We start the week with an overview of the latest tech news and the biggest news stories that have unfolded during the past week. Cybersecurity received a lot of attention this week as Microsoft discovered a new breach, the Zero Trust Segmentation pioneer has successfully closed its latest funding round, FBI director warned companies about paying ransom to cybercriminals, and CISA announced they are collaborating with the White House on a Zero Trust strategy. Apart from that, the use of crypto remains a large topic as some countries ease up the restrictions that were put in place while others toughen up on the crackdown. This week, UK banned Binance, one of the largest crypto exchanges. At the same time, Tanzania’s Central Bank is preparing for reversing the ban on crypto that was issued back in 2019 following the orders from the new President. We also look at the new possible digital trade agreement between the UK and Singapore; the CEO of Robinhood calling for changes in exchange pricing; antitrust watchdogs in the EU calling for more power in enforcing the rules against the big tech, and Cornelis Network preparing to launch the highest performing HPC.
On Friday, Microsoft announced a hacker managed to access one of the company’s customer service agents and used the information to start hacking attempts against the customers. Microsoft revealed it found the breach during its response to hacks responsible for major breaches at SolarWinds and Microsoft.
All the customers affected have been notified and a copy of the warning has identified the attacker as one from the so-called Nobelium group. The earlier attacks have been publicly attributed to the Russian government by the US. However, the Russian government denies any involvement in cybercrime.
“A sophisticated Nation-State associated actor that Microsoft identifies as NOBELLIUM accessed Microsoft customer support tools to review information regarding your Microsoft Services subscriptions,” the warning reads in part. The U.S. government has publicly attributed the earlier attacks to the Russian government, which denies involvement.
Scott McConnell, a spokesman for Homeland Security’s Cybersecurity and Infrastructure Security Agency, said the defensive group “is working with Microsoft and our interagency partners to evaluate the impact. We stand ready to assist any affected entities.”
A SolarWinds spokesperson said, “The latest cyberattack reported by Microsoft does not involve our company or our customers in any way.”
Today, the UK and Singapore are set to launch discussions on a digital trade agreement that could help the UK become what they refer to as a “global tech powerhouse” in a post-Brexit world. As Britain has finalized its exit from the UK at the end of last year, the country has been continuously trying to enter new trade deals, prioritizing the Indo-Pacific region countries.
The UK government announced that an agreement with Singapore could potentially remove all barriers to digital trade and allow the UK exporters to expand into the high-tech markets.
“A cutting-edge deal with Singapore will keep us at the forefront of the technological revolution, ensuring we lead the way in digitally delivered trade and industries like fintech and cybersecurity,” British trade minister Liz Truss said.
“The UK will be the first European country to ever negotiate a Digital Economy Agreement, which shows what we can do as a sovereign trading nation,” she added in an official statement.
Amidst the global crypto crackdown, the latest news comes from the UK’s financial regulators that banned Binance, one of the largest crypto exchanges in the world. Now, Binance is not able to conduct any regulated activity and an official warning about the platform has been sent to consumers around the globe.
The Financial Conduct Authority (FCA) said Binance Markets Ltd, Binance’s only regulated UK entity, “must not, without the prior written consent of the FCA, carry out any regulated activities… with immediate effect”.
However, Binance announced shortly after that its Binance Markets was not using regulatory permissions yet, and hence, the FCA’s decision would not impact services that are currently offered on the Binance.com website.
“We take a collaborative approach in working with regulators and we take our compliance obligations very seriously. We are actively keeping abreast of changing policies, rules and laws in this new space,” a spokesperson said.
The trading of cryptocurrencies is not directly regulated in Britain as of now. Having said that, providing services that include trading in cryptocurrency derivatives does require authorization.
According to the FCA’s decision, by the end of June, Binance must display a notice stating “BINANCE MARKETS LIMITED IS NOT PERMITTED TO UNDERTAKE ANY REGULATED ACTIVITY IN THE UK” both on its website and all social media channels. In addition, Binance is obliged to secure and preserve all records that relate to UK consumers by Jule 2.
