Skip to content

Pandora FMS 和 Nagios 重返賽場。 最後對比

The battle begins again: Pandora FMS Vs Nagios. ¡FIGHT!

NagiosXI is the proprietary heir of one of the best-known tools in IT to monitor systems without a license, that is, as a free product. As a free product, Nagios (without XI) is a product that is almost 20 years old and suffers from many shortcomings, but for many years it has been the standard among “free” products and it fulfilled its role in those cases where the budget was quite short or the features needed were just a few. In recent years, its role as a free tool has been replaced by the more modern Zabbix.

Product features

Nagios XI is not a product as such, but rather it combines several pre-existing independent components. The best example is, for example, Nagios XI WEB management interface, with several elements, each one with its own credential system. Other system components installed on the Nagios XI appliance include:

  • Nagios XI UI: “Overlying” interface on the “basic” Nagios interface.
  • Nagios Core: Traditional interface.
  • NSCA: Agent for passive and plugin tests (not maintained since 2011).
  • NSPA: Agent for passive and plugin tests, with remote management.
  • NRPE: Agent for running Nagios plugins.
  • NRDP: Agent, theoretically a replacement for NSCA, whose development has not been updated since 2012.
  • Nagios Plugins: Monitoring scripts. There have been several community “forks”.
  • NagiosFusion: System similar to Pandora FMS Metaconsole.
  • Netflow Analyzer: Specific component to work with Netflow/SFlow flows.
  • Nagios Log Server: Log storage and monitoring system.

Each component with WEB interface has its own “look & feel”, its own user management system and, of course, its own configuration and integration with other elements. And these are elements designed by the company itself, Nagios Enterprise.

Third-party “OpenSource” components

  • PNP: Plugin to monitor performance using RRD binary databases.
  • Nagvis (maps): User-defined maps.
  • NDOUtils: Information export from nagios to SQL.
  • NSClient ++: Alternative agent that supports Nagios/Icinga.
  • NagiosQL (modified): Administration interface with data storage in MySQL.

None of these elements, which make up the “Nagios XI” solution, are even by Nagios itself, so the compatibility and coherence between them is relative. In many cases, no one can guarantee the quality or maintainability of those pieces of software.

Feature table comparison between Pandora FMS and Nagios

General featuresNagiosPandora
User Experience monitoringNOYES
Availability monitoringYESYES
Performance monitoringPartialYES
Event managementNOYES
Event correlation systemNOYES
MultitenantNOYES
Log collectionYESYES
Centralized management using monitoring policiesYESYES
Certified Security UpdatesYESYES
GeolocationNOYES
Command line managementNOYES
LDAP/AD authenticationYESYES
Virtualization and cloud computingYESYES
High availabilityYESYES
Horizontal scalability (Metaconsole)YESYES
Service monitoring (BAM)NOYES
Customizable visual consoleYESYES
Synthetic modules (dynamic creation of data on existing data)NOYES
Historical database for long-term data storageNOYES
Centralized plugin distributionYESYES
z/OS monitoringNOYES
SAP R3 & S4 monitoringNOYES
Remote control (eHorus)NOYES
Agent technologyNagiosPandora
Multiplatform agents for Windows, HP-UX, Solaris, BSD, AIX and LinuxYESYES
Remote management of software agent configuration (with policies and manually)YESYES
Agents for Android, IOS and embedded systemsNOYES
Remote inventory or with agentsNOYES
Centralized virtualization monitoring: Vmware, RHEV, XenServer, HyperVYESYES
Oracle, Informix, SyBase, DB2, Weblogic, Jboss, Exchange, Citrix, WebSphere monitoring (among others)PartialYES
Reports and graphsNagiosPandora
Customization of reports (first page, header, images, dynamic content, static content)NOYES
Up to 6 decimals of precision in SLA reportsNOYES
Fine-grain ACL system. 100% multitenant ready for SaaSNOYES
SLA advanced reports (daily, weekly, monthly)NOYES
DashboardYESYES
Planned stops and exclusionNOYES
Report templatesNOYES
Network featuresNagiosPandora
Network L2 topology detection and self-discoveryNOYES
IPAM (IP Address Management)NOYES
Decentralized SNMP and WMI monitoring (proxy servers, satellite servers)NOYES
SNMP trap monitoringYESYES
Dynamic network navigable maps, modifiable by the user in a graphical environment (Network console)NOYES
High-speed ICMP and SNMP scanningNOYES
NetflowYESYES
SSH/Telnet ConsoleYESYES

Points against Nagios

Monitoring current technologies

New check creation is based on wizards or plugins. In both cases, you have to be an expert to modify any of them (you have to program at command level, know the specific template definition language and manually debug), which makes it difficult to broaden the variety of checkups or customize one of them easily from the interface itself. In Pandora FMS, any extension can be carried out using the WEB interface, without getting down to the console level, in addition to offering a bigger plugin collection for business software that does not require any kind of coding.

