Skip to content

Why NAC is Critical to Stopping APT Attacks

The rise of Advanced Persistent Threat (APT) attacks has become a significant concern for organizations across the globe. These highly sophisticated and targeted cyber threats can persist undetected within a network for extended periods, posing severe risks to sensitive data, intellectual property, and overall organizational security. To counter the growing threat of APT attacks, organizations must adopt comprehensive cybersecurity measures, and one essential component in this defense arsenal is Network Access Control (NAC). In this article, we will delve into the critical role that NAC plays in thwarting APT attacks and why its implementation is indispensable for modern cybersecurity strategies.

Understanding Advanced Persistent Threats (APTs)

Before delving into the role of NAC, it’s crucial to understand the nature of APT attacks. Unlike traditional cyber threats, APTs are highly targeted, well-funded, and persistent. These attackers aim to infiltrate a network covertly, remaining undetected for extended periods to extract sensitive information or launch more damaging attacks. APTs often involve multiple stages, including reconnaissance, initial compromise, privilege escalation, lateral movement, and data exfiltration.

Common Characteristics of APT Attacks

  • Stealth and Persistence: APT attackers employ sophisticated techniques to avoid detection and maintain a persistent presence within the compromised network. They may use advanced malware, rootkits, and other evasion tactics to bypass traditional security measures.
  • Targeted Approach: APTs are specifically tailored for a particular target, often with the goal of gaining access to sensitive information, intellectual property, or valuable assets. This targeted nature makes them more challenging to detect using generic security solutions.
  • Advanced Techniques: APT attackers leverage advanced techniques, such as zero-day exploits and advanced social engineering, to exploit vulnerabilities in systems and gain unauthorized access.
  • Lateral Movement: Once inside a network, APT attackers move laterally, escalating privileges and compromising additional systems. This allows them to navigate through the network and access valuable resources.

The Role of NAC in APT Mitigation

Network Access Control (NAC) is a crucial component of cybersecurity that focuses on controlling and managing access to a network based on the identity and security posture of devices seeking to connect. By enforcing policies at the entry points of a network, NAC helps organizations prevent unauthorized access and ensures that only compliant and secure devices are allowed onto the network. Here are key reasons why NAC is critical to stopping APT attacks:

  • Device Visibility and Authentication: NAC provides organizations with comprehensive visibility into the devices connected to their networks. Through device profiling and authentication mechanisms, NAC ensures that only authorized devices with valid credentials can access the network. This is particularly crucial in the context of APT attacks, where unauthorized or compromised devices may attempt to gain entry.
  • Endpoint Security Posture Assessment: APT attackers often exploit vulnerabilities in endpoint devices as an entry point into the network. NAC solutions assess the security posture of devices before granting access, checking for updated antivirus software, security patches, and adherence to security policies. By ensuring that endpoints meet predefined security standards, NAC acts as a frontline defense against APTs attempting to exploit vulnerabilities.
  • Dynamic Policy Enforcement: NAC allows organizations to define and enforce dynamic access policies based on various factors, including user roles, device types, and location. In the context of APT attacks, dynamic policy enforcement becomes crucial in responding to evolving threats. For example, if a device’s security posture changes or if suspicious behavior is detected, NAC can dynamically adjust access permissions or isolate the device from the network.
  • b In the event that a device is identified as compromised or potentially malicious, NAC can isolate it from the network to prevent further lateral movement. This containment capability is vital in stopping APTs from spreading across the network and limiting the potential damage caused by the attack.
  • Continuous Monitoring and Threat Detection: APTs thrive on remaining undetected for extended periods. NAC complements traditional security measures by continuously monitoring devices on the network and detecting anomalous behavior that may indicate a potential APT attack. By integrating with threat intelligence feeds and security information and event management (SIEM) systems, NAC enhances the organization’s ability to identify and respond to APTs in real-time.
  • Compliance and Auditing: Many industries have regulatory requirements that mandate specific security standards and controls. NAC helps organizations demonstrate compliance by ensuring that devices adhere to these standards before gaining network access. Regular audits and reporting provided by NAC solutions contribute to a proactive cybersecurity posture, reducing the risk of APT attacks.
  • Integration with Other Security Solutions: NAC does not operate in isolation; it integrates seamlessly with other cybersecurity solutions, such as firewalls, intrusion detection/prevention systems, and endpoint security solutions. This collaborative approach enhances the overall security posture and increases the likelihood of detecting and mitigating APT attacks.
  • Adaptive Response to Threats: APTs are known for their adaptive nature, evolving to bypass traditional security measures. NAC, with its adaptive response capabilities, ensures that the organization can keep pace with the changing threat landscape. This adaptability is essential for addressing the persistent and evolving nature of APT attacks.

Case Studies: Real-World Impact of NAC in APT Mitigation

Mandiant’s APT1 Report

In 2013, cybersecurity firm Mandiant released a groundbreaking report on APT1, a Chinese cyber espionage group. The report highlighted how APT1 had successfully infiltrated numerous organizations over several years. In several cases, Mandiant identified the use of NAC as a critical factor in detecting and mitigating APT1’s activities. NAC solutions played a pivotal role in limiting the lateral movement of APT1 within compromised networks.

Sony Pictures Entertainment Breach

The 2014 Sony Pictures Entertainment breach, attributed to North Korean hackers, demonstrated the devastating impact of APT attacks. In the aftermath of the breach, it was revealed that the attackers gained access to the network by exploiting weak credentials and using destructive malware. NAC, if properly implemented, could have prevented unauthorized access by enforcing strong authentication policies and identifying suspicious behavior.

Implementation Challenges and Best Practices

While the benefits of NAC in APT mitigation are evident, organizations may face challenges during implementation. Here are some common challenges and best practices to address them:

  • Integration Complexity: NAC implementation often involves integration with existing infrastructure, which can be complex. To address this, organizations should carefully plan the deployment, ensuring compatibility with existing security solutions and minimizing disruption to normal operations.
  • User Education and Awareness: Users play a crucial role in the effectiveness of NAC. Organizations should invest in user education and awareness programs to ensure that employees understand the importance of adhering to security policies and the role they play in preventing APT attacks.
  • Scalability: As organizations grow, the number of devices and users on the network increases. Scalability is a critical consideration in NAC implementation. Choosing a scalable solution that can handle the expanding network infrastructure is essential for long-term success.
  • Continuous Monitoring and Updates: APTs are dynamic, and their tactics evolve over time. Continuous monitoring and regular updates to NAC policies are essential to adapt to emerging threats. Organizations should establish a process for reviewing and updating policies based on the latest threat intelligence.
  • Collaboration with Threat Intelligence: NAC is more effective when integrated with threat intelligence feeds. Organizations should establish collaboration with threat intelligence providers to receive timely updates on emerging threats, allowing NAC solutions to proactively respond to new APT tactics and techniques.

