Category: Australia Tech News

Quick Overview

• Microsoft cancels more than 200 certificates related to counterfeit Teams installers.
• The cybercrime collective, Vanilla Tempest, aimed at Teams users with ransomware.
• Certificates from Trusted Signing, SSL.co, DigiCert, and GlobalSign were utilized.
• Microsoft’s measures seek to diminish the efficacy of these ransomware operations.
• Microsoft made the revocations public on LinkedIn and other social media outlets.

Vanilla Tempest’s Ransomware Initiative

Microsoft has implemented crucial measures to counter a ransomware threat entity, referred to as Vanilla Tempest, by revoking over 200 certificates utilized in their attack framework. This group, also recognized by cybersecurity experts as Vice Spider and Vice Society, initiated a campaign using counterfeit Microsoft Teams installers hosted on deceptively authentic malicious websites.

Consequences of Certificate Cancellation

By canceling these digital certificates, Microsoft has complicated the efforts of Vanilla Tempest to spread ransomware disguised as legitimate files. The certificates that were revoked originated from Trusted Signing, SSL.co, DigiCert, and GlobalSign, which were used to authenticate the counterfeit installers and related tools.

Technical Aspects of the Attack

Upon executing the counterfeit .exe installers, a downloader would trigger the Oyster backdoor, eventually resulting in the deployment of the Rhysida ransomware. Apart from Rhysida, Vanilla Tempest has previously utilized several other ransomware variants, showcasing the group’s flexibility and level of threat.

Microsoft’s Preventive Actions

Microsoft’s prompt decision to cancel these certificates is vital in alleviating the threat posed by these cybercriminals. Announcements concerning these security actions were made publicly through LinkedIn and additional social media platforms, highlighting Microsoft’s pledge to cybersecurity.

Conclusion

In reaction to a notable ransomware threat targeting Microsoft Teams users, Microsoft has canceled over 200 certificates linked to counterfeit installers. This tactical move hampers the ability of Vanilla Tempest to conduct their malicious operations, thereby protecting users and organizations from potential data breaches and financial damages. The announcement signifies Microsoft’s continuous commitment to bolstering global cybersecurity initiatives.

Q: What was the principal tactic employed by Vanilla Tempest in their operations?

A: Vanilla Tempest employed counterfeit Microsoft Teams installers hosted on seemingly authentic malicious domains to deploy ransomware.

Q: How did Microsoft address the threat posed by these counterfeit installers?

A: Microsoft canceled over 200 certificates associated with the counterfeit installers, making it challenging for the malware to mimic legitimate files.

Q: What are the names of a few certificate authorities referenced in the article?

A: The certificates were from Trusted Signing, SSL.co, DigiCert, and GlobalSign.

Q: Which specific ransomware was highlighted as part of the attack?

A: The Rhysida ransomware was specifically highlighted, alongside other ransomware variants utilized by Vanilla Tempest.

Q: How did Microsoft publicize their security measures?

A: Microsoft publicized the cancellation of certificates through LinkedIn and various social media updates.

Brief Overview

• 92% of CIOs anticipate AI implementation by 2025, yet data preparedness is essential.
• AI preparedness encompasses strategic, cultural, and technical changes.
• Cloud infrastructure must adapt to effectively manage AI workloads.
• Organisational culture and AI education are crucial for successful AI integration.
• Data sovereignty and trust are vital in the AI arena.
• AI has the potential to enhance operations, acting as a collaborator in development activities.

Cloud Reflections: Bridging the Past with the Future

The path to AI preparedness mirrors historical cloud evolutions. Organisations need to update cloud infrastructure to proficiently handle AI workloads. The Azure Well-Architected Framework and Microsoft Cloud Adoption Framework provide strategies to integrate reliability, security, and performance into cloud designs.

Culture as a Driver for AI Integration

Organisational culture plays a crucial role in AI transformation. Currently, the availability of AI training is restricted, which may impede adoption. Equipping staff with AI tools and nurturing a climate of trust and shared narratives can facilitate effective AI integration.

Data Sovereignty and Trust

Data integrity and sovereignty are paramount in the AI environment. Organisations must guarantee that data is safeguarded and utilized responsibly. A hybrid strategy that balances sovereignty with global scalability can promote compliance and innovation.

Transforming Organisations with AI

AI is transitioning from a mere tool to a partner in operations. Organisations ought to view AI agents as collaborators, incorporating them into development processes. This necessitates new operational frameworks and governance models.

