Skip to content

How to make a difference on Data Privacy Day

In the spirit of New Year’s resolutions, one commitment is gaining attention: data privacy.

Every January 28, we observe Data Privacy Day. Established in 2007, it highlights the need to protect personal information.

As we step into 2024, the relevance of Data Privacy Day has never been more prominent: the trends show that the number of cyber threats will increase this year, so data privacy is a hot topic.

Is Data Privacy Day significant?

Data Privacy Day may not be as famous as Thanksgiving, yet it’s crucial. It focuses on the escalating and valid concerns over personal data security.

Data breaches are on the rise. Statistics for 2022 and 2023 reveal that 98% of organizations are linked to a vendor that suffered a data breach in the past two years. Also, in the first three quarters of 2023, one in four Americans had their health data exposed. So, discussing cyber safety is quite important, as education often plays a crucial role in preventing data breaches.

Data privacy day statistics

This day reminds us all, whether individuals or businesses, that we have to protect data. It’s about more than awareness; it’s about fostering better practices, vital in an age where anyone can fall victim to social engineering.

The origins of Data Privacy Day

On April 26, 2006, the Council of Europe established Data Protection Day to be celebrated annually on January 28. This date marks the opening for signature of the Council of Europe’s data protection convention, known as “Convention 108.” The day was set to encourage best practices in privacy and data protection.

Data Privacy Day’s impact is global, extending well beyond Europe. It unites governments, industry leaders, and privacy advocates.

Fundamental principles of privacy and data protection

The General Data Protection Regulation (GDPR), a significant regulatory framework established by the European Union, outlines several of these principles.

As GDPR is the most strict privacy framework in the world, let’s look at them to understand what we should aim for:

  1. Lawfulness, fairness, and transparency. That’s how personal data must be processed.

  2. Purpose limitation. Data should be collected for explicit purposes and not then processed in another manner.

  3. Data minimization. Only data that is necessary for the purpose should be collected.

  4. Accuracy. Personal data should be accurate and kept up to date.

  5. Storage limitation. Personal data should be kept in a form that allows the identification of data subjects for no longer than necessary.

  6. Integrity and confidentiality. Data should be processed in a way that ensures security.

  7. Accountability. The data controller is responsible for and must be able to demonstrate compliance.

Even though GDPR is European, it’s relevant for US companies, too. If they offer goods or services to people in the EU or track their internet activities, they need to follow these rules. The fines for not doing so can be steep. We’ve got a handy GDPR compliance checklist for businesses curious about this.

10 best practices for ensuring data privacy

As Apple stated in one of their latest reports, “Organizations are only as secure as their ‘least secure link.'” Ensure your business’s safety and also request that your vendors follow some simple tips.

  1. One fundamental practice is understanding and classifying the data one handles. This involves identifying which data is sensitive and requires more protection.

  2. Regularly updating privacy policies and ensuring they are transparent and easy to understand is also crucial. This helps individuals know how their data is used and protected.

  3. Strong, unique passwords are essential for securing accounts.

  4. Two-factor authentication adds an extra layer of security, which is essential for sensitive accounts.

  5. Regular software updates are also crucial. They often include security patches that protect against new vulnerabilities.

  6. Organizations should conduct regular data audits. These audits help identify and address potential security gaps.

  7. Employee training in data privacy is equally important. It ensures that everyone understands how to handle sensitive information correctly.

  8. Encouraging a culture of privacy within an organization is also beneficial. This creates an environment where data protection is a shared responsibility.

  9. Finally, it’s essential to have a response plan for data breaches. This plan should include steps to mitigate damage and notify affected parties.

  10. Regular backups of essential data can prevent loss in a security breach.

How to participate in Data Privacy Day effectively

While a social media post with #DataPrivacyDay is a good start, 2024’s rising cyber threats call for more practical actions.

Here’s a simplified take on White & Case’s tips:

  1. Data mapping. Sort out the data you have (like customer details) to ensure it’s handled correctly under the privacy laws of your region.

  2. Privacy policy review. Regularly update your website’s privacy policy. It should clearly state how you use customer information, keeping up with current laws.