The Central Bank of Tanzania announced it was working on the directive issued by President Samia Suluhu Hassan regarding cryptocurrencies and the possibility of reversal of a ban that was put in place in 2019.
The new president in Tanzania came to power recently, after her predecessor passed away in March. This month, Hassan said that the arrival of cryptocurrencies to the East African country was inevitable.
“In the financial sector, we have witnessed the emergence of blockchain technology or cryptocurrency,” Hassan said during the opening a new central bank branch this month.
“Many countries in the world have not accepted or started using these currencies. However, I would like to advise the central bank to start working on those issues. Just be prepared.”
In November 2019, the central bank banned cryptocurrencies as they were not recognized by local law. Now, they are adapting based on the comments made by the president.
“The bank is working on the directives given,” a Bank of Tanzania spokesperson told Reuters last week, however, they refused to provide more details.
“The most challenging element for regulators is to be caught by surprise by innovations,”Abdulmajid Nsekala, the chairman of the Tanzania Bankers’ Association said.
“The change in tone from Tanzania’s president is clear, but wait to see whether the central bank will take concrete steps towards embracing cryptocurrencies,” said Faith Mwangi, an analyst at Tellimer.
On Thursday, Vlad Tenev, the CEO of Robinhood called for the U.S. securities rules to be changed, allowing stock exchanges to quote bids and offer micro price increments (less than a penny).
Although retail trading volumes have sky-rocketed, most of the retail orders are sent to wholesale market makers instead of exchanges due to prices that are better by fractions of a cent. The prices on exchanges are currently limited to penny increments.
“In a nutshell, exchanges cannot fairly compete with off-exchange market makers in executing our customers’ orders,” Tenev said. “If the sub-penny limitation is removed, and exchanges reduce fees for retail orders, we could see … more transparency and perhaps more retail order flow executed on lit markets,” he said, referring to exchanges which are considered “lit” because participants can see prices.
Spokespeople for Nasdaq Inc (NDAQ.O) and Intercontinental Exchange Inc’s (ICE.N) New York Stock Exchange declined to comment.
At the end of last week, the Zero Trust Segmentation pioneer, Illumio, announced the successful Series F funding, with $225 raised and a valuation of $2.75 billion. The round was led by Thoma Bravo and supported by Franklin Templeton, funds managed by Hamilton Lane, and Owl Rock, a division of Blue Owl Capital.
As cyberattacks and ransomware are more prevalent and successful than ever, the Zero Trust strategy assumes breaches at all times and makes it easy to deliver automated enforcement in a very short amount of time, significantly decreasing the risk.
“Adopting Zero Trust strategies has never been more important for organizations across all industries, as the Biden Administration’s recent cybersecurity Executive Order demonstrates. This investment signals that now is the time to reimagine the cybersecurity model as we know it, with Zero Trust Segmentation playing a fundamental role in this strategic shift,” said Andrew Rubin, CEO, and co-founder of Illumio. “With this funding, we will accelerate our innovation in product and engineering, further invest in customer success, and build upon our global partner strategy.”
Providing quick and simple Zero Trust Segmentation, Illumio makes it easy to secure any scale of workloads.
Zero Trust Segmentation Cybersecurity: FBI Director Said Companies Should Stop Paying Ransoms To Hackers
On Wednesday, FBI Director Chis Wray urged public companies and other victims of hacks to avoid paying the ransom as it can only encourage cybercriminals to increase and strengthen future attacks.
“In general, we would discourage paying the ransom because it encourages more of these attacks, and frankly, there is no guarantee whatsoever that you are going to get your data back,” Wray testified before a U.S. Senate appropriations panel.
Wray revealed FBI sees more sophisticated ransomware than it ever did and that cybercriminals are demanding increasingly larger amounts of money.
“We’ve seen the total volume of the money paid I think triple over the last year or so,” Wray said.
He also said all companies that have been victims of ransomware attacks should go to the FBI as soon as possible.
“When they do, there are all kinds of things that we can do,” Wray said “Sometimes through other work we’ve done, we might have the decryption key and be able to help the company unlock their data without having to pay the ransom,” he added.
