Tag Archives: Cybersecurity

The Microsoft Secured-core PC Initiative Explained!

The Microsoft Secured-core PC Initiative Explained!

Microsoft and their hardware partners just announced the Secured-core PC initiative to combat threats that target the PC’s firmware and operating system.

With help from David Weston, Partner Director of Microsoft OS Security, here is everything you need to know about the Secured-core PC initiative!


What Is The Secured-core PC Initiative?

Secured-core PC is a new Microsoft initiative that they just announced. In partnership with their hardware partners, they aim to create a specific set of requirements for devices that are meant for secure use.

These requirements will apply the best practices in data security – isolation and minimal trust in the firmware layer and the device core that underpins the Windows operating system.

Secured-core PC devices will be targeted at industries like financial services, government and healthcare, and anyone who work with valuable IP, customer or personal data. They would also be useful for persons of interest, who would be high-value targets for hackers and nation-state attackers.


Is There A Need For Secured-core PC?

As more protection is built into the operating system and connected services, attackers are exploring other methods with firmware emerging as a top target.

The NIST’s National Vulnerability Database shows a near 5X increase in the number of firmware vulnerabilities in the last 3 years :

In late 2018, security researchers discovered that the hacking group Strontium targeted systems in the wild with malware that made use of firmware vulnerabilities.

Because it targeted firmware, the malicious code was hard to detect, and difficult to remove. It even persists after the operating system is reinstalled, or the storage drive replaced!


Why Is Firmware The New Target?

Firmware is used to initialise the hardware and software when a device is started up. It therefore has a higher level of access and privileges than the hypervisor and operating system kernel.

This means firmware attacks that succeed can undermine protective mechanisms like Secure Boot that the hypervisor or operating system use to protect against malware.

Firmware attacks can more easily evade endpoint protection and detection solutions, because the latter run under the operating system layer, and therefore have limited visibility of the firmware layer.


What Is A Secured-core PC Made Up Of?

Secured-core PCs will combine multiple layers of protection – identity, virtualisation, operating system, hardware and firmware – to prevent attacks, rather than simply detecting them.

They all ensure that the device will boot securely and is protected against firmware vulnerabilities, shielding the operating system from attacks and preventing unauthorised access to the device and data.

Recommended : How AMD CPUs Work In A Secured-core PC Device

System Guard Secure Launch

Microsoft is now implementing System Guard Secure Launch in Windows 10 as a key Secured-core PC requirement.

System Guard uses the Dynamic Root of Trust for Measurement (DRTM) capabilities built into the latest processors from AMD, Intel and Qualcomm, to protect the boot process from firmware attacks.

The firmware is used to start the hardware, and then shortly after, re-initialise the system into a trusted state. This helps to limit the trust assigned to the firmware, greatly mitigating against firmware attacks.

This method also helps protect the integrity of the Virtualisation-Based Security (VBS) feature in the hypervisor against firmware vulnerabilities. This is critical because VBS is used for important OS security functions like Windows Defender Credential Guard and Hypervisor-protected Code Integrity (HVCI).

Trusted Platform Module 2.0

Microsoft is also implementing Trusted Platform Module 2.0 (TPM) as a device requirement for Secured-core PCs.

It is used to measure the components that are used during the secure launch process, allowing for zero trust networks using System Guard runtime attestation.


Secured-core PC Availability

Secured-core PC devices are available from Dell, Dynabook, HP, Lenovo, Panasonic and Microsoft’s own Surface brand.


Recommended Reading

Go Back To > Cybersecurity | ComputerHome


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Dell EMC PowerProtect DD for Multi-Cloud Data Protection

At Dell Technologies Forum 2019, Dell Technologies announced their next-generation Data Domain protection storage appliances – the Dell EMC PowerProtect DD Appliance.

They also announced changes and improvements to Dell EMC Cyber Recovery and PowerProtect Software.

Here is everything you need to know about the new Dell EMC PowerProtect DD Appliances, as well as Cyber Recovery and PowerProtect software updates.


The Need For Dell EMC PowerProtect DD

As businesses become more data-driven, there is a corresponding increase in the amount of data they create and retain.

According to Dell EMC, organisations in Asia Pacific and Japan manage an average of 8.13 petabytes of data in 2018 – a 384% increase over 2016.

All that data is vulnerable, even if they are stored in the cloud. That’s where Dell EMC comes in with their PowerProtect DD Series Appliances.

They are designed to protect a business’ data storage, with the ability to quickly restore their systems in times of disruption to ensure business continuity.


Dell EMC PowerProtect DD for Multi-Cloud Data Protection

The new PowerProtect DD appliances are the latest addition to the Dell EMC PowerProtect portfolio. Designed to offer data protection for multi-cloud workloads, PowerProtect DD offers :

Faster Performance

The PowerProtect DD appliances offer up to 38% faster backups, and up to 36% faster restores.

They can provide instant access and instant restores of up to 60,000 IOPS for up to 64 virtual machines, with support for 25 GbE and 100 GbE network speeds.

Greater Efficiency

PowerProtect DD can provide up to 1.25 PB of usable capacity in a single rack, with hardware-assisted compression to increase logical capacity by up to 30%.

Its small footprint also saves power and cooling requirements by up to 35%, increasing ROI for organisations.


PowerProtect DD is scalable, with grow-in-place capacity expansion from 1 terabyte all the way to 1.25 petabytes.

Data Protection For Multi-Cloud Workloads

PowerProtect DD supports multiple public clouds, and can natively tier deduplicated data. It can also scale across on-premise and hybrid cloud environments.

Single Pane of Glass Management

Its PowerProtect DD Management Center allows for the aggregated management for multiple systems. Customers can monitor the health and status of all their appliances on-premise and in the cloud, as well as manage capacity and replications.


Improved Cyber Recovery + PowerProtect Software

Dell EMC also announced improvements to Cyber Recovery and PowerProtect Software :

  • Cyber Recovery now supports workloads protected with PowerProtect Software and stored on the new PowerProtect DD Series Appliances
  • Cyber Recovery can now automate restores from a secure and isolated vault, giving customers an additional layer of data protection
  • PowerProtect Software adds more integrated with VMware vSphere, offering simplified data protection management and self-service recovery
  • PowerProtect Software also now supports Dell EMC Cloud Disaster Recovery, allowing the automated disaster recovery of VMware workloads in the public cloud


Dell EMC PowerProtect DD Availability

The three new PowerProtect DD Series Appliances – PowerProtect DD6900, PowerProtect DD9400 and PowerProtect DD9900 – will be available globally 30 September 2019 onwards through Dell Technologies channel partners

Dell EMC Data Domain Virtual Edition and Dell EMC Data Domain DD3300, now branded Dell EMC PowerProtect DD Virtual Edition and Dell EMC PowerProtect DD3300, are available now

Enhancements to Dell EMC PowerProtect Cyber Recovery and PowerProtect Software are available globally, with immediate effect.


Recommended Reading

Go Back To > Computer Systems | Business + Enterprise | Home

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Acronis True Image 2020 – Everything You Need To Know!

Acronis True Image 2020 was just released, and it is the first personal data protection solution to automate the 3-2-1 backup rule!

Here is EVERYTHING you need to know about Acronis True Image 2020!


Acronis True Image 2020

Acronis True Image 2020 is the first major update since True Image 2018 was released two years ago.

With this release, Acronis believes it has successfully addresses all Five Vectors of Cyber Protection – ensuring the safety, accessibility, privacy, authenticity and security of the user’s data (SAPAS).

Like its predecessor, it combines data backup and recovery capabilities, with anti-malware technology. The new release though boasts more than 100 enhancements. Let’s take a look at some of them…

Dual Protection In True Image 2020

Acronis True Image 2020 is the first personal data protection solution to automate the 3-2-1 backup rule.

It will automatically replicate local backups into the cloud, so you will always have an off-site copy for recovery.

After you completed the first backup, the backup and replication process will henceforth occur simultaneously.

True Image 2020 Tray Notifications Center

Acronis True Image 2020 now pushes messages about your data to your desktop tray, so you can easily monitor the status of your backups.

In addition to alerting you to urgent issues that require your response, it will also send you tips on how to enhance your computer’s protection.

Back Up Only On Selected Wi-Fi Networks

You will now have greater control, including the ability to select which Wi-Fi network to transfer your back-ups.

This allows you to avoid costly metered connections, and insecure public networks that could put your data at risk.

Custom Power Management

You will also have control on when your backups will run while you are on battery power. You can :

[adrotate group=”2″]
  • completely prevent backups whenever you are on battery power,
  • set a minimum power level for backups to run

Mac Power Nap Backups!

Acronis True Image 2020 will support Power Nap backups. Enable it, and your Mac will backup its data during its Power Nap.

In addition, any changes to your Mac’s data during its Power Nap will be captured in those backups too!


Acronis True Image 2020 Price + Availability

Acronis True Image 2020 is available in three versions, with immediate effect :

Standard Edition

This is a perpetual license designed for customers who store their data on local drives only.

It does not come with cloud storage or cloud-based features. However, you can make local backups of an unlimited number of mobile devices.

Pricing starts at $49.99 for one computer.

Advanced Edition

This is a one-year subscription that includes 250 GB of Acronis Cloud Storage, and access to all cloud-based features.

You will be able to make both local and cloud backups of an unlimited number of mobile devices.

Pricing starts at $49.99 per year for one computer.

Premium Edition

This is a one-year subscription that includes blockchain-based data certification and electronic signature capabilities, as well as 1 TB of Acronis Cloud Storage.

Pricing starts at $99.99 per year for one computer.

All versions include Acronis Active Protection – an AI-powered anti-malware protection, and covers an unlimited number of mobile devices.


Recommended Reading

Go Back To >  Software | Cybersecurity | Home


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Kaspersky Selects Malaysia For APAC Transparency Center!

Kaspersky just announced that they have selected Malaysia as the site for their APAC Transparency Center!

Here is everything you need to know about the third Kaspersky Transparency Center, and why they chose Malaysia.


The Kaspersky Global Transparency Initiative

The Kaspersky Global Transparency Initiative began in October 2017, as a way to allay fears that Kaspersky Lab products and services had backdoors built-in.

It was really an extension of Eugene Kaspersky’s offer to show Kaspersky Lab source codes to the US government.

For a more detailed take on the Kaspersky Global Transparency Initiative, we recommend :


Kaspersky Global Transparency Initiative APAC Update

The Managing Director for Asia Pacific at Kaspersky, Stephan Neumeier, kicked off the launch with an update on the Kaspersky Global Transparency Initiative, with a focus on the APAC region.

  • Started relocating customer data storage and processing infrastructure for European users from Russia to Zurich, Switzerland, to be completed by the end of 2019.
  • Opened two Transparency Centers in Europe – in Zurich (November 2018) and Madrid (June 2019). The Spanish Center also serves as a briefing center for key company stakeholders.
  • Successfully completed the Service Organization Control for Service Organizations (SOC 2) Type 1 audit. The final report, issued by one of the Big Four accounting firms, confirms that the development and release of Kaspersky’s threat detection rules databases (AV databases) are protected from unauthorised changes by strong security controls.
  • Since announcing the Bug Bounty program’s extension, Kaspersky resolved 66 bugs reported by security researchers and awarded almost $45,000 in bounty rewards.
  • Kaspersky also supports the io framework which provides Safe Harbor for vulnerability researchers concerned about potential negative legal consequences of their discoveries.
[adrotate group=”1″]


Why Kaspersky Selected Malaysia For The APAC Transparency Center

Kaspersky revealed that their APAC Transparency Center will be located in Cyberjaya, in partnership with CyberSecurity Malaysia.

Cyberjaya was selected because of its central location and close proximity to many key Kaspersky clients in APAC, as well as other security- and infrastructure-related reasons.


What Is The Kaspersky APAC Transparency Center For?

The new Kaspersky APAC Transparency Center in Malaysia will serve as the third trusted code review facility, after Zurich and Madrid.

