Skip to content

Safe-T Group Launches a Consumer VPN Application, Building a Stronger Infrastructure for Significant Growth in User Base

The new VPN application increases synergies between Safe-T Group’s cybersecurity business and its IP proxy business and will drive future product development

HERZLIYA, Israel, December 31, 2020 – Safe-T® Group Ltd. (NASDAQ, TASE: SFET), a provider of secure access solutions for on-premise and hybrid cloud environments, today announced the launch by its subsidiary, NetNut Ltd., of a new free consumer VPN application that will be available on all operating systems.

The new product, which will offer secure access in over 100 countries across the world, is based on the global presence of NetNut’s residential network and is expected to generate substantial user streams shortly after launch.

The new VPN application allows users to enjoy a high-quality, secured internet access experience, which up until now was available only for paying users in the VPN consumer market.

“We are excited about launching this new product today and expect it to contribute to our performance in the short term. The new VPN application helped drive our decision to enter the proxy market and will ultimately lead to increasing synergies between our defense cybersecurity unit and our proxy unit. Additionally, we are planning to expand the use of the new product in the future as a basis for new enterprise and consumer products,” said Shachar Daniel, CEO of Safe-T Group.

“We believe that the combination of a strong VPN application with our superior access network will result in one of the best products in the VPN consumer market. We are happy to offer it as a free service for end users and are also working on integrating it with Safe-T’s security solution for enterprises as part of the ZoneZero™ offering,” added Barak Avitbul, CEO of NetNut Ltd.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Safe-T® Group Ltd.
Safe-T Group Ltd. (Nasdaq, TASE: SFET) is a provider of Zero Trust Access solutions which mitigate attacks on enterprises’ business-critical services and sensitive data, while ensuring uninterrupted business continuity. Safe-T’s cloud and on-premises solutions ensure that an organization’s access use cases, whether into the organization or from the organization out to the internet, are secured according to the “validate first, access later” philosophy of Zero Trust. This means that no one is trusted by default from inside or outside the network, and verification is required from everyone trying to gain access to resources on the network or in the cloud.

Safe-T’s wide range of access solutions reduce organizations’ attack surface and improve their ability to defend against modern cyberthreats. As an additional layer of security, our integrated business-grade global proxy solution cloud service enables smooth and efficient traffic flow, interruption-free service, unlimited concurrent connections, instant scaling and simple integration with our services.

With Safe-T’s patented reverse-access technology and proprietary routing technology, organizations of all size and type can secure their data, services and networks against internal and external threats.

Safe-T Group Recognized by Gartner as a Representative Vendor in December 2020 Report Titled, ‘SASE Will Improve Your Distributed Security Everywhere’

HERZLIYA, Israel, December 30, 2020 – Safe-T® Group Ltd. (NASDAQ, TASE: SFET), a provider of secure access solutions for on-premise and hybrid cloud environments, has been recognized as a Representative Vendor in Gartner’s December 2020 report titled, “SASE Will Improve Your Distributed Security Everywhere.”[1]

This recognition from Gartner, the world’s leading research and advisory company, follows a June 2020 announcement, in which Safe-T was  named a Representative Vendor of Stand-Alone ZTNA.

Secure Access Service Edge (SASE) is a new enterprise networking technology category introduced by Gartner in the August 2019 report “The Future of Network Security in the Cloud“. SASE converges the functions of network and security point solutions into a unified, global cloud-native service. It is an architectural transformation of enterprise networking and security that enables information technology (IT) to provide a holistic, agile and adaptable service to the digital business. What makes SASE unique is its transformational impact across multiple IT domains converging of wide area networking (WAN) and network security services into a single, cloud-delivered service model, allowing organizations to shift towards a more dynamic and adaptive network.

According to Gartner, “SASE is as an emerging architecture combining comprehensive WAN capabilities with comprehensive network security functions (such as SWG, CASB, FWaaS and ZTNA) to support the dynamic secure access needs of digital enterprises. ZTNA is a capability that — irrespective of whether it operates as an endpoint or service-initiated model, or whether it is deployed as a stand-alone appliance or is consumed as a service — is always ingress SASE. It provides strictly controlled access to internal systems and applications.”

Safe-T ZoneZero™ is the leading ZTNA solution in the market today, and it is the only ZTNA solution that unifies all access use cases, supporting VPN users, non-VPN users and internal users alike. With ZoneZero™, organizations can support all access scenarios:

  • All user types – people (managed or unmanaged), applications, APIs and connected devices
  • All user locations – external or internal
  • All application types – new or legacy
  • All application locations – cloud or on-premises

Safe-T’s ZoneZero™ offers secure, transparent and controlled access for all types of entities—whether they are people, applications or connected devices—to any internal application, service, and data (HTTP/S, SMTP, SFTP, SSH, APIs, RDP, SMB, thick applications, etc.). By leveraging Safe-T’s patented reverse-access (outbound) technology, ZoneZero™ can eliminate the need to open incoming ports in the corporate firewall.

Gartner also stated, “Replacing or extending client VPN with ZTNA services for remote access to applications. Expand the use of ZTNA so it performs more than just “TLS VPN”; use its software-defined perimeter capabilities. Take advantage of any techniques to reduce attack surface, such as using single-packet authorization.”

