Skip to content

New ransomware variant: Try2Cry!

New ransomware variant: Try2Cry! It tries to worm onto other computers by infecting any USB drive connected to the device, hoping it will be used on another computer at some point. Is uses the LNK files to disguise the malware.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Bullwall
BullWall is a fast-growing international cybersecurity solution provider with a dedicated focus on protecting critical data during active ransomware attacks. We are the only security solution able to contain both known and unknown ransomware variants in seconds, preventing encryption and exfiltration across all data storage types.

Version 2 Newsletter (January 2023 Issue)
Unique exploit: CVE-2022–44877 Exploitation Tool Securing Your Plant Without Shutting It Down: Navigating the Intersection of IT and OT Pandora FMS Journey to the Middle East, Black Hat MEA 2022 What Is the NIS2 Directive? Creating a culture of transparency New Reboot & Message Box Popups When the Target is Also the Threat 4 Keys to Consider When Evaluating Cloud Data Protection Tools

Securing Your Plant Without Shutting It Down: Navigating the Intersection of IT and OT

If one of your organization’s goals for 2023 is to implement a robust OT/ICS cyber security solution (and here’s why it absolutely should be, even if budgets are a little tight!) you may need a little help wading through the plethora of options, making a plan, and selling it to your CISO and board. There are many solutions being marketed out there, and many organizations willing to offer advice. 

SCADAfence recently published a vendor-agnostic guide to choosing an OT Cyber Security solution that details why OT cyber security differs from IT cyber security and what you need to know to choose the solution that’s best for your organization. In this post, we’ll delve deeper and explore why a complete integration is so important.

The U.S. National Institute of Standards and Technology (NIST) also released a draft version of a detailed technical guide to implementing OT security, with the final edition expected later this year. We suggest you download and read that as well.

One important thing to remember is that even if you don’t have a complete OT security solution at the moment, you still are probably not starting from scratch.

Enter the so-called expert from IT.

Integration Between OT and IT Is Essential

As we discovered recently on reddit, every control system engineer has a horror story to share about an IT guy who showed up on the floor of the manufacturing facility with a poorly thought out plan to install or upgrade or a cyber security solution. They proceed to scan every device on the OT network with a tool not-quite designed for the job and leave a disaster in their wake. Machines shut down. Production lines halted. Productivity out the window. Fingers pointed directly at the OT engineers.

We understand why most OT engineers would prefer to keep IT experts out of the factory, and back in the office, where they belong. But the fact is, OT networks require cyber security protection too. (And because a cyber attack in the OT world risks harming physical safety, not just data, the need is actually higher.)

However, as the integration of IT and OT systems becomes increasingly connected in functionality, it’s important to ensure that their cyber security solutions are well-integrated as well.

IT systems are usually more mature, based on common operating systems such as Windows OS or Linux, and have more options available. OT systems on the other hand, are often more fragile and built on custom software, but are more critical to an organization’s mission.

Therefore, as much as the OT teams might prefer to keep the IT teams out of their workspace, it is important for them to work together. Make sure roles and responsibilities are well-defined and it’s clear who holds final accountability for making sure your facility is secure.

Identify Your Specific Use Case

Before selecting an OT cyber security vendor, it’s essential to prepare and validate a clear list of IT integration use cases, and ensure that your chosen vendor is able to meet those needs

A sound and complete integration between OT and IT security solutions should accomplish several things. First, it should allow for the flow of information between the two systems. This means that the OT team can receive alerts and notifications from the IT system, and vice versa. Second, a seamless integration should allow for forensic analysis to be conducted across both systems if needed. Third, remote users that are authenticated by the IT systems, may need access to OT systems as well. Therefore, a proper solution will allow a way for users logging on remotely to get the access they need at the correct level of authorization.

This means that the solution should integrate seamlessly with other tools that are already in place. For example, SCADAfence integrates with a number of different security vendors, such as Rapid7, Keysight, and Secureworks. An open API that allows for maximum flexibility is ideal, as it allows you to tailor the integration to your specific use case rather than being limited to pre-set integrations that may not meet your needs.

Increased Visibility And Other OT Needs

In addition to the OT/IT integration, there are many other things to look for in an OT solution. Including, yes, the ability to passively scan the network to create a detailed inventory of every device without causing damage and shutting down the network. Other must-haves include quick installation time, low false positive rates, and tailored risk alerts. These are all covered in detail in the guide as well. 

So, when the CISO, IT person or other member of senior management tells you they want to bring in a cyber security expert, instead of tossing them out on their head and bolting the door, invite them in, be prepared, and talk about how best to work together.

