Tag Archive for: Sri

Sri Lanka’s controversial internet safety law comes into force


Image caption,

The controversial Online Safety Act has sparked protests among activists in Sri Lanka

Sri Lanka’s draconian law to regulate online content has come into force, in a move rights groups say is aimed at stifling freedom of speech.

The Online Safety Act gives a government commission broad powers to assess and remove “prohibited” content.

Authorities said it would help fight cybercrime, but critics say it suppresses dissent ahead of elections.

Social media had a key role in protests during an economic crisis in 2022, which ousted the then president.

The act was passed on 24 January by 108-62 votes – sparking protests outside parliament – and came into effect on Thursday after the Speaker endorsed it.

The wide-ranging law prohibit “false statements about incidents in Sri Lanka”, statements with “an express intention of hurting religious feelings” and the misuse of bots, among other things.

A five-member commission appointed by the president will be given powers to assess these statements, to direct their removal, and to impose penalties on the people who made those statements.

The legislation will also make social media platforms liable for messages on their platforms.

Publicity Security Minister Tiran Alles, who introduced the draft legislation in parliament, said it was necessary to tackle offences associated with online fraud and statements that threaten national stability.

More than 8,000 complaints related to cybercrimes were filed last year, he noted.

A Sri Lankan pro-democracy group said on Thursday that the government’s “adamant pursuit” of the legislation was a “clear indication of its intention to silent dissent and suppress civic activism” as the country was still reeling from the consequences of its worst economic crisis.

Food prices and inflation have reached record levels since the country declared bankruptcy in April 2022 with more than $83bn in debt. Then president Gotabaya Rajapaksa was forced to step down and leave the country after thousands of anti-government protesters stormed into his residence.

“While the citizens silently suffer amidst escalating cost of living and unmanageable hunger, it is crucial for the rulers to recognise that this…

Source…

Ransomware Attack Wipes Out Four Months of Sri Lankan Government Data


Investigations have begun into a massive ransomware attack that has affected Sri Lanka’s government cloud system, Lanka Government Cloud (LGC).

The investigation is being conducted by the Sri Lanka Computer Emergency Readiness Team and Coordination Center (CERT|CC). Sri Lanka’s Information and Communication Technology Agency (ICTA) confirmed the attack to several local news outlets on September 11, 2023.

The attack likely started on August 26, 2023, when a gov[dot]lk domain user said they had received suspicious links over the past few weeks and that someone may have clicked one.

LGC services and the backup systems were quickly encrypted. Mahesh Perera, CEO at ICTA, estimated all 5000 email addresses using the “gov[dot]lk” email domain, including those used by the Cabinet Office, were affected.

The system and the backup were restored within 12 hours of the attack.

However, since the system didn’t have any backup available for the data spanning May 17 to August 26, 2023, all affected accounts have permanently lost data covering this period.

Concerning Security Failings

Perera told the press that LGC was introduced in 2007 and first used Microsoft Exchange Version 2003, but was updated to Microsoft Exchange Version 2013 in 2014.

“This was in use till the attack. But that version is now obsolete, outdated and vulnerable to various types of attacks,” he said.

Although the Agency had planned to upgrade LGC to the latest version (currently Exchange Server 2019 CU11 Oct21SU) from 2021, the decisions had been delayed due to “fund limitations and certain previous board decisions.,” Perera added.

Following the attack, ICTA has started taking measures to enhance its security, including initiating daily offline backup routines and upgrading the relevant email application to the latest version.

The Sri Lanka CERT|CC is also helping ICTA to retrieve the lost data.

The Sri Lankan government had previously been criticized for failing to efficiently promote serious cybersecurity measures within its public administrations and its private sector.

The country ranks 83rd out of 175 countries in the Estonia-based e-Governance Academy Foundation’s National Cyber…

Source…

Sri Lanka – The need to bridge the digital divide and promot…


(MENAFN– Colombo Gazette)

By Kalavarshny Kanagaratnam and Sara Pathirana

It is imperative, especially in this digital age, that everyone makes an effort to understand what it means to be safe online. From the moment we click a button and publish content and other information on the internet, it has already made its way to the worldwide web where the entire world can witness it and consume it. With the ascent of the recent pandemic and the way it has eased us all into a new normal where an even larger number of people around the world heavily began to rely on the internet and using it as a tool to get their work done without needing to worry about the challenges that arrived with the covid-19 restrictions. Alongside this, the importance of digital security and our safety online too, has been heightened.

With more people embracing the internet as technology advances, individuals look towards online activities such as hacking into social media and email accounts and stealing sensitive data from its owners. Data, people’s identities and personal images tend to be stolen and used for committing other malicious activities. Many people around the world have already faced and suffered from such problems. Women in particular are increasingly vulnerable to online threats such as cyberbullying. Therefore, it is very important to be aware of the concept of digital security.

Digital Security in the Estate Sector

Digital Security is a collective term that describes the resources employed towards protecting ones’ online identity, data, and other assets. These tools include web services, antivirus software, smartphone SIM cards, biometrics, and secured personal devices. In other words, digital security is the process used to protect ones’ presence and identity online. Due to a lack of awareness about digital security, many cases of data theft and cyber violence are reported on a daily basis.

When considering Sri Lanka’s context, the Western province in particular and other nearby provinces would usually showcase a larger number of internet users who are tech-savvy and vigilant to a certain extent. Even then, issues continue to persist. But, can the…

Source…

Microsoft telemetry shows increase in malware, ransomware encounter rates in Sri Lanka


The cybersecurity landscape has fundamentally changed due to large-scale, complex attacks in recent times. Hackers launch an average of 50 million password attacks every day — 579 per second, and phishing attacks have increased. Firmware attacks are on the rise, and ransomware has become incredibly problematic. Microsoft had intercepted and thwarted a record-breaking 30 billion email threats last year and is actively tracking over 40 active nation-state actors and over 140 threat groups representing 20 countries.

According to Microsoft Defender Antivirus’ telemetry, malware encounter rates in Asia Pacific have increased – 12% in Sri Lanka; 23% in Australia; 80% in China; 15% in India; 16% in Japan; 19% in New Zealand; and 43% in Singapore over the past 18 months, spanning pre-pandemic to now. As a subset of malware, ransomware encounters have also increased 74% in Sri Lanka; 453% in Australia; 463% in China; 100% in India; 541% in Japan; 825% in New Zealand; and 296% in Singapore over the same period. 

Assistant General Counsel, Regional Lead, Microsoft Digital Crimes Unit Asia, Mary Jo Schrade said, “Most of our region has transitioned to remote working over the past year. As we continue the need to work from home either full time or part time, we need to adopt more tools and build our defenses against potential cyberattacks. In Asia, adopting multi-factor authentication together with a zero trust approach are the foundations to safer work from home or hybrid work scenarios.”

Small-and-medium businesses (SMBs) are particularly vulnerable to cybersecurity threats – in Asia Pacific, SMBs make up more than 98% of enterprise and employ 50% of the workforce, comprising an integral part of the region’s social and economic well-being. However, a large percentage of SMBs do not know how to protect their companies, lack dedicated IT staff and have inadequate computer and network security.

Advisor, Intelligent Business Research Services (IBRS), Joe Sweeney said, “Highly automated social attacks (phishing) are on the rise. They are coming through email, instant messaging, social media and texts. It is critical for organisations to take on a Zero Trust approach to address this, by…

Source…