Skip to content

Overview of Cyberthreats to SMBs

In the landscape of business, where giants and startups coexist, small and medium-sized businesses (SMBs) stand as a crucial but often overlooked sector. These enterprises, smaller than corporations but larger than microbusinesses, play a significant role in various industries. However, a looming danger threatens their existence – cyber threats. SMBs, lacking the strong defenses of larger corporations and government agencies, find themselves targeted by cybercriminals. According to a  study released in June 2023, 61% of SMBs in the UK and the US fell victim to hackers in the past year. This data sheds light on the urgent need for enhanced cybersecurity measures tailored to the specific challenges faced by these businesses.

Motivations Behind Cyber Attacks on SMBs

Cybercriminals target SMBs for several reasons, all of which relate to the vulnerabilities unique to small businesses. One of the primary factors is the inadequacy of cybersecurity budgets and resources. Unlike their larger counterparts, small and medium-sized businesses often lack the financial means to invest in advanced security technologies, dedicated IT teams, and cybersecurity professionals. This deficiency makes them a tempting target for hackers, who can exploit vulnerabilities to disrupt business operations and gain unauthorized access to sensitive data and networks swiftly.

Moreover, SMBs encounter a lack of cybersecurity awareness and IT-related training among their employees. This deficit increases the likelihood of their business operations falling victim to various cyber threats, including social engineering tactics such as phishing attacks. The fact many businesses rely on outdated software compounds the problem, resulting from limited financial resources and insufficient awareness of relevant cybersecurity measures.

According to the CNBC|SurveyMonkey Small Business Index Q4 2022, 4% of small business owners considered cybersecurity their most significant risk. The Digital Ocean report painted quite a grim picture, with 25% of SMBs suffering from a lack of time to manage cybersecurity threats, a pervasive resource deficiency among these businesses. Also, 41% of IT decision-makers at SMBs admit that their lack of knowledge regarding potential cyber security threats is one of the most challenging issues.



As regards qualified specialists, according to the mentioned Digital Ocean report, 38% of SMBs had no dedicated cybersecurity employees, and 42% of them had only a single employee working in this critical field.

Despite the frequent victimization of SMBs by hackers, only 6% of business owners increased their cybersecurity budgets in 2022, reflecting a concerning lack of prioritization in cybersecurity strategy.

Severe Impact of Successful Cyberattacks

While SMBs may lack the financial resources of larger enterprises, they still control valuable assets that attract cybercriminals seeking monetary rewards. Customer data, payment information, trade secrets, and intellectual property become prime targets for cybercriminals. Cybercriminals exploit these assets directly for financial gain or as a springboard to infiltrate larger organizations.

The aftermath of a successful cyberattack on SMBs is profound. The survey highlights that 58% of IT decision-makers at small and medium-sized businesses experienced business downtime due to cyberattacks. Additionally, 39% lost customer data and one-third reported a loss of customers. Alarmingly, 87% of participants reported experiencing two or more successful attacks in the past year, emphasizing the persistent nature of cyber threats.

Pervasive Threat of Social Engineering Attacks

Among the many cyber threats to enterprise companies, social engineering attacks, especially phishing, stand out as the most common threat to small and medium-sized businesses. Employees of SMBs face a staggering 350% more social engineering attacks than their counterparts at larger enterprises. Phishing scams, simple to organize and requiring minimal resources, have become an all-too-common threat.



ProofPoint’s 2023 State of the Phish Report revealed that 84% of organizations faced at least one successful phishing attack in 2022.

Through spear phishing and other social engineering techniques, cybercriminals trick business owners and employees into disclosing sensitive information, leading to more ransomware attacks, installations, and data breaches.

The financial repercussions of cybersecurity breaches are staggering. The Cost of a Data Breach Report 2023 by IBM disclosed that among companies with fewer than 500 employees, the average cost of a data breach is approximately $3.31 million per incident, translating to $164 per breached record.

Proactive Cyber Security Measures

What compounds the situation is the misplaced confidence of SMB owners regarding cybersecurity best practices. Despite lacking formal cybersecurity budgets and dedicated IT employees, 64% of SMB owners are sure they can quickly resolve a cybersecurity attack if one occurs. This overconfidence, coupled with a lack of preparedness, significantly impacts the organization’s ability to respond effectively to a cyberattack. Delayed or ineffective incident response can lead to extended downtime, increased damages, and prolonged exposure of sensitive data.

To avoid the dire consequences of cyberattacks, SMBs must adopt proactive measures to their security practices and bolster their cybersecurity defenses.

  1. When it comes to cybersecurity, one of the biggest threats that an organization might suffer from is human error. That is why it is crucial to conduct regular training sessions on security best practices to improve cybersecurity awareness among employees. Recognizing common tactics, such as phishing scams, is vital to fending off attacks.
  2. Investing in educating employees is worth doing but it is almost impossible to eliminate the human factor anyway. So, it is reasonable to maintain a first line of defense that will minimize the possibility of human error. The tool that can help you in ensuring this can be web filtering. A robust web filtering solution will not let your employees follow potentially malicious links and will enhance staff’s productivity by blocking timewasters.
  3. Given the high cost of data breaches mentioned above, SMBs should ensure their data is protected and duplicated. Determine critical data and have multiple backups to reduce the impact of a breach on operations.
  4. Using weak passwords is not something that businesses can afford to do. Implement and enforce a robust password policy. To enhance security, apply 2-factor authentication whenever possible.
  5. Prepare an incident response plan to ensure a swift and effective response to cyberattacks. When an attack happens, every moment counts, and having the right people and procedures in place can minimize downtime, reduce damages, and protect sensitive data.

