Skip to content

Live QA

Get ready for an engaging live Q&A session with Atera’s founders, CEO Gil Pekelman and CTO Oshri Moyal. Gain insights and answers directly from our founders.

https://vimeo.com/879768306/fa10816f41

Join Atera’s founders, CEO Gil Pekelman and CTO Oshri Moyal, in a live Q&A.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Atera
Small and medium IT operators are the heroes behind the scenes supporting companies around the world. They care a lot for their clients (external or internal) and often work virtually 24/7. However, small and medium IT service providers have always been underserved.
Atera was built for exactly that. With the vision to simplify and streamline the work of Managed Service Providers and IT professionals. To create something that saves them time, energy, and money. To free them from needing to constantly put out fires.
That vision created the remote-first IT management software – enabling IT professionals to shift from reactive task takers to proactive problem solvers.
Now operating from our beautiful offices on Rothchild in Tel Aviv, Atera is currently used by thousands and thousands of IT professionals all over the world (105+ countries).
As we rapidly grow, our goal remains the same: to transform the IT industry with revolutionary technology, while creating one of the happiest and healthiest work environments in the world.

23.11.0 ‘Saturn’ released

Saturn is the latest entry in our quarterly rollup series. It branches off from our main rolling Voyager development into a fixed target for our partners to qualify and build upon.

Saturn is the sixth planet from the Sun and is the second-largest planet in our solar system, after Jupiter. It is large enough that it can fit more than 760 Earths inside it.

Despite its enormous size, Saturn has a relatively fast rotation. A day on Saturn lasts only about 10.7 hours. This rapid rotation causes the planet to flatten slightly at the poles and bulge at the equator.

Saturn has been known since ancient times, and its rings were first observed by Galileo Galilei in 1610. The true nature of the rings was identified by Christiaan Huygens in 1655.

As for the software, Comet 23.11.0 Saturn brings 8 new features and 23 enhancements, including our new VMware Protected Item type.

As always for a new quarterly release, there are two changelogs for 23.11.0 Saturn depending on whether you are coming from the previous quarterly release or the previous Voyager release:

Changes compared to 23.8.3

New Features

  • Added new VMware Protected Item type. Comet supports both the free and paid versions of VMware ESXi for backups and restores
  • Added a lobby option to the Comet Backup desktop app installers, allowing for silent installation with fully-remote device authentication via the Devices page in the Comet Server web interface
  • Updated the name of the Connected Devices page to Devices in the Comet Server web interface and redesigned the page to show all devices
  • Added bulk actions to the Devices page in the Comet Server web interface
  • Added support for restoring Disk image backups as VMware-compatible virtual disks
  • Added new “Comet Storage” and “Comet Storage (Object Lock)” storage destinations, allowing users to select Comet’s new bundled Wasabi storage option for Storage Vaults (including Storage Templates)
  • Added the ability to enforce policies created by a top-level administrator onto tenant administrators and tenant users. This allows top-level administrators to enforce settings and preferences across an entire Comet Server

Enhancements

  • Protected Item types that are not compatible with the device operating system will now be greyed out and disabled in the Comet Server web interface
  • Added the ability to mark jobs that are stuck in the running state as abandoned if they are unable to be cancelled in the Comet Server web interface
  • Changed clients on Linux platforms to log to stdin/stderr for background services
  • Improved the performance of restoring data from backups which contain large amounts of blank data, such as Disk Images
  • Improved Comet Server behavior when it fails to start due to license issues. It now starts successfully with limited functionality and displays an error message indicating how to identify the issue
  • Added logging of the reason the job started at the beginning of backup job logs
  • Added option to aggregate usage by Account Name for Gradient PSA integration
  • Added automatic cancellation of running jobs using a Storage Vault when that Storage Vault is deleted
  • Improved the appearance of the “About” window in the Comet Server Service Manager
  • Reduced memory usage when loading large index files from Comet Server Storage Role-type Storage Vaults
  • Renamed “Restore files and folders” to “Granular restore” when restoring files and folders from a Disk Image or Hyper-V backup
  • Added a new template for Amazon S3 and Wasabi Storage Templates to make it easier to set Object Lock on a template.
  • Added ability to configure server audit file logging from the Comet Server web interface
  • Significantly improved the speed of granular restores from Disk Image backups
  • Improved the performance of restoring files and/or folders from Disk Image backups
  • Significantly improved performance when restoring directories containing only a few files from a File and Folder Protected Item
  • Updated the Activity browser filter names in the Comet Backup desktop app to better clarify their functionality
  • Slightly changed the appearance of the Comet Backup desktop app About dialog
  • Improve security posture of the Comet Server web interface by adding additional XSS protections
  • Updated the preconfigured exclusion list for File and Folder Protected Items on the Comet Server web interface with valid exclusions
  • Lowered memory usage when uploading to S3-backed Storage Vaults in some use cases
  • Removed the device dropdown in the Comet Server web interface when adding a Protected Item when there’s only one device
  • Improved the admin accounts dialogue to have a separate Policies tab in the Comet Server web interface

Changes compared to 23.9.11

Bug Fixes

  • Fixed an issue with the Comet Server web interface showing an internal error popup when the server is first started
  • Fixed an issue with the Comet Server web interface throwing an error before valid VMware credentials have been added

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Comet
We are a team of dedicated professionals committed to developing reliable and secure backup solutions for MSP’s, Businesses and IT professionals. With over 10 years of experience in the industry, we understand the importance of having a reliable backup solution in place to protect your valuable data. That’s why we’ve developed a comprehensive suite of backup solutions that are easy to use, scalable and highly secure.

Portnox Unveils First Cloud-Native TACACS+ Solution

Cybersecurity Leader Continues Commitment to Simplifying Network Security and Making Enterprise-Grade Functionality Available to the Mid-Market 

Austin, TX and Tel Aviv, Israel – June 15, 2022 — Portnox, a proven leader in cloud-native network and endpoint security solutions, today announced the general availability of the first cloud-native Terminal Access Controller Access Control Server (TACACS+) solution to help midmarket businesses more easily manage network device administration and access management across increasingly distributed networks.

“We are dedicated to simplifying network security so midmarket IT teams have the same level of visibility and control as their enterprise IT counterparts with unlimited budgets and resources,” noted Denny LeCompte, CEO at Portnox. “Building out a cloud-native TACACS+ solution was a natural next step for our team after the overwhelming response to our NAC-as-a-Service platform. The enthusiastic adoption of our NAC-as-a-Service offering influenced us to offer a free version of TACACS+-as-a-Service as an initial entry point for all organizations. We firmly believe that once IT professionals get their hands on our suite of cloud-native solutions, they will be blown away by their ease of use, simplicity and power.”

Continuing its commitment to delivering network security products that are easy for the mid-market to use, scale and maintain, the new cloud-native Portnox TACACS+-as-a-Service offering empowers users to easily enforce network authentication, authorization, and accounting (AAA) services and policies for network devices – functionality once only available to large enterprises. Offering a free entry-level tier, Portnox now allows any organization to deploy this must-have network security technology for up to 100 network devices – such as wireless access points and wired switches – under the authority of a single administrator.

Already helping more than 1,000 organizations around the globe navigate the ever-changing cybersecurity landscape, the new cloud-native Portnox TACACS+-as-a-Service solution provides network device authentication, authorization and accounting services, including:

  • User authentication for network devices via Open LDAP and integrations with Azure Active Directory, Google Workspace, Microsoft Active Directory and OKTA
  • Policy enforcement for network device access and configuration changes to privilege levels, allowed services, autocommands, custom attributes, and more
  • Automated audit trails for user activity and attributes across network devices such as user identities, start and stop times, executed commands, packet transfers, etc.

Since closing its Series A earlier this year, Portnox has invested heavily in its product and people. Notable new leadership hires across the C-Suite include COO Said Aziz, CMO Marie-Laure Carvalho, and CRO Shon Turner. The company has also drastically increased its employee count in Sales, Marketing, Product, Engineering, and other departments across the United States, Europe and Israel to fuel its growth, growing its workforce by more than 50 percent since the start of 2022.

