Skip to content

Battling the Beast: Overcoming Account Takeover Cyber Attacks

The increasing prevalence of account takeover (ATO) in cyber attacks presents a formidable challenge to cybersecurity professionals. ATO attacks increased 354% year-over-year in 2023. As our dependency on digital platforms grows, so does the appeal for cybercriminals to exploit vulnerabilities in these systems. Thus, the necessity to understand and mitigate the risks associated with account takeover cannot be understated.

The Rising Threat of Account Takeover Cyber Attacks

The infiltration of cyber attackers into the world of account takeover is a pernicious reality that cybersecurity professionals must vigilantly contend with. 29% of people have experienced account takeover, an increase from 22% in 2021. This method, where unauthorized entities manage to breach an individual’s account, primarily through purloining their credentials, has dramatically increased in frequency and sophistication. The fundamental appeal for cybercriminals lies in the ease of execution and the lucrative rewards it potentially yields.

The process can be alarmingly straightforward: gain unlawful access to a user’s account and exploit it to their advantage. This could mean undertaking fraudulent transactions, siphoning off sensitive information, or causing network-wide disruptions. Regardless of the end game, the results are invariably harmful to both the individual and the broader digital ecosystem.

Account takeover attacks are a disturbingly increasing trend, owing to their relative simplicity and efficiency. This burgeoning phenomenon in the cyber-threat landscape poses a grave concern for organizations, particularly given the possible scale of havoc that attackers can wreak.

As we find ourselves more entwined with the digital realm than ever, the potential for account takeovers amplifies. This coupled with the growing proficiency of cybercriminals means that the stakes are higher than ever. Consequently, understanding the ins and outs of these attacks, their modus operandi, and potential impact is not just an exercise in hypotheticals; it’s an urgent imperative. This comprehension is the first step in formulating a robust, forward-thinking defense strategy to safeguard our accounts and networks against these malicious activities.

Without a doubt, the emergence of account takeover as a prominent cyber threat highlights the need for innovative security measures that can rise to this challenge and fortify our digital frontiers.

High-Profile Breaches through Account Takeover Tactics

The chilling reality of account takeover cyber attacks becomes all the more apparent when we delve into the annals of significant breaches in recent history. Each incident illuminates the audacious sophistication of the attackers and the devastating impacts that follow. For instance, the 2016 Yahoo breach remains one of the most significant cyber attacks of its kind. In this instance, account takeover techniques allowed the malefactors to abscond with data from a staggering 1 billion accounts. This incident served as a stark wake-up call for the cybersecurity community, highlighting the urgency of addressing this form of cyber attack.

Fast-forwarding to the more recent past, the high-profile Twitter breach of 2020 further exemplifies the escalating prowess of cyber attackers. The miscreants manipulated account takeover tactics to compromise accounts belonging to a host of eminent individuals and subsequently executed a large-scale Bitcoin fraud. These incidents echo the disconcerting potential for harm that account takeover cyber attacks embody.

Such high-profile breaches underscore not only the vast scope of potential damage but also the ingenious techniques deployed by cyber attackers. These case studies offer invaluable insights for cybersecurity professionals, spotlighting the urgency to upgrade our defenses and adopt innovative strategies to combat the escalating threat of account takeover.

The Role of Network Access Control in Preventing Account Takeover

Navigating the terrain of account takeover necessitates the deployment of sophisticated security measures. In the forefront of these measures is Network Access Control (NAC). A powerful ally in our cybersecurity arsenal, NAC is fundamentally designed to authenticate and authorize each individual seeking access to a network, hence barring unapproved entries. This mechanism plays a crucial part in defending against account takeover attacks.

NAC’s proficiency in preventing account takeovers is rooted in its operational mechanics. It functions by establishing rigorous stipulations for network access, examining both the user’s device and credentials meticulously before granting admittance. More than being just a gatekeeper, NAC also maintains constant surveillance of network activities, spotting any irregularities that might signal a security breach.

In the event of a perceived threat, NAC’s proactive nature kicks in. It has the ability to autonomously isolate the nodes under attack, curbing the spread and curtailing the attacker’s reign. This real-time responsiveness of NAC is especially beneficial in thwarting account takeover attempts which require swift intervention.

With account takeover attacks looming larger on the threat horizon, the strategic implementation of NAC is more critical than ever. By encompassing a detailed verification process and proactive monitoring, NAC provides an innovative and effective security measure in the fight against account takeover. Undoubtedly, this advanced tool significantly boosts the resilience of our digital frontiers against these pervasive attacks.

How Network Access Control Works

At the heart of Network Access Control’s (NAC) effectiveness is its dynamic operational strategy. Rather than relying on a one-time authentication process, NAC ensures that the individual accessing the network meets the established security parameters at every stage of their interaction. It scrutinizes both the credentials of the user and the integrity of their device, diligently verifying them against stringent security standards.

Going beyond just verifying identities, NAC also monitors ongoing network activity. It applies real-time analysis to identify any deviation from normal behavior, serving as an ever-watchful sentinel over the network. When an anomaly suggestive of a potential threat is detected, NAC steps into high gear.

One of the distinguishing features of NAC is its ability to react autonomously to perceived threats. It isolates the affected nodes immediately, effectively stopping the spread of a possible breach in its tracks. This automatic response mechanism is crucial, especially when every second counts in mitigating the damage caused by an account takeover attempt.

With the proactive and comprehensive security measures it employs, NAC stands as a strong line of defense against account takeover attacks. It’s an essential tool that demonstrates the power of advanced technology in fortifying our digital spaces. With the ever-looming threat of account takeover, the mastery of NAC’s functions could make all the difference in securing our online presence against cyber threats.

The Power of NAC in Account Takeover Prevention

Harnessing the strength of Network Access Control (NAC) in countering account takeover necessitates a comprehension of its multi-faceted abilities. The core competence of NAC in tackling such cyber threats lies in its meticulous access management protocols. By perpetually scrutinizing network activity, NAC acts as an indefatigable sentinel, identifying anomalies that could potentially signify an illicit account takeover attempt. It stands ready, vigilant against any nefarious attempts to violate the sanctity of our digital domain.

More than just a watchful guardian, NAC possesses the crucial capacity for swift action in the face of detected threats. Through its autonomous response mechanisms, it acts decisively to isolate affected nodes. This ability is pivotal, as it curtails the window of opportunity for attackers, hindering them from inflicting further damage.

