ESET, a leader in information security, today announced it has been awarded the highest designation in the Innovation, Product, Market and Overall Leader categories in the 2018 Kuppinger Cole Leadership Compass Enterprise Endpoint Security: Anti-Malware Solutions.
The annual report by Kuppinger Cole, examines the key vendors in the Enterprise Endpoint Security market, with a special focus given to Enterprise Anti-Malware Solutions. In this evaluation, Kuppinger Cole assesses product and service functionality, innovation and the relative market share of each vendor evaluated in the annual report.
In the “Innovation Leadership” category, Kuppinger Cole recognizes leaders as vendors who are deploying new technologies and features designed to detect and remove sophisticated malware in current or upcoming products. ESET is praised for having a multi-faceted detection array, helping to identify and thwart threats facing enterprises. Kuppinger Cole also notes ESET excels at detecting file-less malware, polymorphism and ransomware.
“We are honored to have our enterprise security solutions recognized by Kuppinger Cole,” said Juraj Malcho, Chief Technology Officer at ESET. “Enterprises are facing an increasingly-sophisticated enemy, capable of deploying a variety of technologies to attack their networks and endpoints. ESET is committed to delivering best-in-class solutions for businesses to better detect and protect against these types of attacks.”
The report further evaluates each vendor on five pre-selected security criteria essential for decision makers of enterprise-sized organizations. ESET received a rating of “strong positive” in the Functionality, Integration and Usability categories and a rating of “positive” in the Security and Interoperability. These ratings recognize ESET’s expertise in delivering advanced and scalable security solutions to businesses in the enterprise sector.
In the category of “Overall Leadership”, ESET placed highly due to its thirty year history of fighting malware and delivering innovative products and solutions to the market. Kuppinger Cole identifies “Overall Leaders” by a combined rating in products, market presence and the innovation categories.
About Version 2 Limited Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About ESET For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.
GREYCORTEX is happy to announce that we have been selected to be part of the 2018 EY Accelerating Entrepreneurs program. This event, which happens in Amsterdam between the 21st and 24th of April, 2018, brings together companies selected as among the most innovative and advanced, worldwide. In addition to being one of only 30 companies selected to attend, GREYCORTEX is also the first Czech company in the history of the program to be selected.
As the EY press release notes: “The 2018 class of entrepreneurs represent dynamic businesses that focus on innovative and disruptive fields like artificial intelligence (AI), augmented reality, virtual reality (VR), customer interface, analytics, robotics and the Internet of Things (IoT).”
According to Annette Kimmitt, EY Global Growth Markets Leader, “… This year’s class is already solving big challenges, disrupting their markets and have cutting-edge technologies. We want to prepare these transformative entrepreneurs to expand from their local markets to a position of navigating and leading the world by pursuing their global growth objectives.”
We’re looking forward to joining the other 29 companies and accessing the wealth of information available from EY.
Tokyo – NetJapan, Inc., publisher of backup, disaster recovery, and virtualization software, releases ActiveImage™ Deploy USB, a USB based OS deployment tool for VARs, OEMs, and System Integrators.
ActiveImage Deploy USB creates a bootable USB Flash Memory containing a master image created from a pre-configured computer system, and deploys that image to a new client machine. ActiveImage Deploy USB automates, simplifies, and streamlines the deployment process making it an ideal solution for setting up new systems to include custom software and hardware configurations, and deploying setups to a large numbers of computers.
Features:
ActiveImage Deploy USB uses a WinPE based boot environment for supporting a wide range of drivers and hardware configurations.
An easy-to-use wizard driven interface guides you through creating a bootable USB Flash Memory with ActiveImage Deploy USB installed and ready to use.
The built in “Auto-Start” feature automates cloning without user interaction. Simply attach the USB Flash Memory to the target computer, power the system on, and ActiveImage Deploy USB deploys the pre-configured image to the target system.
The created Images are stored on the USB Flash Memory eliminating the need for additional storage devices to be connected.
Embed existing ActiveImage Protector backup image files for deployment.
Flexible license distribution to easily allocate licenses to each created USB Flash Memory deployment device.
