Skip to content

OpenSSL Vulnerability – What It Means For Your OT Network

The cyber security community was deeply engrossed this week in the news that OpenSSL, the organization responsible for the software package that encrypts and secures communications across much of the internet, was about to release a patch for a newly discovered “Critical” vulnerability.

The original announcement on October 25th was met with a cyclone of reaction and commentary from security experts. However, after a few tense days of speculation, OpenSSL downgraded the vulnerability rating to “High” before publicly releasing details of the security flaw and the patch on November 1, 2022. Despite the lowered rating, and while the issue is turning out not to be the crisis that many experts had feared, this is still considered a potentially major security issue and it is important to understand it and take remedial action where necessary.

This blog will explain what OpenSSL is used for, the commotion caused by the announcement this week, what it means for your OT network’s cyber security, and offer SCADAfence’s analysts advice for protecting your network from the vulnerabilities.

Continue reading

The most dangerous computer viruses in history

Here, in our beloved Pandora FMS blog, we have talked a big deal about computer risks. This does not mean of course that we consider ourselves to be faint-hearted or timid, but rather cautious heroes. And in order not to be alone in a battle against the evil that lurks around, today, continuing with this theme of terror and digital desolation, we bring you: some of the most dangerous computer viruses in human history!

These are the computer viruses you should fear the most!

What is a computer virus?

Before bringing on the storm, listing malicious software, we’d better explain a little what this whole thing about computer viruses is and why, although you have to be careful with them, you don’t need to use masks.

A computer virus is a malicious program or code created and conceived to truncate the operation of a computer. 

Like the biological microorganism, they are also infectious, although these replicate only within computer equipment.

They propagate from one computer to another, usually attached to a legitimate document, then execute their cursed code.

Although you may think the computer virus has been with us since the first pulley system, it was Leonard M. Adleman, in 1984, the first to use the term while finding similarities between his student Fred Cohen’s college experiment and the HIV virus.

List of the most dangerous computer viruses that have ever existed

Now, let’s get down to business!

We go into it!

I LOVE YOU

Funny thing is, this virus does everything but love and appreciate you for who you are. In fact, on its own, it has devoted itself to creating chaos around the world with about 10 million dollars in damages.

It came to be believed that 10% of all computers in the world were infected by it and it caused large institutions and governments to disable their email system for not wanting to take any risks.

You see, something not even the tiresome, stalking Linkedin publicity achieved.

I love you was created in the Philippines by Reonel Ramones and Onel de Guzman using social engineering (“A set of techniques that cybercriminals use to trick incautious users into sending them confidential data, infecting their computers with malware, or opening links to infected sites”) they sneaked it into the Philippines, to all of Asia, and in a short time to the rest of the world.
Fun fact:

As the email they sent for you to click on the attachment was a declaration of love, the virus was called “I Love You”.

MELISSA

Its creator was David L. Smith and detonated in ’99 as an infected Word document that was presented to the world as the best thing ever for perverts:

“Hello, I am a list of passwords for pornographic websites.”

At that time the virus was mailed to the fifty most important people in your email and created havoc with his deceptive list of passwords. Of course, the most curious and salacious ones fell for it right away.

It also came with a sort of cover letter, a reference to the Simpsons.

Less than a week after his presentation to the public, David L. Smith was captured by the police. Oh, I’m sorry, David.

However, for his special collaboration with the authorities in trapping other perfidious virus creators, his sentence was reduced from 10 years to 20 months.

Still… His virus caused 80 million dollars in damage.

Fun fact:

If “Melissa” sounds like a sinuous and more like the name of a hurricane, it has to do with the fact that it comes from an exotic dancer from Florida.

ZEUS

A trojan (“A malware that presents itself to the user as a seemingly legitimate and harmless program, but which, when executed, gives an attacker remote access to the infected computer”) created especially to truncate computers with Windows.

It did a number of awkward things on your computer, including capturing forms.
Most computers became infected due to hidden downloads or phishing (“A technique that involves sending an email from a cybercriminal to a user pretending to be a legitimate entity”).

It was used for such ominous things as stealing login credentials from social networks, emails, and bank accounts.

In the United States alone, more than one million computers were infected.

Fun fact:

It compromised corporations such as Amazon, Oracle, Bank of America, Cisco, and many more.

STUXNET 

The virus is believed to have been created by the Israel Defense Forces along with the United States Government.

With these two agents involved, what do you think? That the virus was spawned as an experimental project and that it got out of hand? Or that it was done, expressly, to bring chaos upon our civilization?

Bingo!

This virus was designed for cyber warfare.

