Skip to content

What happens when your router is hacked?

Most people understand that routers can be hacked, but not everybody realizes just how damaging this kind of cyberattack can be. In this article, I will explain exactly how a hacker can target your router, what the consequences could be, and what you can do to protect yourself.

Most users underestimate the risk

No one wants to be hacked, but it’s easy to come up with excuses for not addressing router security issues — excuses like:

  • Hackers don’t want to hack me (aka: “I have nothing to hide” or “My data isn’t valuable to anyone”).

  • It’s too complicated to secure my router and configure it properly.

  • I assume that it’s secure by design (aka: “I trust my ISP to secure it”).

Do these excuses look reasonable to you? Maybe, but the truth is that most hackers would be happy to attack your router if it’s not properly protected, especially if they can do so quickly.

Securing your router is not technically complicated – you don’t need an IT specialist to keep your router safe anymore than you need an automobile engineer to drive your car. Making sure your router is protected should be a standard part of internet use.

Finally, you should not trust your internet service provider (ISP) to keep you safe. More often than not, its security measures are inadequate.

Types of vulnerabilities

Routers are commonly attacked using five main methods. In all the cases, an attacker gets root access (also known as administrative access) and gains full control of the device. The following list begins with the most unlikely and challenging hacks and ends with most common methods, which are also the easiest for the hacker. Each method also comes with an example of the tools and exploits a hacker could use to carry them out.

Physical (Hacking level: extremely difficult)

A physical attack requires the hacker to get physical access to your router. If they manage this, they can bypass security measures and get full administrator access. This process usually involves connecting the router to special hardware (in most cases, a serial console or JTAG).

While it may be a challenge for them to get close to your home router, hackers can use other ways to gain physical access to these devices. For example, they could target an outdoor wireless extender placed in the yard or a wireless router in a hotel that is used by guests.

  • Example: Almost any device with easy access to TTL or JTAG (for example, D-Link DIR-825AC) could be used to launch this hack. JTAG can also be used legitimately to unlock and customize a router.

Local authenticated (Hacking level: moderately difficult)

To perform a local authenticated attack, a hacker must connect to your LAN (local area network) or Wi-Fi. Usually this involves connecting a tiny device to a free network socket or cracking a weak wireless password.

The hacker must also know the default administrator’s password (or be able to brute force it). Collections of default router passwords are available to hackers online as well as tools that allow them to brute force weak passwords. Infecting a local connected device, like a laptop or smartphone, could give the hacker the same level of access to your local network.

Local unauthenticated (Hacking level: challenging)

Like the local authenticated method, a local unauthenticated attack requires the hacker to connect to the LAN or Wi-Fi or to infect a local device. This time, however, the hacker does not need to know the administrator’s password.

Usually, local unauthenticated attacks involve exploiting some software vulnerability in your router’s firmware (for example, the buffer overflow in its web management function) or accessing misconfigured components (like a default telnet left without password protection).

Remote authenticated (Hacking level: relatively easy)

Remote authenticated attacks are possible against certain routers via the internet, so the hacker doesn’t need to be close to you or join your LAN. They still need to know some default credentials to bypass the service password, but they can also brute force it if necessary.

  • Example: The Huawei LANSwitch model with a default Web UI open to the internet. This exploit was resolved in January 2023 but still acts as a good example of a remote authenticated threat — albeit one that is no longer active.

Remote unauthenticated (Hacking level: very easy)

Remote unauthenticated attacks are the worst-case scenario. Remote unauthenticated attacks can occur if anyone can access the router from the internet, without needing an administrator’s credentials.

Usually, if a router can be accessed in this way, it is the result of the device coming with bad default configuration, a hidden backdoor, or a vulnerability in the software. In some nightmare scenarios, a router may end up with all three of these issues.

A router with these problems can be quickly scanned and exploited by thousands of automated bots or commercial providers (Shodan, for example). It takes between a few minutes and a few hours for the first bot to reach the device once it’s been connected to the internet. After scanning the router, a bot will be able identify the model and use the appropriate script to gain the access.

What happens once you’ve been hacked?

Your router has been hacked. What happens now? After gaining root access, the attacker’s power over the device is unlimited. Here are some of the steps a hacker might take next:

  • Add a persistent backdoor to allow for remote device use or botnet inclusion.

  • View your unencrypted traffic in plain text (using tcpdump, for example).

  • Carry out deep packet inspection (DPI) on any encrypted traffic.

  • Redirect your traffic (for example, through DNS spoofing or by using iptables).

  • Launch social engineering attacks against you (for example, a hacker could redirect you to a fake website, pretending to be your online banking platform, where you might expose sensitive information).

  • Disconnect you from the internet and demand a ransom to restore access.

  • Make your router a proxy for other criminals to perform criminal activities from your IP address (potentially leaving you to convince the police that you weren’t the source of the criminal activity).

  • Hack your other devices (moving laterally) which were not accessible from the internet. If successful, this could allow the hacker to install ransomware or cryptominer malware on your other computers at home.

Still think it’s not worth your time to secure your router?

How to protect your router

If you think it’s time to start protecting your router and the devices connected to it, take the following steps.

  • Understand that your data is valuable. Even if you are not a celebrity or a high-profile politician, it’s still worth a hacker’s time to attack your router. Always see yourself as a potential target. You don’t have to be paranoid, but don’t ignore the risks.

  • Buy a user-friendly router that has good documentation and a clear user interface and that provides technical support and firmware updates. These routers may cost more, but security is a worthwhile investment.

  • Do not trust your ISP. ISPs tend to lower maintenance costs by saving on security. If possible, avoid using the router provided by your ISP, or at least unlock and take full control of it (change the default password, disable remote management, remove backdoors, and enable a firewall).

  • If possible, use WPA3, and protect yourself with a non-dictionary-based password containing at least ten characters. Never use WEP or unencrypted Wi-FI.

  • Use a VPN on your local devices (laptops, phones, TVs) to encrypt traffic.

You should now understand both the risks of an unsecured router and the actions you can take today to protect it. Stay safe!

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Top 10 cybersecurity predictions for 2023 you need to know

The cybersecurity landscape is ever-shifting. With new and advanced technologies developing at lightning speed, we can expect major digital security changes — and challenges — this year. So, what cybersecurity predictions can we make for 2023? Read on to find out.

#1 Possible spike in state-sponsored attacks

With Russia continuing to wage war in Ukraine and China’s president securing an unprecedented third term, we may see a spike in state-sponsored attacks.

In China, another five years in power may give the president the opportunity to launch more large-scale cyberattacks on Taiwan and other countries seen as a threat to the regime.

We can also expect Russia to launch cyber attacks on Ukraine or lash out against the states supporting Ukraine. These malicious activities may also come in response to the economic sanctions imposed on Russia.

#2 5G may present new security challenges

With the growing adoption of the 5G network, we’re likely to see new 5G security challenges in 2023.

Every new technology comes with security concerns — and 5G is no exception.

While 5G technology offers much greater speeds than 4G and potentially unlimited connectivity, it has several system vulnerabilities. The technology needs new cloud-based infrastructure to work, which creates more access points for hackers to exploit.