The cybersecurity landscape for SMBs is fraught with challenges. As they grapple with limited resources, lack of awareness, and persistent cyber threats, the need for proactive measures has never been more critical. Small and medium-sized businesses must recognize the urgency, prioritize cybersecurity, and implement comprehensive strategies to fortify their defenses.]

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SafeDNS
SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence. Moreover, we strive to create the next generation of safer and more affordable web filtering products. Endlessly working to improve our users’ online protection, SafeDNS has also launched an innovative system powered by continuous machine learning and user behavior analytics to detect botnets and malicious websites.

Finding Juniper SRX and EX devices with runZero

Today, January 12th, 2024, Juniper Networks disclosed a serious vulnerability in Juniper SRX firewalls and EX switches.

The issue, identified as CVE-2024-21591, allows remote attackers to create a denial-of-service (DoS) condition or to execute arbitrary code with root privileges on vulnerable devices.

This vulnerability has a CVSS score of 9.8 out of 10, indicating that this is a critical vulnerability.
According to their disclosure, Juniper Networks is not aware of any active exploitation of this vulnerability.

What is the impact? #

Upon successful exploitation of these vulnerabilities, attackers can execute arbitrary code on the vulnerable system with root privileges. In general, this means that a successful attack would result in complete system compromise.

Are updates or workarounds available? #

Juniper has released a software update to address this vulnerability.
This update available through their support portal and other update distribution mechanisms.

How do I find potentially vulnerable Juniper devices with runZero? #

From the Asset Inventory, use the following query to locate assets that may be running the vulnerable operating system in your network:

hw:"Juniper EX" OR hw:"Juniper SRX"
 
 

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

10 Strategies for Boosting Your Wireless Network Security

The ever-evolving landscape of cyber threats poses a significant challenge to network administrators. One area of focus that requires continuous monitoring and upgrades is wireless network security. Here are ten effective strategies that you can employ to fortify your organization’s wireless network against potential cyber threats.

1. Update Your Network Infrastructure

Here’s the thing, cybercriminals are opportunists. If they spot a weakness in your wireless network, they won’t hesitate to take advantage. So, let’s get ahead of them. The first order of business? Updating your network infrastructure. Yes, that means all the hardware – routers, switches, the works. But don’t stop there. It’s not just the physical gear that needs to be current; we also need to look at the software and firmware. By staying on top of updates, you’re patching up any potential security gaps that could give hackers an open invitation. Remember, in the game of cyber security, the offense is the best defense. So, don’t just play catch up. Keep your wireless network security in tip-top shape with frequent updates and you’ll be giving those pesky cyber invaders a run for their money.

2. Implement Strong Encryption

Alright, let’s talk about encryption. Think of it as the secret language of your network. Only the devices on your network can understand this language, making it nearly impossible for any eavesdroppers to make sense of your data. Now, you might be wondering, what’s the best secret language to use? Enter WPA3, one of the strongest encryption standards out there. It’s the code-cracking, cyber-secure ninja you need on your team. But remember, even the best encryption can be busted with a weak password. So, let’s not make it easy for the bad guys, okay? Avoid obvious passwords like ‘password123’ or your birth date. Go for something complex and unique. Maybe throw in some symbols, uppercase letters, or even a fun, random word. The point is, don’t be predictable. And one more thing, change these passwords regularly. It’s like changing the locks on your doors, keeping intruders on their toes. So, get cracking on that encryption and secure password and let’s keep those cybercriminals guessing.

3. Deploy Firewall and Anti-malware Protection

Ever heard of a medieval castle with no walls? Of course not. Those walls were the first line of defense against intruders, just like a firewall is for your network. This silent warrior stands between your network and the world of cyber threats, turning away suspicious traffic and giving a big fat “access denied” to malicious invaders. But we’re not stopping there. Let’s bring in some anti-malware protection. Think of it as your network’s personal bodyguard, scanning for any sketchy software that managed to slip past your firewall. Catching these bad guys before they can do any real damage is the name of the game. Of course, both your firewall and anti-malware software need to stay sharp to keep up with the latest threats. That means regular updates are a must. Consider them like training sessions, keeping your defenses ready for whatever comes their way. So, keep your guard up and your software up-to-date to make sure your network stays as impenetrable as a fortress.

4. Secure Your IoT Devices

Look around you, how many devices are connected to your network right now? Your office printer, the smart fridge in the break room, even the temperature control system – all these are IoT devices. The problem is, each of these devices is like a new door into your network, potentially inviting cyber baddies for a stroll through your data. Doesn’t sound too fun, does it? But don’t sweat, here’s what we can do. First, let’s ditch those default passwords. They’re like a welcome mat for hackers. Choose a strong, unique password for each device. And don’t forget to keep their software updated. It’s like giving these devices their own personal body armor against cyber attacks. Lastly, if there’s any device you’re not using, disconnect it. No point leaving an unused door open, right? With these steps, you’re not just connecting devices to your network, you’re making sure they’re secure. Let’s turn those potential entry points into dead ends for any would-be intruders.

