Skip to content

A roadmap for MSP success in 2023

One of the areas where businesses prefer going the MSP route is digital security. According to the 2022 ESET SMB Sentiment Survey , businesses prefer having an MSP take care of their security, or at least part of it. Furthermore, one third of SMBs are already using enterprise-grade solutions, such as XDR, EDR and MDR services, and another third are planning to start using them in the next year.

Recently, ESET conducted an SMB survey in Europe and North  America which clearly showed that some of the security sentiment driving SMBs to opt out of on-site security solutions is a lack of employee cyber awareness, the threat of nation state attacks, coping with the hybrid working model, as well as Remote Desktop Protocol (RDP) threats. Data breaches also tend to be caused by improper deployment of solutions and product vulnerabilities. And so most SMBs want cyber help, preferably by outsourcing their cybersecurity to experts.

Watch ESET´s VP Michal Jankech, together with Larry Walsh, CEO of Channelnomics, on BrightTALK talking  about the challenges facing SMBs and how MSPs can give them solutions for their exact needs. Watch the full webinar by clicking this link

Larry Walsh, CEO of Channelnomics says, there are three things MSPs need to focus on in order to cater to their SMB customers. The main and most important one being, user experience. Customers want an experienced service provider as well as a good solution. They are willing to pay more to get the experience, which ultimately grows the MSPs’ revenue. The first time a customer looks for a solution they make a choice based on price, however renewal is often based on experience.

The second thing is marketing and communications, which for an average MSP tends to be weak. End users want more than just features, they want to be informed, they want to understand and feel connected to their MSP.

Last, but not least, is conservation and optimization. The coming year will be hard for most businesses, MSPs included. They, just like any other business, need to think about their budget and spending, optimize processes and reduce complexity, and then translate all of that into customer experience.

How does ESET support your business?

The ESET MSP Program focuses on balance, giving you the ultimate care-free experience in cybersecurity. It provides flexibility, a unified ecosystem, automation and integration. We deliver state of the art MSP solutions that can help your optimization through a combination of our long-standing use of machine learning and AI based technologies, cloud reputation system, ESET LiveGrid, and the human expertise offered by our tightly knit community of digital security leaders. Further optimization comes from a low system footprint our solutions leave on your business, allowing for more energy efficiency. All of this powers the world’s most formidable multi-layered, cyber threat prevention, detection and response platform – ESET PROTECT.  

ESET PRTOECT includes a sophisticated XDR module called ESET Inspect. ESET Inspect brings enterprise-grade security and risk management capabilities, including advanced threat hunting, incident response, full network visibility, and more. It helps to identify security breaches, and conduct forensic investigation including root-cause analysis. It also enables the ESET PROTECT platform to give the user full visibility over the response. This will increase your and your customers’ protection and will enable you to deliver MDR-like services.

“We are fully committed to protecting our customers, the customers of our MSP Partners and the progress that our technology enables for them. Because we don’t compromise efficiency on behalf of quality, our solution is really uniquely balanced and I mean a balance between its prevention, detection and response, or in other words – XDR, responsibilities. All elements must be done equally well to offer true protection,” said Michal Jankech, vice president of the SMB & MSP segment.

For more information watch our full webinar on BrightTalk here.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

ESET Research discovers StrongPity APT group’s espionage campaign targeting Android users with trojanized Telegram app

  • ESET researchers identified an active StrongPity campaign distributing a fully functional but trojanized version of the legitimate Telegram app.
  • This is the first time that the described modules and their functionality have been documented publicly.
  • StrongPity’s backdoor is modular and has various spying features, such as recording phone calls, collecting SMS messages, collecting lists of call logs and contact lists, and much more.
  • If the victim grants the malicious StrongPity app notification access and accessibility services, the malware is able to exfiltrate communication from messaging apps such as Viber, Skype, Gmail, Messenger, and Tinder.
  • A copycat website mimicking Shagle, an adult video-chat service, is used to distribute StrongPity’s mobile backdoor app.
  • The app is a modified version of the open-source Telegram app, repackaged with StrongPity backdoor code.
  • Based on similarities with previous StrongPity backdoor code and the app being signed with a certificate from an earlier StrongPity campaign, we attribute this threat to the StrongPity APT group.