With the rapid 5G adoption and the significant global shortage of cybersecurity professionals, this technology could bring new cybersecurity challenges that are easy to overlook.

#3 Government surveillance may increase in some regions

Democratization has suffered a lot over the last few years, with global democracy reaching an all-time low.

Countries with strict authoritarian regimes, like China, Russia, and Iran, may increase government surveillance and censorship to maintain control. One example of surveillance could be China’s plans to review social media comments before they’re published.

The leaders of these countries may take even more steps to cut off users from the global internet, potentially resulting in more isolation, restrictions, and prosecution.

#4 This year could be big for data privacy

With corporations and criminals continuing to compete for your information, data privacy is more important than ever.

2023 may be the year data privacy gains much-needed legal protection from governments worldwide.

India, one of the world’s fastest-growing online markets, is expected to pass the Personal Data Protection Bill — its version of the GDPR — this year. The legislation will include requirements for companies to get individual consent, correct inaccurate personal data, and protect data rights.

We may also see data privacy laws tightening in the U.S., depending on Congress’ actions.

2023 could be the year that the American Data Privacy and Protection Act gains traction and finally establishes a data privacy framework on the federal level.

#5 We may see more blockchain-based cybersecurity solutions

Blockchain technology is beneficial for secure, decentralized information storage and exchange. Blockchain delivers unrivaled data integrity, transparency, and decentralization.

In 2023, blockchain will likely be applied to cybersecurity in new ways, helping to create advanced and virtually unbreakable digital security solutions.

Until now, using blockchain in cybersecurity has been very expensive because of how new the technology is.

However, blockchain is maturing and attracting substantial investment. Therefore, this year we may see blockchain technology increasingly being used in cybersecurity solutions.

#6 This year could be the end for third-party cookies

Google is working on phasing out third-party cookies in Chrome — another huge win for data privacy.

Third-party cookies are trackers that advertisers and website owners use to collect data and track user behavior. While first-party cookies mainly collect data about your user experience, third-party cookies track you around the web and pose privacy and security risks.

Firefox and Safari browsers already protect users from third-party trackers, and you can even disable cookies yourself. However, removing third-party cookies from Google Chrome is a major win for privacy because two-thirds of all internet browsing happens on Chrome.

#7 Hackers may carry out more supply chain attacks

Hackers are predicted to continue targeting organizations by launching attacks on weaker supply chain links. We’re already seeing this trend in 2022, and it is expected to grow in 2023.

The supply chain consists of a network of organizations, resources, individuals, and activities involved in the creation of one single product.

By targeting a weaker point in the attack chain, cybercriminals can take advantage of the trust organizations place in third-party vendors.

These attacks are likely to increase in 2023 — with businesses continuing to lose large sums due to production disruptions.

#8 Fileless malware may become a more serious threat

Fileless malware is malicious software that uses built-in applications to infect a device, making it extremely difficult to detect and eliminate.

This malware exploits software vulnerabilities in well-known and trusted applications you’ve already downloaded, leaving no trace of the attack on the device’s memory.

Fileless malware has been a cybersecurity threat since its emergence in 2017 — but it is likely to become even more damaging in 2023. Cybersecurity technologies are constantly evolving — but so are cyber threats.

Fileless malware has always been difficult to detect, but the sophisticated methods and tools attackers use make it even harder. While fileless malware isn’t easy to develop and execute, it can cause immense damage if done successfully.

#9 Cloud security may become more important

Most companies use cloud computing for storing files. Cloud technologies provide a centralized location for applications and data and are more secure than storing files on-premises.

However, several cloud security issues still exist. For example, misconfiguration of security settings or hijacking accounts could lead to data breaches or unauthorized access.

With more and more companies moving their data into the cloud instead of storing files locally, we are likely to see a growing number of attacks on cloud vulnerabilities. Therefore, improving cloud security is expected to be a crucial element of organizations’ security strategies.

#10 Consumer data breaches may decline

The following prediction may be good news for customers — but not for businesses: we’re likely to see a decline in consumer data breaches in 2023.

Cybercriminals are finding new and more profitable ways to make money. An increasing number of hackers turn to ransomware — demanding that the breached company pay a large sum of money to retrieve the stolen data.

Bot sales are becoming more common, too. Hackers can purchase bots with customer information without initiating a data breach.

These sophisticated techniques mean that hackers are less likely to leak your personal information and opt for the “big wins” instead.

How to increase your online security in 2023

We can expect many cybersecurity challenges this year, so taking the necessary steps to protect yourself online is paramount. Here are the main ways to stay safe and secure in the digital world:

  • Use strong, unique passwords. Weak passwords can cause serious damage. If your passwords are short, common, or something that could be easily guessed by a hacker, it’s like you’re leaving your door unlocked at night. Create strong, long, and unique passwords — or secure your passwords with a reliable password manager.
  • Stay in the know. Hackers are more successful with people who don’t know much about the dangers of the digital world. Make sure you know about the most common cybersecurity threats and what new, sophisticated hacking techniques are on the rise. Staying in the loop will help you spot anything suspicious — and protect yourself before anything happens.
  • Use a VPN. A VPN secures your internet connection and hides your IP address, protecting you from hackers and keeping your data private. If you choose NordVPN, you’ll also get free Threat Protection — an advanced cybersecurity feature that blocks annoying ads and intrusive trackers and scans downloads for malware. On top of that, a VPN protects you on public Wi-Fi, keeping your data safe and secure.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Thriving as an app security engineer: 6 reasons to work in cybersecurity

Although the application security (app sec) role can seem the same in every industry, it’s not. Businesses operating in general industries offer fewer possibilities for comprehensive professional growth than security-focused companies. That was the case for Marvin Petzolt, a Senior Application Security Engineer at Nord Security, who jumped from an application security engineer role at a music-sharing business to a security-oriented company. Let Marvin tell us in his own words what factors make app sec professionals thrive at our company.
Marvin Petzolt, Senior Application Security Engineer at Nord Security

#1 You make an impact

Many people, including me, enjoy working at a place where you can make an impact. As an app security engineer at Nord, I can influence security design and the implementation of some of the greatest cybersecurity products in the industry – NordVPN, NordPass, NordLayer, and NordLocker. By ensuring high-security standards for each product, I contribute to building meaningful, user-friendly, and security-centric consumer solutions valued by millions of people and businesses worldwide.

However, having a tangible impact on security products is not the only way I can make a difference. My security recommendations and guidelines are also taken into account when improving business operations or team workflow. For example, when I joined the Application Security Team, we would be notified of upcoming Nord product updates mainly via our automatization and notification bots. However, this approach left us very little time between security testing of the upcoming feature and release to production, which naturally increased pressure on the team.

So I initiated the concept of security product owners, establishing a bi-directional exchange between a specific Nord product and the Application Security team. This concept allowed us to improve communication between developers, team leads, and the Application Security team.

We’re now notified about upcoming changes significantly earlier, leaving us enough time for all the necessary app security tests.

#2 You can reach your full professional potential

The truth is that being an application security specialist in the general industry doesn’t let you reach your full professional potential due to the limited app security cases and tasks you’re working on. This was one of the key reasons why I left a promising application security engineer role at one of the best-known music-sharing companies. There I was securing mainly one app, so the security issues that challenged me were limited.