  3. Adapt to new opt-out laws. In states like Utah, Florida, Oregon, Texas, and Montana, new laws in 2024 may require websites to honor user preferences about data usage. Make sure your site can do this if it’s relevant to you.

  4. Data protection assessment. It’s like a health check for your data practices. Ensure your methods of handling sensitive information, like customer financial data, meet the latest legal standards.

  5. AI tools review. If you use AI, treat it like a responsible employee. Check that it follows privacy rules and is transparent about data use. Include checks for fairness and safety in how the AI operates.

Now is the right time if you still need to introduce NordLayer solutions to protect your business. Contact our sales and choose the best option for your business.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

ESET Research discovers new China-aligned APT group Blackwood that uses advanced implant to attack within China, Japan, and the UK

  • ESET Research has discovered the NSPX30 implant being deployed via the update mechanisms of legitimate software, such as Tencent QQ, WPS Office, and Sogou Pinyin, and attributes this activity to a new China-aligned APT group ESET named Blackwood. 
  • ESET has detected the implant in targeted attacks against both Chinese and Japanese companies as well as against individuals located in China, Japan, and the United Kingdom. The aim of the attack is cyberespionage.
  • The implant was designed around the attackers’ capability to conduct packet interception, enabling NSPX30 operators to hide their infrastructure.

BRATISLAVA, MONTREAL — January 24, 2024 — ESET researchers have discovered NSPX30, a sophisticated implant used by a new China-aligned APT group, named Blackwood by ESET. Blackwood leverages adversary-in-the-middle techniques to hijack update requests from legitimate software to deliver the implant. It has carried out cyberespionage operations against individuals and companies from China, Japan, and the United Kingdom. ESET mapped the evolution of NSPX30 back to an earlier ancestor – a simple backdoor we have named Project Wood. The oldest sample found was compiled in 2005.

ESET Research named Blackwood and the backdoor Project Wood based on a recurring theme in a mutex name. A mutex, or mutual exclusion, is a synchronization tool used to control access to a shared resource. The Project Wood implant from 2005 appears to be the work of developers with experience in malware development, given the techniques implemented. ESET believes that the China-aligned threat actor we have named Blackwood has been operating since at least 2018. In 2020, ESET detected a surge of malicious activity on a targeted system located in China. The machine had become what is commonly referred to as a “threat magnet,” as ESET Research detected attempts by attackers to use malware toolkits associated with multiple APT groups.

According to ESET telemetry, the NSPX30 implant was recently detected on a small number of systems. The victims include unidentified individuals located in China and Japan, an unidentified Chinese-speaking individual connected to the network of a high-profile public research university in the United Kingdom, a large manufacturing and trading company in China, and China-based offices of a Japanese corporation in the engineering and manufacturing vertical. ESET has also observed that the attackers attempt to re-compromise systems if access is lost.

NSPX30 is a multistage implant that includes several components, such as a dropper, an installer, loaders, an orchestrator, and a backdoor. Both of the latter components have their own sets of plugins that implement spying capabilities for several applications, such as Skype, Telegram, Tencent QQ, and WeChat, among others. It is also capable of allowlisting itself in several Chinese antimalware solutions. Using ESET telemetry, ESET Research determined that machines are compromised when legitimate software attempts to download updates from legitimate servers using the (unencrypted) HTTP protocol. Hijacked software updates include those for popular Chinese software, such as Tencent QQ, Sogou Pinyin, and WPS Office. The basic purpose of the backdoor is to communicate with its controller and exfiltrate collected data; it is capable of taking screenshots, keylogging, and collecting various information.

The attackers’ capability for interception also allows them to anonymize their real infrastructure, as the orchestrator and the backdoor contact legitimate networks owned by Baidu to download new components or exfiltrate collected information. ESET believes that the malicious but legitimate-looking traffic generated by NSPX30 is forwarded to the real attackers’ infrastructure by the unknown interception mechanism that also performs adversary-in-the-middle attacks.

