Posts Tagged

Cyber Security

Future of working: The growing need for robust remote working solutions

Jeff Technology, Trends February 1, 2021

What does the future of work really look like? Unlock the full potential of cloud-based solutions.

Where the first initial lockdown, back in March last year had forced most companies into an abrupt digital setting, the two that have since followed only solidified this. This transformation has now manifested itself so that companies have become significantly, if not completely, reliant on remote, digital solutions to remain functional. As a result, the growing need for robust remote working solutions has surged, causing traditional and antiquated workplace solutions to fall by the wayside.

 

Embracing digital transformation and unified workplaces

The evolution of digital transformation has fast-tracked the online revolution, meaning elaborate predictions of future working are now not so distant. The boundaries between working from home and in the office are now completely blurred as we find ourselves marching through 2021. The need for physical office space now seems redundant as we can work just as we did before, if not better, from home and exceed productivity and collaboration standards.

 

A far stronger focus is now on the availability of IT tools as workforces rely on these methods of remote solutions to remain as collaborative with their colleagues as possible. For example, proprietary business communication platforms have completely revolutionised the way we communicate, collaborate and generally work as they dealt with the majority of the population pivoting to remote working. State of the art interactive, virtual meetings via a browser promotes efficient collaboration and strengthens the performance of organizations, while necessary commutes can be reduced or in some cases avoided.

 

What’s more, the capabilities to provide quality engagement between employer and employees is now of utmost priority. As we navigate a more digitized year than ever before, employees should be equipped with most efficient solutions that IT managers can source within minutes, instead of days or even weeks so that effective communication internally can also benefit.

 

This ‘future of working’ model can be achieved through introducing personalized digital workspaces accessed through a browser of any device, anywhere in the world. Perfectly suited to the new home and office split, innovative cloud technology enables organizations and their staff to access any of their applications hosted on-premise or in the cloud, as well as internal and external web applications instantly.

 

Understanding the challenges

The sudden pivot to mass remote working, however, has not been as smooth sailing as initially thought after all. For companies still operating in traditional virtual environments, remote working solutions often lack flexibility to include legacy or GPU intensive applications that are traditionally running on a desktop or on-premise solutions. Though, it is not too late to innovate and take the first step towards cloud-based technologies. It cannot be stressed enough that cloud computing is here to stay and can offer these types of businesses a life line before it’s too late and fall completely behind digital transformations and breakthroughs.

 

Additionally, let us not forget that the internet is no doubt a dangerous place. A world now mostly operating online, puts the traditional-based IT infused companies, even more at risk. In fact, there are several emerging cyber threats with an impact that have never been seen before. Due to existing Enterprise software protection solutions that are decades old and vulnerable, many businesses are left exposed and ‘easy’ to attack. And now, with the entire UK workforce being told to work from home, where possible, investing in secure and reliable solutions has never been so crucial for the online safety of not only a business, but its workforce.

 

Companies can look for intelligent cloud-based solutions that combine the benefits of streaming an online workplace effortlessly with complete trust in the solution to resolve exposure to hackers. For example, when using the cloud, client-to-site VPN connections are no longer required as a result of migrating systems to the cloud, meaning there is no point of attack for trojans. Furthermore, no end device within an organization will be able to access an application server as the direct communication between the user and the target system can be completely ruled out with cloud software.

 

Yet, it is all types and sizes that can be affected. Even multinational companies fall victim to cyber hacks, often involving over 1000 employees due to vulnerabilities in outdated architecture. Investing in state-of-the-art cloud solutions that include cyber insurance will become a new box to add to the IT checklist in 2021 and beyond.

 

What’s more, new cloud technologies have emerged and seen acceleration in adoption, thanks to the influx of home working such as Everything-as-a-Service (XaaS). This type of solution enables all IT services to be offered in the cloud for workforces as they work remotely. XaaS not only provides remote workers with advanced flexibility but ensures enhanced security due to it encompassing the likes of other solutions such as IaaS, PaaS and SaaS.

 

How cloud can help create the ‘anywhere office’ for the millennial workforce

Implementing an efficient cloud adoption strategy

If the multiple lockdowns have taught us one thing, it is that cloud adoption is no doubt proving to be one of the most efficient ways to secure and sustain the demands of a digital workforce. Now in 2021, we hope to reach some kind of normality as the dust will hopefully settle on the Covid-19 pandemic. Remote working is now here to stay and it will be up to business leaders to make sure they have the correct and most efficient cloud adoption strategy in place, for their employees. Armed with the right cloud solutions, businesses have the potential to simplify their IT ecosystems and procure solutions without committing to large upfront investments.

