ESET, the leading IT security company based in the European Union, is the top endpoint security vendor in Central and Eastern Europe (CEE), taking the most sizeable portion of the annual market share. According to the IDC Endpoint security software market shares 2017 report, ESET’s market share in the CEE region accounts for 37.5 percent, outpacing all of its competition[1]. IDC has estimated ESET generates around 90 million USD from the IT security revenues recorded in the region in 2017 following 13.5 percent year-on-year growth. ESET is also included among IDC’s “established leaders“, which are large organizations with extensive R&D teams, robust security suites and strong investments in innovation.
“ESET’s technology comes from Central Europe, with our first software being developed in Slovakia more than 30 years ago, which makes us even more proud to keep the CEE region as our stronghold. We are proud to be the leading ’made in the European Union’ IT security solution and pleased that we are expanding our reach further in Europe including our fast growing Western European markets,“ says Miroslav Mikus, ESET Sales and Marketing Director for the EMEA region.
ESET is headquartered in Central Europe and accounts for 37.5 percent CEE market share based on this recently released IDC market report. ESET ranks 6th globally according to the analyst firm.
IDC highlights ESET Encryption and two-factor authentication in its report, both crucial elements in the already active GDPR legislation. “Both multi-factor authentication and encryption are available to midmarket customers of ESET at an acceptable price and level of complexity along with ease of use… An offering that promises significant data security improvements for ESET’s customers,” writes Mark Child, IDC’s CEE Security Practice Lead, author of this report.
[1] Mark Child, Research Manager, Software, Central and Eastern Europe Endpoint Security Software Market Shares, 2017 (market data for 2017) Available on IDC website.
About Version 2 Limited Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About ESET For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.
Tokyo – NetJapan, Inc., publisher of backup, disaster recovery, and virtualization software, releases version 2.0 of ActiveImage™ Deploy USB, a USB based OS deployment tool for VARs, OEMs, and System Integrators.
ActiveImage Deploy USB v2.0 creates a bootable USB Flash Memory containing a master image created from a pre-configured computer system, and deploys that image to a new client machine. ActiveImage Deploy USB automates, simplifies, and streamlines the deployment process making it an ideal solution for setting up new systems to include custom software and hardware configurations, and deploying setups to a large numbers of computers.
Version 2.0 now simplifies license management, deployment to larger disks, password protected master image files, and now master images can be created using Inline Data Deduplication Compression.
NEW Features:
Simplified Licensing Management. The Built-in License Manager includes the addition of multiple and site license configuration.
Deployment to Larger Disks. Optionally, restore to larger disks and automatically extend volumes.
Create Master Image files using Inline Data Deduplication Compression (IDDC). Significantly reduce image size and deployment time by using IDDC when creating master image files.
OTHER Features:
An easy-to-use wizard driven interface guides you through creating a bootable USB Flash Memory with ActiveImage Deploy USB installed and ready to use.
The built in “Auto-Start” feature automates cloning without user interaction. Simply attach the USB Flash Memory to the target computer, power the system on, and ActiveImage Deploy USB deploys the pre-configured image to the target system.
The created Images are stored on the USB Flash Memory, eliminating the need for additional storage devices to be connected.
No need for deployment server or configuring network settings
Flexible license distribution to easily allocate licenses to each created USB Flash Memory deployment device.
About Version 2 Limited Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Actiphy Actiphy founded in 2007, focuses on developing and offering innovative backup and disaster recovery solutions for complete protection of all your systems and data. ActiveImage Protector backs up Windows, Linux machines on physical and virtual environments and restore systems and data fast for you to be up and running with minimal downtime and data loss. Today Actiphy hold 20% of the image backup market in Japan and are expanding our services in the Asia/Pacific and North American regions, as well as in Europe, the Middle East and Africa.
A test conducted by Whalebone, a provider of DNS filtering services, showed that adding Indicators of Compromise from ESET to DNS filtering detection data significantly improves detection.
Experts from Whalebone and ESET revealed the results of a DNS filtering test in their joint presentation at the IS2 Conference, an information security event held in Prague, Czech Republic. The test was run on a sample of 100,000 internet connections, representing around half a million connected devices in two countries, the Czech Republic and Slovakia.
