Skip to content

What’s New Pandora FMS 761

Let’s check out together the features and improvements related to the new Pandora FMS release: Pandora FMS 761.

What’s new in the latest Pandora FMS release, Pandora FMS 761

NEW FEATURES AND IMPROVEMENTS

New “Custom Render” Report

A new item has been included in Pandora FMS reports, Custom Render. With this report you can manage in a more customized way with SQL queries, module graphs and HTML output customization. It allows users to create fully customized reports visually, including graphs.

 

New TOP-N connections report

A new item has been included in Pandora FMS reports, TOP-N connections. With this report you will have a summary table with the total data from connections and with connections of the interval by port pairs.

New Agent/Module Report 

A new item has been included in Pandora FMS reports, Agents/modules status. With this report you will be able to have in a table the state of agents/modules with the last data and the timestamp of this last-received data.

New Agent/Module status Report

It allows users to show a list of agents/modules along with their state, filtering previously by group. 

New SLA services Report

A new item has been included in Pandora FMS reports, SLA services. With this report you will be able to see the SLA of the services that you wish to configure, combining data from different nodes in a single report.

New alert templates

If you want to use the new group, you have it available in our module library:

New Heatmap view

A new view has been added, that of Heatmap. In this view you can see all Pandora FMS information organized by groups and module or agent groups. It is a view that is permanently refreshed and that allows you to see at a glance all the monitored information.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

New Cyber Threats & Vulnerabilities Brought on by the Rise of IoT Devices

Diving into Internet of Things Statistics

An Internet of Things (IoT) device simply means a device which can communicate back and forth with a central hub, mainly via WiFi but also using technologies such as SIM cards and radio frequencies. We are living in the age of digital connectivity, if it can have an IP address then you best believe it’ll have one assigned. From Samsung’s AI-powered Family Hub Smart Fridge which tells you what recipes you can make based on the ingredients inside, to Tesla vehicles with over-the-air updates for not only the software but also actual motor components (a 2018 update on the Model 3 to adjust the anti-lock algorithm which helped with braking distance).  

Consumer technologies aren’t alone when it comes to utilizing the Internet of Everything. Industries such as healthcare have their own use case. Internet of Medical Things (IoMT) such as smart sensors for monitoring patients’ vitals are an essential piece of equipment in modern healthcare facilities.  

The statistics back this growth: there are already more active IoT devices (10 billion) than people on earth. It’s expected that there will be over 30 billion total IoT devices by 2025, with the market value projected to reach $875 billion by that time. Every second over 100 new IoT appliances connect to the public internet. It’s so widely adopted that almost a third of the US population own a smartwatch. This sharp increase in devices has a clear effect on the global volume of data being transported, the graph below shows year to year growth.  

Cyber Threats & Vulnerabilities of IoT

As the Internet of Things rapidly grows, the cyber threats and associated risks continue to evolve and become increasingly complex with hackers coming up with new ways to breach devices and networks. Every organization should be aware of their own network attack surface, which is the totality of all vulnerabilities from connected devices and hardware. Each device poses a possible point of entry for an unauthorized user to gain access. Ideally you keep your attack surface as small as possible, making it easier to protect. But for some organizations, this simply isn’t a possibility, as there might be a need for thousands, if not hundreds of thousands of IoT sensors to report on key analytics.  

As mentioned earlier, the healthcare industry has a sizable use case when it comes to IoT devices. An issue with this is the cost associated with these complex pieces of equipment such as MRI scanners and X-ray machines. It simply isn’t feasible for these items to be upgraded regularly, which in turn leads to outdated and unsupported systems still playing a key role in the infrastructure. As an example, Windows 7 support was discontinued in January of 2020 after 10 years in operation, creating an untold number of vulnerabilities for organizations around the globe. According to a report from Palo Alto Networks cybersecurity division Unit 42, 83% of medical imaging devices are running unsupported operating systems.  