5. Establish a Virtual Private Network (VPN)

Let’s talk about VPNs, or Virtual Private Networks. Picture this: You’re in a crowded coffee shop, and you’re trying to send a top-secret message to a colleague. You wouldn’t just shout it across the room, right? You’d want to pass a secure note. That’s basically what a VPN does. It creates a secure tunnel for your data to travel through, keeping it safe and confidential. This is super useful, especially if you have folks in your team who log in remotely. It’s like giving them a secret passageway into your network, away from prying eyes. So, start implementing a VPN, and let’s keep that data undercover, because in this coffee shop we call the internet, there are way too many eavesdroppers.

6. Implement Two-Factor Authentication (2FA)

Alright, next up on our security strategy hit list is two-factor authentication, or 2FA. Imagine your network is a high-tech vault. Would you secure it with just one lock? Probably not. You’d want a couple of layers of security in place. That’s what 2FA is all about. It’s a double-check, a second confirmation that it’s really you trying to access your network. Maybe it’s a code sent to your phone, or it could be your fingerprint. It’s like a secret handshake for your network. Not only does it make unauthorized access a whole lot harder, but it also alerts you if someone’s trying to break in. After all, if you get a text with a 2FA code and you’re not trying to log in, that’s a clear red flag that something’s fishy. So, roll out that 2FA. It’s a simple move that can make a big difference in keeping your network secure.

7. Regularly Monitor and Audit Your Network

Okay, let’s liken your network to a bustling city. You wouldn’t just rely on fences and locks to keep it safe, right? You’d need a dedicated team watching over it, spotting anything out of the ordinary. That’s where regular monitoring and auditing come in. It’s like your network’s own surveillance team, keeping a watchful eye on every byte and packet. Maybe there’s an unexpected surge in network traffic in the middle of the night, or a device that you don’t recognize tries to connect. These could be signs of an attempted break-in. Automated monitoring tools can raise the alarm, alerting you to these unusual activities. Just like a CCTV system can catch a prowler, regular network audits can pick up on any sneaky attempts to bypass your security measures. Remember, in this city we call your network, we don’t wait for the bad guys to strike. We stay vigilant, ready to spot any suspicious activities. So, get those network audits rolling, and let’s keep our city safe, secure, and bustling with legitimate activity.

8. Enact Network Access Control

Okay, let’s envision your network like an exclusive club. Now, not just anyone should be able to stroll in, right? You need a bouncer, someone to check IDs at the door. That’s where Network Access Control (NAC) comes into play. NAC is the no-nonsense bouncer of your network, deciding who gets the VIP pass and who gets the boot. By setting some ground rules, or policies as we like to call them, you get to decide who, what, and when someone or something can access your network. Maybe you want to limit access during certain hours, or maybe you only want certain devices on the guest list. Whatever your rules, NAC makes sure they’re enforced, giving you granular control over your network’s guest list. And the best part? No awkward confrontations at the door. So, start setting up those policies and let your NAC system do the heavy lifting. Because in this exclusive club we call your network, only the right guests get the invite.

9. Conduct Regular Security Training

Alright, picture this. You’ve got the most advanced, foolproof security system installed in your home. But, one day, you leave the front door wide open. All those high-tech gadgets are useless if we forget the basics, right? The same goes for your network security. We can have all the encryption, firewalls, and VPNs in the world, but if your team doesn’t understand why they’re important or how to use them, we’re basically leaving the front door open to cyber threats. That’s why regular security training for your staff is absolutely crucial. We’re talking about helping them spot phishing scams, showing them why ‘password123’ is a bad idea, and reminding them about the perils of unsecured WiFi networks. Let’s make them our allies in this cyber battle. And remember, the threats keep evolving, so our training needs to evolve too. Let’s make security training a regular feature on everyone’s calendar. This way, we’re not just building stronger defenses around our network, but also nurturing a security-first mindset in our team. Because in the war against cyber threats, every single one of us is on the frontline.

10. Keep Up-to-Date with the Latest Threats

So, we’ve got this cyber realm, right? It’s a bit like the Wild West – always changing, always throwing new challenges our way. Just when we think we’ve got it figured out, a new cyber villain rides into town. But here’s the good news: you’re not alone in this showdown. There’s a whole community of cyber sheriffs out there, always on the lookout for the latest threats and trends. These folks live and breathe cybersecurity, and they’re always sharing their knowledge. So, why not tap into that? Get on those industry newsletters, join some professional forums, maybe even sit down with a cybersecurity expert now and then. It’s like forming your own posse of security gurus, always ready to give you the latest intel. By staying informed, you’re always a step ahead, ready to adapt your defenses to whatever new challenge comes your way. Remember, in this cyber Wild West, knowledge is your most powerful weapon. So, keep learning, keep adapting, and let’s keep our wireless network as secure as Fort Knox.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

What is RMM software?

In this article, we will thoroughly address RMM Software (Remote Monitoring and Management Software) and its essential role for Managed Service Providers (MSPs). We will explain the core functions of RMM, from remote monitoring to efficient management of client devices, highlighting its key advantages such as reducing labor costs and improving productivity. We will analyze the strategic integration of RMM and PSA (Professional Services Automation) to empower MSP workflows and offer a vision of the future, supported by promising statistics. We conclude by highlighting the continued importance of RMM in the technology landscape and encouraging MSPs to consider its implementation to optimize efficiency and success in the delivery of managed services.

