s special cyberattack team.

This article is republished under a community partnership agreement with RNZ.

Article by AsiaPacificReport.nz

However, the Prime Minister said that the government’s robust firewall security systems were able to fend off these attempts.

Brown revealed this while speaking in support of the Financial Transactions Reporting Amendment Bill 2024, which was passed in Parliament last week.

The hacking attempts from overseas had, however, affected a couple of local companies in the hospitality industry in which their systems were compromised, he said.

“We were able to provide support to reduce any damage caused by these cyber security threats,” Brown said.

The Financial Transactions Reporting Amendment Bill’s primary purpose is to implement the recommended actions put forth by the Global Forum on Transparency and the Exchange of Information for Tax Purposes.

This Forum conducts peer reviews and assessments across over 130 jurisdictions in which Cook Islands is a member of. The aim of these reviews is to evaluate the country’s ability to cooperate effectively with established standards, Brown explained.

‘Increasing collaboration’
“The financial transactions reporting requirements that our country have signed up to is an example of the increasing collaboration among international jurisdictions to share information. Additionally, the need to protect the integrity of our financial centres and enhance our cybersecurity measures will only intensify as the world increasingly moves toward digital currencies.

“Our initial peer reviews took place in 2017, and the Cook Islands received a very positive rating for its capacity to exchange information.

“In light of the subsequent growth and improvements in both the quality and quantity of information exchanges, as well as enhancements to the standards themselves, a second round of assessment was initiated just last year. This latest round includes a legal framework assessment and peer reviews that also cover technical, operational, and information security aspects.”

Brown said that during this process several gaps in the legal framework were identified, and the Global Forum provided recommendations aimed at helping the country maintain a positive rating.

He said Cook Islands is required to address these recommendations by implementing the necessary legislative amendments by the 31st of this month in order to qualify for another round of onsite assessments and reviews in 2025.

The Prime Minister said the security of information is very important, and the security of tax information, in particular, is of significant importance to the Global Forum.

He added that some of the areas identified for improvement extend beyond legislative requirements.

Security codes
“For example, all doors in the RMD (Revenue Management Division) office that hold tax information must have security codes. The staff that work there must have proper identification cards with ID cards to swipe and allow access to these rooms,” Brown said.

“It is a big change from how our public service has operated for many years and maybe we do not see the actual need for this level of security. However, the Global Forum has its standards to maintain and we are obligated to maintain those standards, so we must follow suit.

“Not only that but now there’s also a requirement for proper due diligence to be conducted on employees or people who will work inside these departments. It is these sorts of requirements that compels us in our government agencies, many of them now to change the way we do things and to be mindful of increased security measures that are being imposed on our country. ”

Justice Minister Vaine “Mac” Mokoroa, who presented the Bill to Parliament, said: “The key concern here is to ensure that the Cook Islands continues to be a leader in the trust industry . . .  our International Trust Act has been at the forefront of the Cook Islands Offshore Financial Services Industry since its enactment 40 years ago, establishing the Cook Islands as a leader in wealth protection and preservation.”

“At that time, these laws were seen as innovative and ground-breaking, and their success is evident in the growth and development of the sector, as well as in the number of jurisdictions that have copied them, either in whole or in part.”

Mokoroa said that the Cook Islands Trust Companies Association, which comprises seven Trustee Companies licensed under the Trustee Companies Act, along with the Financial Supervisory Commission, conducted a thorough review of the International Trust Act and recommended necessary changes. These changes were reflected in the Financial Transactions Reporting Amendment Bill.

Republished from the Cook Islands News with permission.

Article by AsiaPacificReport.nz

The Indonesian Independent Journalist Alliance (AJI) has condemned the hacking and disinformation attacks against the group’s general chairperson Sasmito Madrim as a serious threat to media freedom.

In a written release, the AJI stated that the incident was a “serious threat to press freedom and the freedom of expression”.

“This practice is a form of attack against activists and the AJI as an organisation which has struggled for freedom of expression and press freedom,” the group stated.