I wanted to face different app security cases, advance my career, and concentrate more on technical work, security design, and cryptography – things I’m passionate about.

A security-focused company like Nord Security, with its wide range of applications and potential for different security cases, seemed like a natural solution to fulfill all these goals.

#3 You work with meaningful products and interesting challenges

At Nord Security, I’m contributing to building meaningful products – such as NordVPN, NordPass, NordLayer, and NordLocker – that secure people and businesses online.

Most of the time, I focus on cryptography, security architecture, and low-level, client-side implementations. I perform occasional design reviews, threat model sessions, pentesting of features and release candidates, and security code reviews.

Still, my tasks are pretty diverse and depend on what I want to work on. One day I might look into NordLocker’s architecture and how it will encrypt files in the future. The next day, I’ll focus on reviewing the code of NordVPN’s Meshnet feature, establishing a peer-to-peer connection between two endpoints to exchange data or route internet traffic to verify that it is implemented securely. I’ll sometimes also do a black-box security assessment on the NordPass Android release client.

#4 You work with an experienced team

Working in a security-centric company like Nord Security, you can be sure that you’ll always be guided by some of the best professionals in the cybersecurity field.

If you’re facing a challenging situation that is too difficult or complex for you to cope with on your own, the whole Application Security team comes in to help. The team member with the most experience assesses the issue based on severity and validity. If it’s valid, as a team, we determine how we can support in escalating this issue and jump in to help resolve it as fast as possible.

One of the most useful insights I have received from my team is that an app sec professional doesn’t have to know or be involved in all aspects of the team’s work. Application security has many subcategories and specializations, such as Windows Security, Linux Security, Android, and iOS security. It’s hard enough to keep up with one specialization, but keeping up with all of them is nearly impossible. So it’s OK not to be an expert in all of these technologies, and this is where you can rely on the other members of your team.

Another valuable tip – don’t over-complicate. Keep it user-friendly. The perfect security solution usually doesn’t exist or comes with a heavy impact on the user experience. Having a 32-character password requirement or providing your biometric authentication for every action you take on the app doesn’t help anybody. So it is important to focus on realistic threats and put minor theoretical risks aside for later.

Finally, my team taught me how important it is to keep the cryptographic systems simple. When designing a cryptographic system, the key is to keep it as simple as possible so that anybody can understand it and be able to securely extend this system. The more features and changes are added, the more complex the system becomes. That’s why it is necessary to redesign and realign the cryptographic design from the ground up to better fit the new requirements. If you don’t do that, you have a design that nobody understands. That makes it impossible to apply the necessary security and confidentiality measures.

#5 You are given opportunities to learn

If you’re just starting out in an app security position, coming from a slightly different field, such as web or cloud security, or simply want to learn more, even in a senior position, your team and the whole company will be there to help you grow.

If you’re a newbie, one member of your team will become your onboarding buddy, helping you to get up to speed with everything that is going on in the Application Security team. Additionally, you will be provided with a dedicated document leading you through your 30- and 90-day milestones and a checklist of all the tools and access you require to get started.

To keep our team performing at its best, we have knowledge-sharing sessions, pairing sessions, and daily standups. All this helps us stay updated on each other’s work, share best practices, and sharpen our skills in the app security field. As a team, we also have a Friday tradition of “self-allocated time” when we learn something new. What we choose to learn can be anything from technologies, reading blog posts, news articles, or methodologies. Did you ever want to learn how to develop iOS applications or do a CTF? Then self-allocated time is meant for that.

Collaboration with other teams also has a huge impact on advancing your expertise in app security. It improves your soft skills and teaches effective communication about the risks and severities of security issues. It also gives you a direct connection to developers, which means that they will come to you with questions and concerns during the development process. In turn, it gives you a unique inside look into the technical foundation of the developed software. Just like that, I learned new technologies and programming languages on the fly since they were required to understand the source code and implementation details.

At the company level, we have knowledge-sharing events. One such example is Tech Days, allowing our people to stay in tune with the latest tech and cybersecurity news, trends, and advancements.

Nord Security also offers a personal development budget that can be used for training or certifications, helping us improve in our field. Moreover, teams often visit various conferences, such as Black Hat, to keep a finger on the pulse of the latest in the field of information security.

Last but not least, everybody can have their own personal development plan. It helps me stay aligned with the overall goals of the security team and how my part might fit in the bigger picture. Personally, I would like to dive even deeper into security architecture and cryptography, so I have aligned this goal on my personal development plan in cooperation with my manager.

#6 You don’t have to convince everyone of the importance of security

As an app security specialist, you understand that security should be a top priority in every company. And if you ask a company about it, of course, they will indicate security is their number one priority but is this actually true? From my experience, you always end up arguing with product managers, product owners, and engineering managers about security improvements. Yet, in a company that has security as its main selling point, it becomes easier to motivate security changes and push people in the right direction.

All these reasons are why application security professionals thrive at Nord Security. If you also want to advance your career in this field, join the Application Security team in Lithuania, Germany, or remotely by applying HERE.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

OpenTelemetry: A modern observability standard

In the first part of our blog series about observability, we covered the basic principles of observability and explained how it differs from the classical monitoring term. In this article, we’ll discuss OpenTelemetry and its instrumentation approaches.

Blog thumbnail 2022 11 24 2

 

OpenTelemetry

Please check out our first article on observability to gain a fuller context for the topic we’re about to discuss. OpenTelemetry is currently the most actively developed standard in the field of observability. It is being adopted as the Cloud Native Computing Foundation incubating project. Born primarily as a merging of former OpenTracing and OpenCensus standards, OpenTelemetry continues to gain popularity, with its supporters including representatives of Google, Microsoft, and Uber.

The goal of the OpenTelemetry project is to introduce a standardized open solution for any development team to enable a proper observability layer in its project. OpenTelemetry provides a standard protocol description for metrics, tracing, and logging collection. It also collects APIs under its nest instrumentation for different target languages and data infrastructure components.

Below is a visualization of the overall scope of OpenTelemetry (credits to CNCF):

The development of specifications and all related implementations is being run in an open way in Github, so anyone involved can propose changes.

Different instrumentation implementations for different languages are in development. The current state of readiness can always be found on a related page of official documentation (for example, PHP).

Logs

Logs are the oldest and best-known type of telemetry signals, and they have a significant legacy. Log collection and storage is a well-understood task, with many solutions being established and widely adopted to carry it out. For example, the infamous ELK (or EFK) stack, Splunk, and Grafana Labs recently introduced the Loki project, a lighter alternative to ElasticSearch.

The main problem is that logs are not integrated with other telemetry signals – no solutions offer an option to correlate a log record with a relative metric or trace. Having the opportunity to do this can form a very powerful introspection framework.

OpenTelemetry specifications try to solve this problem with a logging format standard proposal. It allows correlating logs via execution context metadata, timing, or a log emitter source.

However, right now the standard is at an experimental stage and under heavy development, so we won’t focus on it here. The current specifications can be found here.

Metrics

As discussed previously, metrics are numeric data aggregates representing the software system’s performance. Through aggregation, we can develop a combination of measurements into exact statistics during a time window.