From Preparedness to Implementation

Being AI prepared entails more than just acquiring new tools. It requires deliberate modernisation, cultural involvement, and scalable architectures. Success is found in leveraging AI in practical, accountable manners.

Conclusion

AI preparedness is a strategic necessity for contemporary organisations. It includes cloud optimization, cultural transformations, data governance, and operational changes. By integrating AI into every aspect of business, organisations can realize its full potential.

Q: What does it mean to be AI prepared?

A:

AI preparedness consists of strategic, cultural, and technical modifications to effectively assimilate AI into an organisation, ensuring that tools and data align with business objectives.

Q: Why is the cloud architecture significant for AI?

A:

Cloud architecture needs to accommodate intensive AI workloads, necessitating updates and frameworks like Azure Well-Architected Framework to guarantee reliability and productivity.

Q: How can organisations cultivate a culture conducive to AI adoption?

A:

By offering AI training, empowering staff, and fostering trust through storytelling and effective communication, organisations can promote AI assimilation.

Q: What is the significance of data sovereignty in AI?

A:

Data sovereignty guarantees that data is handled responsibly, adhering to regulations, and establishing trust with users. It reconciles local control with global cloud capabilities.

Q: How does AI reshape organisational operations?

A:

AI can function as a co-equal in development, creating code and evaluating architectures. This evolution necessitates new governance models that treat AI as a collaborative ally.

Q: What are the risks of not being AI prepared?

A:

Organisations unprepared for AI risk operational inefficiencies and escalating costs, failing to leverage AI’s potential advantages, which could lead to competitive disadvantages.

Quick Overview

• Austrade intends to replace its Cisco-centric core network infrastructure at two data centres starting late 2026.
• Nexus 7000-series switches and Cisco ASA 5525 firewalls will be exchanged for Fortinet’s FortiGate firewalls.
• The initiative involves upgrading Smartoptics DWDM passive multiplexers and utilizing ICON dark fibre.
• Austrade plans to acquire new equipment by March 2026 and implement it in the latter part of the year.

Austrade’s Strategy for Network Infrastructure Revamp

Austrade, Australia’s leading trade and investment development agency, is set to launch a substantial upgrade of its network infrastructure. This project, scheduled for late 2026, will involve the replacement of the current Cisco-based systems in two physical data centres.

Existing Infrastructure and the Need for Transformation

The present configuration features Nexus 7000-series switches and Cisco ASA 5525 firewalls within the internal data centre. These will be replaced with FortiGate firewalls from Fortinet. This upgrade is part of Austrade’s plan to boost connectivity and security, capitalizing on FortiGate’s advanced functionalities.

Integration with Current Systems

Austrade currently utilizes FortiGate firewalls within its software-defined wide area network (SD-WAN) to ensure stable connections to Azure environments and branch locations. This experience with Fortinet products is anticipated to facilitate a smoother transition.

Enhancing DWDM Systems

Besides the firewall replacements, Austrade is assessing potential enhancements to its Smartoptics Dense Wavelength Division Multiplexing (DWDM) systems. These multiplexers, together with dark fibre from the Intra-government Communications Network (ICON), are vital for site-to-site connectivity.

Project Schedule and Vendor Selection

The project is in its initial phases, concentrating on evaluating available infrastructure solutions for informed resource planning. At this stage, no vendor has been chosen for the core network switches, but Austrade intends to obtain equipment by March 2026, with implementation aimed for the second half of the year.

Conclusion

Austrade is initiating a thorough revamp of its network infrastructure, replacing long-standing Cisco components with Fortinet solutions and upgrading connectivity systems. This transition is designed to improve efficiency and security in alignment with Austrade’s strategic goals.

Q: Why is Austrade changing its current network infrastructure?

A: Austrade seeks to modernize its infrastructure to enhance connectivity, security, and efficiency by moving away from outdated Cisco components.

Q: What components are being updated?

A: Nexus 7000-series switches and Cisco ASA 5525 firewalls are being replaced with Fortinet’s FortiGate firewalls, along with upgrades to Smartoptics DWDM systems.

Q: What is the projected timeline for the infrastructure upgrade?

A: Austrade aims to purchase new equipment by March 2026 and implement it during the third or fourth quarter of the year.

Q: How will this upgrade benefit Austrade?

A: The upgrade is expected to improve data centre connectivity and security, streamline operations, and support Austrade’s wider strategic objectives.

Brief Overview

• State-affiliated espionage organization Flax Typhoon discreetly altered an ArcGIS plugin into a remote shell.
• The breach sustained access for more than a year, even affecting system backups.
• Flax Typhoon mainly targets government entities and vital infrastructure.
• The organization employs legitimate system utilities to avoid being detected.
• Esri acknowledged the first recorded instance of a harmful SOE being weaponized.
• Behavioral monitoring and cryptographic integrity validations are crucial for detection.

