Skip to content

Cyberattack: another big company is a ransomware victim

Another cyberattack with devastating consequences for financial institutions. The target now was BancoEstado, one of the three largest Chilean banks, which was affected by ransomware on September 6. According to a statement to Chile’s Cybersecurity Incident Response Team (CSIRT), the cyberattack is believed to have involved the Sodinokibi ransomware, also known as Revil.

On the 6th, the bank informed through a statement that it had detected malicious software in its operating systems and that their platforms could have some kind of unavailability due to the incident. However, ATMs and Internet Banking were not affected, nor were the resources of its customers or the institution itself. It is believed that the attack, again, was orchestrated through Social Engineering, when one of the bank’s employees opened an Office document infected with the virus.

By compromising the employee’s machine, the attacker was able, through lateral movement, to infect more than 12,000 endpoints and affect the operations of all 416 branches of the Chilean bank.

After detecting the cyberattack on the 5th, Saturday, BancoEstado reported the incident to the Comisión para el Mercado Financiero (CMF), the equivalent of our Securities and Exchange Commission (CVM), which soon issued an alert to the Chilean banking system.

Long lines formed in the days following the cyberattack in front of BancoEstado branches. Account holders have complained on Twitter about various anomalies in their accounts, such as uncredited transfers to destination accounts, as well as lack of access to investment accounts, and inconsistent data in the amount totals. At the same time, there are reports that cybercriminals have started spam campaigns on behalf of the bank to capture customer credentials.

An attack of this magnitude indicates major flaws in the control of access to internal networks, including an efficient monitoring and response system. This involves the lack of computational and human resources for adequate response to incidents.

Another organization victim of the same ransomware that hit BancoEstado, in July this year, was Telecom Argentina, the country’s largest telephone operator. In this specific case, the required amount was US $ 7.5 million.

Learn more: How to protect your company from insiders threats?

But, what is the Sodinokibi ransomware and how does it work?

Sodinokibi is a family of ransomware that affects Windows systems and encrypts important files, requesting a cash amount to decrypt them. The ransomware creators are also associated with other malicious software, GandCrab, which was already linked to approximately 40% of global ransomware infections before being retired by its creators in June 2019. Thus, one can already have an idea of the potential for Sodinokibi infection.

The first difference noticed by users when having their device infected by ransomware is an infection warning, when the files are already encrypted. The ransom instructions are also visible on the user’s Desktop.

More than ever, cyberattacks through ransomware are among the biggest risks for organizations of all sizes and industries. According to the Mid-Year Threat Landscape Report 2020, there was a 750% increase in attack attempts through malicious software involving ransoms. And not only is the number of these attacks increasing but so is their sophistication.

In many cases, malicious attackers use threats against their victims to leak encrypted data, something that can compel them to pay the high amounts required as a ransom. One of the causes is the heavy sanctions that organizations are subject to in case of data leaks. If the leak involves personal data of European citizens and the organization is subject to GDPR, the fine could reach up to 50 million euros. If it takes place in Brazil and the LGPD is applied, this amount can reach up to 50 million reais.

One of the ways to mitigate the risks associated with a ransomware infection is to ensure that security updates are applied as soon as they are released by developers. By doing this, one can prevent malicious attackers from exploiting vulnerabilities to infect the environment. The implementation of features such as Multifactor Authentication is another strategy that prevents hackers from moving laterally through the environment and infecting even more endpoints.

Cybersecurity teams must also perform backups of their systems, as well as periodic testing as part of their disaster recovery and incident response plans. Thus, it is possible to guarantee that the systems are recovered without the need to pay a ransom.

Deploying a PAM solution such as senhasegura is also an excellent way to mitigate cybersecurity (and business) risks associated with ransomware infection.