The effectiveness of NAC in thwarting account takeover does not merely stem from its individual capabilities. It arises from the synergistic combination of these functions — a meticulous verification process, real-time monitoring, and a rapid, automated response system. This potent trio underscores the potential of NAC in confronting the menace of account takeover. As we continue to grapple with this escalating threat, the implementation and mastery of NAC can serve as a bulwark, providing an essential layer of defense against the burgeoning wave of account takeover attacks. By embracing the power of NAC, we strengthen our armory, standing ready to defend our digital frontlines against the sophisticated tactics of cyber attackers.

Conclusion

The rising tide of account takeover cyber attacks necessitates a stalwart defense and forward-thinking strategies. Deploying a robust Network Access Control (NAC) system can be the linchpin in our cybersecurity armor, offering a formidable counter to this escalating menace. By apprehending the intricacies of account takeover and the arsenal that NAC brings to the table, we arm ourselves with the requisite knowledge to shield our organizations against these intrusive attacks.

As the digital landscape continuously morphs, presenting new challenges, innovative solutions like NAC serve as a bedrock, defending against the present onslaught and equipping us for future trials. Leveraging NAC’s capabilities not only fortifies our existing defenses but also lays a strong foundation for anticipating and mitigating potential threats.

The journey towards bolstering our cybersecurity fortifications demands a deep dive into understanding account takeover mechanisms and the sophisticated defenses offered by tools like NAC. It is a journey of empowering ourselves, reinforcing our digital frontlines, and crafting a resilient shield against the increasingly adept tactics of cyber attackers. As security managers, this understanding is crucial, equipping us with the knowledge to protect and navigate our organizations safely in the tumultuous waters of cybersecurity threats.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Leading Through Uncertainty: A CISO’s Playbook for IoT Threats in 2024

As we approach the mid-2020s, the specter of IoT threats looms larger than ever before. As a CISO, understanding these potential attacks, identifying threat actors, and strategizing for their prevention is crucial. It’s also vital to consider the financial implications of these threats and plan accordingly.

Understanding the Nature of IoT Attacks

In the ever-widening world of the Internet of Things (IoT), our daily interactions extend from our smartphones to our refrigerators, and even to our automobiles. This burgeoning network of connectivity, while revolutionizing modern convenience, also births unprecedented cybersecurity vulnerabilities. IoT devices often exhibit weaker security measures, making them irresistible targets for cybercriminals. These malicious entities exploit the defense gaps to gain illicit access, pilfer valuable information, or orchestrate grand-scale cyberattacks.

As we peer into the horizon of 2024, we must be prepared for a diverse array of IoT threats. Conventional modes of cyber onslaught, such as malware or DDoS attacks, may metamorphose to specifically target IoT devices. Alarmingly, we could also witness the advent of AI-empowered threats capable of self-adapting and self-propagating across networks, creating complex webs of intrusions that are hard to predict or prevent.

Simultaneously, the fast-paced roll-out of 5G technology poses an amplifying risk. The improved connection speed and robustness, while advantageous for legitimate users, also provide a fertile ground for cybercriminals to exploit, accelerating the potential scale and impact of IoT attacks.

Thus, the nature of IoT threats in 2024 will likely be multifaceted and complex, calling for dynamic, advanced, and proactive security strategies. As CISOs, the onus is on us to anticipate these emerging threats, identify the inherent vulnerabilities in our IoT infrastructure, and execute robust defense measures to safeguard against these escalating cyber risks.

Identifying the Threat Actors

Navigating the labyrinth of cybersecurity, one must grapple with the fluidity of the threat landscape. The actors that animate these threats are as diverse as they are numerous. They range from lone wolves who are cyber-savvy individuals fueled by the thrill of disruption, to meticulously organized crime syndicates that leverage IoT vulnerabilities for lucrative blackmail and extortion schemes.

One cannot afford to overlook the menace posed by state-sponsored actors either. These formidable entities, backed by substantial resources and strategic intent, exploit IoT systems for gaining competitive advantage or disrupting critical services.

The lowering of barriers in the digital underworld due to easy access to hacking tools amplifies this threat manifold. In an alarming trend, individuals with minimal technical know-how can now orchestrate significant IoT attacks, adding a disconcerting unpredictability to the threat matrix.

Recognizing this diverse array of threat actors is not merely an academic exercise. It provides crucial intelligence to anticipate potential attack vectors, understand their modus operandi, and tailor your cybersecurity defenses accordingly. Therefore, as vigilant sentinels in the realm of cybersecurity, we must continuously attune ourselves to this fluctuating landscape of threat actors and remain a step ahead in our defensive strategies.

Unraveling the Motivations Behind IoT Threats

Probing the underlying motivations of threat actors propels us toward a more proactive cybersecurity posture. It not only helps predict possible targets but also assists in planning strategic defense tactics.

State-sponsored entities, often backed by vast resources and a strategic agenda, predominantly harness IoT threats to achieve political gains. These groups may endeavor to disrupt critical infrastructure or public services, pushing their targets into a state of chaos and vulnerability.

Cybercriminal syndicates, on the other hand, are mostly financially driven. Their modus operandi generally revolves around infiltrating corporate networks or targeting high-value digital assets. These malefactors specialize in data theft, ransomware attacks, and other lucrative cybercrime tactics.

However, motivations can be a complex web, not always tied to tangible gains. A subset of threat actors, commonly termed as ‘hacktivists,’ draw their inspiration from ideological or ethical beliefs. They exploit IoT vulnerabilities to target organizations they perceive as ethically flawed or politically contentious.

Deciphering these motivations, while challenging, is a vital component of a CISO’s toolkit. It equips us to anticipate potential attack vectors, develop tailored defensive strategies, and ultimately create a more resilient IoT ecosystem.

Assessing the Financial Impact of IoT Attacks

When we delve into the financial repercussions of IoT attacks, the landscape can be startling. Not only do they trigger immediate financial drain through data theft or extortion, but they can also instigate enduring economic damage. This might manifest as diminished customer loyalty, punitive regulatory penalties, and potentially costly litigation proceedings.

Moreover, the fiscal fallout extends beyond the initial assault. There are tangible costs linked to incident response, which includes analysis, containment, eradication, and recovery. This expenditure is accompanied by the often significant outlay for system restoration, enhanced security measures, and possible public relations efforts aimed at managing reputational harm.

