Tag Archives: Cybersecurity

Contributed, Editorial

2022 and Beyond – Technologies that will Change the Dialogue

Leave a comment

We are living in a do-anything-from-anywhere economy enabled by an exponentially expanding data ecosystem. It’s estimated 65% of Global GDP will be digital next year (2022). This influx of data presents both opportunities and challenges. After all, success in our digital present and future relies on our ability to secure and maintain increasingly complex IT systems. Here I’ll examine both near-term and long-term predictions that address the way the IT industry will deliver the platforms and capabilities to harness this data to transform our experiences at work, home and in the classroom.  

What to look for in 2022:  

The Edge discussion will separate into two focus areas – edge platforms that provide a stable pool of secure capacity for the diverse edge ecosystems and software defined edge workloads/software stacks that extend application and data systems into real world environments. This approach to Edge, where we separate the edge platforms from the edge workloads, is critical since, if each edge workload creates its own dedicated platform, we will have proliferation of edge infrastructure and unmanageable infrastructure sprawl.

woman using a computer
Photo by cottonbro on Pexels.com

Imagine an edge environment where you deploy an edge platform that presents compute, storage, I/O and other foundational IT capacities in a stable, secure, and operationally simple way. As you extend various public and private cloud data and applications pipelines to the edge along with local IoT and data management edges, they can be delivered as software-defined packages leveraging that common edge platform of IT capacity. This means that your edge workloads can evolve and change at software speed because the underlying platform is a common pool of stable capacity.

We are already seeing this shift today. Dell Technologies currently offers edge platforms for all the major cloud stacks, using common hardware and delivery mechanisms. As we move into 2022, we expect these platforms to become more capable and pervasive. We are already seeing most edge workloads – and even most public cloud edge architectures – shift to software-defined architectures using containerisation and assuming standard availably of capacities such as Kubernetes as the dial tone. This combination of modern edge platforms and software-defined edge systems will become the dominant way to build and deploy edge systems in the multi-cloud world.

The opening of the private mobility ecosystem will accelerate with more cloud and IT industries involved on the path to 5G. Enterprise use of 5G is still early. In fact, today 5G is not significantly different or better than WiFi in most enterprise use cases. This will change in 2022 as more modern, capable versions of 5G become available to enterprises. We will see higher performance and more scalable 5G along with new 5G features such as Ultra Reliability Low Latency Communications (UR-LLC) and Massive Machine Type Communicators (mMTC), with dialogue becoming much more dominant than traditional telecoms (think: open-source ecosystem, infrastructure companies, non-traditional telecom).

signal tower
Photo by Miguel Á. Padriñán on Pexels.com

More importantly we expect the ecosystem, delivering new and more capable private mobility, will expand to include IT providers such as Dell Technologies but also public cloud providers and even new Open-Source ecosystems focused on acceleration of the Open 5G ecosystem.

Edge will become the new battleground for data management as data management becomes a new class of workload. The data management ecosystem needs an edge. The modern data management industry began its journey on public clouds processing and analysing non-real-time centralised data. As the digital transformation of the world accelerates, it has become clear that most of the data in the world will be created and acted on outside of centralised data centers. We expect that the entire data management ecosystem will become very active in developing and utilising edge IT capacity as the ingress and egress of their data pipelines but will also utilise edges to remotely process and digest data.

As the data management ecosystem extends to the edge this will dramatically increase the number of edge workloads and overall edge demand. This correlates to our first prediction on edge platforms as we expect these data management edges to be modern software-defined offerings. Data management and the edge will increasingly converge and reinforce each other. IT infrastructure companies, like Dell Technologies, have the unique opportunity to provide the orchestration layer for edge and multi-cloud by delivering an edge data management strategy.

The security industry is now moving from discussion of emerging security concerns to a bias toward action. Enterprises and governments are facing threats of greater sophistication and impact on revenue and services. At the same time, the attack surface that hackers can exploit is growing based on the accelerated trend in remote work and digital transformation. As a result, the security industry is responding with greater automation and integration. The industry is also pivoting from automated detection to prevention and response with a focus on applying AI and machine learning to speed remediation. This is evidenced by industry initiatives like SOAR (Security Orchestration Automation & Response), CSPM (Cloud Security Posture Management) and XDR (Extended, Detection and Response). Most importantly we are seeing new efforts such as the Open Secure Software Foundation in the Linux Foundation ramp up the coordination and active involvement of the IT, telecom and semiconductor industries.

close up view of system hacking
Photo by Tima Miroshnichenko on Pexels.com

Across all four of these areas – edge, private mobility, data management and security – there is a clear need for a broad ecosystem where both public cloud and traditional infrastructure are integrated. We are now clearly in a multi-cloud, distributed world where the big challenges can no longer be solved by a single data center, cloud, system or technology.