To get more advice and information about choosing an OT cyber security solution, download our complementary guide.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.

Pandora FMS Journey to the Middle East, Black Hat MEA 2022

At Pandora FMS we like to travel! Traveling, meeting people, bonding… And barbecues or country getaways are great, but there’s nothing we like more here than an event focused on technology! That’s why we accepted the exceptional invitation to the latest Black Hat MEA edition held at Riyadh, Saudi Arabia last November. There we went, to the Middle East no less, with our stand and our roll up, to present our respects, and services, to the most cutting-edge community that exists out there.

Pandora FMS visits Black Hat MEA 2022, the event of the year

For those who are not aware of all this stuff: Black Hat MEA is a fairly iconic cybersecurity event, with year-round ethical hacking courses and offensive security classes that everyone wants to attend. A global event that pushes the secrets of data security to the limit. The largest information security trade show held anywhere in the world in 2022, bringing frontline and technology-loving companies together annually in a professional and festive atmosphere. But I will explain. We better talk to our lucky Pandora FMS colleagues who were able to attend this latest edition on behalf of our community. Alberto Sánchez, Systems Technician and Alexander Rodríguez, Salesperson.

Alexander, what would you say Black Hat MEA was like for Pandora FMS?

I think the event was a great chance! Having a space within the booth provided by our exclusive partner in Saudi Arabia, LoopTech, was wonderful.
It allowed us several positive meetings with clients. In addition, we had the honor to receive the visit of his Excellence Advisory Mr. Turki Alshikh. We were able to present him not only Pandora FMS, but the rest of the solutions in the field of Cybersecurity that our partner Looptech has. We were very happy to receive a lot of positive feedback from the product. Without a doubt, having participated in this event will help us achieve a better position in the Middle East market.

What did you learn from a place like Saudi Arabia and its people?

Saudi Arabia surprised me a lot. It is a country that is growing very fast. Although it still retains authenticity in the mud buildings in the middle of the desert and the spectacular sunsets on the dunes. Its people are super friendly and are willing to help you in everything necessary to make your stay as pleasant as possible. Most people speak English so it was very easy to communicate. And I was hugely impressed that everything there is “go big or go home”: great plates of food, huge malls… I would go visit the country again, without a doubt, to continue finding out more about its culture.

And you, Alberto? What do you think Pandora FMS contributed to Black Hat MEA?

I believe at least that Pandora FMS contributed to difference and originality, compared to the rest of solutions that showed up to the event. As you already know, Black Hat MEA was focused in cybersecurity, meaning there were thousands aimed at email or mobile security, others focused in failure detection and there were those that avoid intruder access to devices. Well Pandora FMS, among all of them, proved to be the tool that better looked after device health.  That its essential security feature is simply to prevent device malfunction thanks to monitoring, was something that stood out above the rest.

Any special memories of such an incredible journey?

It’s a tough question, because the whole trip was incredible. The kindness and “brotherhood” of the people was shocking. It was surprising the diversification of cultures that we experienced with people from all over the world, and the number of students who visited us asking really difficult questions to answer… But, if you insist, I’ll tell you a very funny moment that stuck with me. During a demo we could see that a group of students from the women’s university in Riyadh stared at us and laughed. When we finished the demo, we invited them to ask things about Pandora FMS and we took the opportunity to ask them why they were laughing during my demo, you know, in case we had failed at something… Their answer, while laughing, was that the word “Pandora” in Arabic is “Tomato”.  For the rest of the event we struggled, at the booth, to say Pandora FMS without a smile on our faces.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

Top Network Access Control Challenges and How to Tackle Them

Network Access Control (NAC) is an essential component of any modern corporate network security plan. In fact, access control is one of the most important measures for protecting information and system resources. With the growing sophistication of cyber threats, network administrators face several challenges in implementing and managing NAC.

Overcoming Visibility Concerns in Network Access

Ensuring a high level of visibility into network access remains a key requirement for efficient NAC management. When network administrators are in the dark about who is accessing the network or what devices are in use, enforcing robust security controls becomes a monumental challenge. To overcome this, the adoption of a sophisticated NAC solution is advisable. These systems provide the much-needed advantage of real-time monitoring and comprehensive reporting, thereby offering invaluable insights into users and devices on the network. Armed with this information, administrators can proactively identify and neutralize potential threats to network security, creating a stronger, more resilient infrastructure.

