F-Secure’s experience working with operators is a critical asset to help telecommunications sector tackle connected home security challenges.
ARCHIVE FOR THE ‘security’ CATEGORY
Oct 08, 2019 • Management • News • future of field service • Security • Smart Home • Telecommunications • F-secure
F-Secure’s experience working with operators is a critical asset to help telecommunications sector tackle connected home security challenges.
Aug 28, 2019 • News • future of field service • Cyber Security • Security • F-secure
F-Secure discovers security flaw with the potential to turn hundreds of thousands of load balancers into beachheads for cyber attacks.
F-Secure discovers security flaw with the potential to turn hundreds of thousands of load balancers into beachheads for cyber attacks.
Cyber security provider F-Secure is advising organizations using F5 Networks’ BIG-IP load balancer, which is popular amongst governments, banks, and other large corporations, to address security issues in some common configurations of the product. Adversaries can exploit these insecurely configured load balancers to penetrate networks and perform a wide variety of attacks against organizations, or individuals using web services managed by a compromised device.
The security issue is present in the Tcl programming language that BIG-IP’s iRules (the feature that BIG-IP uses to direct incoming web traffic) are written in. Certain coding practices allow attackers to inject arbitrary Tcl commands which could be executed in the security context of the target Tcl script.
Adversaries that successfully exploit such insecurely configured iRules can use the compromised BIG-IP device as a beachhead to launch further attacks, resulting in a potentially severe breach for an organization. They could also intercept and manipulate web traffic, leading to the exposure of sensitive information, including authentication credentials and application secrets, as well as allowing the users of an organization’s web services to be targeted and attacked.
In some cases, exploiting a vulnerable system can be as simple as submitting a command or piece of code as part of a web request, that the technology will execute for the attacker. To make matters worse, there are cases where the compromised device will not record the adversaries’ actions, meaning there would be no evidence that an attack took place. In other cases, an attacker could delete logs that contain evidence of their post-exploit activities – severely hindering any incident investigations.
“This configuration issue is really quite severe because it’s stealthy enough for an attacker to get in, achieve a wide variety of objectives, and then cover their tracks. Plus, many organizations aren’t prepared to find or fix issues that are buried deep in software supply chains, which adds up to a potentially big security problem,” explains F-Secure Senior Security Consultant Christoffer Jerkeby. “Unless you know what to look for, it’s tough to foresee this problem occurring, and even harder to deal with in an actual attack.”
Jerkeby discovered over 300,000 active BIG-IP implementations on the internet during the course of his research, but due to methodological limitations, suspects the real number could be higher. Approximately 60 percent of the BIG-IP instances he found were in the United States.
The coding flaw and class of vulnerability is not novel and has been known, along with other command injection vulnerabilities in other popular languages, for some time. Not everyone using BIG-IP will be affected, but the load balancer’s popularity amongst banks, governments, and other entities that provide online services to large numbers of people, combined with the relative obscurity of the underlying security issues with Tcl, means any organization using BIG-IP needs to investigate and assess their exposure.
“Unless an organization has done an in-depth investigation of this technology, there’s a strong chance they’ve got this problem,” continues Jerkeby. “Even someone incredibly knowledgeable about security that works at a well-resourced company can make this mistake. So, spreading awareness about the issue is really important if we want to help organizations better protect themselves from a potential breach scenario.”
May 10, 2019 • News • Security • Software and Apps
BullGuard VPN for Windows, Mac, Android and iOS makes it simple for consumers to create military-grade encrypted connections.
BullGuard VPN for Windows, Mac, Android and iOS makes it simple for consumers to create military-grade encrypted connections.
Cybersecurity company, BullGuard, today announced the expansion of its cybersecurity product line with the launch of BullGuard VPN. Designed to be easily used across multiple devices, BullGuard VPN features a simplified user interface and quick connect functionality, enabling consumers to fly under the radar and surf the internet in stealth mode while retaining complete anonymity via military-grade encryption. Available for Windowsâ, Macâ, Androidâ and iOSâ operating systems, BullGuard VPN is available for download and purchase on the Apple App Store, Google Play and the BullGuard website.
“Cybersecurity to date has been primarily focused on keeping consumers and their devices safe from online threats, but cybercriminals also pose a threat to consumer privacy,” said BullGuard CEO, Paul Lipman. “In today’s cyberthreat landscape, security and privacy must be equally addressed in order to adequately protect consumers. BullGuard VPN enables consumers to safeguard their online privacy in a fast, easy and seamless way – from their desktop, laptop, tablet or smartphone – wherever they go.”