IoT devices suffer from a range of other vulnerabilities, including: 
  • Weak/default passwords and settings: Back in 2016, the largest DDoS attack ever at the time was launched against the service provider Dyn using a botnet powered by IoT devices. Hackers used a piece of malware called Mirai, which after initially infecting a computer would continue searching for vulnerable IoT devices and use default usernames and passwords to login. These credentials can be found online easily, and if the network operator doesn’t change them, anyone can gain access. 
  • Poor device security from the manufacturer: When a device communicates in plain text, all information that is being transferred can easily be intercepted via a Man-in-the-Middle attack. 
  • Outdated IoT firmware: A large percentage of IoT devices use third-party libraries for their firmware, these can easily become outdated and with the lack of ability to update the firmware on some devices, this poses an issue. 
  • Protecting your IoT Devices and Network: Network administrators need to realise that with these new devices they need to ensure they are keeping up with the essential security solutions. Strong passwords, firewalls and anti-virus software simply isn’t sufficient. The first step in protecting your IoT devices is to learn and understand what the most likely cyber threats are. Create a threat model which identifies, evaluates, and prioritizes potential vulnerabilities. Having a documented network is essential, a well-maintained network management system with advanced monitoring will massively help identify weak spots in the network.  
Basic IoT network security measures include:
  • VLANs: Placing the IoT devices in their own VLAN with total segregation from the rest of the network. This doesn’t have to be anything overly complicated, just set some simple rules such as trusted and untrusted depending on how much faith you have in the device. E.g. A Nest smoke alarm can be placed in the trusted VLAN and have access to the internet but a cheap Chinese thermometer would go in the untrusted VLAN and not have access to anything else.  
  • Static IPs: If it is possible to assign a static IP, definitely do so. This helps you to keep track of the device and can make troubleshooting a whole lot easier. Another benefit of this is helping with identifying new devices on the network. 
  • MAC Address whitelisting: An easy way of ensuring only authorized devices can access your company network. But it is important to note that these can be easily spoofed. 
Advanced IoT security measures include:
  • Modern Network Access Control (NAC): Traditional NAC solutions don’t scale well when it comes to IoT. Standard IEEE 802.1x security protocols are mostly incompatible with IoT devices. As mentioned above, MAC authentication can be spoofed. With NAC, network administrators are able to configure and enforce security policies and analyze device risk postures. 
  • Automated configuration: Having an automated onboarding system in place for new devices is a smart idea. If your company has a large number of IoT devices, it can be easy for some to slip through the security configuration if done manually.  
  • Device certificates: Using X.509 device certificates to manage the identity and security of devices adds another layer of security. These certificates play a key role in PKI-based security and serve as proof of device authenticity by authentication, encryption, and data integrity. 
  • Secure API connections: APIs are commonly used to transfer data between applications and devices. This can give way to a whole host of cyber threats. It is essential that only authorized systems can communicate with the API. The use of tokens to establish trusted identities and provide access to the appropriate services is highly recommended. 

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

What is WMIC and why will it be discontinued?

As we already explained on one occasion in this blog, Windows Management Instrumentation, WMI, is a technology owned by the company Microsoft®.

But there’s even more!

Things have changed and we are going to tell you all about it!

Do you already know what WMI is and why it will be discontinued?

WMIC was the WMI command-line utility, which provided an interface for the  Distributed Component Object Model (DCOM) Remote Protocol.

This protocol, in turn, allows remote procedure calls (RPC) with a set of extensions overlaid on Microsoft Remote Procedure Call Extensions.

DCOM is used for communication between software components such as Pandora FMS and networked devices.

The benefits of monitoring are unavoidable and this type of technology (communication and connection protocols) are used to work, prevent problems and progress.

However, it all depends on the use it is given:

In January 2021, the MITRE corporation registered the CVE-2021-26414 vulnerability, which recognizes that there was a possibility to access the privileges of a normal user, a non-MS Windows® system administrator user.

*Common Vulnerabilities and Exposures is a list of registered U.S. government information about known security vulnerabilities, in which each reference has a CVE-ID identification number.

The exploitation of this weakness  is not given by fortuitous conditions.

Never, right at first, an attacker who manages to gain access, stays only as a normal user, no, they usually become system administrators.

Thus, time and commitment are required to study the victim and achieve the task.

The company Microsoft®, concerned about the peace of mind of their customers, decided to publish and distribute the security patch called KB5004442 (February 2022), which increases user authentication.

Therefore, WMIC is not able to connect despite being a product from that same software brand.

However, that’s actually a side effect, not the main reason why the WMIC software was discontinued.

For some time now, Microsoft, progressively, has been updating, deleting and improving each of its components, and has even created new utilities.

This is the case of PowerShell, which will bear the new responsibilities inherited from WMIC from now on.

At Pandora FMS, always respecting our security architecture, we presented PandoraWMIC. Improved software for the new WMI connection requirements, which avoids this type of inconvenience, both in the Open version and in the Enterprise version.

Absolutely no one is safe from security attacks. This is only a small edge from the whole picture.

You may check our official documentation on this topic:

https://pandorafms.com/manual/en/documentation/07_technical_annexes/15_security_architecture

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

Pandora FMS at the very top of G2

Bring it on Pandora FMS! If we have previously told you about our success at the Open Source Awards 2022 and the Peer Awards 2021, today we are here to tell you that we are at it once again!

We are at the top of G2 of Monitoring Software!

“Why is it easier to get unbiased information about a hotel room than about software?”

In 2012, five entrepreneurs asked themselves this question. The next day, they founded G2.