It had the goal of halting Iran’s advances in nuclear defense. And so it was, much of the infection took place in Iran.

Fun fact:

It spread through infected pen drives and altered the speed of the devices until they became damaged.

CRYPTOLOCKER 

A ransomware (“A type of malicious program that restricts access to certain parts or files of the infected operating system and asks for a ransom in exchange for removing this restriction”) Trojan that uses, among other means, email to spread.

Once your computer was infected it went on to encrypt some files from the hard drive.

The thing here is that, even though it’s easy to remove as a virus, the files it encrypted stayed still encrypted, unless you paid a ransom by a deadline.

The ransom used to be $ 400, although it could increase, and the number of infected computers was 500,000.

Make the numbers yourself… With only half paying the scammers, you could afford a house in Florida!

Thank God, Evgeny Bogachev, leader of the organization that operated with this virus was arrested and forced to return all encrypted keys.

Fun fact:

In the end, only 1.3% of those infected fell into the scam… That’s about 3 million dollars. Not bad at all!

Dimas P.L., de la lejana y exótica Vega Baja, CasiMurcia, periodista, redactor, taumaturgo del contenido y campeón de espantar palomas en los parques. Actualmente resido en Madrid donde trabajo como paladín de la comunicación en Pandora FMS y periodista freelance cultural en cualquier medio que se ofrezca. También me vuelvo loco escribiendo y recitando por los círculos poéticos más profundos y oscuros de la ciudad.

Dimas P.L., from the distant and exotic Vega Baja, CasiMurcia, journalist, editor, thaumaturgist of content and champion of scaring pigeons in parks. I currently live in Madrid where I work as a communication champion in Pandora FMS and as a freelance cultural journalist in any media offered. I also go crazy writing and reciting in the deepest and darkest poetic circles of the city.

 
 

 

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

Are Hackers Above the Law?

A woman writhes on a gurney in the back of an ambulance racing to get treatment for her aortic aneurysm. The paramedics radio to the closest hospital to announce their impending arrival. But they’re told the hospital is in the grips of a ransomware attack, critical systems are offline, and they can’t accept new patients. The heart patient would have to go elsewhere. That meant an hour-long drive to the next comparable facility. And by the time she was able to receive treatment, the woman died.


This isn’t hypothetical. This exact scenario happened in Germany in September 2020. And when it did, numerous voices in the cybersecurity community (mine included) called it the first death to be directly caused by a cyber attack. Ransomware disabled the hospital. And if the woman had been able to receive treatment sooner, she likely would have survived her cardiac episode. Responsibility for her death seemed to fall squarely on the shoulders of the hackers behind the ransomware attack.


German prosecutors agreed. They saw in the attack an open and shut case of negligent homicide. But, under German law, in order for someone to be convicted of that crime, prosecutors needed to establish legal causation between the actions of the defendant and the resulting death. And that’s where things got tricky.


Cyber Attacks as Criminal Acts


The Computer Fraud and Abuse Act was enacted in the US in 1986 and represented the first major effort to prevent hacks through criminal law. Many other countries adopted similar laws – some later than others – but all realized early on that cybercrime needed (but lacked) an appropriate legal apparatus.


Cybercrime laws around the world have evolved and matured significantly since then. GDPR in Europe drastically raised the bar for data protection and privacy while leveling severe penalties for any infraction. California adopted a similar law, as have other US states, and the recent Strengthening American Cybersecurity Act of 2022 established sweeping cybersecurity requirements for all federal offices and many of the vendors they work with. Never has “cyber” legislation been as expansive as now, and all signs suggest this regulatory framework will only expand further.


One area where it remains immature, however, is in regard to prosecuting offenders for the damage caused by cyber attacks. Most laws measures damage (and thus assign penalties), based on the number of records stolen or the amount of downtime caused. But the law stops there. Most downstream effects of the attack are considered irrelevant.


Which makes sense. For most of history, cyber attacks have been seen as IT issues first and foremost. And while they could certainly cause plenty of damage and disruption, it was seen as confined to the digital realm. Rarely did attacks spill over into the physical world, so there was no reason to contextualize those attacks within existing criminal law.


But that’s changing fast. One example is the attack on the Colonial Pipeline in May 2021. A ransomware attack disabled one of the largest oil pipelines on the Eastern Seaboard, resulting in fuel shortages, panic buying at the pump, and changes to flight schedules due to lack of fuel. President Biden declared a State of Emergency as a result. And while the attack thankfully left no one dead or injured, it nonetheless highlights how cyber attacks can directly affect people’s health and safety. Ransomware directed at hospitals, schools, and police departments has a similar effect. And as we see hackers become increasingly emboldened and unscrupulous, future attacks won’t just disrupt data or apps – they will ruin lives.