Before, Whalebone had utilized Indicators of Compromise (IoC) generated via methods such as sandbox simulations, analysis of network traffic or utilizing known malware patterns. „We wanted to include detection data from endpoints as a new source of IoC, hoping for improved detection capability,“ said Robert Šefr, Whalebone’s Chief Technology Officer.
The test was aimed at confirming the expectation that including IoC from ESET Threat Intelligence would lead to new, previously unavailable detections – while keeping false positives at a minimum.
The test was run in the first quarter of 2018 and involved around 55,000 unique malicious domains in the tested IoC feed. Out of those, around 1100 domains were detected. 18.5% of the devices in the test made at least one attempt to contact a malicious domain from the feed; the overall number of incidents in the test was around 1.75 million. Out of those, around half (866,000 incidents, precisely 49.51%) were detected based solely on the IoC provided by ESET – i.e., without data from ESET, these incidents would have gone undetected. Only 0.47% of incidents were detected based on both ESET’s and original Whalebone data; the remaining 50.02% of incidents were detected independently from ESET.
Out of the 866,000 incidents detected based on the IoC by ESET, only one single domain blocking was found to be a false positive.
„The Whalebone test clearly showed that rigorous categorization of data, which is paramount for ESET, allows for both a high detection rate and keeping false positives close to zero,“ comments Peter Dekýš, ESET’s IT Security Director.
“The testing has shown that by including IoC from ESET Threat Intelligence, detections significantly increased, with false positives amounting virtually to zero. Overall, the test has proven that it is appropriate to use endpoint-sourced IoC for DNS-level protection”, concludes Whalebone’s Robert Šefr.
About Version 2 Limited Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About ESET For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.
As you all know, today, May 25, is the day that GDPR comes into force in the European Union; legislation that will affect companies and citizens around the world, not just in the EU. This is explained by Anscombe, in a video that will hopefully help clarify some of the particulars regarding the new legislation.
GDPR returns control of personal data to the user/customer. In this sense, GDPR makes it mandatory to have the user’s consent for the use of their personal data. Also, obtaining that consent by the user entails certain responsibilities for the company or organization, as it must ensure that this information is collected by the correct persons. This information may only be stored for a period of time and that these data are encrypted.
GDPR affects globally and just within the EU
Some might find the topic concerning who is affected and where they are affected confusing, but Anscombe explains exactly how it will work: “If a user is in Europe and connects to a website or service outside Europe, that service has to provide the same privileges as if operating from Europe, which must comply with the new regulations that imposes GDPR,” he explained.
Another example mentioned is the case of the non-European citizen, who is occasionally in EU territory and who connects to a website that they usually use when they are outside Europe. In this case, the site must comply with the new legislation, since GDPR applies to everyone who is in the EU at that time – not just its citizens.
Therefore, if you provide services or if your site has visitors from the EU it is important that you consider the changes that have come into force, that you prepare a plan and that you make sure you comply with GDPR.
You may also be interested in any of the following items:
For more information on GDPR, ESET has a dedicated page to help ensure that you have all the information needed to cope with GDPR. To read more articles like this one and the ones listed above, please follow our library of related content here on WeLiveSecurity.
About Version 2 Limited Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About ESET For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.
ESET, a leader in information security, today announced it has been awarded the highest designation in the Innovation, Product, Market and Overall Leader categories in the 2018 Kuppinger Cole Leadership Compass Enterprise Endpoint Security: Anti-Malware Solutions.
The annual report by Kuppinger Cole, examines the key vendors in the Enterprise Endpoint Security market, with a special focus given to Enterprise Anti-Malware Solutions. In this evaluation, Kuppinger Cole assesses product and service functionality, innovation and the relative market share of each vendor evaluated in the annual report.
In the “Innovation Leadership” category, Kuppinger Cole recognizes leaders as vendors who are deploying new technologies and features designed to detect and remove sophisticated malware in current or upcoming products. ESET is praised for having a multi-faceted detection array, helping to identify and thwart threats facing enterprises. Kuppinger Cole also notes ESET excels at detecting file-less malware, polymorphism and ransomware.