Una plataforma que en la actualidadA platform that currently has more than 60 million visits per year, and on which users can read and write quality reviews on 100,000 software products and other professional services.

More than 1,500,000 reviews have already been published, which help companies around the world make better decisions about how to reach their full potential.

That is why it is so important and honorable that Pandora FMS has become part of its Top 10 of the best Network Monitoring software.

  1. Ninja One
  2. Atera
  3. Logic Monitor
  4. Auvic
  5. Solar Winds
  6. Domotz
  7. Progress WhatsUp Gold
  8. Pandora FMS

Above many other already recognized companies. Such as Microsoft, Datadog, Zabbix, Nagios, Dynatrace, Catchpoint, Entuity, PRTG, Checkmk, Wireshark, Smokeping, OPManager, Netreo, Munin, Cacti and many more.

A badge that appoints Pandora FMS once again as the total monitoring solution:

  • Cost-effective, scalable and able to cover most infrastructure deployment options.
  • Find and solve problems quickly, whether you come from on-premise, multi cloud or a mix of both of them.
  • In hybrid environments where technologies, management processes and data are intertwined, a flexible tool capable of reaching everywhere and unifying data display is needed to make its management easier.

That’s Pandora FMS

You knew it, and now all G2 users know it too!

How did we get into the Top 10 of the G2 platform?

For now, to be included in the category of Network Monitoring, a product must, among other things:

  • Constantly monitor the performance of an entire computer network.
  • Create a baseline for network performance metrics.
  • Alert administrators if the network crashes, or varies, from the baseline.
  • Suggest solutions to performance issues when they arise.
  • Provide network performance data display.

Then comes the usability score of a product, which is calculated using their own algorithm that takes into account the satisfaction ratings of real users.

This rating is also often used by buyers to quickly compare and identify on the page the top-rated products.

The number of reviews received at G2 is also important, buyers rely more on products with more reviews.

Higher number of reviews = Higher representativeness and accuracy of the customer experience

In turn, G2, apart from rating the products based on the reviews collected in its user community, also does so with the aggregated data from online sources and social networks.

And then, participate in the different categories where you can earn badges like the ones we have won:

  • Best Usability. 
  • Easiest to Use.
  • Easiest Admin.
  • Best Meets Requirements.

And as they say over there:

That would be it!

Today we have reached this milestone, and since 2020 we have been winning these categories, all seasons! Let the Himalaya tremble in fear, we continue climbing to the very top!

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

ESET named an Overall Leader in KuppingerCole’s report for its endpoint protection, detection and response capabilities

Bratislava, May 18, 2022 – ESET, a global leader in digital security, announced that it has been named an Overall Leader in the KuppingerCole Leadership Compass Endpoint Protection, Detection & Response (EPDR) 2022 report, where the business’ EPDR solutions were awarded Leader status in all categories of Product Leadership, Innovation Leadership and Market Leadership. KuppingerCole analyzed vendors based on a correlated view of Market and Product Leadership rankings, where ESET was recognized as a Market Champion. Furthermore, based on a correlated view of the Product and Innovation Leadership rankings, ESET came out as a Technology Leader.

KuppingerCole, an international and independent analyst organization, helps IT organizations by defining leaders amongst market vendors and the KuppingerCole Leadership Compass EPDR 2022 report provides a specific overview of vendors’ EPDR solutions. The report covers the trends influencing this segment and the essential capabilities required of EPDR solutions, and also provides ratings on how well the solutions meet expectations.

Analyzed in the report, ESET Inspect is the foundation of ESET’s extended detection and response (XDR) capabilities and works together with ESET PROTECT to offer a complete security solution that is optimized for customers’ ease of use. Furthermore, the latest MITRE Engenuity ATT&CK® Evaluations for Enterprise demonstrate that ESET Inspect is able to provide organizations with excellent visibility and context throughout all attack stages. As an XDR-enabling solution, ESET Inspect is a sophisticated tool with advanced threat hunting and incident response capabilities, and together with ESET PROTECT offers deep network visibility, cloud-based threat defenses, and more. Overall, ESET has continuously been named a top player and a leader in the industry for its balanced protection, detection and response security offering.

“We are honored to be recognized as a Leader in all the categories of KuppingerCole’s report, because at ESET, we believe in taking a multi-layered, high performance approach to our technologies, working closely with our customers for an optimized and complete security solution,” said Ignacio Sbampato, chief business officer at ESET. “Since our inception, we have been a pioneer in developing our machine learning capabilities to fight the toughest digital security challenges of today. And this recognition is testament to our relentless drive for progressive and innovative solutions for our customers.”