Learning From the German Example

It’s telling what ultimately happened in Germany. After a two-month investigation, prosecutors concluded that they couldn’t meet the standard of proof necessary to link the woman’s death with the ransomware attack definitively. Prosecutors needed to show that had the ransomware attack never occurred, the woman would have lived. But after consulting with medical professionals, it was believed the woman would have died no matter where or when she received treatment. So while the ransomware attack made a bad situation worse, the heart condition, not the attack, caused the death.


Lacking any expertise in German criminal law, it seems to me that prosecutors got it right in this case. Nonetheless, it’s impossible to hear this anecdote and not think about a slightly different variation: where medical devices get disabled by ransomware, and patients dependent on those devices die. Unfortunately, it’s only a matter of time before this scenario (or countless similar alternatives) happens. And when it does, will the law be able to prosecute those behind the attack for those deaths? Or will hackers skate by on a lesser charge, signaling to others that devastating attacks don’t come with devastating consequences for the perpetrators?


Time will tell. Until then, however, I hope we draw a lesson from what happened in Germany and start thinking more about cyber attacks as attacks on people, not just IT.

#cybersecurity #ransomware #law #cybercrime #Germany #hospital

 

 

 

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About VRX
VRX is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.

Where is data center architecture headed to?

You know what data centers* are, we’ve told you a lot about the on this blog. Today, however, it is time to check out a particular aspect such as the singleness of their architecture**. In addition to what role they play in the present and which one they will play in the future.

* Physical facility that organizations use to host their information, applications, critical data…

**There’s a good example of alliteration, great rhetorical figure.

So let’s go!

Data center architecture, present and future

Lately with so much cataclysm and recession, it seems that the world is going backwards. However, there are things that improve. The Succession TV show is cooler every season and last summer they released a new variety of Magnum ice cream that is superior to the previous ones. For instance.

Technology is also evolving. In fact, you can see right now how all sorts of innovations take us to the next level.

Data centers are not left behind

About moving forward, I mean.

Why?

Well, because in recent years, IoT technology, the overwhelming need to accumulate data and our beloved Cloud have lovingly promoted the modernization of traditional data centers.

Otherwise these would be obsolete.

As many of you know, the design of a data center is based on a network of computing and storage resources that allows delivering shared data. 

Its key components include:

  • Routers. 
  • Switchgear. 
  • Firewalls. 
  • Storage systems.
  • Servers.
  • Etc.

This is when a number of companies are shifting to modern forms of data centers*.

*Which pose as many advantages as challenges. 

More than twenty years ago, when data center architecture became a hot topic, there was debate between the CISC (Complex Instruction Set Computer) and RISC (Reduced Instruction Set Computer) architectures, and between SMPs, mainframes, and small systems. 

All this happened before the surprising emergence of coprocessors, AISCs and other accelerators, to boost data access and optimize complex operations. 

Currently, data centers are mostly aligned on x86 CPUs, small two-socket servers, and a general standardization of the components that make up the modern data center. 

Even so, corporations continue to look for ways* to increase their efficiency and productivity by helping themselves with technological advances.

*Always at a lower cost.

Where do data centers come from and where are they headed to?

Like all technologies, from the pulley system to home ice-cream maker, data centers have also gone through a long way of transformation.

  • Before the 1990s, data centers were made up of large computer rooms. There, any computer error made them stand out within the system.
  • In the 1990s, as the Internet began to take shape and take center stage, data centers became popular among businesses. 
  • As the new century began, folks began to become more aware of the data centers and brought to light incredible improvements.  Such as data center services, outsourcing demands, shared hosting, application hosting, managed services, ISPs, ASPs, MSPs, etc. 

During later years, data centers became stabilized as a concept in society. The focus, then, was on energy efficiency, refrigeration technologies and management facilities.

Is this the end of ordinary data centers?

Today, a good Intel CPU is considered the most powerful on the market. 112 cores, an incredible number of features to handle all kinds of workloads or technical machine learning activities. 

Even so, companies seek, as police hounds, a new solution.

They are aware that big data analytics, machine learning, artificial intelligence, the so-called “Internet of Things” and other high-spectrum technologies are changing the approach to data centers. 

Modern technologies, as they have been doing from the pulley system to home ice-cream makers, try to minimize costs.

That’s why, if we take into account the money, efficiency, power and optimization in a modern data center, you’ll find old architectures no longer work. 

They consume more energy and take up more space. 

Furthermore, there are already better services, more attractive ones

GPUs are being used, for example, for specialized tasks that suppress single-core CPU performance. 