“The hacking and disinformation attack against AJI chairperson Sasmito Madrim is an attempt to terrorise activists who struggle for freedom of expression and democracy”, the group said.

The AJI stated that the hacking attack began on February 23 and targeted Madrim’s personal WhatsApp, Instagram and Facebook accounts as well as his personal mobile phone number.

All of the posted content on his Instagram account was deleted then the hacker uploaded Madrim’s private mobile number.

Madrim’s mobile number was subsequently unable to receive phone calls or SMS messages.

Pornographic picture hack
On his Facebook account, Madrim’s profile photograph was replaced with a pornographic picture.

On February 24, the AJI monitored a disinformation attack which included Madrim’s name and photograph on social media.

The narrative being disseminated was that Madrim supported the government’s 2020 banning of the Islamic Defenders Front (FPI), supports the government’s construction of the Bener Dam in Purworejo regency and has asked the police to arrest Haris Azhar and Fatia Maulidiyanti, two activists who were criminalised by Coordinating Minister for Maritime Affairs and Investment Luhut Binsar Pandjaitan.

The AJI Indonesia asserts that these messages are false and such views have never been expressed by Madrim.

“These three [pieces of] disinformation are clearly an attempt to play AJI Indonesia off against other civil society organisations, including to pit AJI against the residents of Wadas [Village] which is currently fighting against the exploitation of natural restores in its village,” wrote AJI.

AJI Indonesia is asking the public not to believe the narrative of disinformation spreading on social media and to support them in fighting for press freedom, the right to freedom of expression, association, opinion and the right to information.

Translated from the Kompas.com report by James Balowski for IndoLeft News. The original title of the article was “Kecam Peretasan Terhadap Ketumnya, AJI: Ancaman Serius Bagi Kebebasan Pers“.

Article by AsiaPacificReport.nz

The Papua New Guinea government’s financial hub was hit by computer hackers last week, holding state officials at ransom, reports have revealed.

The ransomware attack on the Department of Finance’s Integrated Financial Management System (IFMS) happened last Thursday, locking out government workers who use the system to run the country’s entire financial system.

The Acting Treasurer, Finance Minister Sir John Pundari, confirmed the hacking but told the PNG Post-Courier that the system had been restored and no ransom was paid.

Sir John said workers were using a temporary accounting system after the IFMS was hit last week but did not reveal the real extent of the damage, saying only that the hackers did not steal anything.

However, they had damaged a system that now puts PNG’s national security at risk.

This is the first time the country’s central financial hub has been hit to such an extent.

Ransomware is a collection of malicious software variants, including viruses, designed by hackers to cause extensive damage or gain unauthorised access to computer networks.

‘Cyber-attack on core server’
“The Government Financial System suffered a cyber-attack in the form of ransomware infiltrating our core server at 1am on Friday, 22 of October 2021,” Sir John said.

“As a result of the ransomware infiltration, the Department of Finance’s IT network was compromised. The department immediately took precautionary steps by closing down the network systems.

“The department has now managed to fully restore the system, however, because of the risk we are playing it safe by not allowing full usage of the affected network.

“While we progress cleaning up the server environment, we have put in temporary measures.

“These include all government departments and agencies having access to commit and process cheques using a controlled environment in Vulupindi Haus.

“All provinces and districts will also have access to commit funds, through a controlled temporary arrangement.

‘Full restored’
“The department is conscious of the security and integrity of its data, thus, restoration of services to all government agencies, including at the sub-national level will be done gradually, bearing in mind the security of individual networks, so as not to compromise or allow any further spread of this malware or other viruses.

“At this stage I wish to state clearly that the government financial system has been fully restored.

“Department of Finance did not pay any ransom to the hacker or any of its third party agents. We have managed to restore normalcy.

“The government and the people of Papua New Guinea can be assured that the government’s financial services will continue as usual.”

Gorethy Kenneth is a senior PNG Post-Courier journalist. Republished with permission.

Article by AsiaPacificReport.nz

New Zealand’s cyber security agency believes China has been behind numerous hack attacks spanning years.