Such collateral expenses serve as a stark reminder of the economic implications of IoT threats. The cascade of costs that follow an IoT breach can significantly impact the financial health of an organization, sometimes in a way that’s irreversible. Therefore, preemptive financial planning and budgeting for these potential expenditures is a non-negotiable element in every CISO’s strategy.

Yet, it is crucial to recognize that the financial impact is not just a potential loss; it represents a call to investment. It emphasizes the necessity to allocate resources toward strengthening security measures, embracing innovative detection tools, and investing in employee cybersecurity training. The return on such investment is immeasurable, as it builds resilience, safeguards reputation, and fortifies trust—protecting not only the organization’s bottom line but its very standing in an increasingly digitized world.

In the face of rising IoT threats, comprehending the potential financial fallout is not merely about bracing for impact. Instead, it equips us with the foresight to make informed, strategic investments that bolster our defenses, cultivate resilience, and ultimately, ensure our organization’s digital future in an interconnected world.

Strategizing for the Future of IoT Security

As we navigate the landscape of IoT threats, it’s imperative to not just react, but to proactively strategize for the increasingly digitized future. The fabric of this strategy must be woven with a robust security framework, specifically designed for IoT devices. It should be agile enough to adapt to evolving threats while remaining firmly rooted in fundamental security principles.

Periodic risk assessments are critical, providing an ongoing measure of our defense posture and revealing vulnerabilities before they’re exploited. Coupled with this, a vigilant monitoring system is essential. An alert sentinel, it stands guard against unusual activities or breaches, facilitating swift and effective responses.

However, the heartbeat of our future strategy lies within our own organizations. We must foster a culture where security isn’t viewed as an optional appendage but an integral core of our operations. Every individual, regardless of their role, should understand their responsibility in safeguarding our IoT environment. This collective commitment will forge a human firewall, enhancing our technical defenses.

Yet, in a world where threats are becoming smarter, our defenses must evolve too. Automation and Artificial Intelligence must be harnessed as strategic allies in our security armory. These technological advances will augment our detection capabilities, shrinking the window between breach and response. More importantly, they will empower us to stay one step ahead, predicting and preempting threats before they materialize.

In essence, our future strategy cannot be a static document, but a living, breathing entity. It must grow, adapt, and evolve, mirroring the dynamic nature of the IoT threats we face. This strategic foresight, combined with an unyielding commitment to security, will fortify our defenses, ensuring we’re not just surviving in the digital landscape of 2024, but thriving. As CISOs, it’s our duty to lead this charge, safeguarding our organizations and securing our future in an interconnected world.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

23.12.8 ‘Voyager’ released

Changes compared to 23.12.7

Bug Fixes

  • Fixed a bug in new Microsoft 365 SharePoint incremental backups that didn’t correctly account for older snapshot formats

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Comet
We are a team of dedicated professionals committed to developing reliable and secure backup solutions for MSP’s, Businesses and IT professionals. With over 10 years of experience in the industry, we understand the importance of having a reliable backup solution in place to protect your valuable data. That’s why we’ve developed a comprehensive suite of backup solutions that are easy to use, scalable and highly secure.

Unraveling the Cause and Impact of Third-Party Contractor Breaches

The increasing demand for more mobile workforces and accelerated operations and supply chains has led to an increased reliance on contractors and third-parties. In turn, however, there has been a surge in third-party contractor breaches. Unchecked, this evolving threat can potentially cripple the strongest of cybersecurity frameworks. Contractor breaches have surfaced as a key vulnerability, demanding a fresh perspective to mitigate these risks and fortify defenses.

The Escalation of Contractor Breaches

The upward trend of third-party contractor breaches is no random occurrence, but a product of the increasingly interwoven digital connections in today’s corporate sphere. This intertwined ecosystem necessitates the exchange of sensitive data and privileges with external partners, inadvertently creating a minefield of potential breaches.

Fueling this upswing is the disparate enforcement of cybersecurity protocols among these external entities. It’s a troubling reality that not all partners possess the required strict cybersecurity measures, thereby transforming them into the Achilles’ heel of an otherwise solid corporate security framework.

This vulnerability is further compounded by the rising sophistication of cybercriminals. Harnessing advanced technologies, they persistently probe for weak links, leveraging contractor access to bypass stringent corporate defenses.

Moreover, the escalating shift towards remote work adds another layer to this complexity. As businesses gravitate towards a distributed workforce, the risk of breaches amplifies, given the wide array of networks, devices, and locations involved. In this landscape, contractor networks form a substantial and sensitive portion, necessitating comprehensive security measures.

A clear understanding of this rising phenomenon is the first step towards implementing effective countermeasures. Cybersecurity leaders must be proactive in acknowledging this trend, addressing the unique vulnerabilities it presents, and fortifying their defenses to ensure the integrity of their corporate networks and enterprise applications.

Notable Contractor Breach Incidents

To underline the sheer scale and potential devastation of third-party contractor breaches, it’s instructive to highlight some of the most high-profile incidents. One significant example is the 2020 SolarWinds hack. Cybercriminals infiltrated the company’s software update system, a sophisticated maneuver that allowed them unauthorized access to a multitude of clients, including key US government agencies.

Another sobering example is the 2013 incident involving the retail giant, Target Corporation. In this case, a third-party HVAC contractor’s network credentials were compromised, granting the attackers access to sensitive information. The resulting breach exposed 40 million credit and debit card accounts, delivering a harsh blow to both the financial and reputational capital of the company.

These instances underscore the gravity of the situation and the critical need to strengthen defenses against contractor breaches. Each incident serves as a stark reminder of the need for robust cybersecurity measures across all levels of the corporate network, including those of third-party contractors.

The Repercussions of Contractor Breaches

The fallout from a contractor breach isn’t merely limited to the tangible financial hit; the effects can ripple out, touching numerous aspects of the organization. Direct costs from containment, remediation, and regulatory penalties are undoubtedly impactful, but they are merely the tip of the iceberg.

Beneath the surface lurks a multitude of long-term consequences that can subtly undermine an organization’s strength. Chief among them is the erosion of customer trust, a priceless asset that can take years to build but seconds to shatter. Once the veil of data security is pierced, restoring consumer confidence can prove to be an uphill battle, leading to significant customer attrition.