About Version 2 Limited Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Actiphy Actiphy founded in 2007, focuses on developing and offering innovative backup and disaster recovery solutions for complete protection of all your systems and data. ActiveImage Protector backs up Windows, Linux machines on physical and virtual environments and restore systems and data fast for you to be up and running with minimal downtime and data loss. Today Actiphy hold 20% of the image backup market in Japan and are expanding our services in the Asia/Pacific and North American regions, as well as in Europe, the Middle East and Africa.
Previously unreported samples of Hacking Team’s infamous surveillance tool – the Remote Control System (RCS) – are in the wild, and have been detected by ESET systems in fourteen countries.
Our analysis of the samples reveals evidence suggesting that Hacking Team’s developers themselves are actively continuing the development of this spyware.
From Hacking Team to Hacked Team to…?
Since being founded in 2003, the Italian spyware vendor Hacking Team gained notoriety for selling surveillance tools to governments and their agencies across the world.
The capabilities of its flagship product, the Remote Control System (RCS), include extracting files from a targeted device, intercepting emails and instant messaging, as well as remotely activating a device’s webcam and microphone. The company has been criticized for selling these capabilities to authoritarian governments – an allegation it has consistently denied.
When the tables turned in July 2015, with Hacking Team itself suffering a damaging hack, the reported use of RCS by oppressive regimes was confirmed. With 400GB of internal data – including the once-secret list of customers, internal communications, and spyware source code – leaked online, Hacking Team was forced to request its customers to suspend all use of RCS, and was left facing an uncertain future.
Following the hack, the security community has been keeping a close eye on the company’s efforts to get back on its feet. The first reports suggesting Hacking Team’s resumed operations came six months later – a new sample of Hacking Team’s Mac spyware was apparently in the wild. A year after the breach, an investment by a company named Tablem Limited brought changes to Hacking Team’s shareholder structure, with Tablem Limited taking 20% of Hacking Team’s shareholding. Tablem Limited is officially based in Cyprus; however, recent news suggests it has ties to Saudi Arabia.
Having just concluded our research into another commercial spyware product, FinFisher, two interesting events involving Hacking Team occurred in close succession – the report about Hacking Team’s apparent financial recovery and our discovery of a new RCS variant in the wild with a valid digital certificate.
The spyware lives on
In the early stages of this investigation, our friends from the Citizen Lab – who have a long record of keeping track of Hacking Team – provided us with valuable input that led to the discovery of a version of the spyware currently being used in the wild and signed with a previously unseen valid digital certificate.
Our further research uncovered several more samples of Hacking Team’s spyware created after the 2015 hack, all being slightly modified compared to variants released before the source code leak.
The samples were compiled between September 2015 and October 2017. We have deemed these compilation dates to be authentic, based on ESET telemetry data indicating the appearance of the samples in the wild within a few days of those dates.
Further analysis led us to conclude that all the samples can be traced back to a single group, rather than being isolated instances of diverse actors building their own versions from the leaked Hacking Team source code.
One indicator supporting this is the sequence of digital certificates used to sign the samples – we found six different certificates issued in succession. Four of the certificates were issued by Thawte to four different companies, and two are personal certificates issued to Valeriano Bedeschi (Hacking Team co-founder) and someone named Raffaele Carnacina, as shown in the following table:
Certificate issued to
Validity period
Valeriano Bedeschi
8/13/2015 – 8/16/2016
Raffaele Carnacina
9/11/2015 – 9/15/2016
Megabit, OOO
6/8/2016 – 6/9/2017
ADD Audit
6/20/2016 – 6/21/2017
Media Lid
8/29/2016 – 8/30/2017
Ziber Ltd
7/9/2017 – 7/10/2018
The samples also have forged Manifest metadata – used to masquerade as a legitimate application – in common, appearing as “Advanced SystemCare 9 (9.3.0.1121)”, “Toolwiz Care 3.1.0.0” and “SlimDrivers (2.3.1.10)”.
Our analysis further shows that the author(s) of the samples have been using VMProtect, apparently in an effort to make their samples less prone to detection. This was also common among pre-leak Hacking Team spyware.