BullGuard VPN secures and protects up to six devices simultaneously – desktop computer, smartphone, laptop or tablet – and consumers can easily switch between 16 different country locations, including the U.S., Canada, U.K., Germany, Austria, The Netherlands, Belgium, France, Spain, Switzerland, Denmark, Norway, Sweden, Ireland, Singapore and Australia. BullGuard VPN hides a consumer’s origin IP address, preventing others – including ISPs (Internet Service Providers) and government organizations – from monitoring their online browsing activity, including what websites they visit, what they download or what services and applications they use. BullGuard VPN customers have access to 24/7 customer support.
Online consumer privacy is under siege on a near daily basis – from huge breaches where personal data is stolen and cybercriminals absconding with personal information and identities to Facebook and Internet Service Providers caught selling consumer data without consent. BullGuard VPN puts privacy control in consumers’ hands and is the perfect choice for consumers when using an unprotected Wi-Fi hotspot when away from home in airports, hotels or cafes. BullGuard VPN users receive secure connections in to hotspots, which protect them against data theft, privacy breaches, malware and cyber attacks via Wi-Fi.
May 09, 2019 • News • future of field service • management • Energy • Security
Report highlights that threat actors are advanced and persistent, but companies are using outdated systems and technology to save money. Poor security posture, prioritization, and awareness are also gifts to attackers.
Report highlights that threat actors are advanced and persistent, but companies are using outdated systems and technology to save money. Poor security posture, prioritization, and awareness are also gifts to attackers.
Malicious actors are targeting critical infrastructure (CNI) sites and energy distribution facilities exponentially. Interconnected systems in the energy industry increase vulnerabilities, and cyber attacks often go undetected for some time.
As energy companies save costs against the backdrop of lower oil prices, consolidating operations can weaken business resilience and redundancy levels. This gives rise to new, single critical points of failure, with any disruption across the supply chain potentially having increased consequences.
“Espionage and sabotage attacks against CNI organizations have increased over the years and I don’t think we have seen it all yet,” says Sami Ruohonen, Labs Threat Researcher at Finnish cyber security company F-Secure.
Connecting Industrial Control Systems (ICS) to the Internet is increasing, and a considerable number of CNI systems in use today were installed and built before 24/7/365 internet connections were the norm and the advent of Stuxnet. Many Operational Technology (OT) components have built-in remote operation capabilities, but are either partly or entirely lacking in security protocols such as authentication.
Moreover, cyber security was not a realistic threat when these systems were manufactured, and legacy protocols and systems never had the built-in security controls that we take for granted today. Transitioning these systems to the Internet has opened them up to attacks from a myriad of angles.
“Critical Infrastructure due to its nature is an interesting target for a foreign nation-state, even during peacetime,” Ruohonen explains.
F-Secure’s report shows that:
- A variety of different adversaries, each with their own motivations and tradecraft, constantly strive to compromise organizations that operate critical infrastructure
- Attackers have more time than their targets and will take months to plan their attack
- People are the weakest link in production, with company employees seemingly being criminals’ go-to target
- Attackers continue to succeed mainly due to organizations’ lack of mature cyber security practices
- Nation-state sponsored Advanced Persistent Threat (APT) groups are relentless, and continue to seek network foothold positions on CNIs and espionage opportunities in the interests of exercising political leverage
- Nine different attackers/malwares/techniques targeting the energy industry stand out, with spear phishing being the most common initial supply chain attack technique
- Keeping a small attack surface in the energy industry – while often pitched as the best way to mitigate the risk of a cyber attack – is simply not possible
While breaches are a certainty, Ruohonen advises organizations review their cyber security posture to implement latest technologies such as an endpoint detection and response (EDR) solution.
“EDR is a quick way to tremendously increase capabilities to detect and respond to advanced threats and targeted attacks which might bypass traditional endpoint solutions,” he explains. “Managed EDR solutions can provide monitoring, alerting, and response to cover the needs 24/7. This means organizations’ IT teams can operate during business hours to review the detections while a specialized cybersecurity team takes care of the rest,” says Ruohonen.
The complete report is available here.
May 01, 2019 • Frost and Sullivan • future of field service • Machine Learning • Security
Machine learning and threat intelligence capabilities in SIEM solutions will augment the productivity of security analysts, finds Frost & Sullivan.