Through our Privilege Elevation and Delegation Management solution, senhasegura.go, one can segregate access to sensitive information, isolating critical environments, and correlating events to identify any suspicious behavior. By controlling lists of authorized, notified, and blocked actions with different permissions for each user, senhasegura.go allows reducing the risks linked to the installation of malicious software and abuse of privilege, which can compromise the environment. Finally, through senhasegura, one can overcome the challenges of implementing controls for data protection legislation such as GDPR and LGPD, as well as PCI, ISO, SOX, and NIST regulations, with the automation of privileged access controls to achieve maturity in the audited processes.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Senhasegura
Senhasegura strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

ESET CEO理查德·馬科(Richard Marko)幫助網絡安全技術協議和聯合國辦事處帶來創新的數字解決方案,作為Apps 4 Digital Peace競賽小組的評委

Bratislava – Richard Marko, CEO of ESET, a global leader in cybersecurity, has been invited to judge the first-of-its-kind Apps 4 Digital Peace Competition organized by the Cybersecurity Tech Accord, the United Nations Office for Disarmament Affairs (UNODA), and the https://www.un.org/youthenvoy/.

The competition was created in response to the dramatic increase in the malicious use of information and technology by state and non-state actors. Given the possible threat to international peace and security, these organizations felt a need to encourage the brightest young minds to help develop technology solutions to limit the use of the internet as a domain of conflict, and to increase the security and stability of our online environment.

Through ESET’s involvement as a signatory of the Cybersecurity Tech Accord, Mr. Marko will join a panel of distinguished judges to help stimulate new and ethical thinking from young innovators across the world. The other members of the panel are Alex Stamos, director, Stanford Internet Observatory and former Facebook CISO; Damir “Gaus” Rajnovic, cybersecurity manager of Panasonic; Kim Zetter, award-winning journalist covering cybersecurity and national security issues; Liis Vihul, CEO, Cyber Law International; and Jayathma Wickramanayake, the UN Secretary General’s Envoy on Youth.

Five finalists are in the running to receive both cash prizes and networking opportunities that will help get their ideas off the ground. The winners will be invited to attend the Cybersecurity Tech Accord’s annual meeting to present their Apps 4 Digital Peace submission to some of the world’s leading technology companies committed to improving security online for users everywhere.

“It is a privilege to serve on the judging panel for the first-ever Apps 4 Digital Peace Competition,” said Mr. Marko. “At ESET we are passionate about making technology safer for everyone, and we are proud to empower the leaders of tomorrow in creating and developing innovative solutions that promote digital peace.”

“I’m excited to see what these bright, young minds create to tackle the many challenges that the cyber world brings,” said Tony Anscombe, Chief Security Evangelist at ESET. “Our youth innovators are the future of cybersecurity. Their contributions will help form cyber hygiene practices, protect infrastructure and promote responsible online behavior, creating a positive impact in our online world.”   

The Apps 4 Digital Peace Competition Virtual Award Ceremony will take place on September 21 from 10:00 am to 12:00 pm EDT. Click here to register to watch the ceremony.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

ESET的新總部和校園將由丹麥領先的建築工作室BIG(Bjarke Ingels Group)設計

BRATISLAVA – ESET has named its partner in transforming the premises of the former Military Hospital at Patrónka into the Center for Innovation and Creativity – ESET Campus – the world-renowned architectural studio Bjarke Ingels Group (BIG). Architects from one of today’s most sought-after studios have won the international architectural competition that was announced by ESET last September. As ESET Campus is an exceptional project in terms of scope but especially the combination and interconnectedness of functions, the most important selection criteria were previous experience with a focus on master planning, campuses and innovation centers, but also sufficient studio size and capacity.

“We also see ESET Campus as an extremely complex project for our company, which is why we paid a lot of attention and time to the choice of the conceptual architect. The international competition and workshops with the addressed studios, as well as discussions with Slovak experts who helped us with the selection, significantly moved us not only in thinking about the future design of the project, but also on current topics such as sustainability, ecology and flexibility of the working environment. In addition, we are preparing this exceptional project at a time that posed completely new challenges for us, so I am very happy that we will develop it with exceptional architects from the BIG studio,” said Pavel Luka, ESET’s chief operating officer, about the results of the competition.

“We are honoured to work with ESET, which has set out an extraordinary level of ambition for their new headquarters. With the global events of 2020 and the rise of remote working in mind, this has become an opportunity to explore the future of both physical and virtual work space, and to rethink the campus as an integrated part of the city. The vision is to demonstrate a true carbon neutral approach to construction, and to create a campus blended closely with the natural environment at the foot of the Small Carpathians,” said Andreas Klok Pedersen, partner, BIG London.