The connections among these samples alone could have originated with virtually any group re-purposing the leaked Hacking Team source code or installer – as was the case with Callisto Group in early 2016. We have, however, collected further evidence that ties these post-leak samples to Hacking Team’s developers themselves.
The versioning (which we accessed after overcoming VMProtect protection) observed in the analyzed samples continues where Hacking Team left off before the breach, and follows the same patterns. Hacking Team’s habit of compiling their payloads – named Scout and Soldier – consecutively, and often on the same day, can also be seen across the newer samples.
The following table shows the compilation dates, versioning and certificate authorities of Hacking Team Windows spyware samples seen between 2014 and 2017. Reuse of leaked source code by Callisto Group is marked in red.
Furthermore, our research has confirmed that the changes introduced in the post-leak updates were made in line with Hacking Team’s own coding style and are often found in places indicating a deep familiarity with the code. It is highly improbable that some other actor – that is, other than the original Hacking Team developer(s) – would make changes in exactly these places when creating new versions from the leaked Hacking Team source code.
One of the subtle differences we spotted between the pre-leak and the post-leak samples is the difference in Startup file size. Before the leak, the size of the copied file is padded to occupy was 4MB. In the post-leak samples, this file copy operation is padded to 6MB – most likely as a primitive detection evasion technique.
Figure 1 – Startup file size copy changed from 4 MB pre-leak to 6MB post-leak
We found further differences that fully convinced us of Hacking Team’s involvement. However, the disclosure of these details could interfere with the future tracking of the group, which is why we choose not to publish them. We are, however, open to share these details with fellow researchers (for any inquiries contact us at threatintel@eset.com).
The functionality of the spyware largely overlaps with that in the leaked source code. Our analysis so far has not confirmed the release of any significant update, as promised by Hacking Team following the hack.
As for the distribution vector of the post-leak samples we analyzed, at least in two cases, we detected the spyware in an executable file disguised as a PDF document (using multiple file extensions) attached to a spearphishing email. The names of the attached files contain strings likely aimed to reduce suspicion when received by diplomats.
Figure 2 – Investigation timeline
Conclusion
Our research lets us claim with high confidence that, with one obvious exception, the post-leak samples we’ve analyzed are indeed the work of Hacking Team developers, and not the result of source code reuse by unrelated actors, such as in the case of Callisto Group in 2016.
As of this writing, our systems have detected these new Hacking Team spyware samples in fourteen countries. We choose not to name the countries to prevent potentially incorrect attributions based on these detections, since the geo-location of the detections doesn’t necessarily reveal anything about the origin of the attack.
Serial Number: 2c e2 bd 0a d3 cf de 9e a7 3e ec 7c a3 04 00 da
SHA-1 samples
27f4287e1a5348714a308e9175fb9486d95815a2
71a68c6140d066ca016efa9087d71f141e9e2806
dc817f86c1282382a1c21f64700b79fcd064ae5c
SHA-1 samples
27f4287e1a5348714a308e9175fb9486d95815a2
71a68c6140d066ca016efa9087d71f141e9e2806
dc817f86c1282382a1c21f64700b79fcd064ae5c
C&Cs
188.226.170.222
173.236.149.166
Samples signed by Megabit, OOO
Thumbprint: 6d e3 a1 9d 00 1f 02 24 c1 c3 8b de fa 74 6f f2 3a aa 43 75
Serial Number: 0f bc 30 db 12 7a 53 6c 34 d7 a0 fa 81 b4 81 93
SHA-1 samples
508f935344d95ffe9e7aedff726264a9b500b854
7cc213a26f8df47ddd252365fadbb9cca611be20
98a98bbb488b6a6737b12344b7db1acf0b92932a
cd29b37272f8222e19089205975ac7798aac7487
d21fe0171f662268ca87d4e142aedfbe6026680b
5BF1742D540F08A187B571C3BF2AEB64F141C4AB
854600B2E42BD45ACEA9A9114747864BE002BF0B
C&Cs
95.110.167.74
188.226.170.222
