Skip to content

Product agent release: NordLayer Browser Extension

The NordLayer team is happy to announce the launch of a new and one-of-the-kind NordLayer Browser Extension. A now-available extension introduces another layer to increase and reinforce connection and access security for web-based resources.

The extension, operating within browser limits, is a lightweight option for organizations to substitute the NordLayer desktop solution and maintain the security of virtual private gateways. Moreover, utilizing the extension on top of the NordLayer desktop solution allows connecting two gateways simultaneously.

Feature characteristics: what to expect

  • Simple deployment & configuration via browser

  • Available for Advanced plan with a virtual private gateway.

  • Compatible with Google Chrome, Mozilla Firefox, Microsoft Edge browsers

Problem to solve: Seamlessly elevate the user experience by eliminating operating system compatibility issues with a lightweight solution that doesn’t negatively impact internet speed and performance, whichever – remote or hybrid – working setup there is, also enabling more flexible geo-based capabilities.

How does it work?

Generally, a standard connection to the internet is not encrypted if additional security measures are not enforced. Therefore, the implementation of solutions like NordLayer address such security issue. The established encrypted and secure connection to the company network protects online activities on the device level.

However, in some cases, there’s a need for an alternative solution that can replace a full Cloud VPN solution to secure connections just while browsing. Therefore, browser extensions operate as a midway alternative for non-existent and fully deployed security solutions.

NordLayer Browser Extension enables the remote workforce to have Secure Web Gateway (SWG) capabilities to access protected internet and cloud resources. Deployed on a browser, the add-on can run without or on top of the NordLayer application.

Establishing ThreatBlock, DNS filtering, or Deep Packet Inspection (DPI) features for filtering malicious websites from user-generated internet traffic enables SWG capabilities via the browser extension. This way, it protects the user, company network, and sensitive data from exposure to threats.

What problem does it solve?

The browser add-on fills a security and usability gap for organizations’ daily challenges of various working setups. Issues like latency or solution incompatibility with some operating systems (OS) are now resolved when installing the NordLayer browser add-on.

Configured for a company virtual private gateway, NordLayer Browser Extension allows IT admins to rest assured that malicious online traffic is restricted from entering the company network only on a browser level.

From the user’s perspective, the extension is seamless and intuitive to deploy and use. Being 15 times smaller than the NordLayer application, the extension runs in the background without disrupting business workflow.

Browser Extension objectives include:

  1. Protection of the internet and cloud resources accessible by remote and/or hybrid workforces

  2. Replace the setup of a third-party (proxy) browser extension for the end user with a login of organization-defined single sign-on (SSO) and two-factor authentication (2FA) solutions

  3. Introduce a widely available add-on to increase online security

NordLayer Browser Extension is an SWG proxy for organizations to secure connections to web-level resources without encrypting all desktop network traffic.

Security by design

NordLayer Browser Extension defines a simple, intuitive, and effective security approach developed by NordLayer. The add-on is an alternative solution to enrich existing security features provided by the solution for online activities.

Easy to launch and quick to set up, the browser extension provides instant network security for web-based company resources when accessed via the browser.

The extension is effective as a solution alone — it sorts availability and compatibility issues of various OS. It downgrades the network’s connection traffic load – but not the security – when accessing the company’s virtual private gateways, resolving latency and performance problems for the organization.

Moreover, it is a solid addition to web-level security when combined with DNS filtering and routing traffic via custom DNS and implemented with Deep Packet Inspection (Lite). Altogether, browsing security–related features and the browser agent introduces a layered security grid to the organization’s network security strategy.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

B2B LinkedIn scams: trends & how to prevent them

The amplitude of online scams is outraging on the internet. Malicious actors always seek original and convincing ways to catch their victims off-guard. LinkedIn creates a perfect environment for social engineering and other types of fraud, and that’s why scams have populated the platform.

Let’s start from the beginning. The LinkedIn platform is incredibly popular, with over 930 million members globally, making its scams an intriguing topic not only from a consumer perspective but from businesses.

Do only small companies or large enterprises fall victim to LinkedIn threats? Does it depend on a country or organization’s maturity? And what are the most common approaches that get employees’ trust?

To answer these questions and dig deeper into the source of businesses-linked LinkedIn scams, NordLayer researched the fraudulent activity tendencies.

LinkedIn scam — is a fraudulent scheme on the LinkedIn platform that aims to trick people into giving money or personal information, often through a fake job or business opportunities, requests for payment, or impersonation.

Click to tweet

These scams usually target individuals. Yet, due to the peculiarity of LinkedIn, they are often connected to organizations the targeted people are employees of. A LinkedIn scam poses personal threats but also puts a company at risk, making it an interesting case from a B2B security point of view.

Research methodology

NordLayer surveyed 500 respondents in Canada, the United Kingdom, and the United States. An external agency conducted the surveys between the 15th–25th of March, 2023.

Respondents (adult population, 18+) of non-governmental organizations were asked what kind of scams they encountered on the LinkedIn social media platform and what aftermath effects it had on their business. Subindustries represented included business management and support services, e-commerce, education, finance and insurance, health care, information and communication, IT, professional and technical services, and consulting.

The survey covered questions about the organization’s cybersecurity maturity level (Beginner, Basic, and Advanced), their cybersecurity solutions, and whether they had an in-house specialist or responsible department.

Companies by size were segmented by:

  • Small companies: 1-10 employees

  • Medium companies: 11-200 employees

  • Large companies: 201+ employees

Typical LinkedIn scams

The professional nature of a LinkedIn platform opens unique opportunities to vary the approach to encounter platform users. With a focus on job and industry topics, LinkedIn is no less than a social networking platform for making connections, communicating, and finding think-alikes.

The primary function of LinkedIn – building a career – introduces one of the most common LinkedIn scams, fake job offers. With 117 job applications submitted per second on the platform, fraudsters have an ideal environment for creating a legitimate-looking job posting to collect personal information or money.

Another popular scam is LinkedIn phishing, where an actor impersonates a well-known company or professional using fake profiles to send unsolicited messages or emails that ask for sensitive information.

Also, receiving an invitation to connect is common on the platform. Fraud actors use this connection culture to start a conversation and share a link with malicious content expecting LinkedIn users will click on it.

The NordLayer research on LinkedIn scams affecting the business sector confirmed the dominating tendencies of fraud types among the respondents, as the leading ones match the general statistics:

It’s safe to assume that most fraud attempts impacting businesses are social engineering based on public or personal information. On the one hand, LinkedIn is an environment where everyone shows their or their organization’s best side.

Yet, politeness, eagerness to sell oneself, and prospect opportunities tend to create an unintentional smoke screen for LinkedIn members leading to the most bizarre scams that might even involve lotteries or romance fraud.

Research findings on LinkedIn scams

Many businesses acknowledge the significance of being present on LinkedIn. 77% of respondents confirmed that their organization has a profile on the platform. Yet, 82% of medium-large companies tend to register more often than 54% of small (up to 10 employees) businesses.