Overview of Flax Typhoon’s Espionage

Security analysts have revealed how the state-affiliated espionage organization Flax Typhoon has cleverly transformed a reliable ArcGIS plugin into a remote shell. This surreptitious initiative enabled them to retain access to targeted systems for over a year, even affecting system backups.

Altering ArcGIS for Espionage

Flax Typhoon initially compromised an ArcGIS portal administrator account, executing harmful code on an internal server. They altered a legitimate ArcGIS server object extension (SOE), modifying the Java code to create a concealed command interface. This interface accepted base64-encoded commands and executed them on the host machine, facilitating undetected activities.

Enduring Persistence and Network Exploration

Once the compromised SOE became active, Flax Typhoon mapped the network and set up long-term persistence. They barred competing intruders with a hard-coded access key and deployed a renamed SoftEther VPN binary into the Windows System32 directory. This configuration maintained control via an encrypted channel, blending seamlessly with regular traffic.

Consequences for Critical Infrastructure

ArcGIS, developed by Environmental Systems Research Institute (Esri), is instrumental in managing spatial data vital for disaster recovery and urban planning. A single compromise can unveil sensitive infrastructure information, rendering the platform advantageous for espionage initiatives aimed at infrastructure weaknesses. Esri confirmed this innovative method as the first documented case of a malicious SOE being weaponized in such a fashion.

Identifying and Preventing Future Breaches

ReliaQuest recommends that behavioral monitoring could have potentially identified the attack earlier. Monitoring unusual network activity from server components and confirming the cryptographic integrity of trusted components is essential for protection. Solely depending on file names or digital signatures is inadequate.

A Quiet, Patient Threat Actor

Active since at least mid-2021, Flax Typhoon predominantly targets government offices, educational institutions, and essential manufacturing companies. The group also focuses on organizations in Southeast Asia, North America, and Africa. They utilize living-off-the-land strategies, applying legitimate system utilities to maintain a low profile and taking advantage of known vulnerabilities in public-facing servers.

Conclusion

The discovery of Flax Typhoon’s covert backdoor within an ArcGIS plugin underscores the advanced tactics of state-affiliated espionage operations. By modifying authentic software, the group successfully evaded detection while undermining critical infrastructure. Enhanced behavioral monitoring and cryptographic integrity checks are vital in safeguarding against such threats.

Q: What is Flax Typhoon?

A: Flax Typhoon is a state-affiliated espionage organization recognized for altering legitimate software to carry out covert activities and escape detection.

Q: How did Flax Typhoon compromise ArcGIS?

A: They modified a legitimate ArcGIS server object extension, creating a hidden command interface to run instructions on the host machine.

Q: Why is ArcGIS a target for espionage?

A: ArcGIS is utilized for managing spatial data essential for infrastructure, making it significant for state-sponsored espionage aimed at vulnerabilities.

Q: What measures can detect similar attacks?

A: Behavioral monitoring, observing unusual network activity, and confirming the cryptographic integrity of trusted components can assist in identifying such breaches.

Q: What are living-off-the-land techniques?

A: These strategies involve utilizing legitimate system utilities to execute malicious actions, complicating detection efforts.

Q: How does Flax Typhoon maintain access?

A: They employ long-term persistence strategies like installing VPN binaries and modifying Windows Registry entries to retain control over compromised systems.

• McPherson’s creates an AI agent in collaboration with Salesforce to improve trade promotions.
• This AI instrument simplifies mundane tasks, enabling strategic retail dialogues.
• McPherson’s offerings are accessible in more than 15,000 retail locations across Australia.
• The initiative is part of a long-term project aimed at enhancing retail execution.

McPherson’s AI Breakthrough in Trade Promotions

McPherson’s CIO Nathan Alexander presents at Dreamforce.

AI Agent as a Catalyst for Productivity

McPherson’s Consumer Products has collaborated with Salesforce to introduce an AI agent aimed at boosting the productivity of its key account teams. This groundbreaking tool, characterized by CIO Nathan Alexander as similar to an autopilot, aids in the development of trade promotions and promotes improved dialogue with retailers. By handling repetitive chores, the AI agent frees team members to concentrate on more strategic goals.

Boosting Trade Promotions

Trade promotions play a crucial role in enhancing brand visibility in retail outlets, providing retailers with discounts and special displays. McPherson’s AI agent enhances these promotions by delivering insights into optimal tactics, facilitating superior planning and execution. This results in better shelf-space management and heightened sales.