Gartner Disclaimer

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Safe-T® Group Ltd.
Safe-T Group Ltd. (Nasdaq, TASE: SFET) is a provider of Zero Trust Access solutions which mitigate attacks on enterprises’ business-critical services and sensitive data, while ensuring uninterrupted business continuity. Safe-T’s cloud and on-premises solutions ensure that an organization’s access use cases, whether into the organization or from the organization out to the internet, are secured according to the “validate first, access later” philosophy of Zero Trust. This means that no one is trusted by default from inside or outside the network, and verification is required from everyone trying to gain access to resources on the network or in the cloud.

Safe-T’s wide range of access solutions reduce organizations’ attack surface and improve their ability to defend against modern cyberthreats. As an additional layer of security, our integrated business-grade global proxy solution cloud service enables smooth and efficient traffic flow, interruption-free service, unlimited concurrent connections, instant scaling and simple integration with our services.

With Safe-T’s patented reverse-access technology and proprietary routing technology, organizations of all size and type can secure their data, services and networks against internal and external threats.

ESET named a ‘Strategic Leader’ in rigorous new AV-Comparatives Endpoint Prevention and Response Test

BRATISLAVA – ESET, a global leader in cybersecurity, has been named a Strategic Leader in the Endpoint Prevention and Response (EPR) Comparative Report, one of the most comprehensive tests of endpoint detection and response (EDR) solutions and endpoint security products ever performed by AV-Comparatives. The ESET PROTECT Enterprise bundle, comprising the ESET PROTECT management console, ESET Endpoint Security 7.3, and ESET Enterprise Inspector 1.4 – ESET’s EDR solution – was tested in the report.

AV-Comparatives, a leading independent testing organization, well-known for offering innovative real-world environment testing, subjected the products of nine vendors to dozens of targeted attacks, each deployed by a variety of techniques and tactics.

In addition to traditional in-depth testing, AV-Comparatives has developed an Enterprise EPR CyberRisk Quadrant™ that factors in the effectiveness of each product at preventing breaches, the calculated savings resulting from this, the purchase costs of the product, and the product’s accuracy costs (incurred due to false positives). ESET and its solutions were named a Strategic Leader in the quadrant – the highest certification in the quadrant. Strategic Leaders are defined as products that have a very high return on investment and provide very low total cost of ownership due to exceptional technical   capabilities, combined with reasonable costs. Strategic Leaders develop groundbreaking ideas and implement these impressively in their products.

ESET achieved particularly high scores in the categories of active response, passive response, and combined prevention/response capabilities, scoring the highest percentages of the test with 98%, 100%, and 99%, respectively. In the combined prevention category, only four out of the nine vendors received such a result.

As stated in the report, ESET PROTECT Enterprise did exceptionally well at handling threats targeted towards the user, in particular before the threat progressed inside the user environment. The easy-to-use intuitive console was praised, as well as the contextual data provided in order for security analysts to prioritize, mitigate, and further investigate threats. In addition to threat data and insight, ESET’s solutions showed good mapping to the MITRE ATT&CK®, enabling analysts to escalate an incident when necessary and provide additional defensive measures when available.

Andreas Clementi, CEO and founder, AV-Comparatives, commented, “ESET not only achieved the highest combined prevention and response score in the test, but also demonstrated outstanding overall detection and reporting capabilities. The test results contributed to ESET’s lowest total cost of ownership for organizations among all assessed vendors and ensured ESET’s position as a Strategic Leader in this new test by AV-Comparatives.”

Juraj Malcho, Chief Technology Officer at ESET, noted, “We are extremely proud of these results and of being named a Strategic Leader by AV-Comparatives in such a rigorous and important new test. We are passionate about always improving on and innovating our cutting-edge solutions, and third-party testing is a critical step in ensuring we’re delivering on that promise. The high scores in this EPR test reflect both our dedication to our customers’ safety and our commitment to providing the highest standard of EDR and endpoint security solutions from both passive and active defense standpoints.”

To learn more about ESET’s award-winning solutions, click here.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

What have we learned about mobile security in 2020?

Whether we like it or not, it is now an established fact that mobile phones play a major role in our day-to-day life, and never has this been truer than in 2020. With opportunities for socializing and travel reduced, it has been a year of scrolling, messaging and video calling. While there is a general perception that mobile phones are a safe haven from malware and cyberthreats, ESET’s research this year has shown that to be far from the truth.

Android threats surged in March, as the COVID-19 crisis created an opportunity for threat actors to exploit Android users’ hunger for information about the virus and related topics. ESET researchers witnessed malicious apps distributed in campaigns under coronavirus-themed disguises, such as infection maps, tracking applications and information about financial compensation.

For example, in Q2 2020, ESET researchers identified a new Android crypto-ransomware posing as a Canadian COVID-19 tracing app, just days after the Canadian government announced its intention to back the development of a nationwide tracing app. ESET researchers also analyzed an extremely dangerous Android app in May called DEFENSOR ID, which was capable of wiping out a victim’s bank account or cryptocurrency wallet and taking over their email or social media accounts.