Machine learning and threat intelligence capabilities in SIEM solutions will augment the productivity of security analysts, finds Frost & Sullivan.
Security Information and Event Management (SIEM) vendors have begun to inject greater versatility into their platforms as well as incorporate new security functionalities and analyst-friendly dashboards. Also, managed SIEM providers are offering cloud-hosted SIEM solutions to lower the per customer cost-to-serve to penetrate the SMB market.
These advances will drive the $1.98 billion global SIEM market toward $3.23 billion by 2023. "SIEM 3.0, with its high degree of automated response and remediation, can detect malicious threats attempting to penetrate the environment and automatically perform actions to thwart attackers’ advances,” said Mauricio Chede, Senior Industry Analyst, Digital Transformation. "The integration of several functionalities, such as user & entity behavior analytics (UEBA), security operation and automation response (SOAR), and forensic analysis, is essential to effectively compete in the SIEM market."
Frost & Sullivan’s recent analysis, Security Information and Event Management (SIEM)—Global Market Analysis, Forecast to 2023, examines the market drivers, restraints, and market distribution channels of the SIEM market. It presents revenue forecasts and key findings to help participants make the most of the market potential. The study covers the four product types of physical appliance, virtual appliance, software, and Software-as-a-Service (SaaS).
You can read the full report here.
Security Information and Event Management (SIEM) vendors have begun to inject greater versatility into their platforms as well as incorporate new security functionalities and analyst-friendly dashboards. Also, managed SIEM providers are offering cloud-hosted SIEM solutions to lower the per customer cost-to-serve to penetrate the SMB market.
These advances will drive the $1.98 billion global SIEM market toward $3.23 billion by 2023. "SIEM 3.0, with its high degree of automated response and remediation, can detect malicious threats attempting to penetrate the environment and automatically perform actions to thwart attackers’ advances,” said Mauricio Chede, Senior Industry Analyst, Digital Transformation. "The integration of several functionalities, such as user & entity behavior analytics (UEBA), security operation and automation response (SOAR), and forensic analysis, is essential to effectively compete in the SIEM market."
Frost & Sullivan’s recent analysis, Security Information and Event Management (SIEM)—Global Market Analysis, Forecast to 2023, examines the market drivers, restraints, and market distribution channels of the SIEM market. It presents revenue forecasts and key findings to help participants make the most of the market potential. The study covers the four product types of physical appliance, virtual appliance, software, and Software-as-a-Service (SaaS).
You can read the full report here.
Mar 26, 2019 • Management • News • Cyber Security • Security
New study also reveals incidents rose in latter half of year with companies struggling to identify when systems are compromised.
New study also reveals incidents rose in latter half of year with companies struggling to identify when systems are compromised.
Research by cyber-security provider F-Secure has shown that cyber attacks in 2018 increased by 32% compared to the previous year.
The survey consulted 3350 IT decision-makers, influencers and managers from 12 countries also highlighted a lack of awareness in detecting incidents, suggesting firm's preventative measures such as firewalls were insufficient.
Findings also revealed that the Finance and ICT sectors were most commonly targeted by attackers while healthcare and manufacturing received fewest, with the majority of attacks affecting US-based IP addresses.
Leszek Tasiemski said today's cyber-attacks had evolved significantly and questioned whether or not companies were even aware of the issue. "Today's threats are completely different from ten or even five years ago," he said. "Preventative measures and strategies won't stop everything anymore, so I've no doubt that many of the companies surveyed don't have a full picture of what's going in with their security."
You can read the full report here.
Research by cyber-security provider F-Secure has shown that cyber attacks in 2018 increased by 32% compared to the previous year.
The survey consulted 3350 IT decision-makers, influencers and managers from 12 countries also highlighted a lack of awareness in detecting incidents, suggesting firm's preventative measures such as firewalls were insufficient.
Findings also revealed that the Finance and ICT sectors were most commonly targeted by attackers while healthcare and manufacturing received fewest, with the majority of attacks affecting US-based IP addresses.
Leszek Tasiemski said today's cyber-attacks had evolved significantly and questioned whether or not companies were even aware of the issue. "Today's threats are completely different from ten or even five years ago," he said. "Preventative measures and strategies won't stop everything anymore, so I've no doubt that many of the companies surveyed don't have a full picture of what's going in with their security."
You can read the full report here.
Mar 14, 2019 • News • Artificial intelligence • Future of FIeld Service • GDPR • Cyber Security • Security
New research suggests adherence to GDPR compliance will influence company's spending around cybersecurity.