Pricing for Portnox TACACS+-as-a-Service starts at $2 per device. Download the factsheet or sign up for a demo here.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Digital Hygiene Guide for B2B Companies

With cyber threats becoming highly sophisticated, it is important for organizations to maintain a strong defense against potential attacks. As cybersecurity experts, we at SafeDNS understand the value and significance of digital hygiene for businesses. Today we will explore three key lines of defense in cybersecurity and review rules that B2B companies must implement to ensure a safe and secure online environment.

Good digital hygiene is the proactive approach that B2B companies must adopt to ensure the cleanliness, security, and overall well-being of their digital assets, data, and online activities across multiple platforms. In the fast-paced world of B2B interactions, it’s extremely important to recognize that the vast majority of business operations now take place in the digital realm. Fundamental ways to maintain good digital hygiene include data security measures, online reputation management strategies, and compliance with industry regulations. By prioritizing these aspects, B2B companies can protect themselves from cyber threats, build trust among clients and partners, maintain a positive brand image, and ensure the efficient functioning of their digital operations.

The first line of defense is password and confidential data security. To ensure the basis of data hygiene is solid, check to see if you have done all you should have done to keep your data safe.


  • It is crucial to apply a strict policy that requires a certain minimum password length and complexity for any account.
  • Using different accounts and passwords to access different resources and utilizing multi-factor authentication are essential steps to enhance digital hygiene.
  • Default credentials must be changed for equipment within the network, e.g., admin:admin.
  • Provide each employee with their own accounts with strictly defined access rights to resources, especially when employees use the same workplace and device. Try to minimize user privileges whenever possible.
  • Probably the most obvious yet problematic point: stop storing sensitive information in the clear or in the public domain!
  • Regular backups are our everything: create backup copies of systems and store them on dedicated servers separate from the network segments of work systems. In the event of a cyberattack or data breach, having a reliable backup system and a well-defined disaster recovery plan is crucial.
  • Key lesson to learn: work to increase employee awareness of data security. The more seriously you take this point, the fewer problems you will encounter.

 

The second defense line, the one you should take most seriously, is your technical means. To be sure that no threat can cross this line, we recommend you use:


  • automated tools for security analysis and identification of software vulnerabilities;
  • web application firewalls as a primary measure to protect web resources;
  • systems for in-depth analysis of network traffic, which help detect complex targeted attacks both in real time and in saved copies of traffic;
  • specialized anti-DdoS services;
  • anti-virus protection systems with a sandbox, a built-in isolated environment, for dynamic file scanning, capable of identifying and blocking malicious files in corporate email before they are opened by employees;
  • SIEM solutions: for timely detection and effective response to information security incidents.

 

The last line is system security. What can be done to ensure the security of this line of defense? Let’s have a look at the ways of protection.


  • We strongly recommend that you conduct regular penetration tests to timely identify new attack vectors on internal infrastructure and evaluate the effectiveness of the protection measures taken.
  • Also, it is important to analyze the security of web applications regularly, including source code analysis, in order to identify and eliminate vulnerabilities to attacks, including on application clients.
  • Monitor the number of requests to resources per second and set up the configuration of servers and network devices in such a way as to neutralize typical attack scenarios (e.g., TCP and UDP floods or multiple requests to DB).
  • Promptly update the software you use as patches are released.
  • Control the appearance of unsafe resources on the network perimeter; regularly conduct an inventory of resources available for connection from the Internet; analyze the security of such resources; and eliminate vulnerabilities in the software used.
  • Do not forget about filtering! It is crucial for your company’s web security to use content and email filtering to protect against phishing sites, resources that distribute viruses, DNS spoofing, and hidden miners.

 

Remember, digital hygiene is an ongoing process that requires constant vigilance. Implementing the practices mentioned above is a great start, but it is also essential to stay updated on the increasing number of threats and adapt your security measures accordingly.

By prioritizing digital hygiene and implementing proactive security measures, B2B companies can minimize the risk of cyberattacks, protect sensitive business data, and build trust among clients and partners, which is fundamental in today’s world.

Invest in your company’s digital hygiene and overall health today and safeguard your business against the ever-evolving threat landscape!

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SafeDNS
SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence. Moreover, we strive to create the next generation of safer and more affordable web filtering products. Endlessly working to improve our users’ online protection, SafeDNS has also launched an innovative system powered by continuous machine learning and user behavior analytics to detect botnets and malicious websites.

NordLayer insights: the making of a Black Friday cyber scam

Key takeaways

  • Black Friday sees a major spike in both shopping, with billions spent online, and in scam activities, with a 22% increase in fraud losses reported.

  • Cybercriminals start gearing up for Black Friday scams in January, indicated by increased dark web searches for related keywords.

  • Dark web data shows Black Friday is a topic of interest throughout the year, not just in November, with notable search activity in April.

  • Months before Black Friday, the dark web buzzes with searches for big retailers, hinting at planned attacks on these platforms.

  • Key protective measures include skepticism towards unexpected deals, consistent software updates, using different devices for work and personal use, secure passwords, and informed cyber practices.

Black Friday is famous for big sales and shopping frenzy. It’s also a busy time online, with a record $9.12 billion spent last year, as reported by Adobe Analytics. This global trend saw Salesforce reporting worldwide online sales hitting $40 billion.

Yet, alongside this rise in legitimate transactions, there was a notable increase in fraudulent activity, with reported losses from scams associated with Black Friday and Cyber Monday climbing by 22% from the previous year. These statistics don’t just reflect consumer zeal for deals; they also underscore the period’s vulnerability to cyber threats.

Based on this reality, NordLayer’s recent exploration reveals a complex strategy behind the festive frauds that often begin brewing while most still stick to their New Year’s resolutions.

January: the planning period for cybercriminals

The words “Black Friday” might bring images of late-year sales to mind, but for a cybercriminal, January is a prime month for laying the groundwork. During this period, researchers noted a surge in search activity on the dark web, encompassing all Black Friday-related keywords, from hot shopping trends to potential cybersecurity threats.

Yearly changes in Black Friday keywords

Carlos Salas, Head of Platform Engineering at NordLayer, illustrates the situation: “The reason behind this early start is the need to establish a network of resources, from stolen personal data to compromised accounts, to facilitate their scams when Black Friday arrives. Criminals also seek to exploit the heightened sense of urgency and excitement surrounding the holiday season to deceive unsuspecting shoppers.”

Surprisingly, the ‘Black Friday’ keyword spiked in April searches—an unexpected deviation from the usual November interest. The reasons for this springtime surge are unclear, but it’s a reminder to stay alert for online dangers all year round, not just during the holiday shopping rush.

‘Black Friday’ queries are at their lowest in August, but remarkably, they shoot up in September, doubling the volume seen in the previous month.

Why Black Friday deals are a dark web trend all year

Black Friday isn’t just for November anymore; it’s a year-round event where you can always find deals. On the dark web, ‘Black Friday’ means discounts on things like stolen data and illegal items every day. These places sell lots of subscription services at lower prices, too. Cybercriminals are ready to use this buzz to target both shoppers and companies.

Black Friday became synonymous with getting great deals, so this keyword is popular year-round. Vendors on the dark web marketplaces know that when a potential customer sees the term ‘Black Friday,’ they will likely be attracted to the idea of saving a coin, regardless of what season it is,” says Salas.

High traffic, high risk

Popular online marketplaces are beacons for threat actors. It’s clear that retailers like Amazon, eBay, and Target, with their high online traffic, are primary targets for these attackers.

The data points to a sharp rise in targeted keyword searches for these e-commerce platforms starting early in January. The increase shows that the more well-known a retailer is, the more likely it is to attract attention from potential attackers on the dark web.

For instance, interest in Amazon spiked, with keyword searches climbing over 45% in January, followed by notable upsurges of 15% in May and 13% in March.