The scams fall under two main categories. One is targeting individuals or pretending to be LinkedIn users. Another one is on a company level — operating under false organization pretext or impersonating an existing company to build more credibility. The research data shows that over one-third of survey respondents were aware of multiple LinkedIn frauds using their organization name. 

Frequency and scope of LinkedIn scams

According to the research, over half of the respondents encountered a scam attempt or fake account on LinkedIn.

Interestingly, the least active scam outreach was noticed in small companies — 52% of respondents confirmed that no one in their organization had such an experience. Fewer organizations with LinkedIn company profiles can explain such deviation from general tendency.

The rest of the respondents (47%) indicated their organization employees are likely to be engaged in a scheme. The trend corresponds with companies with Advanced cybersecurity maturity (46%).

Advanced cyber-maturity and medium-large companies are the first to fall victim to phishing attempts (52%) and fake tech support (45%) scams. It implies that large and mature companies have higher cyber awareness levels and, at the same time, more often outsourced assets like technical help vendors or a vast yet difficult-to-unravel network of colleagues, which brings everyone to an eye of a storm.

It is also worth mentioning that companies of all sizes get a lot of fault-line messages inviting them to connect. The frequency of receiving such requests varies by around 40% of companies.

Offerings to purchase non-existent or fake products or services are more prominent for mid-sized businesses — 34% compared to an average of 26% of such encounters with small and large enterprises. Medium-sized companies also lead fake lotteries (30% compared to 24%) and dating/romance scams (28% compared to 18%).

Target geography of LinkedIn scams

The distribution of research data is almost even among different countries participating in the survey. Attention-grabbing information shows that most active LinkedIn users are in the United States, with 83% of respondents having a profile on a platform (72% in Canada and 76% in the United Kingdom). 

However, the engagement rate of scams is lower in the States than in the other two countries. Only 38% were contacted by a fake LinkedIn profile or attempted to be scammed more than once, compared to 43% in Canada and 44% in the UK.

Looking closer at the tendencies of each surveyed country, the United Kingdom is attacked mainly by fake job offer scams (63%) and fake get-rich-quick offers (43%).

The United States leads in receiving a request to connect with a suspicious link — even 47% of respondents confirmed getting one, and 29% received an invitation to take part in a fake survey.

LinkedIn scams in Canada are focused on offering to buy a non-existing/fake product or service (36%) and getting involved in dating/romance fraud schemes (30%).

Despite the country, results were distributed almost equally for cases of phishing attempts (47%) and fake tech support (38%). It’s also important to note that if one scam is more popular than the other in different countries, it doesn’t mean that companies and their employees are safe from getting attacked or should expect only trending attacks.

The aftermath of LinkedIn scams

The scam attempt effects on organizations vary from harming reputation to imposing physical infrastructure damage. Regardless of the size of the business, they may experience the following:

Small businesses are impacted the most by cyber attacks, compared to larger organizations. They are more likely to experience financial loss (67%), stolen IP, and operation disruption (each 58%). Additionally, half of the organizations surveyed had their reputation damaged. Due to attacks, small businesses lose more employees (42%), while medium and large enterprises lose fewer employees (16% and 22%, respectively).

Medium-sized enterprises have to deal with reputation damage the most (47%), stolen and/or damaged data, and customer contacts (each 43%). Compared to other size businesses, mid-sized organizations are more likely to experience infrastructure damage (25%).

On the other hand, large organizations tend to suffer from reputation damage the most (41%), as well as compromised data and financial loss (each 40%). Additionally, 37% of all organizations deal with business operations disruption. Based on the data from respondents, it’s clear that small businesses are affected the most with LinkedIn scams and large enterprises the least.

How to avoid falling for a LinkedIn scam?

To avoid falling for a LinkedIn scam, it’s important to be cautious and alert. Start with making sure any job posting or business opportunity you’re interested in is legitimate before you apply or accept an offer. You can do it by researching the company or person offering the opportunity and only providing personal or financial information if you are confident they are not fake.

It’s also essential to protect your privacy on LinkedIn by adjusting your account settings to limit who can see your LinkedIn profile and send you messages. Be careful of unsolicited messages or connection requests from people you don’t know, and always watch out for signs that the message may be a scam, such as poor grammar, spelling mistakes, and overly aggressive or pushy language.

Tips for recognizing fake LinkedIn profiles

  1. Check the links present in the profile. Real profiles link to the person’s company website or their professional social media profiles. Be careful of shortened links or links that redirect you to another website, as these may be used to disguise fraudulent websites.

  2. Look for inconsistencies or lack of detail in the profile. A legitimate profile usually has a lot of information about the person’s professional history, education, and skills. Fake profiles typically have very little information or no profile picture.

  3. Investigate the activity of the LinkedIn profile. If the profile has very little activity or engagement with other users, likely it’s one of the fake LinkedIn accounts. Additionally, suppose the allegedly fake profiles send connection requests to many people, particularly those without connection to the profile. In that case, it may be part of phishing attacks.

  4. Be cautious of suspicious or irrelevant job offers, promotions, or messages from the profile. Fake LinkedIn profiles often use these tactics to lure users into scams, identity theft, or other harmful activities.

How to recognize fake LinkedIn profile

What to do if you’ve been scammed on LinkedIn?

If you think you’ve been scammed on LinkedIn, don’t panic. The first thing to do is to report the fraud to LinkedIn or the Internet Crime Complaint Center (IC3). Follow the instructions on LinkedIn’s Help Center page to report the scam. You should also contact your bank or credit card company if you have been charged for a fraudulent transaction.

To avoid getting scammed in the future, consider enabling two-factor authentication for your LinkedIn account, checking your account settings regularly, and changing your login details from time to time to ensure your account is secure.

FAQ

Are you worried about scams on LinkedIn? Sadly, LinkedIn is not completely safe from scams like many other online platforms. However, there are things you can do to spot and report scams to protect yourself and others.

How to report a scam on LinkedIn?

If you come across a scam on LinkedIn, first, you should report it to LinkedIn. Here’s how:

  1. Go to the profile of the person or company involved in the scam

  2. Click the “More” button below their profile picture

  3. Select “Report this profile” or “Report this company”

  4. Follow the prompts to provide details about the scam and submit your report

LinkedIn’s Trust & Safety team will review the submitted report and take appropriate action, including removing the scammer’s account and preventing them from creating another one.

How to identify a scammer on LinkedIn?

Scammers on LinkedIn may use a variety of tactics to trick people into giving them money or personal information. Some common signs of a scammer include:

  • A profile that appears to be fake or incomplete

  • Unsolicited messages offering a job or business opportunity that seems too good to be true

  • Requests for money, personal information, or account credentials

  • Pressure to act quickly or keep the opportunity secret

If you encounter any of these signs, it’s a good idea to investigate further before engaging with the person. You can also report the profile to LinkedIn as described above.