173.236.149.166
46.165.236.62
Samples signed by Raffaele Carnacina
Thumbprint: 8a 85 4f 99 2a 5f 20 53 07 f8 2d 45 93 89 af da 86 de 6c 41
Serial Number: 08 44 8b d6 ee 91 05 ae 31 22 8e a5 fe 49 6f 63
SHA-1 samples
4ac42c9a479b34302e1199762459b5e775eec037
2059e2a90744611c7764c3b1c7dcf673bb36f7ab
b5fb3147b43b5fe66da4c50463037c638e99fb41
9cd2ff4157e4028c58cef9372d3bb99b8f2077ec
b23046f40fbc931b364888a7bc426b56b186d60e
cc209f9456f0a2c5a17e2823bdb1654789fcadc8
99c978219fe49e55441e11db0d1df4bda932e021
e85c2eab4c9eea8d0c99e58199f313ca4e1d1735
141d126d41f1a779dca69dd09640aa125afed15a
C&Cs
199.175.54.209
199.175.54.228
95.110.167.74
Samples signed by Valeriano Bedeschi
Thumbprint: 44 a0 f7 f5 39 fc 0c 8b f6 7b cd b7 db 44 e4 f1 4c 68 80 d0
Serial Number: 02 f1 75 66 ef 56 8d c0 6c 9a 37 9e a2 f4 fa ea
SHA-1 samples
baa53ddba627f2c38b26298d348ca2e1a31be52e
5690a51384661602cd796e53229872ff87ab8aa4
aa2a408fcaa5c86d2972150fc8dd3ad3422f807a
83503513a76f82c8718fad763f63fcd349b8b7fc
C&Cs
172.16.1.206
About Version 2 Limited Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About ESET For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.
As many as 43% of online login attempts globally are made by bots that are used for evil ends, as attackers are increasingly leveraging the automated tools for credential abuse, a report by Akamai has revealed.
Focusing on data for November, 2017, the content delivery network provider found that 3.6 billion out of 8.3 billion login requests during that month were malicious, specifically “attempts to log in to an account using password guessing or account details gathered from elsewhere on the Internet”.
A breakdown of the figures shows that the websites of retailers handled the highest number of login requests in November – 2.8 billion. “Only” 36% of them were intended to break into the accounts, according to Akamai’s Fourth Quarter 2017 State of the Internet / Security Report.
Meanwhile, the hospitality industry had to contend with the highest concentration of bad bots. A staggering 82% of nearly 1 billion login attempts on the websites of airlines, hotels and online travel agencies were found to be malicious.
Swarms of villain bots also swooped on the sites of high-tech businesses, with 57% out of 1.4 billion login attempts deemed malevolent.
The data was obtained by Akamai’s identifying “IP addresses that make multiple attempts to log into accounts using leaked credentials with no other activity to the target site”.
The data set covers mainly websites that use email addresses as login names. As a result, Akamai cautioned that the figures may understate the extent of the problem in industries in which email addresses are not used as user IDs, notably the financial industry.
Credential abuse attempts according to selected industries (Source: Akamai, Fourth Quarter 2017 State of the Internet / Security Report)
Bots that traverse the internet on behalf of their human operators can fulfill both legitimate and malicious automated tasks. Statistics indicate that bot-driven internet traffic, by helper and harmful bots combined, surpasses human traffic.
“Increased automation and data mining have caused a massive flood of bot traffic to impact websites and Internet services. Although most of that traffic is useful for Internet businesses, cybercriminals are looking to manipulate the powerful volume of bots for nefarious gains,” Akamai’s senior security advocate Martin McKeay is quoted as saying.
“Enterprises need to watch who is accessing their sites to differentiate actual humans from both legitimate and malicious bots. Not all web traffic and not all bots are created equal,” he added.
In an automated technique known as ‘credential stuffing’, criminals leverage stolen or leaked access credentials that belong to one account in order to break into other – often higher-value – accounts. This tactic has been found to pay dividends in anywhere between 0.1% and 2% of attempts, owing its success primarily to the fact that many netizens recycle their credentials across multiple accounts. Databases with reams of stolen username and password pairs can be easily bought online.