As the intention of the competition was the presentation of conceptual proposals and the selection of a long-term partner for cooperation, the result of the selection is not yet the final design of the project. It should be created in the coming months in cooperation with the BIG studio, ESET and also with the involvement of a local architectural studio, the selection of which is currently being prepared.

Based on the cooperation of ESET with the Faculty of Architecture and Design of the Slovak Technical University (FAD STU) in Bratislava, the architects from the BIG studio also became the guarantors of the newly opened 25th vertical studio at FAD STU. In the next school year, under their leadership, students will solve assignments related to the topic of innovation centers, science parks, and sustainability, but also design solutions in the post-COVID-19 era.

ABOUT THE ESET CAMPUS PROJECT
ESET acquired the plot of land at the Bratislava Patrónka site in 2017. It plans to create an ESET Campus on the site of the former Military Hospital — a living place that will turn this part of the city into an epicenter of innovation and creativity in Bratislava. In addition to the new headquarters and global research center of ESET, the campus will create a unique and stimulating environment for IT and technology companies and startups, and connect them with technically oriented universities.

In addition to a high-quality environment for innovation and research, the campus will provide a wide range of other useful services and facilities, unique public spaces and, in part, a residential function intended mainly for company employees. The campus is also envisioned to create modern forms of accommodation for students, which can deepen the integration of universities within this innovative ecosystem. An important part of the campus will be its sports infrastructure and auditorium; many of these spaces will also be available to the general public.

The campus will be built on the principles of functionality, sustainability and ecology. It is intended to support the use of public transport and maximum comfort for pedestrians as much as possible. In addition to public transport stops, there is also a railway station in the immediate vicinity of the complex, thanks to which train transport in this part of the city could become a full-fledged part of public transport.

BIG – BJARKE INGELS GROUP
BIG is a Copenhagen, New York, London and Barcelona based group of architects, designers, urbanists, landscape professionals, interior and product designers, researchers and inventors. The office is currently involved in a large number of projects throughout Europe, North America, Asia and the Middle East. BIG’s architecture emerges out of a careful analysis of how contemporary life constantly evolves and changes, not least due to the influence from multicultural exchange, global economic flows and communication technologies that all together require new ways of architectural and urban organization. More info: big.dk.

Google headquarters, USA. With Google and parent company Alphabet’s ever-expanding and ever-evolving ventures, occupying existing buildings for the expanding workforce has reached its organizational limitations – teams become spread across multiple buildings, separated by parking lots. On the other hand, a single centralized headquarters is also not the approach for Google, nor is it desirable for the city of Mountain View. Our mission is to create a replicable and scalable building typology that is also adaptable and inclusive to the various sites of North Bayshore and beyond. More info: big.dk/press/gce/

Toyota Woven City. Together with Toyota Motor Corporation, BIG unveils Toyota Woven City as the world’s first urban incubator dedicated to the advancement of all aspects of mobility at the foothills of Mt. Fuji in Japan. Envisioned as a living laboratory to test and advance mobility, autonomy, connectivity, hydrogen-powered infrastructure and industry collaboration, More info: big.dk/press/twc

Google London headquarter, UK.  Centrally located in King’s Cross and adjacent to the city’s largest station, Google’s London headquarters will be its first wholly owned and designed building outside the United States. The new 11-storey building, combined with Google’s current building at 6 Pancras Square and an additional third building, will create a King’s Cross Campus with the potential to house 7,000 Google employees. Comprising of more than 1 million sqft, of which Google will occupy 650,000 sqft, the purpose-built building is being developed from the ground up and will contribute to the Knowledge Quarter and King’s Cross’s growing knowledge-based economy. More info: big.dk/press/kgx

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

當今配電網絡中的明顯漏洞

It is hard to think of another facility more crucial than power distribution facilities, which control everything from turning on the lights in homes to running critical infrastructure systems. The US Institute for Critical Infrastructure Technology (ICIT) recently labelled what it terms ‘disruptionware’ in the context of an attack on a national energy grid as “a weapon of mass destruction.”