How can I check if a job offer on LinkedIn is legitimate?

Before accepting a job offer on LinkedIn, it’s a good idea to make sure it’s real. Here are some ways to check:

  • Research the company offering the job. Look for their website and social media profiles to learn more about them.

  • Check the job description for any red flags, such as vague or unrealistic requirements.

  • Ask for more information from the person offering the job. Legitimate employers will likely provide more details about the position and the company.

  • Look for reviews or ratings of the company on LinkedIn or other online platforms.

LinkedIn scams are a reality, but knowing how to recognize and report them can protect yourself and others from harm. If you encounter a scam on LinkedIn, report it to LinkedIn’s Trust & Safety team, and remember to be cautious when engaging with people you don’t know online.

How can NordLayer help?

NordLayer remote network access solution, by its design, protects digital company assets and their employees. By deploying functionalities for secure online browsing, organization administrators can bring more peace of mind in limiting company exposure to external threats.

Organizations can enforce ThreatBlock functionality that lowers the chances of employees potentially landing on malicious websites. This NordLayer feature helps reduce the risk of accessing publicly enlisted phishing sites, making it forbidden to access them.

To make security even stronger, the DNS filtering by category feature allows administrators to block access to the social media category and restrict access to certain websites for the whole organization.

If the blocking is exclusively required only for the LinkedIn site, admins can select and customize Deep Packet Inspection (DPI) Lite functionality for the organization’s network security. DPI Lite blocks specific ports and protocols from accessing when connected to a company network.

If you believe securing a team’s online activity is important for protecting your company, reach out to our team to discuss your options for creating a secure way of working in your organization.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

“Starmus Earth: the future of our home planet” launched in an unprecedented simultaneous event in London and Bratislava

  • From climate change to the environmental crisis, AI ethics and genetic engineering, Starmus VII, in partnership with ESET, will sharpen its focus on the future of our home planet 
  • Bratislava, Slovakia, will host the seventh edition of Starmus in May 2024, raising awareness of Earth’s most urgent questions and science’s role in answering them
  • Starmus begins its countdown to Bratislava with parallel launch events in the host city and at the Royal Society in London, with a panel discussion featuring some of science’s greatest minds, including Dr Jane Goodall, DBE, Founder of the Jane Goodall Institute & UN Messenger of Peace, who also joins the Starmus Advisory Board

LONDON, BRATISLAVA — May 11, 2023 —Starmus, the global festival of science communication – and the brainchild of astrophysicist Garik Israelian, PhD, and Queen guitarist Sir Brian May, who also has a PhD in astrophysics – has announced it will turn its gaze from the stars to the future of planet Earth taking its seventh edition to Bratislava in 2024.

Today, Sir Brian May and Dr. Garik Israelian announced the festival’s theme, ‘Starmus Earth: the future of our home planet,’ at a panel event at London’s Royal Society. They were joined by world-renowned ethologist and conservationist Dr. Jane Goodall, DBE, (who now joins the Starmus Advisory Board), cosmologist
Sir Martin Rees and Global Governance Professor Mary Kaldor, who led a unique discussion, moderated by Dr. Israelian, on how to solve some of our planet’s most pressing challenges.

Microbiologist and Nobel Laureate Emmanuelle Charpentier joined the panel remotely from a parallel launch event on the river Danube in Bratislava, alongside iPod inventor Tony Fadell and Richard Marko, a cybersecurity expert and CEO of ESET, the festival’s lead partner.

“Starmus has traditionally focused on interrogating the mysteries of the universe, looking upwards to inspire and educate the next generation of explorers and regenerate the spirit of discovery, bringing art, music, and the world’s greatest scientific and artistic minds together to enhance science communication,” said Starmus co-founder Dr. Garik Israelian. “As the old saying goes, ‘Earth is a planet too!’ We are a privileged part of the cosmos, and as living beings, we are made of star stuff. The very atoms in our bodies were forged in the earliest days of the universe or in the deaths of low-mass and high-mass stars. Earth is in the universe, and just as much a part of it as the stars”.

“Climate change could eventually make life on Earth untenable, and we are seeing signs of that rapid evolution now. We must take steps to take care of our world, and Starmus offers an important voice that draws attention to the urgency,” said Dr. Jane Goodall.

In 2024, Starmus will turn its gaze closer to home and analyze how we can tackle the challenges that most threaten Earth’s future, from the threats facing our environment and climate to far-reaching technologies like artificial intelligence, genetic engineering, and cybersecurity – as well as the humanitarian crises caused by armed conflict around the world.

“Since 2011, STARMUS conferences have assembled scientists and artists to look outwards at the Space around us with clear eyes, to celebrate the wonders of the Universe.  This year, more than ever, aware of the current threat of the extinction of life in the Biosphere, for the first time, STARMUS focuses inward on our home planet.  By bringing together many of the greatest and most free-thinking brains from all countries, we will try to find new answers to the questions we must now ask, to save the life of Planet Earth.” said Sir Brian May, legendary Queen guitarist and Starmus co-founder and Advisory Board member.

This year, Starmus is partnering with ESET – a global cybersecurity company headquartered in Bratislava – to inspire young people in Slovakia and around the world to take responsibility and contribute to the future of our planet, using scientific research and state-of-the-art technology.  

“ESET’s role is to deliver state-of-the-art technology and innovation that protects societal progress. We believe this progress is brought about by science,” said Richard Marko, CEO of ESET. “We are proud to partner with Starmus to join its efforts in inspiring new generations of scientists and those who appreciate its values.”

Starmus Earth will welcome world-class scientists, artists, and environmentalists to share breakthrough discoveries, debate the big questions and inspire new generations of scientists, technologists, and activists. The Starmus Advisory Board will announce the full line-up of scientists, artists, and musicians later this year, but some of the 40+ confirmed speakers at Starmus Earth include astronaut and Apollo 16 moonwalker Charlie Duke, former president of Ireland Mary Robinson, physicist Donna Strickland, and the legendary American science television presenter Bill Nye. (full list on www.starmus.com)

The festival, as in previous editions, will also award the Stephen Hawking Medal for Science Communication across four categories: Music & Arts, Science Writing, Films & Entertainment, and Lifetime Achievement.

In addition to launching its seventh edition, Starmus also released previously unseen live music performances from past iterations of the festival: “Who Wants to Live Forever?” from Starmus V, performed by Sir Brian May, Hans Zimmer, Vittorio Grigolo, Steve Vai and Rick Wakeman with the Luzern Symphony Orchestra; and “Smoke on the Water” from Starmus VI, featuring Sir Brian May,  Jeff Scott Soto, Derek Sherinian, Simon Phillips, Ric Fierabracci and Ron “Bumblefoot” Thal.

Next year’s festival will be the first Starmus since September 2022, when it was held in Yerevan, Armenia, and celebrated 50 years of mankind’s exploration of Mars. Previous incarnations of Starmus have seen the festival travel to Zurich, Switzerland; Trondheim, Norway; and Spain’s Canary Islands.