In fact, GPU-enabled platforms have caused a readjustment of system designs, addressing the data-avid nature of processors.

Despite what it may seem, in recent times, cloud providers are switching to independent data centers, and, of course, large corporations are following suit. 

In the immediate future, the evolution of data centers is expected to approach a new paradigm, probably because the Covid 19 pandemic has pushed the world to work in the cloud like no one imagined.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

How Cloud IAM Security Vulnerabilities Are Being Exploited

What is IAM Security?

IAM is an abbreviation for identity access management. Identity access management systems allow your organization to manage employee applications without checking in to each app as an administrator. IAM security solutions allow organizations to manage a variety of identities, including people, software, and hardware.

IAM Infrastructure

Over the past few years, businesses have been making the move from on-prem to cloud-based operations for their business. This has been majorly contributed by the rise of SaaS applications that have allowed businesses to increase operational efficiency through the cloud.

While this brings numerous business advantages, it has further complexified the array of required appliances and services needed to keep the business running smoothly. Many organizations often use multiple different cloud service providers across numerous different services.

This has increased infrastructure complexity, while making security management more difficult. Added to this is the fact that cloud environments constantly operate and run whenever they are. This availability allows the business to run smoothly without fail, but also leaves them vulnerable to exploitation whenever a malicious actor wants to access them.

IAM security layers have become an increasingly popular attack vector as things have moved to the cloud. Such attacks utilize phishing-acquired security tokens to a devastating degree, allowing a cybercriminal to assume any role within the network.

Cloud providers such as Amazon Web Services (AWS), Microsoft Azure and Google Cloud all have various IAM security measures when managing their platforms. Using Amazon Web Service’s IAM policies as an example, we will look at how a malicious attacker could exploit a vulnerability and assume roles.

IAM Security Roles

First, we need to understand how IAM roles come into play. Authentication tokens are assigned to each user identity in AWS. But suppose you wanted to offer network access to a third-party application, tool, or web server. Creating and maintaining users account for each service could prove quite difficult.

AWS considered this issue and created a solution known as the IAM role. A role lacks a username/password or access key, as it doesn’t pertain to a specific user. IAM roles serve as a distinct identity with assigned permissions that determine what the identity can and can’t do within AWS. When users can take on different responsibilities, other roles can be assigned to them.

IAM Security Vulnerabilities

The complexities of enterprise cloud infrastructure have increased the exploitation of IAM security vulnerabilities. Exploitation can occur in various scenarios, such as when debugging in a DevOps environment, where an administrator is provided permissions for testing. This may be forgotten after testing is completed, allowing an attacker to potentially reuse the administrator credentials to access other parts of the cloud environment.

IAM security threats might also stem from other vulnerabilities such as:

Server-Side Request Forgery (SSRF)

Assume a cyber attacker discovered a website running an unpatched application with a common server-side request forgery (SSRF) vulnerability. An SSRF vulnerability allows an attacker to force a server-side application to send HTTP queries to a random domain of the attacker’s choice.

In most cases, the webpage will display the English version via eng.php. Nevertheless, if an attacker modifies the eng.php file to refer to a another URL, the web server will comply. Since the request originated from an internal source, it will then answer if the destination of the request is from an inside resource (such as the instance metadata server).

Misconfigurations

Misconfigurations are another major cause of breaches in IAM and cloud environments, often leading to data loss or unauthorized access to cloud systems. They often arise due to a poor understanding of their complex cloud environment. Fortunately, there are various tools and methods that organizations can use to address this.

Companies should implement a solution that can identify both malicious and unintentional misconfigurations in cloud setups from all entry-points, while enabling a multi-cloud environment. Along with detecting misconfigurations, this solution should offer a means to correct them.

Cloud-Native Application Protection Platform (CNAPP)

Cloud-native application protection platforms offer a solution to common IAM vulnerabilities such as these. A CNAPP analyzes both the cloud infrastructure plane and workloads to give you a complete picture of both. Logging offers one such effective measure for mitigating IAM vulnerabilities by providing insight into who and what is active within a given network.

It is important for enterprises to gain complete visibility of their complex cloud environments to mitigate IAM security threats. Since entry to a network can be granted either directly or indirectly, graph models can be easily used to clearly illustrate the specific relationships between identities and their respective rights. Since each organization’s structure and demands are unique, the ability to leverage granular insight of this data is critical.

Cloud IAM Security: Final Thoughts

Implementing the above steps to increase and manage your network visibility, data logging, and misconfiguration detection will help mitigate cloud IAM security vulnerabilities while preventing major security breaches before they happen.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×