The Federal Trade Commission (FTC) in 2022 reported that scams where people pretend to be from a business took a massive leap, causing a loss of $2.6 billion. Looking back, from mid-2020 to mid-2021, out of every three complaints about these kinds of scams, one was about someone faking to be from Amazon. Last year, the amount of money swindled by fake businesses was $660 million, which is more than the $453 million lost the year before. The FTC hasn’t given a breakdown for Amazon scams for 2022 specifically, but it’s a fair guess that, given the trend, Amazon impersonators have also become more common.

eBay saw a similar pattern, with dark web keyword searches soaring by 68% in January, while March and April recorded increases of 46% and 19%, respectively.

Target-related searches peaked with a 41% rise in March, a 31% jump in January, and a moderate 15% hike in April.

Each spike in search volume represents more than consumer trends; they’re opportunities eyed by cybercriminals.

Top 5 threats this Black Friday

Carlos Salas points out the top five scams to be wary of.

Phishing scams

Phishing remains a favored tactic. Fraudulent attempts to gather sensitive information don’t take a holiday, especially not on Black Friday.

Phishing scams come to life when cybercriminals buy phishing kits from dark web stores. These all-in-one packages enable setting up websites that look trustworthy but are traps for stealing sensitive data.

Before the generative AI era, phishing emails were somewhat easy to spot due to poor grammar, illogical vocabulary, and bad spelling. Such glaring errors were easy to pick up by automated defenses and reasonably careful people. But with AI tools, it is now far more likely that a phishing email will appear genuine, leading to more potential victims actually clicking on malicious links.

Fake websites

Imitation may be flattery, but in the cyber world, it’s a weapon. Cybercriminals craft convincing copycat websites offering too-good-to-be-true deals to lure in unsuspecting shoppers.

The development of fake websites follows a similar path to phishing scams. Scammers use sophisticated software to clone legitimate websites, which are then hosted on compromised or malicious servers. These counterfeit sites are often used together with phishing emails or advertisements to steal user data or payment information.

Gift card frauds

Gift cards from third-party vendors may not be as beneficial as they appear. There’s a real danger they could be fake or previously drained, rendering your gift worthless.

On the dark web, there are marketplaces and forums where stolen gift card numbers are bought and sold. Scammers also trade tips and tools for cracking the algorithms of gift card numbers, allowing them to generate and sell counterfeit cards.

Fake order confirmations

Be wary of unexpected emails, calls, or messages about orders or deliveries you don’t recognize.

This scam involves creating fake order confirmation emails that appear to come from well-known retailers. These emails are crafted using templates available on dark web markets, complete with logos and branding, and contain links to phishing websites or malware.

Social media scams

According to FTC data, social media ranks as the fifth most common way scammers contact their victims. In cases reported on social media scams, 61% resulted in financial loss. The median amount that people were scammed out of was $528. Think twice before you click on offers that look too good to be true.

These scams are often centered around fake profiles or compromised accounts. The dark web provides a venue for buying and selling the access credentials to these accounts, as well as software that automates the creation of posts and messages designed to defraud social media users.

The methodology behind Black Friday cyber threat analysis

The compilation of data was a joint effort with independent experts focused on researching cybersecurity incidents. The team conducted an analysis of the most searched terms related to Black Friday, including popular discussion topics, retail chains, and methods of attack. They conducted their search analysis over a period stretching from September 2022 to August 2023.

The benchmark is based on the average monthly search volume for Black Friday-related scam terms, and variations from this norm were calculated accordingly.

Fortifying your digital defenses: five tactical measures

Be skeptical of unexpected communications

Phishing doesn’t come with a neon sign. Treat unexpected emails and messages cautiously, verifying the sender through other channels if necessary.

Update and patch regularly

Ensure that all systems and software are up-to-date with the latest security patches. Think of updates as your digital immune system’s vitamins—essential for fending off infection by cybercriminals.

Separate work and personal devices

Using personal devices for work can cause trouble. If possible, keep them separate to minimize the risk of cross-contamination.

Embrace strong, unique passwords

A common foothold for cybercriminals is a weak password. Opt for complex, unique passwords for each account, and consider a password manager to keep track of them all.

Educate on cyber hygiene

Empower employees and users with knowledge. Regular training sessions can turn the most innocuous user into a vigilant watchkeeper against phishing scams and suspicious links.

Strengthen your business with NordLayer security

The shift to hybrid work models has made the understanding of security threats more important than ever. NordLayer helps businesses adapt by providing advanced solutions for network access and management. Our services are built around the Zero Trust security model, which rigorously verifies every access request, thus enhancing your data protection. Virtual Private Gateways further secure your operations with dedicated servers that encrypt data and offer detailed access management, seamlessly integrating with leading login systems.

NordLayer offers a suite of security features, including a top-quality VPN, multi-factor authentication, and ongoing network monitoring, designed to fit your business needs without additional hardware complexity.

Contact NordLayer today to strengthen your organization’s defenses against cyber threats.

Genetic data leak, 23andMe point to credential stuffing

Hackers are selling genetic data stolen from users of the company 23andMe. The company itself says they weren’t breached, although their users’ data was used by what seems to be a single threat actor stealing personal details and genetic data. This data was then published or advertised online. 23andMe suggested that the threat actor(s) gained unauthorized access with “recycled login credentials”, a technique known as credential stuffing.

The logic is simple: Keep trying stolen username/password combinations, and eventually, they’ll work on another site. An easy solution to credential stuffing attacks? You guessed it: Multi-factor authentication (MFA). While 23andMe has offered an MFA feature since 2019, it was not made mandatory for users. With genetic and personal data at stake and up to 7 million users affected by these recent breaches, it might be time for a change in policy.

The Bleach Breach: Clorox revenue and supply chain hit

Clorox, the household cleaning giant, predicts a more than 20% drop in quarterly sales due to a cyberattack (thought to be ransomware) that caused product shortages and operational disruptions. Manufacturing, often kept running by legacy systems and sprawling workforces, suffers more cyberattacks than any other industry.

The Clorox incident is being linked to the same group responsible for the MGM and Caesars Palace hacks, discussed in our previous episode, which occurred around the same time in August 2023. “Scattered Spider” is notorious for using social engineering methods to gain access to internal systems. The Clorox Company’s share price has dropped by over 7 percent in the last month.

Wearable AI: Trendy or just trending?

Tech companies are rushing to secure the lead in wearable AI products. Meta has collaborated with Ray-Ban on a pair of high-tech glasses, enabling wearers to live stream directly from the glasses to Facebook or Instagram and voice activate Meta AI, “an advanced conversational assistant”. Jony Ive, Apple’s legendary former design lead, and OpenAI are reportedly teaming up to design the “iPhone of AI”.

Rewind.ai unveiled a neck-worn pendant that records conversations to your smartphone and creates a searchable database of life moments. Humane, imagining “a world where you can take AI everywhere”, have developed a smart device that resembles a badge or lapel pin.

The common goal here seems to be for technology to rely less on screens, to fade from view, and become all but invisible.

Stay tuned for the next episode of Cyberview.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

ESET Research: Android malware Kamran spying via news app on residents of the disputed Kashmir region

  • ESET Research has discovered Android spyware, which ESET researchers named Kamran, that has been distributed via a possible watering-hole attack on the Hunza News website.
  • The malware targets residents using Urdu language in Gilgit-Baltistan, part of the disputed Kashmir region that is administered by Pakistan.
  • The malicious app prompts the user to grant it permissions to access various information. If accepted, it gathers data about contacts, calendar events, call logs, location information, device files, SMS messages, and images.

BRATISLAVA, KOŠICE — November 09, 2023 — ESET researchers have identified what appears to be a watering-hole attack on a regional news website that delivers news about Gilgit-Baltistan, a region administered by Pakistan. Gilgit-Baltistan consists of the northern region of the greater Kashmir territory, embroiled in longstanding disputes involving India and Pakistan (since 1947) as well as between India and China (since 1959). Watering-hole attacks are a type of threat where a commonly visited website is compromised to serve malware. When opened on a mobile device, the Urdu version of the Hunza News website offers readers the possibility to download the Hunza News Android app directly from the website; however, the app has malicious espionage capabilities. Urdu is the official and main language of communication used for inter-ethnic communication within this disputed region. ESET has named this previously unknown spyware Kamran.