What to look for beyond 2022:

Quantum Computing – Hybrid quantum/classical compute will take center stage providing greater access to quantum.  In 2022 we expect two major industry consensuses to emerge. First, we expect the industry will see the inevitable topology of a quantum system will be a hybrid quantum computer where the quantum hardware or quantum processing units (QPU) are specialised compute systems that look like accelerators and focus on specific quantum focused mathematics and functions. The QPUs will be surrounded by conventional compute systems to pre-process the data, run the overall process and even interpret the output of the QPUs.

Early real-world quantum systems are all following this hybrid quantum model and we see a clear path where the collaboration of classical and quantum compute is inevitable. The second major consensus is that quantum simulation using conventional computing will be the most cost effective and accessible way to get quantum systems into the hands of our universities, data science teams and researchers. In fact, Dell and IBM already announced significant work in making quantum simulation available to the world.

Automotive The automotive ecosystem will rapidly shift focus from a mechanical ecosystem to a data and compute industry.  The automotive industry is transforming at several levels. We are seeing a shift from Internal Combustion Engines to Electrified Vehicles resulting in radical simplification of the physical supply chain. We are also seeing a significant expansion of software and compute content within our automobiles via ADAS and autonomous vehicle efforts. Finally, we are seeing the automotive industry becoming data driven industries for everything from entertainment, to safety to major disruptions such as Car-as-a-Service and automated delivery.

All of this says that the automotive and transportation industries are beginning a rapid transition to be driven by software, compute and data. We have seen this in other industries such as telecom and retail and in every case the result is increased consumption of IT technology. Dell is actively engaged with most of the world’s major automotive companies in their early efforts, and we expect 2022 to continue their evolution towards digital transformation and deep interaction with IT ecosystems. 

jonas leupe 81DQcYCS8sQ unsplash
Photo by Jonas Leupe on Unsplash

Digital Twins – Digital Twins will become easier to create and consume as the technology is more clearly defined with dedicated tools. While gaining in awareness, digital twins is still a nascent technology with few real examples in production. Over the next several years, we’ll see digital twins become easier to create and consume as we define standardised frameworks, solutions and platforms. Making digital twin ideas more accessible will enable enterprises to provide enhanced analytics and predictive models to accelerate digital transformation efforts. Digital twin adoption will become more mainstream with accelerated standardisation and availability of solutions and framework, bringing deployment and investment costs down. Digital twins will be the core driver of Digital transformation 3.0 combining measured and modeled/simulated worlds for direct business value across industry verticals.

As a technology optimist, I increasingly see a world where humans and technology work together to deliver impactful outcomes at an unprecedented speed. These near-term and long-term perspectives are based on the strides we’re making today. If we see even incremental improvement, there is enormous opportunity to positively transform the way we work, live and learn and 2022 will be another year of accelerated technology innovation and adoption.

Business, Editorial, Social Media

Lessons in the Wake of the Twitch Data Breach

1 Comment

Unprecedented – that seems to be the word of the decade. In the past five years alone, we’ve seen so many things change; big tech players have faded into the ether, the world has gone through a global pandemic and now, we’re dealing with an increase in data breaches and leaks that could affect all of us. Most recently the world saw Facebook and its services go offline and the massive Twitch.tv breach. While Facebook has said that the issue is simply an error in their network settings, we cannot deny that their credibility has been called into question in recent weeks.

One thing that worries us is the scale and the size of the companies being targeted by attackers now. We can’t deny the size of Facebook; in fact, we interact with one or more of its platforms or products on daily basis. However, when it comes to Twitch.tv, not many are aware that the platform is actually an Amazon property. Yep – you read that right – Amazon.

These companies are large players that we depend on for everything from shopping to keeping in contact with loved ones. As a matter of fact, Amazon powers a significant portion of the internet with its web services AWS.

Noticing this, we were wondering – How can we, as consumers and regular Janes and Joes, prepare and protect ourselves from data breaches?