Conclusion

In the face of the escalating threat posed by Advanced Persistent Threats (APTs), organizations must adopt a multi-layered cybersecurity approach that includes advanced technologies and robust policies. Network Access Control (NAC) emerges as a critical component in this defense strategy, offering unparalleled visibility, dynamic policy enforcement, and adaptive response capabilities. By implementing NAC, organizations can significantly enhance their ability to detect, prevent, and mitigate APT attacks, safeguarding sensitive data and preserving the integrity of their networks. As APTs continue to evolve, NAC remains a cornerstone in the ongoing battle to secure the digital landscape against persistent and sophisticated cyber threats.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Notifications Telegram: Pandora FMS

Content:

For environments where you have the need to know immediately if any issues arise, such as production environments, security or critical resources of your company, this Pandora FMS integration with Telegram is absolutely perfect, as it is the answer to that required immediacy, as well as the possibility of offering exact information about the location and cause of the problem, thanks to the powerful Pandora FMS system of alerts and macros.

Likewise, being a messaging service based on telephone communications through the data network, it guarantees your technicians, managers and on-call operators that they will find out aboutany problem at the exact moment it appears, without the need to access a computer or manually check their email.

Thanks to the plugins of your library and the flexible alert system offered by Pandora FMS, we will show you how to configure your monitoring tool to send instant messages whenever a problem is detected.

First of all, you must start from the necessary environment, whose requirements are:

  • Pandora FMS environment running on Linux, in this case we will use Rocky Linux 8, the distribution recommended by the manufacturer.
  • Our library plugin: Telegram bot CLI.
  • Telegram account available to be used as a broadcaster for alert messages.

Bot creation

First of all, create the Telegram bot that will be in charge of sending messages. From the Telegram account you wish to use, you will have to interact with the user BotFather using the “/start”command:

Then use the comman “/newbot” to create your bot.

It will ask you for the name you wish your bot to have. Here specify the name you wish for your bot. It is important for the name to end with “bot”, for example Pandora_FMS_telegram_bot.

By sending you the name, if it is not in use, it will confirm that the bot was properly created, with a link to your chat and give you a Token that is important for you to save to set up the alert later.

Group Setup

Now enter the bot that you just created in an existing group you may have or a new one that you create, to receive your alerts.

The next step is to add another bot called GetIDs Bot to the same group in order to get the group identifier. By adding it, it will leave you a message with the ID of your group, and you should also take note of that for later.

With all of this you will already have your Telegram ready to receive alerts.

Integration with Pandora FMS (versions 773 and earlier)

First you should start by downloading our plugin Telegram bot CLI.

It will download a zip file called telegram-bot-cli.zip, which you should decompress.
Inside, you will find a file called “pandora-telegram-cli.py” which must be added to your Pandora FMS server in the path “/usr/share/pandora_server/util/plugin”.

Now, from the terminal of your server, install the Python3 dependencies (if you do not already have them) by means of the command “dnf install python3”:

Once installed, run the plugin to verify that it is running, through the command “python /usr/share/pandora_server/util/plugin/pandora-telegram-cli.py”:

We will now move on to Pandora FMS server console.
Go to the “Management > Alerts > Commands” section and click “Create”:

And set up your alert command as follows:

On command, type in the following:

python3
/usr/share/pandora_server/util/plugin/pandora-telegram-cli.py -t _field1_ -c _field2_ -m “_field3_”

The command that we will use is for executing the plugin that you downloaded, with the arguments -t, -c and -m. It is important for the argument -m to be enclosed in quotation marks “”.

  • In the field of argument -t, Bot Token, enter the token of your bot.
  • In the field of argument -c, Chat ID, enter the ID of the group that bot “GetIDs Bot” provided you with.
  • And in the -m field, Alert Message, enter the alert message that you want your bot to send to the group. You may use all the alert macros you need, some examples are:
    • _module_: Name of the module that triggered the alert.
    • _agentalias_: Alias of the agent that triggered the alert.
    • _modulestatus_: Status of the module when the alert was triggered.
    • _agentstatus_: Status of the agent when the alert was triggered.
    • _data_: Data of the module that triggered the alert.
    • _timestamp_: Time and date the alert was triggered.

For example, you could use this message (which we will enter in field3): “The module _module_ of agent _agentalias_ has changed to _modulestatus_ status”

.

Once all this is filled in, click “Create”.

Now access the “Management > Alerts > Actions” section of your Pandora FMS console and click “Create” to create your action.

Enter the name you want your action to have, select the group, the alert command that you created previously and choose a Threshold. All the fields will be filled in automatically and click “Create”:

Now access the “Management > Alerts > List of Alerts” section and configure the alert for the Agent and Module you want.

In this case select that when the “Host Alive” Module of the “Router” agent goes into critical state, your previously created “Telegram Message” action will be executed:

If your module goes into critical state, you will receive this message to your Telegram group:

When your alert recovers you will receive a message like this:

Integration with Pandora FMS (versions 774 and later)

In version v7.0NG.774, the Telegram plugin of your library has been added by default to Pandora FMS alert, with a standard basic configuration.

If you access the Management > Alerts > Commands section, you will have a command called “Pandora Telegram”:

When accessing it, you will see that the command that will execute your alert is already configured.
Fill the -t “TOKEN” parameter of the command with the token given to you by BotFather and save the command:

After this, access the Management > Alerts > Actions section and access Pandora Telegram action.
At the bottom, add the Chat ID of your group that gave you the bot “GetIDs Bot” In the Triggering and Recovery sections, you may modify the message to your liking using the alert macro as you saw previously, and click “Update”:

Once saved, enter the Alert List menu from Management > Alerts > List of Alerts and create a new alert.
Select the agent and module, the action you updated “Pandora Telegram”, the template you want and create the alert:

Once your alert is triggered, you will receive your message by Telegram:

Sending alerts with data graphs

In our integration of Pandora FMS alerts and Telegram, you may add to the message a graph with the latest data of the module that triggered the alert, this applies both for version 773 and earlier and for 774 and later. You will be able to send graphs in your alerts by adding a call to the API of your Pandora FMS server to the script you used previously.

The first step that you must configure on your server is access to Pandora FMS API in the “Setup > Setup > General Setup” section, in the “API password” field you will have the API password and in the “IP list with API access” enter the IPs that need access or you may provide access to any IP (*).

Now edit the command that you had previously created to add the necessary data to send the graph. You need to add the following parameters:

  • –api_conf: Here indicate the configuration parameters of the API of your server, it is important to fill in the fields ” < >“:
    “user=,pass=,api_pass=,api_url=http:///pandora_console/include/api.php”.
    Example: “user=admin,pass=pandora,api_pass=1234,api_url=http://10.0.5.100/pandora_console/include/api.php”
  • –module_graph: Parameters of the module from which you will retrieve the graph, in this case there is two of them:
    • module_id: Where the ID of the module that triggered the alert is entered. In this case use the alert macro_id_module_ so that it is always filled in with the module ID of the alert.
    • interval: Total time interval shown in the graph, in seconds. We will use 3600 seconds by default, the equivalent of 60 minutes or 1 hour but you may configure the interval that best suits you.

The resulting full command will be as follows:

Command:

And field configuration:

And save the changes.