“We are honored to have our enterprise security solutions recognized by Kuppinger Cole,” said Juraj Malcho, Chief Technology Officer at ESET. “Enterprises are facing an increasingly-sophisticated enemy, capable of deploying a variety of technologies to attack their networks and endpoints. ESET is committed to delivering best-in-class solutions for businesses to better detect and protect against these types of attacks.”
The report further evaluates each vendor on five pre-selected security criteria essential for decision makers of enterprise-sized organizations. ESET received a rating of “strong positive” in the Functionality, Integration and Usability categories and a rating of “positive” in the Security and Interoperability. These ratings recognize ESET’s expertise in delivering advanced and scalable security solutions to businesses in the enterprise sector.
In the category of “Overall Leadership”, ESET placed highly due to its thirty year history of fighting malware and delivering innovative products and solutions to the market. Kuppinger Cole identifies “Overall Leaders” by a combined rating in products, market presence and the innovation categories.
About Version 2 Limited Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About ESET For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.
Tokyo – NetJapan, Inc., publisher of backup, disaster recovery, and virtualization software, releases ActiveImage™ Deploy USB, a USB based OS deployment tool for VARs, OEMs, and System Integrators.
ActiveImage Deploy USB creates a bootable USB Flash Memory containing a master image created from a pre-configured computer system, and deploys that image to a new client machine. ActiveImage Deploy USB automates, simplifies, and streamlines the deployment process making it an ideal solution for setting up new systems to include custom software and hardware configurations, and deploying setups to a large numbers of computers.
Features:
ActiveImage Deploy USB uses a WinPE based boot environment for supporting a wide range of drivers and hardware configurations.
An easy-to-use wizard driven interface guides you through creating a bootable USB Flash Memory with ActiveImage Deploy USB installed and ready to use.
The built in “Auto-Start” feature automates cloning without user interaction. Simply attach the USB Flash Memory to the target computer, power the system on, and ActiveImage Deploy USB deploys the pre-configured image to the target system.
The created Images are stored on the USB Flash Memory eliminating the need for additional storage devices to be connected.
Embed existing ActiveImage Protector backup image files for deployment.
Flexible license distribution to easily allocate licenses to each created USB Flash Memory deployment device.
About Version 2 Limited Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Actiphy Actiphy founded in 2007, focuses on developing and offering innovative backup and disaster recovery solutions for complete protection of all your systems and data. ActiveImage Protector backs up Windows, Linux machines on physical and virtual environments and restore systems and data fast for you to be up and running with minimal downtime and data loss. Today Actiphy hold 20% of the image backup market in Japan and are expanding our services in the Asia/Pacific and North American regions, as well as in Europe, the Middle East and Africa.
Previously unreported samples of Hacking Team’s infamous surveillance tool – the Remote Control System (RCS) – are in the wild, and have been detected by ESET systems in fourteen countries.
Our analysis of the samples reveals evidence suggesting that Hacking Team’s developers themselves are actively continuing the development of this spyware.
From Hacking Team to Hacked Team to…?
Since being founded in 2003, the Italian spyware vendor Hacking Team gained notoriety for selling surveillance tools to governments and their agencies across the world.
The capabilities of its flagship product, the Remote Control System (RCS), include extracting files from a targeted device, intercepting emails and instant messaging, as well as remotely activating a device’s webcam and microphone. The company has been criticized for selling these capabilities to authoritarian governments – an allegation it has consistently denied.
When the tables turned in July 2015, with Hacking Team itself suffering a damaging hack, the reported use of RCS by oppressive regimes was confirmed. With 400GB of internal data – including the once-secret list of customers, internal communications, and spyware source code – leaked online, Hacking Team was forced to request its customers to suspend all use of RCS, and was left facing an uncertain future.