Government regulators and Kaspersky enterprise clients can request to come to the Kaspersky APAC Transparency Center to examine or review :

  • source code of Kaspersky consumer and enterprise solutions, like Kaspersky Internet Security (KIS), Kaspersky Endpoint Security (KES) and Kaspersky Security Center (KSC)
  • Kaspersky’s threat analysis, secure review and application security testing process
  • all versions of Kaspersky software builds, and AV database updates
  • data feeds that are sent by Kaspersky products to the cloud-based Kaspersky Security Network (KSN)

It will also function as a briefing centre, where guests will be able to learn about Kaspersky’s engineering and data processing practises.

This new Kaspersky Transparency Center is slated to open for its first visitors in early 2020. Like the other Transparency Centers, access is available only upon request.


Suggested Reading

Go Back To > Cybersecurity | Home


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

US Tech Companies Pressure Trump On Lifting HUAWEI Ban!

US tech companies pressured US President Donald Trump into lifting the HUAWEI ban, after he vacillated on his decision to let them sell to HUAWEI again last month.

After a face-to-face meeting with seven of the top US tech companies, Trump agreed to facilitate the resumption of business ties with HUAWEI.


Lifting The HUAWEI Ban : Didn’t Trump Already Agree To It???

On 29 June 2019, Donald Trump said that “he would allow HUAWEI to once again buy US products“, calling it “no great national emergency“.

Perhaps because he foolishly revealed that he “agreed easily” to let US tech companies do business again with HUAWEI, there was a backlash by China hawks in the US government.

Credit : CNN

It even resulted in the introduction of legislation by a bipartisan group of senators to block Trump from removing HUAWEI from the trade blacklist until national security concerns have been addressed.

As a result, the lifting of the HUAWEI ban was literally put on hold.


Tech Meeting Agenda : Lifting The HUAWEI Ban

On Monday, 22 July 2019, the CEOs of seven top US tech companies – Google, Cisco, Intel, Broadcom, Micron and Western Digital – sat down with Donald Trump and four other key trade officials :

  • Larry Kudlow (Director of the National Economic Council),
  • Steven Mnuchin (Treasury Secretary),
  • Wilbur Ross (Commerce Secretary), and
  • Robert Lighthizer (top US trade negotiator).

Their agenda was very clear-cut – lifting the HUAWEI ban, so they can resume selling to one of their top business partners.

Broadcom, for instance, expects to lose $12 billion in sales because of the HUAWEI ban.


How Wilbur Ross Screwed Up The Process

US Commerce Secretary, Wilbur Ross, has come under fire recently for incompetence and lack of leadership, with a penchant to sleep during meetings.

No wonder the seven US tech companies pointedly criticised Ross for not providing “clear guidelines” on selling to HUAWEI after Trump announced that “he would allow HUAWEI to once again buy US products“.

Ross had said that licenses would be issued where there is no threat to US national security, but has not been forthcoming with the details.

It was only last week that Reuters reported that the slow bureaucracy at the US Commerce Department could start approving licences for US companies to start selling again to HUAWEI in a matter of weeks.


No Lifting Of HUAWEI Ban… Just Yet

It was at this meeting that they successfully pressured Donald Trump into agreeing to make “timely licensing decisions” on sales to HUAWEI.

In other words, Trump went back on his words (yet again), this time on lifting the HUAWEI ban. Chinese President Xi must be pulling his hair out in frustration!

Photo Credit : Nikkei

But this meeting with US tech giants has forced the White House into publicly agreeing to the timely licencing of sales to HUAWEI.

This lets Trump claim that he isn’t really lifting the HUAWEI ban, just allowing sales that do not contravene US national security interests.


A Big Win For HUAWEI

Although this is not the lifting of the HUAWEI ban that Trump initially claimed, it is still a big win for HUAWEI.

They successfully convinced the CEOs of seven top US tech companies to physically pressure Donald Trump into partially lifting the ban.

Although the mechanism for licensing sales to companies under the US Entity List already exists, there is a presumption of denial – which means, in reality, it’s virtually impossible to get those licences.

When the White House agreed to provide those licences at the meeting, what it really means is that HUAWEI will soon be able to purchase at least some of what they need from US companies.


Recommended Reading

Go Back To > Mobile | Business | CybersecurityHome


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Dimension Data Expert Panels On Cyberattack Mitigation + Cloud Security

Dimension Data organised two expert panels on cyberattacks and cloud security, as part of their coverage of the 2019 NTT Security Global Threat Intelligence Report.

Find out what cybersecurity experts from Dimension Data, Cisco and more think about cloud security, cyberattacks and mitigating them.


Dimension Data Expert Panels On Cyberattack Mitigation + Cloud Security

Freda Liu hosted the two expert panels with Cisco, Recorded Future, F5 and Cybersecurity Malaysia and Mark Thomas, Dimension Data’s VP of Cybersecurity.

The two expert panels addressed the chief concerns of their clients, namely on cloud security, and the mitigation of cyberattacks.


Dimension Data Panel #1 : Top Cyberattacks + Mitigation Tips

Enterprises are continuously experiencing cyberattack survey in today’s digital world. Challenges like compliance management, coin mining, web-based attacks, and credential theft have been seen over the past year.

In this session, the Dimension Data panel of experts will provide insights about top cyberattacks and shifting threat landscape. They also discussed best practices and practical measures you can take to bolster your cybersecurity defences.


Dimension Data Panel #2 : Security In The Cloud

Today, cybersecurity leaders’ jobs are made more difficult as the number of areas and ‘things’ that need to be secured is constantly increasing.

Your infrastructure is no longer just physical, it’s cloud, and hybrid too.

What are the people, process and tools you need in place to help improve your organisation’s resilience and embark on the journey to world-class cybersecurity?


Recommended Reading

[adrotate group=”2″]

Go Back To > CybersecurityEnterprise + Business | Home


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Top Three 2019 Cybersecurity Predictions By Dimension Data

Mark Thomas, VP of Cybersecurity at Dimension Data, recently shared with us his top three cybersecurity predictions for 2019.

  • Increased Benchmarks Will Improve Standards
  • A Strong Future For Predictive Threat Intelligence
  • Cybersecurity Investments Become More Strategic


The 2019 Cybersecurity Landscape

Cybercrime currently represents one of the top 10 biggest threats to our globe during 2019 – and it’s showing no sign of ebbing away. The approaches of hackers are increasing in sophistication, the volume of their attacks is intensifying, and successful breaches are causing more damage than ever before.

But as threats and attack types evolve, so too do our methods of defending against them, sparking levels of innovation previously unseen.

And despite the fact that 2018 represented a record year for the number of new business vulnerabilities discovered (a 12.5% upsurge from 2017), the most commonly attacked industries across the globe are also those best-equipped to guard against the latest criminal advances.

But what lessons can we learn from their success? Here are three ways the cybersecurity landscape is going to change over the coming years.

2019 Cybersecurity Prediction #1 : Increased Benchmarks Will Improve Standards

According to NTT Security’s 2019 Global Threat Intelligence Report, the average global cybersecurity maturity rating languishes at 1.45 out of 5 – a score determined by an organisation’s holistic approach to cybersecurity from a strategy, process, metrics and tools perspective.

At first glance, this rating makes for grim reading, but encouragingly, this increase in ‘cybermaturity’ benchmarking is galvanising many forward-thinking companies to make considerable changes in order to ramp up their security posture.

Among those are the two most ‘cybermature’ industries: finance and technology. It should come as no surprise that two such dominant sectors bear the brunt of the cybercrime offensive, each experiencing 17% of all attacks recorded in 2018.

Yet despite enduring this barrage, the finance and tech industries also boast the highest ‘cybermaturity’ rating of any industry, with 1.71 and 1.66 respectively.

It’s from these heightened levels of ‘cyberpreparedness’ that the majority of businesses – regardless of size, sector, or market – can draw some vital lessons from. By benchmarking their maturity, companies are showing a real willingness to inspire positive change; with a greater focus on predictive threat intelligence, more considered and strategic investments, and higher levels of internal and external collaboration representing some of the most critical approaches separating the best-fortified organisations.

Indeed, the finance and technology sectors are the industries most keen to team up with external partners to evolve their long-term strategies and next-generation architectures, unlocking access to trillions of logs and billions of attack records that can be used to shape a more predictive approach to cybersecurity defence.

2019 Cybersecurity Prediction #2 : A Strong Future For Predictive Threat Intelligence

With business vulnerabilities at a record high, the rise of predictive threat intelligence represents one of the most tangible and accessible ways that organisations can immediately bolster their security programmes.

The concept of cybersecurity defence evolving from a reactive to a more predictive model isn’t going to cause shockwaves among IT teams, but with our understanding of AI and machine learning technologies increasing – and attackers’ methods becoming more sophisticated in tandem – its application has never been more pertinent.

In fact, the market for threat intelligence tools is now expected to surge to USD 12.9 billion by 2023, at a growth rate of 19.7% each year.

This prediction, along with news that venture capital firm Insight Partners has splashed out USD 780 million on threat intelligence company Recorded Future, indicates this field is about to go through a sustained period of unprecedented innovation.

One of the secrets to unlocking the potential to predictive threat intelligence lies in the amount of threat information you are able to collect. Security teams need to start digging deeper into the murkier and harder to reach corners of the internet – such as the dark web – to outsmart the bad guys.

With machine learning potentially monitoring billions of logs, patterns can be identified and automated safeguards established so that attacks can be deflected instantly.

And the more granular you can go, the better – it affords security and IT teams with that much-needed structure and context to turn raw data into actionable intelligence.

2019 Cybersecurity Prediction #3 : Cybersecurity Investments Become More Strategic

With almost two-thirds of companies citing a poor understanding of their current risk profile as the primary inhibitor to a better cybersecurity posture, it’s clear that in order to better bolster their barricades, organisations must exercise a more strategic and calculated approach to cybersecurity investment.

The good news is that senior executives are finally prioritising cybersecurity as a critical boardroom concern – but from the lowly 1.45 out of 5 average cybermaturity rating, it’s painfully clear that ambitions are outpacing preparedness. This benchmark needs to change – but where should organisations channel their investment in order to best fortify their defences?

With the cryptocurrency market surging by 51% since the start of 2019, illicit cryptojacking techniques have followed suit, skyrocketing by a staggering 459% last year.

To best prevent, detect, and recover from cryptojacking, organisations should consider introducing egress and ingress filtering restrictions to moderate outbound traffic, denying stratum protocol usage, or segmenting your network environments to make it more difficult for an attacker to penetrate an attack through your entire network.

Segmenting your network environments is a method that can also be applied when defending against web-based attacks, which doubled during 2018 and now account for almost a third of all hostile traffic.

Performing regular vulnerability scans will help you identify issues earlier on during the development cycle, while enforcing secure coding practices will ensure applications remain solid from the moment throughout their design and launch.

Of course, the level of investment in these areas depends on your market and sector, where frequency and volume of attack types can vary greatly – but regardless of industry or location, one key focus cannot be ignored – compliance.

Embedding compliance requirements into your strategy is essential, and with such a wealth of information-sharing and collaborative tools available, there’s no excuse for not keeping pace with the latest regulatory requirements.

Success is achieved when organisations invest proportionately in people, processes, and tools to provide a solid foundation of security and data privacy expertise, across all technology stacks. Benchmarking yourself against industry best practices and control frameworks provides an easy way to measure the return on an organisation’s security investment.

Simply put, you cannot manage what you cannot measure, so it’s critical companies understand their compliance posture and plan ahead so they can achieve their security ambitions.


More On The 2019 Cybersecurity Landscape

We had the opportunity to sit down with Mark Thomas, VP of Cybersecurity and other members of Dimension Data (now part of NTT Limited) for a Q&A session on the 2019 NTT Security GTIR and cybersecurity landscape.

You can download the executive guide to the 2019 NTT Security Global Threat Intelligence Report here.


Recommended Reading

Go Back To > CybersecurityEnterprise + Business | Home


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The 2019 NTT Security GTIR : Top 4 Cybersecurity Highlights!

Here are the top 4 highlights of the newly-released 2019 NTT Security GTIR (Global Threat Intelligence Report)!

Find out what NTT Security discovered in their research on the current state of cybersecurity across the world!


The 2019 NTT Security GTIR : Top 4 Cybersecurity Highlights!

2019 NTT GTIR Highlight #1 : Cybersecurity Vulnerabilities

2018 set a new record – over 16,500 new vulnerabilities identified and reported in a single year!

Many of those vulnerabilities, like GNU Bash (also known as Shellshock), were discovered in older software that have been present for years.

Other vulnerabilities were, ironically, introduced through patches meant to fix other vulnerabilities.

NTT Security’s research also showed that the time-to-fix increased for all risk levels, except for medium risks. In addition, the window of exposure across all industries remains too long.

2019 NTT GTIR Highlight #2 : Cybersecurity Maturity

Globally, the average cybersecurity maturity rating stands at 1.45 out of 5 – a score which NTT Security considers to be extremely worrying, especially when security vulnerabilities are surging to a record high (up 12.5% from 2017).

The finance (1.71) and technology (1.66) sectors boast the highest maturity ratings, and continue to ramp up their security posture.

This is most likely prompted by their positions as the most commonly targeted industries, each accounting for 17% of all attacks recorded in 2018.

Interestingly, NTT Security noted that the attack volume correlated with the organisation’s willingness to improve their cybersecurity defences.

Regionally, MEA and Australia are the most prepared, and have the highest cybersecurity maturity ambitions.

But ambitions outpaced preparedness most noticeably in the Americas and Europe – they both fall behind the global benchmark.

2019 NTT GTIR Highlight #3 : Attack Types

After scouring trillions of logs and billions of attacks, NTT Security reported the most common attack types, with web attacks the most prevalent threat. They have doubled in frequency since 2017, and accounted for 32% of all attacks detected last year.

Reconnaissance (16%) was the next most common hostile activity, closely followed by service-specific attacks (13%) and brute-force attacks (12%).

Interestingly, cryptojacking sometimes accounted for more detections than all other malware combined!

2019 NTT GTIR Highlight #4 : Attack Locations

Globally, 35% of attacks originate from IP addresses within the US and China, followed by EMEA and APAC.

NTT Security points out that attackers are leveraging the infrastructure in the US and China to launch attacks. And remember – the attack source IP address does not always reflect the attacker’s true location.


More On The 2019 NTT Security GTIR

We had the opportunity to sit down with Mark Thomas, VP of Cybersecurity and other members of Dimension Data (now part of NTT Limited) for a Q&A session on the 2019 NTT Security GTIR and cybersecurity landscape.

You can download the executive guide to the 2019 NTT Security Global Threat Intelligence Report here.


Recommended Reading

Go Back To > CybersecurityEnterprise + Business | Home


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Why Cybersecurity Is Critical For Industry 4.0 Success

Yeo Siang Tiong, the General Manager of Kaspersky Southeast Asia, recently shared with us why cybersecurity is critical for Industry 4.0 initiatives to succeed.

While he uses Malaysia’s drive to implement Industry 4.0 as an example, the lessons are universal and apply across the world.

Let’s hear it from Mr. Yeo Siang Tiong!


Why Cybersecurity Is Critical For Industry 4.0 Success

The term Industry 4.0 was first used at the Hanover Fair, as a reference to the latest industrial strategy which has been termed the fourth industrial revolution.

According to the explanation by Ministry of International Trade and Industry Malaysia [1] I have read months ago, Industry 4.0 is referred to as production of manufacturing based industries digitalization transformation, driven by connected technologies.

Together with autonomous robots, big data analytics, cloud computing, Internet of Things, additive manufacturing, system integration, augmented reality and simulation, in my opinion, cybersecurity is among the main pillars of Industry 4.0.

Why? Because while the cyber-physical systems connected without wires, automated and with lesser human touch points promise more efficient processes and communications, this also exposes systems to potential cyberattacks.

Greater connectivity brought about by Industry 4.0 will require greater security attention for ICS security because the Fourth Industrial Revolution is a double-edged sword which countries and companies should use wisely.

It is great to note that Malaysia is currently ranked third globally among 193 International Telecom Union members, in terms of the level of national commitment to addressing cybersecurity risks.

In 2018, Ministry of International Trade and Industry Malaysia launched INDUSTRY 4WRD, a national policy on Industry 4.0, to place policies and guidelines in place to ensure Malaysian manufacturing industry and its related services would be ready, to be smart, systematic and resilient.

The policy has the overarching philosophy – A-C-T, Attract, Create and Transform.

The government’s efforts are indeed being commended worldwide. Proof is the Readiness for the Future of Production Report 2018 [2] which put Malaysia in the “Leader” quadrant, positioned well for the future. Malaysia and China are the only two non-high-income countries in this coveted quadrant.

One important area for improvement that I know if will be the human force. Malaysia has shortage of required talents, skills and knowledge for Industry 4.0, particularly in the areas of IoT, robotics and AI.  The lack of talents in the fields of IoT is hypocritical for Malaysia Industry 4.0 especially in the areas of exposure to cyber threats.

However, let us not miss the commitment uttered by the Ministry of Education Malaysia [3] saying that cybersecurity must be introduced at the grassroot level, especially among the schoolchildren. The department of Polytechnic and Community College Education and Politeknik Mersing in Johor is also off to set up the Cyber Range Academy, which provides the students with an authentic learning environment in the threat landscape.

For our part, Kaspersky understands the cyber security needs in ensuring the success of Industry 4.0 and have solutions in place – Industrial CyberSecurity (ICS), with the aim to protect companies from three main risks [4].

Firstly, unintentional infection of an industrial network.  In theory, industrial information networks should not be connected to office networks, and should also not have direct access to the internet.  However, sometimes without intending to cause any harm, staff will connect infected removable drives to industrial computers or access the internet to update software on the server, resulted malware manages to penetrate the network.

Secondly, it is not unusual for people who are professionally versed in industrial systems to try and use that knowledge to trick their employer, which cause serious harm to the business.

Thirdly, cyberwar, targeted actions that are intended to cause damage. Two years ago, a massive data breach saw more than 46 million mobile subscribers in Malaysia leaked on to the dark web.

For companies to reach their Industry 4.0 goals, all components have to be protected.

Remember ShadowHammer [5] which Kaspersky team highlighted in the research back in March?  Executable files, found in reputable and trusted large manufacturer, contained malware features, which upon careful analysis confirmed been tampered by malicious attackers.

To avoid being victims and ensuring a clearer path to achieving Industry 4.0 [6], we suggest to:

    • Regularly update operating systems, application software, and security solutions
    • Apply necessary security fixes andaudit access control for ICS components in the enterprise’s industrial network and at its boundaries
    • Provide dedicated training and support for employees as well as partners and suppliers with access to your network
    • Restrict network traffic on ports and protocols used on edge routers and inside the organization’s OT networks
    • Use ICS network traffic monitoring, analysis and detection solutions for better protection from attacks potentially threatening technological process and main enterprise assets
    • Deploy dedicated securitysolutions on ICS servers, workstations and HMIs, such as Kaspersky Industrial CyberSecurity. This solution includes network traffic monitoring, analysis and detection to secure OT and industrial infrastructure from both random malware infections and dedicated industrial threats
    • Form a dedicated security team for both IT and OT sectors
    • Equip these security teams with proper cybersecurity training as well as real-time and in-depth threat intelligence reports

[1] FAQs on Industry 4.0

[2] National Policy on Industry 4.0

[3] Bridging the talent gap in cybersecurity

[4] Securing Industrial Revolution 4.0

[5] Operation ShadowHammer: a high-profile supply chain attack

[6] Almost every second industrial computer was subjected to malicious cyber activity in 2018


What Is Industrial Revolution 4.0?

Industrial Revolution 4.0, also known as the Fourth Industrial Revolution or Industry 4.0, is a term that is applied towards the current trend of intelligent automation that is enabled by information technology, interconnectivity and data analytics.


Industry 4.0 employs a wide range of technologies to achieve those aims, such as mobile devices, Internet of Things, smart sensors, big data analytics, augmented reality, cloud computing, and more.

Countries and corporations that successfully make use of these technologies will greatly improve their productivity. Hence, there is great interest by governments and companies to develop and accelerate their IR 4.0 capabilities.


Why AI Digital Intuition Will Deliver Cyberimmunity By 2050!

In his first prediction for Earth 2050, Eugene Kaspersky believes that AI digital intuition will deliver cyberimmunity by 2050. Do YOU agree?


What Is Earth 2050

Earth 2050 is a Kaspersky social media project – an open crowdsourced platform, where everyone can share their visions of the future.

So far, there are nearly 400 predictions from 70+ visionaries, from futurologist Ian Pearson, astrophysicist Martin Rees, venture capitalist Steven Hoffman, architect-engineer Carlo Ratti, writer James Kunstler and sci-fi writer David Brin.

Eugene himself dabbles in cyberdivination, and shares with us, a future of cyberimmunity created by AI digital intuition!


Eugene Kaspersky : From Digital Intuition To Cyberimmunity!

In recent years, digital systems have moved up to a whole new level. No longer assistants making life easier for us mere mortals, they’ve become the basis of civilization — the very framework keeping the world functioning properly in 2050.

This quantum leap forward has generated new requirements for the reliability and stability of artificial intelligence. Although some cyberthreats still haven’t become extinct since the romantic era around the turn of the century, they’re now dangerous only to outliers who for some reason reject modern standards of digital immunity.

The situation in many ways resembles the fight against human diseases. Thanks to the success of vaccines, the terrible epidemics that once devastated entire cities in the twentieth century are a thing of the past.


However, that’s where the resemblance ends. For humans, diseases like the plague or smallpox have been replaced by new, highly resistant “post-vaccination” diseases; but for the machines, things have turned out much better.

This is largely because the initial designers of digital immunity made all the right preparations for it in advance. In doing so, what helped them in particular was borrowing the systemic approaches of living systems and humans.

One of the pillars of cyber-immunity today is digital intuition, the ability of AI systems to make the right decisions in conditions where the source data are clearly insufficient to make a rational choice.

But there’s no mysticism here: Digital intuition is merely the logical continuation of the idea of machine learning. When the number and complexity of related self-learning systems exceeds a certain threshold, the quality of decision-making rises to a whole new level — a level that’s completely elusive to rational understanding.

An “intuitive solution” results from the superimposition of the experience of a huge number of machine-learning models, much like the result of the calculations of a quantum computer.

So, as you can see, it has been digital intuition, with its ability to instantly, correctly respond to unknown challenges that has helped build the digital security standards of this new era.


Recommended Reading

Go Back To > Cybersecurity | Home


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Kaspersky Travel Scam Alert + Advisory For The Holidays!

Kaspersky Lab just issued a travel scam alert and advisory for this holiday season. Pay attention, so you will enjoy a great holiday!


Travel Scam Operations On The Rise!

Kaspersky Lab researchers have uncovered several travel scam operations last month, seeking to trick holiday-goers looking for great bargains.

Fraudsters Are Phishing For Unwary Victims

There were more than 8,000 phishing attacks, disguised as offers from popular lodging platforms. In fact, 7,917 of those phishing attacks specifically targeted people looking for Airbnb rentals.

In one example, fraudsters created a phishing page that look like an Airbnb page, and pretended to offer cheap city-centre rentals with high review scores. Once the victim confirmed and paid for the booking, both the fraudsters and the offer disappeared.

Spam Is Still Effective!

In just one day, the researchers detected 7 different fake email blasts that are very convincingly disguised as offers from popular booking platforms for airline tickets and accommodation.

Three of those spam emails actually offered FREE FLIGHTS in return for the completion of a short online survey, and sharing the link with other people. After answering just three questions, victims were asked to enter their phone numbers, which were then used to subscribe to paid mobile services.


Travel Scam Methods

Spam and phishing attacks were amongst the most effective attack vectors. They use social engineering to manipulate and exploit human behaviour.

Fake Websites

These travel scam operations are often very sophisticated, using fake sites that are almost identical to the legitimate websites.

They, therefore, easily trick unwary victims into handing over their credit card details, or pay for a product or service that does not exist.

Mobile Booking Risk

More people are booking their flights and accommodations on a mobile device, which makes it harder to spot fake links. This makes mobile users particularly vulnerable to both spam and phishing attacks.


Kaspersky Travel Scam Advisory

To avoid these travel scams, Kaspersky Lab recommends taking these security measures :

  • If an offer seems too good to be true, it probably is. AVOID IT!
  • CHECK the link in the browser’s address bar before you key in sensitive information like your login and password.
    If it is misspelled (e.g. airbnb.com.room.online), or does not match the page you are visiting (like this example below), or uses special symbols instead of letters, don’t key in any information. CLOSE THE PAGE!

An Expedia page with a Booking.com address??? Something’s NOT right…

  • Book your stay and tickets only with trusted providers.
    Make sure you are on their actual websites by typing in their address in the browser’s address bar.
  • NEVER click on links that come from an unverified source, whether it’s in an email, an instant message or through social networks.
  • Use a security solution with behaviour-based anti-phishing technologies like Kaspersky Security Cloud, or Kaspersky Total Security, which will warn you if you get tricked into visiting a phishing web page.


Recommended Reading

Go Back To > Cybersecurity | Home


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Fine For Scratching Nose A Wake-Up Call On AI Surveillance!

The recent case of a Chinese driver getting fine for scratching his face is a funny example of current AI surveillance technology. Yet it is also a wake-up call on the dangers of pervasive AI surveillance by the state.


Fined For Scratching Nose By AI Surveillance System!

A Jinan resident, Mr. Liu, was driving his car in the eastern Shandong province, when he raised his hand to touch his face. Most of us unconsciously do that 2 to 5 times per minute!

Unbeknownst to him, one of the many AI surveillance cameras in the city noticed his action, and issued him a fine of 50 yuan* and 2 demerit points for “driving while holding a phone“.

* Approximately $7.25 / £5.70 / €6.50 / RM 30

The Jinan AI surveillance system also sent him this screenshot of his traffic violation, as captured at 7:20 AM on 20 May 2019.

Just like many automated systems (looking at you, Facebook and Google!), there was no way to dispute the charge. Mr. Liu tried to sort out the situation over the phone, but “no one would help him“.

He only got justice by appealing to the court of public opinion on Sina Weibo, where his post went viral. Only then did the Jinan traffic police department take notice and investigate his complaint.

Two days later, they cancelled his ticket after confirming that he was only touching his face, and not actually using a phone while driving.


AI Surveillance In Chinese Cities

China has been working hard at developing smart cities, as part of their social engineering efforts to quell political dissent and encourage Chinese citizens to “behave properly”.

There are already over 170 million surveillance cameras across China, with a projected 400 million surveillance cameras installed by next year. And they are all controlled by AI surveillance systems.

Such extensive surveillance coverage has allowed the Chinese government to detect crimes and punish their citizens for them. It also feeds the new Social Credit System – a national reputation system that assess the economic and social reputation of every Chinese citizen and business.

However, such pervasive surveillance has led to serious privacy implications for the Chinese citizenry. Anyone who wants to understand the power, allure and dangers of AI surveillance should watch the TV series, Person of Interest.


The Dangers Of AI Surveillance

While AI surveillance technology is now quite incredible, this case has exposed its vulnerabilities and limitations.

  1. Human oversight is still necessary, because AI surveillance is not accurate enough to detect false positives.
  2. It may be tempting to make the AI surveillance system the judge, jury and executioner, but such systems need to implement the principle of “guilty beyond a reasonable doubt“, and that means ignoring anything that is not close to a 99.9% match.
  3. There should be an appeal system in place. It took a viral social media post to alert the Jinan traffic police department to the mistake.
  4. There is also the question of personal data security. Can the government securely store the data, without unsanctioned or illegal access? How long should they store the information before they are deleted?


Alibaba Cloud + The Malaysia City Brain

Alibaba Cloud is one of the chief architects of Chinese smart city initiative and AI surveillance capabilities with their ET City Brain that runs on their Tianchi Platform.

Last year, Alibaba Cloud announced their collaboration with the Malaysia Digital Economy Corporation (MDEC) to introduce the Malaysia City Brain.

The first phase of the Malaysia City Brain will kickstart with 382 AI traffic cameras at 281 traffic light junctions in Kuala Lumpur.

Although the Malaysian government is ostensibly implementing the Malaysia City Brain to “optimise the flow of vehicles and timing of traffic signals“, it is really a short step to the Chinese model of population and crime surveillance.


Recommended Reading

Go Back To > Cybersecurity| Enterprise | AutomotiveHome


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Incident Response – Five Key Factors CISOs Should Consider!

Maxim Frolov, Vice President of Global Sales, Kaspersky Lab, speaks about Incident Response, a critical tool of every cybersecurity team to respond to, and manage cyberattacks.

Here are five key factors he believes every CISO (Chief Information Security Officer) should consider while formulating their companies’ Incident Response process.


Cyberattacks Are Inevitable

As cyberattacks become more sophisticated and frequent, many CISOs agree that a cyberattack on their companies are inevitable.

They also believe that the speed and quality of their incident response are the most important factors in measuring their performance.

Hence, IT security departments are now focused, not just on preventing attacks, but also on identifying the issues in time to minimise damage.


What Is Incident Response?

Incident Response (IR) is the methodology a cybersecurity team uses to respond to, and manage cyberattacks. It aims to reduce damage and recover from an attack as quickly as possible.

A good incident response plan also includes a thorough investigation to learn from an attack, in order to prepare for and prevent a repeat attack in the future.


The Five Key Factors CISOs Should Consider About Incident Response

While CISOs understand that a well-developed, repeatable incident response plan is critical, they face five major issues in developing a good plan.

Factor #1 : Shortage Of Qualified Professionals

Incident response does not mean jumping into the remediation phase when an incident happens. It actually starts before an attack has occurred, and does not stop after the attack ends. In general, it consists of four stages :

  • Stage 1 : All responsible employees are prepared, so they know how to act when an attack happens
  • Stage 2 : Detection of an ongoing cybersecurity incident
  • Stage 3 : The incident response team eliminates the threat and recover affected systems
  • Stage 4 : The incident response strategy is reviewed based on this experience, to mitigate against a future attack

Such diversified activities require different types of professionals, who are in short supply. According to a Kaspersky Lab survey, CISOs find it quite impossible to find malware analysts (43%), specialists that can respond to an attack (20%) and threat hunters (13%).

The other issue is employee retention. Specialists know that they are in great demand, and easily switch to a rival organisation for a higher salary. It is, therefore, increasingly hard for companies to employ and retain a team to conduct the entire incident response process.

Factor #2 : Choosing Suitable Outsourcers

Because of the difficulties in forming an internal Incident Response team, many companies opt to outsource the job. However, it is no trivial task to choose a suitable third-party IR team.

A good outsourced Incident Response team should be proficient in the important IR competencies, namely threat research, malware analysis and digital forensics.

Their capabilities should be ascertained through vendor-neutral certification, and past experience. The diversity of their client base is also important – working in a variety of industries will allow them to find similarities in seemingly disparate cybersecurity cases.

Companies in strictly-regulated industries will have additional restrictions when they are considering outsourcing candidates. They can only choose from IR teams that meet specific compliance requirements.

Factor #3 : Cost Of Incident Response

Establishing and maintaining an in-house Incident Response team is costly. Not only are full-time specialists expensive, companies also need to purchase solutions and threat intelligence services their IR team will need for threat hunting, data analysis and attack remediation.

Yet they cannot afford not to have an IR strategy in place. The average cost of a data breach is on the increase, now amounting to US$1.23 million on average. This is an increase of 24% from US$992,000 in 2017.

Some organisations may find the outsourced model to be more cost-effective and flexible. However, enterprises that deal with numerous incidents will find it necessary to have an in-house IR team.

To save costs, organisations can employ a hybrid approach – forming an internal team of first-level responders, with external experts on retainer.

Factor #4 : Synergy With IT Department

Both the Incident Response team and the IT department must understand their respective roles and work together. After all, they have conflicting objectives when a cybersecurity incident occurs.

The IT team will want to shut down infected machines to reduce or prevent data loss, and stop the malware from spreading. On the other hand, the IR team will want to collect evidence, which would mean leaving the “crime scene” untouched even after the incident is over.

If the IT team disconnects the machines, and/or stores the logs for only three months; that would make the IR team’s work a great deal more difficult.

To avoid such issues, the internal IR team should provide tailored guidance or training for their IT colleagues. This would ensure that both teams are on the same page when an attack happens.

Factor #5 : Delays In Responding

Organisations that rely on outsourced IR teams can quickly get their incident response processes in place, because the external IR team is always at hand to step in and help resolve an incident.

However, this can only happen after contracts are signed, and agreements ratified; leading to a delay in incident response.

In Maxim’s experience, an organisation often comes back to work on Monday to discover that they were breached during the weekend. They will try to handle the incident for several days, before turning to external experts.

However, it’s usually Friday by the time they start seeking help. Even if they have a pre-vetted contractor to turn to, and rush the approval of an agreement; it will take several more days before the external IR team can get to work.

Hence, it is a good idea for organisations to have an internal Incident Response team (even if they are just first-level responders) that can quickly evaluate the incident and delegate responsibility.


The Most Effective Incident Response Strategy

For most large organisations, the hybrid approach to Incident Response is perhaps the most effective.

Combining a small in-house team with third-party responders will help them maintain an effective IR strategy, without the problems associated with maintaining a dedicated internal team or outsourcing the job completely.

Even though outsourcing incident response is attractive financially, it doesn’t mean the organisation can hand over the reins and absolve all responsibility for incident response. Having a suitable IR plan for their particular organisation is still important, as well as the need for the external IR team to liaise with the organisation’s IT team.

There should be a proper process for when employees should ask for external assistance, and what it will address. An employee should also be tasked with prioritising actions and coordinating between the external IR team and internal departments.


Recommended Reading

Go Back To > Cybersecurity | Home

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

MegaCortex Ransomware Analysis + Prevention by Sophos!

Sophos just released their analysis of the MegaCortex ransomware whose speed and spread of attack are very worrying! Get the key details about MegaCortex and how to prevent an attack!


What Is Megacortex?

MegaCortex is a new ransomware that was rarely seen until it suddenly spiked in volume in May 2019. Similar to infamous ransomware like Ryuk and BitPyamer, it is now spreading rapidly in these countries :

  • US
  • Canada
  • Argentina
  • Italy
  • The Netherlands
  • France
  • Ireland
  • Hong Kong
  • Indonesia
  • Australia

Why Is MegaCortex Dangerous?

Ransomware attacks are usually carried out in 3 ways:

  • Manual attacks
  • Automated attacks
  • Blended attacks

Unlike Ryuk and BitPyamer, MegaCortex is controlled by cybercriminals using more automated tools, and designed to spread infection to many victims at a much faster speed.


What Does MegaCortex Demand?

Unlike other ransomware attacks, MegaCortex has no clear ransom demands.

All it does is invite its victims to email the attackers on any of two free email addresses, attaching a file that had been dropped into the victim’s hard disk drive, to request decryption services.

The ransom note includes “a guarantee that your company will never be inconvenienced by us“. On top of that, if the victim pays the ransom, “You will also receive a consultation on how to improve your companies cyber security“.

How sweet of them.


How To Protect Against MegaCortex

Sophos recommends the following steps to protect your business from MegaCortex and the threat of ransomware attacks in general :

  • Companies are cautioned to be on the highest alert should they see warning signs about Emotet or Qbot, as there is strong correlation between MegaCortex and the two ransomwares.
  • Place the company Remote Desktop Protocol (RDP) machine behind a Virtual Private Network (VPN)
  • Practice two-factor authentication for systems logins
  • Regular backup of important and current data on an offline storage device
  • Use anti-ransomware software like Sophos Intercept X Advanced.


Recommended Reading

Go Back To > Cybersecurity | Home

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Secureworks Launches Red Cloak TDR Cybersecurity Service!

Secureworks just launched Red Cloak TDR at Dell Technologies World 2019 in Las Vegas! Here is a primer on the Secureworks Red Cloak TDI cybersecurity service!


SecureWorks Launches Red Cloak TDR

At Dell Technologies World 2019, Secureworks, a Dell Technologies subsidiary, unveiled Red Cloak TDR, their software-as-a-service (SaaS) app that allows companies to securely manage their own cybersecurity measures.

Developed with over 20 years of field experience in cybersecurity, Red Cloak TDR offers a new way for companies to detect, investigate and respond to online threats such as malware, ransomware etc. Unlike other cybersecurity services, it is aided by deep learning, and machine learning.

The AI assistance helps it quickly detect new and unknown online threats, while reducing false alarms. It also helps cybersecurity teams focus on the real or high-risk threats.


How Secureworks Red Cloak TDR Will Transform Cybersecurity

Cybersecurity threats can go undetected for hundreds of days in the gaps and disconnected layers of security products. This is particularly problematic with apps and services that are not updated on a daily or even hourly basis.

Red Cloak TDR Is Cloud-Native

As a cloud-native application, it can be quickly updated after investigations revel a new threat. In addition, the service includes the following features :

  • Intuitive workflows
  • Automation
  • Chat feature
  • Access to Secureworks’ cybersecurity team and network


As a software-as-a-service (SaaS) app, there is no hassle of installing on-site hardware or software system version upgrades. All updates, back-ups and tuning will be covered by the Red Cloak TDR app.

The app does not charge by data consumption like some apps, so users are free to process and manage all the security data they need to protect their organisation. The app is also designed to integrate into the organisation’s own control framework.


Recommended Reading

Go Back To > Enterprise + Business | Home


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The 2019 Kaspersky Cybersecurity Report – Key Findings + Advice!

The 2019 Kaspersky Lab year-on-year cybersecurity report is here, and it revealed a number of interesting changes in cyberthreats. Here is a quick primer on what the Kaspersky Lab team discovered!


The 2019 Kaspersky Cybersecurity Report

The 2019 Kaspersky cybersecurity report is based on the Kaspersky Security Network (KSN) data from 2017 and 2018.

This report saw an appreciable drop in local infections in Malaysia, but it’s not all roses. The same report noted massive increases in web threats and malware hosting during the same period!

Web Threats

Web Threats, also known as Online Threats, are malware that attack users through the Internet. It can be in the form of a browser-based attack which hijacks the victim’s computer.

The 2019 Kaspersky Lab cybersecurity report reported that they detected over 42 million web threats in 2018 – a shocking 2.5X increase over 2017.

No of Detections

Users Attacked














Local Threats

Local Threats are infections or malware that attack the victim’s computer through infected media (like a USB drive), or initially gets into the computer in an encrypted format.

This is the silver lining in the report. The Kaspersky Security Network recorded a 17.4% drop in local threats in 2018, compared to 2017. Even so, that was still way over 67 million detections, and local threats remain a serious cybersecurity threat.

No of Detections

Users Attacked














Malware Hosting

Malware Hosting in the report refers to malware that was detected to be hosted on servers or websites based in Malaysia.

The team reported a massive 3.4X increase in servers or websites hosting malware in Malaysia. Over 1.6 million servers or websites!

No of Incidents

Share of Incidents Hosted















2019 Kaspersky Lab Cybersecurity Advice

Kaspersky Lab security experts advocate the following basic but important steps to protect yourself against cyberthreats in 2019 :

  • Carefully check the link before visiting a site, especially for misspelling or other irregularities, even if you think it’s a site you’ve visited regularly before.
  • Enter your username and password only over a secure connection. Avoid logging in to online banks and similar services via public Wi-Fi networks.
  • Be aware that URLs that begin with the “https” may not always be secure.
  • Don’t trust emails from unknown senders until you can verify the authenticity their origins.
  • Always run a system with a quality, up-to-date anti-malware program such as Kaspersky Internet Security.


The Kaspersky Security Network

The 2019 Kaspersky Lab cybersecurity report relied on data collected by the Kaspersky Security Network (KSN).

KSN is a distributed infrastructure dedicated to intelligent processing cybersecurity-related data streams from millions of voluntary participants around the world. By analysing these data streams automatically in the cloud, KSN delivers much faster reaction times to new and yet unknown cyberthreats.

KSN also employs Kaspersky Lab’s HuMachine principle ~ both Kaspersky Lab expert knowledge and next-generation machine learning capabilities are merged, allowing Kaspersky Lab to spot patterns, changes and new threats in the cyber landscape with greater accuracy and skill.


Recommended Reading

Go Back To > Cybersecurity | Home


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Sophos Global Report : Cyberattacks On Cloud Honeypots!

Sophos has just released their global report – Exposed: Cyberattacks on Cloud Honeypots with very alarming findings for servers worldwide! Get the full details and find out what this means for your business and IT operations!


Cyberattacks On Cloud Honeypots

A cloud honeypot is a cloud-based system set up to resemble targets of cybercriminals. When attached, they enable security experts to study the cyberattacks.

During the course of the study, Sophos had set up honeypots in 10 most popular Amazon Web Services (AWS) centers in the world like :

[adrotate group=”2″]

  • California
  • Frankfurt
  • Ireland
  • London
  • Mumbai
  • Ohio
  • Paris
  • Sao Paolo
  • Singapore
  • Sydney


Cyberattacks On Cloud Honeypots Report Findings

During the 30 day period, Sophos reported:

  • A cloud honeypot that was set up in Brazil was attacked a mere 52 seconds after it went live.
  • Cloud servers were attacked an average 13 times per minute.
  • More than 5 million attacks were attempted on the network of honeypots in the 30 day period

This data sends a very chilling warning to every company worldwide of the real danger cyberattackers/cybercriminals present.

Cybercriminals are constantly scanning for weak and vulnerable open cloud buckets. They are the points of entry into servers or other networks.

“The Sophos report, Exposed: Cyberattacks on Cloud Honeypots, identifies the threats organizations migrating to hybrid and all-cloud platforms face.

The aggressive speed and scale of attacks on the honeypots shows how relentlessly persistent cybercriminals are and indicates they are using botnets to target an organization’s cloud platforms.

In some instances, it may be a human attacker, but regardless, companies need a security strategy to protect what they are putting into the cloud,” said Matthew Boddy, security specialist, Sophos.

“The issue of visibility and security in cloud platforms is a big business challenge, and with increased migration to the cloud, we see this continuing.”


Recommended Reading

Go Back To > Cybersecurity | Home

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The 2019 Kaspersky ICS CERT Report + Recommendations!

The 2019 Kaspersky ICS CERT Report just revealed that almost half of the Industrial Control System (ICS) computers they protected were attacked in the second half of 2018. This is a wake-up call to industries large and small.

They also shared with us some technical measures that can help companies ward off these cyberattacks.


The 2019 Kaspersky ICS CERT Report

The 2019 Kaspersky ICS CERT report is based on the industrial threat landscape the team experienced in H2 2018.

In that period, they noted that almost half of the ICS computers they were protecting were attached in some form.

These attacks could have crippled these industrial facilities if they resulted in an actual breach. That would have caused great material and production losses.

Here is the summary of their report :

  • 47.2% of ICS computers were attacked in 2018, slightly more than the 44% they encountered in 2017.
  • Vietnam was the top country, with 70.90% of their ICS computers attacked
  • Algeria was second, with 69.91%; and Tunisia was third with 64.57% attacked.
  • The least impacted countries were Ireland (11.7%), Switzerland (14.9%), and Denmark (15.2%).


Mass-Distributed Malware Is The Greatest Threat

Mass-distributed malware such as phishing emails are the most common way used by hackers to infiltrate industrial companies throughout the Asia Pacific region and the world.

Despite the common myth, the main source of threat to industrial computers is not a targeted attack, but mass-distributed malware that gets into industrial systems by accident, over the internet, through removable media such as USB-sticks, or e-mails.

However, the fact that the attacks are successful because of a casual attitude to cybersecurity hygiene among employees means that they can potentially be prevented by staff training and awareness – this is much easier than trying to stop determined threat actors,” said Kirill Kruglov, security researcher at Kaspersky Lab ICS CERT.


Knowledge And Training Are Essential To Combating Malicious Cyber Attacks

According to Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky Lab,

Our researchers are seeing many carefully crafted phishing emails, sent purportedly by real companies and masked as business correspondence, commercial offers, invitations to tender and so on, which could be very commonly faced by many enterprises in Malaysia.

We recommend all companies to warn their staff of this real threat and to train them to recognize signs of an attack, to not open suspicious files or click on links, and to inform their IT department of any potential incidents,” Yeo said.

H2 2018 saw a decline in ICS infections in Malaysia, 41.1% versus H1 2018 of 50.8%. It is a good sign that users are more aware of the cyber risks, and are becoming careful about it,” Yeo added.


How To Safeguard Industrial Computer Systems (ICS)

The 2019 Kaspersky Lab ICS CERT recommends the following measures to protect Industrial Computer Systems (ICS) :

  • Regularly update operating systems, application software on systems that are part of the enterprise’s industrial network.
  • Apply security fixes to PLC, RTU and network equipment used in ICS networks where applicable.
  • Restrict network traffic on ports and protocols used on edge routers and inside the organization’s OT networks.
  • Audit access control for ICS components in the enterprise’s industrial network and at its boundaries.
  • Deploy dedicated endpoint protection solutions on ICS servers, workstations and HMIs.
  • Make sure security solutions are up-to-date and all the technologies recommended by the security solution vendor to protect from targeted attacks are enabled.
  • Provide dedicated training and support for employees as well as partners and suppliers with access to your network.
  • Use ICS network traffic monitoring, analysis and detection solutions for better protection from attacks potentially threatening technological process and main enterprise assets.


Recommended Reading

[adrotate group=”2″]

Go Back To > Cybersecurity | Home


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Sophos Mobile Security Now Integrates With Microsoft Intune!

Sophos just announced the integration of Sophos Mobile Security with Microsoft Intune. Here are the full details!


Sophos Mobile Security Now Integrates With Microsoft Intune!

With this integration, Microsoft Intune customers running Sophos Mobile Security 9.0, will be able to configure access controls fed by the latest mobile device threat information.

This would enable their employees to work and access data securely from any device or location, while remaining compliant with corporate data security rules.

Running on Microsoft Azure, the Sophos Mobile Security integration will provide IT administrators with the ability to configure individual device usage policies within Microsoft Intune. If an individual endpoint is compromised, IT administrators will have detailed insights from Sophos Mobile Security, which would allow them to better decide whether they should lockdown that endpoint and deny access to corporate data.

“As we move towards zero trust networking, enhanced conditional access is crucial. With remote working on the increase and the knock-on effect that has on corporate data access across a variety of mobile devices, there is a growing requirement to enable user productivity without compromising data security,” commented Dan Schiappa, chief product officer at Sophos. “Understanding and managing security threats is central to this operating environment and our integration with Microsoft delivers on this requirement. By offering detailed threat insights relating to individual mobile endpoints, IT administrators can make more informed choices on whether to block a device from network access. By giving administrators that extra context, access denial can be more effectively restricted to ensure productivity is only impacted where necessary.”

“In today’s increasingly mobile environment, more granular context is becoming essential to ensure networks are less easily compromised by malware or potentially unwanted content,” said Ryan McGee, Director, Microsoft Security Marketing at Microsoft Corp. “Integrations with security solution providers like Sophos are important to us. We are excited to extend the capabilities of the Microsoft Intune solution to deliver improved security posture to our customers.” 