BRATISLAVA, KOŠICE— January 10, 2023 — ESET researchers identified an active StrongPity APT group campaign leveraging a fully functional but trojanized version of the legitimate Telegram app, which despite being non-existent, has been repackaged as „the“ Shagle app. This StrongPity backdoor has various spying features: its 11 dynamically triggered modules are responsible for recording phone calls, collecting SMS messages, collecting lists of call logs, and contact lists, and much more. These modules are being documented publicly for the very first time. If the victim grants the malicious StrongPity app notification access and accessibility services, the app will also have access to incoming notifications from 17 apps such as Viber, Skype, Gmail, Messenger, and Tinder, and will be able to exfiltrate chat communication from other apps. The campaign is likely very narrowly targeted, since ESET telemetry still hasn’t identify any victims.

Unlike the entirely web-based, genuine Shagle site, which doesn’t offer an official mobile app to access its services, the copycat site only provides an Android app to download, with no web-based streaming possible. This trojanized Telegram app has never been made available from the Google Play store.

The malicious code, its functionality, class names, and the certificate used to sign the APK file, are the identical to the previous campaign; thus ESET believes with high confidence that this operation belongs to the StrongPity group. Code analysis revealed that the backdoor is modular and additional binary modules are downloaded from the C&C server. This means that the number and type of modules used can be changed at any time to fit the campaign requests when operated by the StrongPity group.

“During our research, the analyzed version of malware available from the copycat website was not active anymore and it was no longer possible to successfully install and trigger its backdoor functionality. This is because StrongPity hasn’t obtained its own API ID for its trojanized Telegram app. But that might change at any time should the threat actor decide to update the malicious app,” says Lukáš Štefanko, the ESET researcher who analyzed the trojanized Telegram app.

The repackaged version of Telegram uses the same package name as the legitimate Telegram app. Package names are supposed to be unique IDs for each Android app and must be unique on any given device. This means that if the official Telegram app is already installed on the device of a potential victim, then this backdoored version can’t be installed. “This might mean one of two things – either the threat actor first communicates with potential victims and pushes them to uninstall Telegram from their devices if it is installed, or the campaign focuses on countries where Telegram usage is rare for communication,” adds Štefanko.

StrongPity’s app should have worked just as the official version does for communication, using standard APIs that are well documented on the Telegram website, but it no longer does. Compared to the first StrongPity malware discovered for mobile, this StrongPity backdoor has extended spying features, being able to spy on incoming notifications and exfiltrate chat communication, if the victim grants the app notification access and activates accessibility services.

For more technical information about the latest StrongPity app, check out the blogpost “StrongPity espionage campaign targeting Android users” on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.


Comparing the legitimate website on the left and the copycat on the right

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Why adding “End of Life” to your cybersecurity vocabulary is a good idea



Life seems to be moving at a blazingly fast  pace. As so does technology. Maybe even more so. Meaning, it is no wonder we sometimes feel overwhelmed and questioning whether we can keep up. Yes, it is hard to keep up with new technological advances and the threats accompanying them. But the fact is that because technology is moving so fast, that is exactly the reason to stay on top of the latest cybersecurity knowledge and solutions.

The saying “New is always better” is clearly not always true, but when it comes to securing our devices, there is some truth to it. We trust what we know, and with technology changing rapidly, we may prefer to keep on using outdated, but trusted, products. But there are a few things to consider, especially in the field of digital security. There are malicious threats we need protection from that are testing and honing exploitation techniques against software product – especially older versions.
Upgrading to new software can be a difficult decision, especially when a business has invested heavily in a particular product or funds are scarce to ensure continuity after an upgrade. Some businesses may not want to update at all. Yet sometimes the manufacturer or software provider can press the issue by bringing products to their end of life. End of Life. Also known as a product sunset, this date is a communicated conclusion to the manufacturer’s support for a product (or service) and is generally preceded by a period of limited support. In basic terms, this means that change is afoot.

What is EOL?
End of Life is a policy change, applying to platforms or products, that has reached the end of its useful life. This decision is made by the manufacturer and typically occurs many years after the software’s or hardware’s production.

EOL policies evolve with the aim of reducing the number of older product versions that demand constant attention and maintenance. Why do providers do this? To focus time and resources on newer products so that they get the attention they need to protect our customers against new arising threats. Progress cannot be stopped, but attempts are constantly made via new threats to interrupt our journey forward. ESET is here to protect progress, so instead of resisting this momentum, we should ensure we not only appreciate the new technology but also the new threats. The newer the product, the better it is adapted to protect in the current threat environment. This will allow for better protection and make for a smoother experience for our business customers.