Tickets for Starmus Earth, held in Bratislava from 12-17 May 2024, will go on sale in October. For more information visit Starmus.com

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

ESET APT Activity Report: Attacks by China-, North Korea-, and Iran-aligned threat actors; Russia eyes Ukraine and the EU

  • ESET has released its APT Activity Report covering Q4 2022 and Q1 2023, which summarizes the activities of selected advanced persistent threat (APT) groups.
  • China-aligned threat actors Ke3chang and Mustang Panda focused on European organizations.
  • North Korea-aligned groups continued to focus on South Korean and South Korea-related entities.
  • Lazarus targeted employees of a defense contractor in Poland with a fake Boeing-themed job offer and also shifted its focus from its usual target verticals to a data management company in India.
  • Similarities with the newly discovered Linux malware by Lazarus corroborate the theory that the infamous North Korea–aligned group is behind the 3CX supply-chain attack.
  • Russia-aligned APT groups were especially active in Ukraine and EU countries.
  • Sandworm deployed wipers (including a new one we call SwiftSlicer).
  • Intelligence shared in the report is based mostly on proprietary ESET telemetry data and has been verified by ESET researchers.

BRATISLAVA — May 9, 2023 — ESET has released its APT Activity Report, which summarizes the activities of selected advanced persistent threat (APT) groups that were observed, investigated, and analyzed by ESET researchers from October 2022 until the end of March 2023. The report is being published on a semi-annual basis. During this period, several China-aligned threat actors such as Ke3chang and Mustang Panda focused on European organizations. In Israel, Iran-aligned group OilRig deployed a new custom backdoor. North Korea-aligned groups continued to focus on South Korean and South Korea-related entities. Russia-aligned APT groups were especially active in Ukraine and EU countries, with Sandworm deploying wipers.

Malicious activities described in the ESET APT Activity Report are detected by ESET technology. “ESET products protect our customers’ systems from the malicious activities described in this report. The intelligence shared here is based mostly on proprietary ESET telemetry data and has been verified by ESET researchers,” says Director of ESET Threat Research Jean-Ian Boutin.

China-aligned Ke3chang employed tactics such as the deployment of a new Ketrican variant, and Mustang Panda used two new backdoors. MirrorFace targeted Japan and implemented new malware delivery approaches, while Operation ChattyGoblin compromised a gambling company in the Philippines by targeting its support agents. India-aligned groups SideWinder and Donot Team continued to target governmental institutions in South Asia with the former targeting the education sector in China, and the latter continuing to develop its infamous yty framework, but also deploying the commercially available Remcos RAT. Also in South Asia, ESET Research detected a high number of Zimbra webmail phishing attempts.

In addition to targeting the employees of a defense contractor in Poland with a fake Boeing-themed job offer, North Korea-aligned group Lazarus also shifted its focus from its usual target verticals to a data management company in India, utilizing an Accenture-themed lure. ESET also identified a piece of Linux malware being leveraged in one of their campaigns. Similarities with this newly discovered malware corroborate the theory that the infamous North Korea–aligned group is behind the 3CX supply-chain attack.

Russia-aligned APT groups were especially active in Ukraine and EU countries, with Sandworm deploying wipers (including a new one ESET calls SwiftSlicer), and Gamaredon, Sednit, and the Dukes utilizing spearphishing emails that, in the case of the Dukes, led to the execution of a red team implant known as Brute Ratel. Finally, ESET detected that the previously mentioned Zimbra email platform was also exploited by Winter Vivern, a group particularly active in Europe, and researchers noted a significant drop in the activity of SturgeonPhisher, a group targeting government staff of Central Asian countries with spearphishing emails, leading to our belief that the group is currently retooling.

For more technical information, check the full “ESET APT Activity Report” on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

ESET APT Activity Reports contain only a fraction of the cybersecurity intelligence data provided to customers of ESET’s private APT reports. ESET researchers prepare in-depth technical reports and frequent activity updates detailing activities of specific APT groups in the form of ESET APT Reports PREMIUM to help organizations tasked with protecting citizens, critical national infrastructure, and high-value assets from criminal and nation-state-directed cyberattacks. Comprehensive descriptions of activities described in this document were therefore previously provided exclusively to our premium customers. More information about ESET APT Reports PREMIUM that deliver high-quality strategic, actionable, and tactical cybersecurity threat intelligence is available at the ESET Threat Intelligence page.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Data Protection Laws: Why Should I Comply with Them?

Data Protection Laws: Why Should I Comply with Them?

Much discussed today, data protection laws are regulations developed by governments and have come into force to protect the personal and confidential information of data subjects.

However, many companies have not yet adapted to these laws and may be impacted by millionaire sanctions in case of information leaks.

Do you want to learn more on the subject? Follow our article to the end!

 

By 2023, 75% of the world’s population will be covered by data protection laws, according to Gartner estimates. These laws are intended to define guidelines for the collection, processing, and storage of personal data, preserving the privacy of data subjects.

Currently, 71% of countries already have privacy laws, 80% have laws related to cybercrime, 49% have consumer protection laws, and 81% have electronic transaction laws.

Given this scenario, organizations must comply with the terms established by these laws, avoiding the loss of revenue with millionaire sanctions.

In this article, we show you everything you need to know about data protection laws, which are in place in different countries. Our content explores the following topics:

 

1. Data Protection Laws: What Are They, How Do They Work and How Important Are They?

2. Data Protection Laws by Country

3. GDPR: Important European Data Protection Law

4. LGPD: Brazilian Data Protection Law

5. Main Data Protection Laws

6. Iconic Cases of Data Leaks

7. Basic Practices for Complying with Data Protection Laws

8. About senhasegura

9. How Does senhasegura PAM Enable Compliance with Data Protection Laws?

10. Conclusion

 

Enjoy the read!

 

1. Data Protection Laws: What Are They, How Do They Work and How Important Are They?

Data protection laws regulate personal data protection and privacy policies, directly impacting the way companies handle information relating to their employees, customers, and business partners.

In practice, they are sets of rules applied in the collection, processing, and storage of data used by individuals, companies, and governmental organizations.

It is important to note that countries that want to maintain negotiations between themselves must comply with the laws in force in both nations.

Many countries still do not have strict and well-established laws when it comes to data protection, but some already have them, and that will be the subject of the next topic.

 

2. Data Protection Laws by Country

 

Now you will know the context of data protection laws around the world. Check it out:

 

  • Germany

When it comes to privacy and data protection regulations, Germany is ahead of many countries. Its Federal Data Protection Act (Bundesdatenschutzgesetz ? BDSG) was made official in 2017 to replace the legislation with the same name created in 2001 and complement the GDPR.

Germany’s data protection law addresses the rights and duties of public and private institutions regarding the collection and processing of data. It also presents specific guidelines on how companies should handle their employees’ data.