When applying settings, you need to “compile” them so that if something goes wrong, changes cannot be applied until they are corrected. This would be insane in an environment with many hosts. Deleting an agent without first deleting the service it contains prevents you from making the change, but it does not solve it, for example. In Pandora FMS, the entire operation is in real time, or in the case of applying major changes, managed in the background by the system, without interruptions or the need to interact at a low level with the system.

Management automation

In general, monitoring is so manual that it would take a long time to monitor 100 agents, unless low-level scripts are created to automate the whole process, so there is no standard nor tools that allow automation, or good practices, it depends exclusively on the ability of the “nagios expert” to automate these tasks efficiently, which is a completely manual process.

Reports

Although Nagios has “custom” reports, this customization is limited to parameterizing the already available reports, which are only of 20 types. Each report shows a type of information available with a pre-set presentation, for example the SLA:

nagios1

Filters can be added and saved as favorites, but it is not a report that can be much more customized. To sum up, reports are intended for the technician’s use, never to be used for an internal or external client. Reports do not allow to combine different types of elements or to show generic graphs of specific metrics.

Usability in large environments

Console load for very few agents is extremely high. The usability with a high number of systems is very poor. Although it can be made to monitor many systems, it clearly has not been designed for it. Pandora FMS is currently being used to operate and manage systems with more than 100,000 nodes.

Windows Agents

Nagios “Advanced” Agents for Windows (NSCA) are from 2011 and there have been no updates since then. There are several “Forks” (iCinga, ISCA-NG), but not for Windows. Despite the fact that Nagios has up to four types of agents (NRPE, NSCA), their performance and power is far from being comparable to that of Pandora FMS, especially in Windows environments.

Performance monitoring

Until very recently, Nagios used third-party software to manage performance data and graphics. It has now been integrated, but it remains a tailored third-party component, and not part of its initial architecture. Pandora FMS is a native capacity tool, it can be used to elaborate dashboards, since it works with data and an SQL engine from its first version.

Lack of event management

Nagios does not perform event-based management, it cannot automatically validate events from monitors that have been retrieved, it cannot group them, and it cannot specify event-based alerts. To tell you the truth, there is no “event” concept in Nagios as in other tools (OpenView, Tivoli, Patrol, SCOM, Spectrum, etc). Pandora FMS has evolved based on requirements of former users of these tools, so the level of compliance with industry standards is very high.
For Nagios, the events consist of a text log for a simple visual review, as seen in the following screenshot:

nagios2.

Nagios cannot do a root cause analysis,

Since there is no event correlation. PandoraFMS does have it, and it also has multiple tools (L2 Maps, Services, Alert Escalation, Cascade Protection) that help the user in this regard.

Nagios cannot do BPM (service monitoring)

With Nagios you cannot set a hierarchy based on weights of different elements from different systems. Pandora FMS has a specific component (Service Maps) for this specific point.

Network level deficiencies.

Nagios cannot display a physical network, since it is not capable of detecting or displaying link-level topologies. This limits switch and router monitoring. Furthermore, its network maps are not interactive nor can they be edited or customized unlike Pandora FMS Enterprise.

Its SNMP trap monitoring is not integrated with monitoring and therefore no added graphs, reports or alerts can be displayed. The same applies for its Netflow monitoring interface, which is conceived as an auxiliary tool.

Dashboard and custom visual displays

The closest thing to Pandora FMS visual consoles on Nagios are the third-party NAGVIS plugin that has barely evolved in the last 15 years. Nagvis is an external plugin, which is not even fully integrated with Nagios XI. Even going so far as to have a different look & feel:

nagios3

Although Nagios also has a Dashboard with a concept similar to that of Pandora FMS, it does not have basic elements, such as showing graphs of each monitored element, or numerical data of the collected values. It happens in a similar way with reports, which have “predefined” elements that provide little or no flexibility when it comes to building your own dashboards.