Content:

What is RMM software?

In the past, all businesses, regardless of size, used on-premise IT infrastructures. When a problem arose, they contacted their service provider and a technical team went to the offices to solve it. However, the landscape changed completely with the development of Cloud technology. The possibility of accessing data and computing resources from anywhere was gradually reducing the dependence on centralized IT infrastructures. The definitive leap occurred with the arrival of remote work and hybrid work. Organizations that go for a flexible working framework have their systems distributed in widely diverse locations, often outside the traditional corporate network.

On the other hand, each department within the company has specific technological needs that are quickly adapting to market changes. Managing all these applications manually would be very complex, expensive and could lead to human errors that put security at risk.

It is clear that to address these challenges new tools had to emerge such as the RMM (Remote Monitoring and Management) software that allows companies to maintain effective control of all their IT assets, even in distributed environments.

How does RMM software contribute to the digital transformation of companies?

As we just mentioned, RMM software has become a key piece to ensure the transition to decentralized and dynamic infrastructure environments, without neglecting the essential aspects.

Thanks to this technology, IT professionals can remotely monitor and manage a company’s entire infrastructure monitor the performance of IoT devices connected to the network in real time, identify possible threats or anomalous activities and apply corrective measures.

Although remote management tools emerged in the 1990s, they initially had limited features and were difficult to implement.

The first RMMs offered basic supervision and were installed on each computer individually. The central system then analyzed the data and created reports or alerts on critical events.

Instead, today’s RMM software takes a more holistic approach and enables unified and comprehensive management of the company’s technology infrastructure by retrieving information from the whole IT environment rather than from each device in isolation. In addition, it supports on-premise and cloud installations.

Finally, another key contribution of RMM tools for digitization is to switch from a reactive maintenance model to a preventive maintenance model. Remote access solutions allow technical teams to proactively monitor software processes, operating systems, and network threads, and address potential issues before they become critical situations.

A key tool for MSPs

A Managed Service Provider (MSP) is a company that provides management and technology support services to other companies, from server administration, to network configuration, to cloud asset management.

As organizations grow, they store more data, and cyber threats are also on the rise. Many SMEs decide to hire the services of an MSP provider to take charge of their infrastructures, especially if they do not have an internal IT department that optimizes the security and performance of their systems.

MSPs use different technologies to distribute their services and one of the most important is RMM software, which allows them to proactively monitor their customers’ networks and equipment and solve any issues remotely without having to go to the offices in person.

According to data from the Transparency Market Research portal, the market for this type of software has not stopped growing in recent years and this growth is expected to remain constant at least until 2030, driven by the demand for MSPs.

How do RMM tools for remote monitoring work?

RMM tools work thanks to an agent that is installed on the company’s workstations, servers and devices. Once installed, it runs in the background and gathers information about the performance and security of systems.

The RMM agent continuously monitors network activity (CPU usage, memory, disk space, etc.) and if it detects any anomalies, it automatically generates a ticket with detailed information about the problem and sends it to the MSP provider. Tickets are organized in a panel according to their priority and their status can be changed once they have been solved or escalated to a higher level in the most complex cases.

In addition, RMM tools create periodic reports on the overall health of systems. These reports can be analyzed by technical teams to reinforce network stability.

How does RMM software help improve the operational efficiency of MSPs?

RMM software has a number of practical utilities that MSPs can leverage to raise the quality of their services:

  • Remote monitoring and management

    It monitors equipment performance in real time and allows to solve problems remotely without having to go physically to the place where the incident took place. This saves time and costs associated with transportation.

    Another advantage of implementing RMM tools is the possibility of hiring the best professionals regardless of their location and covering different time zones offering 24/7 support.

  • Full visibility of IT infrastructure

    Thanks to RMM software, technical teams can keep track of all their customers’ IT assets from a single dashboard. For example, they can make an inventory of all devices and cloud services that are active, or check in a single dashboard view the tickets that are open and those that are pending resolution.

  • Automating repetitive tasks

    RMM tools create automated workflows for routine tasks such as: installing/ uninstalling software, transferring files, running scripts, managing patches and updates, or backing up. This reduces the workload of IT teams and minimizes the risk of human error.

  • Increased security

    RMM agents send alerts in real time if a critical event takes place. That way, network administrators can very quickly identify security threats or problems that affect computer performance.

    Proactive monitoring is critical for MSP providers to ensure a stable and secure IT environment for their customers. In addition, it reduces the costs associated with equipment repair and data recovery.

  • Reduce downtime

    The installation of new programs, updates and corrective measures runs in the background without interfering with user activity. This makes compliance with Service Level Agreements (SLAs) easier by solving problems as soon as possible without any prolonged service interruptions.

What aspects should MSPs consider when choosing RMM software?

It is important to choose a stable, safe and easily scalable solution that meets customer needs. In addition, the chosen RMM software is ideally integrated easily with other tools for more efficient and complete management.

Let’s look at some basic requirements!

  • Easy implementation

    RMM tools should be intuitive to reduce commissioning time and costs.