 

We’re Elixis Technology

In the ever-changing, technology-centric world we live in, it’s vital to have an I.T. solution source you can count on. At Elixis Technology, it is our mission to help businesses — big and small — produce the results their customers demand, with technology that actually works.

.

News Source: https://www.weforum.org

3 ways to fill worrying cybersecurity gaps

Jeff Technology, Trends February 1, 2021

As businesses of the future evolve to be more digital and more shared, the need to prepare to avert a cyber pandemic – with potential even more than the coronavirus to upend our lives – has never been more urgent.

 

We need to strengthen our strategic response to the risks before we invest in tactics. Our plans must work harder and smarter to address capability gaps.

 

A common agenda will build the confidence and competence to achieve the resilience we need.

 

If humanity ever needed reminding of our interdependence, the pandemic has brought that home. As we scale up our response to the crisis, through largely digital means, our interconnectedness grows exponentially. And with it our vulnerability to the risk exposures of the virtual world. In fact, businesses of the future are evolving to be more digital and more shared. The need to prepare to avert a cyber pandemic – with potential even more than the coronavirus to upend our lives – has never been more urgent.

 

For a moment, let’s think of the unthinkable. A world without phones and internet, with idling trucks, trains and planes because fuel pumps and charging stations are incapacitated; banks shuttered; food supply chains broken; and emergency services made all but unavailable. This bleak vision would be inevitable if electricity supplies are cut off by a cyberattack.

 

In a scenario such as this, we know, that the ensuing swift blackout would be crippling. Unfortunately, we also know that a crisis of this scope, sophistication and impact is not just possible but something we are currently dealing with – albeit in a different context.

 

Global Technology Governance Report 2021

Last month, a group, believed to be Russian, gained access to over 18,000 systems – belonging to government and corporations – through a compromised update to SolarWinds’ Orion software. We were unprepared to prevent the attack because the bad actors slipped through the exact whitelisted software supply chain we trust. Even more regrettably, the software supply chain allowed them to access the network of FireEye – the US-based cybersecurity giant known for investigating and remedying some of the world’s most high-profile breaches.

 

While FireEye’s customers remained largely unimpacted this time, the moral of the story is that no one and nothing is immune. Our sources of cyber-protection – software updates or defending partners – can be the Trojan Horse where everything around us devolves into chaos.

 

Well before we learnt these tough lessons in the final weeks of a rather challenging 2020, the World Economic Forum questioned whether our individual and collective approach to managing cyber risks is sustainable in the face of the major technology trends taking place.

 

Although there’s an array of resources to manage cyberattacks, we still have a long way to go before we can, as a whole, effectively counter these threats. We need to strengthen our strategic response to the risks before we invest in tactics. Our plans must work harder and smarter to address capability gaps in three areas:

 

  1. More coordination

Consider the SolarWinds attack. It did not directly hit its intended targets. Instead, the attackers surreptitiously built a chain of offence, that included non-government agencies, security and technology firms along with educational institutions, to inch unnoticed towards their real targets for espionage.

 

They knew they’d find their mark through our digital interconnectedness. We can turn this same intertwining of infrastructure to our advantage. Research tells us that hackers attack computers with Internet access—every 39 seconds on average. If we all shared threat intelligence, across borders, across the private and public sector, across industries and competitors, the collective intelligence could only move us forward faster.

 

An invaluable first step would be to develop more open systems, while adopting common standards and taxonomy in cybersecurity. This will serve us better to integrate and train our teams to drive holistic security. Global spending on cybersecurity solutions is projected to exceed $1 trillion cumulatively over the five-year period from 2017 to 2021. We must reprioritize these budgets to align with shared goals including collaborating to overpower organized cybercrime and the private-sector technology nexus with nation-state attackers.

 

  1. More sophistication

The Global Risks Report 2020, articulated how the digital nature of the Fourth Industrial Revolution technologies is making our landscapes vulnerable to cyberattacks. For example, it is estimated that there are already over 21 billion IoT devices worldwide, slated to double by 2025. Attacks on IoT devices increased by more than 300% in the first half of 2019 alone.