The aftermath of a breach also significantly taints an organization’s reputation, tarnishing its image in the eyes of its stakeholders. The resulting blow can cripple the organization’s competitive edge and shrink its market share. It could also lead to the loss of business opportunities as potential partners may hesitate to associate with a company perceived as a cybersecurity risk.

Moreover, breaches can have serious legal implications, especially if they involve personal data. Organizations may find themselves on the receiving end of lawsuits, which can drain resources, not only financially but also in terms of time and focus.

The employee morale too could take a hit as breaches often lead to stress and distrust within the workforce, impacting productivity and collaboration.

The severity and broad scope of these repercussions underline the importance of recognizing the potential dangers that third-party contractor breaches pose. A proactive approach, backed by robust solutions such as Network Access Control (NAC), is essential in protecting organizations from these deep-seated threats and ensuring the continued trust of customers and stakeholders.

NAC as a Defensive Shield Against Contractor Breaches

In the battle against third-party contractor breaches, Network Access Control (NAC) emerges as a robust and essential ally. This innovative technology plays a crucial role in bolstering a company’s cybersecurity measures, providing the capacity to regulate network accessibility meticulously.

NAC operates as a gatekeeper, scrutinizing and governing network access based on pre-defined policies. This feature is of paramount importance when dealing with third-party contractors who need access to specific portions of the network. By enabling granular control, NAC allows businesses to limit access to specific network segments, forming a protective barrier around their most sensitive and valuable information.

The deployment of NAC goes beyond just restricting access. It provides companies with a lens to view and manage all devices and users accessing their network, providing a comprehensive and real-time picture of the network’s security status. This visibility is invaluable in identifying potential threats, highlighting unusual activity, and initiating swift, appropriate responses.

In addition to control and visibility, NAC brings a layer of automated enforcement to the table. It continuously monitors the network, ensuring that all connected devices and users adhere to the organization’s security policies. Non-compliance automatically triggers responses, such as blocking access or isolating the offending device, preventing potential breaches before they can inflict damage.

Embracing NAC is a strategic decision, one that requires thorough planning and thoughtful integration into the overall cybersecurity framework. But, when done right, it has the potential to drastically reduce the risk of third-party contractor breaches, fortifying the company’s defenses, and ensuring the integrity of its corporate networks and enterprise applications.

As the sophistication and frequency of cyber attacks continue to rise, solutions like NAC are no longer optional; they have become a necessity. Incorporating NAC into an organization’s cybersecurity arsenal signifies a proactive approach to threat management, a commitment to safeguarding vital business data, and a dedication to maintaining customer trust.

Implementing NAC for Enhanced Cybersecurity

In the labyrinth of cybersecurity, implementing Network Access Control (NAC) serves as a strategic maneuver, a step towards fortifying your business against the rising tide of third-party contractor breaches. This process isn’t a mere add-on; it’s an integral thread in the complex fabric of your cybersecurity plan.

The journey commences with an in-depth analysis of your valuable data assets. Understand their nature, their sensitivity, and their role in your business operations. Once you have a clear picture, define the permissions around these assets, establishing who can access what and when. This foundational step forms the basis of your NAC policies, guiding the level of access provided to internal employees and external contractors alike.

As your NAC structure begins to take shape, it’s vital to maintain an eagle-eye perspective. Monitor the adherence to these policies diligently, keeping tabs on all the devices and users that tap into your network. With NAC, you’re not just a spectator but an enforcer. You have the power to instantly act on any non-compliance, neutralizing potential threats before they transform into full-blown breaches.

In our modern world where automation is becoming the norm, NAC’s capabilities should not be left behind. Integrating artificial intelligence and machine learning into your NAC framework can equip you with proactive threat detection and response, ensuring your defense is always a step ahead of potential cybercriminals.

In an era where the connection is synonymous with vulnerability, the robust security that NAC provides is invaluable. It’s not just a defensive shield but a beacon of trust for your customers, a testament to your commitment to safeguarding their data.

As we chart a course towards a future defined by cybersecurity, the necessity for measures like NAC cannot be overstated. Embracing NAC is more than just an investment in technology; it’s an investment in the integrity of your business, a promise to guard what’s most valuable against the ever-evolving threats of the digital world.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Finding FortiOS devices with runZero

Today, February 8th, 2024, Fortinet disclosed a serious vulnerability in their FortiOS operating system, used by multiple Fortinet products.

The issue, CVE-2024-21762, allows attackers to execute arbitrary code on vulnerable devices. The vendor has indicated that this is a critical vulnerability.

The vendor reports that there are indications that this vulnerability may be actively exploited in the wild.

What is the impact?

Upon successful exploitation of these vulnerabilities, attackers can execute arbitrary code on the vulnerable system.

Are updates or workarounds available? 

Fortinet has released an update to mitigate this issue and all users are urged to update immediately.

Additionally, the vendor indicates that disabling the SSL-VPN functionality of the device will mitigate the issue.

How do I find potentially vulnerable FortiOS devices with runZero?

From the Asset Inventory, use the following query to locate assets running the FortiOS operating system which may potentially be vulnerable:

os:"FortiOS" AND tcp:443

Additional fingerprinting research is ongoing, and additional queries will be published as soon as possible.Learn more about runZero

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

23.12.7 Voyager released

Changes compared to 23.12.6

Enhancements

  • Added server log messages to Comet Server startup to indicate when certain subprocesses have finished initializing
  • Added a S3-compatible (Object Lock) storage vault template type
  • Improved Microsoft 365 incremental backups of SharePoint Sites and OneDrive to be more efficient and quicker

Bug Fixes

  • Fixed an issue causing the Comet Backup desktop app to enable Object Lock on a Storage Vault when Object Lock was not enabled
  • Fixed an issue with “unknown header” messages when connecting to a Storage Vault that has multiple files in the keys subdirectory
  • Fixed an issue causing some reporting filters to consistently use the first option instead of the selected option
  • Fixed an issue with the Recent Activity Email so it now correctly counts jobs which span multiple days
  • Fixed an issue with the Recent Activity Email so it now matches the same period as the Recent Activity Report in the Comet Server web interface
  • Fixed an issue with remote software updates for Windows clients
  • Fixed an issue with the Linux deb package not being present when listing the available software downloads via the API

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Comet
We are a team of dedicated professionals committed to developing reliable and secure backup solutions for MSP’s, Businesses and IT professionals. With over 10 years of experience in the industry, we understand the importance of having a reliable backup solution in place to protect your valuable data. That’s why we’ve developed a comprehensive suite of backup solutions that are easy to use, scalable and highly secure.