In July, a long-running cyberespionage campaign was discovered that targeted Android users in the Middle East via the malicious Welcome Chat app. The app’s operators spied on their victims and then made the data harvested from them freely available on the internet. Similarly, victims in the Middle East were also targeted with a new version of Android spyware used by the APT-C-23 group, which allowed threat actors to read notifications from messaging apps and record calls and screen activity.

These discoveries demonstrate that threats must be taken seriously, but they do not need to ruin our experience with mobile phones – it is vital that we are just as committed to protecting our phones with cybersecurity software as we are our laptops and desktops. ESET Mobile Security (EMS) is a solution for Android that protects against a multitude of mobile threats, securing users’ data through strong malware protection and providing a safe browsing environment with its anti-phishing feature. EMS also protects users from physical loss and theft, supplying real-time information about the status and whereabouts of the device in question.

In September of this year, version 6.0 of ESET Mobile Security was launched, adding a host of new features including Payment Protection, which safeguards users while they are using applications in which they access sensitive financial information for banking transactions or online shopping. The feature prevents other apps replacing or reading the screen of any applications installed from the Google Play store that fall into the finance category, also allowing users to use the same protection for other installed apps that fall outside of the finance category.

Version 6.0 also brought design changes, improving its intuitiveness and ease of use with features such as the Call Filter feature that allows users to protect against unwanted incoming calls and a redesign of the Anti-Theft feature to allow for simpler onboarding and resetting of passwords.

The year 2020 also saw ESET awarded certificates by MRG Effitas, a world leader in independent IT security efficacy testing, in their Android 360° Assessment Programmes in Q1, Q2 and Q3, receiving a 99%+ score for detection. As both the report and ESET’s research highlight, Android-based threats are constantly on the rise, and it is therefore vital to have software installed that protects against malware, as well as other threats such as phishing.

To find out more about ESET Mobile Security and how it can keep you and your phone safe from mobile threats, head over to ESET’s website

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Safe-T Offers Free Review of Organizations’ Networks and Attack Footprint in Face of Recent SolarWinds Supply Chain Attacks

“Recent wide-range attacks provide further confirmation of Safe-T’s business and product strategy in the past year, of executing a proactive approach to identify potential threats and develop advance products for the prevention and containment of attacks”

HERZLIYA, Israel, December 28, 2020 — Safe-T® Group Ltd. (NASDAQ, TASE: SFET), a provider of secure access solutions for on-premise and hybrid cloud environments, announced today that in the face of recent supply chain attacks, such as the Sunburst (or Solarigate) attack, it is offering free of charge review of organizations’ networks and attack footprint. Safe-T’s ZoneZero™ Multi-Factor Authentication (MFA) solution is designed to add the core component of a strong identity and access management policy to any corporate resource and secure organizations against supply chain attacks, including the recent attacks.

Recently, it was reported that a threat-actor managed to infiltrate a large number of organizations, including several U.S. government agencies. It did this by distributing backdoor software, named SunBurst, by utilizing a weak link in SolarWind’s Orion IT monitoring and management software update system and then inserted malicious code into otherwise legitimate software updates. Once backdoor access was achieved, attackers worked to gain privilege escalation, steal credentials and then laterally traverse the internal network scanning for targeted data.

Based on SolarWind’s data, 33,000 organizations use Orion’s software, and 18,000 were directly impacted by this malicious update. As more details have become available, it has become clear that this is one of the most invasive and significant cyberattacks to date.

Safe-T’s ZoneZero™ MFA is the first ever Zero Trust Network Access (ZTNA) solution which is designed to add centralized MFA to any corporate resource including system, server, data, application, and more. For clients using the solution, when an attempt to access a server from an infected system occurs, it invokes an MFA request that until approved, prevents the infiltration of the unauthorized source.

“Recent wide-range cyber-attacks affirm Safe-T’s business and product strategy in the past year. We are executing a proactive approach to identify potential threats and develop advanced products designed to prevent and contain such attacks. Our ZoneZero™ MFA solution, which was launched earlier this year, is a great example of our alignment against  new types  of cyber threats,” said Shachar Daniel, CEO at Safe-T.

“Our centralized approach assumes the attacker is already in the network and prevents the spread of the attack from moving laterally throughout the network. By deploying ZoneZero™ MFA in the network, it is now possible to ensure that any request from any user or application to any internal application would invoke an MFA action, blocking hackers or third-party attacks from moving around the network. Our solution allows customers to easily integrate MFA and identity awareness into all access scenarios – remote and internal users, VPNs, web, and non-web applications.

“SolarWinds is used by thousands of companies, government agencies and NGOs. Although any breach to our customers’ systems remains confidential, we believe that using our ZoneZero™ MFA could successfully prevent the hackers from traversing from the infected SolarWinds solution to other resources in the network, thus cutting the main attack vector. Stopping the infiltration of a cyber-attack ensures that our customers are protected against the most dangerous part of the attack and are well positioned to survive future supply chain incidents. We encourage organizations who rely on traditional security measures to consider our solution to protect their network. Although this has been one of the widest security attacks in history, we know it will not be the last,” concluded Mr. Daniel.