Western countries have been concerned about the threat of cyber-attacks crippling energy grids ever since the Russian targeting of the Ukrainian power grid in 2015 and, more recently, indictments by the US Department of Justice against two Chinese threat actors for targeting groups including a Department of Energy site.

The same group that targeted the Ukrainian grid, named as Dragonfly or Energetic Bear, was subsequently alleged to have been responsible for numerous other attacks on energy facilities, including a major attack on the UK power grid, which only came to light as a result of a leaked memo from GCHQ and the UK National Grid, has been on high alert for cyber-attacks since the start of the COVID-19 crisis.

Yet these vital facilities are not only poorly protected when compared to many other types of organization, but are also becoming increasingly vulnerable to cyber-attacks. Threats such as Trisis, Industroyer and BlackEnergy are now increasingly deployed in order to exploit a growing number of glaring vulnerabilities within power distribution systems.

The push to modernize power distribution facilities has brought in its wake a host of new entry points for threat actors to exploit. The rapid shift to smart grids means that utilities are now adding tens of thousands of largely unprotected devices such as new sensors, controllers, relays and meters.

Existing perimeter security is currently largely incapable of controlling all entry points to the network; once any one of these is bypassed, attackers can access a wide range of assets and remain undetected for long periods of time. Increasing connectivity of OT networks to remote sub-stations as well as to organizational systems also brings with it a host of vulnerable and often unsecured entry points.

Automation components, such as programmable logic controllers (PLCs) function via microprocessors and contain function-specific software programming. They also have management and communications capabilities running over network paths. These have been a major target for cyber-attacks as a means of gaining access to control systems.

Legacy industrial control system (ICS) protocols such as Modbus and DNP3, commonly used throughout power systems, have little or no security measures and lack authentication capabilities. These can easily be intercepted, spoofed or altered – potentially causing a dangerous event in the operations environment.

Like many other utilities, power distribution organizations also increasingly rely on remotely accessible equipment and mobile devices. While this has an immediate payback in terms of efficiency and convenience, it has also created vulnerabilities stemming from unsecure access or from connection to critical systems via remote tools and devices.

Coming from a world of stand-alone secure systems, many vendors of ICS systems also unwittingly create ‘backdoor’ access to devices and software, which are easy to exploit. Some vendors are even known to threaten to void equipment warranties should their products be reconfigured from the original factory settings by changing passwords or installing unapproved security packages.

The absence of constant network monitoring systems in most OT networks means that many utilities cannot even obtain basic forensic data related to cyber intrusions and attacks. This not only leaves such facilities vulnerable to financially motivated ransomware demands, but also to potentially devastating attacks from state-sponsored threat actors bent on causing physical destruction as well as economic damage.

Badly secured facilities mean that potentially highly destructive intrusions can sit on a power distribution network’s system undetected for months until they are triggered at a time calculated to cause maximum damage, possibly coinciding with other forms of attack or during a period of social unrest or national emergency such as the current COVID-19 crisis.

In order to protect against system abuse or cyber-attacks, power distribution networks must provide real-time monitoring across their newly-extended security perimeters in order to detect anomalous and non-authorized behavior while addressing both external and internal attack vectors.

source from:https://www.infosecurity-magazine.com/opinions/glaring-vulnerabilities-power

Elad Ben-Meir

CEO, SCADAfence

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.

使用動態VLAN分配分段網絡

What is Dynamic VLAN?

VLANs (Virtual Local Area Networks) enable segmentation of the main organizational network. In practice, VLANs allow network administrators to keep devices and network resources separated despite being connected to the same physical network.

Dynamic VLAN assignment separates and isolates devices into different network segments based on the device or user authorization and their characteristics. The flow of traffic between those VLANs is governed by a firewall or another routing device which can then enforce specific network access rules.

Why Use Dynamic VLANs?

Segmenting the network is a security best practice, and in some cases is even a regulatory requirement – such as with PCI. Network segmentation is a measure that improves the effectiveness of all the current investments in other security tools, and can by itself help to prevent significant damage to critical organizational data across the network after a company has been breached.