Following the hack, the security community has been keeping a close eye on the company’s efforts to get back on its feet. The first reports suggesting Hacking Team’s resumed operations came six months later – a new sample of Hacking Team’s Mac spyware was apparently in the wild. A year after the breach, an investment by a company named Tablem Limited brought changes to Hacking Team’s shareholder structure, with Tablem Limited taking 20% of Hacking Team’s shareholding. Tablem Limited is officially based in Cyprus; however, recent news suggests it has ties to Saudi Arabia.
Having just concluded our research into another commercial spyware product, FinFisher, two interesting events involving Hacking Team occurred in close succession – the report about Hacking Team’s apparent financial recovery and our discovery of a new RCS variant in the wild with a valid digital certificate.
The spyware lives on
In the early stages of this investigation, our friends from the Citizen Lab – who have a long record of keeping track of Hacking Team – provided us with valuable input that led to the discovery of a version of the spyware currently being used in the wild and signed with a previously unseen valid digital certificate.
Our further research uncovered several more samples of Hacking Team’s spyware created after the 2015 hack, all being slightly modified compared to variants released before the source code leak.
The samples were compiled between September 2015 and October 2017. We have deemed these compilation dates to be authentic, based on ESET telemetry data indicating the appearance of the samples in the wild within a few days of those dates.
Further analysis led us to conclude that all the samples can be traced back to a single group, rather than being isolated instances of diverse actors building their own versions from the leaked Hacking Team source code.
One indicator supporting this is the sequence of digital certificates used to sign the samples – we found six different certificates issued in succession. Four of the certificates were issued by Thawte to four different companies, and two are personal certificates issued to Valeriano Bedeschi (Hacking Team co-founder) and someone named Raffaele Carnacina, as shown in the following table:
Certificate issued to
Validity period
Valeriano Bedeschi
8/13/2015 – 8/16/2016
Raffaele Carnacina
9/11/2015 – 9/15/2016
Megabit, OOO
6/8/2016 – 6/9/2017
ADD Audit
6/20/2016 – 6/21/2017
Media Lid
8/29/2016 – 8/30/2017
Ziber Ltd
7/9/2017 – 7/10/2018
The samples also have forged Manifest metadata – used to masquerade as a legitimate application – in common, appearing as “Advanced SystemCare 9 (9.3.0.1121)”, “Toolwiz Care 3.1.0.0” and “SlimDrivers (2.3.1.10)”.
Our analysis further shows that the author(s) of the samples have been using VMProtect, apparently in an effort to make their samples less prone to detection. This was also common among pre-leak Hacking Team spyware.
The connections among these samples alone could have originated with virtually any group re-purposing the leaked Hacking Team source code or installer – as was the case with Callisto Group in early 2016. We have, however, collected further evidence that ties these post-leak samples to Hacking Team’s developers themselves.
The versioning (which we accessed after overcoming VMProtect protection) observed in the analyzed samples continues where Hacking Team left off before the breach, and follows the same patterns. Hacking Team’s habit of compiling their payloads – named Scout and Soldier – consecutively, and often on the same day, can also be seen across the newer samples.
The following table shows the compilation dates, versioning and certificate authorities of Hacking Team Windows spyware samples seen between 2014 and 2017. Reuse of leaked source code by Callisto Group is marked in red.
Furthermore, our research has confirmed that the changes introduced in the post-leak updates were made in line with Hacking Team’s own coding style and are often found in places indicating a deep familiarity with the code. It is highly improbable that some other actor – that is, other than the original Hacking Team developer(s) – would make changes in exactly these places when creating new versions from the leaked Hacking Team source code.
One of the subtle differences we spotted between the pre-leak and the post-leak samples is the difference in Startup file size. Before the leak, the size of the copied file is padded to occupy was 4MB. In the post-leak samples, this file copy operation is padded to 6MB – most likely as a primitive detection evasion technique.
Figure 1 – Startup file size copy changed from 4 MB pre-leak to 6MB post-leak
We found further differences that fully convinced us of Hacking Team’s involvement. However, the disclosure of these details could interfere with the future tracking of the group, which is why we choose not to publish them. We are, however, open to share these details with fellow researchers (for any inquiries contact us at threatintel@eset.com).
The functionality of the spyware largely overlaps with that in the leaked source code. Our analysis so far has not confirmed the release of any significant update, as promised by Hacking Team following the hack.