 

The report, observes how “using ‘security-by-design’ principles to integrate cybersecurity features into new products continues to be secondary to getting products quickly out into the market.” Our current approach of bolt-on security needs to be reimagined to create stronger build-in standards, including SDLC-security quality certification, that makes software partners more accountable for security assurance. Along with this discipline in securing the supply chain as meticulously as we secure our products, we need better design architecture to tackle the challenges at hand.

 

  1. More human capital

At the same pace that AI is growing useful in cyber defence, it is also enabling cybercriminals to use deep learning to breach security systems and harness data sets to improve response to defence.

While we can battle machine with machine, nurturing a strong pipeline cybersecurity talent, will give our defence an edge. We need better problem finders in greater numbers to work with our problem-solving machines. And this time, they need to be embedded in the complete lifecycle of our processes. Every person in the ecosystem must understand his or her role with respect to cybersecurity and be accountable to deliver to metrics and standards for cybersecurity quality. As of 2019, there were an estimated 2.8 million cybersecurity professionals worldwide, against a need for over 4 million.

 

If there is one lesson from dealing with the pandemic, it is the need to take each other along as we move forward into a more secure future. The very nature of a pandemic is such that no one is really safe unless everyone is safe. A cyber pandemic is no different. It is in shared trust and a common agenda that we can build the confidence and competence to achieve the resilience we need.

 

We’re Elixis Technology

In the ever-changing, technology-centric world we live in, it’s vital to have an I.T. solution source you can count on. At Elixis Technology, it is our mission to help businesses — big and small — produce the results their customers demand, with technology that actually works.

.

News Source: https://www.weforum.org

IMSA launches remote cyber security assessments

Jeff Technology, Trends January 25, 2021

Vessels worldwide are now facing compliance with the International Maritime Organisation’s (IMO) cyber security requirements. In response, the International Maritime Security Associates (IMSA) has developed a suite of cyber security tools and services for the maritime industry.

 

The company has recently launched the capability to conduct basic shipboard network vulnerability assessments without sending personnel on board.

“This capability is necessary in today’s current COVID environment,” comments Corey Ranslem, CEO of IMSA. “We know it isn’t always easy, practical or cost effective to send people on board a vessel to conduct a cyber security assessment, so we’ve developed this amazing remote assessment tool. Through this tool, our cyber specialists can conduct a remote assessment at about half the cost of sending personnel on board. This tool helps our global clients with IMO 2021 cyber security compliance along with protecting passengers and crew.”

This tool is part of a larger suite of cyber security tools IMSA has developed to support vessels and maritime facilities with expanding their cyber security defences.

 

Some of these cyber security tools are part of the ARMS software platform. Through ARMS, IMSA can monitor a vessel’s critical systems and networks remotely in real-time through its SOC (Security Operations Centre). This capability protects vessels from real-time threats to IT, OT, and other critical network systems.

“IMSA is continually enhancing the levels of protection we provide our clients,” adds Ranslem. “Through ARMS and our 24/7 operations centre, we provide a variety of client-focused services to ensure the safety of your voyage and critical systems.”

 

We’re Elixis Technology

In the ever-changing, technology-centric world we live in, it’s vital to have an I.T. solution source you can count on. At Elixis Technology, it is our mission to help businesses — big and small — produce the results their customers demand, with technology that actually works.

.

News Source: https://www.superyachtnews.com

Remote working – striking a balance

Jeff Technology, Trends January 24, 2021

Presenteeism has long been associated with working life in the city, viewed by many employers and employees as essential for getting known and getting ahead.

However, in response to the Covid-19 pandemic, businesses have had to cope with an abrupt move to mass remote working, in a way many never would have imagined feasible only a year ago. In many industries it has proved to be manageable. And, even before the pandemic, it was recognized that endorsing agile working was becoming a significant factor in driving forward a successful, modern business, capable of attracting and retaining top talent.

So will it endure?

Perhaps one of the biggest barriers to remote working has been trust; employers simply did not trust that people working from home were actually working, that service standards could be maintained, that confidential information would remain secure. Many of these issues have been dealt with by enforcing best practices around regular communication and updating and enforcing detailed home working policies.

And so, as and when we are allowed to return to work in the city, employers can no doubt expect many more employees to exercise their statutory right to request flexible working. Refusals are likely going to be much more closely scrutinized and potentially lead to formal grievances. Management and HR should be proactively planning their approach in advance.