To learn more about ZoneZero™ MFA and the SolarWinds attack, please read our blog post here.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Safe-T® Group Ltd.
Safe-T Group Ltd. (Nasdaq, TASE: SFET) is a provider of Zero Trust Access solutions which mitigate attacks on enterprises’ business-critical services and sensitive data, while ensuring uninterrupted business continuity. Safe-T’s cloud and on-premises solutions ensure that an organization’s access use cases, whether into the organization or from the organization out to the internet, are secured according to the “validate first, access later” philosophy of Zero Trust. This means that no one is trusted by default from inside or outside the network, and verification is required from everyone trying to gain access to resources on the network or in the cloud.

Safe-T’s wide range of access solutions reduce organizations’ attack surface and improve their ability to defend against modern cyberthreats. As an additional layer of security, our integrated business-grade global proxy solution cloud service enables smooth and efficient traffic flow, interruption-free service, unlimited concurrent connections, instant scaling and simple integration with our services.

With Safe-T’s patented reverse-access technology and proprietary routing technology, organizations of all size and type can secure their data, services and networks against internal and external threats.

SolarWinds Hack Report: How Can you Beat the Next Supply Chain Attack?

Another day, another supply chain attack, maybe one of the worst in years. Yes, we’re talking about the recent SolarWinds attack. This attack, which has been the downfall of many companies, has gone through rigorous investigation, research, and analysis by vendors like Microsoft and FireEye.

In a nutshell, the attack itself utilized a vulnerability and backdoor into the SolarWinds Orion Platform. Once the hackers got in, they deployed their code into one of the DLL files or the Orion platform. From there, they were able to connect to the attackers’ command and control servers in order to get the attack commands.

The last step of the attack was executed once the backdoor access was achieved; at that stage, the attackers started working on gaining privilege escalation, and from there went on to steal credentials and laterally traverse the network scanning for the victims’ crown jewels.

The lateral movement attack was done via PowerShell remote task creation, as shown by FireEye. Now as PowerShell is widely used within organization networks, its clear to see that the hackers could move around the organization easily without anyone noticing.

One of the reasons that the use of PowerShell to access servers is simple and easy, is that all an attacker needs in order to execute the PowerShell command are basic credentials, stolen from other accounts. No second factor challenge is invoked in such cases, making it very easy to hack into internal systems.

Adding MFA to ALL Internal Systems

Well, how would you have blocked such an attack? The 1st thought that comes to mind is patching SolarWinds, right? Since that was the origin of the attack?

But…you are not the developer of SolarWinds, are you? You are a customer, so patching won’t work…

Ok, so what can we do? We can deploy complex solutions which will scan all the traffic in the network and look for traffic going to the C2 server or from the C2 server to the compromised machine. Not a simple task at all.

And even if you do run and patch all your 3rd party software, or deploy a network scanning solution, what guarantees that the next Zero Day attack will not harm you? We have to accept that as long as developers develop software, vulnerabilities will continue to be the necessary evil that we’ll have to live with. But living with them doesn’t mean that we can’t mitigate the risk of these vulnerabilities being exploited by hackers.  We might want to consider a different approach – controlling and securing the internal processes and continuously challenging the attackers.

We are told often to assume the attacker is already in our network, so why don’t we try and prevent them from moving laterally throughout our network? The idea being, that they will get in but won’t be able to do harm.

What if we could “auto magically” add MFA to every system, server, and application in the network, so that when the attacker tries to access a server from the infected machine, their PowerShell command (if we take the aforementioned attack as an example), would have invoked an MFA request that until approved would have prevented the command from executing?

Safe-T’s ZoneZero® MFA Solution

I am happy to say that what I described above is no longer a dream. Safe-T ZoneZero MFA is the 1st ever zero-trust network access (ZTNA) solution designed to add centralized MFA to any corporate resource (system, server, data, application, etc.).

Improved and continuous user authentication is one of the main components in zero-trust network access. Identification providers and multi-factor authentication providers have improved the authentication process, but the leading ‘client-based’ approach creates integration and maintenance challenges. Moreover, many non-web applications are not naturally compatible with MFA.

Safe-T’s ZoneZero MFA centralized approach allows customers to easily integrate multi-factor authentication (SMS, push messaging, Biometric, Telegram, WhatsApp, REST API) and identity awareness into all access scenarios – remote and internal users, VPNs, web and non-web applications.

This product is part of the ZoneZero Perimeter Access Orchestration platform that provides central management of all secure access technologies and helps organizations achieve zero-trust network access (ZTNA).

With Safe-T ZoneZero® MFA – You can block hackers from moving around your network!

By deploying ZoneZero MFA in the network, it is now possible to ensure that any request from any user/application to any application invokes an MFA action, for example, a text message sent to the IT administrator or relevant application developer. Until the MFA is responded to, it prevents the execution of the command.

Such a capability would have prevented the lateral movement attack vector completely, because at the 1st attempt to execute a PowerShell command, the company’s IT would have been notified and the alarms would have started blaring.

The Solution – ‘Safe-T ZoneZero® MFA’

   Centralized approach – No client-side integration

   Seamless integration – Rapid deployment

   Add MFA capabilities to legacy applications, proprietary services, RDP, file shares, SSH, SFTP, VMWare, etc.