It is very important, and we strongly advise our users, to always run the latest version of ESET products. Users should also ensure that other critical software, especially your device’s Operating System (OS), is up to date and fully supported. The status of your OS is very important as it can have many implications to core functions and security too. For example, there have recently been changes to Window´s End of Life policy. To read more click on this link.

The upgrade to the latest ESET product versions has always been at “no cost,” and that is still the case to this day; the fact that access to new product versions is included in the price of your valid license remains unchanged. In this way, updates allow users to employ the most advanced security technologies that are high performing and easy to use, all of which help make our products more effective for you. To check ESET´s End of Life policy click this link.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

‘Tis the season not to get smished!

 

We all hope to have some peace and quiet during the holiday season, not just in the physical world, but also in the digital one. But we got used to using our devices for ordering presents online, communicating with family through video chat, and looking for good deals online. And those are exactly the snippets of your time, that cybercriminals take advantage of. 

It´s no wonder there is a surge of holiday-themed SMS phishing or smishing. According to Proofpoint research, instances of smishing doubled in 2021 in comparison to 2020 during the holiday season. Most of the texts sent during this time are related to delivery or retail messaging. Cybercriminals pray on Black Friday, Cyber Monday and other retail-important events, but also deliveries post purchase. But why exactly do they choose SMS as their threat vector?

Text messages are easier than email, since they can be short, and what´s more, text messages have a 98% open rate, and 95% of texts are opened and responded to within the first three minutes of its delivery. And what is even more, the chance of a person being cautious with a text compared to an email is much lower. The click through rate for text messages is eight times higher than email, and yet less than 35% of the population knows smishing exists.

These text messages claim to be good deals, or delivery information for a non-existent package. And since many people order not just one package from just one online store, they don’t always give it much thought as to what this particular item might be. These smishing texts contain a click-through link to a landing page attempting to steal your personal information.

So what exactly would a smishing message look like?

There are certainly some characteristics to look out for.

  • Unfamiliar sender – this may be an unknown or strange-looking number
  • Urgency – just like traditional email phishing campaigns, smishing messages urge you to act quick, or your package will be returned to sender, or the offer deal is about to end
  • Links – links to landing pages and sites where you are expected to enter your personal information
  • Requests – they may often request you to provide personal or financial details

How not to become a smishing victim?

First of all, think twice before clicking on any links and requests, is a great rule of thumb for your cybersecurity in general. But more specifically, when receiving an unknown or suspicious text message, do not click on any links, reply to the message or provide any personal information. Instead, either ignore or completely delete the message. And if you are still not sure if the message is real or not, search for the organization, government body or e-store online, contact them, and assure yourself of the legitimacy of said message

Best cybersecurity gift

To make your life easier, and this season more peaceful, give yourself the gift of cybersecurity and opt for a good mobile security solution. ESET Mobile Security aims to provide a safe environment for you to enjoy time with loved ones without worrying about your digital safety.

The solution aims to protect and secure your device from criminal activity using manipulation of users, known as social engineering, into gaining access to sensitive data such as bank account credentials, card numbers, PIN numbers, usernames and passwords.

The anti-phishing protection feature is now bolstered by a new Anti-smishing feature. This defends and warns the user against any messages containing malicious links after delivery, making sure you are protected even before opening the message and any links the message might contain.

We recommend you turn this feature on from its default off state, to ensure you are fully protected, especially during quality time with loved ones. All malicious websites, listed in our ESET malware database, will be blocked and a warning notification will be displayed informing you of the attempted attack.

ESET Mobile Security makes your Android phones and devices easy to find and harder to steal, as well as helping to protect your valuable data. ESET is already trusted by millions of users around the world to keep their data safe. ESET helps protect the Google Play store and is trusted by millions of users like you around the world, and is dedicated to the online safety and education of children and their parents. Click here to find out more.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Iran-aligned Agrius group deploys new wiper through supply-chain attack in diamond industry, ESET Research discovers

  • Agrius conducted a supply-chain attack abusing an Israeli software suite used in the diamond industry.
  • Agrius is a newer Iran-aligned APT group solely focused on destructive operations.
  • The group then deployed a new wiper we named Fantasy. Most of its code base comes from Apostle, Agrius’s previous wiper.  
  • Along with Fantasy, Agrius also deployed a new lateral movement and Fantasy execution tool that we have named Sandals.
  • Victims include Israeli HR firms, IT consulting companies, and a diamond wholesaler; a South African organization working in the diamond industry; and a jeweler in Hong Kong.