Of course, remote working is not everyone’s preference and it has its downsides. It can be lonely and isolating, having a negative impact on employees’ mental health and workplace collaboration and diversity. In particular, junior employees can miss out on developing vital skills and a professional network.

Therefore, striking the right balance inevitably seems like the best way to future proof both businesses and individual career progression. In our view, it is not a question of if but when will we return to the city; but expect that most employees will not want to spend as much time there as they and we once did.

 

We’re Elixis Technology

In the ever-changing, technology-centric world we live in, it’s vital to have an I.T. solution source you can count on. At Elixis Technology, it is our mission to help businesses — big and small — produce the results their customers demand, with technology that actually works.

.

News Source: https://www.cityam.com

Thinking about going remote-first, forever? Do these 5 things beforehand

Jeff Technology, Trends January 4, 2021

In recent years, flexible working has become synonymous with modern business management and a distinctive trademark for hip tech companies.

 

However, since COVID, it has become vital for most companies to adapt their work settings to social distance practices and to strive for a higher degree of digitalization. 

 

In a matter of months, telecommuting, remote working, teleworking, working from home, working from anywhere, and flexible workplace have entered our vocabulary – and are very likely here to stay.

 

As we witness this epochal transition, employers and employees wonder, how should we come prepared to meet the inevitable challenges? Here is a to-do-list for all the companies that are considering going remote-first!

 

Organize the tools, systems, workflows

If you are approaching remote working for the first time, you should consider yourself very lucky! The technology that is available on software and on cloud nowadays is (in most cases) sufficient for you and your employers to keep constantly in touch and organize your streams of work in the most efficient way. So much so that several companies will never go back to now obsolete in-office work arrangements.

 

Examples of online tools that can make your work-from-home life easier include (among many others): video cloud-based communication software programmes, time and tasks management apps, corporate training platforms, cybersecurity toolkits.

 

Also, here you can find EU-startups-approved lists of AR and VR startups that are helping us work remotely and of several tools for jazzing up your online and work meetings.

 

Assign clear roles and responsibilities

Another important step to make remote working ‘work’ is to set clear roles and responsibilities among your co-workers or employees. As mentioned before, the appropriate online tools and a constant flow of communication between team members can help everyone understand what’s expected of them within the group. 

 

A fixed hierarchy and clear tasks are particularly important in a remote working situation as they encourage your employees to take ownership for their work and their success (and, very importantly, to acknowledge their shortcomings).

 

Also setting up clear goals and KPI’s is important for a group that works from different places – and sometimes on a different schedule or even a different time zone. Check the next item on the list for advice on how to set KPI’s from a distance.

 

Review KPIs

Whatever the working arrangement, monitoring performances and detecting areas for improvement is key to success. In a remote working scenario, setting KPI’s becomes all the more important to measure whether your collective efforts are effectively being carried out.

 

Some simple advice for carrying out a performance assessment for out-of-office work includes: 

  • Tracking milestones in relation to the final product (or intermediate versions) with an Agile Project Management process framework
  • Keep a steady flow of information by sharing feedback and notes
  • Use virtual boards and keep them updated, that should help keep you workers motivated

 

Ultimately, your employees should feel comforted by the fact that the workflow remains unaffected.

 

Start building a positive working culture

Positive attitude in the workplace is everything! Make sure to outline the advantages of a remote position to your employees. Remote working needs some adjustments but should never feel like a demotion or a punishment. Instead, it holds tangible advantages: when employees can manage their time autonomously, you reduce the risk of them contracting the virus, and they feel safer, more motivated and trusted.

 

Also, set out values that are important for both parties, such as defining free time slots, and prioritizing employees’ mental and physical needs. During quarantine and social distancing times, feelings of isolation and distress are very common. That is why building an effective and positive working culture includes finding the right work/life balance.

 

Check-in with your employees

Make your employees feel heard and seen – even if only via a computer screen! Make a habit of getting regular, virtual coffee breaks with them and meetings that aren’t strictly work-related.

 

Trust them with their tasks and make sure that they feel safe while performing their duties. Losing one’s job is a dreadful fear and can impact their performances. Plus, it can worsen an already aggravated mental state. It is in fact proven that a high level of economic anxiety has been generally registered during the pandemic. And this is not only true for people who are unemployed but also for those who are employed and in fear of being laid of.

 

We’re Elixis Technology

In the ever-changing, technology-centric world we live in, it’s vital to have an I.T. solution source you can count on. At Elixis Technology, it is our mission to help businesses — big and small — produce the results their customers demand, with technology that actually works.