Attackers & Malicious Actors Are Becoming More Brazen

It comes as no surprise that attackers and malicious actors are becoming more brazen with their attacks and demands. In the case of Twitch’s breach, a slew of hate-related events plaguing the platform spurred it. It was a retaliation against what the individual(s) saw as a lack of action on the platform’s part.

Managing Director at Trend Micro Malaysia, Goh Chee Hoh, notes that “The primary motive for the hacker is not to reveal user information or monetary, but to disrupt and encourage competition in the online video streaming space, where the earnings exposure of the top streamers on the platform becomes part of the collateral damage.”

numbers projected on face
Photo by Mati Mango on Pexels.com

It would seem like we are more at risk of becoming collateral damage as malicious actors continue to target larger corporations. In Twitch’s breach, vigilante justice saw the earnings of the platform’s top streamers became collateral damage. Mr Goh also highlights this in his statement, “It sounds like the perpetrator carried out the attack as a form of vigilantism, in their own perspective.”

So, how does this affect us? For one thing, we can expect even more daring attacks. Large companies like Google, Facebook and even Microsoft won’t be spared. There’s no denying that we interact with one, if not more, of these companies or their services on a daily basis. Some have more of our data than others. That’s where we’re at the most risk.

Companies Need to Learn from Twitch’s Breach

Before we can talk about how we can protect ourselves from breaches, we have to talk about how companies can better protect us, as their users. We already know that many of them have processes, protocols and software in place for protection but there’s always a chance that these measures aren’t enough. I mean, human error is something we can never plan for completely.

Checks and Balances are Key to Maintaining Cyber security

Candid Wuest, Vice President of Cyber Protection Research at Acronis, highlights this in his comment on the Twitch breach, Companies should learn that they need to verify and monitor configuration changes. With IT infrastructure becoming more and more complex the risk of errors raises as well.” Mr Wuest’s statement does seem to apply to the recent Facebook outage as well.

pexels soumil kumar 735911
Photo by Soumil Kumar from Pexels

However, his colleague, Topher Tebow, an analyst at Acronis, goes a step further and highlights the need for zero-trust environments in today’s climate. He advises that companies should have “proper monitoring in place to detect malicious activity on the network, including data being moved out of the network. Many companies assume that if an authorized user is moving data, that the behaviour is most likely acceptable, but if a user’s credentials were compromised or the account was hijacked in some other way, data flowing to an unusual source could allow a security team to detect and block an attack early on if proper monitoring is in place.”

Complement with Proper Cyber security Solutions

Of course, even with these measures, companies need to have a proper defence firewall. Mr Goh does advise that companies should “adopt a multi-layered defence approach, by having security controls at various entry points of the system, from emails, laptops, to servers and networks.” In the case of the Twitch breach, an added layer that integrates with their native cloud services would have provided an extra layer for malicious actors to deal with which could have prevented the breach.

security logo
Photo by Pixabay on Pexels.com

There really isn’t an excuse in this day and age for companies not to have these measures in place. Cyber security firms like Trend Micro and Acronis have been talking about a multilayered approach for years. It is even more crucial that companies take these measures as they embrace the cloud and work from anywhere. What’s more, digital-native companies should be the front line when it comes to the adoption of these measures.

What Can We do if Our Data is Compromised in a Breach?

The biggest pain point for us as consumers comes after the fact – when data breaches have already occurred. To be honest, we don’t really have control of what happens in the aftermath of a data breach. But, we can ensure that we minimise the potential damage that can occur in the wake of a breach.

Our First line of Defense: Change Them Passwords

In any data breach, the first thing we should do as users is to update our passwords. There are multiple ways to ensure you have a strong enough password to protect yourself. The first is to make sure you have a mix of characters, symbols and numbers. Doing this will make it harder for your password to be cracked.

On top of that, it goes without saying that longer passwords will take longer to crack. However, keep in mind that passwords that are too long have diminishing returns when it comes to remembering them. Another thing to remember is that dictionary words even with symbols replacing alphabets are less secure. While it is easy to remember, we’re in a world where AI has made it possible to understand and decode these even faster than ever.

registration g46ae744d9 1280
Image by Gerd Altmann from Pixabay

In addition, keep in mind that the more you use the same password, the less secure it is. In fact, you become more at risk in a data breach. Therefore, use multiple different passwords; preferably a unique one for each service you use. It goes without saying, don’t use your banking passwords for anything else.