Libdrop: File sharing through NordVPN

What is Libdrop?

Libdrop is a cross-platform library developed in the Rust programming language. It is compatible with Windows, MacOS, Linux, iOS, and Android. File sharing within the NordVPN environment is facilitated by the Libdrop library, which is available as an open-source resource on GitHub.

The goal of Libdrop implementation is to allow smooth and secure file sharing between users over Meshnet. The library should be easily integrated into the NordVPN application so API users can issue transfer requests, with the rest of the processes being carried out in the library.

Libdrop protocol

The Libdrop protocol enables peer-to-peer file sharing via both IPv4 and IPv6. In this process, the sender presents files to the receiver, who then selects specific files for download. Downloads are then initiated.

The transfer is live until one of the peers goes down or the transfer is explicitly canceled by either of the peers, after which the files are no longer available for download. This provides the user with a time window where they can decide which files they want to download now and in the future while the transfer is still up.

High-level overview of communication between two peers.

Communication and low-level details

Let’s take a closer look at the technical details of the communication process, and how we developed our current setup.

gRPC

At first glance, it seemed evident that our easiest course of action would be to focus on the HTTP server and client because this is very easy to use and understand, as well as being a time-proven technology. We could make a REST endpoint and just proceed with a regular HTTP download.

To enhance speed and control, we opted for gRPC. Because gRPC is a binary protocol it has less overhead. It is also strongly typed, making errors harder to introduce. gRPC technology automatically generates the code needed for both the client and the server, making it an excellent fit. In fact, Libdrop was originally built on gRPC.

Initially, it was very comfortable to use — both the client and the server code just worked. We could issue a certain call via the wire and expect the appropriate function to be called on the peer.

However, as time went on, we found that debugging gRPC presented some challenges, and the “black box” nature of it began to concern us. The generated code also had little control over the socket itself because it was abstracted too far away to gain direct access. Consequently, we transitioned from gRPC to WebSockets in pursuit of a more adaptable solution.

WebSockets

Unlike gRPC, WebSockets is not strongly typed, which offers a degree of flexibility. This flexibility comes at the cost of making it easier for bugs to appear. However, there’s no automatic code generation, which is a plus.

The ability to easily introduce versioning was another advantage. We just need to have the URL in the form of “ws://{addr}/drop/{version}/query.” It also helped that WebSockets is a fairly easy-to-understand technology that works in tandem with HTTP so the traffic can be inspected easily as well as debugged.

Choosing WebSockets turned out to be a wise decision. It led to a reduction in code complexity and greatly enhanced our understanding of the data flow. Plus, having written the code ourselves, we felt fully in control of the system.

Simplified representation of backward compatibility between Libdrop versions.

Rust and Tokio

Due to the nature of the Libdrop library’s heavy IO and event-driven architecture, the codebase contains a lot of asynchronous flows which could have been a tough problem. However, Rust’s great implementation of async alongside the Tokio library proved to be a great combination in dealing with this and avoiding potential crashes.

Rust shines because the borrow checker is really persistent about lifetimes and safety while developing because it prevents you from compiling incorrect code that breaks ownership rules.

We are also fairly safe from panics as we spend most of the time in Tokio tasks and those are executed in catch_unwind. This means that if the Tokio task panics it will simply yield an error instead of tearing the whole thread down.

Still, not every place in the codebase runs in a Tokio task, and so for those cases where a Tokio task is not involved, we tune Rust linter to detect unwrap() calls in the codebase that could potentially invoke a panic handler.

NordVPN uses Rust in numerous libraries and panics are handled in custom panic handlers. These handlers wrap the error and emit it via callback so the API user receives it and can properly log it.

API and the dilemma: To block or not to block?

We’ll now explore the choices we made around our API.

SWIG

For the API we used SWIG, which was already battle-tested and proven by libraries such as Libtelio. SWIG automatically generates FFI binding code for all target platforms, but it’s not without limitations. While it’s very easy to pass primitives such as integers and strings, higher-order structures are not that comfortable. In a compromise, we accept certain parameters as JSON strings.

JSON strings, while slightly less optimal, are a great solution to the problem. All mainstream languages know how to parse it or have a popular library ready to do so. The downsides to JSON strings are less type safety and a need for greater control to avoid breaking the conformity.

Event-driven architecture and reporting

One question that arose around the API was whether or not we should block it. Based on the API users we opted to not make the API block and communicate via events. This provides more complexity on the API design side but it provides an event-driven API and means that API users don’t need to care about threads. App developers are usually experienced in working with callbacks so this architecture suits them well.

Callbacks are used for event notification and reporting so the API user can receive reports and log them where appropriate. Events are for reporting. Both events and reports are passed on as JSON-encoded strings.

Errors are reported when the parameters to the API are incorrect or when a runtime error is encountered.

Types of events

Events are emitted for various milestones:

A transfer was requested.

The transfer was successfully queued (the API returned no error) and contains all the paths collected.

A file upload/download was started, finished, or failed.

A file upload or download progressed.

User experience and history tracking with SQLite

When considering how to track transfer records and states, our team opted for a local SQLite database that users can easily inspect.

We chose SQLite for its flexibility and cross-platform availability, and because it offers a strong query system that makes it user-friendly.

The widespread use of SQLite in various applications gave us added confidence in its reliability and performance, making it an easier choice over alternatives like JSON files or custom binary formats.

Database limitations: A read-only resource

The SQLite database does not control Libdrop’s operations in any way. Its role is purely read-only. The SQLite database serves to offer our users a convenient API for accessing transfer histories and logs, without impacting the underlying functionality of Libdrop.

In cases where we fail to open or migrate the SQLite database successfully we can remove it entirely and try again. If it fails again we can then use an in-memory database that provides proper functionality while the app is alive.

Security and validation

Security in Libdrop has several key focuses:

  • Ensuring that the right sent file reaches the receiver.

  • Ensuring that a transferred file is immediately picked up and scanned by NordVPN’s Threat Protection feature.

