Skip to content

What is CISO-approved backup?

Background of Keepit’s CISO Kim Larsen

My journey into cybersecurity started long ago when I was a police officer. I was working in serious crime investigation, which then took me to the internet as the world went to cyber, and eventually I joined the intelligence service in Denmark as CSO. After that, I was working with NATO and the EU as a delegate to the security committees.

This background has been incredibly beneficial as it taught me to handle crises, assess risks, and maintain a certain calmness under pressure. These skills are vital in the cybersecurity world, where threats are ever-present and evolving daily. As a police officer, I was trained to see risks that others might overlook, and this perspective has been invaluable in my career role as a CISO.

Understanding the cybercrime landscape

One of the significant challenges in cybersecurity, as I see it, is the dynamic nature of cybercrime. Criminals can constantly change their tactics and crime scenes, making it difficult to combat them. Therefore, it’s crucial to have a strong collaboration between governments and enterprises to prevent these crimes effectively. The cooperation between different sectors is vital because cybersecurity threats don’t respect borders, and international collaboration is often required to address them.

Having the right level of security is key to earning customer trust.

The critical role of a CISO in backup solutions 

At Keepit, we recognize that we are the last line of defense for an enterprise. When everything else fails, businesses rely on their backup systems to recover and continue operations. This is why backup solutions need to be robust, reliable, and secure. My role involves ensuring that we stay ahead of compliance regulations, understand the threats we face, and mitigate those risks effectively. 

Bringing backup to the forefront 

Traditionally, backup systems have been viewed as something in the corner (or quite literally the basement), often neglected until disaster strikes, where it’s hoped everything will work for a recovery.

However, I believe that backup solutions, like those provided by Keepit, should be brought to the forefront of an organization’s strategy. Our solution ensures that data is not only backed up but secure, readily accessible, and restorable, aligning with the critical needs of modern enterprises, such as ensuring business continuity and compliance even in the face of disruptions.

Backup systems aren’t just an IT concern but should be a significant consideration for management, C-level, and the board. Regular testing and daily engagement with backup solutions are essential to ensure they are ready when they are desperately needed — after an attack or other data loss event. 

The Keepit approach to backup 

At Keepit, we provide backup solutions for software-as-a-service (SaaS) environments. This means that we back up data and allow businesses to work live with the information, whether it’s a regional backup or a cloud backup. One of the key features of our solution is the ability to reverse cloud backups to local backups. This ensures that businesses can always access their data, even if they lose connection to their cloud provider, such as Microsoft, Google, or Amazon. This dual approach provides a significant advantage in terms of compliance and business continuity. 

Security measures and certifications 

We pride ourselves on using a well-proven, robust data center solution and maintaining rigorous security standards. Our security measures are based on ISO 27001 certification, which, while not providing security on its own, assures our customers that the entire Keepit organization lives up to the highest international security standards and ensures that we have the necessary controls in place. We focus on maintaining strict control over access, keeping IDs updated, and ensuring that only authorized personnel have access to our servers. 

Identity management and zero trust 

Credential management is critical in cybersecurity. While the concept of zero trust is often more theoretical, we strive to implement as many controls as possible to minimize risks.  To me, zero trust is mostly theory because I don’t think anyone has total control over all of the processes in their infrastructure. For a deeper understanding of zero trust principles, you can refer to the NIST Zero Trust Architecture

So, my advice is to build a control framework that, first of all, protects your critical assets and ensures that you have identified and protected those frameworks of controls that work. By doing that you also map what you might not have sufficient control over, be aware of that, and then protect it even more than you do with the rest of your assets.

It’s essential to understand which assets you need to protect the most and to build a governance framework around those assets. This approach helps in identifying and safeguarding the crown jewels of your enterprise; it’s all about asset identification.

He who defends everything, defends nothing.

Frederick the Great

Compliance and regulations 

Compliance with regulations is a global concern. Whether it’s GDPR or NIS2 compliance in Europe or other data protection laws in the US like DORA (Digital Operational Resilience Act) and others around the world, businesses need to be aware of and comply with these regulations. It’s not just about having a certificate; it’s about living the compliance regulations and integrating them into the enterprise culture. Trust is paramount in our industry, and if customers don’t trust us, they won’t buy our services. 

The impact of AI and future threats 

Artificial Intelligence is rapidly changing the threat landscape. The ability of AI to mimic human behavior and infiltrate systems is a growing concern. It’s crucial to know where your data is and ensure it’s adequately protected. This includes being cautious about using public AI services and understanding what data can be shared and what must remain secure. 

Data management challenges 

One of the biggest challenges in data management is knowing where your data is and how it’s protected. This includes understanding where data is stored when it’s in the cloud, how it’s transported, and how employees share it. Most data breaches occur due to unintentional data sharing rather than malicious intent. Therefore, it’s essential to provide clear guidelines and establish a framework that aligns with how employees work. 

Balancing security and collaboration 

The foundation of any business is data sharing, but this must be balanced with security needs. Over-classification of data can impede collaboration and productivity. It’s about finding the right balance where security measures protect the most critical data while allowing for effective collaboration within the organization. 