Two-Factor Authentication is Your Friend

As we’re moving on in a digital world, more and more of our services are using two-factor authentication. These measures, while cumbersome, will ensure that access to your accounts is more secure. This is implemented in multiple ways across different platforms using email, SMS or an app.

Using two-factor authentication adds an additional layer to access your account. In most cases, it will notify you when your account is being accessed. This will allow you to react immediately. Many of these two-factor authentication steps allow you to immediately lock down your account and change your password.

Be Vigilant

We will need to be vigilant in the wake of a data breach even if we are not directly affected by it. Acronis’ Candid Wuest reminds us that “data stolen in data breaches is often reused in personalized phishing emails”. With this in mind, keep an eye out for fishy emails or even Nigerian princes. Sometimes information from breaches can allow malicious actors to socially engineer phishing attacks that can mimic emails that you will find urgent or pertinent.

eye g1c38e22bc 1280
Image by Msporch from Pixabay

If you had banking or payment information linked to a breached account, you may have to monitor your bills more closely. Your other option is to cancel or change the card in question to make sure that you are able to minimise damage.

It’s a Question of When Not If

The biggest lesson all of us, consumers and companies alike, can take away from the recent breach of Twitch is this; it’s no longer a question of if we will be breached but when we will. It’s an inevitable fact as we progress into a more digital world. As more of our information is placed in the cloud and with corporations, they are increasingly made available to malicious actors if not protected effectively.

The fallout from a data breach is not pretty. More so now when countries have legislation that protects the general public from their data being abused. For companies, the fallout can affect their bottom line as customers look for more secure options. In addition, with GDPR and similar legislation, they could be facing fines for not effectively protecting the collected data.

For regular users like you and me, we have the added headache of trying to make sure we minimise our exposure. Everything from changing our passwords to activating two-factor authentication to even calling the bank to cancel cards; are added inconveniences that could affect our choice in services moving forwards.

Gaming, Lifestyle, News

Twitch Has Been Breached – Here’s What You Need to Know

1 Comment

Big tech and data breaches are becoming inseparable. We’ve been getting news of breach after breach since early this year. Nearly every tech space from Facebook to Neopets has been breached in the recent past. The latest platform added to that list is the popular streaming platform – Twitch.

Twitch’s data breach could be one of the largest to date. A whopping 125GB of data was uploaded to a (now removed) thread on 4Chan by an anonymous user. The data contained within the files date back to the early beginnings of Twitch. Everything from the platforms source code to their most recent Git commits has been uploaded. Together with this, payout information to the platform’s largest creators since 2019 have also been uploaded.

caspar camille rubin DrL cwqD6tM unsplash 1
Photo by Caspar Camille Rubin on Unsplash

In addition to this data, the leak also contains data on Twitch’s network backbone which runs on AWS. It apparently contains some proprietary SDKs (Software Development Kits) and also information on “Every other property that Twitch owns” including IGDB and CurseForge. It seems like an unannounced competitor to Steam called Vapor for Amazon Game Studios is also contained within the files. Basically, it seems like everything and anything related to Twitch is within the 125GB.

Some users who have been looking through the data have also found that encrypted passwords and user information. So, it goes without saying that you should change your Twitch password if you have an account and activate two-factor authentication. You can do this in the privacy settings on Twitch itself.

Screenshot 2021 10 06 at 17.43.13
Source: Ars Technica

The leaker made their motives crystal clear in their post. Noting, “Their community is also a disgusting toxic cesspool, so to foster more disruption and competition in the online video streaming space, we have completely pwned them.” The hackers also ended the post with #DoBetterTwitch. More worryingly, the 125GB of data was labelled as “part one” which indicates there could be more incoming.

It’s probably apt to mention that the leak comes in the wake of the #ADayOffTwitch protest by creators who are trying to get the platform to take hate raids more seriously. The platform has been plagued by users who have used the Raid and tags features to actively harass others. While Twitch has been trying to be proactive, the most it has done is provide streamers with tools to try to control raids and even sue perpetrators.

The breach has since been confirmed by Twitch itself on Twitter.

A cybersecurity firm, Acronis, has chimed in calling the breach “one of the most severe data breaches of late”. In fact, they say that there is, “a lot more damage now in store for Twitch”. Candid Wuest, Vice President of Cybersecurity Research at Acronis, also noted that “While [it is] yet unclear how the breach happened, it’s already harming Twitch on all the fronts that count – revenue, operations, users, influencers, market positioning.” He also noted that Twitch could be at greater risk as the availability of the source code will make it easier for malicious actors to attack the site. More importantly, the company is advising that users be wary and change their passwords as well as activate two-factor authentication on their accounts.