The word Kamran was used by ESET to name this spyware due to its package name “com.kamran.hunzanews.” Kamran is a common given name in Pakistan and other Urdu-speaking regions; in Farsi, which is spoken by some minorities in Gilgit-Baltistan, it means fortunate or lucky.

The Hunza News website has both English and Urdu versions; English is the second official language spoken in the region. The English mobile version doesn’t provide any app for download. However, only the Urdu version on mobile offers to download the Android spyware in question. While the English and Urdu desktop versions also offer the Android spyware, it is not compatible with desktop operating systems. ESET Research reached out to Hunza News regarding Kamran, however, the website provided no response prior to the publication of this research.

The Kamran spyware displays the content of the Hunza News website but also contains custom malicious code. Upon launching, the malicious app prompts the user to grant it permissions to access various information. If accepted, it gathers data about contacts, calendar events, call logs, location information, device files, SMS messages, images, etc. If the requested permissions to the app are granted, Kamran automatically gathers this sensitive user data and uploads it to a hardcoded command and control (C&C) server. The C&C server was reported to Google, as the platform misused by the spyware is provided by them. However, the malware lacks remote control capabilities.

This malicious app has never been offered through the Google Play Store but is instead downloaded from a source referred to as Unknown by Google, to install this app, the user is requested to enable the option to install apps from unknown sources. ESET was able to identify at least 22 compromised smartphones, with five of them being located in Pakistan.

The malicious app appeared on the website sometime between January 7, 2023, and March 21, 2023; the developer certificate of the malicious app was issued on January 10, 2023. During that time, protests were being held in Gilgit-Baltistan for various reasons encompassing land rights, taxation concerns, prolonged power outages, and a decline in subsidized wheat provisions.

“With a high degree of confidence, we can affirm that the malicious app specifically targeted Urdu-speaking users, who accessed the website via Android devices. However, since Kamran demonstrates a unique codebase, distinct from other Android spyware, this prevents its attribution to any known advanced persistent threat – APT – group,” says ESET researcher Lukáš Štefanko, who discovered the Kamran spyware. “This spyware shows once again that it is important to reiterate the importance of downloading apps exclusively from trusted and official sources,” he adds.

Hunza News, likely named after the Hunza District or the Hunza Valley, is an online newspaper delivering news related to the Gilgit-Baltistan region. Internet archive data shows that the site has been delivering news since 2013. In 2015, Hunza News started to provide a legitimate Android application that was available on the Google Play Store. Based on available data, ESET Research believes two versions of this app were released on Google Play, with neither containing any malicious functionality.

For more technical information about Kamran spyware, check out the blogpost “Unlucky Kamran: Android malware spying on Urdu-speaking residents of Gilgit-Baltistan.” Make sure to follow ESET Research on Twitter (today known as X) for the latest news from ESET Research.

 


About ESET
ESET develops software solutions that deliver instant, comprehensive protection against evolving computer security threats. ESET pioneered and continues to lead the industry in proactive threat detection. ESET NOD32 Antivirus, its flagship product, consistently achieves the highest accolades in all types of comparative testing and is the foundational product that builds out the ESET product line to include ESET Smart Security. ESET Smart Security is an integrated antivirus, antispyware, antispam and personal firewall solution that combines accuracy, speed and an extremely small system footprint to create the most effective security solution in the industry. Both products have an extremely efficient code base that eliminates the unnecessary large size found in some solutions. This means faster scanning that doesn’t slow down computers or networks. Sold in more than 160 countries, ESET has worldwide production headquarters in Bratislava, SK and worldwide distribution headquarters in San Diego, U.S. ESET also has offices in Bristol, U.K.; Buenos Aires, AR; Prague, CZ; and is globally represented by an extensive partner network. For more information, visit our local office at https://eset.version-2.sg.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The Company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which includes Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities. For more information, please visit https://www.version-2.com.sg/ or call (65) 6296-4268.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

NordLayer Partner Program: TEKRiSQ on how practical solutions help eliminate weak security links

A discussion with Dean Mechlowitz, Co-founder of TEKRiSQ responsible for Technology Operations, about the main challenges organizations face with cybersecurity threats, the benefits of the NordLayer Partner Program, and what perspectives are anticipated for different industries.

Highlights

  • About the company: TEKRiSQ is a cybersecurity team of up to 10 people aiding small- and medium-sized businesses (SMBs) in the US and Canada and focusing on enhancing cyber resilience against digital threats since 2021.

  • Business case: the MSP tackles the challenges SMBs face in cybersecurity, addressing the lack of internal IT expertise and the misconception of being too insignificant to be targeted.

  • NordLayer adoption: a partner utilizes NordLayer’s simple and efficient remote network access solutions to enhance cybersecurity for clients without overwhelming them.

  • Benefits of NordLayer Partner Program: the program offers MSPs like TEKRiSQ user-friendly solutions, a centralized management portal, and reporting capabilities, emphasizing ease of use for end-users.

  • Future projections. Future cybersecurity challenges will center around remote work risks, the protection of personal data, and the need for basic security measures like multi-factor authentication.

About the company

TEKRiSQ is a team of cybersecurity professionals helping SMBs build cyber resilience against digital threats. Operating as a managed service provider (MSP) in the US and Canada, a team of up to 10 people ensures that their clients transform into fully cyber-insurable companies.

Established in 2021, TEKRiSQ was founded on strong fundamentals of experience and expertise in modern cybersecurity and technology. The company has been advising everyone from small teams to big global players, gaining unique insights into the industry and how SMBs navigate the changing security landscape.

Dean Mechlowitz, Co-founder of TEKRiSQ responsible for Technology Operations, discusses the company’s approach to building cybersecurity culture and technology stack for SMBs, and how NordLayer’s secure remote access solution contributes to their mission.

Business case: bringing in the cyber expertise so clients don’t have to move a finger

According to TEKRiSQ, companies often struggle not due to industry-specific challenges but because of their mindset when it comes to adopting security measures. Small and medium enterprises are convinced that their insignificance will protect them from potential risks.

“Usually, companies with fewer than 200 employees are basically sitting ducks. They believe “I’m too small, and all my data is in the cloud, so I am not at risk,” but truly, they just have no idea how to understand it.”

SMBs who don’t typically have internal IT departments or Chief Information Officers end up outsourcing specialists and services. Without the right knowledge, it’s challenging to determine cyber risks applicable to their businesses and keep up with technological changes. Partner-Case-study-Sequentur web-cover 1400x8002

The lack of expertise makes organization decision-makers immobile and hesitant in taking action because the only thought they have in their minds is, “What do I do?” However, some service providers jump into the multibillion-dollar MSP market with no actual experience in cybersecurity.

“Many MSPs are not cyber experts and fail to introduce basic security measures like multi-factor authentication to their clients, or they aren’t familiar with the latest security issues.”

Qualified MSPs often play a crucial role in guiding organizations lost in the subject. They are responsible not only for bringing knowledge and expertise but also for making sure the clients are aware of the risks. Our speaker Dean highlights that clients tend not to know or simply don’t care about the importance of business cybersecurity.

Guiding the unaware and the naive with a pragmatic approach

TEKRiSQ’s strategy is to use cyber insurance channels to get clients’ attention to security needs.

1 1400x800

Business owners and managers, just like any other person, are looking for a quick and painless solution to their problem—and insurance, at first glance, seems like an easy way out. However, businesses must comply with insurance requirements that usually include the incorporation of network and data security policies.

“People think “I’ve never been attacked before. Therefore, I’m never going to be attacked,” which is incorrect.”