The OpenTelemetry metrics system is flexible. It was designed to be like this to cover the existing metric systems without any loss of functionality. As a result, a move to OpenTelemetry is less painful than other alternatives.

The OpenTelemetry standard defines three metrics models:

  • Event model — metric creation by a developer on the application level.

  • Stream model — metric transportation.

  • Time Series model — metric storage.

The metrics standard defines three metric transformations that can happen in between the Event and Stream models:

  • Temporal reaggregation reduces the number of high frequency metrics being transmitted by changing the resolution of the data.

  • Spatial reaggregation reduces the number of high frequency metrics being transmitted by removing some unwanted attributes and data.

  • Delta-to-cumulative reduces the size of high frequency metrics being transmitted via a move from absolute numbers (cumulative) to changes between different values (delta).

We will talk about the Stream and Time Series models in the third part of our blog series, where we will discuss signal transportation and storage. For now, let’s focus on the Event model, which is related to instrumentation.

The process of creation for every metric in OpenTelemetry consists of three steps:

  • Creation of instruments that will generate measurements – particular data points that we evaluate.

  • Aggregation of measurements into a View – a representation of a metric to output from the instrumented software system.

  • Metric output – the transportation metrics to storage using a push or pull model.

The OpenTelemetry measurements model defines six types:

  1. Counter – non-negative, continually increasing monotonic measurement that receives increments. For example, it may be a good fit for counting the overall number of requests the system has processed.

  2. UpDownCounter – the same as the Counter, but non-monotonic, allowing negative values. It may be a good fit for reporting the amount of requests being currently processed by the system.

  3. Histogram – multiple statistically relevant values distributed among a list of predefined buckets. For example, we may be interested not in particular response time but in the percentile of response time distribution, it falls into (a Histogram would be useful here).

  4. Asynchronous Counter – the same as the Counter, but values are emitted via a registered callback function, not a synchronous function call.

  5. Asynchronous UpDownCounter – the same as the UpDownCounter, but values are emitted via a registered callback function, not a synchronous function call.

  6. Asynchronous Gauge – a specific type for values that should be reported as is, not summed. For example, it may be a good fit for reporting the usage of multiple CPU cores – in this case, you will likely want to have the maximum (or average) CPU usage, not summed usage.

Through Aggregations in OpenTelemetry, measurements are being aggregated into end metric values that afterward will be transported to storage. OpenTelemetry defines the following measurements as Aggregations:

  • Drop – full ignore of all measurements.

  • Sum – a sum of measurements.

  • Last Value – only the last measurement value.

  • Explicit Bucket Histogram – a collection of measurements into buckets with explicitly predefined bounds.

  • Exponential Histogram (optional) – the same as the Explicit Bucket Histogram but with an exponential formula defining bucket bounds.

A developer can define their own aggregations, but in most cases, the default ones predefined for each type of measurement will suit the developer’s needs.

After all aggregations have been done, additional filtering or customization can be carried out on the View level. To summarize, an example of a simple metric creation is the following (in GoLang):

import “go.opentelemetry.io/otel/metric/instrument”

 

counter := Meter.SyncInt64().Counter(

 

“test.counter”,

 

instrument.WithUnit(“1”),

 

instrument.WithDescription(“Test Counter”),

 

)

 

// Synchronously increment the counter.

 

counter.Add(ctx, 1, attribute.String(“attribute_name”, “attribute_value”))

Here we create a simple metric consisting of one counter-measurement. As you can see, many details we discussed are hidden but can be exposed if the developer needs them.

In the next part of our blog series, we will talk about metrics transportation, storage, and visualization.

Traces and spans

As we discussed previously, traces represent an execution path inside a software system. The execution path itself is a series of operations. A unit of operation is represented in the form of a span. A span has a start time, duration, an operation name, and additional context attached to it. Spans are interconnected via context propagation and can be nested (one operation can consist of multiple smaller operations inside itself). The resulting hierarchical tree structure of spans represents the trace – an entire execution path inside a software system.

The internal span structure can be visualized like this:

Here is an example of the simplest span creation (in GoLang):

import “go.opentelemetry.io/otel/trace”
 
var tracer = otel.Tracer(“test_app”)
 
// Create a span

 

ctx, span := tracer.Start(ctx, “test-operation-name”,

 

trace.WithSpanKind(trace.SpanKindServer))
 
testOperation()

 

// Add attributes

 

if span.IsRecording() {

 

span.SetAttributes(

 

attribute.Int64(“test.key1”, 1),

 

attribute.String(“test.key2”,“2”),

 

)

 

}
 
// End the span

 

span.End()

Now we have our first trace.

A trace can be distributed through different software microservices. In this case, so as not to lose the interconnection, OpenTelemetry SDK can automatically propagate context through the network according to the protocol being used. One example is the W3C Trace Context HTTP headers definition. However, not all language SDKs support automatic context propagation, so you may have to instrument it manually depending on the language you use.

Detailed documentation about traces with format explanations can be found here.

Signal interconnections

The ability to interconnect different types of signals makes an observability framework powerful. For example, it allows you to identify a service response that took too long via metrics and, in one click, jump to the correlating trace of this response execution to identify what part of the system caused the slow processing.

Signals in OpenTelemetry can be interconnected in a couple of ways. One is the use of Exemplars – specific values supplied with trace, logs, and metrics. These consist of a particular record ID, time of observation, and optional filtered attributes specifically dedicated to allowing a direct connection between traces and metrics. Detailed documentation about Exemplars can be found here.

Another approach to signal interconnection is the association of the same metadata with the use of Baggage and Context. Baggage is a specific value supplied with traces, logs, and metrics that allows you to annotate it and consists of user-defined pairs of keys and values. By annotating corresponding metrics and traces with the same values in Baggage, the user can correlate them. Detailed documentation about Baggage can be found here.

Conclusion

We covered the pillars of OpenTelemetry and some details of application instrumentation. But we don’t just need to instrument our applications – we should also introduce tooling for the aggregation, storage, and visualization of the signals we supply. In the third part of this series, we will discuss tooling and the OpenTelemetry collector component in detail.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Can your home device be a threat to you?

Have you ever thought that your vacuum cleaner may not only sweep your floor but also listen to your conversations? Or that your home security cameras might be used by someone else to stalk you? Smart gadgets are making our lives easier, but they can also pose a serious risk to our property, privacy, and even life if they fall into the hands of hackers. If you don’t want to become their next cybercrime victim, let’s take a look at some of the potentially risky connected devices surrounding you and ways to protect your security.
 

Blog image 2022 11 09 1

 

Innocent-looking smart toys

AI-powered and internet-connected toys provide much more than just entertainment for children. They boost creativity and develop social, motor, problem-solving, and other skills that can significantly impact their future performance. However, buying smart toys can be a not-so-smart idea – along with bringing kids joy, they can also attract hackers and identity thieves.