The antitrust watchdogs from the EU member states have argued for a bigger role in enforcing the new rules on the big tech. The antitrust agencies believe that being given a more significant rule could make the newly proposed Digital Markets Act (DMA) more effective.
“These authorities have accumulated the highest level of expertise within the digital economy with respect to the practices of digital platforms which affect fair and open competition in their respective ecosystems,” the watchdogs said.
“Enforcement powers could be shared, under the supervision of DG COMP, with national competition authorities, when appropriate,” they said, referring to the Commission’s competition unit.
The watchdogs have also asked to be granted the power to start investigations on the basis of the DMA. So far, for the DMA to even become a law, it needs input from EU lawmakers and EU member countries both.
The White House is currently working on a strategy that would boost organizations’ use of security systems. Cybersecurity and Infrastructure Security Agency (CISA) Deputy Executive Assistant Director Matt Hartman said, “we have partnered closely with [the National Institute of Standards and Technology], we have worked closely with [the National Security Agency] and others on this, closely with the White House as they’re going to be putting out a strategy.”
CISA has developed a draft model that is shared with the agencies, clarifying the main principles of zero trust and offering several options as to what steps can be taken in a process to boost cybersecurity. The model includes five pillars — identity, device, network, application workload, and data— toward reaching the milestone of mature zero-trust architecture.
“We’ve provided them with targets in each maturity stage,” he said, “so taking identity as an example since it is widely accepted that optimizing identity is a major component to achieving zero trusts, agencies will move from traditional, which includes the use of passwords or [multi factor authentication] and limited risk assessment, to advanced, which includes fully implemented MFA and some identity federation with cloud and on-premises systems, to optimized, which really includes continuous validation and real-time machine learning analytics.”
“We appreciate our partners and understand this pressure,” Hartman said, noting CISA’s guidance is designed to allow agencies with vastly varying budgets to move at their own pace. “This is the way it should work rather than just jumping straight into hundreds of millions of dollars of procurement actions. We want to be as transparent as we can and we want to move as quickly as we can in a measured fashion.”
However, the Former CISA Assistant Director for Cybersecurity Bryan Ware said that what will be the real challenge is choosing the best zero trust solutions as there is an ongoing hype for the solution, with thousands of entities starting to offer the zero trust architecture.
“I think what’s going to be really hard for departments and agencies, and for CISA, is trying to cut through the hype,” said Ware, who is now president of Next 5. “We don’t want to spend years in zero trust strategy before we get to zero trust implementation and execution but if we move too fast, you know, buying what’s on the back of the box, I think there’ll be a lot of misses and mis-deployments.”
Cornelis Networks, a leader in providing high-performance fabrics (HPC), High-Performance Data Analytics (HPDA), and Artificial Intelligence (AI), announced it would be launching a new fabric solution Cornelis™ Omni-Path Express™. The new solution will be available in Q4 of this year.
“The company’s solutions have long enabled end-users to efficiently address their most challenging application needs associated with modeling and simulation, data analytics, and deep learning, and the company’s new offering is no exception,” said Phil Murphy, CEO, Cornelis Networks. “Cornelis Omni-Path Express, available later this year, cost-effectively delivers industry-leading network performance at the lowest software footprint through the optimized partitioning of network functions. Enabled by a hardware infrastructure well-matched to the needs of OpenFabrics Interfaces (OFI), this new solution provides end-users a wide spectrum of optimized capabilities.”
“The fields of analytics and machine learning have continued to drive the need for high-performance systems. Our surveys reveal that over 80% of HPC users have already adopted AI into their HPC environments or are actively working towards it within the next year,” said Addison Snell, CEO, Intersect360 Research. “High-performance fabric interconnects are an essential element of the HPC ecosystem. A few years ago, InfiniBand was the de facto open standard for scalable, low-latency systems. Cornelis’ investment in Omni-Path, combined with the NVIDIA acquisition of Mellanox, suddenly flips the conversation. Now it is InfiniBand that can potentially be viewed as proprietary to a single processor vendor, whereas Omni-Path Express is an open, multi-vendor solution.”
Related to Cybersecurity, Bitcoin, Zero Trust Segmentation And Tech: