Skip to content

黑客鎖定製造業發動目標式勒索和 DDoS 攻擊,成為新常態!!! SCADAfence OT 高端網絡安全解決方案協助解決製造業的安全挑戰

隨著工業 4.0、物聯網 IoT、智慧製造概念的崛起,工業自動化與智慧化引入資訊與通訊科技,故工業生產設施、物聯網 IoT、以及關鍵的產業基礎設施,成為黑客新一波鎖定攻擊的目標。近年來 ICS 工業控制系統(Industrial Control System)資安攻擊事件頻傳,而與 IT(Information Technology)系統有顯著的差異,就是 OT(Operational Technology)網絡控制的是影響國家關鍵基礎設施(如石油、水、電廠等),鑒於越來越多的關鍵基礎設施依賴網絡設備進行控制運行,這使得針對於此的攻擊破壞力愈加增大,未來需要提防由其引發的大規模 DDoS 攻擊、勒索軟件及 APT 等網絡攻勢,而如何有效針對 OT 網絡進行資安分析與威脅偵測,預警惡意程式的攻擊,進而提供有效的防護資訊,來避免關鍵性基礎設施與互聯網造成嚴重的影響,是這幾年各國企業組織與政府機關最重視的議題,也被列為未來資安重要趨勢之一,預計到 2022 年工控安全的需求更將接近 140 億美元。

Version 2 Limited 獨家代理之 SCADAfence,旨在確保工業(ICS / SCADA)網絡的運營連續性,擅長整合工業物聯網,分析、即時監控和機器與機器間的連接,為生產網絡提供具擴展性的網絡安全解決方案。透由整合 IT 和 OT 網絡的檢測可見性和回應速度,使企業能夠比以往更加準確因應 IT 和 OT 網絡中的所有安全事件,進而在這場網絡戰爭中獲得優勢,SCADAfence 已作為三菱電子、西門子⋯⋯等全球跨國大廠之合作夥伴,目前在全球獲得許多製藥、化學、食品飲料和汽車業等客戶的採用,產品得到客戶的高度評價。

SCADAfence OT 高端網路安全解決方案:https://version-2.com/scadafence/

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.

訊連科技推出全新FaceMe® Security智慧安控解決方案支援多種主流VMS 協助安控應用快速導入刷臉門禁、出勤及口罩、體溫監測

【2021年03月31日,台北訊】 世界級AI臉部辨識技術開發商訊連科技(5203.TW)宣佈推出全新版本的 FaceMe® Security智慧安控解決方案。透過全球頂尖的人臉辨識技術,FaceMe® Security可協助系統整合商於多種安控場景中,快速導入VIP/黑名單辨識、刷臉出勤打卡等應用,並可支援口罩偵測、體溫偵測,及配戴口罩時的人臉辨識等防疫需求。全新版本新增了Milestone、Nx Witness、VIVOTEK VAST2等主流VMS支援,亦可於場域中採用NVIDIA Jetson進行人臉偵測及特徵擷取,可讓人臉辨識安控系統的部署更具彈性、輕量化,並節省成本。

訊連科技推出全新FaceMe® Security智慧安控解決方案支援多種主流VMS 協助安控應用快速導入刷臉門禁、出勤及口罩、體溫監測

FaceMe® Security為訊連科技開發的智慧安控加值軟體,可協助系統整合商快速將人臉辨識應用於零售業、製造業、倉儲管理、辦公室與飯店等各種應用場景中,導入如刷臉門禁、出勤記錄統計、VIP/黑名單辨識等及口罩偵測、體溫量測等應用。FaceMe® Security可相容於大多數現行IP安控系統,可連接到現有IP攝影機,或者運行於各種類型的電腦和工作站設備上,使系統整合商能快速將此解決方案導入現有架構及設備。透過支援Milestone, Network Optix Nx Witness與VIVOTEK VAST2 等主流VMS(影像管理系統),於特定人士(如VIP、黑名單、員工)進入特定區域時,可透過API即時發送示警訊息至保全人員端的VMS,也可搜尋指定人員出入資料進行回放。

FaceMe® Security可部署於各種規模的安控場景,於邊緣端運行的FaceMe® Security Workstation可運作於工作站、工業電腦及物聯網裝置上,進行即時的人臉偵測及特徵擷取,用作身分比對。以人流來說,於工廠或科技園區等每小時上萬人流的大型場域,可選擇於單一Windows工作站上安裝至多四張的NVIDIA Quadro RTX 5000加速卡,提供每小時近八萬人的人流臉部辨識。而以數千人的中小型場域,如辦公大樓、零售商場及倉儲,則可運行於NVIDIA Jetson(AGX Xavier或Xavier NX)或採用Intel® Core 處理器或Movidius™ VPU的工業電腦或NUC等設備,以較低的成本和能源消耗下,維持高精準度的人臉辨識監控服務。

「人臉辨識技術是近年來IP安控最熱門的應用之一。透過導入人臉辨識技術,不僅可以高度精準辨識個人身分,也能在配戴口罩等人臉部分遮蔽的狀況下,精準辨識身分,並且偵測人員是否正確配戴口罩。」訊連科技執行長黃肇雄表示:「訊連科技擁有提供領先全球的人臉辨識技術,FaceMe® Security更提供完整一站式的解決方案,可協助現有的IP安控系統無縫升級人臉辨識,為各種行業、各種規模的使用者,提供最安全的門禁管理和健康偵測服務。」

針對出勤打卡及體溫量測需求,FaceMe® Security提供了兩個附加套件,可於場域入口處安裝於一般個人電腦上,提供員工出勤打卡和健康偵測的介面。FaceMe® Security Check-In Add-On可提供即時的身分驗證並記錄員工出勤。FaceMe® Security Health Add-On則提供了健康量測服務,包含偵測人員是否正確配戴口罩、驗證身分並量測體溫。當系統偵測到體溫過高或者未配戴口罩的人員,可即時將紀錄之照片和位置通報給保全人員,方便採取進一步的防疫措施。

About Version 2

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

關於CyberLink
訊連科技創立於1996年,擁有頂尖視訊與音訊技術的影音軟體公司,專精於數位影音軟體及多媒體串流應用解決方案產品研發,並以「抓準技術板塊,擴大全球行銷布局」的策略,深根台灣、佈局全球,展現亮麗的成績。訊連科技以先進的技術提供完美的高解析影音播放效果、以尖端的科技提供完整的高解析度擷取、編輯、製片及燒錄功能且完整支援各種高解析度影片及音訊格式。產品包括:「威力導演」、「PowerDVD」、「威力製片」、「威力酷燒」等。

A Microsoft Exchange saga: How is ESET technology protecting business customers post-exploitation?

The global scale of the recent Exchange server attacks deserves the designation “saga.” The fallout, resulting in data theft and further malware deployment, has likely led to intensive changes in security protocols at thousands of institutions, and will surely be felt for a long time.

In an update to ESET’s original research piece detailing the global impact of the attacks, ESET’s telemetry picked up almost 27,000 attack attempts via web shells against around 5,500 unique servers:

Along with our well-received research into advanced persistent threat groups leveraging the Exchange vulnerabilities, ESET has set out to provide proactive advice via its Knowledgebase and a Customer Advisory. As the saga moves forward and we continue to compile and analyze data from the networks we protect, we would like to share how our cloud sandbox technology, ESET Dynamic Threat Defense (EDTD), and our endpoint detection and response solution, ESET Enterprise Inspector (EEI), offer protection to our clients.

With respect to malicious files, EDTD not only handles executables (as is the case with ESET LiveGrid®) but also documents, scripts, installers and other file types commonly used to deliver threats. As such, the technology gives greater visibility into, and protection against, various threat types. Leveraging EDTD in combination with endpoint security—both of which are backed by our core detection technologies—brings a multilayered approach to the table that significantly increases the likelihood an attack is automatically detected.

Looking closely at the samples related to the exploitation of Exchange servers, ESET has seen that some of the post-compromise attack components, for example, the loaders for the PlugX RAT (also known as Korplug), are being detected by EDTD when the most sensitive detection threshold – Suspicious – is applied. The same applies to the CobaltStrike-related components.

These kinds of detections also trigger alerts in the ESET Lab, where our researchers are actively monitoring EDTD detection data. The knowledge gained from malware analysis of these samples can then be applied further as we investigate possible intrusion vectors and remediation. With respect to post-compromise investigation and monitoring of servers, security operations center teams can use ESET Enterprise Inspector to address what amounts to a global challenge.

From the point of view of EEI’s rule set, the current modus operandi of the attackers can be fairly generic, meaning that creating a rule that detects such generic activity—even though possibly malicious—might cause a high number of false positives. For example, it is quite normal for w3wp.exe, the IIS worker process, to execute cmd.exe and powershell.exe, meaning that a rule monitoring this event would flood EEI’s dashboard with false positives.

However, ESET security teams have investigated how EEI faces up against malicious activity following the exploitation of Exchange. Our findings suggest that EEI deployed on exploited servers can cut investigation time by at least 80%.

EEI can not only shorten the time for investigation, but also show the path of attack. Critically, the security admin at EEI’s dashboard would have data at hand to see what was happening, when and where, which is a significant help in identifying and cleaning up malware, as well as providing for the overall security of compromised email servers.

Please follow our blog where ESET will share additional information to help customers return to normal operations following the extensive global exploitation of Exchange.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Major Events Venue Moves from On-Prem to Cloud NAC as Part of Digital Transformation

Founded in 2004 and located in the heart of Cardiff Bay, Wales Millennium Centre (WMC) is Wales’ national arts centre and a major events venue in the region. It seats nearly 2,500 guests, and hosts events ranging from performances by the Welsh National Opera, to concerts, West End musicals, an annual arts festival and more.

Increasingly Cloud-Friendly

WMC has been a long-standing customer of Portnox, having signed on to use Portnox CORE, our on-premise network access control (NAC) solution, in 2012. By early 2020, however, WMC was in the midst an internal push for digital transformation, which focused on adopting cloud technologies in exchange for existing legacy on-premise systems. “Moving from on-prem to cloud is something we’ve begun to undertake over the last year across nearly every system that we use,” said Richard Williams, IT Infrastructure Engineer.

After migrating WMC’s payroll system to the cloud, with several other systems also awaiting migration, Williams and his team began to assess the venue’s current cybersecurity posture. “For a while now, I have been looking at various aspects of security across our business. We’re looking to tighten things up, and much of that has begun with training for staff, such as teaching people to be more aware of phishing emails, etc. It’s now time to begin really assessing the systems we have in place, particularly when it comes to network security,” Williams continued.

As the team turned its focus to its existing network access control capabilities with Portnox CORE, it decided that this component of the cybersecurity stack should also migrate to cloud NAC as part of the WMC’s digital transformation program.

Elevating Network Security

As a public venue, WMC is open to a variety of non-staffers for long periods of time throughout the day. “On a daily basis, we have large numbers of contractors, performers – all kinds of people in the backstage area – and historically we had limited visibility of what was being plugged into our network,” Williams went on to say.

With a number of wired ports located throughout the building, as well as a guest wireless network that was freely accessible, this limited visibility meant that WMC’s network was especially vulnerable and could potentially be breached by anyone with a moderate level of IT know-how.

“While we hadn’t fully leveraged all of the functionality available to us within Portnox CORE, I knew that Portnox CLEAR would be a much better fit for us as an organization after seeing it in action,” Williams stated. “With Portnox CLEAR, we can simply login and see exactly who is on the network, via which access layer, their device type, etc. We have much more visibility and control today as a result.”

Better Agility & Visibility in Times of Crisis

As the Coronavirus pandemic unexpectedly swept the globe in the early months of 2020, WMC’s choice to transition to Portnox CLEAR’s cloud NAC yielded a surprising benefit. “As a public events venue that had to shut its doors for several months due to the pandemic, we were forced to downsize our staff and send most of the remaining workforce home to continue operations,” Williams went on to say.

With an uncharacteristically large remote team, Williams and his colleagues were able to extend Portnox CLEAR’s NAC capabilities to the organization’s VPN access layer, ensuring that the corporate network, resources and various enterprise cloud applications were being accessed by remote staff in a secure manner.

Future-Proofed for Whatever Lays Ahead

While the future for nearly every organization remains uncertain as the pandemic drags on, Williams and WMC are confident that Portnox CLEAR will continue to deliver the needed stability, visibility and control it requires to keep its network safe. “From the end-user’s point-of-view, Portnox CLEAR is very stable. My team connects to CLEAR first thing in the morning, and simply disconnects at the end of each day. Now, we always know what’s happening on the network. There are no blind spots,” Williams explained.

cloud nac visibility security

With Portnox CLEAR cloud NAC, WMC is future-proofed for any new network security challenges that lie ahead, thanks to the platform’s superb uptime, on-going upgrades, and flexibility to manage from anywhere if needed.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

中小企業也能做到資安零信任

零信任(Zero Trust)是由John Kindervag10年之前所提出的安全概念模型,零信任有別於傳統的IT網路安全架構守護邊界作為主要訴求,零信任的概念是可以更完善的保護,在企業中不應該完全信任內部或外部的任何連線、裝置,需要用適當的方法認可每一條連線與裝置。

在零信任的安全架構中,需要做不同層面的思考,零信任主要目標可是透過各種方式限制使用者擁有過多的權限,對於每個網路連線都能夠檢查,強化整體企業的網路安全,確保企業不管是從外部或內部都能夠大大的降低威脅,因此對於使用的應用程式、裝置、資料存取、機密程度都做全方位的控管;並搭配更精細的權限分配,這樣才能夠展現出零信任的價值。

中小企業中往往會受限於預算、人力等等因素,對於零信任的安全架構據而遠之,認為只要先做好傳統的IT網路安全架構就行了,存著僥倖自己的企業應該不會這麼倒楣遭受到駭客的攻擊吧。但這樣的思維往往是駭客最容易下手的目標之一,因為傳統的IT網路安全架構對於內部的連線或是裝置往往是採取開放與信任的模式,這也是現今駭客攻擊中最常攻擊的方向。且現在因COVID-19的疫情肆虐,許許多多的企業都採取居家辦公(WFH, Work From Home)的形式,就已經突破了傳企業網路安全的邊界,到達員工家中的電腦或是雲邊緣,對於企業的資安風險大大的提升。

中小企業中,不一定可以購買昂貴的資安軟體或是設備,但可以一步一步的往零信任的方向規劃。先全方面的盤點目前企業的網路安全架構,充分的了解到目前的安全防護可以做到何種程度,是否可以有效的防範外部的攻擊,例如:防火牆、SPAM ServerWAF…等;以及往往在企業中最容易疏忽的,也是最難防守的就是內部的橫向移動攻擊,這也是駭客最擅長使用的攻擊手法之一。從企業最多的脆弱點攻擊,利用釣魚方式、水坑攻擊等從員工下手。另外,要充分的了解目前企業中所使用的資訊資產(資料、設備等)機敏性的高低,這些都要在做零信任的網路規劃上要考慮進去的。

不需一步達成零信任網路安全規劃,應先訂立明確的策略方向,務實的短中長程規劃,兩者充分的結合一起,一步一步達成零信任網路安全的目標。在零信任中,許多企業中最先採取行動的是權限存取控制與使用者權限控管,這也是零信任最重要的一環,就算有再昂貴的資安設備,在權限控管上有疏失,那麼所做的零信任網路安全架構就會有很大的破口。尤其在企業中往往會有一特權使用者或是特權帳號,起初可能是為了管理方便或是讓主管可以容易使用系統,但這些在未來的駭客攻擊中將會成為很大的攻擊目標。所以要做零信任的第一步,就是要重新審視這些特權使用者或是特權帳號是否有必要擁有這麼多的權限,開始制定所有的使用者權限,更明確的限制誰可以存取那些系統的權限,對於機敏性高的資料,存取權要管的嚴格,這些都是在做零信任網路安全中重要的一步。

零信任網路安全是要長時間不懈怠的一直做下去,不用想說一步就可以達成,現今的網路攻擊也是不斷的在變化,所以我們更要不斷的進化,不能用一成不變的思維去思考零信任,一步一步的將零信任網路安全架構建立的更完善。

About Version 2

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

關於精品科技
精品科技(FineArt Technology) 成立於1989年,由交大實驗室中,一群志同道合的學長學弟所組合而成的團隊,為一家專業的軟體研發公司。從國內第一套中文桌上排版系統開始,到投入手寫辨識領域,憑藉著程式最小、速度最快、辨識最準等優異特性,獲得許多國際大廠的合作與肯定。歷經二十個寒暑,精品科技所推出的產品,無不廣受客戶好評。

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×