When the alert is triggered, you will receive the message with the data graph of your module:

El equipo de redacción de Pandora FMS está formado por un conjunto de escritores y profesionales de las TI con una cosa en común: su pasión por la monitorización de sistemas informáticos.

Pandora FMS’s editorial team is made up of a group of writers and IT professionals with one thing in common: their passion for computer system monitoring.

 

 

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

Unmasking juice jacking: the hidden cyber threat lurking at public charging stations

Imagine this: you’re at an airport, and your phone’s battery is low. You spot a public charging kiosk—perfect, right? Well, not really. Welcome to the world of juice jacking. It’s like pickpocketing in the digital age, which happens while your phone is charging at public stations. 

Juice jacking is mostly bad news for people who are always on the move, like travelers or those who do business on the go. Thus, this threat is on the radar of business cybersecurity risks.

While there isn’t much data on juice jacking or recorded events that serve as a precedent, this type of attack is a potential sleeper. Interestingly, earlier in 2023, the Federal Bureau of Investigation (FBI) and the Federal Communications Commission (FCC) raised awareness about juice jacking, implying that such cases have appeared.

In this article, we’re diving into the not-so-sweet details of juice jacking. We’ll uncover what it is, how the bad actors pull it off, and how you can dodge this sneaky cyber trick. Ready? Let’s jump right in.

What is juice jacking?

Juice jacking is like a stealthy attack on a phone, tablet, or laptop. It happens when someone plugs a device into a public charging station, and sneaky software slips into it. The goal is to steal information or infect your device with malware.

Which devices are the usual targets? Phones and tablets are the top picks, but really, it’s anything that charges up through a USB port. Think about your devices—smartphones, laptops, and even some e-readers. If it charges using USB, it could be at risk.

Where is this attack most likely to happen? Airports, malls, hotels, gyms, libraries—places with public charging spots that seem helpful when your battery’s running low. Attackers know that when a battery’s dying, people don’t think about security—they just want that charge. And that’s when the attackers make their move.

The mechanics of juice jacking

Imagine the charging cable as a two-way street. Typically, we think it’s just there to send power to your device, but it can also transfer data.

But here’s the sneaky part—criminals rig the public charging stations with a so-called “skimming device”—think of it like a hidden microphone, but for data. It’s tucked away inside the USB port, out of sight, waiting to snatch the data. When someone plugs in their device, this skimmer gets busy, extracting information from it or dropping off malware like an invisible spy.

How juice jacking works

Let’s dive deeper. Juice jacking is all about two things: stealing your business data and leaving behind nasty surprises in the form of malware.

Data theft

While a device is charging in a public station, the hidden skimming device gets to work. It discreetly sifts through the device, hunting for valuable information. We’re talking emails, contacts, and even confidential business files—the juicy details that you definitely don’t want in the wrong hands. So, while you’re waiting for a battery boost, someone could also be shopping online with your credit card.

Malware installation

Having a device connected and charging, the skimmer plays the role of a malicious invader, planting unwanted malware into your device.

Malware can have many harmful effects, like discreetly spying on your business activities, interfering with your device’s operation, or even locking you out of your own files. It’s like leaving a device with a bug that keeps causing trouble long after you’ve unplugged from the charging station.

Why endpoint security matters

Endpoint security is important in the grand scheme of a business’s digital safety net. It’s like having well-trained guards at every door and window of your office in the digital dimension.

  • A study by the Ponemon Institute reveals that 68% of organizations faced one or more endpoint attacks, leading to compromised data and/or IT infrastructure.

  • According to an IBM publication, 79% of business travelers unknowingly risk exposure to attacks by using public USB ports or charging stations.

  • A 2021 global Statista survey on endpoint security visibility revealed that 73% of participants considered isolating the endpoint from the network to be crucial for effectively responding to an endpoint attack. Meanwhile, 38% believed that locking user accounts and revoking credentials were vital actions in responding to such attacks.

In essence, endpoint security is not just a part of the defense; it’s a core element. It helps cement the walls of your business’s cyber fortress, ensuring that data remains protected and business operations flow smoothly without disruptions from sneaky, malicious invaders.

Preventing juice jacking

First, knowing if you’ve fallen victim to juice jacking is tricky. The device might act weird, like slower performance or unexpected pop-ups—signs that your device has been compromised if:

  • The device consumes more battery life than usual

  • It operates at a slower speed

  • Takes longer to load

  • Crashes frequently due to abnormal data usage

If you spot unfamiliar apps or your battery drains faster than usual, those could be red flags, too.

Best practices

Protecting your device starts with some simple habits. Keep a personal charger handy—your own charger is always the safest option. Public USB charging stations? Maybe skip those if you can. They’re like candy stores for cybercriminals.

To avoid being juice jacked, follow these tips for protecting your device:

  • Steer clear of public USB charging stations

  • Refuse requests for data transfer

  • Opt for two-factor authentication or biometric login options when possible

  • Bring along a personal portable charger or battery pack with you

  • Use electrical outlets with your personal charging cable and wall charger

Technological solutions

Technology can be your ally here. Consider using USB data blockers—they let you charge without the risk of data transfer. And keep your device’s software updated; it’s like giving the device some armor against malware.

Awareness and training

Knowledge is power. The more people know about these sneaky attacks, the better. Organizations should consider conducting training sessions—they’ll make their defense game stronger. And stay updated—new tricks pop up, and keeping in the loop helps stay one step ahead.

Juice jacking and corporate security

For businesses, juice jacking is a real headache. It’s not just about one device—it could jeopardize the whole company’s data. Especially for traveling employees, staying cautious is key. A simple charge at a public station could turn into a costly data disaster.

Further readings to grow your cyber awareness

FAQ

What types of business data are most vulnerable during juice jacking?

Any data stored on your device can be at risk. This includes emails, contacts, customer information, and sensitive business documents. Basically, anything you wouldn’t want to fall into the wrong hands.

How can businesses prevent their employees from becoming victims of juice jacking?

Education is key. Make sure employees are aware of the risks associated with using public USB charging stations. Encourage the use of personal chargers and provide USB data blockers as a protective measure.

Are certain types of public charging stations riskier than others?

It’s hard to pinpoint which public charging stations are riskier, as any station could be compromised. However, stations in less secure or highly populated areas may present a higher risk.

What immediate steps should be taken if an employee suspects their device has been juice jacked?

If there is suspicion, immediately stop using the device and disconnect it from networks to prevent potential data transmission. Conduct a thorough security scan, remove unfamiliar apps, and change passwords as a precautionary step.

How can a business assess the security of a public charging station?

It’s challenging to assess the security of a public charging station on the spot. Instead, focus on equipping employees with tools and knowledge to avoid risks, such as carrying personal chargers or using USB data blockers.

Should businesses avoid the use of public charging stations altogether?

While it’s not always feasible to avoid public charging stations entirely, minimizing their use and applying protective measures, like using USB data blockers, can help mitigate risks.

Can updated or newer devices still be susceptible to juice jacking?