BRATISLAVA, MONTREAL — December 7, 2022 — ESET researchers discovered a new wiper and its execution tool, both attributed to the Iran-aligned Agrius APT group. The malware operators conducted a supply-chain attack abusing an Israeli software developer to deploy their new wiper, Fantasy, and a new lateral movement and Fantasy execution tool, Sandals. The abused Israeli software suite is used in the diamond industry, and in February 2022, Agrius began targeting an Israeli HR firm, a diamond wholesaler, and an IT consulting firm. The group is known for its destructive activities. Victims were observed in South Africa and Hong Kong as well.

“The campaign lasted less than three hours, and within that timeframe, ESET customers were already protected with detections identifying Fantasy as a wiper and blocking its execution. We observed the software developer pushing out clean updates within a matter of hours of the attack,” says Adam Burgher, ESET Senior Threat Intelligence Analyst. ESET contacted the software developer to notify them about a potential compromise, but the inquiries went unanswered.

“On February 20, 2022, at an organization in the diamond industry in South Africa, Agrius deployed credential harvesting tools, probably in preparation for this campaign. Then, on March 12, 2022, Agrius launched the wiping attack by deploying Fantasy and Sandals, first to the victim in South Africa, then to victims in Israel, and lastly to a victim in Hong Kong,” elaborates Burgher.

Fantasy wiper either wipes all files on disk or wipes all files with extensions on a list of 682 extensions, including filename extensions for Microsoft 365 applications such as Microsoft Word, Microsoft PowerPoint, and Microsoft Excel, and for common video, audio, and image file formats. Even though the malware takes steps to make recovery and forensic analysis more difficult, it is likely that recovery of the Windows operating system drive is possible. Victims were observed to be back up and running within a matter of hours.

Agrius is a newer Iran-aligned group targeting victims in Israel and the United Arab Emirates since 2020. The group initially deployed a wiper, Apostle, disguised as ransomware, but later modified Apostle into fully fledged ransomware. Agrius exploits known vulnerabilities in internet-facing applications to install webshells, then conducts internal reconnaissance before moving laterally and then deploying its malicious payloads.

Since its discovery in 2021, Agrius has focused solely on destructive operations. Fantasy is similar in many respects to the previous Agrius wiper, Apostle. However, Fantasy makes no effort to disguise itself as ransomware. There are only a few small tweaks between many of the original functions in Apostle and the Fantasy implementation.

For more technical information about Agrius’s Fantasy wiper, check out the blogpost “Fantasy – a new Agrius wiper deployed through a supply-chain attack” on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Chinese-speaking MirrorFace targeted a Japanese political party with espionage and credential-stealing malware ahead of elections, ESET Research uncovers

  • At the end of June 2022, MirrorFace launched Operation LiberalFace, which targeted Japanese political entities.
  • Spearphishing email messages containing the group’s flagship backdoor LODEINFO were sent to the targets.
  • LODEINFO was used to deliver additional malware, exfiltrate the victims’ credentials, and steal the victims’ documents and emails.
  • A previously undescribed credential stealer we have named MirrorStealer was used in Operation LiberalFace.
  • MirrorFace is a Chinese-speaking APT group targeting companies and organizations based in Japan.

  BRATISLAVA, BRNO — December 14, 2022 — ESET researchers discovered a spearphishing campaign, launched in the weeks leading up to the Japanese House of Councillors elections in July 2022, by the APT group that ESET Research tracks as MirrorFace. The investigation into the campaign, which ESET Research has named Operation LiberalFace and which targeted Japanese political entities, revealed that the members of a specific Japanese political party were of particular focus in this campaign. The spearphishing email messages contained the group’s flagship backdoor LODEINFO, which was used to deliver additional malware, exfiltrate the victims’ credentials, and steal the victims’ documents and emails. MirrorFace is a Chinese-speaking threat actor with targets based in Japan.