For more information on ESET’s results in this report, click here.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

AI in Cybersecurity: Transformation is Now

We live in a world where businesses suffer a ransomware attack every 40 seconds, and total malware infections have been on the rise for the last ten years. Withstanding such a heavy barrage of cyberattacks requires an intelligent and robust approach to cybersecurity. And as cybercriminals continue to sharpen their skills and sophisticate their techniques, safeguarding critical enterprise systems is only becoming more challenging.   

Luckily, artificial intelligence (AI) is increasingly playing a significant role in cybersecurity, offering powerful and efficient threat detection and elimination. And with artificial intelligence in the cybersecurity market expected to reach an eye-watering $46.3 billion by 2027, AI should be part of your strategic IT plan, if not already implemented in some areas.  

With this in mind, let’s look at how AI in cybersecurity is evolving and creating a safer world for businesses today and in the future.  

AI in Cybersecurity – Use Cases and Advantages 

Artificial intelligence and its subsets like machine learning and deep learning are vital to information security today. These technologies can rapidly analyze millions of data sets and uncover a wide variety of cyber threats. This section will dive into how AI is being leveraged in cybersecurity and its advantages.  

Threat Detection 

Perhaps the most significant use case for AI in cybersecurity is threat hunting. Typically, these systems use historical data, machine learning (ML), and statistical modeling of networks to create a baseline of expected network traffic. With the baseline established, the AI can rapidly identify anomalies and alert the relevant security teams of suspicious behavior. Critically, machine learning excels at spotting patterns in data that traditional approaches miss and can find these patterns much faster than human security analysts.  

Network Security 

Leading on from the last section, let’s look at some more specific ways AI is used in networking. Network security encompasses many elements, including network access controls (network authentication and authorization), perimeter security, data privacy, security monitoring, and policy management.   

With so many moving parts, maintaining strong network security can be challenging, but AI helps overcome much of this complexity. Additionally, AI makes enterprise networks more efficient by leveraging data-driven algorithms to identify critical patterns within the organization’s infrastructure. Here are the primary ways AI is changing network security: 

  • Log analysis: AI and ML algorithms can analyze logs from all over the enterprise environment, whether they be routers, switches, WAN optimization devices, or others, to provide real-time network performance insights. Armed with this information, network engineers can respond to problems at lightning speed.  
  • Traffic management and prioritization: Automated, AI-driven tools help manage traffic to optimize performance. AI built into smart switches can analyze Ethernet packets and automatically assign different priority levels to different types of network traffic.  
  • Scanning and patching: Many modern switches rely on AI to automate maintenance tasks, including patching. However, fully autonomous self-patching AI systems are also garnering more attention. These systems use AI to self-scan for vulnerabilities and deploy patches for these vulnerabilities without human involvement 
  • Supporting cloud-managed networks: Network architectures are increasingly moving towards centralized management structures like cloud-managed networks and Software Defined Networking (SND). AI can help fully realize the benefits of these architectures, offering increased ease of management and improved network flexibility 

In summary, AI helps improve network performance and reduce downtime and does this more accurately and quickly than a person ever could.  

Hunting Zero-Day Exploits (Identifying Unknown Threats) 

Defending against zero-day exploits is one of the most challenging aspects of modern cybersecurity. A zero-day exploit is a cyberattack targeting an unknown software vulnerability. Naturally, defending against something you don’t know exists presents significant hurdles. For example, the signature-based tools usually deployed by cybersecurity teams won’t be effective in catching Zero-days.   

AI, ML, and deep learning are increasingly being utilized to find relationships and patterns that human analysts and conventional security tools miss. Rather than using pre-defined criteria to identify anomalies, this type of AI is typically unsupervised and will teach itself what activity is expected within the organization. If it spots something unusual, like exfiltrating data to outsider servers or users visiting websites they have never visited before, it will flag this quickly. In some cases, these attacks will be cybercriminals exploiting Zero-day vulnerabilities to inject malicious software into the network 

Vulnerability Management 

A colossal 28,695 vulnerabilities were disclosed in 2021, a significant rise from the 23,269 disclosed in 20207. And alarmingly, more than 4000 of these flaws are remotely exploitable. But luckily, they’re also patchable. Security teams often struggle to keep up with the influx of new vulnerabilities and decide where to focus their efforts. But with AI scanning user accounts, endpoints, and servers for abnormal behavior, security teams get an in-depth insight into which flaws are most keenly targeted by cybercriminals.  

Threat Prioritization  

Depending on how sensitive an organization’s threat detection system is, security analysts could potentially receive an overwhelming number of threat alerts on any given day. In fact, a survey by Trend Micro found that 51% of IT security professionals said they were overwhelmed by the volume of threat alerts they received. Additionally, 55% of respondents said they weren’t confident in their ability to prioritize and respond to these alerts 

AI can help by leveraging machine learning to triage low-risk alerts, suggest solutions, and call for immediate attention to high-risk alerts. This means security analysts can spend less time manually combing through alerts and more time combating them.  