Yes, even the latest devices can fall victim to juice jacking. Keeping devices updated and using security tools can help protect them, but awareness and caution are crucial.

Genetic data leak, 23andMe point to credential stuffing

Hackers are selling genetic data stolen from users of the company 23andMe. The company itself says they weren’t breached, although their users’ data was used by what seems to be a single threat actor stealing personal details and genetic data. This data was then published or advertised online. 23andMe suggested that the threat actor(s) gained unauthorized access with “recycled login credentials”, a technique known as credential stuffing.

The logic is simple: Keep trying stolen username/password combinations, and eventually, they’ll work on another site. An easy solution to credential stuffing attacks? You guessed it: Multi-factor authentication (MFA). While 23andMe has offered an MFA feature since 2019, it was not made mandatory for users. With genetic and personal data at stake and up to 7 million users affected by these recent breaches, it might be time for a change in policy.

The Bleach Breach: Clorox revenue and supply chain hit

Clorox, the household cleaning giant, predicts a more than 20% drop in quarterly sales due to a cyberattack (thought to be ransomware) that caused product shortages and operational disruptions. Manufacturing, often kept running by legacy systems and sprawling workforces, suffers more cyberattacks than any other industry.

The Clorox incident is being linked to the same group responsible for the MGM and Caesars Palace hacks, discussed in our previous episode, which occurred around the same time in August 2023. “Scattered Spider” is notorious for using social engineering methods to gain access to internal systems. The Clorox Company’s share price has dropped by over 7 percent in the last month.

Wearable AI: Trendy or just trending?

Tech companies are rushing to secure the lead in wearable AI products. Meta has collaborated with Ray-Ban on a pair of high-tech glasses, enabling wearers to live stream directly from the glasses to Facebook or Instagram and voice activate Meta AI, “an advanced conversational assistant”. Jony Ive, Apple’s legendary former design lead, and OpenAI are reportedly teaming up to design the “iPhone of AI”.

Rewind.ai unveiled a neck-worn pendant that records conversations to your smartphone and creates a searchable database of life moments. Humane, imagining “a world where you can take AI everywhere”, have developed a smart device that resembles a badge or lapel pin.

The common goal here seems to be for technology to rely less on screens, to fade from view, and become all but invisible.

Stay tuned for the next episode of Cyberview.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

SafeDNS Website Categorization Database 101

Seems like it is high time to learn about the SafeDNS database, a solution that can be exceptionally helpful in making the services you provide even more attractive. Here are the essentials you might want to know about it.


What is the SafeDNS Database?

SafeDNS offers an encrypted database of millions of domains categorized into 66 different categories. The key purpose of this solution is to provide the category of a specific domain by its URL upon request. Our database currently contains 104 million domain names. Crawlers, along with data obtained from using the database, ensure that it is updated daily with thousands of domain names. We put quality above quantity and care not only about the number of domains added daily, but also pay great attention to the URL classification and categorization process to ensure that it is detailed and seamless.

 

Access Options & Use Cases

We offer three convenient ways to access the SafeDNS database.

The first way of accessing the database is Categorization API, designed to provide developers and third-party systems with an online way to get the data they need. This type of access allows seamless integration with other systems that require site category verification. There are 2 subtypes of Categorization API: X-API and Y-API.

X-API is the easiest one in terms of incorporation and use. Its processing speed is 1000 requests per second. In order to maintain it, the data provided by X-API can be cached on the side of the integrated system for a period of no more than 12 hours. Besides, AI is integrated into the system, which enhances its capabilities. With the database being refreshed every 24 hours, it ensures that users have the most up-to-date information at their disposal.

Y-API is a combination of SDK и X-API, possessing all the best features these two options have. It is deployed locally within the client’s circuit and installed in the client’s Docker container. Y-API can be a perfect choice in case you need online access with a higher processing speed (up to 15000 requests per second) than X-API demonstrates.

The third option is Categorization SDK. This offline version is ideal for those who prefer to have a local database that can be downloaded onto devices, granting quick and convenient access without the need for a constant internet connection. SDK is easy enough to integrate into the final software product developed in C or Python. An advantage of this option is an increased network bandwidth. Its processing speed is 70 000 requests per second.

What Is This Solution for?

SafeDNS provides the option of using the database as an independent product in several areas. It can be particularly useful for internet service providers, endpoint protection vendors that have their own infrastructure but need a full-fledged and regularly updated database to be integrated into their filtration systems.

Another use case is database integration into DLP (Data Loss Prevention) and DPI (Deep Packet Inspection) systems via SDK in particular, and Internet providers in general. This option can be helpful in categorizing decrypted traffic to get deeper analytics and meet regulatory requirements. New Generation Firewalls and UTM providers can also have the SDK-type database integrated.

Since the processing speed of SDK is much higher, it is a perfect solution for service providers and platforms that need to handle a huge number of requests.

Our database, especially the X-API option, can be used both as a primary categorization tool and as a supplement for local market actors to enhance protection and the quality of foreign domain categorization. It is also suitable for solutions with parental control functions.

How Much Does It Cost?

Our billing system is flexible, it allows users to pay as they go based on their specific business needs and the number of requests they make. This ensures that customers only pay for the services they use, making it a cost-effective solution for businesses of all sizes.

SafeDNS offers a powerful database that assists companies in managing web access effectively. By leveraging the SafeDNS solution, businesses can enhance their security measures and ensure a safer and more controlled web browsing experience for their users.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SafeDNS
SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence. Moreover, we strive to create the next generation of safer and more affordable web filtering products. Endlessly working to improve our users’ online protection, SafeDNS has also launched an innovative system powered by continuous machine learning and user behavior analytics to detect botnets and malicious websites.

23.9.11 ‘Voyager’ released

New Features

  • Support new “Latest VM State (Changed Block Tracking)” option for Hyper-V for improved backup performance.
  • Added support for VMware ESXi hosts running on a free license. Comet now supports both the free and paid versions of VMware for backups and restores.
  • Added the ability to enforce policies created by a top-level administrator onto tenant administrators and tenant users. This allows top-level administrator to enforce settings and preferences across an entire Comet Server.

Enhancements

  • Improved the admin accounts dialogue to have a separate Policies tab in the Comet Server web interface.

Bug Fixes

  • Fixed an issue with the Comet Backup desktop app not refreshing the Job History when a new backup job is started.
  • Fixed an issue with hourly scheduler where it failed to adjust correctly to the USA Daylight Savings Time (DST)
  • Fixed an issue with the Comet Backup desktop app jumping to a different Protected Item view when there is a Protected Item being edited. This usually occurred when a scheduled backup was run.
  • Fixed an issue where VMware snapshots created in CBT mode had incomplete chunks.
  • Fixed an issue with the My Devices chart on the Comet Server web interface failing to render.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Comet
We are a team of dedicated professionals committed to developing reliable and secure backup solutions for MSP’s, Businesses and IT professionals. With over 10 years of experience in the industry, we understand the importance of having a reliable backup solution in place to protect your valuable data. That’s why we’ve developed a comprehensive suite of backup solutions that are easy to use, scalable and highly secure.