Purporting to be a Japanese political party’s PR department, MirrorFace asked the email recipients to distribute the attached videos on their own social media profiles to further strengthen the party’s PR and to secure victory in the House of Councillors. Furthermore, the email provides clear instructions on the videos’ publication strategy. The email was purportedly sent on behalf of a prominent politician. All spearphishing messages contained a malicious attachment that upon execution deployed LODEINFO on the compromised machine. MirrorFace started the attack on June 29, 2022, ahead of the Japanese elections in July. LODEINFO is a MirrorFace backdoor that is under continual development. Its functionality includes capturing screenshots, keylogging, killing processes, exfiltrating files, executing additional files, and encrypting defined files and folders. The attack used a previously undocumented credential stealer that ESET Research has named MirrorStealer. It is able to steal credentials from various applications, such as browsers and email clients. “During the Operation LiberalFace investigation, we managed to uncover further MirrorFace tactics, techniques, and procedures, such as the deployment and utilization of additional malware and tools to collect and exfiltrate valuable data from victims. Moreover, our investigation revealed that the MirrorFace operators are somewhat careless, leaving traces and making various mistakes,” says ESET researcher Dominik Breitenbacher, who discovered the campaign. MirrorFace is a Chinese-speaking threat actor targeting companies and organizations based in Japan. While there is some speculation that this threat actor might be related to APT10, ESET is unable to link it with any known APT group. Therefore, ESET is tracking it as a separate entity named MirrorFace. In particular, MirrorFace and LODEINFO, its proprietary malware used exclusively against targets in Japan, have been reported as targeting media, defense-related companies, think tanks, diplomatic organizations, and academic institutions. The goal of MirrorFace is espionage and exfiltration of files of interest. For more technical information about Operation LiberalFace by the MirrorFace APT group, check out the blog post “Unmasking MirrorFace: Operation LiberalFace targeting Japanese political entities” on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

A Floor, not a Ceiling: ESET welcomes the approval of NIS2

ESET welcomes the decision of EU legislators to adopt the second Network and Information Security Directive (NIS2) aimed at strengthening cyber resilience across the Union. The new legislation comes as a response to the growing dependency of critical sectors on digitalization and their higher exposure to cyber threats.

The directive now approved replaces the NIS directive introduced in 2016 as the first-ever EU-wide legislation on cybersecurity. NIS2 introduces a broader scope of action, impacting more entities in “high criticality” sectors, both the public and private sectors, such as energy, transport, banking, water and waste water, among other critical infrastructure. Whilst new obligations are brought in for those in other “critical” sectors such as manufacturing, food, chemicals, waste management, postal and courier services.

Enterprises classed as “High Criticality” will be required to take both technical and operational measures to comply with NIS2, including incident response, supply chain security, encryption and vulnerability disclosure, adequate risk analysis, testing and auditing of cybersecurity strategies, and crisis management planning in view to ensure business continuity. In case of a cyber incident, these entities will also be required to submit an initial notification within 24 hours and more detailed information within 72 hours. NIS2 also introduces fines for failure to comply, including suspension of certification and personal liability to managerial positions, in line with national laws.

Finally, the directive establishes the European Cyber Crises Liaison Organization Network, EU-CyCLONe, to enable cooperation between national agencies and authorities in charge of cybersecurity, and each Member State will also be required to clearly identify a single point of contact to report cyber incidents.

Are SMEs also obliged to comply?

NIS2 establishes “the application of the size-cap rule, whereby all medium and large enterprises, as defined by Commission Recommendation 2003/361/EC, that operate within the sectors or provide the type of services covered by this Directive, fall within its scope”. While it excludes Small and Micro enterprises from having to comply with the new rules, some exceptions apply for example for SMEs in the sectors of electronic communications networks or of publicly available electronic communications services, trust service providers or top-level domain name (TLD) name registries.

Small and medium-sized enterprises are increasingly becoming the target of supply chain attacks due to limited security resources. Such supply chain attacks can have a cascading effect on entities to which they provide supplies. Member States should, through their national cybersecurity strategies, help small and medium-sized enterprises to address the challenges faced in their supply chains. Member States should have a point of contact for small and medium-sized enterprises at national or regional level, which either provides guidance and assistance to small and medium-sized enterprises or directs them to the appropriate bodies for guidance and assistance with regard to cybersecurity related issues.

In March last year, the European DIGITAL SME Alliance, EU’s largest SME network in the field of ICT, published its position paper to the consultation on the proposal for NIS2, welcoming the new directive, but also alerting for the indirect impact of NIS2 on SMEs.