As for the distribution vector of the post-leak samples we analyzed, at least in two cases, we detected the spyware in an executable file disguised as a PDF document (using multiple file extensions) attached to a spearphishing email. The names of the attached files contain strings likely aimed to reduce suspicion when received by diplomats.
Figure 2 – Investigation timeline
Conclusion
Our research lets us claim with high confidence that, with one obvious exception, the post-leak samples we’ve analyzed are indeed the work of Hacking Team developers, and not the result of source code reuse by unrelated actors, such as in the case of Callisto Group in 2016.
As of this writing, our systems have detected these new Hacking Team spyware samples in fourteen countries. We choose not to name the countries to prevent potentially incorrect attributions based on these detections, since the geo-location of the detections doesn’t necessarily reveal anything about the origin of the attack.
Serial Number: 2c e2 bd 0a d3 cf de 9e a7 3e ec 7c a3 04 00 da
SHA-1 samples
27f4287e1a5348714a308e9175fb9486d95815a2
71a68c6140d066ca016efa9087d71f141e9e2806
dc817f86c1282382a1c21f64700b79fcd064ae5c
SHA-1 samples
27f4287e1a5348714a308e9175fb9486d95815a2
71a68c6140d066ca016efa9087d71f141e9e2806
dc817f86c1282382a1c21f64700b79fcd064ae5c
C&Cs
188.226.170.222
173.236.149.166
Samples signed by Megabit, OOO
Thumbprint: 6d e3 a1 9d 00 1f 02 24 c1 c3 8b de fa 74 6f f2 3a aa 43 75
Serial Number: 0f bc 30 db 12 7a 53 6c 34 d7 a0 fa 81 b4 81 93
SHA-1 samples
508f935344d95ffe9e7aedff726264a9b500b854
7cc213a26f8df47ddd252365fadbb9cca611be20
98a98bbb488b6a6737b12344b7db1acf0b92932a
cd29b37272f8222e19089205975ac7798aac7487
d21fe0171f662268ca87d4e142aedfbe6026680b
5BF1742D540F08A187B571C3BF2AEB64F141C4AB
854600B2E42BD45ACEA9A9114747864BE002BF0B
C&Cs
95.110.167.74
188.226.170.222
173.236.149.166
46.165.236.62
Samples signed by Raffaele Carnacina
Thumbprint: 8a 85 4f 99 2a 5f 20 53 07 f8 2d 45 93 89 af da 86 de 6c 41
Serial Number: 08 44 8b d6 ee 91 05 ae 31 22 8e a5 fe 49 6f 63
SHA-1 samples
4ac42c9a479b34302e1199762459b5e775eec037
2059e2a90744611c7764c3b1c7dcf673bb36f7ab
b5fb3147b43b5fe66da4c50463037c638e99fb41
9cd2ff4157e4028c58cef9372d3bb99b8f2077ec
b23046f40fbc931b364888a7bc426b56b186d60e
cc209f9456f0a2c5a17e2823bdb1654789fcadc8
99c978219fe49e55441e11db0d1df4bda932e021
e85c2eab4c9eea8d0c99e58199f313ca4e1d1735
141d126d41f1a779dca69dd09640aa125afed15a
C&Cs
199.175.54.209
199.175.54.228
95.110.167.74
Samples signed by Valeriano Bedeschi
Thumbprint: 44 a0 f7 f5 39 fc 0c 8b f6 7b cd b7 db 44 e4 f1 4c 68 80 d0
Serial Number: 02 f1 75 66 ef 56 8d c0 6c 9a 37 9e a2 f4 fa ea
SHA-1 samples
baa53ddba627f2c38b26298d348ca2e1a31be52e
5690a51384661602cd796e53229872ff87ab8aa4
aa2a408fcaa5c86d2972150fc8dd3ad3422f807a
83503513a76f82c8718fad763f63fcd349b8b7fc
C&Cs
172.16.1.206
About Version 2 Limited Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About ESET For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.
As many as 43% of online login attempts globally are made by bots that are used for evil ends, as attackers are increasingly leveraging the automated tools for credential abuse, a report by Akamai has revealed.