In practice, this legislation offers guidance on specific topics, such as data processing in the context of employment, the stipulation of a data protection officer, profiling, and credit checks.

Moreover, several German laws set strict privacy standards for certain topics, such as television and telecommunications providers, banks, and energy.

 

  • Argentina

Argentina’s Data Protection Law must be complied with by any person or institution dealing with personal data. In addition, this legislation requires the consent of the user for the collection of information.

Another right provided by Argentine law is that the data subjects can access, correct, delete, and request the deletion of their data whenever deemed necessary.

 

  • Australia

The Australian Privacy Act of 1988 imposes rules aimed at the public and private sectors. Issues such as data subject rights, transparency, and use and disclosure of information stand out among the 13 Australian Privacy Principles addressed in the legislation.

In addition to the law in force throughout the country, Australian states also have their own regulations, aimed at certain segments.

 

  • Brazil

In Brazil, the General Data Protection Law (LGPD) came into force in 2020, but the topic had already been explored before in the Federal Constitution and the Consumer Protection Code.

In addition, in 2014, the Internet Civil Framework was approved, which addresses the rights and duties of network users, such as privacy, freedom of expression, and civil liability.

 

  • Canada

Between provincial and federal laws, Canada has a total of 28 data protection regulations. Its federal law is the Personal Information Protection and Electronic Documents Act (Pipeda), which regulates the collection, processing, and disclosure of personal information.

Pipeda addresses 10 principles to be followed by organizations and has similar and complementary legislation used in Alberta, British Columbia, and Quebec.

 

  • China

Also known as The Standard, the Information Security Technology ? Personal Information Security Specification law is Chinese legislation on data privacy.

It is a set of rules that addresses things such as the rights of the subject, transparency, and consent. This law came to replace several separate regulations on these matters.

 

  • Europe

GDPR is the data protection law in force in Europe, which is based on seven principles for data processing. They are: lawfulness, fairness, and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality; and accountability.

By following these principles, companies can remain compliant with the regulation. Moreover, data controllers also assume responsibility for their processing and must comply with European legislation.

In practice, personal data should be:

  • Processed in a lawful, fair, and transparent manner;
  • Collected for specific, legitimate, and explicit purposes, and processed in a manner compatible with the explanations offered. In the case of further processing for purposes of public interest, they should not be considered incompatible with the initial purposes;
  • Appropriate, relevant, and limited to what is essential for the proposed purposes;
  • Accurate, updated, erased, and rectified immediately after use;
  • The data must allow the identification of its subjects only for the time necessary for their use. However, they can be stored for longer periods if they are processed exclusively for purposes of public interest, scientific research, historical, or statistical purposes related to the implementation of technical measures and organizations required by the GDPR.
  • Its processing must also ensure the security of personal data, which includes protection against unlawful processing, accidental loss, destruction, or damage.

 

  • Colombia

Four laws regulate data privacy in Colombia. They are: Decree 1,377/13, Law 1,581/12, Law 1,273/09, and Law 1,266/08.

The first addresses issues such as consent, personal data processing policies, and international transfers of information.

The other laws address, respectively, how the collection, storage, and processing of data should be performed; cybercrimes and commercial and financial data, among other topics.

 

  • The United States

The United States has several laws governing data privacy, depending on the industry or state. All in all, there are about 20 laws related to a single area, in addition to approximately 100 state laws.

The state of California alone has 25 laws, with the California Consumer Privacy Act (CCPA) being the main one.

Despite these state laws and legislation such as the Privacy Act, the Privacy Protection Act, the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, and the Fair Credit Reporting Act, the United States still does not have specific legislation for the protection of its citizens’ data.

 

  • Philippines

The main legislation on the protection of personal information in the Philippines is the Data Privacy Act, drafted in 2012 and implemented in 2016.

According to this regulation, individuals have the right to know which companies access their data, for what purpose, who will have access to the information, and by whom it will be processed.

 

  • France

Like Finland, France has also replaced its old regulations in order to more faithfully contemplate the aspects addressed in the GDPR: its Data Protection Law (Law 78-17) was replaced by the 2nd French Data Protection Act (2016-1321).

Under the new legislation, companies must specify the purposes of data processing and ensure only information essential to those purposes is collected.

 

  • India

Currently, India has several complementary laws on data security, but the Information Technology Act and the list of Information Technology Rules are the most important ones.

In addition, the country published the Digital Personal Data Protection Act in 2019, which is being analyzed by a parliamentary committee.

 

  • Indonesia

Indonesia has a set of data protection rules, which focus on the Electronic Information and Transactions Law, its amendment, and two other regulations.

Soon, its rules should also be gathered around a single piece of legislation, formulated along the lines of GDPR.

 

  • Japan

Data protection in Japan was governed by the Act on the Protection of Personal Information until 2003, however, in 2017, the country adopted the APPI Amendment, which includes aspects such as sharing information with third parties, information held in databases, and leaks.

 

  • Malaysia

In place since 2010, Malaysia’s first data protection legislation is based on seven principles: generality, notification and choice, disclosure, security, retention, data integrity, and access.

According to this regulation, it is necessary to inform the holder in writing of their rights, the purpose of the collection and processing of the data, and who will access them.

 

  • Mexico

In 2010, the Federal Law on Protection of Personal Data Held by Individuals was established in Mexico, which includes data collected and processed by private organizations.

These companies are also governed by the rules of the list of Regulations of the Federal Law on the Protection of Personal Data Held by Individuals, the Privacy Notice Guidelines, and the Self-Regulation Parameters.

Also, Mexico relies on the Federal Institute for Access to Information and Data Protection (IFAI) to manage all these rules.

 

  • New Zealand

In New Zealand, data protection is controlled through the country’s Privacy Act, which has 12 Information Privacy Principles, established in 1993. In addition, the country has regulations directed at certain industries.

What’s more, the Data Privacy Act 2018 should soon be approved, which will replace 1993’s legislation.

 

3. GDPR: Important European Data Protection Law

The General Data Protection Regulation (GDPR) is a set of European rules governing the use of data in electronic environments. It aims to strengthen the concept of digital citizenship and protect users in aspects such as financial services and social media interactions.

In practice, this regulation proposes individuals and legal entities should use personal data responsibly, preserving the privacy of the information holders.

Its mass spread is still recent, so not all countries in Europe have their virtual environment activities in a regulated manner.

In addition, despite being European legislation, the GDPR impacts other countries that perform commercial transactions with European nations and need to comply with its standards.

The General Data Protection Regulation addresses the collection, use, sharing, and security of personal data in the 28 countries that make up the European Union.

Therefore, organizations that do not comply with its rules are subject to fines of up to 20 million Euros or 4% of their turnover. Here are some important GDPR criteria:

 

  • Consent of Data Subjects

Before companies begin collecting personal data, they need to obtain the express consent of the information holders.

However, it is important to keep in mind some data that is not protected by the laws of the United States and not considered personal in Europe must be preserved. This is the case with IP addresses.