  • Ensuring that foreign apps cannot make calls directly to the peer.

  • File validation: Ensuring integrity from start to finish

As part of our commitment to ensuring a reliable file transfer process, we take several precautions. The moment a file is selected for upload, we immediately fetch its metadata, specifically capturing its size and checksum. This information is then shared with the receiver to ensure both parties have synchronized data right from the start.

During the actual upload, we keep a close eye on the data transfer. We compare the size of the transferred data with that of the received data, allowing us to detect any inconsistencies. If a discrepancy is found, the transfer is terminated, ensuring that only accurate and complete files proceed.

At the receiving end, a fresh checksum is calculated once the correct amount of data is received. If this calculated checksum doesn’t align with the initially shared checksum, the transfer is terminated. In such cases, the transfer is reported and stored as a failed transfer on both ends.

Threat Protection

In both Windows and MacOS, files often carry metadata indicating their origin. Without this information, antivirus software would need to scan each and every file for threats, which isn’t efficient.

Applications regularly produce many files, the majority of which are legitimate and harmless so it’s common practice to embed specific markers within these files. This allows antivirus tools to identify and scan files faster.

On Windows and MacOS, we immediately attach these markers once files are downloaded. This ensures that the Threat Protection scanner can promptly identify and assess them, leaving no gap during which they might be accessed without a prior security check.

MacOS uses kMDItemWhereFroms while Windows uses Zone.Identifier.

Socket security

Finding the protocol and communication method used by Libdrop is straightforward. The port we use is 49111, and the address is in the format ws://{addr}/drop/ (this can all be seen in the source code provided on GitHub).

While it’s true that you can bypass Libdrop by directly connecting to this URL with cURL or similar tools, this is a situation we’d like to avoid. Our aim is to maximize usability and minimize the risks for users.

Since we considered user experience, we also explored the idea of automatically accepting files from trusted peers. However, we recognized the potential risk of someone abusing this feature to spam others, and so decided against it.

To enhance security, we implemented an authorization system based on Meshnet keys. These keys are retrievable via API after successful user authentication. Since NordVPN is consistently aware of peer public keys, we’re able to use this information to validate connections at the Libdrop communication level. If a user fails the authorization process, the transfer is terminated — no questions asked from the receiver side.

To accomplish this, we employ HMAC with SHA-256 and generate a shared key using the Diffie-Hellman algorithm. When initiating a connection, the NordVPN app provides the public key of the peer. Combined with the private key we already possess from the time of initializing Libdrop, we’re able to calculate this shared key. Both sides of the transaction do the same, and the process is only deemed successful if the keys match.

We’re aware that this system isn’t bulletproof. For instance, users might find a way to exploit a Linux CLI app. However, we believe these improvements represent a significant step towards creating a safer and more reliable experience for our users.

Permissions and user access

Integrated into the NordVPN application, Libdrop operates under the constraints of user permissions as enforced by the operating system. This ensures that users can only share files to which they have ownership rights. To initiate a file transfer, a connection between peers must first be established. Enabling file sharing for a specific Meshnet peer allows one to start receiving files from that device. Disabling file-sharing permissions for a Meshnet peer will halt incoming transfers from that particular device. You can read more about file-sharing permissions here.

On the Linux platform, we faced an additional challenge because the app needed to run as root due to Libtelio’s requirements. Running Libdrop as root was out of the question, as it would have unrestricted access to the entire file system. To navigate this, we set Libdrop up to run as a user process that communicates with the NordVPN daemon.

Fortunately, mobile devices didn’t present the same issue, thanks to their robust sandboxing. Likewise, applications on Windows and MacOS operate with user permissions, so there were no concerns on those platforms either.

It’s worth noting that Libdrop isn’t designed for multi-user scenarios, as it uses a hardcoded port number, 49111. However, it can technically bind to different network interfaces without any problems.

File aggregation

To simplify the user experience and streamline integration, we designed Libdrop to automatically enumerate files in the paths provided. These paths can point to either individual files or directories, allowing for greater flexibility. This setup posed several challenges, however:

  • How can we recreate the directory hierarchy?

  • What do we do when we encounter a symlink?

  • What happens if there are too many files?

  • What are the issues with Android permissions?

Let’s take a closer look at how we overcame these challenges.

Recreating the directory hierarchy

For hierarchies, we used the same rename logic as we did with the files, but only for the root level directory. We only communicate the path with the peer starting at the root level of the provided path, meaning that if there’s a directory structure of C:\Files\Photos\Cats\Cute and the user adds C:\File\Photos then we only send Photos\*, the receiver is unaware of the C:\Files portion. This was important because, if the receiver was aware of that portion, personal details could be leaked.

Interestingly, directory separators are not cross-platform. Windows supports both \ and / while Unix-based OSs (Android, iOS, MacOS, Linux) support only /. Initially, we just communicated with the path as-is, which then produced some fun results. Sending a path, “Photos\Cats\1.jpg,” from Windows to a Linux machine would produce a file with that name instead of two directories and one file when transferring a directory.

As an easy solution, we chose the following approach: when the user sends a directory and we aggregate a path, we split it with the native path separator and then glue it back together using the universal one — /. We can then use that path going forward.

Dealing with symlinks

We decided that, when a symlink is encountered, we would return an error. This reduces the chances of possible security issues arising around certain files.

Symlinks reduce the visibility of operations, creating situations in which a user might think they are sending one set of files while in reality a different group of files are picked up.

What happens if there are too many files?

In Libdrop we allow for certain configuration values when initializing the library, ensuring that it can be flexible across multiple platforms. To help with interoperability, we decided to add two values: file limit and file depth limit.

Including these two values means that deep directories result in an error. An error is also generated when the file limit is reached. We think it’s better to be explicit than implicit, and so we’d rather generate an error than send an incomplete file transfer.

Android permission issue

Using the transfer system on Android presented us with some challenges. In order to use the POSIX file system, the API needs appropriate permissions in the application manifest. Direct file system access requires that the application is placed within a single specific category, but this was a problem because NordVPN is not just a file or backup manager.

A solution was found when we did an experiment and found that upon selecting the file in Android, it was possible to detach the file descriptor. This enabled us to use POSIX with the provided descriptor:

Testing and dogfooding

We used Python and Docker to load the compiled library and imitate conversation between two peers. This allowed us to reproduce the bugs by writing test cases, easing our concerns about bigger changes in the codebase.