  • Flexibility

    As companies grow, so does their IT infrastructure. For MSPs, a higher volume of customers means increased monitoring capacity. That’s why it’s important to choose a tool that’s flexible and scalable. That way, it will be possible to add new devices and users without technical limitations.

  • Stability

    It verifies that RMM software is stable. Some solutions provide remote access through third-party software and this can affect connection performance as each tool has its own features and data transfer speed. Therefore, it is best to select a platform that offers integrated remote access to optimize responsiveness and avoid interruptions.

  • Device compatibility

    The tool should be prepared to monitor the activity of a wide variety of devices and computer systems that support SNMP protocols. This includes, but is not limited to, servers, routers, switches, printers, IP cameras, etc.

  • Seamless integration with PSA tools

    The integration of RMM and PSA improves the workflow of MSPs.

    PSA tools automate and manage tasks related to the provision of professional services such as invoicing, ticket management, time registration, etc.

    For example, issues detected during remote monitoring can automatically generate tickets in the PSA system for technicians to review the device’s incident history and keep track.

    Time spent applying corrective action can also be automatically recorded by PSAs, allowing for more accurate billing.

  • Security

    Make sure that the RMM software you plan to purchase is properly licensed and meets security standards. It should provide features such as data encryption, multi-factor authentication, system access via VPN, or blocking inactive accounts.

  • Support

    Finally, before deciding on an RMM solution, check that the vendor offers good post-implementation support. Check the references and opinions of other customers to know the quality of the service and make sure that you are making a good investment.

Conclusion

SMBs are increasingly digitized and rely on a wide variety of software to run their day-to-day operations. As enterprises migrate their infrastructures to the cloud, MSP providers need remote access solutions to end-to-end management of their customers’ assets.

There are different RMM tools that allow you to monitor the performance of your systems in real time and perform support and maintenance actions. One of the most complete ones is Pandora FMS Command Center, a specific version of the Pandora FMS platform for monitoring MSP and which has been designed to work in IT environments with a high volume of devices. It is a secure and scalable solution that helps managed service providers reduce workload and expand their customer base.

In addition, it has a specific training plan for IT teams to get the most out of all the advanced features of the software.

Many companies that work with Pandora FMS Command Center have already managed to reduce their operating costs between 40% and 70% thanks to task automation and reduced incidents.

It’s time to increase your business productivity and offer your customers exceptional service. Contact our sales team to request a quote or answer your questions about our tool.

I studied Philology, but life circumstances led me to work in the Marketing sector as a content writer. I am passionate about the world of blogging and the opportunity to learn that comes with each new project. I invite you to follow my posts on the Pandora FMS blog to discover the technological trends that are transforming the business world.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

Creating a perfect storm using social engineering: a talk with Christopher Hadnagy

In the rapidly evolving landscape of cybersecurity, understanding the intricacies of social engineering is crucial.

Christopher Hadnagy, a renowned expert in the field, sheds light on the complexities and nuances of social engineering in an enlightening interview. His insights dive deep into the psychological roots of cyber-attacks, offering a unique perspective on how cybercriminals exploit emotions and trust.

This article breaks down key insights from the interview, giving valuable knowledge to professionals and the general public. It serves as a guide to comprehend the current state of cyber threats and prepares us for the emerging challenges in the digital world.

The interview’s highlights

  • Expert vulnerability to attacks. No one is immune, as Hadnagy’s personal encounter with a phishing scam proves the universal vulnerability to cyber-attacks.

  • Social engineering tactics. Primary social engineering methods evolve with the advent of new technologies and methods like QR code phishing and online chat scams.

  • Emotional exploitation in decision-making. ‘Amygdala hijacking,’ where intense emotions can overshadow logical thought, is a technique to elicit quick, emotion-driven decisions from victims.

  • Manipulating trust through oxytocin. It’s difficult to protect against the manipulation of trust, as oxytocin, a natural facilitator of human bonding, can be exploited by malicious actors.

  • Nonverbal cues and deception detection. To dispel nonverbal cues of deception, focus on the mismatch between words and body language and trust one’s intuition.

  • Industry-specific vulnerabilities. Heightened susceptibility of certain sectors like healthcare, banking, and utilities to social engineering, with specific challenges faced in effectively training staff in these areas.

  • Future trends and AI in cyber-attacks. AI in cyber-attacks will get more sophisticated, making it necessary for advanced defensive strategies.

Key insight #1: social engineering is getting at you at the right time and context, not an intelligence issue.

NordLayer: How can even experts in social engineering become victims of cyber-attacks?

Christopher Hadnagy: Despite being an expert, the story of falling victim to a phishing attack stresses the human element in cybersecurity.

Social engineering targets our emotional responses, not our intelligence or lack of it. If an attacker aligns their approach with something personal and emotionally significant—and times it perfectly—anyone can fall victim.

Quote 1My experience with the Amazon phishing attack is a classic example. I’ve placed an order on Amazon and was about to rush through the door for the airport with luggage in my hands. This was the time when the phishing email dropped into my inbox, saying something went wrong with the payment card.

The combination of being rushed, emotionally charged, and the contextually relevant pretext made me susceptible at that moment.

Key insight #2: phishing attacks are the most common reason behind breaches, and they evolve constantly.

NordLayer: What are the most common social engineering tricks used to gain access?