DDoS traffic
After several quarters of increases, the number of distributed denial-of-service (DDoS) attacks dropped by less than 1% in the fourth quarter of 2017 compared to the third quarter. On an annual basis, however, the attacks were up 14%, according to Akamai’s stats.
The gaming industry bore the brunt of the onslaughts, suffering 79% of all DDoS traffic. Germany and China between themselves accounted for the majority of source IP addresses involved in the attacks.
To say that DDoS attacks aren’t going anywhere would be an understatement, nor have we seen the last of Mirai. The notorious botnet, which took the internet by storm in the fall of 2016, remains alive and kicking. This is not least because of the proliferation of hackable Internet-enabled things, coupled with attackers continuing to adapt Mirai’s source code to befit their evil intentions.
Web app attacks
The number of web application attacks decreased by 9% following a quarter-over-quarter jump of 30% in the third quarter. They still rose by one-tenth compared to the last three months of 2016, however.
This type of threat most commonly involves scans to identify vulnerable sites with the ultimate aim of data thefts or other compromises. SQL injections, which Akamai highlighted as “easily automated and scalable”, accounted for one-half of web app attacks. On 36%, local file inclusion was the second-most-frequent attack vector.
The United States is by far both the top source and top target of web app attacks. The incursions that originate in the US soared by 31% compared to the last quarter of 2016.
About Version 2 Limited Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About CyberLink Founded in 1996, CyberLink Corp. (5203.TW) is the world leader in multimedia software and AI facial recognition technology. CyberLink addresses the demands of consumer, commercial and education markets through a wide range of solutions, covering digital content creation, multimedia playback, video conferencing, live casting, mobile applications and AI facial recognition. CyberLink has shipped several hundred million copies of its multimedia software and apps, including the award-winning PowerDirector, PhotoDirector, and PowerDVD. With years of research in the fields of artificial intelligence and facial recognition, CyberLink has developed the FaceMe® Facial Recognition Engine. Powered by deep learning algorithms, FaceMe® delivers the reliable, high-precision, and real-time facial recognition that is critical to AIoT applications such as smart retail, smart security, and surveillance, smart city and smart home. For more information about CyberLink, please visit the official website at www.cyberlink.com
The Internet of Things (IoT) is, for many, about devices we connect to a network for convenience, such as thermostats, light switches, connected cars and interactive toys for our kids.
While the IoT is indeed a marvelous invention, designed to make daily digital life even easier, how safe is it in terms of protecting your privacy?
Alongside an ESET researcher team, I investigated some of the more popular IoT devices on the market today with the aim of creating a basic ‘smart home’ that mimics the connectable objects likely to be found in a typical household.
Notions of interconnectivity and the ‘smart home’ are now rarely seen as the main focus of science fiction narrative, but assumed as background. Today, the IoT makes the ‘smart home’ not only achievable, but in some respects commonplace.
But how plausible is it to create your own ‘smart home’? Many issues can crop up when trying to create your own interconnected dwelling space. One of the challenges facing even the most basic implementation of a ‘smart home’ is interoperability between devices provided by different manufacturers to provide a harmonious, unified experience… or as close as possible!
We purchased a few IoT devices that could be deemed as essential for the creation of a type of starter kit for anyone wanting the convenience of an interconnected experience in their home. We also purchased a virtual personal assistant (a device that takes verbal commands and can control many of the devices purchased; in fact, a ‘smart home’ may actually start with a device like this and then expand functionally with additional IoT devices).
Privacy concerns
The main area of concern was constructing a ‘smart home’ that did not compromise on privacy.
In that respect, there was unease that the devices in the home could potentially collect private data. Of course, we understood the need for most devices and services to collect basic personal details. Worryingly, however, we found that companies often used the term “but not limited to”, meaning they might collect more than what was on the applicable privacy policy.
In total, the team tested twelve products from seven vendors, including one product that we have not included in the final report due to discovery of significant vulnerabilities. As a security company, we value the commitment to responsible disclosure and the collaborative nature of the IT security industry — therefore, we notified the company in question with specific details of the device’s shortcomings and will not publish these details until the vendor has had time to rectify the issues.