Permission management and Multi-tenancy

NagiosXI is not intended to work in a complex organization, where different administrators and users with access to different groups of machines can coexist. Its access segregation is very basic:

nagios4

The scenario where you may have several dozen, with different ACL permissions by user groups is not even contemplated. Although it has an audit log, it is not useful to know what the administrator or users do with the tool, it is more like a server diagnostic tool.

Conclusions

Nagios is a software tool that can be useful in environments where there is already a person with advanced knowledge of Nagios who takes care of everything and adapts it manually according to the needs of the environment. The company does not have a “Nagios”, it has a “person who knows about Nagios”, so the cost of the total solution is really the cost of that person, including a possible replacement. In this case you don’t pay for license nor maintenance, but the hidden costs are of other nature. Tool customization and evolution depends entirely on that person. It is not a standard solution, it is a completely “ad-hoc” solution.

100% of our clients, prospects or consulted companies that use Nagios, actually use the “free” version of Nagios, which has less features than those included in this comparison. There are many Nagios forks, the most popular are Icinga or Centreon. There are commercial alternatives with a higher quality than that of Nagios XI, the best representative would be OP5.

Nagios XI is a tool whose main strength is its license price, which in most cases is free, and which even in the case of paying for the “Enterprise” version is more competitive than Solarwinds or Whatsup Gold just to name a few.

Pandora FMS is a tool that competes – and has already replaced in several cases – tools from IBM, HP, CA and BMC such as Tivoli, OpenView, Spectrum and Patrol. The scope, resources and scope of the projects are clearly different.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

新渠道計劃作為業務發展戰略

Ártica Pandora PFMS launches a new channel program for partners as a key element in its business development strategy.

Ártica Pandora PFMS, within the framework of its global growth strategy, is evolving its channel program with the firm intention of expanding its worldwide network of partners. We will do so together with companies that complement, with their knowledge of the clients’ business, the wide range of monitoring, incident management and remote management services provided byPandora FMS, Pandora FMS Remote Control and Pandora FMS ITSM products.

At Pandora FMS we understand the importance of the benefits provided by a quality service, and, therefore, we want to develop the potential of professional IT companies whose purpose is to improve their clients’ business through knowledge and proper IT infrastructure use.

Since our main objective is the service quality for the users of our solutions, we especially focus on the qualification of our partners. We know for a fact that deep knowledge of our tools increases their productivity, while reducing the time spent by technicians. Effectiveness and efficiency that are achieved through custom training, and that can reproduce the customer environment so that partner-customer integration is fast and efficient.

The new Pandora FMS channel program embraces any size of company, from service providers to MSPs, consultancies, system integrators, distributors, etc. Of course, as long as they understand the value that monitoring and knowledge of the status of the IT infrastructure provides in the positive evolution of their business.

It is a simple program, easy to understand and comply with, without any tricks or hidden conditions. Flexible, with the ability to adapt to the needs of partners and their customers. Consistent, based on many years of experience attending and understanding the particularities of the channel and always aimed at providing the maximum benefit, direct and indirect, to companies that place their trust in us.

Now Pandora FMS partners self-qualify based on their commitment on three levels: Silver, Gold and Platinum. We certify that any of the levels is perfectly qualified to represent, with guarantees, Ártica PFMS products before clients. Our channel program also contemplates complementing the small deficiencies that may arise with our own manufacturer services, of the highest level.

All of our partners will have commercial interlocutors who, listening to customer requirements, understand their needs and are able to propose the appropriate solution. Gold partners will also have a qualified and certified technical team to install and adapt our solution to the client. And, of course, Platinum partners will enjoy higher independence and a higher volume of commercial and technical resources, which will allow them much more agile response times.

For Pandora FMS, the word “partner” means commitment, so the entire company has acquired the responsibility of helping to develop the channel’s business. From our first resource to the last (technical, presale, commercial, marketing, administration…) we are all available to our partners to minimize their own needs and maximize their business generation.