Security flaws are common, even in toys from parents’ most-trusted toy brands. Mattel’s Wi-Fi-connected Barbie doll, My Friend Cayla, Fisher-Price’s Chatter Bluetooth telephone, VTech InnoTab Max, Furby Connect doll, and many other toys have been labeled by cybersecurity experts as spying devices. Because of their security gaps, hackers can turn their cameras and microphones on and use them to see and hear everything the toy sees and hears. Moreover, fraudsters can interact with your children, give them orders, extract secrets or collect data, and track their location. In addition, the data collected can be used for blackmail and ransom demands or sold on the dark web or to advertisers.

Spying webcams

The desire to protect your home space from burglars can backfire – you can find yourself being spied on by others. That’s exactly what happened to Amazon’s Ring and Google’s Nest security cameras when malicious actors hacked them to surveil, threaten, and insult people who own them.

In one case, a home’s Ring camera loudspeaker started playing a song that a girl heard, so she went to investigate. When she came into the room where the camera was located, a deep masculine voice spoke to her through the camera speaker, saying that he was Santa Claus and calling her racist slurs.

In another Ring hack case, the virtual intruder harassed a woman, calling her vulgar names and asking her to respond.

Similar situations have also occurred with Nest camera holders. A few families reported that hackers talked to them through these cameras and messed with house thermostats by cranking up the heat.

These are just a few examples of how you can unexpectedly become a victim of cybercrime, which in addition to home security cameras, can happen with baby monitors or even pet cams.

Risky home cleanliness

The truth is that robot vacuum cleaners make life much easier. You can mind your own business while a robot vacuum sweeps your house. Although it may seem that cleaning dust from the floor is its sole task, in the hands of fraudsters, it can have a wholly different purpose as a spying device that may make you a victim of cybercrime.

Researchers revealed that hackers who gained access to a robot vacuum cleaner could get a house map or its GPS as well as record people’s conversations by repurposing its LiDAR sensors to act as microphones. In addition, some robot vacuums can enable hackers to take control of the vacuum or even watch the live video feed produced by the device. All this collected data can be sold to advertisers or used by criminals to plan a robbery or other crimes.

Deadly medical devices

It is no longer surprising that we can become victims of cybercrime when our bank card details are stolen or our mobile devices or online accounts are hacked. All this is nothing compared to what can happen when malicious actors hack into medical devices such as pacemakers, implanted defibrillators, drug-infusion pumps, and other health tech gadgets, which can have fatal consequences.

In 2017, the FDA recalled 465,000 pacemakers after the security firm, MedSec, found security flaws that could allow hackers to reprogram the devices and put patients’ lives at risk. For the same reason, doctors replaced former U.S. Vice President Dick Cheney’s heart defibrillator so it couldn’t be hacked by terrorists who might try to kill him. Infusion pumps automating the delivery of medications and nutrients into patients’ bodies can also become deadly weapons if hackers increase the doses. Moreover, such hijacked healthcare devices can be used to steal personal or medical records or even urge victims to go to the hospital by sending them false messages about their medical condition, so they leave their houses unattended.

How to protect

While some of the above-mentioned connected devices have no recorded cases of anyone maliciously hacking them, various investigations by cybersecurity experts have shown that the potential for problems exists. Therefore, security measures must be put in place to avoid any possible threats.

  • Don’t recycle passwords. Create complex and unique ones for all your connected devices and accounts.

  • Where it’s possible, set up multi-factor authentication (MFA).

  • Use secure Wi-Fi and make sure its password is hard to guess.

  • If you have a problem remembering different passwords for your accounts, use a password manager.

  • Always keep the software of your devices up to date. Updates patch potential security flaws.

  • When the device is not being used, for example, a vacuum robot or kid’s toy, unplug it or turn it off, so it stops collecting data.

  • If it’s possible to use the device without the internet, disconnect it.

  • Make sure that the smartphone you have connected to your devices is malware free.

  • Stay vigilant, and don’t provide your or your kid’s personally identifiable information if it’s not necessary. For example, children’s toys can be updated without knowing your kid’s age. However, be sure to provide the correct contact details so that developers can notify you of possible updates or security flaws.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

4 takeaways on bootstrapping your business from Web Summit 2022

Most startups aim to score a big round of venture capital funding and then focus on growing the company. In today’s economic climate, startups are keenly aware of how much money they have and, most importantly, how much they lack. But for some, the option of having outside financing is not the best option or may not be an option at all. In such cases, bootstrapping, or self-financing through personal funds or initial sales, comes into action.

Tom Okman, Co-founder of Nord Security

Since the establishment of Nord Security and until this year, we have operated without external funding – and we have learned many lessons. Last week, I had the great honor of presenting our main takeaways from this bootstrapping journey on the stage of Web Summit. Here are the four main insights that I shared for founders focused on bootstrapping their business:

#1 Perfect your company’s mission
Your company’s mission is not just a catchy slogan you place on your “About” page and then forget about it. Your mission is the underlying DNA of every meeting and every creative solution, and it works in the background every time your people decline offers from other companies.

When you raise funding, it’s easy to lose sight of why you started your company in the first place. But when you are bootstrapping, your mission and your customers guide your business path. So bootstrapping founders, instead of focusing on raising the next round of funding, look for innovative ways to turn their mission into a reality. They are also more receptive to what customers are saying to them. That feedback naturally helps polish and evolve your mission over time, which in turn helps improve your corporate and product strategies. And it comes with a bonus – the company develops a solid internal culture.

#2 Build local, ship global
Some entrepreneurs are wary of using local talent pools, especially if the business is starting outside established startup hubs like Silicon Valley or Israel. However, that was not the case in our story. In fact, we were fortunate to start our company in Lithuania. While funding was scarce when we started, the local ecosystem, partners, and infrastructure helped us immensely in getting our business off the ground. People in Lithuania are talented and keen to prove themselves to their international peers. So one of our best decisions early in the business was to tap into that talent pool and support from local associations and policymakers.

Today, more than ever, talent and support for entrepreneurs are spread throughout Europe, both in traditional tech hubs and rising startup center’s. As a result, the startup world is getting flatter, so now is the best time to take advantage of building locally while shipping globally.

#3 Focus on the customer
Customers are royalty, especially when entrepreneurs operate without external funding. In such cases, customers become leading investors and the most sustainable source of financing, and startups must focus on them above all else. So to be successful, entrepreneurs have to build a product that their customers will love and want to pay for, meaning that creating a market fit for products becomes central to a startup’s survival. Unfortunately, you don’t have a large treasure chest on your side when you are bootstrapped, so the key is to be efficient in adapting to your customer’s feedback.

#4 Take risks and be nimble
The bootstrapping route empowers entrepreneurs to take charge of the big decisions when it comes to vision, hiring, operations, or finances. That gives self-funded startups an edge because they can be much more flexible, agile, and tenacious than other companies. But at the same time, not taking outside financing pushes entrepreneurs to be hungrier in finding ways to improve their business. Because knowing that customers are critical, you can’t simply spend your way out of problems. In Nord Security’s case, it usually meant taking risks and being the pioneer in educating the market and customers about a new use case, product feature, or upcoming challenges.