Reducing Pressure on the Cybersecurity Workforce 

AI reduces or entirely eliminates much of the manual labor involved in many cybersecurity tasks. The main drivers here are automation and AI’s ability to process copious amounts of data in minutes or even seconds.  

Wrapping Up 

While cybercriminals use AI to attack enterprise networks, we can use it to protect them. AI is emerging as a critical technology in the information security space and with good reason. It provides the analysis, speed, and detection needed to protect the dynamic enterprise attack surface. 

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Why Social Engineering Attacks are on the Rise & How to Prevent Them

You can build the tallest walls around your castle and equip it with the most advanced defense technology, but if an insider opens the gates to your enemies, all your efforts will go wasted.

This logic equally applies to cyber security: Even when a business uses state-of-the-art antivirus & malware protection software and implements robust technical security measures, one employee’s mistake of disclosing his login details to an intruder or downloading malware-infected attachments may lead to the compromise of valuable information assets, result in financial loss or disrupt business continuity. 

This is why social engineering attacks are on the rise: Instead of trying to find and exploit system-related vulnerabilities which may require significant resources, cybercriminals increasingly play into exploiting natural human tendencies such as greed, trust, fear, and feeling obliged to reciprocate so that they can easily exfiltrate data. 

In this article, we will talk about: 

  • How do social engineering attacks work? 
  • What are the main types of social engineering attacks? 
  • Rise of social engineering attacks 
  • Why are social engineering attacks on the rise? 
  • How to prevent social engineering attacks

I. How do social engineering attacks work?

Social engineering attacks refer to the use of deceptive techniques and arts by cybercriminals to persuade victims to take specific actions such as disclosure of sensitive information, downloading malware-infected attachments, allowing intruders entry into secure areas, or clicking on a link that directs them to a fake website, which is then used to steal sensitive data such as their login credentials. 

By deceiving employees into taking these actions, malicious parties can infiltrate corporate networks, gain access to valuable information assets, steal credentials of high-level management or even transfer funds to themselves. A successful social engineering attack requires both technical skills such as crafting a phishing email and soft skills such as building trust with the target. 

Overall, a social engineering attack consists of four phases: 

Phase 1: Gathering of information about the victim

In this step, the cybercriminals collect information about the victims from different sources such as publicly available data on social networking sites, online directories, or via special tools such as OSINT.  

Phase 2: Building a relationship with the victim

In this phase, cybercriminals earn the victim’s trust by using the information gathered previously and then applying principles of psychological manipulation to influence the victim into taking a particular action such as disclosing sensitive information like login credentials. 

For instance, people like to reciprocate a favor, they want to be useful to others and they act without diligence when there is an imminent threat. Understanding these basic principles of human instincts helps cybercriminals trick their victims with ease. 

Phase 3: Exploiting the relationship

In this stage, cybercriminals deploy their technical skills to attain results. This may include crafting a spear-phishing email, cloning a legitimate website, or persuading the victim into opening a malware attachment. 

Phase 4: Exit step

This step involves the removal of all evidence that may have been left after the attack so the cybercriminals cannot be identified. Furthermore, concealing that an attack occurred is of critical importance for cybercriminals because it allows them to freely infiltrate the systems without getting caught. 

II. What are the main types of social engineering attacks?

Phishing

Phishing attacks are the most prevalent type of social engineering attacks. In December 2021, APWG observed 316,747 phishing attacks, the highest number since its reporting program began back in 2004. Furthermore, according to Verizon’s Data Breach Investigations Report, phishing attacks were used in 36% of all data breaches surveyed. 

Phishing attacks entail the use of communication tools such as emails, phones, SMS, or social media to deceive users into divulging confidential information, clicking on malicious web links, or downloading malware-infected attachments. 

Spear phishing

Spear phishing is a sophisticated variant of phishing attacks. Unlike traditional phishing attacks where non-personalized bulk communications are sent to thousands, spear-phishing attacks are targeted at specific individuals within an organization. Worldwide, 36% of businesses have faced at least 10 spear-phishing attacks in 2020. 

Business email compromise (BEC)

BEC refers to a type of attack where cyber attackers impersonate trustworthy senior executives via stolen credentials and then convince subordinates to transfer funds to other accounts. According to IBM’s 2021 Cost of Data Breach Report, BEC attacks cost the most to businesses worldwide, 5 million $ on average per attack. 