Sophos Mobile Security runs on both Android and iOS devices and can share threat details with Microsoft to provide that extra bit of context. Conditional Access policies can now take threat detections from Sophos into consideration when deciding whether to allow access to requested resources.

Sophos Mobile Security can be purchased from registered Sophos partners, or these online options :


Suggested Reading

[adrotate group=”2″]

Go Back To > Cybersecurity | Home


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

2019 Symantec Internet Security Threat Report Highlights!

Symantec held an exclusive briefing on the newly-released 2019 Symantec Internet Security Threat Report. In this article, we will share with you the full briefing video, as well as highlights from that Symantec cybersecurity report!


The 2019 Symantec Internet Security Threat Report

The 2019 Symantec Internet Security Threat Report is the 24th volume published so far. Based on data from Symantec’s Global Intelligence Network, the ISTR is designed to give businesses and the public an overview of the cybersecurity threat landscape.

The Symantec Global Intelligence Network, incidentally is the world’s largest civilian cybersecurity threat intelligence network. It records events from 12 million attack sensors across more than 157 countries worldwide, blocking 142 million threats every day.


The 2019 Symantec ISTR Briefing Highlights

Briefing us on the 2019 Symantec ISTR was Sherif El-Nabawi, Vice-President of Sales Engineering, Symantec APJ; and David Rajoo, Chief Cybersecurity Architect, Symantec ASEAN.

Diminishing Returns Of Ransomware + Cryptojacking

Ransomware, which encrypts and holds data hostage in return for payment in the form of cryptocurrency, has been hit by declining cryptocurrency values as well as increasing adoption of cloud and mobile computing. This led to a 20% drop in infections.

Cryptojacking, in which malware is used to steal computing power from consumers and enterprises to mine cryptocurrency is similarly hit by the drop in cryptocurrency value. Symantec noted that cryptojacking activity declined by 52% in 2018. Even so, it is still a major problem – they blocked 3.5 million attempts in December 2018 alone!

Formjacking Overtakes Ransomware + Cryptojacking

With diminishing returns from ransomware and cryptojacking, cybercriminals now prefer formjacking.

Formjacking is basically a form of virtual ATM skimming. They basically inject malicious code into an online shopping site to steal shoppers’ payment card details.

According to Symantec, more than 4,800 websites are compromised with formjacking code every month, and they blocked more than 3.7 million formjacking attacks on endpoints in 2018.

Generally, small and medium retailers are most widely compromised, and a third of the attacks happened during the business online shopping period of the year – from November through December.

Cloud Is The New Weak Point

With the greater adoption of cloud computing, the same security mistakes are happening in the cloud… with exponentially greater consequences. In 2018, more than 70 million records were stolen from poorly-configured AWS S3 buckets.

Hardware vulnerabilities like Meltdown, Spectre and Foreshadow also put cloud services at risk of being exploited to gain access to every protected memory space in the compromised server. In a single server, data from hundreds of companies could be stolen by a single exploit.

Living off the Land Attacks On Supply Chain

Supply chain attacks using Living off the Land (LotL) tools have increased by 78% in 2018. For example, the use of malicious PowerShell scripts increased by 1,000 percent last year, with Symantec blocking 115,000 of them each month – less than 1%.

These attacks are hard to defend against, because they use the same tools users and organisations need to function. Identifying and blocking them will require the use of advanced detection methods like analytics and machine learning.

Internet of Things (IoT) Attacks Are Changing

While the volume of attacks of IoT devices remains high and consistent with 2017 levels, their profiles are changing. In addition to routers and wireless cameras, attacks now have access to smart light bulbs and virtual voice assistants.

Smartphones Are The Greatest Spying Devices

According to Symantec, smartphones are the greatest spying devices ever created. Their research show that :

  • 45% of the most popular Android apps and 25% of the most popular iOS apps request location tracking,
  • 46% of popular Android apps and 24% of popular iOS apps request permission to access the smartphone camera, and
  • email addresses are shared with 44% of top Android apps and 48% of top iOS apps!


Suggested Reading

[adrotate group=”2″]

Go Back To > Cybersecurity | Home


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Google Password Checkup Guide – Read Before You Install!

Google just released a new Chrome extension called Password Checkup. Practically everyone thinks it is the best thing since sliced bread.

Is it really that good? Should YOU install it? Find out what it does, and what you should know about Password Checkup, before you install it.


Password Checkup

Google will already warn you if your Google Account is compromised in any way, forcing you to change your password. However, they were not able to do that for your non-Google accounts.

That changes with Password Checkup.

What Does Password Checkup Do?

Once added to Google Chrome, Password Checkup will work like a password watchdog. Every time you log into a non-Google website, it will check your login and password against a database of about 4 million leaked logins.

What Happens If It Detects A Match?

If it detects a match, you will be alerted and asked to change your password. If you are using the same login and password combination in other websites, you should obviously also change them as well.

Your New Password Will Be Verified Too

The Password Checkup extension will also verify the your new password has not been compromised either.

Sounds awesome? Well, not so fast…


Does Password Checkup Share My Data?

Google promises that Password Checkup would not report any identifying information. But it will still collect some information that Google may share or utilise :

  • number of lookups that reveals an unsafe credential
  • whether an alert leads to a password change, and
  • the website domain involved

That said, Google will find a way somehow to benefit from it… See the next section.


Caveat : You Must Be Signed-In

Most privacy-conscious individuals who use Google Chrome do not sign into their Google Account. This allows them to anonymise their browsing history, and prevent data sharing across the many Google services.

However, Password Checkup explicitly requires you to be logged into your Google Account. It will only work if you stay logged into your Google Account while using Chrome.

[adrotate group=”1″]


Should You Install Password Checkup?

The requirement to stay logged into your Google Account is, frankly, troubling because the extension should not need you to be logged in to verify your password against a database of leaked passwords.

After all, you can already do the same anonymously at HaveIBeenPwned.

Now, we are not saying that it’s wrong for Google to try and benefit from this. This requirement is literally the price you pay for this free checking service – you must log into your Google Account and let Google track and monetise your browsing habits.

If you are fine with that, head over to the next page for our guide on how to install Password Checkup, turn it on and off, and more!


Workaround For The Privacy Conscious

If you are privacy-conscious, there is a way to have your cake and eat it too. Like all workarounds, it does entail some hassle, so you decide if it’s worth the effort.

You can install and use Password Checkup periodically. Google actually allows you to disable and re-enable it (see next page) whenever you wish. However, you can disable it just by logging out of your Google Account.

Login credentials don’t leak all the time, so it’s perfectly alright NOT to use Password Checkup every day. Once a week or month, just log into your Google Account and log into your non-Google accounts, to make sure they have not been compromised.

Then you can log out of your Google Account, effectively disabling Password Checkup, and use Google Chrome without sharing your browsing history with Google.

Next Page >  Password Checkup – Installation | Turning On / Off | Muting Warnings | Deleting Data


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

How To Add Password Checkup

Password Checkup only works on Google Chrome, so obviously, you should have Google Chrome installed in the first place. Then…

  1. Open Google Chrome and sign in to your Google Account.
  2. Go to the Chrome store and download Password Checkup.
  3. Follow the steps on your screen.


How To Turn Password Checkup On / Off?

  1. Open Google Chrome and sign in to your Google Account.
  2. In the top right, select More   More tools Extensions.
  3. Find Password Checkup in the list of extensions.
  4. Turn Password Checkup on or off.

But note that turning it off does not delete data created and stored by the extension.

How To Mute Warnings For A Website

When you receive a warning, you should IMMEDIATELY change your password. But if for some reason, you need to do this later, you can choose to mute the warnings you receive for a particular website :

  • Select the Ignore for this site option to mute all future warnings for the website.
  • To restore future warnings for that website (or others that you have muted too), you will need to delete the stored information (see the next section).


How To Delete Data Stored By Password Checkup

If Password Checkup finds that a login and password combination has been compromised, it will create and store a hashed, partial code for that combination in your Chrome browser. This partial code can’t be used to recreate a complete version of your login info.

To delete this code on your Chrome browser, change your unsafe password or follow these steps:

  1. Open Google Chrome, and sign in to your Google Account.
  2. At the top, select Password Checkup from the Toolbar  Advanced Settings  Clear Extension Data.

Note: This info is used to stop all future notifications about an unsafe password. If you delete this info, you might see notifications about unsafe passwords you’ve chosen to ignore.


Recommended Reading

[adrotate group=”2″]

Go Back To > First PageSoftware | Cybersecurity | Home


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

FB Messenger, Instagram + WhatsApp Integration Clarified!

Since the story broke about the Facebook Messenger, Instagram and WhatsApp integration plan, the world exploded in a mixture of shock, apoplexy, and righteous indignation.

Take a DEEP BREATH and CALM DOWN. Let us tell you exactly what the FB Messenger + Instagram + WhatsApp integration plan is really about, and what it really means for Facebook and all of us…


The FB Messenger + Instagram + WhatsApp Integration Plan Clarified!

What Is Going On?

The New York Times broke the story on 25 January 2019, that Facebook CEO Mark Zuckerberg is working to integrate the messaging services that power Facebook Messenger, Instagram and WhatsApp.

Essentially, he wants all three platforms to use the same messaging platform or protocol to communicate.

Are The Three Apps Being Merged?


Some reports (looking at your, Forbes and BBC!) have claimed that WhatsApp is merging with Facebook Messenger and Instagram, or that WhatsApp and Instagram will be integrated with Facebook Messenger. That is NOT TRUE.

Facebook is not going to combine all three apps into a single mega-app – the one app to rule them all. WhatsApp, Instagram and Facebook Messenger will continue to be separate apps.

What Exactly Has Changed?

NOTHING at the moment. This FB Messenger + Instagram + WhatsApp integration project is scheduled to be completed by the end of 2019, or early 2020.

Until the new unified messaging protocol is complete and implemented in all three apps, nothing will change. At the moment, all three apps continue to use their existing messaging protocols.

What We Know About The Messenger + Instagram + WhatsApp Integration Plan So Far

Let’s enumerate what we know about the FB Messenger + Instagram + WhatsApp integration plan :

  1. All three apps will still function independently
  2. All three apps will use the same messaging protocol
  3. The new unified messaging protocol will support end-to-end encryption

Why Does Facebook Want To Do This?

Migrating all three apps to a unified messaging protocol or platform has some real advantages for Facebook :

  • far less work is needed to maintain a single platform or set of protocols, than three different platforms or sets of protocols
  • it will extend the reach of their three apps, helping to “encourage” users of one app to use the other two apps.
  • it will make it easier for them to harvest more information, to create more accurate user profiles.
  • it should make it easier to introduce or extend new features into all three apps, e.g. time-limited Stories.

Is This Good Or Bad For Users?

There are some potential advantages for users…

  • users of any one of those three apps will be able to communicate with each other, without installing the other apps.
  • users of any one of those three apps will be able to share data (photos, videos, files, etc.) with each other, without installing the other apps.
  • it will introduce end-to-end encryption to Instagram, which does not yet support it.
  • potentially, it could mean end-to-end encryption will be enabled by default for Facebook Messenger (which currently only supports end-to-end encryption if you turn on Secret Conversations).
  • it could promote greater accountability and transparency, with a reduction in fake accounts and profiles.

On the other hand, the tighter integration has some serious potential ramifications…

  • it will be harder to obfuscate or separate your profile in one app, from your profiles in the other two apps.
  • any bug or vulnerability in the unified messaging protocol will affect all three apps.
  • any successful attack will cause far greater damage, with far more data lost or stolen.
  • it does not address serious privacy concerns – even if end-to-end encryption is enabled by default for all three apps in the new unified messaging protocol, the metadata isn’t.
  • it may make it more difficult for users to consider alternative apps or services.
  • abusing one app (intentional or otherwise) could get you banned or blocked on all three apps.