While such a situation might sound precarious, in a way, it also means returning to what makes startup culture great – the ability and willingness to be inventive and take risks. But it is essential to be decisive when things need to be fixed and be bold in pivoting because inertia can sometimes be more dangerous than recklessness. This combination can prove extremely potent if entrepreneurs allow themselves to be guided by their leading investors – the customers – and their mission-driven culture. But only if founders are willing to lean into it fully.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

5 TECHY TV SHOWS TO BINGE-WATCH THIS HALLOWEEN: RECOMMENDED BY OUR TEAM

 
If you’re not about haunting the city on All Hallows’ Eve, maybe you plan to kick back and spend your evening watching some thrilling TV. In that case – you’re in luck. Our team has got you covered – we’ve just prepared a list of spooky techy TV series to binge-watch this Halloween. So without further ado, let’s get into it.
 

Blog image 2022 10 28

 

Black Mirror (2011)

Blog image Black Mirror

 

The truth is that using technology in this world can sometimes lead to devastating consequences. So, if you want to see what the dark tech future might look like, then one of the Netflix masterpieces, “Black Mirror,” is the TV show you should stick around this Halloween.

This science fiction TV show explores a dystopian near-future of modern technology, where humanity’s greatest innovations backfire on their creators and society as a whole. It touches nearly every aspect of tech and the dangers it can pose – from ransomware and cyberbullying to people and data surveillance, uncontrollable AI, and more. And the best thing about this TV series is that the order of the episodes doesn’t matter. Each of them tells a different story and covers different technologies and characters. So if you’re up for science fiction drama that will thrill you to the bones, go for it.

3 interesting facts about “Black Mirror”:

  1. TV show creator Charlie Brooker is not a horror writer. He’s a comedian.

  2. Some of the tech featured on the TV show exists in real life.

  3. The series premiere, “The National Anthem,” predicted a future story in British politics.

“I really liked this TV show, and it caught my attention from the very first episode. It shows the terrible things technologies and innovations can do to our privacy, actions, and even our existence. And the best part is that every episode is like a mini-movie. There is no storyline that you have to follow and remember. So if you like tech and are curious about the dark side of it, I definitely recommend watching this series during Halloween,” Rugilė Karengaitė, Junior .NET developer at NordVPN.

Watch it here

Westworld (2016)

Have you ever dreamt of being in a game and experiencing it firsthand? Well, that’s what our second recommendation for Halloween is about. HBO’s “Westworld” is a neo-Western TV show about a tech corporation Delos which runs a digital theme park, “Westworld.” There, wealthy fun-seekers live out their wildest fantasies among human-like robots. And these dreams are definitely brutal and unforgiving at times until some of the robots take over the wheel, and things start to turn against the people themselves. So if you want to watch a series about artificial intelligence and man versus machine interactions full of gore this Halloween, this is the perfect pick for you.

3 interesting facts about “Westworld”:

  1. The cost of admission for Delos park is $40,000/day, and that’s for the minimal package.

  2. The “Vitruvian man” scene featured in the show’s intro was inspired by a car factory.

  3. Video games like “Red Dead Redemption” and “Bioshock: Infinite” heavily inspired the world of “Westworld.”

“Westworld” shows the darker side of humanity and the horrifying possibility of trusting advanced and powerful AI, goals of which might not align with our own,” Aivaras Saulius, a Low-Level developer at NordVPN.

Watch it here

Mr. Robot (2015)

We can’t hide that this techy TV show is closest to our hearts – it’s about Elliot Alderson, a cybersecurity engineer in the cybersecurity firm “Allsafe.” During the day, he’s all about doing his regular job, but at night – he’s a vigilante hacker trying to take down one of the largest companies in the world. The series explores his life and actions triggered by drug addiction and dissociative identity disorder. It’s a dark, suspenseful, and spine-tingling TV show, full of mind-melting twists and turns that will definitely stick you to the screen this Halloween.

3 interesting facts about “Mr. Robot”:

  1. The hacks are real! They were carried out with the help of cybersecurity experts.

  2. In the scenes where the main character Elliot was shown sniffing drugs, he was actually sniffing vitamin B.

  3. The main character’s fish is called QWERTY, which happens to be one of the most commonly used passwords.

“The “hacker drama” is one of the reasons why I liked the “Mr. Robot” series. Another reason is that it perfectly portrayed hacking scenes that I, as a person working in cybersecurity, can tell were well made. In general, computer hacking is terrifying, especially if you come from a tech background and are well aware of the consequences. And what could be scarier for a tech person than that? Nothing! So this is why MR. Robot series is the perfect choice for the Halloween period,” Franco Ghazaleh, Senior Backend Engineer at NordLayer.

Watch it here

YOU (2018)

Don’t get fooled that this TV series is for girls only. Although it has a love story, it’s about a New York-based book manager who turns out to be an innocent-looking serial killer persecuting the people he loves or wants to get out of his way. And he does all this by stalking them live or using technology. This series perfectly illustrates the importance of not oversharing on social media, as wrongdoers can take advantage of it. So if you want to know where it can lead, watch “You.” As this TV show has many spine-chilling twists and crimes committed, it will certainly set the right mood for Halloween.

3 interesting facts about “YOU”:

  1. The word “you” was repeated over 3,800 times in the first and second seasons alone.

  2. A “blood machine” was used for the gory scenes. The blood was made out of sugar and red dye.

  3. Viewers are meant to reflect on their social media usage and the data they share after watching this series.

“I liked “You” because this TV show is totally different from the series I have seen before. In this series, a truly charming personality combines both psychopathy and loveliness. Also, at some point, “You” perfectly reflects all of us – we are stalking people on social media, of course, not as drastically as in this TV show, but we watch them every day. Isn’t that right? This TV show is perfect for Halloween if you are tired or bored of ghosts, witches, and pumpkins. And it has a lot of bloody elements, which is why I kept hiding under the blanket while watching it. So, as tech and blood are closely related in this TV show, that is a perfect choice for your spooky steaming on Halloween,” Gabrielė Ambrazevičiūtė, Senior QA Engineer at NordVPN.

Watch it here

Philip K. Dick’s Electric Dreams (2017)

“Philip K. Dick’s Electric Dreams” is a tribute to the past’s classic space operas and forward-looking tales from a disturbing and surveillance-obsessed near future. And it’s terrifying to think this could be our future if technology gets out of humankind’s control. So if you’re up for experiencing that, dip your toe into this provocative sci-fi TV show with the episode “Real Life.” We’re sure you’ll be hooked on it.

3 interesting facts about “Electric Dreams”:

  1. Most of the things shown in the series came from Philip K. Dick’s short stories written between 1953-1955.

  2. The series features a large cast of well-known actors, such as Steve Buscemi, Richard Madden, Bryan Cranston, Liam Cunningham, Bryan Cranston, and more.

  3. The same writer created other well-known stories that were turned into such movies as “Blade Runner,” “The man in the castle,” “Total Recall,” etc.

“It’s an excellent TV show for all Sci-Fi lovers where technology is used as a source of paranoia, triggering society’s hectic state of mind. The episodes are short and unrelated to each other, so you can watch them randomly. If you liked the “Black Mirror” series, this TV show is one of the best alternatives you can watch next, especially on All Hallows eve. “Electric Dreams” makes you think it could be our future, and that future can be horrifying,” Daniil Zaitsev, Lead Architect at NordVPN.