In conversation with ESET, James Philpot, Project Manager at DIGITAL SME, notes that the first step SMEs should be taking to “understand specific needs to boost their cybersecurity practices” is looking at their “national cybersecurity center and ENISA’s guides and recommendations”. However, “it might be easier or harder” to get the right information as “different Member States provide different resources”. Nonetheless, NIS2 “mandates that States should provide support and resources” mainly when it comes to getting a detailed understanding of the scope of this legislation “and whether their customers will be subject to it”, which will “help plan ahead”.

Turning challenges into opportunities.

“Downstream suppliers are likely to be the most disrupted”, and it can be challenging for some companies to have the needed technical capabilities but mainly to understand “reporting requirements and how NIS2 interplays with other legislation”, explained Philpot.

“But in a more general sense, we have to be positive about it”, and “efforts to improve the level of cybersecurity in European businesses are generally welcomed”. The only caveat, alerts Philpot, is the level of “implementation and support, and how that is managed, that will ultimately be the difference between the legislation helping SMEs and the legislation being regulatory overburden”.

Moreover, ESET and DIGITAL SME are convinced that this new framework might be an opportunity. “Yes, it can be an opportunity, there are technical solutions available in Europe to provide the level of cybersecurity required”, but companies need to avoid “looking for the biggest name or cheapest offer, which tends to come from outside of Europe”. This is why it is so important to “link support and resources” to “leverage this legislation and to strengthen European innovation”.

SMEs can also reach out to their local CSIRTS to mitigate some of the deficiencies of other national bodies, or take advantage of resources such as the DIGITAL SME/SBS guide, the DIGITAL SME Guide on Information Security Controls or cybersecurity certificates.

Moving towards safer enterprises.
ESET’s SMB Digital Security Sentiment Report, published just last month, discovered that while 83% of SMEs believe that cyber warfare is a very real threat and 71% had moderate to high confidence in their ability to investigate the root cause of cyberattacks, 43% consider the lack of awareness of employees as the leading cause for concern, while the actual uptake of EDR (end-point detection and response) solutions, which specifically assist in this area, was only at 32%.

As Philpot also notes in the conversation with ESET, “the impacts of cyber incidents are well known” to SMEs: data leaks, considerable financial impact and loss of customer confidence. So “in a more general sense, we have to be positive” about NIS2; at the very least, this directive will play an important awareness role, even for those companies that “aren’t required to comply, they may develop greater awareness”

The NIS2 will become applicable after the EU Member States transpose the Directive into their national law: by September 2024. Nevertheless, organizations might want to be ready sooner than later, not only to be timely on the implementation process, but also to test different good practices on incident handling, control policies and reporting mythologies. Above all, NIS2 defines a minimum common level of cybersecurity in Europe, one that should be seen as the floor under our feet, not as a ceiling.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Level up your digital security defenses with ESET Endpoint Security

Our flagship solution, ESET Endpoint Security, provides powerful multilayered protection for desktops, laptops and smartphones for businesses of all sizes. It is an essential component in any modern business’ digital security toolkit.

With cyber threats continuing to rise in prominence, a single layer of defense is no longer enough. ESET Endpoint Security’s multilayered defense means it can detect malware pre-execution, during execution and post-execution to provide the highest level of protection possible. This helps businesses protect against the scourge of ransomware, block targeted attacks, prevent data breaches, and detect advanced persistent threats (APTs).

Why ESET Endpoint Security should be on your radar

In its recent Mobile Security Management (MSM) Market Radar report, respected analyst group Omdia highlighted why buyers should put ESET Endpoint Security on their radar. “The dominance of more mobile-centric work styles has increased the priority that businesses are attaching to mobile security. ESET Endpoint Security helps businesses ensure that data and access to sensitive internal networks and apps are protected across all the devices used by employees,” said Adam Holtby, Principal Analyst, Mobile Workspace at Omdia.

Omdia referred to the fact that customers value ESET’s threat detection capabilities, its light technology footprint, and the cost-effectiveness of the solution. It also highlighted that ESET Endpoint Security’s device management features enable admins to remotely carry out tasks from a single pane of glass. This includes being able to define password and screen lock policies, lock devices, prompt employees to encrypt devices, and block hardware capabilities and features such as cameras, Bluetooth, and Wi-Fi.