Further enhancement to visibility can be achieved through the integration of machine learning and artificial intelligence technologies. These advanced tools can automate the process of monitoring network traffic, identifying patterns, and flagging unusual behavior that may indicate a potential security risk.

Not to be overlooked is the importance of having clear, well-defined security policies. Such guidelines help ensure all network users and devices are appropriately accounted for and have the necessary permissions for network access. Regular reviews and updates of these policies are crucial to maintaining a robust and relevant network access control framework.

In addition, conducting regular network access audits is a highly effective strategy. These audits not only identify potential vulnerabilities but also provide an opportunity for administrators to evaluate and improve their current NAC strategies.

In summary, tackling visibility concerns in network access requires a multifaceted approach that involves the use of advanced NAC solutions, integration of AI and machine learning technologies, effective security policies, and regular network audits. With these measures in place, network administrators can rest assured that they have a clear and comprehensive understanding of their network access landscape, significantly enhancing their ability to safeguard against potential security threats.

Managing Unauthorized Access

Controlling unauthorized network access is paramount in maintaining a secure environment. Unwanted external intruders or even internal personnel can become significant threats if they gain access without appropriate permissions. One effective method of counteracting this challenge is the execution of stringent access control policies. These policies can dictate what level of access each user has, limiting their ability to interact with sensitive areas of the network.

Technologies such as two-factor authentication (2FA) and biometric identification can be powerful tools in this context. Implementing 2FA adds an extra layer of security by requiring users to provide two distinct forms of identification before granting access. Biometric identification, on the other hand, leverages unique physical or behavioral characteristics of individuals to authenticate their identity. This could range from fingerprint scanning to facial recognition, making it significantly harder for unauthorized users to gain network access.

In addition to the above, smart cards can offer a physical token-based approach to authenticate and verify users. The advantage of smart cards lies in their capability to store and process data securely, thus providing an added layer of protection.

To further fortify network security, regular network access audits should be performed. Such audits serve the dual purpose of identifying weak spots where unauthorized access may occur and confirming that all current access control measures are functioning effectively. By routinely scrutinizing the network access landscape, potential vulnerabilities can be spotted and rectified promptly, thus preventing them from being exploited by unauthorized users.

Adopting and Integrating Cloud-native Security Products

The progressive migration of businesses towards cloud platforms calls for a comprehensive strategy to incorporate cloud-native security products. This endeavor, while promising in terms of enhanced flexibility and scalability, can present its own set of network access control challenges.

To successfully integrate cloud-native security products, the initial focus should be on the compatibility of these tools with your cloud platform. Network administrators need to select security solutions that align seamlessly with the specific cloud services in use, thereby ensuring a smoother transition and optimal performance.

One critical aspect is the support for similar protocols and standards between your cloud service provider and the security product. A failure in this synchronization can lead to unnecessary complexities and vulnerabilities in your security posture. Thus, it’s crucial to validate this compatibility ahead of time to prevent such issues.

Also noteworthy is the ability of these security tools to provide a unified and cohesive security stance. An ideal security product should not operate in isolation but should provide an integrated view of security across all the deployed cloud services. This integration reduces the burden of managing disparate systems, saving time, and reducing the complexity for network administrators.

In addition, organizations need to ensure that these security tools are capable of addressing their unique needs and specific threat landscapes. This could include features like data encryption, intrusion detection, compliance monitoring, or vulnerability scanning, among others. The suitability of these features should be evaluated based on the organization’s risk profile and regulatory requirements.

Lastly, consider the scalability and adaptability of the chosen cloud-native security product. As your organization grows and your cloud environment expands, your security solution should be able to scale accordingly. This adaptability prevents future investments in new tools to meet increased security needs.

Budget Constraints for Investing in New Security Technology

Financial limitations can often impede the procurement of advanced security technologies, posing unique budget-related network access control challenges for network administrators. The issue becomes more profound when the rising cybersecurity threats necessitate continuous updates to the security arsenal. However, there are strategic ways to overcome this obstacle.

To begin, organizations should prioritize their investments by analyzing their specific risk profiles and business needs. Deploying a risk-based approach to security investments ensures resources are allocated to areas that carry the highest risk or impact. Therefore, instead of spreading a limited budget thinly across numerous tools, this approach allows organizations to invest effectively in a few, essential security measures.

Leveraging open-source security solutions can provide a cost-efficient route to improved network security. While it may not offer the exact features of premium tools, these solutions can provide a basic level of protection against common network threats. Additionally, the open-source community often provides ongoing updates, ensuring the software remains effective against evolving threats. However, it’s crucial to assess the quality and reliability of open-source solutions before integrating them into your network.

