Tag Archives: Networks

WatchGuard report finds two-thirds of malware to be encrypted

WatchGuard Technologies’ latest Internet Security Report shows that 67% of all malware in Q1 2020 was delivered via encrypted HTTPS connections and that 72% of encrypted malware was classified as zero day, so on that basis would have evaded signature-based anti-virus protection.

These findings show that, without HTTPS inspection of encrypted traffic and advanced behaviour-based threat detection and response, organisations are missing up to two-thirds of incoming threats. The report also highlights the finding that the UK was a top target for cyber criminals in Q1, earning a spot in the Top Three countries for the five most widespread network attacks.

“Some organisations are reluctant to set up HTTPS inspection due to the extra work involved, but our threat data clearly shows that a majority of malware is delivered through encrypted connections and that letting traffic go uninspected is simply no longer an option,” said Corey Nachreiner, chief technology officer at WatchGuard. “As malware continues to become more advanced and evasive, the only reliable approach towards defence is implementing a set of layered security services, including advanced threat detection methods and HTTPS inspection.”

Malware

Key findings

Other key findings from WatchGuard’s latest Internet Security Report include:

Monero cryptominers surge in popularity Five of the Top Ten domains distributing malware in Q1 (identified by WatchGuard’s DNS filtering service DNSWatch) either hosted or controlled Monero cryptominers. This sudden jump in cryptominer popularity could simply be due to its utility. Adding a cryptomining module to malware is an easy way for online criminals to generate passive income

Flawed-Ammyy and Cryxos malware variants join top lists The Cryxos trojan was third on WatchGuard’s Top Five encrypted malware list and also third on its Top Five most widespread malware detections list, primarily targeting Hong Kong. It’s delivered as an e-mail attachment disguised as an invoice and will ask the user to enter their e-mail and password which it stores. Flawed-Ammyy is a support scam where the attacker uses the Ammyy Admin support software to gain remote access to the victim’s computer

Three-year-old Adobe vulnerability appears in top network attacks An Adobe Acrobat Reader exploit that was patched in August 2017 appeared in WatchGuard’s top network attacks list for the first time in Q1 of this year. This vulnerability resurfacing several years after being discovered and resolved illustrates the importance of regularly patching and updating systems

Mapp Engage, AT&T and Bet365 targeted with spear phishing campaigns Three new domains hosting phishing campaigns appeared on WatchGuard’s Top Ten list in Q1 2020. They impersonated digital marketing and analytics product Mapp Engage, online betting platform Bet365 (this campaign was in Chinese) and an AT&T login page (this campaign is no longer active at the time of the report’s publication)

COVID-19 impact Q1 2020 was only the start of the massive changes to the cyber threat landscape brought on by the COVID-19 pandemic. Even in the first three months of 2020, WatchGuard still saw a massive rise in remote workers and attacks targeting individuals

Malware hits and network attacks decline Overall, there were 6.9% fewer malware hits and 11.6% fewer network attacks in Q1, despite a 9% increase in the number of Fireboxes contributing data. This could be attributed to fewer potential targets operating within the traditional network perimeter with worldwide work-from-home policies in full force during the COVID-19 pandemic

Malware2

Anonymised data

The findings in WatchGuard’s Internet Security Reports are drawn from anonymised Firebox Feed data from active WatchGuard appliances whose owners have opted in to share data to support the Threat Lab’s research efforts. Over 44,000 appliances worldwide contribute threat intelligence data to the report. In Q1 2020, they blocked over 32,148,519 malware variants in total (730 samples per device) and more than 1,660,000 network attacks (38 attacks per device).

The complete report includes key defensive Best Practices that organisations of all sizes can use to protect themselves in today’s threat landscape and a detailed analysis of how the COVID-19 pandemic and associated shift to working from home affected the cyber security landscape.

*To view the full report visit Internet Security Report for Q1 2020

Leave a comment

Filed under Security Matters

IDIS ranked among top security equipment manufacturers for 2020 OSPAs

Confirming IDIS as one of the most trusted suppliers of surveillance tech in the UK, the company has been named as a finalist in the 2020 Outstanding Security Performance Awards (OSPAs). Indeed, IDIS is the only video manufacturer to have been selected as a finalist in this year’s awards scheme.