Fostering Strategic Retail Dialogues

By utilizing data-driven insights, McPherson’s seeks to encourage more strategic conversations with retail partners. The objective goes beyond merely reducing promotional spending; it aims to ensure mutual advantages through informed trade spending decisions.

Broadening McPherson’s Presence

With its products available in over 15,000 pharmacies and grocery stores throughout Australia, McPherson’s is dedicated to refining its retail execution. The AI agent forms part of a larger framework focused on enhancing these operations through Salesforce’s consumer goods cloud.

Optimizing Operations with Salesforce

Prior to the deployment of the AI agent, McPherson’s field teams dedicated considerable time to administrative duties. The integration of Salesforce’s consumer goods cloud has allowed for a more cohesive understanding of customers and improved management of trade promotions, ensuring that teams concentrate on the right products at the appropriate times.

Deployment and Achievement

The installation of the AI agent was a seamless process, finalized in a single day. This swift implementation highlights the tool’s user-friendly nature and the effective synergy between McPherson’s and Salesforce.

Recap

McPherson’s Consumer Products has effectively incorporated an AI agent with Salesforce to revolutionize its trade promotion tactics. By automating routine activities and delivering critical insights, the AI tool empowers key account teams to participate in more strategic retail discussions, ultimately enhancing product demand across Australia.

Q&A Section

Q: What is the main goal of McPherson’s AI agent?

A: The AI agent is designed to enhance trade promotions and improve dialogue with retailers by automating repetitive tasks and offering valuable insights.

Q: In what way does the AI agent enhance trade promotions?

A: It provides insights into effective promotion strategies, enabling teams to plan and execute more impactful promotions, thereby boosting product demand and sales.

Q: How prevalent is McPherson’s product distribution in Australia?

A: McPherson’s products are distributed in more than 15,000 pharmacies and grocery stores throughout Australia.

Q: What is the role of Salesforce in McPherson’s approach?

A: Salesforce’s consumer goods cloud aids McPherson’s efforts to enhance retail execution and manage trade promotions by offering a cohesive view of customers and improving operational efficiency.

Q: How quickly was the AI agent implemented?

A: The AI agent was set up and launched in just one day, demonstrating its simplicity of implementation and efficiency.

Quick Overview

• Exciting community-driven event in The Elder Scrolls Online: The Writhing Wall Showdown.
• Unlock the Eastern Solstice area by joining forces with your server.
• Event consists of three stages: Supply and Defense, The Assault Begins, and Fall of the Writhing Wall.
• Earn exclusive rewards such as the Wormwrithe outfit and Wall Breaker title.
• Progress is unique to each server, encouraging rivalry between NA and EU servers.

The Fight for the Writhing Wall

There’s something significant happening throughout Tamriel, and this time it’s not merely another world event. The Fight for the Writhing Wall signals a new chapter for The Elder Scrolls Online (ESO), where complete server communities come together to unlock the next part of the narrative.

An Inclusive Battle

Launched this week and now active, this lengthy event directly relates to Update 48 and the Seasons of the Worm Cult storyline. These events culminate in opening the Eastern Solstice: a fresh area accessible only after your server engages, crafts, and collaborates to overcome the challenge.

In contrast to conventional ESO updates that simply show up after patch day, the Writhing Wall necessitates teamwork. Each server’s community must accomplish quests, gather materials, and repel Daedric invasions to progress through three specific phases:

• Phase 1: Supply and Defense. Collect resources, protect siege camps, and thwart Coldharbour Daedra invading delves and public dungeons throughout Tamriel.
• Phase 2: The Assault Begins. Take the battle to the Worm Cult. Anticipate stronger sieges, more frequent incursions, and the emergence of Ghishzor, a new Maldrith world boss.
• Phase 3: Fall of the Writhing Wall. Collaborate to breach the Writhing Fortress public instance. Once any group achieves this, the Eastern Solstice is unlocked for the whole server.

Cultivating a Genuine Community Effort

When talking about this innovative approach, Mike Finnigan, Associate Design Director at ZeniMax, stressed the importance of encouraging server community collaboration. This event allows players to engage in their preferred playstyle, whether it’s crafting, PvE, or PvP, all contributing to the overall goal of the server. Each server’s progress is monitored independently, igniting friendly competition between NA and EU servers.