 

  • Notification of Data Breaches to Authorities

Another obligation of companies, according to GDPR, is to notify data subjects and authorities within 72 hours if there is a breach that affects the privacy of users.

 

  • Rights of Data Subjects

Under GDPR, data subjects must be guaranteed certain rights related to their personal information. Among them, we can highlight:

  • Be informed about the collection and use of their data;
  • Request a copy of their personal information and receive explanations about the means of collection, what is being collected, and with whom it will be shared;
  • Request rectification of data that may be incomplete or incorrect;
  • Have their personal data deleted within 30 days if they make such a request;
  • Request the restriction of their personal information;
  • Transfer personal data from one electronic system to another securely; and
  • Oppose the way the data is used, (unless the information is in the possession of a legal authority), for purposes of public interest or by a company that needs to process the data in order to offer a service that the data subject has contracted.

 

New Perspectives for the General Data Protection Regulation

The European Union is expected to update its rules on digital services soon through two new laws: the Digital Services Act and the Digital Markets Act.

The purpose of these laws is to keep what is legal online and what is illegal offline, causing websites like Google to quickly remove content deemed illegal or harmful.

The Digital Services Act and the Digital Markets Act will target very large online platforms and search engines with over 45 million monthly users.

In practice, the Digital Services Act deals with any service delivered through the internet, covering hosting services, intermediary services, and online platforms, and obligations vary according to the size of the company.

The Digital Markets Act, in turn, affects large organizations such as Apple and Facebook. Its goal is to level companies by preventing large organizations from imposing unfair conditions on companies and the public.

In the coming years, the Electronic Privacy Regulation will also enter into force, which will establish privacy guidelines for electronic communication services and institutions, which were not governed by previous legislation.

This law should also simplify consent or denial of tracking cookies, allowing users to withdraw their consent at least once a year.

Finally, there is the AI Law, which should be applied to all organizations that use programs based on artificial intelligence. The legislation has already been introduced and is in the process of being revised. It applies to any organization with customers in the European Union, regardless of where it is located.

 

4. LGPD: Brazilian Data Protection Law

The Brazilian Data Protection Law (LGPD) is a Brazilian regulation that aims to preserve the personal and private data of people residing in Brazil. This legislation describes what personal data is, further explaining what type of information deserves more attention.

Also, according to the LGPD, regardless of whether the company is located outside the country, its requirements must be respected.

 

5. US Data Protection Laws

 

CCPA

As we have already mentioned in this article, the United States has a series of data protection laws divided by segments and areas. One of the states where these regulations have solidified is California, which is governed by the California Consumer Privacy Act (CCPA).

This legislation gives consumers more control over the information collected by companies, as well as the right to know how this data is used and shared, and to delete and refuse to sell that information.

Moreover, clauses in contracts that include the waiver of rights guaranteed by the CCPA are unenforceable.

 

NY Shield

New York also has its own data protection law, the NY Shield, in place since 2020. This regulation requires security and accountability from organizations that handle the personal data of residents of the state.

NY Shield emerged through the expansion of other laws that previously existed in New York: the General Business Law and the Warn Act.

 

US Federal Laws

We will now mention some US federal laws, which, although not specific to data protection, have the function of protecting certain types of information in specific circumstances. One of them is the Health Insurance Portability and Accountability Act (HIPAA), which protects user communication with health entities such as hospitals and pharmacies.

The United States also has, as a federal law, the Family Educational Rights and Privacy Act (Ferpa), with the function of detailing who is authorized to request students’ educational records.

The Gramm-Leach-Bliley Act (GLBA) includes banking services and requires financial institutions to explain how they share data and respect the right of customers who do not wish to provide their information.

6. Iconic Cases of Data Leaks

Here are some known cases of data leaks:

 

  • LinkedIn

In 2012, LinkedIn was hacked by malicious actors who exposed the personal information of more than 117 million users. At the time, data such as names, email addresses, and passwords were leaked.

 

  • Evernote

The following year, it was Evernote’s turn to become a target for attackers, who accessed usernames, email addresses, and account passwords on the platform.

 

  • Yahoo

Also in 2013, Yahoo announced it was the target of a data breach that exposed the names, phones, birthdates, and passwords of 3 billion users.

 

  • Adobe

Also in 2013, Adobe customers had their data leaked. It is estimated that 152 million names and passwords were exposed at the time, as well as 2.8 million credit card numbers. However, only 38 million pieces of data have been confirmed.

Adobe was sued by several US states and had to pay a $1 million fine.

 

  • Facebook

In 2014, Cambridge Analytica used personal data from Facebook users to conduct unauthorized behavioral tests that would later be used in the presidential campaign of Donald Trump.

 

  • Uber

More than 57 million users of the Uber app, including 200,000 Brazilians, had their data exposed in a data breach that occurred in 2016, but it was only released the following year.

As a result, the government of California, in the United States, fined the company R$150 million.

 

  • Myspace

The social network MySpace was also targeted by malicious agents in 2013, with 360 million users impacted. However, the information did not become public until three years later, through a notification that users’ personal data had been exposed and could be for sale.

 

  • Twitter

The 330 million people who used Twitter in 2018 had to change their passwords after the social network discovered a vulnerability in its database. A few years earlier, Twitter users’ personal data had already been exposed twice due to security flaws.

 

  • McDonald’s

In 2019, more than 2 million McDonald’s records with the personal information of its employees were leaked. The data included the full name, age, time of experience, position, and salary of the employees.

 

  • Amazon

In 2021, the company was fined by the Luxembourg National Commission for Data Protection for failing to comply with data protection law requirements in its advertising system. The fine resulted in a loss of 746 millions of Euros.

 

7. Basic Practices for Complying with Data Protection Laws

Data protection experts recommend that companies redefine their organizational management, taking into account certain factors.

Among them, we can highlight:

  • The need to have a professional in charge of data security;
  • Execution of a complete audit of the information;
  • Definition of the data lifecycle;
  • Re-elaboration of contracts with suppliers and partners;
  • Review of security policies; and
  • Preparation of privacy impact reports.

For this, one can count on the services of a legal office specialized in data protection laws, in addition to technological solutions that favor digital security.

 

8. About senhasegura

We, from senhasegura, are part of the MT4 Tecnologia group, created in 2001, to promote the cybersecurity of the companies that hire us.

We serve organizations from 54 countries, offering our customers control of insider actions and information in order to prevent threats such as malicious attackers and data leaks.

For us, digital sovereignty is everyone’s right and this goal can only be achieved using applied technology.

Therefore, we follow the lifecycle of privileged access management, before, during, and after access. Our commitments include:

  • To ensure more efficiency and productivity for businesses, as we avoid interruptions due to expiration;
  • To perform automatic audits on the use of privileges;
  • To automatically audit privileged changes to detect abuses;
  • To ensure customer satisfaction;
  • To perform successful deployments;
  • To provide advanced PAM capabilities;
  • To reduce risks;
  • To bring companies into compliance with audit criteria and standards such as PCI DSS, Sarbanes-Oxley, ISO 27001, and HIPAA.