Christopher Hadnagy: The landscape of social engineering is diverse and continually evolving.

The primary categories include phishing emails. Everyone’s heard about them, but they are still the number one threat when it comes to breaches.

Then there’s voice phishing (vishing) and SMS phishing (smishing). Smishing became prolific after major telecommunications providers in the U.S. were breached, and all phone numbers were out there. Hence, I receive 10-12 weird text messages every day.

Impersonation is becoming a growing problem as there are two different attack types. One can be someone coming into your business as your employee or colleague. Another one is social media impersonation, also known as catphishing. We see many people making fake LinkedIn accounts and believing there’s someone they’re not.

Technological advancements have emerged in new methods like QR code phishing (wishing) and online chat phishing, especially prominent in the support chats category.

These attacks exploit the increasing amount of personal information available due to data breaches, creating more opportunities for targeted and convincing scams.

Key insight #3: a blackout of logical thinking for one minute can result in thousands of dollars lost.

NordLayer: Could you explain how threat actors use the science behind emotions like fear or urgency?

Christopher Hadnagy: Dr. Daniel Goldman coined the concept of ‘amygdala hijacking,’ where intense emotional responses overshadow our logical thinking, which is a critical tool in a social engineer’s arsenal.

Research subjects were shown something scary or sad and then asked to do math problems. They saw that the frontal cortex went completely dark, and the amygdala in the center of the limbic system was all lit up.

This neurological response diverts all processing power from the frontal cortex to the amygdala during high-stress situations, hindering critical thinking.

NordLayer: How do we make decisions that we normally wouldn’t make when these emotions are involved?

Christopher Hadnagy: Attackers exploit this by creating scenarios that evoke strong emotions like fear, anger, or urgency, leading to hasty decisions made without logical reasoning.

It only takes 30 to 60 seconds, and our brains return to normal once we’re done with the emotion. This is why scam emails never say, ‘click this link tomorrow’ because, between now and tomorrow, we will have time to think and be in the right state of emotion.

Instead, they create urgency. Giving you no time to think critically creates a perfect storm for a social engineering attack.

Key insight #4: as humans, we are trustful by nature, and safe words can save us from scams and paranoia.

NordLayer: Your TED talk mentioned oxytocin and its role in trust. How do social engineers exploit this aspect of human biology, and what can we do to protect against such manipulation?

Christopher Hadnagy: Oxytocin, known as the ‘moral molecule’, plays a vital role in building trust, a mechanism frequently exploited by social engineers. Without it, we would die off as a human race because this love hormone is a part of how we are as humans and not just a bunch of paranoid hermits.

It’s about striking a balance between being cautious and maintaining the natural human tendency to trust.

While it’s challenging to safeguard against this manipulation without becoming overly distrustful, awareness and simple protective measures like establishing a family password can be effective. Then they—your child or grandparents—don’t have to know anything about neuroscience or cybersecurity, but remember one code name and use it once necessary.

Key insight #5: a combination of nonverbal signs or simply trusting your gut can help you avoid becoming a cyber-attack victim.

NordLayer: In your book, ‘Unmasking the Social Engineer,’ you emphasize the importance of nonverbal communication in detecting social engineering attempts. What are some key indicators that someone might be attempting to manipulate or deceive us?

Christopher Hadnagy: Deception detection through nonverbal cues is complex.

There’s no definitive set of nonverbal indicators of deception Instead, we look for inconsistency between someone’s words and body language.

Your body and your brain are constantly looking for nonverbal signs. We do it all the time, unwillingly looking for little things like a head tilt or a nod—nonverbal signs to evaluate our trust in that person. Virtually via email or a phone call, it’s much harder to put someone to a nonverbal test, so look for the smallest signs and inconsistencies in speech.

Quote 5

Understanding nonverbal communication can alert us to discrepancies in a person’s intent versus their verbal communication. Moreover, trusting our intuition or ‘gut feeling’ when something feels off can be a reliable guide, especially in situations that make us feel uneasy or unsafe.

Key insight #6: the intense nature of some industries requires a full attention span to do their jobs well instead of being concerned about breaches.

NordLayer: From your experience, which industries are currently most vulnerable to social engineering attacks, and why are they particularly targeted?

Christopher Hadnagy: The medical field, banking, and utilities are particularly susceptible to social engineering attacks. The healthcare industry, for instance, struggles with cybersecurity training, often choosing inappropriate times or methods, leaving staff unprepared for social engineering tactics.

Quote 6

The integral nature of these industries, involving high-stress environments and sensitive information, makes them prime targets.

The medical field is probably one of the biggest threats out there. Doctors and nurses are doing a hard job attending to saving our lives or dealing with sicknesses—there’s no time to do cybersecurity training while a bunch of documentation and patients take all your attention.

Key insight #7: AI is to create sophisticated attacks and to be used to prevent them.

NordLayer: Looking ahead to 2024, what major trends do you foresee in the evolution of social engineering tactics, and how should organizations prepare?

Christopher Hadnagy: The future of social engineering is increasingly intertwined with advanced technologies like AI.

The use of AI in attacks is becoming more sophisticated, making them harder to detect and counteract. AI will likely be used in phishing emails, voice cloning for scams, and deepfakes.

The increasing brazenness and callousness of attackers, targeting even the most vulnerable, is a disturbing trend.