The testing framework allowed us to generate scenarios quickly using a Python API where we can imitate all the actions a user might take alongside the events we would expect as a result.

Tests can’t perfectly replicate what happens in real life so we still constantly seek QA feedback alongside the relevant aggregated logs. Still, having an easy-to-use test framework proved to be very beneficial and boosted our confidence during development.

Meshnet protocol and wire safety

NordVPN’s file-sharing feature is built on Meshnet, a peer-to-peer protocol. This design allows for the shortest possible data path between computers, eliminating the need for third-party cloud storage or service providers.

One caveat is that both Meshnet nodes must be online simultaneously for the transfer to take place. All traffic between Meshnet nodes, including file sharing, is authenticated and encrypted via WireGuard’s cryptography, ensuring that even Nord Security cannot access the contents of the files or the traffic being transmitted. You can read more about the Wireguard protocol here.

Thanks to Libtelio and Meshnet, Libdrop doesn’t need to use any encryption of its own because double-encryption would be unnecessary. If you’re considering implementing Libdrop into your own product, you should integrate transport layer security (TLS), which should be fairly trivial to implement.

In summary, NordVPN’s File Sharing feature offers a secure, efficient, user and API-user-friendly method for peer-to-peer file transfers through the Meshnet.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Don’t let your desire for love turn into lust for data

 

Asking for money or intimate photos is out of date. Romance scams are getting more sophisticated.

Valentine’s Day is coming up, but this holiday is not always a simple celebration of love with bouquets, chocolate, and romantic dinners. For those who are still on a quest to find the right partner, it may be a day highlighting how sad and lonely they feel. This feeling of loneliness, combined with a desire for a partner, is what many scammers prey upon.

With cybersecurity finally getting well-deserved attention in recent years, chances are that you’ve already noticed warnings about romance scams long before now. Using social networks and chat applications, scammers can pretend to be potential lovers, and after they open their victim’s heart, they also try to open their wallet.

However, with increasing levels of general digital security awareness, scammers’ tactics have evolved. Some no longer directly ask for money because, for example, their imaginary relative needs surgery. Instead, they send you just one risky sentence: “Let’s go chat somewhere else.”

Often, the victim is led down a path to a new unknown app, one that is offered on third-party app stores or websites that prompt you to download spy tools that are capable of reading your private data stored in your smartphone like it’s an open book. In these cases, your only defense is to have a reliable cybersecurity solution that can detect the app’s suspicious activities running in the background while you two lovebirds are chatting.

From connecting people to spying

Since ICQ, “I Seek You,” one of the most popular online messaging apps to hit the internet in the mid-1990s, introduced its service globally, the popularity of messaging apps has seen constant growth.

Let’s take one of today’s most popular messaging apps, WhatsApp, as an example. Since its launch on February 24, 2009, WhatsApp has been constantly growing, reaching 2.49 billion quarterly users in Q3 2023.

Overall, the number of people using messaging apps surpassed 3.3 billion in 2023, with the vast majority using three services: WhatsApp, Facebook Messenger, and WeChat.

However, scammers have also been looking at those numbers amorously, and messaging apps have quickly become a platform for both phishing and online romance scams, amongst other threats.

In just three years – from 2019 to 2022 – the amount of losses attributed to romance scams reported to the U.S. Federal Trade Commission (FTC) rose from $493M to $1.3B. Social networks and messaging applications were the first contact platform for 59% of those who said they lost money to a romance scam in 2022.

These numbers get even more serious when considering that the vast majority of fraud isn’t even reported to the government. A study conducted in 2021 found that only 4.8% of people who experienced mass-market consumer fraud bothered to complain to the non-profit Better Business Bureau or a government entity.

Love in a military uniform

Some recent cases show that romance scammers are not only going after your money but also lusting for data. Spyware inserted in apps has become a serious issue, and the latest ESET Threat Report calls attention to a surge in Android spyware detections, which have risen by 88.9%.

In the past, spying chat apps were often nonfunctional, and a targeted person could quickly figure out that something was not right and delete it immediately. Nowadays, these malicious apps are actually doing what victims expect them to do. For example, threat actors make a copy of a legitimate open-source functional chat app and just change its visuals. This means that the targeted person may not get suspicious and can be monitored for a long period of time.

In June 2023, ESET researchers published a blog about Android GravityRAT spyware being distributed within malicious but functional messaging apps BingeChat and Chatico, which were both based on the OMEMO Instant Messenger app. The spyware can exfiltrate call logs, contact lists, SMS messages, device location, basic device information, and files with specific extensions such as jpg, PNG, txt, pdf, etc.

The apps mentioned above were only available on phishing websites, not via official or third-part app stores, but how potential victims were tricked to go there and download them remains a mystery. However, when researchers at Qihoo 360, a Chinese cybersecurity company, analyzed different fake but functional chat apps bundled with spyware, they found that the motivation behind victims downloading these apps was due to “matters of the heart.”

In this case, attackers created multiple accounts on Facebook pretending to be love-seeking female users and added relevant Pakistani military personnel as friends to further obtain their contact information. Then, with the fake profiles and their hidden agenda, they wrote to victims that they were interested in pursuing a relationship, and had “found” a great new app where they could chat further.

While the individuals targeted probably thought they were falling head over heels in love, they were in fact unwillingly feeding threat actors sensitive personal information, along with military intelligence.

Don’t give your heart and data away so readily

To avoid being scammed, let’s begin with the basics and go through common romance scam red flags.

  • Making excuses to avoid meeting: The scammer will avoid a meeting in person despite repeatedly stating that they are willing to do so.
  • Things are moving too fast: Your new “partner” will express deep interest/affection and perhaps a desire for intimacy despite your having been chatting for only a few days.
  • Asking for money: Romance scammers often come with a heartbreaking story concerning why they need money as soon as possible. They can also pose as rich people who can pay their debts with interest but “right now, cannot access their funds.”
  • Leaving secure communication: The scammer may ask to leave a dating service or social media site to communicate directly.

Your chances of being scammed will also rapidly decrease when you use only trustworthy app stores with strict app review policies.

Your mobile’s chaperone

In case you’ve downloaded a malicious app, it’s good to have a powerful antivirus operating on your phone. This may be especially useful in cases where the app is fully functional and does not raise any obvious red flags.