III. The rise of social engineering attacks

As businesses implemented stronger technical security measures such as more effective anti-virus programs, network filtering, and cloud adoption, the cost of finding and exploiting system vulnerabilities required more resources and became more costly for cybercriminals. Given that the primary motivation for cybercrime is high-margin profits, it is no surprise that cybercriminals are increasingly using social engineering attacks to infiltrate IT networks more easily and in a more cost-effective way. 

In fact, the Human Hacking Report by SlashNext shows that social engineering attacks increased by 270% in 2021. What is more interesting is that 98% of all cyberattacks involve social engineering to some degree. Another interesting trend when it comes to social engineering attacks is the growing use of more sophisticated and manual methods instead of generic and automated communications.  

Traditionally, the use of automated means to send out generic phishing emails and SMS in bulk was the norm. However, cybercriminals now collect more information about their targets, identify the most vulnerable individuals within the target organization and personalize their tactics to deceive their targets more easily. 

This is evidenced by the growing prevalence of spear-phishing attacks: In 2021, 65% of all phishing attacks worldwide were spear-phishing attacks, which entails in-depth research into the target organization and the victims to send more personalized and believable emails, SMS, and calls,   thus maximizing  the success rate. 

IV. Why are social engineering attacks on the rise?

While there are many factors contributing to the rise in social engineering attacks, three factors stand out: 

Social networks

Professionals spend more time on social media networks and are often open to connecting with people they do not know to gain more prominence on social media platforms such as LinkedIn.  This makes most employees potential targets for social engineering attacks because cybercriminals can easily open an account on these networks without ID verification, connect with the targets, earn their trust and then execute the attack. In other words, social media provides another attack vector for cybercriminals to build relationships with victims and exploit their vulnerabilities. 

Access to more data

Social media sites where people share everything about their lives are a goldmine for social engineers: This enables them to profile their targets, identify individuals most likely to fall victim, and craft a more personalized message to them to boost their chances of success.  For example, cybercriminals can set up an unofficial assistance page for a particular bank’s customers on a social media site and then target people following this page. 

For instance, 1 billion LinkedIn users’ data were compromised as a result of two data breaches. This data was then on sale on the dark web. Access to this rich source of personal information has likely fuelled the rise in spearfishing attacks in 2021. 

Social engineering requires fewer resources and technical knowledge

Compared to the exploitation of system vulnerabilities which requires technical expertise and resources, social engineering is an easier way for cyber attackers because all they need is an employee negligent enough to fall prey.  

Social engineering attacks are less likely to get detected

When cybercriminals infiltrate corporate networks by using login credentials obtained via social engineering, this may go undetected for months, giving them the time to compromise troves of data without being detected.  

Another factor that makes it easy for cybercriminals to evade email detection gateways, firewalls, and other detection technologies is that they host malicious URLs on legitimate infrastructures such as AWS and outlook.com. For instance, according to a report by SlashNext, 2.5 out of 14 million malicious websites identified were hosted on reputable infrastructure services such as Azure. 

V. How can organizations prevent social engineering attacks?

Defending against social engineering attacks and minimizing their adverse effects on a business requires a combination of strong security culture, staff training, and implementation of appropriate cyber security measures: 

Provide training to your staff

All staff should be educated on how they can recognize social engineering attacks such as phishing attacks. For email phishing, for instance, employees can be provided with training on the red flags such as incorrect email domain or grammar mistakes they need to watch out for. 

Establish reporting mechanisms and encourage employees to report suspicious calls, emails, and other similar activities

There should be a reporting mechanism in place so that employees can report any suspicious activity to the security team, making it easier to detect and prevent social engineering attacks 

Penetration testing

Carrying out regular penetration testing is useful to discover the vulnerabilities in the human element of IT infrastructure so that weaknesses can be identified and remedied.  

Network access control (NAC)

Implementing network access control technology can provide two distinct benefits: 

  • Preventing unauthorized access to the Network by applying multi-factor authentication: NAC systems enable businesses to restrict access to certain employees with credentials to certain areas of the network. NAC systems usually include multi-factor authentication functionality that is useful to prevent intruders from gaining access to critical IT infrastructure. Gaining account login credentials is one of the primary ways attackers use to infiltrate corporate networks. Multi-factor authentication would enable the recovery of accounts easily and prevent unauthorized access.
  • Post-admission controls can mitigate risks by restricting lateral movement across the network: NAC systems can be used to restrict access to different parts of the network, minimizing the harm an unauthorized attacker can impose. This control can make it less likely that intruder obtains confidential data such as trade secrets and can reduce the number of individuals whose personal data are compromised. Therefore, financial loss because of a data breach would be less severe. 

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Events in MS Windows and Pandora FMS, does anyone give more?

If the spreadsheet was the essential application for accounting and massification of personal computers, MS Windows® operating system was the graphical interface that turned work into something more pleasant and paved the way for web browsers for the Internet as we know it today.