Then, the ignorant, unaware, or careless mindset faces a reality check after hearing three control questions from a TEKRiSQ representative:

  1. If all your data was exposed and published on the dark web, would that be a problem for your business?

  2. If all your data was inaccessible for three or four weeks, would that be a problem for your business?

  3. If your computers were shut down for a month or two, would that be a problem for your business?

According to Dean, everybody uses computers, and everybody has data that’s really sensitive, so the answer is, “Of course, it’d be a problem,” and it doesn’t matter what business you’re in.

“Companies have remote workforces, which is almost everybody today. A lot of companies have consultants sitting all over the country using their own computers. That’s problematic, right? Many people travel to airports and hotels—that’s problematic, too.”

So there are certain businesses that have bigger risks, and some have smaller ones, but it’s the MSPs’ task to identify and mitigate them for the client if they lack internal resources to do it independently.

Close collaboration with insurance providers allows TEKRiSQ to be at full speed with what’s required by the insurer. Many MSPs are unaware of such nuances and cannot offer clients the right solutions.

Close-up on the solution

TEKRiSQ is a unique managed service provider that performs risk assessments in 30 minutes. They also focus on delivering solutions in minutes, not weeks or months. Thus, working with tools that correspond with such objectives is super important.

NordLayer’s onboarding for secure remote network access is about as simple as possible. You put the email into the system, and it sends an activation email. The setup must be super simple so non-tech users can understand it and follow instructions.

“The setup only takes tens of seconds or a minute—it’s pretty simple. It’s for us to find a way to encourage them to consistently use the tool.”

As an MSP, TEKRiSQ must have access to activity reporting to see whether the clients are using the systems. If the activity is low, they must be able to enforce the service, as companies tend to forget to use it after installing the application.

“None of our clients wishes to learn or do anything in terms of managing a solution, so it has to be fully governed by us. They only want not to care about it besides turning the tool off and on.”

Finally, adding extra layers of security, like incorporating dedicated IP into the company’s network protection, is crucial. Whether it’s encrypting connections while working on a public network or adding IP or access control lists for the firewall—the client most likely doesn’t realize the need for such a measure because they don’t know there’s more behind a firewall or generic VPN.

Why join the NordLayer Partner Program?

Our Partner Program provides MSPs with an ecosystem of user-friendly solutions, educational materials, and hands-on support from our experts. The main benefit of NordLayer is in our approach to thinking two steps ahead for our clients and partners.

NordLayer is all about stress-free cybersecurity. Thus, it has to be approachable for the end-user and effective for our partners.

“Unless clients start to care enough to start doing something themselves to protect their business, my only concern is to make it really easy for them—like turning on the app and forgetting about the rest.”

By providing a Service Management Portal, NordLayer gives its partners keys to their organizations’ administration in one place. There they have centralized controls of comprehensive security features and user management.

Interested in collaborating to build a more resilient and aware cybersecurity landscape for businesses and organizations? NordLayer invites Managed Service Providers to seize the opportunity to join our Partner Program.

Thank you, Dean, for sharing your experience with NordLayer in helping your clients overcome network security challenges.

Future projections: threats and challenges to keep an eye on

Experience and daily work in the cybersecurity field help draw some presumptions about what to expect from the industry in the upcoming years. Our story hero, Dean agreed to share his insights on what companies should be cautious about in order to protect their businesses.

Genetic data leak, 23andMe point to credential stuffing

Hackers are selling genetic data stolen from users of the company 23andMe. The company itself says they weren’t breached, although their users’ data was used by what seems to be a single threat actor stealing personal details and genetic data. This data was then published or advertised online. 23andMe suggested that the threat actor(s) gained unauthorized access with “recycled login credentials”, a technique known as credential stuffing.

The logic is simple: Keep trying stolen username/password combinations, and eventually, they’ll work on another site. An easy solution to credential stuffing attacks? You guessed it: Multi-factor authentication (MFA). While 23andMe has offered an MFA feature since 2019, it was not made mandatory for users. With genetic and personal data at stake and up to 7 million users affected by these recent breaches, it might be time for a change in policy.

The Bleach Breach: Clorox revenue and supply chain hit

Clorox, the household cleaning giant, predicts a more than 20% drop in quarterly sales due to a cyberattack (thought to be ransomware) that caused product shortages and operational disruptions. Manufacturing, often kept running by legacy systems and sprawling workforces, suffers more cyberattacks than any other industry.

The Clorox incident is being linked to the same group responsible for the MGM and Caesars Palace hacks, discussed in our previous episode, which occurred around the same time in August 2023. “Scattered Spider” is notorious for using social engineering methods to gain access to internal systems. The Clorox Company’s share price has dropped by over 7 percent in the last month.

Wearable AI: Trendy or just trending?

Tech companies are rushing to secure the lead in wearable AI products. Meta has collaborated with Ray-Ban on a pair of high-tech glasses, enabling wearers to live stream directly from the glasses to Facebook or Instagram and voice activate Meta AI, “an advanced conversational assistant”. Jony Ive, Apple’s legendary former design lead, and OpenAI are reportedly teaming up to design the “iPhone of AI”.

Rewind.ai unveiled a neck-worn pendant that records conversations to your smartphone and creates a searchable database of life moments. Humane, imagining “a world where you can take AI everywhere”, have developed a smart device that resembles a badge or lapel pin.

The common goal here seems to be for technology to rely less on screens, to fade from view, and become all but invisible.

Stay tuned for the next episode of Cyberview.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Preventing Automated SaaS Ransomware with Passwordless Authentication

Cybersecurity is no longer about the attacks you can see; it’s about the ones you can’t. In a recent unsettling breach, SaaS ransomware crept into the spotlight, targeting not machines, but the very services that drive our daily work. Attackers didn’t compromise employee computers or infiltrate internal networks; they simply logged in with stolen credentials and discreetly extracted sensitive data from a widely-used service: SharePoint Online.

This bypassing of endpoints marked a departure from the norm and highlighted a glaring vulnerability in password-dependent security protocols. It’s thought to be the first attack of its kind, but it likely won’t be the last.

With this in mind, let’s unravel the specifics of this breach and what organizations can do to prevent automated SaaS ransomware attacks. We’ll look at the transition to passwordless and certificate-based authentication systems as critical defenses in the modern cybersecurity arsenal. By understanding the full scope of the attack and the emerging protective technologies, you’ll be equipped to safeguard your enterprise’s environments against these silent threats. So let’s get into it.

The First Instance of Automated SaaS Ransomware Extortion

Ransomware attacks are nothing new. In 2022 there were around 493.3 million ransomware attacks, a decrease from the year before, but still higher than every other year in the last decade. However, not all ransomware attacks are the same, and threat actors continually adapt their methods for more effective and precise attacks.

The most recent tactic switch, and the first of its kind, is automated SaaS ransomware extortion that entirely bypasses endpoints.

Let’s Break Down This Attack

Cybersecurity researchers at security firm Obsidian have reported a ransomware attack on SharePoint Online, executed via a hijacked Microsoft Global SaaS admin account, sidestepping the typical endpoint compromise. Here’s how it worked:

  • Initial Access: The attackers began by exploiting a weakly secured administrator account that was shockingly accessible from the public internet and lacked multi-factor authentication (MFA), a critical security layer.
  • Elevation of Privilege: They used the stolen credentials to create a new user named “0mega” in the Active Directory and then systematically assigned this account a staggering level of administrative privileges across the SharePoint, Exchange, and Teams environments. They also removed more than 200 existing administrators within 2 hours.
  • Exfiltration of Data: With the illicitly gained permissions, the “0mega” account accessed the company’s SharePoint Online libraries, stealing hundreds of files.
  • The Silent Exit: They transferred the stolen data to a virtual private server (VPS) hosted by a Russian web hosting company, utilizing the “sppull” Node.js module, which facilitates file downloads from SharePoint.
  • The Unveiling: After the heist, the attackers uploaded text files to the victim’s SharePoint site using the “got” Node.js module, brazenly informing the organization of the breach.