   Upgrade 2FA to true MFA

   Optimize cost of deployment and ownership

   Built-in MFA or integration with 3rd party MFA/IdPs – SMS, push messaging, Biometric, Telegram, WhatsApp, REST API

   Support continuous authentication

   Application access control policies for internal users

   User > App and App > App use cases

   Eliminate identity takeover fraud while delivering a seamless user experience

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Safe-T® Group Ltd.
Safe-T Group Ltd. (Nasdaq, TASE: SFET) is a provider of Zero Trust Access solutions which mitigate attacks on enterprises’ business-critical services and sensitive data, while ensuring uninterrupted business continuity. Safe-T’s cloud and on-premises solutions ensure that an organization’s access use cases, whether into the organization or from the organization out to the internet, are secured according to the “validate first, access later” philosophy of Zero Trust. This means that no one is trusted by default from inside or outside the network, and verification is required from everyone trying to gain access to resources on the network or in the cloud.

Safe-T’s wide range of access solutions reduce organizations’ attack surface and improve their ability to defend against modern cyberthreats. As an additional layer of security, our integrated business-grade global proxy solution cloud service enables smooth and efficient traffic flow, interruption-free service, unlimited concurrent connections, instant scaling and simple integration with our services.

With Safe-T’s patented reverse-access technology and proprietary routing technology, organizations of all size and type can secure their data, services and networks against internal and external threats.

ESET has joined the Diversity Charter of the Slovak Republic

Bratislava – ESET, a global leader in cybersecurity, has joined fifty other signatory companies operating in the Slovak Republic in signing the Diversity Charter of the Slovak Republic. In a first, the signing ceremony took place online. The Diversity Charter is a voluntary initiative by companies and organizations to promote diversity in the workplace. It is supported by the European Commission via the EU Platform of Diversity Charters, which supports the dissemination and sharing of principles, good practice and experience on diversity management in EU countries.

“For ESET, as a technology company, a central tenet of diversity and CSR activities is strengthening the representation of women and girls in IT, not only for the company itself, but for the entire sector as a whole. By signing the Diversity Charter of the Slovak Republic, we want to demonstrate that ESET takes inclusion and diversity seriously and that it is a matter of principle for us,” said Lucia Marková, ESET’s CSR Manager, at the signing of the Diversity Charter.

Membership in this initiative is open to all companies and organizations that are aware of the importance of equal treatment, inclusion and diversity in the workplace. The signatories agree with the content of the Diversity Charter of the Slovak Republic and subscribe to the following principles:

  • Voluntarily integrate into the life of the company a set of principles and procedures that take into account diversity and an inclusive approach in the workplace.
  • Build a relationship toward employees based on these principles and raise awareness of diversity issues at the management level.
  • Inspire other companies operating in Slovakia and spread awareness of the benefits arising from the implementation of a policy of diversity.

“We work hard at creating a respectful environment in which all our employees feel welcome, without distinction. We promote diversity in the workplace very naturally; on our part, we mainly focus on a receptive and individual approach, not on statistics. We also pay serious attention to the approach we’ve taken to promote mental health at work, a very current topic that underlies the success of any and all employees,” concludes Daniela Škripková, Chief HR Officer at ESET.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Safe-T and Fujitsu Portugal Launch Secure Remote Access Managed Security Service

HERZLIYA, Israel, December 23, 2020 – Safe-T® Group Ltd. (NASDAQ, TASE: SFET), a provider of secure access solutions for on-premise and hybrid cloud environments, announced today the launch of a joint secure remote access managed security service (MSS) with Fujitsu Technology Solutions, LDA (“Fujitsu”), a global information and communication technology (ICT) company, in Portugal.

Safe-T was chosen by Fujitsu to partner and launch a secure remote access managed security service. The new MSS is based on Safe-T ZoneZero™, Safe-T’s zero trust-based network access (ZTNA) solution, and will be offered to Fujitsu’s top-tier customers in various sectors, such as banking, insurance, industrial and others in Portugal.

ZTNA solutions are changing the way organizations grant external, secure, segmented and audited access to their services, significantly reducing the attack surface area, hiding system vulnerabilities and mitigating unauthorized or risky access.

“We are very honored to have been selected by Fujitsu in Portugal to provide our unique ZoneZero™ solution to its customers as part of their managed security services,” said Shachar Daniel, CEO at Safe-T. “We continue to execute our strategy to partner with top-tier leading companies for the joint marketing of our solutions and to expand our market reach. With the shift in work habits due to Covid-19 and the increase in the attack surface due to digital transformation, we see a rising need for our Zero Trust Access solutions.”

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Safe-T® Group Ltd.
Safe-T Group Ltd. (Nasdaq, TASE: SFET) is a provider of Zero Trust Access solutions which mitigate attacks on enterprises’ business-critical services and sensitive data, while ensuring uninterrupted business continuity. Safe-T’s cloud and on-premises solutions ensure that an organization’s access use cases, whether into the organization or from the organization out to the internet, are secured according to the “validate first, access later” philosophy of Zero Trust. This means that no one is trusted by default from inside or outside the network, and verification is required from everyone trying to gain access to resources on the network or in the cloud.