Web Security Challenges in Hospitality Business: A Case for Cloud Web Filtering

In the fast-paced world of hospitality, where customer satisfaction is of utmost importance, the digital landscape presents both opportunities and risks. Nowadays, hotels and restaurants experience a huge amount of online challenges: they become targets for cybercriminals due to their handling of sensitive data and face reputational risks associated with guests’ online experiences.

Understanding the evolving digital problems landscape and taking preventative measures such as content filtering is paramount to protecting businesses from potentially catastrophic outcomes.

The Allure of Hospitality for Hackers

Hospitality organizations store a lot of valuable information, making them attractive targets for cybercriminals. Installing malware on POS systems allows hackers to steal customers’ credit card information, causing significant reputational and financial damage to businesses. Moreover, the growing trend of ransomware attacks, where hackers paralyze systems and demand large ransoms for restoration, can result in million-dollar losses and occupancy declines of 80–90%.

Alarming Statistics: A Wake-Up Call for the Hospitality Industry

Recent research emphasizes the severity of the issue, revealing that 67% of accommodation and food businesses have fallen victim to cyberattacks. This places the industry in third place, behind only the education and arts, entertainment, and recreation sectors. Despite this alarming statistic, many businesses focus their investments on only traditional security systems and practices, often overlooking the critical human factor.

The Human Element: A Vulnerability Exploited

Latest ransomware attacks on the HoReCa sector (е.g., MGM and Caesar cases) emphasize that people might be the weakest link in the cybersecurity chain. Hackers can identify, for instance, a random tech employee of the target company and here we are: within 10-15 minutes they get access to the systems. The simplicity of many attacks usually relies on such tactics as tricking people into clicking on suspicious links and inputting credentials. This is reason enough to reflect on the critical need for employee training and measures that can prevent users from accessing potentially malicious resources.

Battles Against Explicit Content

Apart from cyberattacks, the restaurant and hospitality industry frequently faces a distinct online challenge — the potential for reputational harm in case guests encounter explicit content during their stay. Given that hotels and restaurants are typically chosen as venues for family outings or holidays, the expectation is that their networks should remain free from inappropriate content.

SafeDNS: Elevating Cybersecurity for Hospitality

Discover SafeDNS, a security beacon in the ever-changing digital landscape. The cloud web filtering solution offered by SafeDNS provides a multifaceted approach to cybersecurity, addressing challenges faced by hotels and restaurants. Besides, our web filtering assists the HoReCa sector in creating a safe environment free of inappropriate content, so that neither guests nor their children encounter anything disturbing while browsing the Internet.

Key Features of SafeDNS


  1. Cloud-Based Advantage: SafeDNS eliminates the need for physicial security concerns and complex hardware infrastructure, making our solution perfect for industry giants and small businesses.
  2. User-Friendly Interface: The account interface is highly intuitive, ensuring that everyone, regardless of technical skills, can easily install and navigate through the system.
  3. Comprehensive Categories: With 66 categories of websites available, SafeDNS empowers businesses to customize their web access policies, from blocking explicit content to restricting access to timewasters to enhance employee productivity.
  4. Advanced Scheduling: Unlike many other web filtering services, SafeDNS introduces a unique scheduling feature, allowing users to set up schedules that can adapt web filtering to the dynamic nature of the hospitality industry.
  5. Detailed Reports: You can gain valuable insights into users’ web activities with a detailed report. The best part here is that the service cannot be deceived by clearing the browser history or surfing the internet in incognito mode.
  6. Unmatched Support: SafeDNS built an exceptional support team available 24/7 to ensure any issues that arise are quickly resolved.
  7. Free Cybersecurity Awareness Training: We offer a course on the basics of online security to help increase employee cybersecurity knowledge.

 

As the hospitality industry navigates the digital landscape, prioritizing cybersecurity is non-negotiable. Make the proactive choice to stay protected with SafeDNS and strengthen your reputation against the ever-present threat of cyberattacks.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SafeDNS
SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence. Moreover, we strive to create the next generation of safer and more affordable web filtering products. Endlessly working to improve our users’ online protection, SafeDNS has also launched an innovative system powered by continuous machine learning and user behavior analytics to detect botnets and malicious websites.

ESET Research dives into the onboarding and scamming processes of Telekopye online fraudsters

ESET researchers have analyzed how aspiring new attackers join Telekopye groups, thanks to ads in underground forums, and present a detailed view of the whole scamming operation from the attackers’ perspective.
The research contains analyses of the scam scenarios and what each Neanderthal has to do in order to be successful. (ESET Research refers to the scammers using Telekopye as Neanderthals.)
Telekopye’s capabilities include creating phishing websites, sending phishing SMS and emails, and creating fake screenshots.
According to ESET telemetry, this tool is still in use and in active development. The toolkit is implemented as a Telegram bot.

BRATISLAVA, PRAGUE — November 23, 2023 — ESET researchers have recently discovered and analyzed Telekopye, a toolkit that helps less tech-savvy people pull off online scams more easily, with the first part of the research being published in August. In this second part, ESET Research focuses on scammers’ internal onboarding process, a detailed view of the whole scamming operation, and analysis of the scam scenarios.

The capabilities of Telekopye include creating phishing websites, sending phishing SMS texts and emails, and creating fake screenshots. According to ESET telemetry, this tool is still in use and in active development,and is implemented as a Telegram bot. Victims of this scam operation are called Mammoths by the scammers. For the sake of clarity, and following the same logic, ESET refers in its findings to the scammers using Telekopye as Neanderthals.

Telekopye groups recruit new Neanderthals via advertisements across many different channels, including underground forums. These advertisements clearly state the purpose: to scam online marketplace users. Aspiring Neanderthals are required to fill out an application, answering basic questions like what experience they have in this line of “work.” If approved by existing group members with sufficiently high rank, the new Neanderthals can start using Telekopye to its full potential.

There are three main scam scenarios: seller, buyer, and refund. In the seller scam, attackers pose as sellers and try to lure unsuspecting victims into buying some nonexistent item. When the victim shows interest in the item, the “seller“ persuades him them to pay online rather than in person and provides a link to a phishing website posing as a legitimate payment site. Unlike the legitimate web page, though, this page asks for an online banking login, credit card details (sometimes including balance), or other sensitive information. The phishing website automatically steals it.

In the buyer scam, attackers pose as buyers, researching victims to target. They show interest in an item and claim they’ve already paid via the provided platform. Then they send the victim an email or SMS message (created via Telekopye) with a link to a carefully crafted phishing website, claiming that the victim needs to click this link in order to receive their money from the platform. The rest of the scenario is very similar to the “seller“ scam. In the refund scenario, attackers create a situation where the victim is expecting a refund and subsequently send them a phishing email with a link to the phishing website, once again serving the same purpose.