Now Korea’s largest in-country video surveillance equipment manufacturer, IDIS has established a committed customer base in the UK by offering end-to-end video solutions that combine plug-and-play simplicity with advanced functions. It’s an approach that has seen its sales grow consistently every year since its 2013 UK launch. In 2018, year-on-year sales were up by 78%, with 22% consolidated growth across Europe.

IDISOSPAsFinalist2020

UK OSPAs founder Professor Martin Gill CSyP FSyI informed Risk Xtra that IDIS and the other 2020 finalists had been identified by an independent panel of experts scoring against impartial and ethical judging criteria.

“All those who are finalists have reached a score threshold and those with low scores, or ranked lower than tenth equal, have been eliminated. This ensures our finalists represent the very best in the industry.”

From the early days of IP, IDIS took a different approach to its competitors. When many were talking about the advantages of open architecture IP surveillance and solutions on corporate networks, IDIS understood that there were drawbacks in that approach. Today, it’s almost universally accepted that, for many SME video surveillance applications, dedicated networks are better.

IDIS identified this reality correctly from the outset because the business wasn’t led by what new technology could do, but rather by what customers actually needed.

As a result, IDIS DirectIP was the first genuine, one-click plug-and-play solution which, at a stroke, removed a major burden on professional installers. IDIS believed there should be no need for engineers to learn how to handle networks and routers, or to manage passwords for each individual device. Supporting installers who don’t have an in-depth knowledge of networking, IDIS’ ‘For Every Network’ peer-to-peer technology allows engineers to deploy secure, multi-site surveillance solutions on a rapid basis.

IDISOSPAsVideoTechRange

IDIS has also led the way with other important innovations, including reducing the video storage and transmission burden for end users with its Intelligent Codec, a powerful compression technology that cuts bandwidth requirements by up to 90% when combined with motion adaptive transmission.

To make the migration to H.265 easier and more affordable for end users, IDIS developed a dual codec solution allowing simultaneous H.264 live viewing and H.265 high resolution recording. Another example of technical innovation being fitted to customer realities, not the other way around.

IDIS has also focused on improving value for end users, with its totally cost- and license- free IDIS Center VMS being powerful yet easy enough for non-specialist staff to use.

“IDIS innovations have a proven track record of providing targeted and original answers to specific problems faced by end users and installers,” explained James Min, managing director for IDIS Europe. “We’re delighted that our approach has been recognised in the 2020 OSPAs and look forward to the awards ceremony on 26 February.”

Leave a comment

Filed under Risk Xtra

Bosch launches new information security services to protect against cyber attacks

The IT Security Expo and Congress 2019 takes place in Nuremberg from 8-10 October and experts from Bosch will be on hand on Stand 506 in Hall 10.1 to outline the company’s latest information security services for defending against cyber attacks.

Cyber criminals pose a threat to building security solutions. Today’s physical security systems are increasingly IP-based and run on the same networks as generic office and production IT systems.

“The growing use of IT, along with greater networks, is also making building security solutions potentially vulnerable to all of the same risks that plague the rest of the IT world, such as hacker attacks and malware,” explained André Heuer, who heads the information security operation at Bosch Building Technologies. “Particularly so in critical infrastructure, this interaction of IT and facility management makes it essential to find new ways in which to ward off cyber attacks. We want to help our customers expand their information security strategies to include physical systems.”

BoschInformationSecurity

On that basis, Bosch is introducing new information security services to address security needs in conventional building security systems by erecting “cyber barriers”. The company’s portfolio now embraces three complementary components:

Information Security Consulting for designing tailored information security concepts to meet customers’ individual protection requirements

Security Operations Centre which manages vulnerabilities and information security incidents to ensure a consistently high level of security while complying with reporting requirements

IT Security Services which implement appropriate measures to protect building security solutions from cyber threats

All of the services are provided in close consultation with customers’ IT security officers. By offering these options, Bosch feels that it’s “raising the standard of information security in buildings to a new level”.