Automating VLAN assignments and eliminating the need for manual intervention has historically been a challenge for network security teams. Today, automatic VLAN assignment is best implemented by the use of a RADIUS service, which functions as follows:

  1. A device connects to one of several the network access layers: wired ethernet switch or WiFi SSID
  2. The network access layer sends a request to the RADIUS server with the user’s credentials or certificates (using 802.1X)
  3. The RADIUS server sends a reply which contains attributes that provide the switch or access point with information on the device VLAN, result in properly VLAN assignment

.

Common Dynamic VLAN Assignment Use Cases

Network and security administrator most commonly encounter these use cases for dynamic VLAN assignment:

  1. The Sales & Marketing department does not need access to R&D resources, while R&D should not have access to the Finance Department resources. Using dynamic VLANs, each department will be placed in the correct VLAN with the required access.
  2. Devices that fail to authenticate due to wrong credentials or incorrect/expired certificate will be placed in a quarantine VLAN with internet access only.
  3. IP Phones using a dedicated voice VLAN and should be placed on that VLAN upon successful authentication.
  4. MAC bypass for devices that do not support 802.1X should be placed in their own dedicated VLAN.
  5. Devices that fail posture assessment (such as those without updated AntiVirus) should be placed in a quarantine VLAN with limited access.
  6. Employees connecting to one single WiFi SSID and get different access (VLANs) based on their authentication repository LDAP groups.

Dynamic VLAN Assignment with Portnox CLEAR

As mentioned earlier, the implementation of dynamic VLAN assignment has often been challenging for organizations since additional servers were needed on-site at the datacenter. This forced network teams to manage redundancies, complex configurations, and on-going maintenance.

To paint a clearer picture of this headache, consider this:

Take the case of connecting a new department, branch, or merely onboarding a lot of new employees at once…this can cause a surge in demand, which will in turn cause the whole network to “shutdown,” thus not accepting anyone who tries to connect.

Portnox CLEAR is a network access control solution, deployed as a cloud service, that provides all the mentioned use cases and more. CLEAR simplifies the implementation process of dynamic VLAN assignment. CLEAR allows you to easily set-up a cloud RADIUS server in a single click, and integrate with various authentication repositories like on-premise Active Directory, Azure AD, GSuite, OKTA. Plus, you can enforce your own unique access control policy to dynamically assign users to their respective VLANs.

In addition to VLAN assignment based on credentials authorization, CLEAR also allows you to implement dynamic VLAN assignment based on risk violation. This means that even devices that have authenticated successfully to the wired or wireless network can be dynamically moved to a dedicated VLAN if they fall out of compliance.

In the diagram above:

  1. PCs are dynamically assigned to the VLAN based on their credentials/certificate.
  2. IP Phones are assigned to the VOIP VLAN.
  3. Printers are assigned to the printers VLAN.
  4. Guests devices assigned to the internet-only access/quarantine VLAN.

How it Works – Setting up Dynamic VLAN Assignment in Portnox CLEAR:

1. Enable Cloud RADIUS

In the CLEAR portal, create your one-click cloud RADIUS server: Go to Settings > Services > CLEAR RADIUS Service, and add your RADIUS service instance:

And point your network equipment: wired switches and/or wireless controllers to work with these CLEAR Radius service details.

2. Creating an Access Control Policy – Dynamic VLAN Assignment:

In Policies > Access Control Policies, add or edit your existing access control policy, select the required access layer and add the correct VLAN ID or VLAN name for each event you want to create dynamic VLAN assignment for: successful authentication, authentication violation, risk assessment, blocked by admin. Then, map the access control policy to the relevant groups and users.



Ran Fridberg

Sales Engineering Director, N. America

Ran has over 9 years of engineering experience in the industries of security and networking technologies. At Portnox, Ran oversees all sales engineering and project management activities in North America, making sure that the solutions best meet our customers’ needs and requirements. Ran holds a B.Sc. in Electrical and Electronics Engineering from Tel Aviv University.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

ESET啟動移動安全6.0版

BRATISLAVA – ESET, a global leader in cybersecurity, has launched version 6.0 of ESET Mobile Security (EMS), an award-winning solution that provides protection against a multitude of Android mobile security threats such as malware and phishing, and now has the added feature of Payment Protection for financial transactions.