 

9. How Does senhasegura PAM Enable Compliance with Data Protection Laws?

senhasegura PAM is a solution that allows companies to comply with data protection laws through tools that provide security to the digital environment.

It also proposes the implementation of policies, processes, and procedures, in addition to increasing the level of cyber awareness of users.

One of the main capabilities of this feature is the protection of privileged credentials through the Principle of Least Privilege, which guarantees each user only indispensable access to perform their functions.

 

10. Conclusion

In this article, you saw that:

  • Data protection laws affect the way companies handle sensitive information from their customers, employees, and business partners;
  • Many countries do not have well-established laws on the subject yet, but several nations are already concerned about it;
  • We showed data protection laws in force in different countries;
  • We also covered the main data laws today;
  • We presented emblematic cases of data leaks, such as Facebook, Uber, and Twitter;
  • We listed good practices for companies that need to comply with data protection laws;
  • Finally, we presented senhasegura PAM as an effective solution for these organizations to achieve their goal.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Segura®
Segura® strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

SafeDNS Wins the Spring 2023 Top Performer Award

We are thrilled to announce that SafeDNS has won the Top Performer award in Cloud Cybersecurity Software category from SourceForge, the world’s largest software reviews and comparison website.

This award recognizes exceptional companies and products with a significant amount of recent favorable user reviews that puts them in the top tenth percentile of highly reviewed products on SourceForge.

At SafeDNS, we are committed to providing our customers with the best web filtering solutions that keep them and their businesses safe online. Our cloud-based platform offers comprehensive protection against malicious websites, phishing, and other online threats, while also allowing users to customize their browsing experience based on their unique needs.

Great support and very effective system. Easy to setup for a multi-site company with many simple to use features and good written support materials. [Leonides Daniel C.]

We would like to thank all of our customers who took the time to share their positive experiences with SafeDNS on SourceForge. Your feedback and support are what drive us to continuously improve our products and services.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SafeDNS
SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence. Moreover, we strive to create the next generation of safer and more affordable web filtering products. Endlessly working to improve our users’ online protection, SafeDNS has also launched an innovative system powered by continuous machine learning and user behavior analytics to detect botnets and malicious websites.

Understanding DNS Blocking: How it Works

DNS blocking is a crucial feature for any organization looking to safeguard its network and users against various online threats. It involves preventing access to specific websites or online resources by blocking their domain names using the Domain Name System (DNS). 

How Does DNS Blocking Work?

Well, when a user types a website’s URL into their web browser, the request is sent to a DNS server to resolve the domain name into an IP address. DNS blocking works by intercepting this request and checking the domain name against a predefined blocklist or denylist. If the domain name is found on the blocklist, the DNS server responds with a blocked message instead of the IP address, preventing the user from accessing the website.

What Happens if a Website is on Both the Allow and Denylist?

It’s important to note that if a website is on the denylist, it cannot be added to the Allowlist, and vice versa. This is because the two lists work in opposite directions, with one blocking access and the other allowing it. Additionally, if a website you are trying to add to either list is already blocked by an AppBlocker, you will receive an error message. In this case, you will need to remove the site from the AppBlocker’s blocklist before adding it to the desired list.

How to Check if a Website is Blocked?

If you’re unsure whether a website is blocked, there is a way to check it by using the nslookup command in the command prompt. If the website is blocked, nslookup will respond with the IP address of the block page. On the other hand, if the website is not blocked, nslookup will respond with the actual IP address of the website. For more detailed instructions, check out our article.

However, keep in mind that it may take 5-7 minutes for the DNS cache to update and the blocking to take effect.

In conclusion, DNS blocking is an effective way to protect your network and users from online threats. By blocking specific domain names, you can prevent access to malicious websites, adult content, and other unwanted online resources. And with the right configuration, you can ensure that your users have access to the websites they need while blocking those they don’t.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SafeDNS
SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence. Moreover, we strive to create the next generation of safer and more affordable web filtering products. Endlessly working to improve our users’ online protection, SafeDNS has also launched an innovative system powered by continuous machine learning and user behavior analytics to detect botnets and malicious websites.

Unpacking the Recent Oakland Ransomware Attack

Today, we’re here to talk about the recent ransomware attack that hit Oakland, California. Now, before you start to panic, let’s break down what happened and what it means for the city.

First things first: what is ransomware? Essentially, it’s a type of malware that hackers use to gain control of a computer system or network. Once they have control, they encrypt all of the data on that system and demand a ransom in exchange for the decryption key. In other words, they hold your data hostage until you pay up.

About the Oakland Ransomware Attack

Now, let’s get back to Oakland. On April 27th, the city of Oakland announced that they had been hit with a ransomware attack. The attack affected the city’s email systems, phone lines, and some of its websites. The city’s emergency services were not affected, but the attack did cause significant disruptions to non-emergency services.

The ransom demand was not disclosed, but the city did say that they would not be paying it. Instead, they are working with law enforcement and cybersecurity experts to investigate the attack and restore their systems. The city has also urged residents to be cautious of potential scams and phishing attempts that may arise as a result of the attack.

Could NAC Have Stopped the Oakland Ransomware Attack?

While network access control (NAC) is not a silver bullet that can prevent all cyber attacks, it can be an effective tool in deterring certain types of attacks, including ransomware attacks like the one that hit Oakland.

With NAC, organizations can require that devices connecting to their network meet certain security standards, such as having up-to-date anti-virus software or not being known to be infected with malware. This can help prevent infected devices from accessing the network and spreading the ransomware to other systems.

In the case of the Oakland ransomware attack, it’s possible that NAC could have helped prevent the attack or at least minimize its impact. By enforcing security policies and requiring that all devices connecting to the network meet certain security standards, the city could have made it more difficult for the attackers to gain access to their systems.

Of course, it’s impossible to say for sure whether NAC would have prevented the attack in this specific case. Cybercriminals are constantly developing new tactics and techniques to bypass security measures, and there is always a risk that they will find a way to infiltrate even the most secure networks.

That said, NAC can still be a valuable tool in deterring cyber attacks and minimizing their impact. By implementing NAC alongside other security measures, organizations can create a layered defense that makes it much more difficult for attackers to gain access to their networks and data.

While the full impact of the attack is still being assessed, it serves as a reminder that ransomware attacks are a real threat to organizations of all sizes. In fact, the number of reported ransomware attacks has been on the rise in recent years. Cybercriminals are constantly looking for new ways to exploit vulnerabilities in computer systems and networks, and it’s up to organizations to take the necessary steps to protect themselves.

What Can You Do to Prevent these Sorts of Attacks?