.

News Source: https://www.wired.co.uk/

These cybersecurity tactics will help businesses survive 2021

Jeff Technology, Trends January 4, 2021

Security professionals take three steps: threat detection, immediate action and long-term defence. All companies should look to do the same, no matter their industry.

 

During 2020, institutions of all kinds were forced to adapt to a dynamic world where the usual projections and five-year marketing plans did not apply. Economic reports show marked GDP reductions of greater than 20 per cent in many countries, with a continued decline into 2021. Businesses and workplaces will increasingly turn to models of work in dynamic fields – such as cybersecurity – to make them more resilient.

 

Organisations that emerge out of the pandemic and the ensuing economic turmoil will have spent 2020 continually adapting to previously unimagined circumstances. This is a very familiar environment for people working in security, and particularly cybersecurity because quite often we don’t know what the next couple of hours will look like. Businesses of all kinds will discover the need to adopt fluid models and frameworks developed in a dynamic field and use them to redirect money, personnel and resources rapidly.

Typically, most businesses rely on static, predictive data analysis for growth and sustainability. The study insights and information from the previous few weeks and base predictions on them. However, these statistics can be rendered virtually useless within the next hour. Instead, businesses must start using data as they get it, proactively seeking out problems that could pose danger – just as cybersecurity specialists do.

 

Many cybersecurity frameworks can be modified to suit businesses more broadly. One example is data orchestration – where information that has been siloed in various parts of an organisation is collated and made available for rapid analysis.

 

Another is the concept of common vulnerability exposures (CVEs). This is a standardised identifier for known vulnerabilities, such as a weakness in a certain kind of encryption or exposure such as a large data breach in the last two years. Lists of these are available for any organisation looking to improve its cybersecurity. A version of this approach for other industries – known issues with certain suppliers, for example – could be used to make all kinds of firms more resilient.

 

In cybersecurity, we often take a three-pronged approach: detect what the potential threat is; take immediate action to protect information; and establish long-term defences to systems, such as new kinds of encryption. Businesses will find that adopting these processes and tools – especially their emphasis on the early detection of potential threats and the sharing of information when necessary – will help future-proof operations.

Early adopters will be the winners here. Workplaces and organisations that embrace the reality of a dynamic environment, rather than yearning for static working and legacy business models, will outperform their competitors. In 2021, companies and institutions that adopt principles such as data orchestration and CVEs, will find they’re in a better position to survive.

 

We’re Elixis Technology

In the ever-changing, technology-centric world we live in, it’s vital to have an I.T. solution source you can count on. At Elixis Technology, it is our mission to help businesses — big and small — produce the results their customers demand, with technology that actually works.

.

News Source: https://www.wired.co.uk/

Microsoft Set to Block SolarWinds Orion Binaries

Jeff Technology, Trends December 16, 2020

 

Microsoft is preparing to quarantine malicious versions of the SolarWinds Orion application used in recent nation state attacks, in a move that may crash systems.

 

The computing giant had previously released detections to alert customers of its Windows Defender security product if they were running the malicious updates. Although it was recommended that such customers isolate and investigate any such devices, the decision was down to them.

 

However, in an update yesterday Microsoft effectively said it was taking the decision out of the hands of its customers.

 

“Starting on Wednesday, December 16 at 8:00 AM PST, Microsoft Defender Antivirus will begin blocking the known malicious SolarWinds binaries,” it said.

 

“This will quarantine the binary even if the process is running. We also realize this is a server product running in customer environments, so it may not be simple to remove the product from service.”

 

Over the weekend reports emerged that a previous attack on FireEye was part of a much larger Russian intelligence plot to steal sensitive information from US government and countless other unnamed organizations.

 

The vector was Orion updates which the attackers managed to seed with malicious binaries used to install the Sunburst (aka Solarigate) backdoor malware. SolarWinds confirmed to the SEC that 18,000 customers were affected.

 

However, as the product performs crucial network management operations, Microsoft’s decision could theoretically cause some disruption.

 

“It is important to understand that these binaries represent a significant threat to customer environments,” it argued. “Customers should consider any device with the binary as compromised and should already be investigating devices with this alert.”

 

Microsoft urged victim organizations to immediately isolate affected devices, identify accounts used on the device and assume they have been compromised, reset passwords, look for lateral movement tools and more.