ESET Mobile Security protects users’ data against loss, leakage and misuse through strong malware protection, as well as providing a safe browsing environment with its anti-phishing feature. EMS also protects users from physical loss and theft, connecting to my.eset.com to provide as much real-time information as possible about the status and whereabouts of the device.

Version 6.0 of the premium Mobile Security solution introduces a new layer of security for EMS users. The Payment Protection feature safeguards users from applications that utilize sensitive financial information such as banking transactions and online shopping. This feature automatically categorizes all installed applications from the Google Play Store that fall into the Finance category and scans them for potential threats. The user is also able to add other installed apps to the list that may fall outside of the Finance category.

A “safe launcher” icon is added to the user’s list of applications, and from there, apps pertaining to sensitive financial data can be launched and will be protected from malware or fake apps that may be attempting to steal credentials by replicating login screens. If an app is not launched from the safe launcher module, Mobile Security will continue to run a basic scan for unresolved antivirus issues, open network usage and the root state of the device.

To further cement ESET’s commitment to cutting-edge Android mobile protection, the company has been awarded the MRG Effitas Certificate in the Android 360° Assessment Programme Q1 2020 by MRG Effitas, a world leader in independent IT security efficacy testing, research and expertise. As the report highlights, Android devices are used by approximately 2.3 billion people around the globe, and with Android-based malware on a constant rise, it is vital that antivirus solutions protect against 100% of threats.

Version 6.0 has also undergone design changes to improve intuitiveness and ease-of-use features, such as the Call Filter feature that allows users to protect against unwanted incoming calls and a redesign of the Anti-Theft feature to allow for simpler onboarding and the resetting of passwords.

Branislav Orlík, product manager at ESET, states: “Mobile devices are a central part of our everyday lives and go far beyond just the need to call or message our friends and family. Our mobile devices are now a direct pathway to our wallets, our memories and our jobs, and it is vital that personal data is safely secured, especially sensitive financial data. With this latest version of ESET Mobile Security, we want to ensure our users feel completely secure when performing financial transactions on their devices, in addition to being protected from malware and phishing attempts. At ESET, we are dedicated to the safety of technology users across the globe and are proud to be recognized for our innovative and reliable security solutions.”

For further information on ESET Mobile Security, click here.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Mozilla修復了會導致Android裝置被同一Wi-Fi網路駭客劫持的Firefox漏洞

這項漏洞是由澳洲研究人員Chris Moberly發現,它存在於Android版Firefox上的簡單服務發現協定(SSDP,Simple Service Discovery Protocol)中。SSDP為構成通用隨插即用(UPnP)技術的UDP協定;一臺裝置發送SSDP廣播訊息尋找到同一區域網路上的其他裝置,以分享內容。Android版Firefox即是透過發送SSDP訊息,尋找其他裝置,像是Roku,以實現第二螢幕(second-screen)的使用情境,例如播放影音或網頁內容,其影響了Firefox 79以前的Android版本 (68.11.0及更低的版本)。

在Firefox發送廣播訊息時,同一區域網路上的裝置會加以回應,並回傳一個UPnP裝置所在位置的訊息。Firefox就會試圖存取這位置,並下載符合UPnP規格的XML檔案。但研究人員發現,攻擊者可以設立一臺惡意SSDP伺服器,然後以包含指向Android intent URI的惡意訊息取代位置訊息,驅動Firefox瀏覽器執行這個意圖(intent)。例如迫使Android手機上的Firefox連向惡意網址,而全部都不需受害者的任何動作。

研究人員說,這個漏洞並非很新奇的記憶體毁損漏洞,只是簡單的邏輯bug,但是卻可以從遠端驅動,且這項漏洞像RCE (remote command execution)漏洞一樣,允許駭客在不經用戶互動下執行未授權的功能,唯獨它只能執行預先定義的應用意圖(intents)而非任意程式碼。但是光是如此,它就能可能造成網釣攻擊,或是攻擊別的App上已知有問題意圖。研究人員還示範了如何劫持同一網路下Android手機連上惡意網址、開啟郵件應用程式、或撥打電話,只要手機上安裝Firefox。

ESET資安專家建議用戶升級到79以後的版本,而桌機版則不受此影響。

原文出處:https://www.welivesecurity.com/2020/09/21/mozilla-fixes-flaw-let-attackers-hijack-firefox-android-wifi/