So, what can you do to protect your organization from a ransomware attack? Here are a few tips:

  • Keep your software up to date: Make sure that you’re running the latest versions of all software on your computer or device. Updates often include security patches that can help protect you from known vulnerabilities.
  • Be cautious of suspicious emails: Phishing emails are a common way for cybercriminals to spread malware. Be wary of emails from unknown senders, and never click on links or download attachments unless you’re sure they’re legitimate.
  • Back up your data: Regularly back up your important files to an external hard drive or cloud storage service. This way, if you do fall victim to a ransomware attack, you’ll still have access to your data.

Overall, the Oakland ransomware attack serves as a reminder of the importance of cybersecurity. While it can be easy to think that it won’t happen to you, the reality is that anyone can fall victim to a cyber attack. By taking the necessary precautions, you can help protect yourself and your organization from the devastating effects of a ransomware attack.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

5G and IoT: Opportunities, Challenges, & the Road Ahead

5G and IoT

The convergence of 5G technology and the Internet of Things (IoT) is poised to reshape the digital landscape, offering unprecedented opportunities for businesses and consumers alike.

As 5G networks roll out, they will provide the necessary infrastructure for IoT devices to communicate faster and more efficiently, enabling a new era of connectivity and innovation. Moreover, the integration of 5G technology is expected to boost the development of Industry 4.0, revolutionizing manufacturing processes and supply chain management through increased automation and data exchange. 

IoT in the 5G Era

According to a GSMA report, 5G technology will play a critical role in the growth of IoT, supporting a diverse range of applications across various industries. With higher bandwidth, ultra-low latency, and improved reliability, 5G networks will enable IoT devices to handle more data and perform more complex tasks, paving the way for innovations in areas such as autonomous vehicles, smart cities, and telemedicine. The integration of both technologies will also significantly impact the agricultural sector, helping to optimize resource management while enhancing sustainable practices.

5G’s Impact on IoT Development & Implementation 

5G holds transformative potential for IoT development and implementation. With faster connection speeds, lower latency, and enhanced reliability, 5G networks can support a wide range of IoT use cases that were previously impossible to achieve. This includes enabling real-time remote control of complex machinery, supporting massive IoT deployments in industrial settings, and facilitating large-scale data processing for predictive analytics.

IoT Security in the Age of 5G

Alongside opportunity and innovation admittedly comes new challenges with IoT security. The increased connectivity and data transmission capabilities of 5G networks may expose IoT devices to new security vulnerabilities and cyber threats. To address these concerns, businesses must prioritize security measures, such as encryption, authentication, and regular software updates, to protect their IoT devices and the sensitive data they generate.

Moreover, 5G network providers should adopt a proactive approach to security, implementing advanced threat detection and mitigation strategies to safeguard their networks from cyberattacks. Collaboration between network providers, device manufacturers, and other stakeholders is also essential to ensure a comprehensive and robust approach to IoT security in the 5G era.

Final Thoughts

IoT and 5G present a wealth of opportunities for businesses and consumers, driving innovation across various industries and transforming the way we live and work. By harnessing the power of 5G networks, IoT devices can achieve unprecedented levels of connectivity and efficiency, enabling a new era of digital innovation.

However, as we embrace the benefits, it is crucial to remain vigilant about the security challenges that may arise. By prioritizing IoT security and adopting a collaborative approach to protecting networks and devices, businesses and network providers can unlock the full potential of this powerful convergence while ensuring the safety and privacy of their data.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

5 key business apps for startup success in 2023

Starting a business is in itself a daunting task, but keeping it successful on top of that requires immense effort and skill. A tight budget and so many choices when it comes to managing said business can take a toll on any startup. Moreover, a huge part of maintaining that success is having the right tools. 

Woman sits on sofa and uses her smartphone with a smile on her face.Nowadays, enterprise applications and software play a vital role when it comes to having a flourishing business as they help keep organizational and scaling headaches to a minimum. From office management to cybersecurity solutions, we’ve compiled a list of apps that will take your startup to the next level!

Flanco – for your office and property management

Flanco introduces itself as “the future of workspace” – and for good reason! It’s an office app that helps manage desk space and workplace resources. Need to easily book a desk or meeting room? Flanco has got you covered. Need to know which meeting rooms are booked in real time? Flanco comes to the rescue once again. Not to mention that the app itself has an intuitive interface and is fairly simple to use. For startups, it’s an all-in-one property manager. Effortlessly manage assets, accounting, vendor contracts, parking – Flanco has it all.

Slack – for your organizational communications

Slack is definitely king when it comes to communicating with the team, and doing so quickly and efficiently. A rock-solid communication platform will always be a crucial cog in the successful startup, especially when so many things are discussed on the go. Message people directly, create project-focused channels, or break into smaller chats to share key information with relevant stakeholders. Slack has searchable history and numerous app integrations that just make the job easier. In addition, you can set up reminders, add team members in the middle of conversations to keep them in the loop, and that’s only the tip of the iceberg when it comes to this app.

NordLayer – for your business privacy and security

Business cybersecurity is a must, period. In this day and age, when it comes to protecting your assets, customers, and team, there can be no shortcuts. Having your business fortified is essential – and NordLayer does just that and more. A robust network access security tool, it has numerous useful features like shared gateways for employees, DNS filtering, and other tricks to keep you secure. NordLayer will ensure that your company’s resources are protected and employees can securely access their work from anywhere. Furthermore, it offers a centralized control panel for convenient payment, features, and user management. Already have an existing company infrastructure? No worries, NordLayer can be easily integrated into Azure, Google Workspace, AWS and more.

Notion – for your docs and project management

Project management is no easy task, especially when there are multiple projects, deadlines and stakeholders involved. Want to keep track of the status of your project? Need to know what’s already been done? Notion is the tool you need. It’s useful for keeping tasks in order, and having workflows, docs, and guidelines in one place. You can create your own Wiki, and Notion even helps with building roadmaps and planning sprints. It’s a great tool for a neat and uncomplicated visual workflow in general. Another excellent feature is the ability to integrate it with Jira, Slack, Google Drive, and other apps for a truly seamless workflow.

Hootsuite – for your social media management

Let’s face it, competition is everywhere. If you’re running a business, social media is a tried-and-trusted approach to being seen, heard, and having a place under the sun. Social media is important for numerous reasons – increasing brand awareness, receiving direct feedback, customer engagement, and posting relevant content. However, managing multiple social media accounts can be a bit of a hassle. This is where Hootsuite comes in. This tool helps to schedule and publish content, monitor trends, and understand your audience. Everything can be done from a single handy dashboard, saving you precious time and resources.

Just the tip of the iceberg

This apps list for startups only scratches the surface of the myriad of possibilities out there. Depending on the category and profile of your business, there are dozens if not hundreds of apps and tools that could help you raise and maintain a successful business. These are just a few of what we think would be a good base to start out with, as they cover the most fundamental of needs. As mentioned previously, having the right tools can immensely help to stay on track, meet your goals, and simply be better organized – this is what tools are made for!


5 business apps for startup success in 2023

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.