However, there’s hope for increased education on social engineering and the development of AI-based defensive tools. It’s crucial for organizations to invest in both technology and training to stay ahead in this evolving threat landscape.

Thank you.

Christopher Hadnagy, CEO & the founder and CEO of Social-Engineer. Chris has over 16 years of experience as a practitioner and researcher in the security field. His education and awareness efforts have helped expose social engineering as a top threat to security today. 

Chris established the world’s first social engineering penetration testing framework and the first hands-on social engineering training course and certification, Advanced Practical Social Engineering, attended by law enforcement, military, and private sector professionals.

Chris is also the best-selling author of three books: Social Engineering: The Art of Human Hacking, Unmasking the Social Engineer: The Human Element of Security, and Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails.

How NordLayer can help

Awareness is the first step in preventing cyber-attacks. Training, education, and constant reminders significantly help organizations minimize the risks. However, being human is in our nature. Additional tools like NordLayer as a threat prevention measure can help automate some processes to save time, maintain our focus, and create additional barriers for malicious attackers to stumble upon.

Genetic data leak, 23andMe point to credential stuffing

Hackers are selling genetic data stolen from users of the company 23andMe. The company itself says they weren’t breached, although their users’ data was used by what seems to be a single threat actor stealing personal details and genetic data. This data was then published or advertised online. 23andMe suggested that the threat actor(s) gained unauthorized access with “recycled login credentials”, a technique known as credential stuffing.

The logic is simple: Keep trying stolen username/password combinations, and eventually, they’ll work on another site. An easy solution to credential stuffing attacks? You guessed it: Multi-factor authentication (MFA). While 23andMe has offered an MFA feature since 2019, it was not made mandatory for users. With genetic and personal data at stake and up to 7 million users affected by these recent breaches, it might be time for a change in policy.

The Bleach Breach: Clorox revenue and supply chain hit

Clorox, the household cleaning giant, predicts a more than 20% drop in quarterly sales due to a cyberattack (thought to be ransomware) that caused product shortages and operational disruptions. Manufacturing, often kept running by legacy systems and sprawling workforces, suffers more cyberattacks than any other industry.

The Clorox incident is being linked to the same group responsible for the MGM and Caesars Palace hacks, discussed in our previous episode, which occurred around the same time in August 2023. “Scattered Spider” is notorious for using social engineering methods to gain access to internal systems. The Clorox Company’s share price has dropped by over 7 percent in the last month.

Wearable AI: Trendy or just trending?

Tech companies are rushing to secure the lead in wearable AI products. Meta has collaborated with Ray-Ban on a pair of high-tech glasses, enabling wearers to live stream directly from the glasses to Facebook or Instagram and voice activate Meta AI, “an advanced conversational assistant”. Jony Ive, Apple’s legendary former design lead, and OpenAI are reportedly teaming up to design the “iPhone of AI”.

Rewind.ai unveiled a neck-worn pendant that records conversations to your smartphone and creates a searchable database of life moments. Humane, imagining “a world where you can take AI everywhere”, have developed a smart device that resembles a badge or lapel pin.

The common goal here seems to be for technology to rely less on screens, to fade from view, and become all but invisible.

Stay tuned for the next episode of Cyberview.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

23.11.3 ‘Saturn’ released

Changes compared to 23.11.2

Bug Fixes

  • Fixed an issue with listing Sharepoint sites that can occasionally overload a SharePoint server
  • Fixed an issue with the Comet Server web interface Server menu / navigation section being absent immediately following login when the Software Build Role is disabled
  • Fixed an issue with symlinks failing to restore correctly from Disk Image backups, causing the restore job to fail
  • Fixed an issue with relative symlinks being restored as links into the Comet Backup desktop app’s installation directory
  • Fixed an issue with VMware backup attempting to back up PSF files. PSF files for vSphere Replication will now be ignored
  • Fixed an issue with VMware backup where quiesce snapshots create two files instead of one
  • Fixed an issue with VMware backup when a virtual machine directory is located more than a level deep from the datastore root
  • Fixed an issue with an incorrect check of allocated areas during VMware vSphere backup
  • Fixed an issue with the policy option “Always require password to open the application interface” not working when enabled

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Comet
We are a team of dedicated professionals committed to developing reliable and secure backup solutions for MSP’s, Businesses and IT professionals. With over 10 years of experience in the industry, we understand the importance of having a reliable backup solution in place to protect your valuable data. That’s why we’ve developed a comprehensive suite of backup solutions that are easy to use, scalable and highly secure.

23.12.3 ‘Voyager’ released

Changes compared to 23.12.2

Enhancements

  • Added a new log message when temporary files are in use during either Backup or Restore jobs

Bug Fixes

  • Fixed an issue causing search filters to incorrectly show as [object Object] instead of a searchable parameter in the Comet Server web interface
  • Fixed an issue preventing retention passes from finishing when deleting versioned objects from a S3 storage vault with Object Lock enabled
  • Fixed an issue with the policy option “Always require password to open the application interface” not being applied correctly
  • Fixed an issue causing restores to crash if the restore failed to enter a directory (e.g. due to a permissions error preventing it from being created)
  • Fixed an issue causing tenant admins to be logged out when viewing certain pages in the Comet Server web interface
  • Fixed an issue causing Microsoft Office 365 backups to fail when receiving an unexpected orientation response from the Graph API
  • Fixed an issue with certain system directories being incorrectly reported as 0-byte files when selecting files and folders for a granular restore from Hyper-V, Disk Image, and VMware Protected items

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Comet
We are a team of dedicated professionals committed to developing reliable and secure backup solutions for MSP’s, Businesses and IT professionals. With over 10 years of experience in the industry, we understand the importance of having a reliable backup solution in place to protect your valuable data. That’s why we’ve developed a comprehensive suite of backup solutions that are easy to use, scalable and highly secure.