A Security-as-a-Service (SECaaS) model can be a viable alternative for organizations with limited budgets. Rather than investing in individual security products, SECaaS provides an array of comprehensive security services on a subscription basis. This model not only enables organizations to access top-tier security solutions but also reduces the cost and complexity associated with their management and maintenance.

Furthermore, organizations can consider cooperative purchasing arrangements, where multiple organizations join to negotiate better pricing with vendors, or leasing arrangements, which can spread the cost over time and improve cash flow management.

The final consideration is investing in employee training. An educated workforce can act as a powerful line of defense, reducing the likelihood of expensive security breaches caused by human error. Though often overlooked, this is a cost-effective approach to improving network security without the need for significant investment in technology.

Managing Network Access Control from Multiple Locations

As organizations increasingly adopt distributed and remote work models, new network access control challenges involving managing diverse geographical locations has arisen. Maintaining the integrity and security of the network while providing adequate access to remote employees requires a nuanced and robust approach.

To tackle this challenge effectively, the implementation of centralized network management systems is crucial. These systems empower network administrators to control and monitor network access from any location, ensuring seamless operations despite geographical boundaries. With such systems, administrators can enforce uniform security policies, detect potential threats, and respond swiftly to security incidents across all network access points.

Furthermore, deploying Virtual Private Networks (VPNs) is an effective strategy for remote network access control. VPNs offer secure encrypted tunnels for data transmission between the user and the network, thereby protecting the data from interception. For added security, administrators can combine VPN usage with Multi-factor Authentication (MFA), which requires users to verify their identities through multiple methods before granting network access.

The advent of Software Defined Perimeter (SDP) technology can also prove beneficial in managing NAC from multiple locations. SDP solutions, also known as Zero Trust Network Access (ZTNA), create individualized perimeters for each user, granting them access only to the specific resources they need. This approach minimizes the attack surface and reduces the risk of internal threats.

However, as the network extends beyond the traditional boundaries, the need for advanced security tools becomes paramount. Solutions such as Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) can help monitor and protect the network from potential threats, regardless of the user’s location.

Finally, regularly conducting network access audits can aid in identifying potential weak spots and inconsistencies in access control. These audits can reveal any discrepancies in the application of security policies across locations, providing valuable insights for enhancing the overall NAC strategy.

By embracing these solutions and strategies, organizations can successfully manage network access control from multiple locations, thereby ensuring business continuity and robust security in a distributed work environment.

Dealing with Insider Threats and Rogue Network Access Points

In the ever-evolving landscape of network security, managing insider threats and rogue network access points can pose a significant challenge. Both these elements can stealthily create vulnerabilities within the system, making detection and mitigation a demanding task. However, effective strategies can help network administrators navigate this complex issue.

In this regard, Behavior Analysis Tools (BATs) can be instrumental. These solutions scrutinize network activity to identify anomalies that deviate from established user behavior patterns. This continuous monitoring can flag unexpected or suspicious actions, providing early warning signs of potential insider threats. However, the key to leveraging BATs is defining what constitutes “normal” behavior, which requires an in-depth understanding of user roles and activities within the network.

Likewise, the implementation of Intrusion Detection Systems (IDS) can help identify unauthorized access points within the network. These systems work by monitoring network traffic for suspicious activities or violations of network policies. When an intrusion is detected, the IDS alerts the network administrator, who can then take necessary actions to neutralize the threat. To enhance the effectiveness of IDS, it should be paired with an Intrusion Prevention System (IPS), which not only detects but also prevents network intrusions.

Enforcing strict access control policies is another crucial strategy. These policies should clearly outline who has access to what data and when, creating boundaries that can prevent unauthorized access and data leakage. For these policies to be effective, they need to be comprehensive, updated regularly, and communicated effectively to all network users.

Providing regular security training for employees is also essential. Many insider threats are unintentional, often resulting from a lack of understanding of security best practices. By educating employees about the importance of network security and the potential consequences of their actions, organizations can significantly reduce the likelihood of insider threats.

Finally, a comprehensive audit of network access can reveal potential weak spots, such as rogue access points, and provide insights into the effectiveness of current security measures. Regular audits, coupled with the continuous monitoring provided by BATs and IDS, create a robust defense against insider threats and rogue network access points.

By adopting these strategies, network administrators can significantly enhance their ability to manage and mitigate potential insider threats and rogue access points, fortifying their network against these often overlooked but critical security challenges.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×