The importance of regular testing 

A backup solution is only as good as its last test. Regular testing ensures that the backup system is functional and ready to be deployed when needed. It’s essential to integrate this testing into the daily operations of the organization rather than waiting for a disaster to strike. 

Conclusion 

A CISO-approved backup solution is one that is robust, reliable, and secure. It involves regular testing, strong compliance with regulations, effective identity management, and a balanced approach to data security and collaboration. If you have active backup that is also used on a daily basis for file recovery, for example, the chance that it works and that your organization knows how to use it is significantly raised in case of a large-scale incident. 

CybersecurityData protectionBusiness continuityCompliance

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.

ESET Research discovers financial fraud using novel phishing method tailored to Android and iPhone users

  • Standard phishing delivery techniques were combined with a novel method of phishing, targeting Android and iPhone (iOS) users via PWAs, and on Android also via WebAPKs, ESET Research discovers.
  • Installations of PWA/WebAPK applications do not include warnings to the user concerning the installation of a third-party application.
  • On Android, these phishing WebAPKs even appear to have been installed from the Google Play store.
  • Most of the observed applications targeted clients of Czech banks, but ESET also spotted  apps targeting banks in both Hungary and Georgia.
  • Based on the C&C servers utilized, and the backend infrastructure, ESET concludes that two different threat actors were operating the campaigns.
  • ESET notified the victims’ banks in order to protect them, and assisted with the takedowns of multiple phishing domains and C&C servers.

BRATISLAVA, PRAGUEAugust 20, 2024 — ESET Research discovered an uncommon type of phishing campaign targeting mobile users, and analyzed a case observed in the wild that targeted clients of a prominent Czech bank. This technique is noteworthy because it installs a phishing application from a third-party website without the user having to allow third-party app installation. On Android, this could result in the silent installation of a special kind of APK, which even appears to be installed from the Google Play store. The threat targeted iPhone (iOS) users as well.

The phishing websites targeting iOS instruct victims to add a Progressive Web Application (PWA) to their home screens, while on Android, the PWA is installed after confirming custom pop-ups in the browser. At this point, on both operating systems, these phishing apps are largely indistinguishable from the real banking apps that they mimic. PWAs are essentially websites bundled into what feels like a stand-alone application, with this feeling being enhanced by the use of native system prompts. PWAs, just like websites, are cross-platform, which explains how these PWA phishing campaigns can target both iOS and Android users. The novel technique was observed in Czechia by ESET analysts working on the ESET Brand Intelligence Service, which provides monitoring of threats targeting a client’s brand.

“For iPhone users, such an action might break any ‘walled garden’ assumptions about security,” says ESET researcher Jakub Osmani, who analyzed the threat.

ESET analysts’ discovery of a series of phishing campaigns, targeting mobile users, used three different URL delivery mechanisms. These mechanisms include automated voice calls, SMS messages, and social media malvertising. The voice call delivery is done via an automated call that warns the user about an out-of-date banking app, and asks the user to select an option on the numerical keyboard. After  the correct button is pressed, a phishing URL is sent via SMS, as was reported in a tweet. Initial delivery by SMS was performed by sending messages indiscriminately to Czech phone numbers. The message sent included a phishing link and text to socially engineer victims into visiting the link. The malicious campaign was spread via registered advertisements on Meta platforms like Instagram and Facebook. These ads included a call to action, like a limited offer for users who “download an update below.”

After opening the URL delivered in the first stage, Android victims are presented with two distinct campaigns, either a high-quality phishing page imitating the official Google Play store page for the targeted banking application, or a copycat website for that application. From here, victims are asked to install a “new version” of the banking app.

The phishing campaign and method are possible only because of the technology of progressive web applications. In short, PWAs are applications built using traditional web application technologies that can run on multiple platforms and devices. WebAPKs could be considered an upgraded version of progressive web apps, as the Chrome browser generates a native Android application from a PWA: in other words, an APK. These WebAPKs look like regular native apps. Furthermore, installing a WebAPK does not produce any of the “installation from an untrusted source” warnings. The app will even be installed if installation from third-party sources is not allowed.

One group used a Telegram bot to log all entered information into a Telegram group chat via the official Telegram API, while another used a traditional Command & Control (C&C) server with an administrative panel. “Based on the fact that the campaigns used two distinct C&C infrastructures, we have determined that two separate groups were operating the PWA/WebAPK phishing campaigns against several banks,” concludes Osmani. Most of the known cases have taken place in Czechia, with only two phishing applications appearing outside of the country (specifically in Hungary and Georgia).

All sensitive information found by ESET research on this matter was promptly sent to the affected banks for processing. ESET also assisted with the takedowns of multiple phishing domains and C&C servers.

For more technical information about this novel phishing threat, check out the blogpost “Be careful what you pwish for – Phishing in PWA applications” on WeLiveSecurity.com. Make sure to follow ESET Research on Twitter (today known as X) for the latest news from ESET Research.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×