Candid Wuest Acronis
Candid Wuest, Vice President of Cybersecurity Research, Acronis

“Leaked data could contain nearly the full digital footprint of Twitch, making it one of the most severe data breaches of late. The 125 GB of data leaked so far might just be the start, according to the comments of the attacker. Internal network plans and marketing plans for future products could now be misused by attackers or sold to competitors. If the source code is exposed, we will see a spike in vulnerabilities discovered in related software. Having access to the source code makes it easy to find weak spots.

Candid Wuest, Vice President of Cybersecurity Research, Acronis

News

Facebook, WhatsApp, Instagram & Oculus Went Down for Hours – Here’s What We Know

1 Comment

If you were awake in the wee hours of yesterday looking to Instagram or Facebook for memes before calling it a night, you would have been sorely disappointed. Facebook’s platforms faced a major outage which lasted most of last night. Even WhatsApp wasn’t spared from the outage as messages failed to go through – which might have been a welcome reprieve for many of us.

Facebook Outage
Photo by Thought Catalog from Pexels

It seems like connectivity and social media isn’t the only thing that experienced the outage. Reports have surfaced that the outage also affected Facebook’s staff emails and even office badges. So what actually happened?

Essentially Facebook and all its properties disappeared from the internet. How? Well, the cause is a change in the settings of the internet infrastructure between Facebook’s data centres. These changes essentially made it so Facebook and its properties couldn’t be found when browsers and apps looked up anything address that led to the company’s servers. Facebook’s official explanation for this is an error in the updated settings which had a cascading effect.

f logo RGB Hex Blue 512
Source: Facebook

Our engineering teams have learned that configuration changes on the backbone routers that coordinate network traffic between our data centers caused issues that interrupted this communication. This disruption to network traffic had a cascading effect on the way our data centers communicate, bringing our services to a halt.

Facebook Official Statement

However, many cyber security companies have come forward and suggested that there may be more to the outage than meets the eye. Some have suggested the underlying cause of the outage may, in fact, be a hack or breach in Facebook’s data servers. According to Acronis, DNS and BGP (Border Gateway Protocol) are popular targets for malicious players to mount cyber-attacks. There is a myriad of ways that they can do this from social engineering to hijack through the registrar or simply by affecting the settings themselves. Facebook tries to downplay this saying that there is no evidence of data being compromised.

Candid Wuest Acronis
Source: LinkedIn

There are various potential attacks against DNS infrastructure – from DDoS attacks to local DNS rebinding or hijacking a DNS with social engineering against the registrar. Looking at overall attack statistics, they are a lot less popular than common malware and ransomware attacks, but they can be extremely devastating if successful in a sophisticated attack. It’s like pulling the electric cable to your server room – whole enterprise suddenly goes dark.

Candid Wuest, Acronis VP of Cyber Protection Research

Cloudflare corroborates both Facebook’s official statement and also Acronis’ in their own blog post. The company states that they saw a peak of routing changes from Facebook at 15:40 UTC (10:40 PM in Malaysia). It was only after this that the outages followed.

Was Facebook Trying to Silence Whistleblowing?

While that may be the case, it seems like there is a growing theory that Facebook’s outage was not an accident. The company has been under fire in recent months after inklings of potentially damning accusations came to light. The data showed that Facebook had been ignoring and hiding its own internal data that Instagram could be potentially harmful to teens. This was also one of the reasons why Instagram Kids was put on ice. It was also revealed that the company had a separate set of standards for public figures.

The information has since been linked to Frances Haugen, a former Facebook employee. Why is this being linked to the outage? Well, it seems that the outage occurred following a very damning interview with CBS’s 60 Minutes. While the timing maybe a little bit suspicious, there hasn’t been any data to support the theory.

Be that as it may, the outage did more than just inconvenience users of Facebook’s many apps, it also affected the net worth of CEO, Mark Zuckerberg. Zuckerberg saw billions in losses as the company’s stocks tanked in light of the outage. It’s not been a very quiet 2021 for the company and, hopefully, this isn’t an indication of things to come.