Leave a comment

Filed under Risk Xtra

BT to deliver latest SD-WAN and cyber security services for chemicals manufacturer IXOM

BT has signed a contract to deploy a new generation of network technology for IXOM, a market leader in the sphere of chemicals manufacturing and distribution in Australia and New Zealand. The arrangement will see IXOM benefit from BT’s latest SD-WAN and cyber security managed services as it shifts applications and data to the cloud in a bid to drive agility, efficiency and innovation.

IXOM’s new network will connect over 1,000 employees at 55 sites across 14 countries. That network will support the company’s digital transformation by delivering over seven times more bandwidth than the company’s existing infrastructure and offer a step change in resilience with dual connectivity to 35 major sites.

The network will be built around BT Agile Connect, a BT managed service based on an SD-WAN 2.0 solution by Nuage Networks from Nokia. This offers enhanced control and understanding of network infrastructure and traffic flows, a much faster, simpler and more secure way of setting up new sites, reduced complexity and lower costs.

BT will also deliver a 24×7 global cyber threat detection, investigation and response service. Managed from BT’s Australian Cyber Security Operations Centre and interfacing directly with IXOM’s in-house team, it will be based on a SIEM platform combined with specialist cyber analyst services. This will help to protect IXOM from today’s rapidly evolving threats.

BTCyberSecurity

Rowan Start, head of IT for IXOM, said: “We’re creating a resilient and agile technology environment to support our cloud applications and services. It will come with the ability to detect and respond to cyber threats in near real-time. We chose BT because of the company’s deep expertise in networking, its understanding of our unique operational environment and its ability to seamlessly integrate security services with our own team to create a true partnership model.”

Bernadette Wightman, managing director for resources, manufacturing and logistics at BT, responded: “Managing risk is a key consideration of any digital transformation programme. That’s why companies such as IXOM look to trusted partners like ourselves who can help them securely introduce the latest cloud-optimised network technologies. IXOM will benefit not only from the improved agility and control that our SD-WAN managed services offer, but also the reassurance that they’re working with one of the world’s leading cyber security practices. It’s a superb example of how our Dynamic Network Services Programme is helping customers deliver their digital transformation.”

BT’s Dynamic Network Services Programme is designed to give customers more choice, security, resilience, service and agility in the roll-out of future networks that support digital transformation. It helps customers to remove barriers to the adoption of SD-WAN and NFV by answering questions about which technologies to use as well as when and how to implement, configure and integrate them with existing networks in order to create a hybrid infrastructure fit for the digital age.

Leave a comment

Filed under Risk Xtra

Inner Range set to showcase new Mimic Viewer at International Security Expo

Access control solutions developer Inner Range will showcase a new Mimic Viewer for its award-winning Integriti product at the International Security Expo, which takes place in London later this month.

The Mimic Viewer provides a visual ‘read only’ overview of the intelligent Integriti access control and intruder detection system. It allows security staff to view events remotely without passing control of the system off-site.

The Mimic Viewer is a separate installation with its own connection to the controller, which can be Ethernet-based or via the UniBus UART board. This is helpful for those sites that don’t allow networked computers to be left logged in and unattended, or in the case of a network failure.

InnerRangeMimicViewer1

Tim Northwood, general manager of Inner Range, said: “Mimic panels are a fantastic way of providing a visual overview of a system, allowing rapid comprehension of a situation and response when an emergency occurs. Our Mimic Viewer has the added benefit of being separate from any network, so it will maintain its connection whatever the network status and ensure better levels of security as a result.”

Northwood added: “The International Security Expo is always a great event for showing new and existing customers what our products can do. We’ll be allowing delegates to try out our enterprise and high security products for themselves.”

Inner Range will be offering demonstrations of its scalable enterprise access control system, Integriti, as well as the Integriti High Security Encrypted solution and the Sifer reading technology, MIFARE DESfire EV2. Stand J30 is where Risk Xtra’s readers can find the company at London’s Olympia.

InnerRangeMimicViewer2

The Integriti system delivers an intelligent integrated security solution ideal for managing and controlling single and multiple sites at the local, national and global levels. It integrates with a wide range of third party systems to become a Physical Security Information Management system, managing not only security and building automation, but also people and business continuity processes such as HR, payroll and Health and Safety.