New research suggests adherence to GDPR compliance will influence company's spending around cybersecurity.
Cyber security revenues in 2018 were $160.2 billion and will jump $11.2 billion during 2019, as the focus moves to GDPR compliance. Growth will slow to around $9.8 billion per annum, spiking once a in 2023/4 as AI based Cybersecurity escalates, reaching $223.7 billion, says the report from Rethink Technology Research.
The European Union’s GDPR (General Data Protection Registrar) has set the agenda for legislation over data privacy and protection worldwide and that is generating a spike in spending on security measures that ensure compliance. This will continue to ripple around the world between 2019 and 2021.
North America is expected to continue to spend the most on security (27%), but both Europe (22%) and China (20%) which are rapidly accelerating their spend, with the rest of Asia following closely behind on 16%. North America is expected to lead on almost every market with the exceptions of Industrial and Automotive, where China leads, by a small margin.
You can read the full report here.
Cyber security revenues in 2018 were $160.2 billion and will jump $11.2 billion during 2019, as the focus moves to GDPR compliance. Growth will slow to around $9.8 billion per annum, spiking once a in 2023/4 as AI based Cybersecurity escalates, reaching $223.7 billion, says the report from Rethink Technology Research.
The European Union’s GDPR (General Data Protection Registrar) has set the agenda for legislation over data privacy and protection worldwide and that is generating a spike in spending on security measures that ensure compliance. This will continue to ripple around the world between 2019 and 2021.
North America is expected to continue to spend the most on security (27%), but both Europe (22%) and China (20%) which are rapidly accelerating their spend, with the rest of Asia following closely behind on 16%. North America is expected to lead on almost every market with the exceptions of Industrial and Automotive, where China leads, by a small margin.
You can read the full report here.
Mar 13, 2019 • News • Android • Future of FIeld Service • Panasonic • Research • Security
The use of Android tablets and handhelds are on the rise in business but security remains a concern, according to the latest research from Panasonic Business.
The use of Android tablets and handhelds are on the rise in business but security remains a concern, according to the latest research from Panasonic Business.
On average, 72% of tablets and handheld devices in businesses (excluding mobile telephones) use the Android operating system. And with 60% of device buyers saying Android was still being integrated into their organisations, the number of devices is expected to rise with the majority seeing growth for the next three years.
Top three benefits of Android over other operating systems were said to be flexibility, security and affordability.
The top three benefits of Android over other operating systems were said to be flexibility (59%), security (58%) and affordability (52%).
Security concerns
Businesses believe they should be security patching their devices much more; on average four times a year more than they currently do. The variety of methods to deploy security patches also varied with 66% relying on the IT department, 38% using a Mobile Device Management (MDM) solution, 30% taking equipment manufacturer updates via Firmware over the air, 23% relying on the User, 22% using an IT support company and 16% using a reseller.
Functionality expectations
When it came to management capabilities in a business Android device, mobile buyers expected to see the following functionality as standard:
Update expectations
Businesses currently update their Android operating systems on each device an average of 5 times per year and they expect their device provider to support the Android operating system for up to 3 years after the end of device’s life.
Android devices not all equal
“The march of Android mobile devices into the business world continues apace but how IT departments effectively manage and secure these devices remains a challenge,” said Jan Kaempfer, General Manager for Marketing at Panasonic Computer Product Solutions. “It is important that buyers recognise that not all Android mobile devices are equal. They should look closely at the management and security functionality being offered by their vendor and their Android engineering experience. With the use of the latest over air updates and management consoles, IT departments can save considerable time and money automating their updates by choosing the right device with the right management and security functionality.
You can read a copy of the research here.
On average, 72% of tablets and handheld devices in businesses (excluding mobile telephones) use the Android operating system. And with 60% of device buyers saying Android was still being integrated into their organisations, the number of devices is expected to rise with the majority seeing growth for the next three years.
Top three benefits of Android over other operating systems were said to be flexibility, security and affordability.
The top three benefits of Android over other operating systems were said to be flexibility (59%), security (58%) and affordability (52%).
Security concerns
Businesses believe they should be security patching their devices much more; on average four times a year more than they currently do. The variety of methods to deploy security patches also varied with 66% relying on the IT department, 38% using a Mobile Device Management (MDM) solution, 30% taking equipment manufacturer updates via Firmware over the air, 23% relying on the User, 22% using an IT support company and 16% using a reseller.