Business, Contributed

Vigilance is Crucial for Businesses in Dealing with Modern Malware

Leave a comment

In just the first four months of 2021, Trend Micro’s Research team detected 113,010 ransomware threats in Malaysia. Ever since the first detected case of ransomware infection in 2005 globally[1], ransomware has evolved. Over the years, ransomware has evolved and has resulted in the emergence of what is often termed modern ransomware; which is even more targeted and malicious in nature.

The recent attack on enterprise technology firm Kaseya[2], where hackers demanded US$70 million (RM290.92 million) worth of bitcoin in return for stolen data, is a stark reminder of the sweeping damage and disruption that modern ransomware is capable of. 

crop hacker typing on laptop with information on screen
Photo by Sora Shimazaki on Pexels.com

Traditionally, ransomware attacks were conducted through a “click-on-the-link” that leads to compromised websites or spam emails. This was typically aimed at a random list of victims to collect moderate pay-out.

Today, threat actors have evolved their strategies to inflict greater damage on a company’s reputation and potentially collect larger pay-outs from high-profile victims. This is what is becoming known as a “double-extortion” strategy in modern ransomware attacks. According to Trend Micro’s research[3], criminals take these steps to personalize the attacks:

  1. Organize alternative access to a victim’s network such as through a supply chain attack;
  2. Determine the most valuable assets and processes that could potentially yield the highest possible ransom amount for each victim;
  3. Take control of valuable assets, recovery procedures, and backups;
  4. Steal and threaten to expose confidential data;

In Malaysia, Trend Micro found that the industries most targeted by ransomware are government, healthcare, and manufacturing[4]. As these sectors continue to play a role in driving economic growth in the country, it is clear that a multi-layered cybersecurity defence system is necessary. These enterprises will need to create such a defence to defend their networks and protect their business-critical data to keep up with the ever-evolving ransomware landscape.

close up view of system hacking
Photo by Tima Miroshnichenko on Pexels.com

In order to keep up with the ever-evolving ransomware landscape, among the three most important must-dos for Malaysian organizations are: 

  • Maintain IT hygiene factors: Security teams should ensure that proactive countermeasures, such as monitoring features, backups, and trainings in security skills, are in place to enable early detection. Alongside that, everyone in an organization should also have the latest security updates and patches installed.
  • Work with the right security partners: Start by clearly defining the needs and priorities around enterprise security in an organization. Then, collaborate with a security vendor that aligns with these priorities to create a solid security response playbook to be used on an ongoing basis.
  • Have visibility over all security layers: In order for security teams to be able to detect suspicious activity early-on and to respond to cyber attacks quicker, organizations should utilize tools such as Trend Micro Vision One, which collects and automatically correlates data across email, endpoints, servers, cloud workloads, and networks. By putting the right technologies in place, enterprises can also help reduce the alert fatigue commonly faced by security operations centers (SOCs), with 54% reporting that they are overwhelmed by alerts[5].

In today’s world of constant attacks, cybersecurity should be a top priority for everyone across the entire organization; and not just be the sole responsibility of the security team. While an organization can eventually recover its data or financial resources post-attack, the loss of trust among customers and partners will be a difficult challenge to remedy. All stakeholders must collaborate, invest in proper resources, and take proactive steps to transform workplace culture and best practices in order to stop pernicious ransomware threats at the door. 

[1] Trend Micro, Ransomware, https://www.trendmicro.com/vinfo/us/security/definition/ransomware

[2] Trend Micro, IT Management Platform Kaseya Hit With Sodinokibi/REvil Ransomware Attack, 4 July 2021. https://www.trendmicro.com/en_my/research/21/g/it-management-platform-kaseya-hit-with-sodinokibi-revil-ransomwa.html

[3] Trend Micro, Modern Ransomware’s Double Extortion Tactics, 8 June 2021. https://www.trendmicro.com/vinfo/gb/security/news/cybercrime-and-digital-threats/modern-ransomwares-double-extortion-tactics-and-how-to-protect-enterprises-against-them

[4] Trend Micro, Trend Micro 2020 Annual Cybersecurity Report, 23 February 2021. https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/a-constant-state-of-flux-trend-micro-2020-annual-cybersecurity-report

[5] Trend Micro, 70% Of SOC Teams Emotionally Overwhelmed By Security Alert Volume, 25 May 2021, https://newsroom.trendmicro.com/2021-05-25-70-Of-SOC-Teams-Emotionally-Overwhelmed-By-Security-Alert-Volume

Android, Mobile, News

Popular Doesn’t Mean Safe – Google Pulls Apps from Play Store

Leave a comment

Popular doesn’t necessarily mean it’s safe. That’s what we’re seeing from a new report which has led to Google removing nine apps from the Google Play Store. The nine apps recently surfaced in a report by security firm, Dr. Web, these apps were providing fully functional service while stealing users’ Facebook login information.