“In almost every group of Neanderthals, we can find references to manuals with online market research from which Neanderthals draw their strategies and conclusions,” says ESET researcher Radek Jizba, who investigated Telekopye. “For example, during the buyer scam scenario, Neanderthals choose their targets based on the type of items they are selling. For instance, some groups avoid electronics completely. The price of the item is also important. Manuals recommend that Neanderthals, in the buyer scam scenario, pick items with a price between €9.50 to €290,” he adds. Additionally, attackers using Telekopye utilize web scrapers to quickly go through many online marketplace listings and pick a “perfect victim” who will most likely fall for the scam.

Telekopye attackers believe that their groups are full of “rats” (for example, law enforcement or researchers). Thus, they religiously stick to the rules; mainly, no probing for information that could identify other members of the group. Breaking such rules may very well result in being banned. The golden rule is “Work more, talk less.”

Even though the main targets of scammers are online markets popular in Russia, such as OLX and YULA, ESET has also observed targets that are not native to Russia, such as BlaBlaCar and eBay, and even others that have nothing in common with Russia, like Jófogás and Sbazar.

For more information about how Telekopye attackers operate, check out the blogpost “Telekopye: Chamber of Neanderthal’s Secrets.” Make sure to follow ESET Research on Twitter (now known as X) for the latest news from ESET Research.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Data speaks volumes: how analytics improves network visibility

Network management is pivotal and complex in the increasingly connected world. The task is enormous, whether it’s understanding the intricate user activity patterns, keeping a keen eye on data traffic, or monitoring device activity within the network.

Enter the analytics territory, where data doesn’t just speak; it roars volumes. By harnessing tools such as activity logs, server usage analytics, and Device Posture Monitoring, network visibility reaches a new height into a new dimension.

Different challenges require diverse solutions

A company network is a complicated organizational ecosystem. Various aspects, like the load of data traffic and employee connections, require specific attention. These targeted approaches help in decision-making, identifying problems, and streamlining network performance.

The use of data analytics in network management is transformative in addressing different issues:

Security concerns

  • Behavior analysis – continuous monitoring and analyzing data traffic, unusual patterns, or anomalies can help detect signs of a security breach or threats.

  • Compliance monitoring – regular scans and assessments ensure that network configurations meet the industry’s compliance regulations.

Network performance optimization

  • Bottleneck identification – real-time analysis of network traffic data helps identify potential bottlenecks or overloaded devices, allowing proactive action to prevent slowdowns.

  • Capacity planning – historical data analysis allows organizations to predict future network needs, making planning for expansion or upgrades easier.

Troubleshooting and maintenance

  • Root cause analysis – analytics can provide deep insights into the root causes of network issues, allowing for quicker and more accurate resolutions.

  • Predictive maintenance – by analyzing trends and historical data, predictive algorithms can forecast potential hardware failures or performance degradation, enabling preventative maintenance.

User experience and behavior understanding

  • Application performance monitoring – insights into how applications perform on the network can lead to optimizations that enhance user experience.

  • User behavior tracking – understanding how users interact with the network provides valuable security and performance-tuning insights.

Cost Management

  • Resource allocation – data-driven insights help efficiently allocate resources, ensuring no part of the network is over- or underutilized.

  • Cost prediction – analyzing trends helps forecast bandwidth usage, hardware upgrades, and maintenance costs, aiding budget planning.

Strategic planning and decision-making

  • Trend analysis – long-term data analysis can uncover emerging trends and potential opportunities for innovation or improvement.

  • Decision support – data-driven insights support informed strategic decisions, aligning network management with business goals.

Device monitoring in network management

  • Device Posture Monitoring – understanding the state and security of all connected devices is crucial for a robust network environment, including:

    1. Real-time assessment – monitoring device states in real-time, tracking factors like software versions, security patch levels, and endpoint configurations to determine their compliance with security policies.

    2. Threat detection – identifying potential vulnerabilities through continuous device behavior surveillance and comparing them against established baselines. This allows for an immediate response to unusual activities.

    3. Integration with security protocols – Ensuring devices connecting to the network meet specific compliance and security standards is crucial. This is achieved by integrating posture assessments with existing network access controls.

    4. Automated remediation – to prevent potential security breaches, execute automatic actions to correct non-compliant devices, such as quarantining or patching.

    5. Visibility and reporting – providing comprehensive visibility into the devices connected to the network and generating detailed reports for compliance tracking and security auditing.

How NordLayer incorporates analytics for network visibility

NordLayer’s approach is all about simplicity. We offer a unified platform to manage your organization’s network from one central place. Different pieces of information give insights into varying elements monitored from a data perspective.

Here are the scenarios where NordLayer can come in handy when looking for an analytical angle of network performance.

An overview of connections and actions: Activity monitoring

Activity log 1400x7000 (1)

The network of a small company and a large enterprise needs to record every organization member to identify who has access to connect. It’s like a window into what’s happening within the network and how each element behaves at a surface level.

NordLayer’s Activity monitoring is a helpful functionality for admins. It allows organizations to not only identify a connected member but also have their details and session time to evaluate the tool’s usage.

From a user activity perspective, information like member name, device name, given ID number, and email helps spot any deviations in created user profiles. You can also track when members connect and disconnect from the network in a provided table, ensuring compliance with security policies.

The Activity monitoring also shows a list of admin’s actions, from creating gateways and logging in to enabling or enforcing specific features. It’s practical to track down what actions were performed retrospectively in case of an audit, procedure revision, or simply to avoid accidentally duplicate actions. The functionality supports troubleshooting, helping to find if single errors have affected the team level.

Admins can use an export capability to have all concise data in one place and use it for generating insights. The export capability allows downloading encrypted connection reports, often used for compliance audits and internal process reviews.

Track service performance: server usage analytics

Connection statistics help better understand bottlenecks and overloads of the company network. From the number of members to what servers they are connected to, it provides visibility to network managers to distribute teams more effectively.

Cramped servers lead to performance issues that impact your workforce’s productivity. Therefore, the data about service usage is crucial in future decision-making and establishing processes. NordLayer’s Insights tab in the Control Panel has interactive dashboards for server usage visibility.

The Insights tab provides a detailed data summary to analyze protocol connectivity patterns and see active sessions in a given time. The information available for protocol usage displays the company’s dedicated server metrics.

The active sessions dashboard lists data about the number of users connected to specific dedicated servers. It makes it easy for admins to analyze the distribution of connections and plan for potential future needs, such as additional dedicated servers.

Maintaining a record of network activity: Device Posture Monitoring

Hybrid work and bring-your-own-device (BYOD) policies increase the risk of malicious connections.

Managing and gaining visibility into the devices within the network is challenging. You need to verify the identity of connecting individuals and ensure their connecting devices aren’t infected and don’t threaten the organization’s network.

NordLayer’s Device Posture Monitoring functionality addresses this challenge by accurately monitoring who connects to the company network based on predefined rules. The feature is convenient for registering deviations from established norms.

Device Posture Security allows admins to define periodical device check rules listed below.

  1. Enabling a list of organization admin-trusted devices.

  2. Defining a preferred OS and its version.

  3. Specifying the supported NordLayer app version.

  4. Enforcing checks if the device is jailbroken or rooted.

  5. Confirming that the device contains a specific file.

  6. Checking for an allowlisted IP address on the device.

The functionality improves the admin’s visibility of a device’s compliance with internal policies and its up-to-date status. To increase actions based on the Zero Trust framework, the functionality provides information about access, device health, and activity data for devices in the organization.