Each of our collaborating partners has their idiosyncrasies and their catalog of solutions, and the success of our channel program lies in the way we adapt Pandora FMS products to said portfolio, seamlessly, so that the organization of our partners, as a whole perceives that your solutions are scaled up without the need for patches or technical or commercial efforts.

We share the path, we work on demand generation, either directly through events and campaigns for predefined clients, or indirectly through social networks, generalist and economic press, press specialized in information technology or presence in sector fairs. We actively collaborate also providing all kinds of commercial information on the product portal.

Once the need is created, we reinforce, with our presence, the work of the salespeople, both in the initial stages of validation of the opportunity, and in the realization of presentations and custom demonstrations to clients, including, depending on the demand, tests of concept or even pilots with real data. We always leave the relational initiative to our partners, to whom in no case do we discuss the ownership of the opportunity, we only stay by their side in the sales cycle, thus guaranteeing avoiding conflicts between partners that may cause image and productivity loss in end customers.

Once the agreement with the clients has been reached, we continue to be by the side of our collaborators, providing them with all those services they need to complement their training and guaranteeing the success in the project’s execution.

And we don’t stop there, because we know that the relationship with a client does not end with an installation, but that it is something alive, constantly evolving, like our products, which include improvements (releases) from three to five weeks. Our direct support, or through the partner, is able to cover, with continuous coverage, the demand of the end companies that trust us.

In short, at Pandora FMS, we take our business very seriously, as much as any company with which we have the pleasure of collaborating, and, therefore, we have chosen a simple, flexible and seasoned channel model, which allows for the money generated by the ecosystem of partners that we are creating to affect and feed it. So the services we offer, together, obtain a productive knowledge of everyone’s information technology infrastructure, and this helps businesses grow in a sustainable way with the minimum operating cost.

If you are already a Pandora FMS partner, ask us more about how to grow together and, if you are not yet, find out all the details of the new partner program and contact us. We are sure to find quick business synergies.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

自來水公司面臨越來越大的網絡攻擊風險

Ransomware is Everywhere

Over the past few months, there is a feeling that every day a different organization has fallen victim to a ransomware attack. While the idea of a ransomware attack isn’t new, the recent headline-grabbing attacks are exploiting the different products and services that we use on a daily basis. This growing trend of cybercriminals attacking different critical infrastructures has become more lucrative for attackers as they are affecting the way of life which is more devastating for the global community and their victims.

On top of the alarming amount of ransomware attacks, more and more severe vulnerabilities due to remote access have been discovered. This has made it easier for cybercriminals to exploit their targets. One of the most targeted industries that have been affected by poor remote access security is the water utility industry.

Due to the important role of water and wastewater infrastructures in our society, their newly connected systems have become an attractive target for cybercriminals to attack via different attack vectors such as insider and outsider threats and supply chain attacks.

Since the start of 2021, there have been different examples of water plants being successfully attacked by cybercriminals. On January 15th, a water treatment plant in San Francisco was exploited by an attacker who was trying to poison the plant. The cybercriminal gained access by using a former employee’s TeamViewer account credentials. Once the attacker accessed the water plant’s system, they deleted programs that the water plant used to treat drinking water. The attack was only discovered the next day by the water plant and the facility changed its passwords and reinstalled the programs.

A few weeks later another attack on a water plant occurred, and this time it was the Oldsmar Florida water system cyber attack. A hacker gained access into the water treatment system of Oldsmar, Florida, and hijacked the plant’s operational controls. He was able to temporarily drive up the sodium hydroxide content in the water to poisonous levels. Luckily, a plant operator was able to return the water to normal levels.

In 2018, The Department of Homeland Security (DHS) and the FBI warned that the Russian government is specifically targeting the water sector which resulted in the US government forming the Cybersecurity and Infrastructure Security Agency (CISA) to ensure the cybersecurity of critical infrastructure would be prepared for incoming physical threats.

The attack surface of water and wastewater infrastructure will only continue to grow over time. This sparks the priority for stronger cybersecurity and more secure remote access as more water utility organizations will become victims to cyber attacks which could lead to disastrous consequences or even death.

Water Utilities Are an Attractive Target

There are close to 200,00 drinking water systems in the U.S. that provide tap water to nearly 300 million Americans. These water systems are in cities, schools, hospitals, office buildings and other places. When critical water or wastewater systems are exploited by a cybersecurity attack, the malicious activity could result in devastating consequences to public health and safety.