Integriti Encrypted High Security has all the award-winning features of Integriti with complete end-to-end encryption to 128 bit AES and Mac authentication. It suits defence, Government and other Critical National Infrastructure organisations who need watertight security for counter-terror purposes or other high risk scenarios.

Leave a comment

Filed under Risk Xtra

CDVI UK receives Cyber Essentials accreditation

CDVI UK has announced the company’s successful accreditation to the Cyber Essentials security standards. Cyber Essentials is a Government-backed and industry-supported scheme designed to help organisations protect themselves against common online threats. This set of basic technical controls assists organisations in protecting themselves against common online security threats.

This certification is consistent with the continual desire of CDVI UK to offer secured solutions and products.

CDVI UK has been working with Luke Hargreaves, managing director at Cloud Smart Solutions, to secure the company’s IT network against cyber attacks. The business now has up-to-date and operative cyber security measures in place.

CyberEssentialsLogo

The latest update of the ATRIUM web-based access control to General Data Protection Regulation standards shows that CDVI’s product development is fully connected to the latest trends in the security industry.

The CDVI Group develops products ranging from biometric and online access control solutions through to electromagnetic locking, keypads, stand-alone entrance systems and door automation.

Leave a comment

Filed under Risk Xtra

‘Technology at the Edge’: Axis Communications unveils Top Five Trends to shape 2018

Surveillance specialist Axis Communications’ CTO Johan Paulsson has outlined the Top Five Trends that the company feels will shape the New Year. 

Paulsson stated: “As the Greek philosopher Heraclitus said: ‘The only one constant in life is change’. There’s perhaps no better example of this than the technology industry, where innovation is so rapid that even the most fantastic of imagined futures seem like they could become a reality in the not too distant future.”

Axis Communications has put together five top technology trends that the Lund-based business feels will have a great impact on the security and surveillance industry now and in the years to come, helping to facilitate a smarter and, of course, safer world.

JohanPaulssonCTOAxisCommunicationsWeb

Johan Paulsson: CTO at Axis Communications

(1) A move towards the edge

“Two of the greatest trends that have propelled our industry forward in recent years,” observed Paulsson, “are cloud computing and the Internet of Things (IoT), both of which are delivering undeniable benefits to businesses and consumers alike. That said, they also come with implications, namely the rise in the amount of data being transferred, processed and stored. Going forward, we anticipate that ‘edge’ computing will become ever popular, alleviating this issue by performing data processing at the ‘edge’ of the network, closer to the source of the data. Doing so significantly reduces the bandwidth needed between sensors, devices and the Data Centre.”

(2) Cloud-to-Cloud

Paulsson observed: “Despite the move towards edge computing, the cloud will continue to play a significant role in IT infrastructures. As an increasing number of companies offer cloud-based services, the cloud ecosystem is increasingly becoming the preferred point of integration, rather than the traditional on-premise system. One benefit of integration between clouds is the significant potential reduction of in-house IT services required, in turn creating great cost benefits.”

(3) Deep and machine learning

According to Paulsson: “We’ve now reached a stage where the full benefits of deep learning architectures and machine learning can begin to be realised. The explosion of data available to analyse is helping businesses become increasingly intelligent. As applications develop, there are significant opportunities for predictive analytics which could facilitate incident prevention: from terrorist incidents to slip and fall accidents; from traffic issues to shoplifting and even the tragedy of rail suicides.”

(4) Cyber security

“Once again,” outlined Paulsson, “cyber security must appear on the list of trends for the next 12 months and beyond. The constant enhancement of cyber security will be a never-ending task. This is because well-resourced cyber criminals will never stop looking to exploit vulnerabilities in any new technology. As the number of connected devices grows, so too do the potential flaws that, if left unaddressed, could provide the opportunity for networks to be breached.”

Embellishing this theme, Paulsson said: “Legislation is being created to address these concerns. In the European Union, the forthcoming General Data Protection Regulation – the deadline for compliance for this being 25 May – will unify the protection of data for individuals within the EU, wherever that data is held or used.”