Focusing on data for November, 2017, the content delivery network provider found that 3.6 billion out of 8.3 billion login requests during that month were malicious, specifically “attempts to log in to an account using password guessing or account details gathered from elsewhere on the Internet”.
A breakdown of the figures shows that the websites of retailers handled the highest number of login requests in November – 2.8 billion. “Only” 36% of them were intended to break into the accounts, according to Akamai’s Fourth Quarter 2017 State of the Internet / Security Report.
Meanwhile, the hospitality industry had to contend with the highest concentration of bad bots. A staggering 82% of nearly 1 billion login attempts on the websites of airlines, hotels and online travel agencies were found to be malicious.
Swarms of villain bots also swooped on the sites of high-tech businesses, with 57% out of 1.4 billion login attempts deemed malevolent.
The data was obtained by Akamai’s identifying “IP addresses that make multiple attempts to log into accounts using leaked credentials with no other activity to the target site”.
The data set covers mainly websites that use email addresses as login names. As a result, Akamai cautioned that the figures may understate the extent of the problem in industries in which email addresses are not used as user IDs, notably the financial industry.
Credential abuse attempts according to selected industries (Source: Akamai, Fourth Quarter 2017 State of the Internet / Security Report)
Bots that traverse the internet on behalf of their human operators can fulfill both legitimate and malicious automated tasks. Statistics indicate that bot-driven internet traffic, by helper and harmful bots combined, surpasses human traffic.
“Increased automation and data mining have caused a massive flood of bot traffic to impact websites and Internet services. Although most of that traffic is useful for Internet businesses, cybercriminals are looking to manipulate the powerful volume of bots for nefarious gains,” Akamai’s senior security advocate Martin McKeay is quoted as saying.
“Enterprises need to watch who is accessing their sites to differentiate actual humans from both legitimate and malicious bots. Not all web traffic and not all bots are created equal,” he added.
In an automated technique known as ‘credential stuffing’, criminals leverage stolen or leaked access credentials that belong to one account in order to break into other – often higher-value – accounts. This tactic has been found to pay dividends in anywhere between 0.1% and 2% of attempts, owing its success primarily to the fact that many netizens recycle their credentials across multiple accounts. Databases with reams of stolen username and password pairs can be easily bought online.
DDoS traffic
After several quarters of increases, the number of distributed denial-of-service (DDoS) attacks dropped by less than 1% in the fourth quarter of 2017 compared to the third quarter. On an annual basis, however, the attacks were up 14%, according to Akamai’s stats.
The gaming industry bore the brunt of the onslaughts, suffering 79% of all DDoS traffic. Germany and China between themselves accounted for the majority of source IP addresses involved in the attacks.
To say that DDoS attacks aren’t going anywhere would be an understatement, nor have we seen the last of Mirai. The notorious botnet, which took the internet by storm in the fall of 2016, remains alive and kicking. This is not least because of the proliferation of hackable Internet-enabled things, coupled with attackers continuing to adapt Mirai’s source code to befit their evil intentions.
Web app attacks
The number of web application attacks decreased by 9% following a quarter-over-quarter jump of 30% in the third quarter. They still rose by one-tenth compared to the last three months of 2016, however.
This type of threat most commonly involves scans to identify vulnerable sites with the ultimate aim of data thefts or other compromises. SQL injections, which Akamai highlighted as “easily automated and scalable”, accounted for one-half of web app attacks. On 36%, local file inclusion was the second-most-frequent attack vector.
The United States is by far both the top source and top target of web app attacks. The incursions that originate in the US soared by 31% compared to the last quarter of 2016.