Some attacks on water utilities could cause contamination, operational malfunction, and service outages which would result in potential illness and casualties. Additionally, it could result in a compromise of emergency response teams and possibly impact different transportation systems and food supply. Additionally, on top of attacking the physical water utility equipment, the water plant sector entities are in charge of some critical personal data. This personal data is an extremely attractive target for cybercriminals as seen in previous attacks.

Another example of a successful attack on a water utility is the city of Atlanta ransomware attack. In March 2018, the city of Atlanta and Atlanta Department of Watershed Management employees were unable to turn on their work computers or gain wireless internet access, and two weeks after the attack Atlanta completely took down its water department website “for server maintenance and updates until further notice.” It took Atlanta months to recover and an estimated cost of up to $5 million in recovery efforts, to address the attack.

Remote Access Provides Attackers an Easy Entry Point

If the recent examples of successful attacks on water infrastructures were not evident on the different security threats, now more than ever water utility companies need to get more serious about how they manage remote access.

Over the past decade, the technology behind water infrastructures and utilities has become more interconnected with OT & IoT devices. The different connected devices such as controllers, sensors and smart meters are being used by water utilities to remotely monitor and manage processes. Unfortunately, they are easy targets for cybercriminals to infiltrate.

For water utilities, smart metering can increase efficiency but it comes with its consequences and remote access is a key entry point for successful attacks. Having poor remote access security can allow cybercriminals from both internal and external to gain access to the main operating system remotely and causing severe community health issues like flooding or contaminating water sources.

There is also the issue of smart meters and water appliances that are deployed by water management organizations that can be infiltrated by cyber attacks. If a smart meter is compromised through an attack or reverse engineering, it would allow cybercriminals to potentially access the metering infrastructure which would provide them the ability to attack and move laterally within an organization’s system and networks.

The different vulnerabilities of smart meters brighten the light on the importance and need for better device protection. It is crucial for organizations that are using connected utility devices such as ICS, controllers, smart meters, sensors, etc. to be properly monitored and managed. By understanding who has access, from where they are accessing and irregular activity to a water utility device it will decrease the chance of a successful remote attack on the water systems.

What Water Organizations Can Do

Water and wastewater organizations need to prioritize security and this starts with setting aside the proper amount of resources and attention in protecting their company’s infrastructure and equipment. This process starts with getting a deep understanding of the different security risks that are presented with water and wastewater systems and which steps need to be done to ensure better security.

With the increasing number of successful attacks on water plants and more awareness of the different risks with water utilities, more organizations are slowly starting to understand the significance of implementing the right security practices when it comes to securing their IT and OT systems. As water plants adopt more smart sensors and other IoT devices to automate and modernize their water-based process, it will create new exploitable entry points for cybercriminals to exploit remotely and move laterally within the organization systems.

As water technology continues to advance, so do the different risks that come with it. By adopting more connected technologies and devices it has forced water organizations to connect to the internet which has resulted in more remote access entry points which have caused the increase of security events. This trend has resulted in security teams updating their security approach to one that fits for better remote access security and a new approach for OT security.

While not every water utility company has made the right steps for a more secure water plant, the awareness has led to changes in the water industry. Some companies and cities like The city of Hutchinson have taken a more proactive approach when securing their connected OT equipment with a passive network monitoring solution, specifically designed for OT environments. Now, the city of Hutchinson is securing all their water production, treatment divisions operate and maintain reverse osmosis (RO) water treatment center, 20 water wells, 2 booster pump stations, 4 water storage towers, 2 Class I disposal wells, and all of their groundwater remediation facilities all in one platform.

As water and wastewater organizations continue to become a more attractive target for cybercriminals, it’s best to be prepared for any kind of attack on water utilities by now taking action and mitigating any risks. With a more security-first approach cemented in an organization with the right amount of awareness, water utilizes can continue to expand as their networks do. It is important for decision-makers to consider new security approaches that offer a device-level, security by design that protects their infrastructure for years to come.

To learn more about how SCADAfence protects the water supply of 42,080 Americans in the city Of Hutchinson, Kansas, download the case study here:
https://www.scadafence.com/resource/how-scadafence-protects-the-water-supply-of-the-city-of-hutchinson/

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.