Functionality expectations
When it came to management capabilities in a business Android device, mobile buyers expected to see the following functionality as standard:
- A customisable OS to meet the business’ requirements - 50%;
- Android for Work - 47%;
- Policy Management Tool/Console for firmware updates - 41%;
- Enhanced Android Security support 37%;
- Incorporation of certified 3rd party security solution 35%;
- Free of charge, out of the box productivity and manageability apps 35%;
- Staging, EMM certifications, licences and customised MDM apps 33%;
- SCOMO Software Component management object 30%;
- Compatibility across different devices from the same manufacturer 30%;
- FOTO Firmware over the air 29%;
- Optional modular-based Developer package 23%.
Update expectations
Businesses currently update their Android operating systems on each device an average of 5 times per year and they expect their device provider to support the Android operating system for up to 3 years after the end of device’s life.
Android devices not all equal
“The march of Android mobile devices into the business world continues apace but how IT departments effectively manage and secure these devices remains a challenge,” said Jan Kaempfer, General Manager for Marketing at Panasonic Computer Product Solutions. “It is important that buyers recognise that not all Android mobile devices are equal. They should look closely at the management and security functionality being offered by their vendor and their Android engineering experience. With the use of the latest over air updates and management consoles, IT departments can save considerable time and money automating their updates by choosing the right device with the right management and security functionality.
You can read a copy of the research here.
Mar 04, 2019 • News • Ericsson • Security • Software and Apps
Ericsson has been selected by Swiss telecommunications service provider Swisscom for its security manager solution.
Ericsson has been selected by Swiss telecommunications service provider Swisscom for its security manager solution.
The Security Manager software will offer security automation, visibility and control for Swisscom's Security Operation Center, addressing the increasing security management needs of the service provider.
The new deal includes automation of security compliance management and basic security analytics.
Philippe Vuilleumier, Head of Group Security, Swisscom, said: “Continuing our strong partnership and collaboration with Ericsson, we are deploying Ericsson Security Manager in our datacenter in Switzerland while simultaneously developing the solution further through progressive and agile collaboration. Ericsson Security Manager is improving the security baseline automation and security analytics in our Security Operations Center, strengthening our activities to protect our own critical infrastructure.”
Åsa Tamsons, Senior Vice President and Head of Business Area Technologies & New Businesses, Ericsson, says: “Security is a cornerstone of Swisscom’s business. Ericsson Security Manager will transform the security management of Swisscom’s mobile network and in the future support new use cases in the telecommunications industry, while addressing the ever-increasing security requirements.”
Feb 27, 2019 • News • fleet management • Security • Fleet Thefts
Tool theft is on the increase, with more than 50% of builders in the UK having had their tools stolen, according to research held by the Federation of Master Builders.
Tool theft is on the increase, with more than 50% of builders in the UK having had their tools stolen, according to research held by the Federation of Master Builders.
ABAX, GPS tracking specialists, have created six tips to prevent tool theft from happening to your business vehicle and to deter thieves.
1. Park in a secure location
During the day, whilst working at a job, we recommend that you park your vehicle in a secure location where CCTV is around if possible. It is also common that thieves have been targeting vans/vehicles in broad daylight so you can still be at risk while working in the day.
2. Install locks to your vehicle
The break-in of vans is extremely common these days with the ‘peel and steal’ technique being one of them. It is therefore recommended that strong locks are installed around the vehicle, to prevent unwanted access to the vehicle.
3. Alarms and immobilisers
We recommend that you install extra alarms and immobilisers to the vehicle, to deter the thieves and stop the movement of the vehicle if it is to be tampered with.
4. Add stickers to your vehicle and your assets
Adding stickers to your vehicles is recommended, to emphasise the fact that no tools are left on board the vehicle overnight, to be a preventative measure to thieves. If you leave assets in the vehicle, make sure they are properly marked with stickers or in other ways.
5. Use the glove compartment
For small, but valuable assets like: keys and important documents, use the vehicle’s glove compartment to hide and conceal the valuables
6. Implement GPS Tool Trackers
Invest in small GPS tool trackers, that operate on a global network, and can be visualised on a live map, to see their whereabouts if the unfortunate event happens that they are stolen.Although it is an easy option, we would recommend that you do not leave your tools in your vehicle overnight and you take a few minutes at the end of the day to take them out of your van and into your house or secure them safely in a garage.
Leave a Reply