While each device tested led to some privacy issues, it was the role of voice-activated intelligent assistants that raised the most concerns. This is due, among other things, to concerns the fear of oversharing of data by commercial services, insufficient protection of stored personal data, and the possibility of interception of digital traffic by cybercriminals or the mischievous.
Can you create a safe smart home?
The answer is… possibly. No device or software is guaranteed to be secure or immune to potential vulnerabilities. However, a company’s security culture can be judged based on its reaction to vulnerabilities when they are disclosed. Some of the devices tested had vulnerabilities that have been dealt with quickly with new software and firmware. When vulnerabilities are not fixed promptly (or at all), then choosing an otherwise equivalent device would be an appropriate response. But with sound judgement and caution, it is possible to start a basic ‘smart home’.
Conclusion
At its inception, the goal of this project was to create a basic ‘smart home’ that mimics something that could end up in typical household. The concern from our research team was “what if we don’t find any issues?” Alas, this was not the case, and in fact the conclusion that I have written is different from what we had envisioned at the start.
The potential for home, lifestyle, health and even browsing data collected by internet service providers to be available to a single entity should only be permitted after due consideration for the consequences.
About Version 2 Limited Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About ESET For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.
The short answer to the headline’s question is that a UEFI scanner is all about helping you protect your computer against people who seek to take it over by abusing its Unified Extensible Firmware Interface (UEFI). A successful attack on a system’s UEFI can give the attacker complete control of that system, including persistence: the ability to secretly maintain unauthorized access to the machine despite rebooting and/or reformatting of the hard drive.
As you can imagine, this form of persistence is not a virtue and can prolong the pain and inconvenience of a malicious code infection. If your security software only scan drives and memory, without scanning UEFI, it is possible to think you have a clean machine when you don’t, that’s why we recommend a security solution that scans it, like ESET.
Why does my device have a UEFI?
Computing devices work by executing code: the instructions that we call software and which make the hardware – such as a laptop or smartphone – do something useful. Code can be fed to the device in several ways. For example, it can be read from storage on a disk, held in memory, or delivered via a network connection. But when you power on a digital device it has to start somewhere (bootstrap), and that first piece of code is typically stored in a chip on the device. This code, referred to as firmware, may include a “power-on self-test” or POST to make sure things are working correctly, followed by the loading into memory of the basic instructions for handling input and output.
If you’ve been into computers for a while you might recognize this chip-based code as BIOS or Basic Input Output System. In fact, BIOS technology dates back to the 1970s and so it is not surprising that it would eventually struggle to meet the demands of today’s computers, a point made by my colleague, Cameron Camp, in this excellent article on UEFI scanning. As Cameron details, UEFI technology has evolved to replace BIOS, although some devices still refer to it as BIOS. (I’m tempted to say “Meet the new BIOS, same as the old BIOS” but UEFI is signifcantly different, and besides, this article already has a headline that exploits a classic lyric: “What’s it all about, Alfie?”)
“FOR MOST PEOPLE, THIS IS THE RIGHT QUESTION TO BE ASKING, AND THE RIGHT ANSWER WILL DEPEND ON WHO YOU ARE”
Technically, UEFI is a specification, maintained by the Unified Extensible Firmware Interface Forum (uefi.org). According to the forum, the specification defines a new model for the interface between personal computer operating systems and platform firmware, and it “consists of data tables that contain platform-related information, plus boot and runtime service calls that are available to the operating system and its boot loader.” Without going into greater technical detail, UEFI added a great deal of functionality to the boot process, including some serious security measures (these are discussed in the ESET white paper referenced by this article).
Unfortunately, the illicit benefits of devising code that can surreptitiously take over a system early in the boot process – generically referred to as a bootkit – are a powerful motivator to the folks who specialize in unauthorized access to digital devices. Such folks could be: cybercriminals; domestic and foreign agencies like NSA and CIA; and private companies that sell “surveillance tools” to governments.