Richard Štefíček Is the New Chief Sales Officer of GREYCORTEX

January 10, 2024, Brno – GREYCORTEX, a leading Czech manufacturer of a cybersecurity network detection and response solution, strengthens its sales team. The new chief sales officer, Richard Štefíček, replaces Pavel Malíř Chmelař, who will continue to focus on the development of new markets.

Richard Štefíček (LinkedIn) started his career after graduating from Brno University of Technology as a sales manager at TR instruments. Subsequently, he gained business experience during more than 10 years at Flowmon Networks, where he worked his way up to the position of channel manager for Central and Eastern Europe.

Štefíček adds: I am thrilled to contribute to the further growth and development of GREYCORTEX as sales director. I believe that my experience and knowledge will bring new opportunities and help us to take GREYCORTEX even further. My main priority will always be the satisfaction of our customers and building strong partnerships.”

The previous CSO, Pavel Malíř Chmelař (LinkedIn), who has been with the company since its founding in 2016, will use his extensive product knowledge and experience in building the Czech and Polish channels to develop new markets and enable the company’s partner channel.

With the arrival of Richard Štefíček in the role of CSO, GREYCORTEX is clearly demonstrating its intention to grow and strengthen its position on the market. Together with all our colleagues, we look forward to the next era of business growth under his leadership,” concludes Petr Chaloupka, CEO of GREYCORTEX.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.

Joop Solutions and SafeDNS at the Heart of 24 Endurance México

In the world of motorsports, every second counts. Similarly, when it comes to providing seamless and reliable connectivity at events like 24 Endurance México, which took place from December 11 to 13, 2023. The season-closing event witnessed an extraordinary display of not just racing prowess but also technological innovation, and Joop Solutions met the challenge by delivering a Wi-Fi connection at its best.

Joop Solutions took a leading role in ensuring that 24 Endurance México is not only a thrilling spectacle on the race track but also a perfect digital experience for visitors, sponsors, and participants. With a robust network infrastructure, Joop Solutions provided a total of 12 access points, serving 1,395 unique Wi-Fi and wired client devices.

With a response time of 23 milliseconds, users experienced high connection speed, which contributed to the overall success of the event. Total data usage reached 775.64 GB, demonstrating high demand for a reliable and high-performance network.

Safe and Secure Connection with SafeDNS

By implementing the SafeDNS web filtering solution, the connection not only remained robust but also provided a layer of protection against potential threats. The use of SafeDNS enhanced the security of the network and contributed to optimizing traffic, ensuring a consistently high connection speed.

For almost 6 years, SafeDNS has proudly partnered with Joop Solutions, offering unparalleled support and services. Together, we have successfully delivered secure and high-speed Wi-Fi connection to a multitude of large-scale events across Mexico, including fairs like BAZAR HOTBOOK and races such as 24 Endurance.If you are a Wi-Fi provider seeking to enhance your services, don’t hesitate to reach out. Let us empower you to provide the best possible experience for your clients!

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SafeDNS
SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence. Moreover, we strive to create the next generation of safer and more affordable web filtering products. Endlessly working to improve our users’ online protection, SafeDNS has also launched an innovative system powered by continuous machine learning and user behavior analytics to detect botnets and malicious websites.

Finding Ivanti Connect Secure and Policy Secure Gateways with runZero

Today, January 10th, 2024, Ivanti disclosed two serious vulnerabilities in the Ivanti Connect Secure and Ivanti Policy Secure products.

The first issue, CVE-2023-46805, allows attackers to bypass authentication controls to access restricted resources without authentication. This vulnerability has a CVSS score of 8.2 out of 10, indicating a high degree of impact.

The second issue, CVE-2024-21887, allows attackers to inject arbitrary commands to be executed on the affected device. Attackers must be authenticated to exploit this vulnerability, but attackers may be able to use the authentication bypass vulnerability above to achieve this. This vulnerability has a CVSS score of 9.1 out of 10, indicating a critical vulnerability.

The vendor reports that there are indications that these vulnerabilities have been exploited in the wild.

What is the impact? #

Upon successful exploitation of these vulnerabilities, attackers can execute arbitrary commands on the vulnerable system. This includes the creation of new users, installation of additional modules or code, and, in general, system compromise.

Are updates or workarounds available? #

Ivanti has released an update to mitigate this issue. Users are urged to update as quickly as possible.

How do I find potentially vulnerable Ivanti devices with runZero? #

From the Services Inventory, use the following query to locate assets running the vulnerable products in your network that expose a web interface and which may need remediation or mitigation:

_asset.protocol:http AND protocol:http AND http.body:"welcome.cgi?p=logo"

Additional fingerprinting research is ongoing, and additional queries will be published as soon as possible.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.