Watch it here

Well, there you have it, hope you’ll find one of these recommendations as a perfect TV show to spook you out this Halloween. Enjoy!

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Why we chose Astro for our marketing websites

When you build a website, it’s essential that you’re using the right tools. With countless UI libraries, bundlers, and frameworks available, engineers have never had so many tools at their disposal. But which ones are right for large, traffic-heavy marketing websites? We chose Astro. Here’s why. 
 

Blog image 2022 10 20

 

Problems with our existing stack

My team at Nord Security is responsible for building and maintaining websites for the fastest VPN in the world, NordVPN. We have multiple marketing sites built by different people at different times. Some were made with Gatsby, and others with WordPress and a home-grown React-based SSG (static-site generator).

Those websites served us well. However, rapid scaling has caused issues with website performance, which has a direct impact on sales and marketing. It’s a proven fact that a reduction in website performance (for example, slower load times) decreases sales. This has been demonstrated in studies from WPO Stats.

As the business scaled, my team had the challenging task of researching and proposing a tech stack to rebuild our websites and achieve optimal marketing potential.

A challenge

There was a lot of work to be done. We had more than 20 locales, 10 currencies, and thousands of pages. Personalization had to be considered, and A/B testing implemented. Supporting an ever-expanding list of requirements while still achieving optimal performance felt like an impossible goal.

We tried different frameworks — Next.js, Preact, SvelteKit, and Elder.js — and even tried building server-side rendering and island architecture with Svelte. We had to find the best systems to satisfy the needs of content editors, data analysts, and engineers.

Of course, it’s not every day that a team gets a chance to rebuild their websites from scratch. We knew we could create something great, so we wanted to make the most of this opportunity.

Enter: Astro

As our research continued, it became clear that Astro, an all-in-one web framework, ticked all our boxes. We had initially ruled out Astro because it didn’t offer server-side rendering, but when this feature was added in 2022, we knew that we’d found our framework.

Astro is not a mainstream framework, of course, and when we were considering it, the framework was still in beta. Going down this route was a risk, but it was one we were willing to take. Why? Because not only did it fulfill almost all of our requirements, but it already had a vibrant and active community and a responsive developer team. New features are planned, implemented, and delivered several times a week.

Along with server-side rendering, Astro’s developers had added Node.js support and edge deployment. These factors facilitate streamlined continuous deployment and enhance the power of a globally deployed content delivery network, allowing for unmatched performance. Edge deployment with Cloudflare, Vercel, and Netlify involves only a few simple steps, but the impact is huge.

With just a few lines of code, we now had server-side rendering enabled on our desired deployment server:

1

export default defineConfig({

2

output: ‘server’,

3

adapter: node(), // cloudflare(), vercel() …

4

});
 

Benefits of Astro

During the research phase, we noted that Svelte syntax, being a superset of HTML, was much easier to work with than React syntax. The same went for Astro. We have hundreds of different components to implement, most of which require little to no JavaScript, so being able to convert them to the HTML-style syntax of Astro made those components more readable.

The complex components that required client-side JavaScript and reactivity were another story. Our main requirement of reaching optimal website performance pushed us to try something new: SolidJS.

SolidJS is performant-reactive and simple for building user interfaces. It uses JSX syntax, works well for server-side rendering, and offers outstanding performance. It does all this with a fraction of the size of other libraries that usually come shipped with a browser.

Furthermore, both Astro and SolidJS share the concept of so-called vanishing components. Components exist to organize your code and not much else. What is shipped to the client is pure HTML and CSS.

Client-side JavaScript is an opt-in feature in Astro. Unless you specifically use one of the client directives, the component is shipped with 0kb of JavaScript. Of course, you also have the option to bundle global or local scripts straight from the component code.

SolidJS and other framework components are inserted into Astro files using the “islands architecture” pattern. The pattern was proposed by Katie Sylor-Miller in 2019 and is expanded in this post by Preact creator Jason Miller.

Here are the possible client directives for making “islands” interactive:

  • client:load — Loads JavaScript and hydrates the component on page load.

  • client:idle — Loads JavaScript and hydrates the component after page load once the main thread is idle.

  • client:visible — Embraces the power of Intersection Observer API and loads JavaScript only if the component becomes visible.

  • client:media — Useful in cases where certain components should be visible and interactive only on certain screen sizes.

  • client:only — Skips server-side rendering and runs the code on the client. Be careful with this one because it can push down your SEO scores.

Some parts of the page can be fully static, without any JavaScript needed, while other parts, or islands, may require JavaScript. The process of resolving the component state is called hydration.

Though the JavaScript community is still split over whether hydration is the right approach compared to resumability, it solves our current problems nicely. More information about the hydration topic can be found in this great article.

With Astro, islands come with another benefit: various component framework support. It offers flexibility when choosing a UI framework and has integrations to work with React, Svelte, SolidJS, and Vue. Of course, you won’t typically mix those, but it gives you flexibility and room to maneuver.

The results

To see how well it worked, check out the Lighthouse scores for one of our new websites:

Blog image today 1

The other projects integrated well with our Cloudflare Pages, and more will be built soon!

The pace of releases, weekly community calls, RFCs, the involvement of the core team, and its vibrant community all serve to confirm that we made the right choice with Astro.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Launching the first-ever NordVPN 360° marketing campaign in Germany

In this interview, we speak to Joanna Rusin-Rohrig, Germany country manager, and Ieva Račienė, brand manager – the two NordVPN insiders who made this campaign happen. Read their interviews and find out the full behind-the-scenes story of this 360° NordVPN branding campaign in Germany: from idea creation, planning, and development to the final results and lessons learned.

Blog image Joanna 2

 

Blog image Ieva 2

 

From campaign idea to execution

Could you briefly introduce the campaign you just launched?

Ieva: Yes, we call it the “Safely be you” campaign. It was a huge milestone for our organization because it was the first 360° branding campaign ever done at NordVPN when all channels were aligned and focused on one message:

Switch on privacy. Switch off trackers and viruses. Go Nord. Safely be you.

(Privatsphäre ein, Trackern und Viren aus. NordVPN. Ganz sicher du selbst.)

With this key message, we wanted to stress the importance of privacy and make a connection with the usage of our product. Unlike the general approach that focuses on risks and dangers by showing hoodie-wearing hackers in dark rooms trying to steal personal data, we concentrated on more modern and positive messaging emphasizing the emotional benefit of safety. NordVPN protects you and your daily actions online: private messages, social interactions, and transactions. Nothing can be more important than that.

This “Safely be you” campaign aimed to show that everyone’s digital life has the same or even more threats than their “real” lives.

Is it any different from the usual NordVPN campaigns? If yes, how?

Joanna: In fact, it was very different from the usual marketing activities, which are strictly driven by performance indicators. This was the first time NordVPN launched an awareness campaign and the first time we implemented one in Germany.

What did the development of the whole branding campaign look like? Could you give us a sense of the development and implementation stages?

Ieva: It took us eight months to get from idea approval to campaign launch. To tailor the campaign to the German market, we first started looking for external partners.