Safe-T’s wide range of access solutions reduce organizations’ attack surface and improve their ability to defend against modern cyberthreats. As an additional layer of security, our integrated business-grade global proxy solution cloud service enables smooth and efficient traffic flow, interruption-free service, unlimited concurrent connections, instant scaling and simple integration with our services.

With Safe-T’s patented reverse-access technology and proprietary routing technology, organizations of all size and type can secure their data, services and networks against internal and external threats.

SolarWinds backdoor got a kill switch – there is still about 18k potential victims

SolarWinds backdoor and connected with it a recent supply-chain attack are one of the biggest cyber incidents we have witnessed in years. The compromised software channel was used to push out malicious updates onto 18,000 of their Orion platform customers. There is a new development in this case. Security specialists turned a malicious domain name used to control potentially thousands of computer systems into a kill switch. How it was done exactly? Well… check the newest episode of Xopero Security Center to find out more.

FireEye, Microsoft and GoDaddy create kill switch for SolarWinds backdoor

Microsoft, FireEye, and GoDaddy have collaborated to create a kill switch for the SolarWinds Sunburst backdoor that forces the malware to terminate itself.

Last week was all about The SolarWinds hack. A short reminder – it was revealed that Russian state-sponsored hackers breached SolarWinds and added malicious code to a Windows DLL file used by their Orion IT monitoring platform.

This malicious DLL is a backdoor tracked as Solarigate – by Microsoft – or Sunburst – by FireEye – and was distributed via SolarWinds’ auto-update mechanism to approximately 18,000 customers. The vast majority of these victims are US government agencies, such as:

  • The US Treasury Department
  • The US Department of Commerce’s National Telecommunications and Information Administration (NTIA)
  • The Department of Health’s National Institutes of Health (NIH)
  • The Cybersecurity and Infrastructure Agency (CISA)
  • The Department of Homeland Security (DHS)
  • The US Department of State
  • The National Nuclear Security Administration (NNSA) (also disclosed today)
  • The US Department of Energy (DOE) (also disclosed today)
  • Three US states (also disclosed today)
  • City of Austin (also disclosed today)
How the backdoor works

The Sunburst backdoor would connect to a command and control (C2) server at a subdomain of avsvmcloud[.]com to receive ‘jobs’, or commands to execute. If the C2 server resolved to an IP address in one of the following ranges, the malware would terminate and update a setting, so the malware never executes again.

10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
224.0.0.0/3
fc00:: – fe00::
fec0:: – ffc0::
ff00:: – ff00::
20.140.0.0/15
96.31.172.0/24
131.228.12.0/22
144.86.226.0/24

Last week, the command and control server domain, avsvmcloud[.]com, was seized and now resolves to the IP address 20.140.0.1, which belongs to Microsoft. This domain takeover allows Microsoft and its partners to sinkhole the malicious traffic and analyzes it to identify further victims.

The kill switch

FireEye collaborated with GoDaddy and Microsoft to deactivate Sunburst infections. Researchers used the avsvmcloud[.]com takeover to create a kill switch that unloads the malware on infected machines. As was mentioned before, depending on the IP address returned when the malware resolves avsvmcloud[.]com, it could / would terminate itself and prevent further execution.

As part of this collaboration, GoDaddy has created a wildcard DNS resolution so that any subdomain of avsvmcloud[.]com resolves to 20.140.0.1. When an infected machine tries to connect to its command and control server under the avsvmcloud[.]com domain, the subdomain will always resolve to the 20.140.0.1 IP address. As this IP address is part of the 20.140.0.0/15 range that is on the malware block list, it will cause the malware to terminate and prevent itself from executing again.

This killswitch will affect new and previous Sunburst infections by disabling Sunburst deployments that are still beaconing to avsvmcloud[.]com. Organizations that were already breached by the threat actors likely have different methods to access the victim’s network.

Source

AIR-FI attack allows exfiltrating data from Air-Gapped computers via Wi-Fi signals…

The attack doesn’t require a Wi-Fi hardware.

Air-gapped computers – machines with no network interfaces – are considered a necessity in environments where sensitive data is involved in an attempt to reduce the risk of data leakage. Thus in order to carry out attacks against such systems, it is often essential that the transmitting and receiving machines be located in close physical proximity to one another and that they are infected with the appropriate malware to establish the communication link.

AIR-FI is a novel technique that leverages Wi-Fi signals as a covert channel-surprisingly, without requiring the presence of Wi-Fi hardware on the targeted systems. The attack hinges on deploying a specially designed malware in a compromised system that exploits DDR SDRAM buses to generate electromagnetic emissions in the 2.4 GHz Wi-Fi bands and transmitting information atop these frequencies that can then be intercepted and decoded by nearby Wi-Fi capable devices such as smartphones, laptops, and IoT devices before sending the data to remote servers controlled by an attacker.

Novel and unique technique

AIR-FI is unique in that the method neither relies on a Wi-Fi transmitter to generate signals nor requires kernel drivers, special privileges such as root, or access to hardware resources to transmit the data. What’s more, the covert channel works even from within an isolated virtual machine and has an endless list of Wi-Fi enabled devices that can be hacked by an attacker to act as a potential receiver.