#若有任何資安需求,歡迎洽詢台灣二版資安專業團隊,服務電話:(02)7722-6899,或上官網查詢:https://version-2.com.tw/

關於ESET
ESET成立於1992年,是一家面向企業與個人用戶的全球性的電腦安全軟體提供商,其 獲獎產品——NOD32防病毒軟體系統,能夠針對各種已知或未知病毒、間諜軟體 (spyware)、rootkits和其他惡意軟體為電腦系統提供實時保護。ESET NOD32佔用 系統資源最少,偵測速度最快,可以提供最有效的保護,並且比其他任何防病毒產品獲 得了更多的Virus Bulletin 100%獎項。ESET連續五年被評為“德勤高科技快速成長500 強”(Deloitte’s Technology Fast 500)公司,擁有廣泛的合作夥伴網絡,包括佳 能、戴爾、微軟等國際知名公司,在布拉迪斯拉發(斯洛伐克)、布里斯托爾(英國 )、布宜諾斯艾利斯(阿根廷)、布拉格(捷克)、聖地亞哥(美國)等地均設有辦事 處,代理機構覆蓋全球超過100個國家。

關於台灣二版Version 2
台灣二版(V2)是亞洲其中一間最有活力的IT公司,發展及代理各種互聯網、資訊科技、資訊安全、多媒體產品,包括通訊系統等,透過龐大銷售點、經銷商及合作伙伴,提供廣被市場讚賞的產品及客製化、在地化的專業服務。台灣二版(V2)的銷售範圍包括香港、中國、台灣、新加坡、澳門等地區,客戶涵蓋各產業,包括全球1000大跨國企業、上市公司、公用機構、政府部門、無數成功的中小企業及來自亞洲各城市的消費市場客戶。 

How to protect your company from insiders threats?

Any corporation is subject to some type of cyberattack, and it is essential to have a system that defends and maintains data integrity.

According to a report by Fortinet Threat Intelligence, Brazil has suffered more than 24 billion cyberattack attempts in 2019, a fact that reinforces the need to have efficient solutions against this type of threat.

Preventing external attacks is already very common within companies, and according to the Verizon Data Risk Report, 34% of data breaches involve internal agents and 17% of all confidential files were accessible to all employees, which turns on a big alert for companies to protect themselves from insiders threats as well as external ones.

For this, it is recommended that some technology be implemented to efficiently monitor privileged access by employees. In order to help you with this task, we have separated 3 practices on how to protect your company from insiders threats, check them out:

1- Know who has access to privileged accounts

One of the biggest mistakes of companies is making privileged credentials available to many users, which directly affects data breaches and the risk of leaks through insiders threats.

You need to find out which people have access to protected environments, and ensure that people who do not need to access such environments have some kind of administrative credential, limiting the number of privileged users.

Ideally, credentials with a higher level of privilege should be controlled by those responsible for IT, so that there is no type of breach.

Learn More: So, what does Privileged Access Management mean?

2- Ensure user traceability

With the use of some technologies, you can know who, when, where, and what actions were taken by the user to perform a privileged session, in addition to limiting the actions that can be performed in the environment.

Some solutions alert and block the user who performs any improper action and provide session recording for analysis.

3- Third-party access

If any type of service provided to your company is outsourced, there must be some kind of protection.

Ideally, any type of access to company environments should be monitored through a VPN dedicated to a specific application for a predetermined time.

The best way to ensure that there are no loopholes for insiders threats in your company is by having a complete PAM password vault, which ensures protection from possible threats, monitors privileged sessions, and automates tasks.

senhasegura is one of the largest PAM solutions in the world according to Gartner. In addition to preventing data leaks and abuse of privilege and avoiding insiders threats, the solution is complete to guarantee protection against external threats. Moreover, the senhasegura implementation helps your organization to:

  • Apply the Security aspect in your DevOps pipeline, ensuring DevSecOps;
  • Perform the proper management of digital certificates;
  • Comply with LGPD and GDPR;
  • Ensure security in your Cloud environment.

If you want to know how our solution works and stop insiders threats in your company, fill out the form below and request a demo of the solution.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Senhasegura
Senhasegura strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.