 

We’re Elixis Technology

In the ever-changing, technology-centric world we live in, it’s vital to have an I.T. solution source you can count on. At Elixis Technology, it is our mission to help businesses — big and small — produce the results their customers demand, with technology that actually works.

.

News Source: https://www.infosecurity-magazine.com/

Twitter Fined Half a Million Dollars for Privacy Violation

Jeff Technology, Trends December 16, 2020

Twitter has been fined over half a million dollars for violating European Union data protection laws in the first EU-wide privacy case. 

 

The EU’s chief data watchdog today announced that it has issued an administrative fine of 450,000 euros ($547,000) to the social media titan for being too slow to notify Android phone users located across the EU of a data breach that threatened their privacy.

 

A further finding of the investigation into the breach by Ireland’s Data Protection Commission (DPC) was that Twitter failed to adequately document the security incident. 

 

The DPC’s investigation into the incident commenced in January 2019 following receipt of a breach notification from Twitter. On Tuesday, the DPC stated that Twitter “infringed Article 33(1) and 33(5) of the General Data Protection Regulation (GDPR) in terms of a failure to notify the breach on time to the DPC and a failure to adequately document the breach.” 

 

Under EU data protection rules, it is a requirement to report a breach within 72 hours of discovery. 

 

The commission described the not insignificant financial penalty levied on the American company as “an effective, proportionate and dissuasive measure.”

 

According to the Binding Decision of the Board, the data breach arose from a bug in Twitter’s design that caused the protected tweets of Android device users to become unprotected without their consent if users changed the email address associated with their Twitter account. 

 

The bug, which affected 88,726 EU and EEA users between September 2017 and January 2019, was traced back to a code change made on November 4, 2014. It was discovered on December 26, 2018, by the external contractor managing Twitter’s bug bounty program.

 

Referencing the significance of the Twitter inquiry, the DPC stated: “The draft decision in this inquiry, having been submitted to other Concerned Supervisory Authorities under Article 60 of the GDPR in May of this year, was the first one to go through the Article 65 (‘dispute resolution’) process since the introduction of the GDPR and was the first Draft Decision in a ‘big tech’ case on which all EU supervisory authorities were consulted as Concerned Supervisory Authorities.”

 

We’re Elixis Technology

In the ever-changing, technology-centric world we live in, it’s vital to have an I.T. solution source you can count on. At Elixis Technology, it is our mission to help businesses — big and small — produce the results their customers demand, with technology that actually works.

.

News Source: https://www.infosecurity-magazine.com/

Don’t Plug In Found USB Sticks

Don’t Plug In Found USB Sticks

Did you find a seemingly normal USB stick on the ground outside your work? How about in the lobby, where the public can come and go as they please? Did you find something that doesn’t seem to be your company’s preferred brand of USB stick, or even not branded at all? Is it strangely heavy for a typical USB stick?

DON’T plug it in. Here are some reasons why.

Ransomware

As it’s now 2020 and WannaCry has made the news more than once, you’ve probably heard of ransomware, a type of malware that encrypts files, and threatens to destroy them if money is not sent to the hacker.

USB sticks are one of many ways this virus finds itself into your most important files, pictures, and documents, and it’s notoriously difficult to get rid of. In the time it takes to discover it and attempt to neutralize it, the hacker can simply *poof* the files away if they realize you’re not going to pay.

And deleting them isn’t the only way they can cause pain. Copying the files somewhere and then releasing them online can be disastrous for certain industries and businesses, even worse than just destroying the files, and the hackers know that.

Do NOT plug strange USB sticks into your device. Even if it looks like someone from your office might have dropped it, if you don’t recognize it? Don’t plug it in. Keep it on your desk or turn it in to the IT department and wait for them to come looking for it.

Broad Malware

If the ultimate goal of the USB isn’t money, malware is another widely used way to completely wreck a computer. Sometimes malware is aiming to destroy a business’s computer network, or looking to steal secrets without ransom, or infect other computers on the network and eventually break them all at once. This is where something like AI-driven antivirus comes in handy: if something is propagating very quickly across all the devices on a network, and it’s not officially licensed, and it’s bringing a bunch of .exe stuff with it – antiviruses designed around behavior and not fingerprinting will take notice. They aren’t impenetrable, but it takes more to get around them than it does to get around a classic antivirus.

Again, don’t fall victim to Social Engineering and plug in a USB you found on the floor.