Try ESET Mobile Security today!

 

ESET Mobile Security (EMS) can detect and block threats during the download process, even before installation occurs. This means that the threat never reaches the user. EMS can also be used to scan already existing apps to double-check that you haven’t bought the devil in disguise.

Moreover, EMS provides the user with real-time file system protection that scans all files in download folders for malicious code when opened, created, or run.

In the case of a malicious app or download, EMS alerts users that malicious code has been detected – as seen in the picture below.

Caption

You can also perform an on-demand scan anytime you want with two possible options:

1. Smart Scan goes through installed applications, executable files, SO files (SO stands for shared libraries), archives with a maximum scanning depth of three nested archives, and SD card content.

2. In-depthScan will check all file types, regardless of file-extensions, both in internal memory and on SD cards.

When ‘follow your mind’ advice won’t help you

When it comes to discussion of how to avoid disappointments in love, you often hear tips like “follow your mind, not your heart.” But if you are targeted by a sophisticated romance scam, chances are that such advice won’t help. This is true even for those who aren’t in a sad mood on Valentine’s Day.

In cases where your perception fails, you need reliable software equipped with advanced scanning capabilities to show you what your new chat app and new wannabe partner truly are.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

How Databook Labs met stakeholders’ expectations by doubling down its global team’s security

Databook Labs, a pioneering company in AI, has revolutionized the enterprise sales landscape. Their exceptional ability to interpret vast financial and market data arrays has notably enhanced global strategic relationships for sales teams.

Profile of Databook Labs

With users across 104 countries, the platform ingests and interprets billions of financial and market data signals to generate actionable sales strategies that connect the seller’s solutions to a buyer’s financial pain and urgency.

A successful product led to rapid expansion and a distributed workforce across 8 countries. Anne Simpson, Head of Privacy, Security, and Compliance at Databook Labs, walked us through how the company faced the pressing challenge of ensuring robust cybersecurity in a hybrid work environment.

The challenge

Scaling up securely in a global landscape

Databook Labs experienced accelerated growth, scaling from 12 to 100 employees and expanding to three global offices.

First, starting at the founder’s house basement, the company grew and got its first office before the pandemic. Changing team location and scale required an established security mindset.

Besides, this rapid development and a primarily remote workforce presented significant cybersecurity challenges.

“With a mostly remote workforce, Databook needed a way to secure data while working away from our known networks.”

Click to tweet

Their primary concern was safeguarding data across numerous unknown networks, a critical issue given their large enterprise customer base with stringent security expectations.

The solution

Choosing NordLayer for comprehensive security

When Anne Simpson, Head of Privacy and Security, joined Databook Labs, she recognized the need for a robust VPN solution to protect their global, remote workforce.

“The majority of our customers are large enterprises that want to see high-security standards in place.”

Click to tweet

Besides securing a remote workforce, Anne was also responsible for developing, maintaining, and enforcing Databook’s information security policies to meet client expectations.

“We encourage people to get out there and explore the world while working. When they appear on an unknown network, I can’t guarantee the data transmission’s security, so we had to get a VPN.”

Click to tweet

The integration of NordLayer allowed the company to maintain a high level of security without the need for extensive in-house resources.

“We are a very small team, so we don’t have the resources to build a VPN and maintain one in the house. And that’s what we love about NordLayer.”

Click to tweet

Compatibility, security, and simplicity are the key characteristics NordLayer solution proved to be the top pick.

Why choose NordLayer

After thorough research and peer consultations, NordLayer emerged as the ideal choice. Its ease of implementation, excellent customer support, and compatibility with non-technical users made it a perfect fit for Databook Labs.

The company already had SOC 2 certification, so adding NordLayer to our policies and procedures made it all about privacy and security at Databook Labs.

“After the demo, we felt that NordLayer was the easiest to implement. It gave us everything we needed, and the team was really helpful. We’ve never had a problem with any customer service support issues.”

Click to tweet

As Anne Simpson claims, the tool doesn’t require manual handling, and the security manager doesn’t need to worry about it.

How NordLayer helps manage the expectations of different parties

Overall, NordLayer simplifies the experience of enabling and using a remote network access security tool. It’s designed to be user-friendly for non-tech-savvy employees while meeting the high standards expected by clients and stakeholders.

The outcome

Enhanced security and operational efficiency

Implementing NordLayer had a profound impact on Databook Labs. Anne Simpson and her team found peace of mind in knowing that their data was secure and that they were in compliance with global regulations.

“NordLayer is very user-friendly. During onboarding, our team members receive training on using the VPN, and the Okta integration plays a crucial role. They are well-versed in when it is most beneficial to be connected to the VPN.”

Click to tweet

NordLayer’s solution, with its simplicity, allowed the team to dedicate more time to strategic objectives. It also made it easy for non-technical employees, eliminating the need to manage VPN complexities.

“I would recommend NordLayer VPN as it is simple to use and does not incur any upfront costs, such as setting up our own VPN and needing on-premises hardware.”

Click to tweet

Additionally, NordLayer’s performance causes any issues with the company’s operations, easing initial concerns about potential slowdowns.

Pro cybersecurity tips

Everyday cybersecurity rules should become a mantra of every tech user in the modern world. But sometimes, it’s not that obvious where to start. Thus, here are the main recommendations from the Head of Privacy, Security & Compliance at Databook Labs, where it’s worth concentrating your focus to begin with.

Quotes of Databook Labs

Databook Labs’ experience using NordLayer proves that being accountable for data security is challenging with remote teams yet achievable using the right solutions. Discover how compatible your cybersecurity strategy is with the NordLayer tool and enjoy the peace of mind it brings to every IT manager who uses it.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

[IMPORTANT] Registration Server will be regularly maintenance on 2024-02-17 (04:00 pm) to 2024-02-18 (04:00 am)

IMPORTANT !

ESET planned Network Core Infrastructure maintenance in ESET HQ which will take place on
Saturday, February 17th, 2024, from 4:00 PM to Sunday, February 18th, 2024, 4:00 AM, Hong Kong Time lasting 12 hours.

The impact of this outage covers ALMOST ALL ESET services, regardless internal or external.
It means in certain time within the maintenance window, customers might not place orders, activate license or generate license, etc.

That means Order System, Check Key, Key activation and eStore all affected.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.