The government joined Western allies and Japan in calling out Beijing for so-called state-sponsored hacks, including a major incursion in February when Microsoft email servers were targeted.

The US has charged four Chinese nationals — three security officials and one contract hacker — with targeting dozens of companies and government agencies in the United States and overseas under the cover of a tech company.

“What we do is when we see malicious cyber activity on New Zealand networks, that may be through our own capabilities that we have to help protect New Zealand networks or it may be something that’s reported to us, we look at the malware that’s used,” Government Communications Security Bureau Director-General Andrew Hampton told RNZ Checkpoint.

“We look at how the actor behaves. We look at who they might be targeting and what they do if they get onto a network.

“That allows us to build a bit of a picture of who the actor is. We then compare that with information that we receive, often from our intelligence partners who are also observing such activity.

“That allows us to make an assessment, and it’s always a probability assessment about who the actor is.

The APT 40 group
“In this case, because of the amount of information we’ve been able to access both from our own capabilities and from our partners, we’ve got a reasonably high level of confidence that the actor who we’ve seen undertaking this campaign over a number of years, and in particular, who was responsible for the Microsoft Exchange compromise, was the APT 40 group — Advanced Persistent Threat Group 40 — which has been identified as associated with the Chinese Ministry of State Security.

The RNZ National live stream.  Video: Checkpoint

“The actors here are state sponsored actors rather than what we would normally define as a criminal group. What we’re seeing here is a state sponsored actor likely to be motivated by a desire to steal information.”

Hampton said there was a blurring of lines between what a state agency does, and what a criminal group does.

“Some of the technical capabilities that previously only state organisations had, have now got into the hands of criminal groups.

“Also what we’ve seen in a range of countries is individuals who may work part-time in a government intelligence agency, and then may work part-time in a criminal enterprise. Or they may have previously worked in a state intelligence agency and are now out by themselves but still have links links back to the state.

“We don’t know the full detail of the nature of the relationship, but what we do know is the Ministry of State Security in China, for example, is a very large organisation with many thousands of of employees.

“So they are big organisations with people on their payroll but they also would have connections with other individuals and organisations.

Information shared with criminals
“Something else worth noting with regard to this most recent compromise involving the Microsoft Exchange, what we saw there is once the Ministry of State Security actors had identified the vulnerability and exploited it, they then shared that information with a range of other actors, including criminal groups, so they too could exploit it.

“This is obviously a real concern to see this type of behaviour occurring,” Hampton said.

All evidence showed the cyber attacks were all originating from mainland China, Hampton told Checkpoint.

He said such attacks would be aimed at stealing data or possibly positioning themselves on a system to be able to access information in the future.

“A common tactic we see, unfortunately, is there may be a vulnerability in a system,” Hampton said.

“It could be a generic vulnerability across all users of that particular system, and a malicious actor may become aware of that vulnerability, so they would use that to get onto the network.

“That doesn’t mean they will then start exfiltrating data from day one or something like that. They may just want to to sit there in the event that at some point in the future they may want to start doing that.

Malicious actors
“This exploitation of known vulnerabilities is a real concern. This is why all organisations need to keep their security patches up to date, because what can happen is you can have malicious actors use technology to scan whole countries to see who hasn’t updated their patches.

“They then use that vulnerability to get on the network and they may not do anything with it for some time. Or they might produce a list of all the organisations, say, in New Zealand who haven’t updated their patches.

“Then they make a decision – okay these are the four to five we want to further exploit.”

This article is republished under a community partnership agreement with RNZ.

Article by AsiaPacificReport.nz

Pacific Media Watch Newsdesk

Kodao Productions, a Philippine alternative news website, is still down after being the target of a cyber-attack six days ago and Reporters Without Borders (RSF) has condemned this new assault on media freedom in the Philippines.

The Paris-based media freedom watchdog is worried about this latest blow to media freedom, which comes against a backdrop of government hostility towards critical media outlets, including Catholic Church radio stations.

“Site currently not available” was the error message seen when trying to access the Kodao website.