“How exactly the attackers are able to deliver NSPX30 as malicious updates remains unknown to us, as we have yet to discover the tool that enables the attackers to compromise their targets initially,” says ESET researcher Facundo Muñoz, who discovered NSPX30 and Blackwood. “However, based on our own experience with China-aligned threat actors who exhibit these capabilities, as well as recent research on router implants attributed to another China-aligned group, MustangPanda, we speculate that the attackers are deploying a network implant within the networks of the victims, possibly on vulnerable network appliances, such as routers or gateways,” explains Muñoz.

For more technical information about the new China-aligned APT group Blackwood and its latest NSPX30 implant, check out the blog post “NSPX30: A sophisticated AitM-enabled implant evolving since 2005.” Make sure to follow ESET Research on Twitter (today known as X) for the latest news from ESET Research.

Geographical distribution of Blackwood victims

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Finding Fortra GoAnywhere MFT with runZero

On January 22nd, Fortra disclosed a serious vulnerability in its GoAnywhere Managed File Transfer (MFT) product.

This issue, CVE-2024-0204, allows attackers to bypass authentication controls and create new administrative user accounts. Such accounts can then be used to access the system with full administrative privileges. This vulnerability has a CVSS score of 9.8, indicating that it is a critical vulnerability.

It is unknown if this vulnerability is being actively exploited in the wild.

What is the impact? #

Upon successful exploitation of this vulnerability, attackers can execute arbitrary commands on the vulnerable system. This includes the creation of new users, installation of additional modules or code, and, in general, system compromise.

Are updates or workarounds available? #

Fortra has fixed this vulnerability in version 7.4.1 of the product and recommends that users upgrade. Additionally, a workaround is provided as described in the vulnerability advisory.

How do I find potentially vulnerable Fortra installations with runZero? #

From the Services Inventory, use the following query to locate assets running the vulnerable products in your network that expose a web interface and which may need remediation or mitigation:

_asset.protocol:http AND protocol:http AND (last.http.body:"alt=%GoAnywhere Web Client" OR http.body:"alt=%GoAnywhere Web Client")

Additional fingerprinting research is ongoing, and additional queries will be published as soon as possible.Learn more about runZero

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

Demystifying RDP part 1: Understanding RDP, VDI, and RDS

Microsoft’s Remote Desktop Protocol (RDP) has been around for 20 years, but even avid users only have a vague understanding of the concept and its applications. 

In my Demystifying RDP series, I’ll start by covering the basics.

RDP (Remote Desktop Protocol) was baked into the Windows client Operating System (OS) when Windows XP was released in 2001.

RDP is a proprietary protocol from Microsoft that provides users with a graphical interface to connect to another computer over a network.

The RDP protocol helps in the setup of server-based computing.

It enables clients to connect to servers – and in the context of RDP, those servers will run operating systems (e.g., Microsoft Windows) or applications (e.g., Sage BOB50, Microsoft Navision, etc.).

Since then, RDP technology has evolved rapidly. Truthfully, it’s become a complex endeavor that only a few people master.

Below, I’ll provide structure and simplify the complexity of RDP, the different options and elements, the high-level benefits, and the downsides. We’ll also explain how Parallels Secure Workspace layers benefits on top of RDP and the various ways to deploy it. I’ll keep it high-level in part 1 of the series, then deep dive into some of the situations and areas mentioned in subsequent posts. Now, let’s get started.

Ready to get started with your free trial of Parallels Secure Workspace? Download it now.

VDI vs. RDS

Microsoft’s Remote Desktop Protocol (RDP) is the main glue connecting clients (e.g., laptops or desktops) to operating systems and applications that are running on a remote device. Typically, this will be a server, but it might also be a personal computer in some cases.

We can identify two models in which RDP is used.

The following picture can serve as a summarized overview — read on for more detail.

graph-demystifying-RDP

Virtual Desktop Infrastructure (VDI)

In VDI, the client connects to a dedicated host running a client version of Windows, such as the instance of Windows 7 or Windows 10 that is running on your laptop. The “host” will typically be a virtual machine, but it could also be a PC (on the condition that it’s connected to power and the network).

This virtual machine is dedicated to the client and cannot be shared.