About Version 2 Limited Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About CyberLink Founded in 1996, CyberLink Corp. (5203.TW) is the world leader in multimedia software and AI facial recognition technology. CyberLink addresses the demands of consumer, commercial and education markets through a wide range of solutions, covering digital content creation, multimedia playback, video conferencing, live casting, mobile applications and AI facial recognition. CyberLink has shipped several hundred million copies of its multimedia software and apps, including the award-winning PowerDirector, PhotoDirector, and PowerDVD. With years of research in the fields of artificial intelligence and facial recognition, CyberLink has developed the FaceMe® Facial Recognition Engine. Powered by deep learning algorithms, FaceMe® delivers the reliable, high-precision, and real-time facial recognition that is critical to AIoT applications such as smart retail, smart security, and surveillance, smart city and smart home. For more information about CyberLink, please visit the official website at www.cyberlink.com
The Internet of Things (IoT) is, for many, about devices we connect to a network for convenience, such as thermostats, light switches, connected cars and interactive toys for our kids.
While the IoT is indeed a marvelous invention, designed to make daily digital life even easier, how safe is it in terms of protecting your privacy?
Alongside an ESET researcher team, I investigated some of the more popular IoT devices on the market today with the aim of creating a basic ‘smart home’ that mimics the connectable objects likely to be found in a typical household.
Notions of interconnectivity and the ‘smart home’ are now rarely seen as the main focus of science fiction narrative, but assumed as background. Today, the IoT makes the ‘smart home’ not only achievable, but in some respects commonplace.
But how plausible is it to create your own ‘smart home’? Many issues can crop up when trying to create your own interconnected dwelling space. One of the challenges facing even the most basic implementation of a ‘smart home’ is interoperability between devices provided by different manufacturers to provide a harmonious, unified experience… or as close as possible!
We purchased a few IoT devices that could be deemed as essential for the creation of a type of starter kit for anyone wanting the convenience of an interconnected experience in their home. We also purchased a virtual personal assistant (a device that takes verbal commands and can control many of the devices purchased; in fact, a ‘smart home’ may actually start with a device like this and then expand functionally with additional IoT devices).
Privacy concerns
The main area of concern was constructing a ‘smart home’ that did not compromise on privacy.
In that respect, there was unease that the devices in the home could potentially collect private data. Of course, we understood the need for most devices and services to collect basic personal details. Worryingly, however, we found that companies often used the term “but not limited to”, meaning they might collect more than what was on the applicable privacy policy.
In total, the team tested twelve products from seven vendors, including one product that we have not included in the final report due to discovery of significant vulnerabilities. As a security company, we value the commitment to responsible disclosure and the collaborative nature of the IT security industry — therefore, we notified the company in question with specific details of the device’s shortcomings and will not publish these details until the vendor has had time to rectify the issues.
While each device tested led to some privacy issues, it was the role of voice-activated intelligent assistants that raised the most concerns. This is due, among other things, to concerns the fear of oversharing of data by commercial services, insufficient protection of stored personal data, and the possibility of interception of digital traffic by cybercriminals or the mischievous.
Can you create a safe smart home?
The answer is… possibly. No device or software is guaranteed to be secure or immune to potential vulnerabilities. However, a company’s security culture can be judged based on its reaction to vulnerabilities when they are disclosed. Some of the devices tested had vulnerabilities that have been dealt with quickly with new software and firmware. When vulnerabilities are not fixed promptly (or at all), then choosing an otherwise equivalent device would be an appropriate response. But with sound judgement and caution, it is possible to start a basic ‘smart home’.
Conclusion
At its inception, the goal of this project was to create a basic ‘smart home’ that mimics something that could end up in typical household. The concern from our research team was “what if we don’t find any issues?” Alas, this was not the case, and in fact the conclusion that I have written is different from what we had envisioned at the start.
The potential for home, lifestyle, health and even browsing data collected by internet service providers to be available to a single entity should only be permitted after due consideration for the consequences.
About Version 2 Limited Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About ESET For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.
The short answer to the headline’s question is that a UEFI scanner is all about helping you protect your computer against people who seek to take it over by abusing its Unified Extensible Firmware Interface (UEFI). A successful attack on a system’s UEFI can give the attacker complete control of that system, including persistence: the ability to secretly maintain unauthorized access to the machine despite rebooting and/or reformatting of the hard drive.
As you can imagine, this form of persistence is not a virtue and can prolong the pain and inconvenience of a malicious code infection. If your security software only scan drives and memory, without scanning UEFI, it is possible to think you have a clean machine when you don’t, that’s why we recommend a security solution that scans it, like ESET.