Today, in Pandora FMS blog, we discuss:

Windows Event Monitoring and Pandora FMS

Decades ae gone by but there is always a joke, among us computer scientists, that prevails in time:

“This is the year of Linux on our desktops”.

I actually think that, in the end, it is a statement that comes with a flaw from the very beginning:

The kernel (Linux in this case) has little to do with the graphical interface, the actual thing is that the applications that go along with Linux, such as GNU/Linux, are the combinations that should take their place in hundreds of millions of computers in our homes and jobs.

The MS Windows® operating system (OS), despite losing ground with Android/Linux on our mobile phones, still has it still going on on desktop computers and in the field of video games it keeps its position, faring pretty well.

Many say that desktop personal computers will disappear. I personally think that we will connect the monitor, keyboard and mouse to our cell phones at home and at the office.

But today MS Windows has a stronghold in its market position and for Pandora FMS it has implied a series of very special considerations for its monitoring.

The  overview

Monitoring with Pandora FMS can be done both remotely and locally and the MS Windows® OS is no exception. Remote monitoring can be performed through SNMP and  through WMI.

*If you are new to monitoring, I recommend you to take a few minutes to learn about Pandora FMS Basics.

For local monitoring install a small program, which is called Pandora FMS Software Agent.

Once installed in MS Windows®, the modules to collect the most relevant information (disk usage, RAM consumption, etc.) will already be installed by default.

If what you need to monitor is the basics of MS Windows® the Open version of Pandora FMS is more than enough for the task.

Windows® event monitoring

The amount of applications for MS Windows® is humongous but in a way it is easy to monitor applications and even processes, since we have a special instruction for the Software Agent called module_Proc. 

This instruction is able to tell us, either immediately or every certain period of time whether a program or process is running.

*If you want to find out more about this Pandora FMS feature, visit our video tutorial Monitor processes or applications in Windows.

So far all this is the basics for monitoring MS Windows®.

And in the case of Pandora FMS Enterprise version you can “transfer” normal events to events in Pandora FMS, which can generate alerts and warnings for us to take the necessary actions, or let Pandora FMS restart the software vital to our work or business.

* The latter is known as Watchdog: if an application for any reason stops in MS Windows®, it is re-launched and executed.

Analyzing the causes

Simplifying as much as possible:
So far we can say that we are working on true and false, on ones and zeros.

But often it is called on to us to analyze under what conditions an application collapses or find out why it does not start.

If all that related information had to be seen on your screen you simply would not be able to work with so many interruptions. For that reason there are event registries and working with them implies more specialization on Pandora FMS behalf.

MS Windows® presents an advantage as a privative software for its monitoring and it is that its events and corresponding logs are centralized after a certain routine or standard way.

Monitoring an individual event

Pandora FMS offers the instruction module_logevent that uses Windows® API and offers better performance than data collection by means of WMI.

You will obtain data from the event logs from Windows itself.

Along with additional instructions, it offers the ability to monitor very specific events identified by the fields Log Name, Source, Event ID and Level.

Remember I told you they’re standardized?

Well, in Log name they are well defined by:

  • Application.
  • Security.
  • Installation.
  • System.
  • Forwarded events.

And you must use one of them for the instruction module_source, which is mandatory in the module to be created in Pandora FMS Software Agent.

Up to this point we have only discussed simple modules of Pandora FMS agents but, depending on your needs all the above can also be done as a complement or Pandora FMS plugin.

The difference is to place module_type async_string when it is a data module and module_type log when it is a plugin.

Plugins offer flexibility as they can return multiple data at the same time, unlike Pandora FMS modules that only return a specific, normalized data type in Pandora FMS.

This is important for what we will see below:
The instruction module_regexp which has as a parameter an event log file (.log) on which you will search for keywords with the instruction module_pattern.

This is necessary because there are old applications that keep their own separate event log, although in other regards they do not escape the Windows log. 

*We explained this in detail in our tutorial video « Windows modules logevent and regexp ».

Monitoring an event channel

En MS Windows® algunos log que no están en el registro de eventos del propio Windows, pueden ser recogidos mediante los canales de registros de eventos (Windows Event Log channel  o simplemente log channels) con una instrucción especial lla

In MS Windows®, some logs that are not in Windows event log can be collected using the Windows event log channels with a special instruction called module_logchannel that does not carry any parameters but then uses module_source<channel_name> together with module_eventtype (event type), module_eventcode (event code) and even module_pattern to search by keyword. 

*For more details, our video tutorial «Windows modules: Logchannel |Pandora FMS|» quickly explains this feature.

However, I said that we are looking for or investigating the cause of some problem or inconvenience in an application that runs on MS Windows®, but the examples I have given are specific and go directly to monitor a particular point.