The kill chain in itself consists of an air-gapped computer onto which the malware is deployed via social engineering lures, self-propagating worms such as Agent.BTZ, tampered USB flash drives, or even with the help of malicious insiders. It also requires infecting Wi-Fi capable devices co-located in the air-gapped network by compromising the firmware of the Wi-Fi chips to install malware capable of detecting and decoding the AIR-FI transmission and exfiltrating the data over the Internet.

To generate the Wi-Fi signals, the attack makes use of the data bus (or memory bus) to emit electromagnetic radiation at a frequency correlated to the DDR memory module and the memory read/write operations executed by processes currently running in the system.

Countermeasure

Researchers propose zone protections to safeguard against electromagnetic attacks, enabling intrusion detection systems to monitor and inspect for processes that perform intensive memory transfer operations, jamming the signals, and using Faraday shields to block the covert channel.

Source

Malicious Chrome, Edge extensions with 3M installs still in stores

Malicious Chrome and Edge browser extensions with over 3 million installs, most of them still available on the Chrome Web Store and the Microsoft Edge Add-ons portal, are capable of stealing users’ info and redirecting them to phishing sites.

The malware-laced extensions found by Avast researchers are designed to look like helper add-ons for Instagram, Facebook, Vimeo, and others. It looks like they have been used from December 2018. 

Anytime a user clicks on a link, the extensions send information about the click to the attacker’s control server, which can optionally send a command to redirect the victim from the real link target to a new hijacked URL before redirecting them to the actual website they wanted to visit.

The actors exfiltrate and collect the user’s birth dates, email addresses, and device information, including first sign-in time, last login time, name of the device, operating system, browser and its version, even IP addresses. The end goal is focused on monetizing the users’ traffic by automatically redirecting them to third-party domains, including sites filled with ads or phishing landing pages.

The extensions’ backdoors are well-hidden and start to exhibit malicious behaviour days after installation, which made it hard for any security software to discover. Among the tactics used to evade detection, the malware will monitor what the victims search and will not activate if they are looking for info on one of its domains.It will also avoid infecting web developers who have the knowledge to spot it and examine the extensions’ malicious background activity.

The lists of malicious extentions includes:

Direct Message for Instagram, Direct Message for Instagram, DM for Instagram, Invisible mode for Instagram Direct Message, Downloader for Instagram (1,000,000+ users), Instagram Download Video & Image, App Phone for Instagram, Stories for Instagram, Universal Video Downloader, Video Downloader for FaceBook, Vimeo™ Video Downloader (500,000+ users), Volume Controller, Zoomer for Instagram and FaceBook, Spotify Music Downloader, Pretty Kitty, The Cat Pet, Video Downloader for YouTube, SoundCloud Music Downloader, The New York Times News Instagram App with Direct Message DM.

The extensions were probably deliberately created with the malware built-in, the author waited for the extensions to become popular, and then pushed an update containing the malware or it was bought from the original author. 

Both Microsoft and Google are currently looking into Avast’s findings but, until they are removed, users should disable or uninstal the extensions and then scan for any malware infections

Source

Google, YouTube, Gmail service suffered major outage worldwide

If you have tried to log in to your Google services on Monday at around 11:56 GMT you have probably noticed that all of them went down abruptly. Like countless other users across the globe. The disrupted services include Google Search, Google Assistant, Gmail, Google Drive, and YouTube.

Downdetector, a web outage tracking service, identified more than 40,000 outage cases within just ten minutes after the outage started. YouTube and Gmail were the worst affected services.

“Something went wrong…”

The unexpected outage caused a huge uproar on Twitter as users were shocked and perplexed over the crashing of Google’s services across the globe. Within no time, the hashtag #YouTubeDOWN started trending on Twitter.

Error was due to lack of storage space in authentication tools causing the system to crash. The company’s internal tools failed to allocate enough storage space to the services that handle authentication. When that storage filled up, the system should have automatically made it more available. Instead, it seems it didn’t, which meant the system crashed..

Google acknowledged the issue, and the company quickly addressed it. The giant stated that the outage affected its personal and business services. The problem occurred at 6:55 a.m. ET, and it was fixed for most users at around 7:52 a.m. ET. Later, Google updated all the services’ status pages with the same message informing users that the problem has been resolved.

This situation proves that downtimes can happen to every company – even the biggest ones. Thus it is important to have a proven third-party backup solution to protect the most valuable data stored in SaaS services – like Microsoft 365 backup by Xopero. In case of any event of failure you can get back to work immediately. 

Source

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Xopero
Xopero began in 2009, founded as a company serving primarily SMB users. Our goal was to create more accessible and affordable secure data protection solution for any businesses. In 2015, Xopero started cooperation with QNAP Inc. – one of the key global NAS providers. This addition expanded our portfolio to include a true backup appliance, In 2017, Xopero fully extended into global market thanks to cooperation with ESET. Our company took the place previously occupied by StorageCraft in the ESET Technological Alliance.

SolarWinds / SunBurst – Should Enterprises Adopt Supply Chain Certification?