The apps in question had different malware variants in their coding. Their developers incentivised surrendering user information by offering a “free upgrade to Pro” when a user opted to log in with their Facebook account. Once the unassuming user did this, the app would intercept and hijack the login credentials. The apps, identified as trojans, used an intermediary server to spoof and collect Facebook information and cookies.

A total of five malware variants were found in these apps. All of them were classified under the same trojan by Dr. Web. Three of these variants were apparently developed natively for Android while another two were done using Google’s Flutter framework. The latter of the types pose an increased risk to users as the framework allows apps to be developed across multiple platforms. All of these malware variants shared identical configuration file formats and identical JavaScript code to steal data.

According to the report from Dr. Web. The apps in question are:

If you have downloaded any of these apps in the past or still have them on your phone. You should thoroughly check your phone for malware. Apps such as Kaskpersky and Malwarebytes are good options to help remove any malware from your device. It goes without saying that you should uninstall these apps immediately.

Google has since removed the apps from the Play Store. Ars Technica states that a Google spokesperson noted that the offending app developers have been removed and banned from the Play Store.

Mobile, News

Qualcomm Processors Have A Worrying Security Flaw

Leave a comment

Qualcomm provides processors for nearly every smartphone OEM you can think of. The company’s success in providing stable, powerful systems on a chip (SoCs) have made it one of the largest suppliers in the world. However, the dependency on a single provider may not bode well for OEMs with a crucial vulnerability being discovered in these SoCs.

green and white lights
Photo by cottonbro on Pexels.com

An Isreali cybersecurity research firm called CheckPoint Research has found a crucial flaw in Qualcomm’s MSM (Mobile Station Modems) that could potentially affect user privacy. The MSM is an SoC itself which allows smartphones using Qualcomm’s processors to connect to cellular networks such as 2G, 3G, 4G and 5G. It also enables a slew of features that complement the connectivity including high definition recording of calls.

The vulnerability affects a protocol called the Qualcomm MSM Interface (QMI) which facilitates communication between MSM’s software components and other systems on the device it’s been deployed in. This vulnerability allows malicious actors (ie hackers) to inject malicious code into the modem. They can do this by deploying apps or other more intricate ways to access data such as user call history and SMS. The fact that the vulnerability could even be exploited to listen in to you conversations and unlock the SIM on the phone is all the more alarming.

Photo by Daniel Romero on Unsplash

Given the proliferation of Qualcomm processors in the market, an estimated 30% of devices worldwide are affected by the security vulnerability. However, in a research note, CheckPoint does indicate that Qualcomm has been notified of the vulnerability since October last year. Since then, Qualcomm and manufacturers such as Samsung have already been deploying fixes for the vulnerability. Of note, the vulnerability will be listed in Google’s next monthly Android Security bulletin. Samsung has indicated that the May 2021 patch does address the vulnerability and has been patching the vulnerability silently since January 2021.

The vulnerability classified as CVE-2020-11292 and has been noted to affect smartphones from OnePlus, OPPO, Google, LG, Samsung and more.

News

533 Million Facebook Users’ Data Resurfaces Online from 106 Countries

2 Comments

Facebook seems to be having a row of things recently. The company initially faced humongous backlash on their implementation of data sharing policies between popular messaging app, WhatsApp, and the larger company. Now, it looks like old wounds are reopening for the company as data from a breach that happened in 2019 has surfaced on forums in hacking forums.

The breach involves over half a million users from over 100 countries with data such as their phone number, emails and even birth date. Malaysia is listed in the countries affected with over 11 million users having been compromised. The breach was first reported by Business Insider. Business Insider has also verified the data in the leak by testing password reset requests. A spokesperson for Facebook has confirmed the data breach. The person also confirmed that the data breach occurred due to vulnerability which was identified and patched back in 2019.

https://twitter.com/UnderTheBreach/status/1378314424239460352

While the data is 2 years old, the fact that it is readily available online at this point is a worrying fact. Data like birthdates, phone numbers and emails can be used to socially engineer scams. In fact, due to the phone numbers being leaked and made readily available, the likelihood in getting scams over SMS and phone calls are heightened.