Protection can also be extended via ESET Cloud Mobile Device Management (Cloud MDM) which is an add-on feature native to the ESET PROTECT Cloud – an ESET SaaS delivered management console for Android and iOS. As an agent-less solution, it does not run directly on the device, saving battery and enhancing security performance. Furthermore, connection certificate management is also handled by ESET, so IT admins don’t have to worry about certificate renewals or being compliant with the latest security standards.

Reducing the attack surface

It is important that businesses of all sizes level up their digital security defenses. Although it is not possible to prevent all attacks on a network, by reducing the attack surface along with the employment of preventive measures such as speedy patching, careful system configuration, fastidious monitoring, and periodic health checks, it is possible to mitigate the effects.

ESET Endpoint Security is here to help. Its multi-tenant management console provides admins with real-time visibility of all the smartphones, servers, and desktops within the business. The most recent iteration includes a new auto-update mechanism to ensure defenses are always up to date. This helps lighten the burden on increasingly time-poor IT admins.

It also links with ESET LiveGuard Advanced to analyze suspicious files within the cloud, zero day threats and never-before-seen threat types through machine learning detection algorithms. On top of this, it boasts new functionality to help admins better defend their businesses in the remote work era thanks to Brute-Force Attack Protection blocking external IP addresses that exhibit the characteristics of an oncoming brute-force attack on remote desktop protocol (RDP) logins.

Protect the remote worker

In a move to further protect the remote worker, ESET Endpoint Security is now compatible with ARM64, the processor that dominates the mobile device market. ESET Endpoint Security protects remote workers through a new web control feature in ESET PROTECT, that allows IT admins to regulate employees’ access to suspicious websites from their mobile devices. Using built-in categories and custom rules, admins can blacklist, whitelist, or warn about URLs that lead to sites with harmful content or that can negatively impact employee productivity.

To learn more about ESET Endpoint Security and how it can support the needs of businesses looking to empower an increasingly mobile workforce, please click here.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

ESET launches psychometric test to uncover visionary thinkers across the world

BRATISLAVA, December 6th, 2022 ESET, a global leader in cybersecurity, today announces the launch of the Progress Personas psychometric test, developed in partnership with The Myers-Briggs Company, a pioneer in personality and professional development assessments. The test is designed for the curious and inquisitive, with the questionnaire allowing individuals to identify where they fit on the scale of visionary thinkers.

The Progress Personas test is designed to understand what makes people tick, innovate, and push society forward. After responding to a series of short questions, individuals will be provided with a bespoke report outlining the likely strengths and weaknesses of their forward-thinking personalities. The reports detail the specific innovative persona type they fall into, including The Changemaker, Flex Fury, Authentic Dynamo, Power Pro, Firestarter, Captain Conventional, Doctor Constant, The Chameleon, or The Inventor.

“We live in a changing world where we need to adapt and be resilient in order to progress. ESET believes that any inquiring mind has a role to play in contributing to progress that keeps the world turning,” comments Ignacio Sbampato, Chief Business Officer at ESET. “Everyone has different ways of being progress-minded. This psychometric test will highlight an individual’s forward-thinking persona and provide hints and tips to help reach their full potential. We’re excited to be partnering with a respected institution like The Myers-Briggs Company, to bring something insightful and fun to our global audience.”

“ESET places immense importance on the development of science and technology around the world. Whilst progress comes in many shapes and forms, it is important to protect it. ESET is proud to have been at the forefront of protecting progress for more than three decades,” adds Sbampato.

The psychometric test was developed in coordination with the company that publishes the famed Myers-Briggs Type Indicator® (MBTI®) assessment that reveals the differing psychological preferences in how people perceive the world and make decisions. The MBTI assessment indicates a person’s preference in four separate categories: Extraversion or Introversion, Sensing or Intuition, Thinking or Feeling, and Judging or Perceiving. The framework was developed in the 1940s by Katharine Cook Briggs and her daughter, Isabel Briggs Myers, who were inspired by Swiss psychiatrist Carl Jung’s book Psychological Types.

“The Progress Personas assessment has been developed to be a reliable measure of innovation style and resilience,” comments John Hackston, head of Thought Leadership at The Myers-Briggs Company. “By combining the scores of these two dimensions, the report gives people a unique insight into their individual style of achieving progress — their progress persona.”

The Progress Personas test follows ESET’s Heroes of Progress Awards which were announced in September, designed to shine a light on the visionary thinkers helping to make our planet a better place.