How Serious Are These Concerns?

The New York Times reported that Mark Zuckerberg’s “championing” of the FB Messenger + Instagram + WhatsApp integration plan led to “internal strife” over privacy concerns. How bad?

Apparently, it led to the founders of both Instagram (Kevin System and Mike Krieger) and WhatsApp (Jan Koum and Brian Acton) leaving Facebook. Dozens of WhatsApp employees also clashed with Mark Zuckerberg over this integration plan.

But Don’t Panic Just Yet…

There is no need to be one of those headless chickens running around, screaming that the world has ended or is about to end. The WhatsApp Messenger you have come to rely on has not changed, or will change for many more months to come.

The project is still in its infancy. Facebook is internally planning to complete the project by the end of 2019, and probably early 2020. There is still the better part of the year to consider alternative messaging apps out there.


Recommended Reading

[adrotate group=”2″]

Go Back To >  Software | Business | Home


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Kaspersky Lab Warns Of Malicious Cryptocurrency Mining!

Kaspersky Lab is warning of malicious cryptocurrency mining powered by pirated software and content. Learn more about this new online threat!


Kaspersky Lab Warns Of Malicious Cryptocurrency Mining!

Kaspersky Lab has warned that the global outbreak in malicious cryptocurrency mining in 2018 has increased by more than 83%5 million users were attacked online in the first three quarters of 2018 compared to 2.7 million users in 2017.

The major driver behind the malicious cryptocurrency mining was the use of unlicensed software and content.


Malicious Cryptocurrency Mining

Malicious cryptocurrency mining has prevailed over the main threat of ransomware in recent years. The number of  attacks had increased steadily during the first half of 2018. It peaked in March with about 1.2 million users attacked.

Kaspersky Lab experts have investigated the regulatory landscape and electricity prices in the top 10 countries targeted by crypto miners and main infection vectors for the popular malware families.

The investigation of malware families revealed that they mainly infected devices by duping users into installing pirated software and unlicensed content.

“Our analysis of the economic background of malicious crypto mining and the reasons for its widespread presence in certain regions revealed a clear correlation: the easier it is to distribute unlicensed software, the more incidents of malicious crypto miner activity were detected. In short, an activity not generally perceived as dangerous: the downloading and installation of dubious software, underpins what is arguably the biggest cyberthreat story of the year – malicious crypto mining,” notes Evgeny Lopatin, security expert at Kaspersky Lab.

Other Key Findings From The Report

  • The total number of users who encountered miners rose by more than 83% from 2,726,491 in 2017 to 5,001,414 in 2018
  • The share of miners detected increased from 5% in 2017 to 8% in 2018
  • The share of miners detected from the overall risk tool detections has risen from 9% in 2017 to 17% in 2018
  • The total number of users who encountered mobile miners also grew by over 5 times from 1,986 in 2017 to 10,242 in 2018.


Steps To Reduce Risk Of Infection

  • Always update software on all your devices to prevent miners from exploiting vulnerabilities.
  • Use tools that can automatically detect vulnerabilities and download and install patches.
  • For personal devices, use a reliable consumer security solution and remember to keep key features such as System Watcher switched on.
  • Don’t overlook less obvious targets such as queue management systems, POS terminals and even vending machines.
  • Use application control to track malicious activity in legitimate applications.
  • Specialized devices should be in Default Deny mode.
  • Use dedicated security solution such as Kaspersky Endpoint Security for Business
  • To protect the corporate environment, educate your employees and IT teams to keep sensitive data separate and to restrict access.


Recommended Reading

[adrotate group=”2″]

Go Back To > Cybersecurity | Home


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The Lenovo ThinkShield Tech Briefing by Thorsten Stremlau!

Lenovo recently introduced ThinkShield – a complete end-to-end security solution to keep all of their devices secure throughout their life cycle. Join us for the official Lenovo ThinkShield tech briefing by Thorsten Stremlau!


The Lenovo ThinkShield Tech Briefing

Lenovo ThinkShield is a comprehensive suite of hardware, software and policies that are designed to protect Lenovo devices from the design and manufacturing stages, and all the way through their lifespans.

Thorsten Stremlau, Lenovo Commercial Chief Technology Officer, flew in to give us a briefing on Lenovo ThinkShield. Check it out!

Lenovo ThinkShield Secures Devices through the Entire Lifecycle

  • From secure BIOS and firmware development to features like ThinkPad Privacy Guard security screens and the industry’s first laptop camera shutters, Lenovo builds protection into its products.
  • Security doesn’t stop at design: Lenovo has unique control over its global supply chain, setting strict security standards and policies for its manufacturing facilities.
  • Lenovo’s strategic partnership with Intel has enabled them to align with the Intel Transparent Supply Chain, which allows customers to locate the source of each component of their new system.
  • Lenovo oversees the security of suppliers who build intelligent components, making sure they conform to rigorous Trusted Supplier Program guidelines and best practices. For an extra layer of transparency, Lenovo Quality Engineers can audit suppliers at any time.

Lenovo ThinkShield Protects Users’ Identities and Credentials

  • A founding member of FIDO®, Lenovo offers the industry’s first and only FIDO-certified authenticators—plus match-on-chip fingerprint technology—to give companies safer, easier ways to protect their employees’ identities.
  • An industry-leading level of integration with Intel Authenticate—up to 7 authentication factors—offers greater security and flexibility than vendors providing fewer authentication methods.
  • BIOS-based Smart USB protection allows IT professionals to configure USB ports to respond only to keyboards and pointing devices, keeping employees’ PCs safer.

Lenovo ThinkShield Protects Users Online

  • Lenovo WiFi Security, in partnership with Coronet, detects threats and notifies users when they are about to connect to unsafe wireless networks.
  • BUFFERZONE technology isolates online threats before they infect the whole organization.
  • Lenovo Endpoint Management, powered by MobileIron, provides a secure, simple way to unify cloud and endpoint security across multiple devices.

Lenovo ThinkShield Protects Users’ Data

  • Absolute Persistence technology provides IT admins with an unbreakable connection to all of their devices so they can leverage enriched asset intelligence, automate endpoint hygiene and stay audit-ready with continuous compliance.
  • Once devices reach the end of their lifecycle, Lenovo keeps potentially sensitive data secure by wiping the drives and securely recycling the parts.
  • Lenovo offers a paid Keep Your Drive service that ensures sensitive information never leaves customers’ hands.


Recommended Reading

[adrotate group=”2″]

Go Back To > Business + Enterprise | Home


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Kaspersky Lab Tips On Staying Safe While Shopping Online!

Here is a short guide by the Kaspersky Lab team on how to stay safe while shopping online during the holiday sales, whether it’s for Black Friday, Cyber Monday or Christmas! Bookmark it for reference, and share this with your friends!


Kaspersky Lab Tips On Staying Safe While Shopping Online!

Why Is This Important?

14 families of malware targeting 67 different popular consumer brands around the world were recently detected. It caused the exposure of a large amount of client emails from a popular online shop.

Emails may seem a small matter but this sort of information is in fact precious to scammers. Any personal data can be used by cybercriminals to target their victims.

Increase in the share of financial phishing in the last years

How Do Scammers Compromise Your Personal Data?

If a company is compromised and scammers get hold of customer’s email addresses, they can create an automatized spam mailout that mimics an authentic email. This would entice users to follow a malicious link or download a malicious file onto their devices.

What Should You Do?

Be very careful as we head into the holiday sales season, from Black Friday till Christmas and Boxing Day sales – the busiest time of the year. Do not compromise your bank accounts by following a phishing link and entering your bank credentials. Research shows that malware designed to steal data from online banking and payment accounts has extended its reach to target online shoppers.

Amazon sent out a warning as soon as the leak was exposed. And, although Amazon’s actions have been criticized for a lack of technical detail and a recommendation not to change users passwords, it’s great that company’s representative’s didn’t hesitate to warn their customers about possible threats, asking them to be on the lookout to minimize possible damage,” said Tatyana Sidorina, security researcher at Kaspersky Lab.

Tips On Staying Safe While Shopping Online

To keep yourself safe from fraudsters while shopping online during this holiday season, Kaspersky Lab recommends taking the following precautionary measures:

  • Always check the link address and the sender’s email to find out if they are genuine before clicking anything – very often phishers create URLs and e-mails that are are very similar to the authentic addresses of big companies, yet differ from them with one or two letters.
  • To make sure you follow a correct link, do not click on it, but type it into your browser’s address line instead.
  • Do not enter your credit card details in unfamiliar or suspicious sites and always double-check the webpage is genuine before entering any personal information (at least take a look at the URL). Fake websites may look just like the real ones.
  • If you think that you may have entered your data into a fake page, don’t hesitate. Change your passwords and pin-codes ASAP. Use strong passwords consisting of different symbols.
  • Never use the same password for several websites or services, because if one is stolen, all of your accounts will be put at risk. To create strong hack-proof passwords without having to face the struggle of remembering them, use a password manager such as Kaspersky Password Manager.
  • To ensure that no one penetrates your connection to invisibly replace genuine websites with fake ones, or intercept your web traffic, always use a secure connection – only use secure Wi-Fi with strong encryption and passwords, or apply VPN solutions that encrypt the traffic. For example, Kaspersky Secure Connection will switch on encryption automatically, when the connection is not secure enough.


Recommended Reading

[adrotate group=”2″]

Go Back To > Cybersecurity | Home


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

First Kaspersky Transparency Center Launched In Zurich!

Kaspersky Lab just launched their first Data Processing and Transparency Center in Zurich. This is part of their Global Transparency Initiative that we covered a while back.

Let’s take a look, and find out what this means for Kaspersky Lab and global cybersecurity!


The First Kaspersky Transparency Center

Malicious and suspicious files shared by users of Kaspersky Lab products in Europe will be processed in Kaspersky Lab data processing centers in Zurich, the first part of a relocation commitment made by the company in late 2017 under its Global Transparency Initiative.

The move reflects Kaspersky Lab’s determination to assure the integrity and trustworthiness of its products and the data processing center is accompanied by the opening of the company’s first Transparency Center in Zurich.

The relocation of Kaspersky Lab data processing is part of a major infrastructure move designed to increase the resilience of the company’s IT infrastructure to risks of data breaches and supply-chain attacks. It also further proves the trustworthiness of its products, services and internal processes.


Threat-Related Data and Malicious Files

From November 13, threat-related data coming from European users will start to be processed in two datacenters. These provide world-class facilities in compliance with industry standards to ensure the highest levels of security.

The data, which users have actively chosen to share with Kaspersky Lab, includes suspicious or previously unknown malicious files and corresponding meta-data that the company’s products send to Kaspersky Security Network (KSN) for automated malware analysis.

Files comprise only part of the data processed by Kaspersky Lab technologies, yet the most important one. Protection of customers’ data, together with the safety and integrity of infrastructure is a top priority for Kaspersky Lab, and that is why the file processing relocation comes first and is expected to be fully accomplished by the end of 2019.

The relocation of other types of data processed by Kaspersky Lab products, consisting of several kinds of anonymized threat and usage statistics, is planned to be conducted during later phases of the Global Transparency Initiative.


Kaspersky Lab’s First Transparency Center

The opening of Kaspersky Lab’s first Transparency Center in Zurich enables authorized partners to access reviews of the company’s code, software updates and threat detection rules, along with other activities.

Kaspersky Lab will provide governments and partners with information on its products and their security, including essential and important technical documentation, for external evaluation in a secure environment.

These developments will be followed by the relocation of data processing for other regions and, in phase two, the move of Kaspersky’s Lab’s software assembly to Zurich.


Kaspersky Lab’s Choice of Location in Zurich, Switzerland

Switzerland is a top location in terms of the number of secure internet servers available and is known as an innovative center for data processing and high quality IT infrastructure. A non-EU member in the heart of Europe, Switzerland has established its own data privacy regulation that is guaranteed by the state’s constitution and federal laws. There are strict regulations on processing data requests received from authorities.