For more details, check out the excellent article by my ESET colleague Cassius Puodzius that discusses these “threat actors” and their interest in UEFI. The broader topic of bootkit evolution from early days through 2012 is ably covered by ESET Senior Research Fellow, David Harley, in this article. You might also check out the paper “Bootkits, Past, Present, and Future”, presented at Virus Bulletin 2014. And of course there are plenty of technical papers on the UEFI Forum site.
So what’s my UEFI risk?
For most people, this is the right question to be asking, and the right answer will depend on who you are. For example, are you someone whose computer might be of interest to the NSA or CIA or other government entity that has the resources to invest in code that abuses UEFI, either its own code or a commercial surveillance product purchased from a commercial vendor? Are you using your computer to develop, review, or otherwise handle intellectual property worth stealing? If you answered either of those questions in the affirmative, then I would say you have an above average risk of encountering UEFI malware.
Currently, I am not aware of any large-scale, broadly-targeted criminal malware campaigns that exploit UEFI to attack the general public’s computer systems (if you know of any, please share the knowledge). However, even if you are not in a high risk category, I strongly suggest you still need security software with UEFI scanning capability. Why? Remember those three letter agencies that have been developing UEFI attacks? Well, they don’t have a stellar reputation for keeping their tools secret. In fact, the biggest news in malware so far this year has been WannaCryptor a.k.a. WannaCry, and one reason that particular ransomware spread so fast was because it used a “top secret” exploit developed by the NSA, an agency known to have dabbled in UEFI compromise.
In other words, we just don’t know when a new malware campaign that abuses UEFI to maintain persistence on compromised systems will appear in the wild. What I can say is that folks who are performing UEFI scans on a regular basis will be better prepared to protect their systems from future malware than people who are not. And that is what UEFI scanning is all about.
ESET latest endpoint security products now include an industry first UEFI scanning.
About Version 2 Limited Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About ESET For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.
Creating high-quality videos just got a lot easier
VEGAS Creative Software releases VEGAS Movie Studio 15. This brand-new version makes it the most powerful two-in-one solution for video and audio editing in its segment.
Based on the core technology and features of the award-winning VEGAS Pro, the latest update of VEGAS Movie Studio enables professional results with minimal effort. 4k video editing and hardware acceleration improvements (support for Nvidia and Intel’s Quick Sync Video) bring top-level standards of video excellence and speed, whilst the new HEVC support allows users to significantly compress large video content while maintaining perfect quality.
The new modern user interface is now fully customizable to benefit experienced editors. Firstly, a new ‘hamburger menu’ button has been added, giving users the power to decide which button set should be visible in each window. The most noticeable update from the previous version is a logical, modern docking window behavior and control that allows users to arrange the workspace to individual workflows. You can even select between dark or light shades of interface background color according to preference.
For the beginners, a Quick Start dashboard has been added to guide with step-by-step instructions for video production, making it even easier to get started. An integrated ‘Show-Me-How’ tutorial feature that already exists from previous versions is still there to help. On top, new features like picture-in-picture scenes, freeze frames and split-screen sequences provide a professional look-and-feel to the video with just a few clicks on the storyboard. YouTubers or Vloggers will love the sharing-workflow-automation feature, now with improved file format support including iPhone video files.
For advanced users, the Suite version additionally offers iZotope RX Elements to achieve high-quality sound, as well as top-notch film effects coming from HitFilm and Boris FX.
“With the new VEGAS Movie Studio 15 we bring the powerful technology and high efficiency of VEGAS Pro to everyone who wants to make best-quality videos with minimal efforts,” says Gary Rebholz, VEGAS Product Owner.
Depending on their requirements, filmmakers can choose between three different versions of VEGAS Movie Studio 15:
About Version 2 Limited Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About VEGAS
Today, millions of VEGAS Pro and VEGAS Movie Studio users benefit from global industry-leading video editing technologies. Now, VEGAS launches into a new era. In May, 2016, MAGIX acquired the multiple award-winning VEGAS Pro and VEGAS Movie Studio product lines, along with other video and audio products. VEGAS Creative Software stands poised to take video editing to a new level. Our development teams in the US and Germany are working on innovative solutions to old problems, and building tools that push the boundaries of what’s currently possible. The VEGAS Creative Software mission: to make VEGAS software faster, more efficient, and even more intuitive. Our goal: to provide users at all levels–from video editing amateurs to creative professionals–tools that are perfectly suited to their needs and demands.