To take the free psychometric test, please visit: https://www.eset.com/int/progress-protected/heroes-of-progress/progress-persona-test/

To learn more about how ESET keeps progress protected, please visit: https://eset.version-2.sg/project-progress/

 

To learn more about The Myers-Briggs Company, please visit: https://eu.themyersbriggs.com/

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

ESET Research: North Korea-linked group launches Dolphin backdoor, steals files of interest, communicates via Google Drive

  • ESET researchers analyzed Dolphin, a previously unreported backdoor used by the ScarCruft APT group.
  • Dolphin has many spying capabilities, including monitoring drives and portable devices, exfiltrating files of interest, keylogging, taking screenshots, and stealing credentials from browsers.
  • Dolphin is deployed on selected targets only; it searches the drives of compromised systems for interesting files and exfiltrates them to Google Drive.
  • ScarCruft, also known as APT37 or Reaper, is an espionage group that has been operating since at least 2012. It primarily focuses on South Korea. ScarCruft’s interests seem to be linked to the interests of North Korea.
  • The backdoor was used as the final payload of a multistage attack in early 2021, involving a watering-hole attack on a South Korean online newspaper, an Internet Explorer exploit, and another ScarCruft backdoor named BLUELIGHT.
  • Since the initial discovery of Dolphin in April 2021, ESET researchers have observed multiple versions of the backdoor in which the threat actors improved the backdoor’s capabilities and made attempts to evade detection.
  • A notable feature of earlier Dolphin versions is the ability to modify the settings of victims’ signed-in Google and Gmail accounts to lower their security.

BRATISLAVA —  November 30, 2022 —  ESET researchers analyzed a previously unreported sophisticated backdoor used by the ScarCruft APT group. The backdoor, which ESET named Dolphin, has a wide range of spying capabilities, including monitoring drives and portable devices, exfiltrating files of interest, keylogging, taking screenshots, and stealing credentials from browsers. Its functionality is reserved for selected targets, to which the backdoor is deployed after initial compromise using less advanced malware. Dolphin abuses cloud storage services — specifically Google Drive — for Command and Control communication.

ScarCruft, also known as APT37 or Reaper, is an espionage group that has been operating since at least 2012. It primarily focuses on South Korea, but other Asian countries have also been targeted. ScarCruft seems to be interested mainly in government and military organizations, and companies in various industries linked to the interests of North Korea.

“After being deployed on selected targets, it searches the drives of compromised systems for interesting files and exfiltrates them to Google Drive. One unusual capability found in prior versions of the backdoor is the ability to modify the settings of victims’ Google and Gmail accounts to lower their security, presumably to maintain Gmail account access for the threat actors,” says ESET researcher Filip Jurčacko, who analyzed the Dolphin backdoor.

In 2021, ScarCruft conducted a watering-hole attack on a South Korean online newspaper focused on North Korea. The attack consisted of multiple components, including an Internet Explorer exploit and shellcode leading to a backdoor named BLUELIGHT.

“In the previous reports, the BLUELIGHT backdoor was described as the attack’s final payload. However, when analyzing the attack, we discovered through ESET telemetry a second, more sophisticated backdoor deployed on selected victims via this first backdoor. We named this backdoor Dolphin based on a PDB path found in the executable,” explains Jurčacko.

Since the initial discovery of Dolphin in April 2021, ESET researchers have observed multiple versions of the backdoor, in which the threat actors improved the backdoor’s capabilities and made attempts to evade detection.

While the BLUELIGHT backdoor performs basic reconnaissance and evaluation of the compromised machine after exploitation, Dolphin is more sophisticated and manually deployed only against selected victims. Both backdoors are capable of exfiltrating files from a path specified in a command, but Dolphin also actively searches drives and automatically exfiltrates files with interesting extensions.

The backdoor collects basic information about the targeted machine, including the operating system version, malware version, list of installed security products, username, and computer name. By default, Dolphin searches all fixed (HDD) and non-fixed drives (USBs), creates directory listings, and exfiltrates files by extension. Dolphin also searches portable devices, such as smartphones, via the Windows Portable Device API. The backdoor also steals credentials from browsers, and is capable of keylogging and taking screenshots. Finally, it stages this data in encrypted ZIP archives before uploading to Google Drive.

For more technical information about the latest ScarCruft APT group campaign, check out the blogpost “Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin” on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

Overview of the attack components leading to the execution of the Dolphin backdoor.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.