As end users can access a remote but dedicated operating system, they can also get admin rights and install desktop applications themselves. From an infrastructure perspective, VDI is considered expensive as every user would typically have their own Virtual Machine running a version of Windows, and there is no resource sharing.

Microsoft has introduced Windows Virtual Desktop on Azure. As part of Windows Virtual Desktop, Microsoft also introduced multi-session Windows 10. This is only available on Azure, not on any other public or private cloud.

Remote Desktop Services (RDS)

Microsoft RDS, in contrast to VDI, is a server-based technology. (Note: previously, RDS was referred to as Terminal Server). For example, it doesn’t run on the version of Windows 10 that you run on your PC but on a Windows Server.

The biggest benefit of RDS being a server-based technology is that your infrastructure resources can be shared — multiple users can access the same operating system simultaneously.

What resources are end users accessing? The resource(s) in question could be a full desktop or a single application.

In the case of the full desktop, the actual resource accessed would be a Windows server, which is typically skinned to make it look like a desktop version of Windows.

However, it is not a desktop version, meaning that some desktop applications might be unable to run. RDS or Remote Desktop Services is a framework of roles. These roles are explained below. You don’t need all these roles for a simple VDI connection (without RDS).

I already covered how RDS can be used to give access to full desktops and individual applications.

For the latter, RemoteApp is involved. RemoteApp is a subset of Microsoft RDS, which gives the end user the impression they only have access to a single and isolated application (e.g., Microsoft Excel) without the operating system behind it.

For this purpose, you can use RemoteApp and install applications like Microsoft Excel on this desktop. The end user will then remotely launch their Windows (Server) and then open Excel inside that instance of Windows.

Note that RemoteApp is only available as of Windows Server 2008R2. Technically, the RDS technology can also be used to connect to VDI-based desktops. That means that you can connect via RDP to a VDI, but also via RDP over an RDS platform to a VDI. In this shared infrastructure, end users can’t enjoy admin access. However, the consumed infrastructure costs will be considerably lower than VDI from an economic perspective.

Start your free trial of Parallels Secure Workspace, and stay tuned for the next post in my series aimed at demystifying RDP.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Parallels 
Parallels® is a global leader in cross-platform solutions, enabling businesses and individuals to access and use the applications and files they need on any device or operating system. Parallels helps customers leverage the best technology available, whether it’s Windows, Linux, macOS, iOS, Android or the cloud.

Guarding the heart of giving: cybersecurity for NGOs

In today’s digital age, cybersecurity is critical for all organizations, including charities and non-governmental organizations (NGOs). These entities, driven by a passion for positive change, increasingly rely on technology to streamline their operations and advance their missions. However, they also face unique cybersecurity challenges that require tailored solutions.

  • NGOs are independent organizations not tied to governments, focusing on various social or environmental issues, funded by donations and grants. 

  • Charity organizations, a type of NGO, provide public benefit, such as alleviating poverty or improving health, funded by voluntary contributions and often enjoy tax-exempt status.

Understanding the vulnerability of NGOs

Recent research, like the report released by GOV.UK has brought to light the heightened vulnerability of NGOs like charities to cyber threats.

These organizations often operate with limited resources and cybersecurity expertise, making them attractive targets for cybercriminals. Data breaches, ransomware attacks, and phishing scams are just a few of the numerous threats they face.

In the last 12 months, high-income NGOs have been a common target of cyber threats due to their higher-scale impact on the organization and benefit for bad actors. However, a lower frequency of attacks on smaller-scale organizations doesn’t mean they are less attractive to attackers.

High-income charities report higher incident rateThey are less likely to detect cybersecurity breaches and attacks compared to the previous year because senior managers in these organizations have downplayed cybersecurity in the current economic context, resulting in reduced monitoring and logging of such incidents.

The World Economic Forum insights report reveals the actual decline in professionals with cybersecurity competency in lower-revenue organizations. It confirms that the perception of the actual threat landscape potential is shrinking compared to higher-income NGOs because of the lack of gathered and evaluated data.