Benefits of network visibility features

Having data and knowing what to do with it offers substantial benefits for organizations. By offering a panoramic view into the complex labyrinth of connections, server usage, connected devices, and their security posture, network visibility features not only enhance the control and management of the network but open doors to numerous advantages.

Additional security

Network visibility allows organizations to monitor and analyze network traffic effectively. By observing network behavior, IT admins can detect and respond to security threats. This approach helps identify suspicious activities or unauthorized access attempts.

Network performance

Insights into the network enable understanding and optimization. It assists with the identification of bottlenecks, congestion, latency issues, and network failures. Better network management enables a landscape where data informs and empowers, leading to a smarter, safer, and more efficient work environment.

Troubleshooting

Detailed insights provide information to make troubleshooting and resolving issues easier, thus saving time. When problems occur, IT admin can use all of these capabilities to analyze traffic patterns and pinpoint the source of the problem.

Embracing the future with advanced network visibility

As the digital landscape expands, the importance of a transparent, secure, and efficient network cannot be emphasized enough. With tools like NordLayer, organizations can confidently navigate this evolving terrain.

NordLayer showcases the future of network management, where data doesn’t just inform but empowers growing businesses that face increasingly complex network challenges. Embracing advanced analytics and visibility tools is not just a luxury—it’s a necessity.

Share article

 

Copied

Copy failed

 

Genetic data leak, 23andMe point to credential stuffing

Hackers are selling genetic data stolen from users of the company 23andMe. The company itself says they weren’t breached, although their users’ data was used by what seems to be a single threat actor stealing personal details and genetic data. This data was then published or advertised online. 23andMe suggested that the threat actor(s) gained unauthorized access with “recycled login credentials”, a technique known as credential stuffing.

The logic is simple: Keep trying stolen username/password combinations, and eventually, they’ll work on another site. An easy solution to credential stuffing attacks? You guessed it: Multi-factor authentication (MFA). While 23andMe has offered an MFA feature since 2019, it was not made mandatory for users. With genetic and personal data at stake and up to 7 million users affected by these recent breaches, it might be time for a change in policy.

The Bleach Breach: Clorox revenue and supply chain hit

Clorox, the household cleaning giant, predicts a more than 20% drop in quarterly sales due to a cyberattack (thought to be ransomware) that caused product shortages and operational disruptions. Manufacturing, often kept running by legacy systems and sprawling workforces, suffers more cyberattacks than any other industry.

The Clorox incident is being linked to the same group responsible for the MGM and Caesars Palace hacks, discussed in our previous episode, which occurred around the same time in August 2023. “Scattered Spider” is notorious for using social engineering methods to gain access to internal systems. The Clorox Company’s share price has dropped by over 7 percent in the last month.

Wearable AI: Trendy or just trending?

Tech companies are rushing to secure the lead in wearable AI products. Meta has collaborated with Ray-Ban on a pair of high-tech glasses, enabling wearers to live stream directly from the glasses to Facebook or Instagram and voice activate Meta AI, “an advanced conversational assistant”. Jony Ive, Apple’s legendary former design lead, and OpenAI are reportedly teaming up to design the “iPhone of AI”.

Rewind.ai unveiled a neck-worn pendant that records conversations to your smartphone and creates a searchable database of life moments. Humane, imagining “a world where you can take AI everywhere”, have developed a smart device that resembles a badge or lapel pin.

The common goal here seems to be for technology to rely less on screens, to fade from view, and become all but invisible.

Stay tuned for the next episode of Cyberview.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

DNS Security Best Practices


What is DNS Security?


DNS security,

often referred to as DNSSEC (Domain Name System Security Extensions), is a set of protocols and techniques designed to protect the DNS from various threats and vulnerabilities. The primary goal of DNS security is to ensure the integrity, authenticity, and confidentiality of DNS data. By doing so, it helps prevent malicious activities such as DNS spoofing, cache poisoning, and man-in-the-middle attacks that can redirect users to fake websites or compromise their data.


Why DNS Security Is Important

DNS security is vital for preventing disruptions in operations. Any disruption to a business’s online presence can have devastating consequences. DNS attacks, such as DDoS attacks or cache poisoning, can render websites and services inaccessible. DNS security measures, including robust DNS hosting and protection, mitigate these risks, ensuring uninterrupted operations and customer access to primary and secondary DNS servers. Moreover, DNS security protects sensitive data. DNS queries contain sensitive information about the websites users intend to visit, and without adequate security, these queries can be intercepted by malicious actors. Implementing DNS security ensures the confidentiality of DNS data, and protects user privacy.

Without DNS security, there are risks of phishing and fraud. Cybercriminals often use DNS to conduct phishing attacks. Malicious actors create deceptive websites with domain names similar to legitimate ones, tricking users into revealing personal information. DNS security measures help detect and block these fraudulent domains, reducing the risk of phishing and fraud incidents.

In addition, many industries and jurisdictions have specific regulations and compliance requirements related to data protection and cybersecurity. Implementing DNS security measures can help companies meet these legal obligations and avoid enormous fines for non-compliance related to IP addresses and DNS settings.

DNS Security Best Practices

Log all DNS activities: Maintain detailed logs of DNS queries and responses to monitor for suspicious activities and troubleshoot issues effectively. Analyze these logs regularly to detect security vulnerabilities and respond to potential threats.

Keep the DNS cache locked: Make sure that cached data in your DNS server is secure and not vulnerable to cache poisoning attacks. Implement measures to prevent unauthorized access or manipulation of the cache.

Configure access control lists (ACL) precisely: Implement strict ACLs to control which devices and networks are allowed to access and use your DNS servers. Only authorized users and systems should have access to internal DNS servers.

Regularly update the DNS server: Remember to update your DNS server software regularly and keep it patched to address known vulnerabilities and security weaknesses. Stay informed about security advisories related to your specific DNS server software.

Deploy dedicated DNS applications: Use dedicated DNS server software designed for security and performance, such as BIND, Microsoft DNS, or other reputable options, rather than repurposing general-purpose servers.

Implement DNSSEC (DNS Security Extensions): DNSSEC adds a layer of security by digitally signing DNS records, ensuring data integrity and authenticity. Enforce DNSSEC for your domains to protect against DNS spoofing and cache poisoning attacks and validate DNS data integrity.

Mask the primary DNS server and information: Hide the identity of your primary DNS server and its version number to minimize the risk of attackers targeting known vulnerabilities in your DNS software.

Time limit the recursive DNS query response: Set a time limit for how long your DNS server will spend processing a recursive query. This helps prevent your server from being tied up by malicious or excessive requests.

Facilitate random DNS socket pool utilization: Configure your DNS server to use a random selection of source ports and request IDs to make it harder for attackers to predict and spoof DNS responses.