為了打擊勒索軟件黑客,耗盡了加密貨幣沼澤

This kind of digital extortion – increasingly viewed as terrorism – would be impossible without the ability to move money around anonymously

Last month, a cybercriminal group penetrated the Colonial Pipeline. This wasn’t just “another” hack, with privacy consequences and threats on personal information. The severe results were shown instantly. Gas supply to millions of Americans was disrupted leading to a spike in gas prices and panic buying causing local fuel shortages in the southeast, and resurfacing old memories of the infamous gas crisis in the US in the late 1970s.

It becomes evident, and not for the first time, that ransomware has the potential to affect the personal lives of innocent citizens tremendously. The problem is worsening by the day as groups improve their ransomware code and collect easy money.

The US authorities responded – a national cyber investigative task force was formed and last night, DOJ told Reuters that US authorities will “give ransomware hacks similar priority as terrorism”. This begs the question, however: will it be possible to stop ransom hacks without treating its originator?

The fact is we’re not looking at this problem holistically. There is one factor making this problem possible, and systemic: cryptocurrency. Ransomware hacks thrive due to the possibility to transfer cryptocurrency easily, rapidly and without leaving traces. The criminals are not required to deal with complex transfers. Gone are the days where hostage-takers demand one million dollars in small-unranked-paper-bills, with a jet on the runway ready to take them to some foreign land where there’s no extradition agreement. All they need is a Bitcoin address, Monero, or ZCash, and a few command lines – and voila – the money lands safely at the hands of the criminals. It’s almost a sterile crime.

In fact, those money transfer machines enable the prosperity of a global crime industry, fueled by corporate extortion funds. For instance, in the case of the Colonial Pipeline, despite the involvement of the FBI and the law authorities, a five million dollar ransom was paid in order to free the systems. Some of the funds were recovered, in an unprecedented operation, and yet, the damage remained.

This is not pocket change. Each win – no matter how financially lucrative – builds on itself and gives these cybercriminals more confidence to fuel the next attack. For example, in dark web forums the phenomenon of “ransomware hack as a service” is gaining popularity, and criminals are offering ransomware for rent. The thieves have become so contented, that they are allowing others to use their tools, while they’re resting safely as ordinary software vendors.

In order to stop terror, we have to stop its funding. However, when it comes to ransomware hacks there is still no internalization of the fact that strict limitations should be put on its primary funding source – cryptocurrencies. The promise for liberty and freedom from censorship made by theoreticians in this field are shattered daily, and instead of a paradise for innocent civilians, we’re left with the opposite – a utopia for criminals. In fact, untraceable cryptocurrencies are the swamp in which the disease of ransomware flourish.

This swamp must be dried up. If governments around the world seriously intend to stop the phenomenon of ransomware hacks, they have to put strict limitations on money transfers via crypto currencies. They must supervise cryptocurrencies the same way they do with cash, bank transfers, diamonds or weapons. Countries should demand users to expose their money sources and prevent them from doing major deals not conducted through the supervised international banking system.

Governments should also implement methods of tracking cryptocurrencies and sound the alarm when illegal activity is detected. If they cannot decide on or implement a system to administer this, governments should consider the unpopular step of complete prohibition of holding and trading cryptocurrency. Drying up of the funding sources for these attacks may be the only viable approach to stop their continued proliferation. If we do not take immediate action to dry those swamps, we will find ourselves in the near future too weak and too ill to recover.

Originally posted on Times of Israel

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.

為了打擊勒索軟件黑客,耗盡了加密貨幣沼澤

This kind of digital extortion – increasingly viewed as terrorism – would be impossible without the ability to move money around anonymously

Last month, a cybercriminal group penetrated the Colonial Pipeline. This wasn’t just “another” hack, with privacy consequences and threats on personal information. The severe results were shown instantly. Gas supply to millions of Americans was disrupted leading to a spike in gas prices and panic buying causing local fuel shortages in the southeast, and resurfacing old memories of the infamous gas crisis in the US in the late 1970s.

It becomes evident, and not for the first time, that ransomware has the potential to affect the personal lives of innocent citizens tremendously. The problem is worsening by the day as groups improve their ransomware code and collect easy money.

The US authorities responded – a national cyber investigative task force was formed and last night, DOJ told Reuters that US authorities will “give ransomware hacks similar priority as terrorism”. This begs the question, however: will it be possible to stop ransom hacks without treating its originator?