Alright so…

How do we do it if we don’t know exactly what we’re looking for?

Elasticsearch and log mass collection

What I needed to explain is that if you use a plugin to collect logs you must install, together with Pandora FMS, a powerful tool called Elasticsearch.

Which uses a non-relational database capable of storing and classifying all this large amount of information.

*It is well explained, again, in another tutorial video called “ Log Collector in Pandora FMS “)

But don’t think Pandora FMS just delegates the work, no:

From Elasticsearch you may go back to Pandora FMS to generate alerts and reports that you scheme and then create in Pandora FMS to finally understand what the conditions and precise values are when an application fails (or has peak workload values, or is “doing nothing”, etc.).

Conclusions

He resI have summed it up as much as possible and I recommend that you watch the tutorials over and over again until you fully understand and are able to put it into practice installing both Pandora FMS and Elasticsearch. If you have any problems, check the official documentation, which is extensive on the topic “Log monitoring and collection.”

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

Weekly ICS / OT Security News Digest | SCADAfence – May 10

Our research team has put together all of the most relevant news topics in the Ransomware and IoT security fields, as well as their impacts and their expert recommendations:

Continue reading

CyberLink Launches PowerDVD 22, Putting User Experience at the Core of Blu-Ray, DVD, 4K HDR, and YouTube Playback

The world’s no.1 multimedia player delivers brand new cutting-edge playback options, an enhanced audiovisual experience, and the most intuitive user interface to date.

Taipei, Taiwan— May 12, 2022—CyberLink Corp. (5203.TW), announced today the release of PowerDVD 22, the latest version of its award-winning movie and media playback software which lets users enjoy an immersive experience for movies, music, and YouTube. The software plays movies in 8K, 4K HDR Blu-ray, and a wide range of media formats across any PC, laptop, TV, tablet or phone.

PowerDVD 22 builds on CyberLink’s pioneering media technology by offering exciting new features that offer users more control and customization options. Users can tailor their experience to match their preferences, for example, deeper colors, better lighting, and enhanced audio, such as high-fidelity 7.1 surround sound.

PowerDVD 22 includes a new keep pitch algorithm that maintains audio quality at the highest level during slow-speed playback, ideal for honing in on a video’s most intricate details without a distorted soundtrack. PowerDVD 22 optimizes playback between devices. New tools allow users to trim and extract any section of their media’s video or audio and convert them into smartphone-friendly formats. This includes MP4 for video and AAC or MP3 for audio. PowerDVD 22 also boasts faster transcode and uploading times, faster playback, and thumbnail generation on any part of the play bar for easy media skimming.

Enjoy YouTube like never before with PowerDVD 22. Next-generation TrueTheater® enhancements enrich YouTube videos with deeper colors, better lighting, and enhanced audio, no matter the original’s resolution – even 4K. Enjoy all-new matched playback speed controls, the ability to subscribe and unsubscribe within PowerDVD, and search capabilities by both channels and playlists.

“Recognized as the world’s number one movie and media player, PowerDVD has a long innovation history, pioneering multimedia features over and again, to the joy of our millions of users,” said Dr. Jau Huang, CEO of CyberLink. “In addition to new playback tuning options and an even friendlier user interface, we are happy to announce that PowerDVD 22 also adds exciting features to let users take complete control of their media, movies, and YouTube content experience.”

PowerDVD 22 provides an unparalleled playback experience. New additions include a specialized home function that lets users instantly access their currently played, recently played, and recently added media – all in one place. The program emphasizes precision controls, fast playback, and a lightning-quick response when streaming or watching YouTube. Users can enjoy convenient search functions and filters, including separated music, movie and photo playlists, the ability to access YouTube videos directly with an URL, and an integrated media manager which automatically organizes an entire library of photos, videos, music, and Blu-ray/DVD movies.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About CyberLink
Founded in 1996, CyberLink Corp. (5203.TW) is the world leader in multimedia software and AI facial recognition technology. CyberLink addresses the demands of consumer, commercial and education markets through a wide range of solutions, covering digital content creation, multimedia playback, video conferencing, live casting, mobile applications and AI facial recognition.  CyberLink has shipped several hundred million copies of its multimedia software and apps, including the award-winning PowerDirector, PhotoDirector, and PowerDVD.  With years of research in the fields of artificial intelligence and facial recognition, CyberLink has developed the FaceMe® Facial Recognition Engine. Powered by deep learning algorithms, FaceMe® delivers the reliable, high-precision, and real-time facial recognition that is critical to AIoT applications such as smart retail, smart security, and surveillance, smart city and smart home. For more information about CyberLink, please visit the official website at www.cyberlink.com