Key Insights

Let’s unpack what we’ve learned from a cyber heist that turned the tables on traditional ransomware tactics. This attack didn’t follow the usual script of endpoint compromise—it was a privileged access heist within a SaaS application. What’s the takeaway? A clear signal that attackers are now turning their sights on the SaaS landscape, exploiting softer targets and laying bare the need for tighter security measures. These are the critical takeaways:

  • No Endpoint Compromise: Unlike typical ransomware attacks that rely on endpoint compromise to spread and encrypt files, this attack was purely based on privileged access abuse within the SaaS application.
  • A First of Its Kind: According to security experts, this method of automated SaaS ransomware extortion, bypassing endpoints, has not been publicly recorded before.
  • A Rising Trend: There has been a noticeable increase in attacks targeting enterprise SaaS environments, attributed to the attackers capitalizing on the less fortified security measures in SaaS applications compared to endpoint defenses. One study found a 300% surge in SaaS attacks since March 1, 2023.
  • The Need for Better SaaS Security: The alarming rise in SaaS-focused attacks underlines the urgent need for organizations to enhance their security posture across SaaS platforms.

Why Is This Attack Considered Ransomware?

Although this attack didn’t involve encrypting files – typical of ransomware attacks – it’s still considered a new form of SaaS ransomware. This is because the attackers uploaded thousands of PREVENT-LEAKAGE.txt files to inform the organization of the stolen files and negotiate payment to avoid having the contents leaked online.

Will We See More Attacks Like This?

Yes, we’re likely to see more attacks like this one. Obsidian’s researchers believe the trend will gain traction because the attackers have invested in automation, indicating they’re prepping for future hits. Plus, most companies are stronger in endpoint defense than in SaaS security, leaving a gap ripe for exploitation. The shift to data theft over encryption is also appealing to attackers, minimizing risks and simplifying their operations.

How does data theft minimize risks for attackers? Put simply, it’s a quieter form of cyber looting. Encryption attracts immediate attention; it’s noisy, disruptive, and often triggers a swift response from security teams. In contrast, data theft can go undetected for longer, allowing attackers to slip away unnoticed.

Moreover, without the need to provide decryption keys, attackers avoid the complexities and potential technical failures associated with ransomware deployment. This stealthier approach means they can sidestep the spotlight while still holding valuable data for ransom, potentially leading to a lower profile and fewer chances for law enforcement to catch up with them.

Tactics for Preventing Automated SaaS Ransomware

If we’re going to be seeing more of these attacks, we have to take proactive measures to minimize their success. With this in mind, let’s look at some of the ways we safeguard our systems from automated SaaS ransomware attacks.

Multifactor Authentication and Its Limits

Researchers highlight how one of the reasons this attack was possible is due to the lack of MFA on the SaaS account. Having MFA enabled makes using stolen credentials much harder. However, it doesn’t eliminate this type of attack.

Researchers pointed out that even with MFA in place, determined attackers could still bypass it. They could procure the necessary credentials from dark web forums and leverage tactics like MFA push fatigue, where they bombard a user with authentication requests until the user, overwhelmed and frustrated, finally approves one.

And that’s exactly why passwordless authentication is a better solution here – it’s both more secure and more user-friendly.

Passwordless Authentication as a Tool To Prevent SaaS Ransomware Attacks

User credentials were a critical weak point in the SharePoint attack – it wouldn’t have been possible without a stolen username and password. Which is why many security experts are recommending ditching passwords altogether.

Shifting to passwordless authentication addresses the core vulnerabilities associated with traditional passwords. Conventional passwords are often the weakest link, susceptible to being stolen, guessed, or forgotten. By adopting passwordless solutions like biometrics, security keys, and certificate-based authentication, we enhance security through unique personal identifiers that are significantly more difficult for intruders to replicate.

This shift not only enhances security by making unauthorized access considerably more challenging but also simplifies the user experience, eliminating the need for users to create, remember, and manage an array of passwords. It’s a win-win: stronger security with a side of convenience.

Key Benefits of Passwordless Authentication

  • Enhanced Security: Without traditional passwords, attackers can’t leverage stolen credentials, reducing the risk of unauthorized access.
  • Reduced Phishing Risks: Phishing campaigns often target passwords. Passwordless authentication removes this vulnerability.
  • Lower Administrative Burden: It eliminates the need for password resets and management, reducing IT overhead.
  • Improved User Experience: Users no longer need to remember or enter complex passwords, streamlining the login process.

Certificate-Based Authentication: A Step Further in Security

Certificate-based authentication, as part of the passwordless spectrum, involves the use of digital certificates. These certificates are like digital passports, providing a secure and private method of asserting a user’s identity. They work like this:

  • Issuance: A trusted Certificate Authority (CA) issues a digital certificate to a user or device.
  • Storage: The certificate is securely stored on the user’s device or a smart card.
  • Verification: During authentication, the certificate is presented to the server, which verifies it against a list of trusted CAs.

Critically, certificate-based authentication offers robust security. Why? It inherently incorporates two-factor authentication (2FA), as access requires not just the certificate—which acts like a digital ID card (something you have)—but also ties in a device or a PIN, adding a layer of security tied to something you know or are. It also introduces a level of accountability through non-repudiation, ensuring that transactions can’t be readily contested, making it clear who did what.

Plus, for businesses already running on Public Key Infrastructure (PKI), it scales with ease, slotting into the existing setup without a hitch. This dual promise of enhanced security and easy integration makes certificate-based authentication a smart choice for modern organizations.

Why Organizations Should Adopt Passwordless Authentication

With the increase in SaaS ransomware attacks, passwordless authentication, and particularly certificate-based methods, offers a compelling solution. It aligns with zero-trust security models by “never trusting, always verifying,” ensuring that every access request is securely authenticated without relying on vulnerable password systems.

Organizations adopting passwordless and certificate-based authentication stand to benefit from:

  • Compliance: Meeting stringent regulatory requirements for data protection.
  • Agility: Adapting quickly to evolving security threats without overhauling the entire access management system.
  • Reduced Attack Surface: Minimizes the risk of phishing and credential stuffing attacks since passwords are no longer the weakest link.
  • Cost-Effectiveness: Lowers the total cost of ownership by reducing the need for password-related support and infrastructure.
  • Future-Proofing: Aligns with emerging technologies and standards, making it a forward-looking investment that anticipates the next wave of cyber threats.
  • User Experience: Streamlines the login process, eliminating password fatigue and reducing help desk calls for password resets.

It’s Time to Harden SaaS Controls

In an era where SaaS platforms are repositories for regulated, confidential, and sensitive information, hardening SaaS controls is no longer optional—it’s essential. Organizations invest substantially in these platforms. However, while companies have advanced significantly in detecting threats, across endpoints, networks, and cloud infrastructures, many are still lacking when it comes to SaaS threat detection. This needs to change.

A robust approach to strengthening SaaS security involves several critical strategies:

  • Privilege Restriction: Tighten access controls by revoking unnecessary privileges. Only the necessary users should have administrative access, and even then, companies should enforce the principle of least privilege.
  • Integration Oversight: Many SaaS applications offer integrations with third-party services. It’s crucial to audit these connections, revoking any that are unsanctioned or pose a high risk.
  • Log Analytics: Consolidate and scrutinize SaaS audit and activity logs. Analytical tools should be employed to sift through this data to identify patterns indicative of a compromise, insider threat, or rogue third-party integration.
  • Continuous Monitoring: Implement real-time monitoring solutions specifically designed for SaaS applications to detect anomalous behaviors and potential security incidents.

Final Thoughts

This alarming automated SaaS ransomware extortion incident reveals a pivotal cybersecurity weakness: reliance on passwords. The assault on SharePoint Online underscores the critical vulnerability passwords pose, especially when multifactor authentication is absent. To thwart such breaches, it is not enough to strengthen passwords; we must redefine access security through passwordless and certificate-based authentication.