From day one, our media team, in cooperation with our long-term partner, The Specialist Works, started analyzing media opportunities and best practices in the country and working on an appropriate media plan to promote our creative approach. Meanwhile, our other partner – the team at Influence.vision – helped us find the best influencers. For designing our video ad, we chose a local creative agency, Jung Von Matt. Together, we developed a creative concept called “Safely be you.”

To sum up, not everything was done by our external partners – a large part of the visual design and creative copywriting was done in-house.

Joanna: To give you a feeling of how big the project was: we developed nine separate media plans, from out-of-home advertising to mobile influencer activation. It was a huge team effort to create and execute them on time. More than 100 people worked together internally and in external teams on the execution of the whole campaign.

And speaking of branding campaign promotion tools, what kind of marketing channels were used to launch this campaign? How did you select them?

Ieva: As it was a 360° campaign, it covered all possible marketing channels: TVC, radio, OOH, PR coverage, dedicated celebrity campaign, influencer integrations, social media, PPC, various mobile app ads with full digital scope, and more. We also leveraged high-reach and visibility placements, and our SEO team covered various content clusters.

Joanna: Our main KPI for the campaign is the improvement of the upper funnel metrics – awareness and consideration levels in the market. Therefore, we chose channels and platforms that index highly on reach and reliability in our target group for us to achieve maximum penetration in the market with the given budget.

How are you measuring the success of each marketing channel that was used?

Joanna: Apart from the overall awareness level increase, we defined separate KPIs, like a specific CPA for TV or a level of positive sentiment for influencer integrations. These are our pillars of measurement that allow us to establish whether or not we can regard a certain action as a success or failure.

Blog image Joanna 3

 

Cybersecurity awareness in Germany

Your main goal is to raise awareness about personal cybersecurity among the German population. How aware are they of the threats they face online, and are they ready to embrace new technology for their cyber protection?

Joanna: According to our research data, Germans spend almost 25 years of their lives online. However, only 21% of them can say they are well aware of the different ways to secure their devices. Even though secure Wi-Fi is relevant to 69% of Germans, only 23% use a VPN to keep their connection safe at all times. This means that although people would like to browse the internet securely and privately, the burden of achieving this goal seems too big. With the campaign, we want to inform our relevant audiences how easy it is to be safe online.

Blog image for the diagram 1

Source: nordvpn.com

With the company in full swing now, how would you rate the first results in trying to achieve your main goal and increase NordVPN product usage in Germany?

Joanna: We definitely see a big interest in the topic, and search queries both for the VPN category and NordVPN are increasing significantly. With it, we see increased traffic numbers for our German website and prolonged time spent on the pages. We are waiting for comprehensive post-campaign research results to analyze more in-depth what influence the campaign had on all customer journey stages.

For you as a country manager, what was the most challenging part of running this campaign, and why?

Joanna: My role in this big project was to consult all teams to help them to achieve the best-localized approach. Another important part was to create a link between our headquarters and agencies operating for us in Germany.

Most people working on this campaign do not speak German, so my local team supported them on all language, copy, and influencer content-related tasks. With literally thousands of various marketing campaign design pieces and copy, keeping tabs on everything was challenging, but we managed to spot all mistakes on time.

Tips for a successful branding campaign

What is the most important thing to consider when launching such branding campaigns? Do you have any advice?

Ieva:

  1. Form a team you can trust. This is the most crucial part of all projects. Whether it is your colleagues or external partners, I strongly suggest gathering a team you can trust 100%. And if the team consists of professional and dedicated people ready to go the extra mile, they’re destined to succeed.

  2. Know your users or the people you are talking to. Understanding their needs and how we can help to solve their problems is the key success factor to being relevant.

  3. Have the courage to do things that were never done before. In our case, having the first branding campaign focused on an emotional message might have been seen as a challenge at first, but we took the risk because the challenge might pay off massively.

Joanna:

  1. Have your KPIs and measurement methods established before you start planning, and make sure that all the team members are on the same page.

  2. Think of having regular check-ins with all the team members involved so no information gets lost on the way.

  3. When you are done with all the project planning, go ahead and add an extra month to it. 🙂 Life happens, and this buffer will allow you to find solutions for challenges that arise on the go.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

NORDTECH – OUR FIRST TECH MEETUP IN BERLIN

Last week, we launched our first-ever tech meetup in Berlin – NordTech, where we invited locals to meet our experts live and get some insights into PHP, cybersecurity, and software development practices at Nord Security. As we value innovation and shaping future tech, we’re always keen on sharing our ideas and findings with others. Learn more about what our experts and the Berlin tech community discussed during the event:

 
Blog image 2022 10 06

 

Tests are not useless!

With Pavlo Mikhailidi

Fuelled by a recent encounter with an anti-tester, our Senior PHP Developer, Pavlo, set out to prove that testing is a necessary practice for all developers—not just QA. He explained that good testing saves time and headaches and can even double as documentation. Increasingly complex codebase requires proper care, and modifying one part can break several others. In these cases, testing is your go-to remedy.

He went on to cover the attributes of good testing, shared below, and to debate the trade-offs between bad testing and no testing. Finally, Pavlo passed along some recommended resources for upping your testing game: Unit Testing Principles, Practices, and Patterns, Test-driven Development by Example, and The Art of Unit Testing.

Here are the attributes of a good test that he shared:

  • It protects against regression

  • It’s resistant to refactoring

  • You get fast feedback

  • The test is maintainable

Watch the full recording of Pavlo’s presentation here.

Scrum sucks

With Oleksii Ustenko

Our Senior Android Developer, Oleksii, explored how Scrum is often misunderstood and misused. All-in-all, he actually likes Scrum but understands why people might grumble about the rigidness of the structure. What’s important to remember is that Scrum should be people-centric at its core: humans working together to create value for other humans. And each ceremony exists to drive that goal forward. Like many things in life, Scrum works best when motivated individuals have the trust, support, and understanding they need to get the job done. And Scrum, understandably, goes wrong when management or bureaucratic processes steal ownership away from teams.

He concludes that Scrum is not the silver bullet some of us want it to be. If something isn’t working, each person involved is responsible for speaking up and proactively suggesting improvements—respectfully. Scrum worked well for the use it was invented for, but every team is different. Take the time to understand the context behind why certain ceremonies exist, learn from past mistakes, and find the process that fits your team best.

Watch the full recording of Oleksii’s presentation here.

Securing your API using Cryptography

With Dovydas Bespalovas

In this security deep-dive, Dovydas, our Guild Tech Lead, laid out the basics with different types of cryptography algorithms and functions: Hashing, Encryption, Digital signatures, Key derivation function, and Key exchange. He then explained the evolution of Secure Sockets Layer (SSL) to Transport Layer Security (TLS) and how it’s used and certified. Going one step further, Dovydas got into the differences between ‘Authorization’ and ‘Authentication’ and shared a step-by-step example of how both information security processes can be put into practice. After that, he concluded that such necessary security measures come with extra work and extra complexity.

Watch the full recording of Dovydas’ presentation here.

PHP meetup

 

Future tech events in Berlin

If you’re interested in learning more, join our future NordTech events live in Berlin or watch them online. Follow us on meetup.com to stay up to date with upcoming knowledge sharing, networking, and other future events at Nord Security.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.