USB Killers

If you thought your anti-virus was enough to stop something nasty from creeping in on a USB, you’d be wrong. There’s more than one way to go about breaking a machine.

A USB killer is a device meant to cause harm to the device’s hardware. Essentially, it takes charge from the computer with a capacitor and then redirects it back. “How much damage could the power flowing to the USB port actually cause?”, you may ask. USB killers aren’t simply redirecting the energy back into the computer at a one-unit-in one-unit-out basis. Instead, they use a capacitor. A capacitor behaves kind of like a balloon rubbed on a carpet: it stores charge in a ‘field’ (the balloon in that example) passively. It doesn’t really matter how much power is leaving the USB port, as long as there is power – when the capacitor gets to its limit, it discharges back into the computer, like the static shock you’d get from the doorknob after scooting across the carpet in socks, but many times larger. Up to 215 volts larger, according to Hackaday.

USB killers are becoming rarer, but they aren’t extinct.

But Why?

So why would someone want to use a USB killer or destructive malware, instead of using ransomware or straight file-stealing?

There are a lot of answers.

Some people just want to break expensive things, and don’t care what that is. Some people are looking to slow down business opponents or gauge weaknesses within the organization. Sometimes something expensive or hard to replace is stored on the computer, and the hacker wants it gone. Sometimes it can even boil down into terrorism, depending on the industry.

The long and the short of it is that you shouldn’t plug in a USB if you don’t definitely recognize it as yours.

Sources: https://resources.infosecinstitute.com/topic/usb-killer-how-to-protect-your-devices/

https://www.independent.co.uk/life-style/gadgets-and-tech/news/russian-computer-researcher-creates-usb-killer-thumb-drive-will-fry-your-computer-seconds-a6696511.html

https://us-cert.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_WannaCry_Ransomware_S508C.pdf

Web app attacks are up 800% compared to 2019

Jeff Technology, Trends December 7, 2020

Report finds many attacks focus on companies least impacted by COVID-19 outbreak

Web application attacks have increased by over 800%, according to the State of the Web Security for H1 2020 report.

Published by CDN and cloud security provider CDNetworks, the report found that during the first half of this year, web application attacks, which use malformed requests or injected payloads to steal data, modify data or obtain privileges illicitly, increased nine times relative to H1 2019.

CDNetworks saw and blocked over 4.2 billion web application attacks during H1 2020.

The statistic show that web application attacks in the public sector surpassed attacks in retail venues, making the public sector the single most attacked industry during this period

“In fact, over 1 billion of the web attacks were targeted toward the public sector, which accounts for 26% of total attacks,” the report says. “Equally disturbing is the fact that with artificial intelligence (AI) becoming a vital part of cybersecurity, hackers are now using machine learning to detect and crack vulnerabilities in networks and systems.”

The company collected anonymized data from its clients and said the statistics showed enterprises are “experiencing challenging times in their attempts to defend against cyber attacks and protect their online assets.”

The report also found that DDoS attack incidents saw over a 147% year-on-year growth as of H1 2020. This increase peaked in February and March and remained at elevated levels. Similarly, attack peaks more than doubled in H1 2019 compared to H1 2020. The study found the most prevalent DDoS attacks were SYN flood at 53% and UDP flood at 35%. ACK flood and ICMP flood attacks were significantly lower at 8% and 4%, respectively

According to the report, bot attacks nearly doubled in 2020 with 10.38 billion bot attacks blocked by the firm. CDNetworks said this figure was 97% higher than H1 2019. On average, CDNetworks blocked 660 bot attack incidents, nearly doubling H1 2019.

Bot attacks relate directly to economic trends. In previous years, bot attacks focused on tourism and related industries, such as transportation and hospitality. But COVID-19’s impact on tourism and hospitality, online services, e-commerce and gaming are now bot attacks’ primary targets.

The report added that hackers are extremely sensitive to industry transformations and switch their attack tools and methods to keep pace with these changes.

“Nowhere is this more evident than with the Covid pandemic, where a decline in the tourism industry has prompted attackers to move toward exploiting online learning, telecommuting, and other businesses that are flourishing during the current pandemic,” the report’s authors said.

 

We’re Elixis Technology

In the ever-changing, technology-centric world we live in, it’s vital to have an I.T. solution source you can count on. At Elixis Technology, it is our mission to help businesses — big and small — produce the results their customers demand, with technology that actually works.

.

News Source: https://www.itpro.co.uk