ESET today announced the launch of ESET Direct Endpoint Management with ConnectWise, a company that transforms how technology solution providers build, manage, and grow their businesses. The new Remote Management and Monitoring (RMM) plug-in for ConnectWise Automate speeds up and improves installation processes of ESET endpoints for the company’s Managed Service Providers (MSPs).
ESET Direct Endpoint Management establishes a direct connection between ESET endpoints and the ConnectWise Automate console. Built with the ConnectWise equipped partner in mind, the plug-in leverages the existing ConnectWise Agent to simplify deployment and management without sacrificing on performance or functionality.
While ESET currently offers a plug-in that connects ESET Remote Administrator (ERA) and ConnectWise Automate, this new version does not require MSPs to install ERA at all, meaning there are no additional servers or intermediate console to manage. MSPs can get up and running faster, and stay running with fewer issues caused by complex integration.
“We’ve had a strong relationship with ESET for many years, and from working with them, we know that we are partnering with a proven and reliable technology company,” said Travis Vigneau, director of channel sales and alliances for ConnectWise. “This new direct plug-in demonstrates ESET’s commitment to constantly improving what they offer to the entire ecosystem.”
“We understand how important our MSPs are and we want to help them overcome any challenges they may face,” said Jeronimo Varela, Director of Global Sales at ESET. “That’s why we’ve focused on developing the very best tools, with world-class protection solutions, to not only ensure our MSPs can deliver top-quality service efficiently, but also so that they can become trusted advisors to their customers.”
To find out more about ESET’s MSP program, please click here.
About Version 2 Limited Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About ESET For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.
About ConnectWise ConnectWise transforms how technology solution providers successfully build, manage and grow their businesses. Our award-winning set of software solutions provides a fully integrated, seamless experience to companies in more than 50 countries, giving them the ability to increase their productivity, efficiency and profitability. When combined with our relentless commitment to innovation, powerful network of ideas and experts, unparalleled passion for our users, and more than 35 years of experience, ConnectWise software solutions deliver the support companies want at each step of their business journey. For more information, visit www.ConnectWise.com.
March brings the most recent version of GREYCORTEX MENDEL; Version 3.0. As part of this release, MENDEL 3.0 brings several new features SOC administrators will love, as well as continued expansion for SCADA networks and upgraded hardware support.
Specifically, MENDEL now supports the latest in DELL Rx40 hardware. Those in SCADA network environments will enjoy updates to the MENDEL IDS system. Version 3.0 also includes visibility for the NFS (Network File System) and IEC 60870 5 101/104 protocols. SOC users will note that dashboards have been adjusted to better accommodate multiple sensors, and that the overall capacity for sensors connected to one collector has been increased to 30. Finally, MENDEL’s capabilities have been expanded to include the ability to add your own blacklist file, as well as export files to IBM Qradar SIEM via the LEEF format. New Features
GREYCORTEX has added support for the latest Dell servers (Rx40) so users will now be able to use the latest hardware.
SCADA support continues, with updates to the MENDEL IDS engine to include visibility IEC 60870 5 101/104 protocols – bringing new security for professionals in the energy infrastructure sector.
SOC administrators will appreciate several new features in version 3.0, including new dashboard settings suitable for multiple sensors for better SOC visualization, as well as the ability to add up to 30 sensors on one collector, and finally; LEEF expert format for events exported to IBM Qradar SIEM, and the ability to upload users’ own blacklists in .csv file.
Improvements
Several MENDEL features were improved. These included easier license extension, host identification, decryption performance, status monitoring, and data export. Bug Fixes
In general, our development team focused on improving the user experience and reporting.
Please note that updating to version 3.0 requires appliance restart and may take up to one hour.
Contact your local GREYCORTEX partner to find out how you can put MENDEL v3.0 to work for you.