The fact is we’re not looking at this problem holistically. There is one factor making this problem possible, and systemic: cryptocurrency. Ransomware hacks thrive due to the possibility to transfer cryptocurrency easily, rapidly and without leaving traces. The criminals are not required to deal with complex transfers. Gone are the days where hostage-takers demand one million dollars in small-unranked-paper-bills, with a jet on the runway ready to take them to some foreign land where there’s no extradition agreement. All they need is a Bitcoin address, Monero, or ZCash, and a few command lines – and voila – the money lands safely at the hands of the criminals. It’s almost a sterile crime.

In fact, those money transfer machines enable the prosperity of a global crime industry, fueled by corporate extortion funds. For instance, in the case of the Colonial Pipeline, despite the involvement of the FBI and the law authorities, a five million dollar ransom was paid in order to free the systems. Some of the funds were recovered, in an unprecedented operation, and yet, the damage remained.

This is not pocket change. Each win – no matter how financially lucrative – builds on itself and gives these cybercriminals more confidence to fuel the next attack. For example, in dark web forums the phenomenon of “ransomware hack as a service” is gaining popularity, and criminals are offering ransomware for rent. The thieves have become so contented, that they are allowing others to use their tools, while they’re resting safely as ordinary software vendors.

In order to stop terror, we have to stop its funding. However, when it comes to ransomware hacks there is still no internalization of the fact that strict limitations should be put on its primary funding source – cryptocurrencies. The promise for liberty and freedom from censorship made by theoreticians in this field are shattered daily, and instead of a paradise for innocent civilians, we’re left with the opposite – a utopia for criminals. In fact, untraceable cryptocurrencies are the swamp in which the disease of ransomware flourish.

This swamp must be dried up. If governments around the world seriously intend to stop the phenomenon of ransomware hacks, they have to put strict limitations on money transfers via crypto currencies. They must supervise cryptocurrencies the same way they do with cash, bank transfers, diamonds or weapons. Countries should demand users to expose their money sources and prevent them from doing major deals not conducted through the supervised international banking system.

Governments should also implement methods of tracking cryptocurrencies and sound the alarm when illegal activity is detected. If they cannot decide on or implement a system to administer this, governments should consider the unpopular step of complete prohibition of holding and trading cryptocurrency. Drying up of the funding sources for these attacks may be the only viable approach to stop their continued proliferation. If we do not take immediate action to dry those swamps, we will find ourselves in the near future too weak and too ill to recover.

Originally posted on Times of Israel

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

About CDM InfoSec Awards
This is Cyber Defense Magazine’s ninth year of honoring global InfoSec innovators. Our submission requirements are for any startup, early stage, later stage or public companies in the INFORMATION SECURITY (INFOSEC) space who believe they have a unique and compelling value proposition for their product or service. Learn more at http://www.cyberdefenseawards.com

About the Judging
The judges are CISSP, FMDHS, CEH, certified security professionals who voted based on their independent review of the company submitted materials on the website of each submission including but not limited to data sheets, white papers, product literature and other market variables. CDM has a flexible philosophy to find more innovative players with new and unique technologies, than the one with the most customers or money in the bank. CDM is always asking “What’s Next?” so we are looking for Next Generation InfoSec Solutions.

About Cyber Defense Magazine
With over 5 Million monthly readers and growing, and thousands of pages of searchable online infosec content, Cyber Defense Magazine is the premier source of IT Security information for B2B and B2G with our sister magazine Cyber Security Magazine for B2C. We are managed and published by and for ethical, honest, passionate information security professionals. Our mission is to share cutting-edge knowledge, real-world stories and awards on the best ideas, products and services in the information technology industry. We deliver electronic magazines every month online for free, and special editions exclusively for the RSA Conferences. CDM is a proud member of the Cyber Defense Media Group. Learn more about us at https://www.cyberdefensemagazine.com and visit https://www.cyberdefensetv.com and https://www.cyberdefenseradio.com to see and hear some of the most informative interviews of many of these winning company executives. Join a webinar at https://www.cyberdefensewebinars.com and realize that infosec knowledge is power.