SunBurst – The Cyber Attack on SolarWinds

SunBurst is a cyber espionage campaign that leveraged a supply chain attack on SolarWinds, a leading supplier of network management software. Between March and May 2020, the attackers gained access to SolarWinds’ build system, added a malicious DLL (library) file, and distributed it to 18,000 SolarWinds Orion customers.

The malicious file allowed remote control of the target host, while leveraging advanced evasive tactics. Using this access point, the attackers were able to hack into organizations with well-established security practices such as Cisco and Microsoft. These organizations failed to detect the attack before FireEye (who was also attacked) made it public.

A targeted attack at this scale doesn’t happen very often. It’s a rare event that should shake both enterprises and the security community. The fact that this campaign went undetected for such a long period of time (6+ months), proves that something is fundamentally wrong with the way that computer networks are protected.

The success of this attack campaign, versus other campaigns, is built upon two factors:

  1. First and foremost, this is not a coincidence. This is a team of highly skilled attackers who made all of it possible. The campaign shows world-class planning, knowledge, experience and attention to detail.
  2. SolarWinds Orion is a network management product. Due to its role, it has a number of advantages as an attack source, vs. other types of attack sources:
    1. It’s whitelisted to perform reconnaissance (network monitoring) in many security tools – This tool is designed to perform reconnaissance, so no one will suspect when the tool does what it was designed to do.
    2. From SolarWindows Orion’s perspective in the network, the network is usually flat. Regardless of how many network segments are there, the component in Orion that scans the network requires direct network access to the target devices, so enterprises allow this traffic through their firewalls. This allows unique network access from the initial access point.
    3. SolarWinds Orion commonly has access to certain admin credentials that make it possible to move laterally.

The Supply Chain Risk

The supply chain risk to both enterprises and government organizations has been discussed in the last few years. The attack on SolarWinds is one of the most powerful examples of the supply chain risk. It joins a list of similar events such as the attack on Target in 2013. Supply chain attacks exploit trusted third-parties to enable access to a large number of attack targets in parallel. By using that trust, such as the trust organizations put on SolarWinds software updates, it’s easier to obtain access rather than attacking each target separately and directly.

Supply Chain Certification

The United States DoD (Department of Defense) is one of the government organizations that took far-reaching steps to reduce the supply chain risk. In October 2016, the DoD first issued a supplement to the DFARS regulation, that introduced cyber security requirements for DoD suppliers. In November 2020, only a month before the supply chain attack on SolarWinds, the DoD made another major addition to DFARS. This addition is called CMMC or the Cybersecurity Maturity Model Certification.

The CMMC includes a few non-linear improvements vs. the original DFARS supplement, in multiple categories:

  1. Third-party certification of suppliers by approved parties (C3PAOs) instead of self-certification.
  2. Certification is mandatory to be able to participate in RFIs and RFPs, meaning that it can affect the supplier’s revenue.
  3. CMMC has a 5-levels maturity model.
  4. There are 154 new requirements out of 171 in CMMC (vs. the original DFARS supplement), and they’re spread across the 5 levels of maturity.
  5. Reporting of compliance status in an online portal. This means that the DoD can monitor compliance of the entire DIB (Defense Industrial Base – the regulated organizations).

By introducing CMMC, the DoD conveys a clear message to DoD suppliers: We want you to be secure. And if you’re not secure enough, you cannot work on defense projects. Find another niche that’s less critical. If you want to work with the DoD, these are our requirements.

The question is: Should enterprises follow a similar path? Should a supply chain certification model be the standard in enterprise RFIs and RFPs?

The Pros and Cons of Supply Chain Certification

There are a few pros and cons to consider when discussing supply chain certification.

Pros:

  • Increased security of the supply chain using financial incentives.
  • Competition between suppliers on security maturity levels – Enterprises will start ranking suppliers based on a new metric.
  • Transparency in security maturity levels. “Are you a Level 3 Security supplier or a Level 5 Security supplier?”
  • Following a cyber attack, the certification might be re-evaluated. If major violations are found, the certification can be voided.

Cons:

  • How much is this going to increase the prices of goods and services? And is it worth it?
  • The certification can end up being another checkbox, where it has high costs and provides no security value.
  • Smaller suppliers might find it difficult or impossible to be certified within their resources, which will create a bias toward larger organizations.
  • Do enterprises have a large enough negotiation power, similar to that of the DoD, to pose such requirements on suppliers?
Our Predictions

We see a clear path to how supply chain certification becomes mainstream in the next years. With the DoD adopting CMMC, certain suppliers will have a CMMC certifications. They can then use their CMMC certification as a competitive advantage in non-DoD deals.

The DoD kickstarted this program, defined the requirements, and laid out the infrastructure (C3PAOs, RPs, etc). That allows the entire world to adopt CMMC – other government bodies and enterprises can easily adopt it at a low cost.

If the CMMC certification will be perceived as an efficient risk reduction strategy, and that there’s nothing fundamentally wrong about it, this (or a similar) model is going to expand into additional industries.

The SCADAfence Governance Portal is a compliance monitoring automation platform from SCADAfence, that automatically monitors your network’s compliance with the major cyber security standards and regulations. If you’re interested in learning more about how to measure and increase your security program maturity, please visit this page for a short demo about this product.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.