Skills needed to achieve cybersecurity objectives in NGOs

Meanwhile, the data breach costs are rising. According to the latest IBM Data Breach Report 2023, the public sector, which includes NGOs, sees growth in data breach costs:

Approximately one in five organizations apply cybersecurity measures to protect their network and reduce the potential of cyber-attacks. The same proportion of NGOs have an incident response plan to act in case of an incident.

NGOs risk managementInadequate preparation and neglecting the impact of digital threats result in financial and reputational losses. Understanding the importance of donors’ financial support to deliver their mission to do good in the world, unsecured charities are more likely to pay with their credibility than actual money.

The challenges faced by NGOs

NGOs handle sensitive information, including donor details and beneficiary data. A breach in their systems can have far-reaching consequences, corrupting public trust and potentially harming those they aim to help.

The lack of dedicated IT staff and insufficient cybersecurity training further heightens these risks. Only a third of NGOs have people with some level of cybersecurity knowledge.

NGOs board members responsible for cybersecurity

On the other hand, employee training is in an even worse position. Only 17% of organizations have carried out staff training or awareness-raising activities. Users unaware of malicious activity and not restricted by additional identification policies pose a huge risk to NGOs’ network security.

The report also shows that charities tend to dismiss or be unaware of various regulatory compliance and cybersecurity awareness campaigns organized at the state level. Frameworks and guidelines simplify and compass NGOs to a clear direction on data protection, yet they are ineffective when left unused.

Red Cross data breach case

Another sensitive and curious topic is data protection. NGOs deal with entities that aim to aid and financial donors who provide money and resources for good deeds. Because of the data type that non-governmental organizations handle, it places them in an interesting position.

In 2022, there was a case of a Red Cross organization getting breached for information. The attack didn’t qualify as a ransomware attack.

Bad actors used the vulnerability of lack of access controls and retrieved sensitive data about refugees and other displaced people. In this case, lost information can bring more extensive damage than just financial losses.

Actionable solutions for enhanced cybersecurity

To address these challenges, charities and NGOs must adopt a comprehensive cybersecurity strategy.

This includes regular risk assessments, employee training on cybersecurity best practices, and the implementation of robust cybersecurity solutions. Encouraging a culture of cybersecurity awareness is also crucial.

Although NGOs employ measures like malware protection, cloud backups, and passwords, a relatively small portion of organizations perform cybersecurity risk assessment and management.

Data shows there has been a decline in the adoption of certain cyber hygiene practices over recent years.

Understanding that NGOs lack resources for cybersecurity, starting from people and knowledge to investments, these organizations need solutions that don’t require active input from the user.

  • The tools must be seamlessly integrated and don’t interfere with day-to-day operations.

  • The solutions should protect the most important and critical assets.

  • Network security solutions should bring money to value.

  • The tools could bring NGOs closer to regulatory compliance requirements.

  • The tools are easy to use and don’t require technical knowledge.

The solutions are available to outsource with managed security services.

Learning from experience: case studies

Our published NGO case studies offer valuable insights into real-world applications of effective cybersecurity strategies. These stories demonstrate how tailored cybersecurity measures can mitigate risks and safeguard operations.

Let’s take a look at the Canadian Mental Health Association (CMHA), Alberta South Region case.

For more information on how CMHA protected sensitive client data in dynamic team environments, visit the CMHA x NordLayer case study.

NordLayer: empowering NGOs with expert cybersecurity support

NordLayer provides expert cybersecurity solutions to NGOs. Our approach is holistic, offering not just tools but also the knowledge and support necessary to navigate the complex digital landscape. We specialize in identifying unique vulnerabilities and customizing security solutions to meet the specific needs of NGOs.

The NordLayer advantage

Our services are designed to empower NGOs to focus on their core mission without worrying about digital threats. By leveraging our expertise, NGOs can strengthen their digital defenses, ensuring data integrity and maintaining the trust of their stakeholders. Our solutions are easy to implement, cost-effective, and backed by continuous support.

A special offer: amplifying the positive global impact

NordLayer is proud to offer a special promotion to further support NGOs in their crucial work. We provide a 60% discount for all yearly NordLayer plans (T&C apply), making our top-tier cybersecurity solutions more accessible. This initiative reflects our dedication to enabling NGOs to amplify their positive influence globally.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×