Certificate-based authentication introduces a robust framework against this type of exploitation. By leveraging digital certificates, this method validates identities with a precision that passwords simply cannot match. The certificates, issued by trusted Certificate Authorities, provide a much higher level of assurance as they are almost impossible to forge or steal without detection. And their integration with Public Key Infrastructure enables seamless scalability and robust two-factor authentication without the need for passwords.

Embracing passwordless methods not only elevates the security posture but also streamlines user access, effectively shutting down avenues for ransomware attackers. Organizations that adopt these technologies benefit from reduced administrative burden, enhanced compliance, and a fortified defense against the rising tide of SaaS-targeted attacks. They eliminate the weakest link—passwords—from the security chain, drastically narrowing the attack surface.

In short, by adopting certificate-based authentication companies can significantly mitigate the risk of unauthorized access and data breaches, ensuring that their SaaS platforms remain secure in an increasingly hostile digital landscape. As we move forward, the integration of these advanced authentication methods will be paramount in safeguarding against the sophistication of future cyber threats, making it not just a strategic move but a necessary evolution in cyber defense.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Keys to integrate IT support and manage your after-sales service better

We are all aware of the importance of attracting new customers for business growth purposes, but focusing solely on this goal is not actually the best decision. Delivering quality customer service is also key to success. For that reason, many companies that sell their products or services over the Internet have decided to implement an after-sales support service as a fundamental part of their business.

How to make yourself stand out among your competitors with a good after-sales support service? 

More than a century ago, the Japanese businessman and philosopher Konosuke Matsushita, known for being the founder of Panasonic and one of the promoters of the “Japanese economic miracle”, laid the foundations of a revolutionary business philosophy for his time. Matsushita was based on concepts such as social contribution, teamwork, customer focus and technological innovation as differentiating factors. He wrote several works throughout his life, projecting his particular vision on business and society. Regarding after-sales support, he was of the opinion that: “After-sales service is more important than assistance before the sale, because it is through this service that permanent customers are achieved.”

These regular customers can really become your best brand ambassadors, so they should be pampered, so that they feel satisfied and share their positive experiences or make new purchases and hires.

How to offer a customer-centric after-sales service?

One of the biggest difficulties that companies encounter when managing customer service is how to convey closeness and proximity in a service as automated as IT support and offered remotely?

In the past, when there was no Internet, customers had to call a call center to solve their doubts or report any problems. Today, IT support centers use tools like chatbots that save human teams a lot of time. The use of these virtual assistants grew dramatically during the pandemic, allowing companies to respond to very high activity peaks and continue to offer 24/7 services.

However, by returning to normal, users are demanding a more conversational and less transactional customer service. Most of them rate chatbots positively as a way to get quick answers to their questions, but they don’t want machine interactions to completely replace people. For example, McKinsey’s “Next in Personality 2021” report reveals that 71% of customers expect businesses to offer custom interactions and 76% get frustrated when this doesn’t happen.

Finding the perfect balance between automation and human support is vital to offer a fast, efficient after-sales support service based on customer needs. You cannot swim against the tide or try to put a brake on digitization. On the contrary, we must rely on the advantages of technology by integrating it into the company’s IT support to access information in a unified way and know which requests can be automated and which need personalized attention.

How to integrate the IT support center to provide customers with good after-sales service?

IT support center integration needs to be planned carefully to ensure orderly and efficient business workflow.

Some essential steps for a successful integration are as follows.

Implementing a service management system (ITSM)

To manage any type of incident or complaint, it is essential to have a structured framework in which the policies to be followed by the support department are defined.

Professionals in this area are responsible for coordinating IT services with business goals. In addition, they train the team and define which tasks can be automated.

Create an IT support infrastructure

Companies that receive a high volume of requests may be in critical situations if they don’t have the tools that allow them to create dynamic workflows.

In this sense email is a painful management tool since it does not allow you to do things as basic as prioritizing important requests, keeping track of them, or escalating them to a higher level when the frontline support team is not able to solve them.

If you try to offer an after-sales support service through this means, you will soon see that the email inbox becomes saturated until it becomes a catch-all. No employee will know where to start!

Do you already know about Pandora ITSM Ticketing Helpdesk? This tool is all you need to make things easier for the support team and build customer loyalty.

As the name suggests, Ticketing Helpdesk works through a ticketing system. Each time a customer makes a request through the platform, a new ticket is opened with their data, date and subject of the incident.

Tickets are automatically cataloged according to their status: new, pending, solved, etc. You may also prioritize those that require immediate action, define automation rules or transfer complex cases that could not be solved to higher support levels.

Helpdesk Ticketing is a flexible tool and ready to work in an omnichannel environment. It can be easily integrated with other IT infrastructure tools such as project managers or CRM, to avoid process redundancy and take advantage of all the information available to improve the operation of other departments and the after-sales service itself.

Use the information collected to optimize customer service

As already mentioned, Ticketing Helpdesk collects query data, analyzes it and generates custom reports with relevant information such as:

  • Number of tickets closed
  • Number of tickets that remain open
  • Average ticket resolution time
  • Most common incidents
  • Performance of each agent (customer feedback)
  • Tickets that were escalated to higher levels

Keeping track of these metrics is very useful to know the long-term performance of the service and detect possible anomalies that would go unnoticed when analyzing isolated data.

It also ensures compliance with contractual agreements related to the service (SLA) such as downtime and support response capacity (for example, resolution of incidents in 24 hours). Respecting these agreements is important for building customer trust. In addition, non-compliance involves financial compensation that companies must assume. With the Helpdesk tool you may manage this key information and create automatic alerts if the service remains inactive for a long time.

Finally, in addition to automatic reporting, Pandora ITSM Ticketing Helpdesk also collects information from satisfaction surveys that users may answer by email or via a web form. It is a reliable way to know if the service is working as expected and the agents in charge of the support area effectively solve customer problems.

Still unsure whether Pandora ITMS will meet your expectations?

Try it for free for 30 days. You do not need a credit card, only advanced knowledge in the IT area and some free time to become familiar with all its features.

Estudié Filología, pero las circunstancias de la vida me llevaron a trabajar en el sector del Marketing como redactora de contenidos. Me apasiona el mundo del blogging y la oportunidad de aprender que se presenta con cada proyecto nuevo. Te invito a seguir mis publicaciones en el blog de Pandora FMS para descubrir las tendencias tecnológicas que están transformando el mundo de los negocios.=

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

Top 5 innovative countries for remote work in 2023

Suppose you want to work remotely from the most innovative and technologically advanced countries. In that case, we present to you the Top 5 you should consider as your next stop in the digital nomad’s journey. As you will see, each has its own pros and cons that might be a deciding factor for you. However, neither of these countries will let you down with tourism attractiveness.

Why choose the most innovative country for remote work?

When it comes to finding the best locations for working remotely, you’ll see Lisbon, the capital of Portugal, or Tenerife Island, which belongs to Spain. Had enough of Europe? Then try the Puerto Vallarta beaches in Mexico or the tiny Mauritius, right next to Madagascar. And, of course, how can we forget the Asian gems, such as Bali, Indonesia, or Thailand?

But what if you don’t want to go where all fresh remote workers go? What if you’ve already been to all these destinations, most of which are packed with tourists? After all, Spain, Mexico, and Thailand are among the most visited countries.

When you’re done with the globetrotting and thinking about your next destination as a more permanent place, other factors suddenly come into play. Expats may want to trade ancient temples for well-developed digital and physical infrastructure and choose pioneering technologies over gorgeous mountain views.

If you’re tech-oriented and want to find an innovative destination for remote work, explore the best options in 2023 below. Most importantly, as you will see, choosing the most ingenious country for working remotely doesn’t mean giving up golden beaches or snow-peaked mountains.

How we found the top innovative countries for remote work

To find the best innovative countries for working remotely, we split the task in two. First, we used the Global Innovation Index 2023 (GII 2023) by the World Intellectual Property Organization (WIPO) to determine the most advanced ones. This evaluation uses seven dimensions – institutions, human capital and research, infrastructure, market sophistication, business sophistication, knowledge and technology outputs, and creative outputs.