ESET揭露夜神模擬器供應鏈攻擊的幕後駭客組織身分

今年2月,夜神模擬器(NoxPlayer)的軟體更新機制遭到入侵,該款Android模擬器用戶全球約1.5億人,攻擊者鎖定特定少數用戶下手,對他們的電腦進行監控。

背後發動攻擊的APT駭客組織,被命名為Gelsemium,根據相關的分析結果,ESET指出,這個組織最早約於2014年開始發起攻擊行動,遭到Gelsemium攻擊的受害者,遍及東亞和中東,受害單位的類型,包含了政府機關、宗教團體、電子製造業,以及大專院校等。該組織鎖定的國家,涵蓋中國、蒙古、北韓、南韓、日本、土耳其、伊朗、伊拉克、沙烏地阿拉伯、敘利亞,以及埃及。ESET也提供入侵指標(IoC)供資安人員參考。

對於Gelsemium擅長的手法而言,ESET認為是藉由微軟Office的漏洞與釣魚郵件,來散布用來攻擊的惡意軟體,並且利用Exchange伺服器的RCE漏洞,來進行水坑式攻擊。該組織約於2020年9月發動NightScout行動(Operation NightScout),滲透了夜神模擬器的更新伺服器。ESET表示,在10萬名同時是ESET與夜神模擬器的用戶中,僅有5名收到惡意更新,他們位於臺灣、香港,以及斯里蘭卡。

除了上述攻擊事件之外,ESET也點名兩支之前被發現的惡意軟體:OwlProxy和Chrommme,可能與Gelsemium有所關連。為何這些惡意軟體與該組織有關?ESET指出,前者與Gelsemium惡意軟體的元件程式碼,雖然幾乎沒有直接關連,但他們在分析之後還是發現與該組織有關的證據。

後者則是ESET從Gelsemium生態圈調查所找到的後門程式,與前者相同的是,從程式碼的層面比對該駭客組織使用的元件,也幾乎沒有什麼關連,但Chrommme與該組織使用的Gelsevirine,都使用相同的2個C2伺服器。再者,另一個與該組織有關的證據,則是ESET也在遭受Gelsemium攻擊的組織電腦中,發現了Chrommme。

原文出處一:https://www.welivesecurity.com/2021/02/01/operation-nightscout-supply-chain-attack-online-gaming-asia/

原文出處二:https://www.welivesecurity.com/2021/06/09/gelsemium-when-threat-actors-go-gardening/

#若有任何資安需求,歡迎洽詢台灣二版資安專業團隊,服務電話:(02)7722-6899,或上官網查詢:https://version-2.com.tw/?skip=1

關於 Version 2 Digital
資安解決方案 專業代理商與領導者
台灣二版 ( Version 2 ) 是亞洲其中一間最有活力的 IT 公司,多年來深耕資訊科技領域,致力於提供與時俱進的資安解決方案 ( 如EDR、NDR、漏洞管理 ),工具型產品 ( 如遠端控制、網頁過濾 ) 及資安威脅偵測應 變服務服務 ( MDR ) 等,透過龐大銷售點、經銷商及合作伙伴,提供廣被市場讚賞的產品及客製化、在地化的專業服務。

台灣二版 ( Version 2 ) 的銷售範圍包括台灣、香港、中國內地、新加坡、澳門等地區,客戶涵 蓋各產業,包括全球 1000 大跨國企業、上市公司、公用機構、政府部門、無數成功的中小企業及來自亞 洲各城市的消費市場客戶。

關於ESET
ESET成立於1992年,是一家面向企業與個人用戶的全球性的電腦安全軟體提供商,其 獲獎產品——NOD32防病毒軟體系統,能夠針對各種已知或未知病毒、間諜軟體 (spyware)、rootkits和其他惡意軟體為電腦系統提供實時保護。ESET NOD32佔用 系統資源最少,偵測速度最快,可以提供最有效的保護,並且比其他任何防病毒產品獲 得了更多的Virus Bulletin 100%獎項。ESET連續五年被評為“德勤高科技快速成長500 強”(Deloitte’s Technology Fast 500)公司,擁有廣泛的合作夥伴網絡,包括佳 能、戴爾、微軟等國際知名公司,在布拉迪斯拉發(斯洛伐克)、布里斯托爾(英國 )、布宜諾斯艾利斯(阿根廷)、布拉格(捷克)、聖地亞哥(美國)等地均設有辦事 處,代理機構覆蓋全球超過100個國家。