(5) Platforms to realise the full benefits of the IoT

In conclusion, Paulsson informed Risk UK: “The IoT has reached a point where it’s crucial to use scalable architecture to successfully collect and analyse data and manage the network of connected devices. Such an IoT platform allows equipment from different node vendors to co-exist and easily exchange information to form smart systems using existing network infrastructure. There are numerous companies, both well-established providers of technology and new market entrants, that are enabling platforms to support IoT devices. The next 12 months will see further maturation of this process.”

*Read more: https://www.axis.com/blog/secure-insights/technology-trends/

Leave a comment

Filed under Risk UK News

Ransomware attacks cause one fifth of infected SMEs to cease business operations immediately

More than one third of businesses have experienced a ransomware attack in the last year, while over one-in-five (22%) of these impacted companies had to cease operations immediately. That’s according to a study conducted by Malwarebytes.

The Annual State of Ransomware Report finds that the impact of ransomware on SMEs can be devastating. For roughly one-in-six of impacted organisations, a ransomware infection caused 25 or more hours of downtime, with some companies reporting that it caused systems to be down for more than 100 hours.

Further, among SMEs that experienced a ransomware attack, one-in-five (22%) reported that they had to cease business operations immediately, while 15% lost revenue.

“Businesses of all sizes are increasingly at risk of ransomware attacks,” said Marcin Kleczynski, CEO at Malwarebytes. “However, the stakes of a single attack for a small business are far different than those for a large enterpriseThe findings demonstrate that some SMEs are suffering in the wake of attacks to the point where they must cease business operations. To make matters worse, most of them lack the confidence in their ability to stop an attack, despite significant investments in defensive technologies. To be effective, the security community must thoroughly understand the battles that these companies are facing such that we can better protect them.”

Ransomware2

Most organisations make addressing ransomware a high priority, but still lack confidence in their ability to deal with it. 75% of those organisations surveyed place a high or very high priority on addressing the ransomware problem. Despite these investments, nearly 50% of the companies questioned expressed little to only moderate confidence in their ability to stop a ransomware attack.

For many, the source of ransomware is unknown and infections spread quickly. For 27% of organisations that suffered a ransomware infection, decision-makers couldn’t identify how the endpoint(s) became infected. Further, more than one third of ransomware infections spread to other devices. For 2% of the organisations surveyed, the ransomware infection impacted every device on the network.

SMEs in the US are being hit harder by malicious e-mails containing ransomware than SMEs in Europe. The most common source of ransomware infections in US-based organisations is related to e-mail use. 37% of attacks on SMEs in the US were reported as coming from a malicious e-mail attachment and 27% from a malicious link in an e-mail. However, in Europe, only 22% of attacks were reported as originating from a malicious e-mail attachment. An equal number were reported as having emanated from a malicious link in an e-mail.

Most SMEs don’t believe in paying ransomware demands. 72% of respondents believe that ransomware demands should never be paid. Most of the remaining organisations believe that demands should only be paid if the encrypted data is of value to the organisation. Among organisations that chose not to pay cyber criminals’ ransom demands, about one third of them lost files as a result.

Current investments in technology might not be enough. Over a third of SMEs claim to have been running anti-ransomware technologies, while about one third of businesses surveyed still experienced a ransomware attack.

“It’s clear from these findings that there’s widespread awareness of the threat of ransomware among businesses, but many organisations are not yet confident in their ability to deal with it,” said Adam Kujawa, director of malware intelligence at Malwarebytes. “Companies of all sizes need to remain vigilant and continue to place a higher priority on protecting themselves against ransomware.”

Leave a comment

Filed under Risk UK News

“It’s time to bury hardware-based security solutions” argues VoipSec’s CEO

Paul German, CEO at VoipSec, believes now is the time for organisations to “bury” dedicated hardware-based security solutions.

“Recent years have seen a fundamental transformation in IT strategy, with networks being more agile and swiftly deployed and applications now deliverable quickly, in any location and scaled to meet an organisation’s requirements,” said German. “From virtualised hardware to network function virtualisation and software defined networking, the hardware and network infrastructure has become decoupled from the application and the application itself is increasingly located anywhere across the cloud.”