Acronis Vice President of Cyber Protetction research, Candid Wuest, advises that, in light of the leak, “There is now a higher risk of SMS spam, but also password reset attacks and attacks against other services that use SMS for MFA are now more likely. Users should therefore change from SMS-based MFA service where possible for critical accounts.”

The fact that the leaker has readily made the data available for free can be puzzling. However, according Wuest, “As the leaked data does not contain any passwords or payment card details it is of less value to attackers. Furthermore, at least two third of the data was already available from previous leaks. It is not uncommon to see such data sets being made available for free, as they would not yield much profits on underground site. Such large data sets tend to not stay private for very long anyway.”

The new leak brings into the spotlight the amount of personal data we have available online and especially on social media. It also brings into question Facebook’s privacy policies which govern and protect data stored on their service. What’s even more worrying is the fact that Facebook wasn’t the notifying users, instead, the leak was reported by twitter user Alon Gal who has since been looking at and verifying the data leak. Facebook has only confirmed the occurrence of the breach and has not even notified users that were affected.

Business, Computers, Lifestyle, Mobile, Social Media

Microsoft Teams Rolls Out End-to-End Encryption to Enhance Security

Leave a comment

Microsoft has finally rolled out end-to-end encryption (E2EE) feature to Microsoft Teams after a long wait. This feature is available for commercial or paid subscriber, and it only applies to one-to-one unscheduled meetings. Although, Microsoft mentioned that this feature will be applied in other types of meeting in the future.

This security feature has provided users a better platform to discuss sensitive and confidential matters or topics. Microsoft’s implementation not only encrypts the conversation during the meeting but also enhances cryptographic keys held on users’ devices. In other words, no third party gets access to the meeting or trace the conversations, including Microsoft. The latest security upgrade is supposed to reduce privacy concerns.

On the other hand, PowerPoint Live is one of the new features in Microsoft Teams, it allows users to remotely control the slides, while the viewers or other presenters can privately skip ahead to the content they want without disrupting the presentation. Presenters can review comments, content, notes, and meeting participants on a single screen, which is convenient.

Moreover, Microsoft Teams is offering 3 presenter modes for customized presentations. The 3 modes are ‘Standout’, ‘Reporter’, and ‘Side-by-side’.Only Standout mode will be released within this month (March 2021), Reporter and Side-by-Side mode will be released soon as per Microsoft. Standout mode places the presenter’s video feed front and center. Side-by-side places the video feed right beside the presenter’s slides. Reporter mode is pretty self-explanatory.

Of course, users can leave it in Dynamic Mode to keep things simple. Dynamic View personalizes and automatically manages the frame to the speaker window as people speak up or turn on their cameras. Users can decide to place the participant gallery at the top of their window, closer to your webcam’s placement. This layout arrangement helps maintain a sort of natural eye gaze. Dynamic View will also be coming later this month.

Business, News

Aruba ClearPass Security Portfolio Recognised for Ability to Reduce Risk

Leave a comment

As companies continue in their digitization journeys, they are seeing an increased need for solutions that are able to mitigate risk. However, with the many solutions in the market, it can be daunting for them to discern between them. Marsh, a global insurance broking and risk management firm, has come up with a program called Cyber Catalyst which recognises and certifies cybersecurity solutions for their effectiveness across a set of criteria including the effectiveness, efficiency and viability of the solution. For the second time, one of Aruba’s security offerings has been recognised for its efficacy as part of the Cyber Catalyst Program.

Aruba’s ClearPass Suite of identity-based access control solutions has been recognised in the Cyber Catalyst program. The ClearPass suite encompasses an array of individual, AI-driven services which allow organisations to have better visibility of their network activity. It allows businesses to scale – even with the rigours of remote work – effectively without compromising network and data security through the implementation of automated device compliance policies and even through BYOD provisioning. Aruba’s ClearPass covers everything from onboarding, policy control, remote management and even guest access security.

Aruba’s ClearPass joins its Policy Enforcement Firewall (PEF) which received the same recognition in 2019. As two of their services have now been recognised, the company now boasts an integrated identity-based network access control solution. Aruba’s offerings are now a comprehensive approach to Zero Trust and Security Access Service Edge (SASE) frameworks.