“Transparency is becoming the new normal for the IT industry– and for the cybersecurity industry in particular. We are proud to be on the front line of this process. As a technological company, we are focused on ensuring the best IT infrastructure for the security of our products and data, and the relocation of key parts of our infrastructure to Switzerland places them in one of the most secure locations in the world.

The promises made in our Global Transparency Initiative are coming to fruition, enhancing the resilience and visibility of our products. Through the new Transparency Center also in Switzerland, trusted partners and governments will be able to see external reviews of our products and make up their own minds. We believe that steps such as these are just the beginning – for the company and for the security industry as a whole. The need to prove trustworthiness will soon become an industry standard.” Eugene Kaspersky, CEO Kaspersky Lab said.


Kaspersky Lab’s Next Big Step

Kaspersky Lab has engaged one of the Big Four professional services firms to conduct an audit of the company’s engineering practices around the creation and distribution of threat detection rule databases. This is done with the goal of independently confirming their accordance with the highest industry security practices.

The assessment will be done under the SSAE 18 standard (Statement of Standards for Attestation Engagements). The scope of the assessment includes regular automatic updates of antivirus records which are created and distributed by Kaspersky Lab for its products operating on Windows and Unix Servers. The company is planning the assessment under SSAE 18 with the issue of the SOC 2 (The Service and Organization Controls) report for the second quarter 2019 as part of its ongoing efforts to improve the security of its products with the help of a community of security enthusiasts from all over the world.


Recommended Reading

[adrotate group=”2″]

Go Back To > Cybersecurity | Home


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

84% of New PCs with Pirated Software Infected with Malware!

A recent Microsoft PC test purchase sweep revealed that 84% of new PCs sold in Asia with pirated software were infected with malware. Here are the details of their report…


The Microsoft Asia PC Test Purchase Sweep

The Microsoft Asia PC Test Purchase Sweep examined a total of 166 new PCs from 9 markets across Asia – India, Indonesia, Korea, Malaysia, Philippines, Singapore, Taiwan, Thailand and Vietnam.

The PC samples selected were purchased from retailers that offered PCs  at much lower cost and free software bundles to lure customers. In many cases, these retailers also sold pirated software at their store.


84% of New PCs with Pirated Software Infected With Malware!

The sweep found that one of the most common practices for vendors installing pirated software on new PCs is to turn off the security features, such as anti-virus software and Windows Defender as doing this allows them to run the hack-tools needed to activate the pirated software.

However, this leaves PCs vulnerable to malware and other cyberthreats, and the buyers of these PCs may not even realize that their PC is not being protected.

The sweep also uncovered that 84%of the new PCs loaded with pirated software were infected with some type of malware, with the most common malware being :

  • Trojans are a type of malware that is employed by cybercriminals to gain remote access and control of devices, allowing them to spy on the users and steal private data. While Trojans typically depend on some form of social engineering to trick users into loading and executing them, bundling them with pirated software makes it easier for cybercriminals to compromise and control PCs.
  • Viruses are another type of malware whichcan cause infected computers to do a variety of things which are not beneficial to the PC owner, such as terminating devices’ security features, sending spam messages, and contacting remote hosts to download additional malware.

These findings are particularly concerning as customers buy PCs that offer special deals which are cheap and come with free software, not realizing the risks they may be exposing themselves to. In most cases, they may not even realize that the security features of their PCs are turned off and may fail to spot suspicious activities on their devices.

Many of these infected PCs’ users are highly susceptible to data loss, including personal documents and sensitive information such as passwords and banking details, as well as identity theft where they lose control of their social media and email accounts. Users might also experience compromised PC performance as malware, running in the background, can slow down devices.

All these factors can lead to consumers and businesses chalking up significant monetary, time and productivity losses as they work to resolve the issues.


Key Cyber-Hygiene Practices for Individuals and SMEs

The most fundamental step that users can take to safeguard themselves digitally is to always insist on buying PCs from established retailers and not ones that also sell pirated software, and ensuring they are getting genuine software. Consumers should refer to software vendors’ websites to learn how they can distinguish between genuine and pirated software.

Besides using genuine software, people can also consider and adhere to the following recommendations to better protect themselves:

  • Keep software current with the latest security patches, which are always free.
  • Follow safe Internet practices and do not visit potentially dangerous websites, such as those that offer adult content, illegal downloads, and pirated software, as well as file sharing portals.
  • Avoid using very old software which has reached its end of life and is no longer supported by the software vendor for updates and security patches.


Recommended Reading

[adrotate group=”2″]

Go Back To > Software | Home


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Kaspersky Lab – Mobile Threats Are On The Rise!

Kaspersky Lab warns that mobile threats are on the rise. It is important for the public to be aware, and to take the right precautions. On their part, they are raising awareness through greater media outreach and special events.

Back in June 2018, Kaspersky Lab entered the Malaysian Book of Records, with 1,931 anti-virus for mobile devices activated at a single event.  That event was held in partnership with Tunku Abdul Rahman University College (TAR UC), in conjunction with Kaspersky Lab’s 20th anniversary.


Kaspersky Lab – Mobile Threats Are On The Rise!

According to the Malaysian Communication and Multimedia Commission Hand Phone Users Survey, the percentage of smartphone users continue to rise from 68.7% in 2016 to 75.9% in 2017. Awareness to protect personal data among Malaysians has increased with 64.5% of users vigilant in protecting their mobile phones using passwords and 44.5% backing up their photos and contacts. However, the number of Malaysians with mobile device security solutions on their smartphones is still low.

“Smart device users need protection for their devices.  When you buy a PC or laptop, the first thing most people would do is to install an antivirus solution.  However, the same cautious approach does not apply to smart devices like smartphones and tablets.  Instead, most would install the physical essentials such as screen protector or protective case when they purchase their new smart devices,” says Yeo Siang Tiong, General Manager, SEA, Kaspersky Lab. 

At the sidelines of the 2018 CIMB Classics, Siang Tiong added that majority of people relying heavily on smart devices, on calendar reminders, emails, contacts, making payments using e-wallets and online banking. The risks of mobile threats exposing those data to hackers is increasing with our reliance on smart devices.

“We used the Malaysian Book of Records as a platform to raise the awareness so more users will take the similar precautious approach on their smart devices.  Mobile device security goes beyond password-protecting a device, and backing up data serves as an extension of your brain.  As mobile devices become the primary device for more people, identify theft becomes easier, as online banking and in-app e-commerce transactions become more frequent.  The need to educate on securing mobile devices is urgent. This is why Kaspersky Lab held this record-breaking mobile device security activation drive in conjunction with our 20th anniversary,” Siang Tiong added.

In Q2 2018, Kaspersky Lab detected 1,744,244 million mobile malicious installation packages. That is  421,666 more mobile threats than were detected in the previous quarter.  Other kinds of mobile threats like mobile banking Trojans were also on the rise, with Kaspersky Lab detecting 3.2 times more instances than Q1 2018.  Mobile ransomware Trojans were also on the rise, with 14,119 installation packages detected.

It is clear that while many of us are not yet affected by mobile threats like banking or ransomware Trojans, we need to start taking precautions. Kaspersky Lab offers a few options :

  • Kaspersky Internet Security for Mobile (Android) : RM 7
  • Kaspersky Internet Security for PC / Mac / Mobile (1 Device)  : RM 59 | £14.99 | $54.50
  • Kaspersky Internet Security for PC / Mac / Mobile (3 Device)  : RM 69£19.85 | $37.64
  • Kaspersky Internet Security for PC / Mac / Mobile (5 Device)  : RM 129£24


Suggested Reading

Go Back To > Cybersecurity | Home


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Catch The Predator With Kaspersky Lab and Win Prizes!

Predators including cyber predators are everywhere, and too often we don’t see them coming. With Kaspersky Lab you could catch THE PREDATOR and possibly some cyber predators and win some prizes too!


Catch The Predator With Kaspersky Lab and Win Prizes!

THE PREDATOR directed and co-written by Shane Black (whose previous directorial credits include Iron Man 3 and Kiss Kiss Bang Bang) see a new group of humans take on the predators again in a setting, and with a story line that echoes many of the top cyber predator protection tips that have been shared by Kaspersky Lab.

Kaspersky Lab’s role in protecting the world from cybercriminals by hunting the cyberpredators ties in with the hunt-the-hunters cat and mouse game of The Predator’s protagonists led by Narcos‘ Boyd Holbrook and Moonlight’s Trevante Rhodes.

“Being cybersecurity experts, we want to make sure that the cyberworld is safe for everyone from all kinds of threats. Our job is pretty much parallel to the role of the good guys in the Predator movie as we are hunting the hunters to make the world a little safer from cybercriminals,” Yeo Siang Tiong, General Manager, SEA, Kaspersky Lab.

Kaspersky Lab in partnership with 20th Century Fox has an exciting promotional campaign for the “The Predator”.  A total of USD 81,000 in FOX Studio Tours in Hollywood and special edition promotional merchandise are up for grabs in Kaspersky Lab’s ‘The Predator Promo’ in the Asia Pacific.


Catch The Predator Contest

The Catch The Predator promotion is open 11 countries in the APAC region including Australia, Hong Kong, Indonesia, Malaysia, New Zealand, the Philippines, Singapore, South Korea, Taiwan, Thailand and Vietnam.

Seven winners from the participating countries will get an experience of a lifetime to go on a VIP Hollywood FOX Tour for two worth more than USD 8000 each to view where the movie was filmed. This is an extremely rare opportunity as Fox Studios no longer offers studio tours, and the prizes are inclusive of airfare for two and three nights hotel accommodation.

There are also 1000  Limited Edition Predator Gift Sets of a military cap and thermal flash worth USD 25 per set to be won for a total of USD81,000  in prizes.

To participate in this promotion purchase any of these selected Kaspersky Lab products from an official Kaspersky online e-store or retail store between 9.July and 31 October 2018. :

  • Kaspersky Anti-Virus (Web | App)
  • Kaspersky Internet Security (Web | App)
  • Kaspersky Total Security (Web | App)


Suggested Reading

Go Back To > Cybersecurity | Home


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

How KIPS Online + KIPS Live Games Improve Cybersecurity

We just tried our hand at the first KIPS (Kaspersky Initeractive Protection Simulation) Online training and simulation session! Find out what it’s all about!


KIPS – Not Your Average Monopoly Game

KIPS Online is the online version of the KIPS Live offline cybersecurity training game. Based on 20 years of Kaspersky Lab’s experience in corporate cybersecurity, it instills cybersecurity awareness in players, and offers real, actionable cybersecurity insights to top-level business executives.

Both the Online and Live versions aim to help managers understand cybersecurity threats and how they can affect the performance of the company. It will help them work better with their cybersecurity counterparts, both internal and external, to better and quickly deal with cybersecurity attacks and threats.


KIPS Helps Bring Down Recovery Cost

According to Kaspersky Lab’s Corporate IT Security Risks survey, 51% of enterprises agreed that it is difficult to demonstrate the ROI (Return on Investment) when it comes to IT security. One of the goals of the KIPS Online and KIPS Live games is to demonstrate to senior management officials that quick and coordinated action can help save IT security costs.

During the game, participants are tasked with operating an interactive cybersecurity facility, with the goal of maintaining the company’s financial health while managing cybersecurity challenges. These are based on real-life challenges that have afflicted Kaspersky customers, so this is as real world as it gets!


Trying Out KIPS For Yourselves

Unfortunately, you cannot just download and try the Kaspersky Initeractive Protection Simulation for yourselves, because it needs a short training session, followed by a debriefing session in which Kaspersky Lab (or its partner) will explain the facts behind that particular game scenario.

Companies that are interested to try either games should contact Kaspersky Lab and their resellers globally. Both KIPS Online and KIPS Live are part of the Kaspersky Lab family of Security Awareness Training services.


Suggested Reading

Go Back To > Cybersecurity | Home


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!