According to German, this decoupled approach itself demands a different approach to security. It can no longer be defined by network controls because those networks are virtual, disparate and remote. “When organisations access applications via an Internet address,” commented German, “the physical location is increasingly unknown. Security, therefore, needs to be elastic and flexible.”

German explained that the hardware-based, dedicated Session Border Controller (SBC) doesn’t fit into this model. As an approach to securing the VoIP network, German feels it’s “fundamentally flawed” on many levels.

PaulGerman

Paul German

“It constrains an organisation’s virtualisation strategy. How can a company quickly spin up new cloud-based voice applications, for example? As organisations look to gain the cost, agility and scalability offered by hardware and network virtualisation, the hardware SBC is clearly a problem.”

German added: “Perhaps the most concerning issue is that this approach is flawed from a pure security perspective. Hardware SBCs are considered both one off investments and one off deployments. As every security Best Practice model will attest, with a constantly changing threat landscape any failure to undertake routine updates will leave the organisation vulnerable.”

To be effective, as far as German’s concerned, security solutions must reflect the emerging risk and the current deployment trend.

“A software only model that’s continually updated to mitigate the evolving threat landscape is essential. Software-based SBCs, either on premise or in the cloud, also explore community-led intelligence about threats and risk experiences to rapidly disseminate new threat information and Best Practice. This combination of routine product updates with shared intelligence ensures an attack on a single organisation can be quickly transformed into a patch or update that protects every business from the new risk.”

Despite the widespread adoption of VoIP, the majority of SBC vendors are simply failing to respond and still advise an implement once model. “They fail to update customers on the evolving threat landscape and they cannot support the agile, decoupled infrastructures now required. It begs the question: ‘Just what is the value of the hardware-based SBC?'”

Leave a comment

Filed under Risk UK News

Milestone Systems and Community Partners deliver high profile retail surveillance solution across Middle East and North Africa

Milestone Systems, the developer of open platform IP VMS, has delivered a flexible and scalable surveillance solution for Majid Al Futtaim’s multi-site operations across the Middle East and North Africa. The solution integrates Best-in-Class technologies from Community Partners.

As a fast-growing business, Majid Al Futtaim realised that managing large camera networks and risks across multiple sites and countries posed several challenges. First, the outdated analogue surveillance infrastructure was in need of being modernised. Second, the sheer size of the operation, with multiple sites across several countries and more than a thousand cameras at some sites, had to be addressed.

Following a comprehensive vetting process, Majid Al Futtaim chose a state-of-the-art security and video surveillance solution in order for the business to remain at the forefront of operating safe and secure retail and leisure environments.

The Milestone XProtect Corporate VMS permits Majid Al Futtaim to operate the entire surveillance solution from a single management interface in the UAE. Being able to access all the sites from one location enables the operations team to co-ordinate surveillance and management efforts across those sites. Other relevant parties can also leverage the information directly from mobile clients, in turn enabling more efficient safety operations.

milestonemenacasestudy

Top-of-the-range Axis Communications cameras and Pivot3 hyper-converged server infrastructure guarantee the host business lives up to Government regulations. iCetana’s dynamic live monitoring system helps offset the challenges of actively monitoring the large camera networks and enables a real-time assessment and response capability.

Operational costs related to the hardware, servers and cameras have been reduced from 23% to 7%. Real-time response capability helps make overall security operations more effective by immediately identifying risks. Today, there are approximately 10-12 incidents actioned per 300 cameras.

“We are honoured Majid Al Futtaim has chosen Milestone as its primary VMS and we look forward to continuing to support them now and into the future,” enthused Peter Biltsted, director for the Middle East and Africa at Milestone Systems.

“iCetana is proud to provide ongoing support to Majid Al Futtaim throughout the MENA region, and also to be part of Milestone’s Partner Community as key components of Majid Al Futtaim’s video surveillance infrastructure,” added Stephen Bose, head of business development at iCetana.

Leave a comment

Filed under Risk UK News, Uncategorized