READ MORE: UN critics join global outrage over Duterte’s Rappler ‘free press’ attack

But Pacific Media Watch reports that Kodao Productions now has a “defend press freedom” message posted on the page while the website’s news coverage still cannot be accessed.

As a result of a cyber-attack consisting of a malicious code injection at around midnight on February 1, the site is no longer able to post new content and readers cannot access past content.

-Partners-

The attack has come amid mounting tension between allies of President Rodrigo Duterte and media outlets of various ideological tendencies whose common feature is a readiness to criticise the quick-tempered president’s policies.

54 radio stations at risk
Concern is growing about the fate of Catholic Media Network, a nationwide network of 54 Catholic Church-run radio stations whose 25-year licence expired on 4 August 2017.

The licence renewal application was submitted on 24 January 2017 but has been blocked ever since in the House of Representatives, where it has yet to be put on the agenda of the relevant committee.

The Catholic Bishops’ Conference of the Philippines, which runs the network, now fears that the 54 radio stations could be shut down at any time.

“We urge Philippine parliamentarians to address the Catholic Media Network application so that this licence can finally be renewed,” said Daniel Bastard, head of RSF’s Asia-Pacific desk.

“It should be a mere formality, nothing more than a stamp on a four-page document. Given the Catholic Church’s criticism of the Duterte administration, this refusal to renew clearly seems to be politically motivated,” he said.

“Meanwhile, as Kodao is well known for its uncompromising criticism of the authorities, its suspension also has all the hallmarks of a reprisal against the free press.”

‘Dutertards’
The cyber-attack on Kodao could have been the work of President Duterte’s army of trolls, also known as “Dutertards”. According to a recent University of Oxford study, the president spent $200,000 on recruiting them.

Founded in 2000, Kodao Productions is known for its coverage of human rights, the environment and the decades-old, on-off peace talks between successive governments and the Maoist left.

Catholic Media Network, for its part, has often referred to the extrajudicial killings linked to the “war on drugs” waged by Duterte, which has already had an estimated death toll of more than 7000, according to Philippine media freedom monitoring groups.

On January 15, a government spokesman announced the withdrawal of the licence of Rappler, the country’s leading news website, which has appealed against the decision.

RSF referred the licence withdrawal to the United Nations, which responded 10 days later by expressing deep concern about this violation of media freedom.

The National Union of Journalists of the Philippines is now organising regular “Black Friday” demonstrations in support of media outlets that have been the victims of government hostility.

The Philippines is ranked 127th out of 180 countries in RSF’s 2017 World Press Freedom Index.

Cyber-attacked … Kodao Propductions and its #defendpressfreedom message. Image: PMC

Article by AsiaPacificReport.nz

Pacific Media Watch Newsdesk

Indonesia is predicted to be prone to cyber attacks from this year until 2025, says a media communication and technology consultant.

A.T. Kearney’s media communication and technology researcher Germaine Hoe Yen Yi says ASEAN countries, especially Indonesia, face this problem because of the shortage of digital experts.

“The low policy supervision, the lack of experts in the digital field, high susceptibility and low investments,” said Yen Yi during the Southeast Asia emergency security presentation in Jakarta last week.

A.T. Kearney is a global management consulting firm with offices in more than 40 countries.

From 10 ASEAN countries, only Singapore and Malaysia are considered among the most digitally advanced countries.

However, Philippines and Thailand are in their “development stage” regarding cybersecurity.

-Partners-

Indonesia’s cybersecurity is considered to be in its infancy, which includes its regulations, national strategy development, governance, and international partnership.

“Malaysia is expected to need more than 4000 cybersecurity experts by the year 2020 to fight against cybersecurity issues,” said Yen Yi.

Meanwhile, in investments, ASEAN countries still provides limited funding for cyber securities with an average of 0.07 percent from their gross domestic product.

Yen Yi said the number must be increased to 0.35 percent and 0.61 percent compared to their GDP in 2025.

Cisco ASEAN president Naveen Menon said that a county’s success in digitisation depended on its ability to resist cyber attack threats. He also urged stakeholders to unite and help build cybersecurity abilities.

Article by AsiaPacificReport.nz