Why does my device have a UEFI?
Computing devices work by executing code: the instructions that we call software and which make the hardware – such as a laptop or smartphone – do something useful. Code can be fed to the device in several ways. For example, it can be read from storage on a disk, held in memory, or delivered via a network connection. But when you power on a digital device it has to start somewhere (bootstrap), and that first piece of code is typically stored in a chip on the device. This code, referred to as firmware, may include a “power-on self-test” or POST to make sure things are working correctly, followed by the loading into memory of the basic instructions for handling input and output.
If you’ve been into computers for a while you might recognize this chip-based code as BIOS or Basic Input Output System. In fact, BIOS technology dates back to the 1970s and so it is not surprising that it would eventually struggle to meet the demands of today’s computers, a point made by my colleague, Cameron Camp, in this excellent article on UEFI scanning. As Cameron details, UEFI technology has evolved to replace BIOS, although some devices still refer to it as BIOS. (I’m tempted to say “Meet the new BIOS, same as the old BIOS” but UEFI is signifcantly different, and besides, this article already has a headline that exploits a classic lyric: “What’s it all about, Alfie?”)
“FOR MOST PEOPLE, THIS IS THE RIGHT QUESTION TO BE ASKING, AND THE RIGHT ANSWER WILL DEPEND ON WHO YOU ARE”
Technically, UEFI is a specification, maintained by the Unified Extensible Firmware Interface Forum (uefi.org). According to the forum, the specification defines a new model for the interface between personal computer operating systems and platform firmware, and it “consists of data tables that contain platform-related information, plus boot and runtime service calls that are available to the operating system and its boot loader.” Without going into greater technical detail, UEFI added a great deal of functionality to the boot process, including some serious security measures (these are discussed in the ESET white paper referenced by this article).
Unfortunately, the illicit benefits of devising code that can surreptitiously take over a system early in the boot process – generically referred to as a bootkit – are a powerful motivator to the folks who specialize in unauthorized access to digital devices. Such folks could be: cybercriminals; domestic and foreign agencies like NSA and CIA; and private companies that sell “surveillance tools” to governments.
For more details, check out the excellent article by my ESET colleague Cassius Puodzius that discusses these “threat actors” and their interest in UEFI. The broader topic of bootkit evolution from early days through 2012 is ably covered by ESET Senior Research Fellow, David Harley, in this article. You might also check out the paper “Bootkits, Past, Present, and Future”, presented at Virus Bulletin 2014. And of course there are plenty of technical papers on the UEFI Forum site.
So what’s my UEFI risk?
For most people, this is the right question to be asking, and the right answer will depend on who you are. For example, are you someone whose computer might be of interest to the NSA or CIA or other government entity that has the resources to invest in code that abuses UEFI, either its own code or a commercial surveillance product purchased from a commercial vendor? Are you using your computer to develop, review, or otherwise handle intellectual property worth stealing? If you answered either of those questions in the affirmative, then I would say you have an above average risk of encountering UEFI malware.
Currently, I am not aware of any large-scale, broadly-targeted criminal malware campaigns that exploit UEFI to attack the general public’s computer systems (if you know of any, please share the knowledge). However, even if you are not in a high risk category, I strongly suggest you still need security software with UEFI scanning capability. Why? Remember those three letter agencies that have been developing UEFI attacks? Well, they don’t have a stellar reputation for keeping their tools secret. In fact, the biggest news in malware so far this year has been WannaCryptor a.k.a. WannaCry, and one reason that particular ransomware spread so fast was because it used a “top secret” exploit developed by the NSA, an agency known to have dabbled in UEFI compromise.
In other words, we just don’t know when a new malware campaign that abuses UEFI to maintain persistence on compromised systems will appear in the wild. What I can say is that folks who are performing UEFI scans on a regular basis will be better prepared to protect their systems from future malware than people who are not. And that is what UEFI scanning is all about.
ESET latest endpoint security products now include an industry first UEFI scanning.
About Version 2 Limited Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About ESET For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.