Ensure DNS availability with adept redundancy: Implement redundant DNS servers to maintain service availability even if one server becomes compromised or goes offline. Use load balancing and failover mechanisms for seamless DNS operation.

Reinforce the name servers: Secure the physical and network infrastructure of your name servers. Limit physical access, use strong authentication for administrative access, and employ firewalls and intrusion detection systems.

Filter and Monitor DNS Traffic: Employ DNS traffic filtering to block known malicious domains and monitor DNS traffic for anomalies and suspicious patterns. Tools like DNS filtering services and intrusion detection systems can be useful for this purpose.

In addition to these best practices, it’s important to stay updated on the latest DNS security threats, as this landscape evolves continuously. Regular security audits, penetration testing, and employee training can also help ensure the overall security of your DNS infrastructure.

DNS security is a critical component of a robust cybersecurity strategy. By implementing DNS security best practices, you can protect your organization’s online presence, maintain user trust, and ensure the availability and integrity of your online services. Remember that security is an ongoing process, and staying vigilant against emerging threats is key to a secure DNS infrastructure.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SafeDNS
SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence. Moreover, we strive to create the next generation of safer and more affordable web filtering products. Endlessly working to improve our users’ online protection, SafeDNS has also launched an innovative system powered by continuous machine learning and user behavior analytics to detect botnets and malicious websites.

Improving NordVPN’s Android performance using the Compose Compiler plugin

At NordVPN, we’ve harnessed the power of Jetpack Compose and its feature-rich capabilities to craft the user interface of our Android app. While Compose has accelerated our feature development workflow, our commitment to product quality drives us above all. We’re continuously exploring strategies for maintaining optimal performance. 

The new Compose integration has sparked a lot of internal discussion regarding the app’s performance. One of the things we at NordVPN do is to integrate the Compose Compiler plugin in our day-to-day development process, which helps us improve our code. In this blog post, we explain what the Compose Compiler plugin is, how it works, and how we use it at NordVPN.

What problems did we have?

When working with Jetpack Compose, we encountered performance issues related to the stability of composable functions. Our primary goal in working with composable functions was to make them as stable as possible, or “skippable” in Compose terminology. In this context, “skippable” means that if a composable function is recomposed and its parameters haven’t changed since the previous recomposition, Compose will skip the function and reuse the previous values.

With Compose, we can see significant performance improvements because even minor improvements can reduce recomposition count levels throughout the app. To assess the stability of composable functions, we can leverage the Compose Compiler plugin.

The Compose Compiler plugin

Compose Compiler is a plugin that can generate reports and metrics for components or code written in Compose. These reports provide detailed insights into the behavior of our Compose code. The plugin was added in version 1.2 of the Compose library.

With this detailed insight, we can begin making improvements to our code.

How does it work?

The Compose Compiler plugin is a Gradle task that generates reports for composable code within a module. It assesses the stability of the code, offering the flexibility to run it locally or in a CI pipeline when necessary.

It is recommended to generate the report in Release builds.

To ensure that the plugin works perfectly, we first need to configure it in the project’s Gradle file.

1

tasks.withType(org.jetbrains.kotlin.gradle.tasks.KotlinCompile).configureEach {

2

compilerOptions {

3

if (project.findProperty(“nordvpn-app.enableComposeCompilerReports”) == “true”) {

4

freeCompilerArgs.addAll([

5

“-P”,

6

“plugin:androidx.compose.compiler.plugins.kotlin:reportsDestination=” +

7

project.buildDir.absolutePath + “/compose_metrics”

8

])

9

freeCompilerArgs.addAll([

10

“-P”,

11

“plugin:androidx.compose.compiler.plugins.kotlin:metricsDestination=” +

12

project.buildDir.absolutePath + “/compose_metrics”

13

])

14

}

15

}

16

}
 

The first part of the code generates reports, while the second one generates metrics for those reports.

To run this code, we use the Gradle command as follows:

1

./gradlew assembleRelease -Pnordvpn-app.enableComposeCompilerReports=true
 

Generating a report on release builds is recommended.

When the execution is completed, it generates a file in the build folder like the one below.

compose_generated_report folder

Where,

*-classes.txt: contains information about classes referenced from a composable function.

*-composables.csv: CSV version of the TXT file

*-composables.txt: contains a detailed output of each Composable.

*-module.json: provides detailed statistics as a comprehensive view.

In our case, we’re primarily focused on the *-composables.txt files and will be working with those.

The image above displays the generated value for only one module. However, for NordVPN, we have multiple UI modules, and each module generates its own compose_metrics folder (that has its Compose code) with all relevant reports included.

Refining the generated report

With all of our modules generating reports, here’s an example of how an individual -composables.txt file can contain multiple blocks of code like:

1

restartable scheme(“[androidx.compose.ui.UiComposable]”) fun ScreenContent(

2

stable onBack: Function0<Unit>

3

stable onSettingToggled: Function0<Unit>

4

unstable state: State?

5

stable modifier: Modifier? = @static Companion

6

}
 

Each of these files contains numerous functions that exhibit a Kotlin-style code structure. Additionally, each module with Compose code has a dedicated text file. Before delving into the details, let’s take a closer look at the significance of this code:

Restartable: When Compose detects changes in the function inputs, it restarts the function, invoking it again with the updated inputs.

Stable: This parameter in the provided function is stable; if they have not changed, Compose will skip it.

Unstable: This parameter in the provided function is unstable and Compose always recomposes it when the parent is recomposed.

We then merge all the *-composables.txt files into a single text file within our project using a script we’ve created for this purpose. This combined file plays a crucial role in our development process. Let’s see how we utilize it.

How do we use it in our day-to-day development?

At NordVPN, we’ve seamlessly integrated this workflow into our CI pipeline for every pull request we create, ensuring that we merge only stable Compose code (whenever possible) into our main branches.

However, before implementing this process, we conduct a thorough review to ensure that all of our Composable code contains no unnecessary unstable parameters. This proactive step guarantees that when we introduce this to our pull request flow, we initiate with a clean slate.

Let’s take a closer look at the steps in our pull request workflow:

1. Create pull request: The process begins with the creation of a pull request (PR).
2. CI job: A Continuous integration (CI) job is triggered for the current PR if there’s a change in any of the UI modules. The CI job performs several tasks:
a. Generate report: We generate a report on the release branch, which results in the creation of multiple text files in each module containing Compose code.
b. Merge the text files: At this stage, we execute a script that combines these text files, retaining only the functions containing unstable parameters.
c. Create a markdown table: Next, we create a markdown table that lists the function names along with their associated unstable parameters.

Output Markdown table

d. Post comment: We post this markdown table as a comment within the PR. This informs developers about any potential instability introduced in the PR.
e. Fix: If instability issues are identified, we proceed to fix the affected functions and commit the changes.

The entire process is then rerun, and if the unstable parameter issues have been addressed, no further comment will be posted. Any previous comments on the matter can be resolved.

Execution of the CI pipeline

This practice aids us in utilizing the Compose Compiler plugin as a lint check for our Composable code, which maintains coding standards and contributes to improved performance for the NordVPN Android app.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.