These dimensions are further split into 21 sub-dimensions that consist of 80 factors in total. Some of those are R&D investments, ICT use, venture capital investments, and unicorn valuation. All this data gives a comprehensive view of the most advanced countries in 2023.

Then, we used our latest Global Remote Work Index (GRWI) to see where these countries stand when it comes to working remotely. The four main elements of the GRWI are cyber safety, economic safety, digital & physical infrastructure, and social safety. Each of these had the same impact on the final scores.

These four elements covered a number of factors, such as infrastructure integrity, healthcare access, internet speed and stability, and the availability of human rights. In total, GRWI measured 27 sub-factors.

We’re eager to keep the suspense to the very end, but if you want to find out which innovative country is the best for remote work, here’s the list.

Top 5 most innovative countries in the world 2023

According to GII 2023, these are the most innovative countries:

  1. Switzerland

  2. Sweden

  3. The United States

  4. The United Kingdom

  5. Singapore

Now, let’s dive into some takeaways:

  1. Switzerland has been the most innovative country since 2011. It’s also leading in knowledge and technology and creative outputs categories, especially in intellectual property receipts and GitHub commits per million people.

  2. Sweden was always bouncing between the 2nd and the 3rd place. This country stands out as the leader in the business sophistication category. If we dig deeper, we’ll find Sweden ranks first in both the number of researchers per million people and the number of Patent Cooperation Treaty (PCT) patents per unit of GDP.

  3. The United States finished 2nd last year but got manhandled by Sweden in 2023. Despite that, it’s 1st by market and 2nd by business sophistication plus knowledge and technology output. Also, the US has top universities, along with the biggest entertainment and media market.

  4. The United Kingdom has always been in the 4th position, with the exception of 2019 GRWI results. Its strongest suits are creative outputs and market sophistication. But if we delve into factors from other dimensions, we’ll find the UK is 2nd in university rankings and environmental performance and 1st by citable documents (H-index).

  5. Singapore was 8th most of the time when last year it moved to 7th, throwing away the Netherlands this year. It has no competition in the institutions dimension, scoring the highest in most factors. Another strong side of Singapore is human capital and research, especially tertiary education. We also found it leading logistics performance, received venture capital value, and cultural and creative services exports.

It is clear that all five most innovative countries are also popular tourist destinations, meaning there’s plenty to see and experience when you close the laptop for the day.

Top 5 countries for remote workers in 2023

Now, it’s time to evaluate the remote work friendliness of the most innovative countries with the help of the GRWI 2023 index.

1. Switzerland

When considering remote work destinations, Switzerland’s ranking at 29th for digital nomads may come as a surprise, given the fact that it’s the most advanced country in the world.

For starters, let’s acknowledge that Switzerland has the best social safety. Whether it’s personal rights, inclusiveness, or physical safety index, this country delivers.

Moreover, this most innovative country in 2023 is doing well in digital and physical infrastructure (5th). That’s most evident from the internet connection quality (5th), despite its lower e-government ranking within the Top 30.

Cyber safety is an area for improvement in Switzerland. It does not crack the Top 10 when factors like infrastructure, response capacity, and legal frameworks are weighed, landing it at 43rd place globally.

Economic safety is the most significant hurdle for remote workers considering Switzerland, primarily due to the high cost of living (98th) that overshadows its attractions, language proficiency, and healthcare quality.

Overall, Switzerland can be a good place for remote work if you’re not on a budget and haven’t seen Rhine Falls or Chapel Bridge yet. For those seeking more economical alternatives within Europe, there are plenty of options that combine the allure of affordability with the convenience of remote working.

2. Sweden

We move north to see if forward-thinking Sweden has thought about the WFA generation. It turns out it did, boasting the fifth spot in our GRWI 2023 rankings.

To start off, Sweden has a Top 10 economic safety and digital & physical infrastructure. For instance, it’s the best place to get well as the No #1 healthcare just won’t disappoint. Also, the e-infrastructure is great (5th), along with the internet quality (11th).

Even social safety, ranked 15th, comes with outstanding personal rights (2nd) and inclusiveness (3rd). However, we must point out that safety (64th) can be a concern in the second most innovative country.

Sweden struggles the most with cyber safety (21st). While response capacity (4th) is top-notch, the same cannot be said about infrastructure (19th).

Even though Sweden is cheaper than Switzerland, it is still expensive (79th), which is a primary concern for most remote workers. At least there’s a lot to see, and asking for directions in English will bring positive results most of the time.

3. The United States

It’s always tough to generalize countries of such magnitude, but we did our best and found the US to be the 16th option for remote nomads and digital workers. While that might not sound impressive after Sweden, we want to point out that this highly innovative country is still more remote-friendly than 85% of the world.

So, where are its biggest strengths? The most eye-catching factor is economic safety – the US is second only to the UK. Plus, it has the best tourism attractiveness and English proficiency. Even the much-discussed healthcare is great (4th).

USA a remote haven in the spotlight 1400x719

Furthermore, the US has advanced digital and physical infrastructure (6th). In this dimension, internet affordability and e-government shine the brightest (both 2nd).

Cyber safety (33rd) and social safety (37th) are the two dimensions that drag the US down. While the former at least has the best infrastructure, the latter’s top result is 20th place.

Ultimately, the US is too big and multicultural to offer the same experience for every remote worker. But as with the countries above, the cost of living is its Achilles heel.

4. The United Kingdom

As the 19th country for remote work, the UK remains in the Top 10 according to many factors. Once again, that’s not a bad result by any means, given that GRWI 2023 analyzed 108 countries in total.

The United Kingdom is the strongest in economic safety. That mainly comes from tourism attractiveness (3rd) and English proficiency (1st).

Then we have the digital and physical infrastructure (12th), with the physical part being especially strong (2nd). The UK has some work to do with its social safety (28th), though, as only personal rights (10th) make it to the Top 20.

An essential dimension for digital nomads, cyber safety needs the most attention (36th). However, if we dig deeper into separate factors, we’ll find a superior infrastructure (2nd).

Just like the other most innovative countries above, the UK offers a myriad of options for tourists. And just like the same locations, its high cost of living (including quite expensive and not-so-great internet) will make remote workers seek out locations that offer a better cost-efficiency balance.

5. Singapore

And now, the time has come for the only Asian country on our list. The innovative and modern Singapore is 28th on our GRWI 2023 rankings. It feels like Switzerland (29th) is in the rear, but as you’ll find out, the pros and cons for digital nomads differ quite a bit.

If digital and physical infrastructure matters to you most, there’s no better place to be than Singapore. It has the best e-government and physical infrastructure, with internet quality (4th) not far behind. However, its price is below average (58th).

The rest of the dimensions are below the Top 20. Under cyber security, Singapore can be proud of its infrastructure (4th). Tourism attractiveness and English proficiency, both 3rd, are a big plus for remote workers. Sadly, the same cannot be said about the cost of living (96th) and personal rights (80th).

In fact, Singapore’s personal rights index may give some individuals pause when considering it as a destination. While the country offers top-notch digital and physical infrastructure along with tourism options, the high prices and average healthcare make it less attractive for a longer stay as an expat.

The best tech country for remote work in 2023

After evaluating the GII and GRWI data, we proclaim Sweden the best innovative country to work remotely in 2023. It’s followed by the US, the UK, Switzerland, and Singapore.

Sweden won first place thanks to its attractiveness to remote workers. Its tourism appeal, quality healthcare, and well-developed e-infrastructure, along with remarkable inclusiveness and personal rights, sealed the deal. The biggest concern for digital nomads will be the high cost of living, but that can be said about all other most advanced countries for remote work.

In the end, each of us has different priorities and expectations before starting to work remotely. Therefore, some other country might look like the top destination for you. We encourage you to dive deeper into the GRWI ranking and find your personal favorite. 

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.