Incentives to Fight For

ESO players can acquire exclusive items like Wormwrithe outfit styles, the Fellowship of Stirk motif, and the Bone Caltrops skill style. Completing the final Writhing Fortress grants the sought-after ‘Wall Breaker’ title. Additional collectibles include the Wormwrithe Bear-Lizard mount and Haj-Mota pet fragments. Engaging in quests and daily rewards can further enhance players’ collections.

How Writhing Wall is Transforming ESO’s Future

Aside from the loot and battles, the Writhing Wall event signifies a change in ESO’s update rollout, granting players greater control over the introduction of new content. This aligns with the developers’ goal of integrating player feedback and presenting more dynamic, community-focused events in the future.

Will You Conquer the Wall?

The struggle for Solstice is more than just another in-game occurrence. It serves as a rallying point for players to unite, engage in their preferred styles of play, and drive their server towards triumph. Whether you’re vanquishing Daedra, crafting supplies, or defending siege camps, every action matters. Learn more about Battle for the Writhing Wall on the ESO blog.

Synopsis

The Writhing Wall Showdown in ESO represents a revolutionary community-driven event that invites players to join forces and unlock new content. With exclusive rewards and a new region at stake, server communities must work together to navigate several stages, marking a fresh chapter for the game.

Q: What is the Writhing Wall Showdown in ESO?

A: It is a multi-week, community-oriented event in The Elder Scrolls Online that challenges players to collaborate and unlock a new area, Eastern Solstice.

Q: How does the event develop?

A: Players are required to complete quests, gather materials, and fend off invasions across three distinct phases: Supply and Defense, The Assault Begins, and Fall of the Writhing Wall.

Q: What rewards are available for participants?

A: Rewards feature Wormwrithe outfit styles, the Fellowship of Stirk motif, Bone Caltrops skill style, and the exclusive ‘Wall Breaker’ title, among other prizes.

Q: Are players able to participate solo?

A: Yes, individual players can join in crafting, gathering, and hunting quests to contribute to the event.

Q: How is progress monitored?

A: Progress for each server is tracked independently, fostering competition between NA and EU servers to unlock the update first.

Q: What does this event mean for the future of ESO?

A: The event represents a shift towards more engaging, player-led content updates, allowing the community to influence the speed of new material.

Quick Overview

• The National Archives of Australia is prepared to implement AI across its operations.
• AI testing is anticipated to wrap up by late 2026.
• Primary AI focus areas: transcription, data description, access assessment, and search and discovery.
• AI aligns with Strategy 2025-2030 for enhanced collection management.
• $67 million funding received in 2021 for cyber security and record digitalization.

AI in Transcription

The initial area of focus for the National Archives is transcription. By converting digital records into text files, AI could greatly improve searchability, translation, and overall accessibility. This initiative aims to make Australia’s historical documents more available to the general public and researchers.

Improving Data Description

Enhancing metadata for records is another key focus. AI could assist in generating summaries, tagging, biometric identification, and image recognition. These developments are set to streamline data management and ensure records are reliably categorized and easily accessible.

Access Assessment

AI will also be employed for “access assessment” to evaluate data against exemption criteria specified in the Archives Act 1983 (Cth). This involves tools for peer evaluation, guardrail support, and keyword identification, ensuring sensitive data is managed appropriately.

Search and Discovery Enhancements

The potential influence of AI on the ‘search and discovery’ of digital media is profound. By evaluating AI models with publicly available records, the Archives intends to improve user engagement with their extensive collection, simplifying the process of finding relevant documents.

Conclusion

The National Archives of Australia is adopting AI technology to better manage its continuously expanding collection of digital records. By concentrating on transcription, data description, access assessment, and search enhancements, the Archives aims to boost accessibility and efficiently maintain its historical documents. Supported by significant government funding, these projects align with their Strategy 2025-2030 plan, intending to provide enriched access to Australia’s rich historical heritage.

Q&A Session

Q: When is the expected completion year for AI trials?

A: The AI trials are projected to conclude by the end of 2026.

Q: In what way will AI enhance transcription processes?

A: AI will transform digital records into text files, improving searchability, translation, and accessibility.

Q: What does data description entail in this context?

A: It encompasses creating and updating metadata for records, with AI aiding in summaries, tagging, and image recognition.

Q: How is AI utilized in access assessment?

A: AI tools will assess data against exemption criteria, facilitating peer review and keyword identification.

Q: What funding has the National Archives secured for these efforts?

A: In 2021, the Archives received $67 million from the federal government to improve cybersecurity and digitize records.

Q: How does AI support the Strategy 2025-2030 plan?

A: AI initiatives are in alignment with the plan’s objectives to enhance collection management and public access to records.