FireSale HackBoy

Knowledge Shared By FireSale HackBoy...

Hacking

The Art Of Exploitation...

Ethical Hacking

Security Experts...Same Techniques To Make Hacker's Stuff Useless.

Black Hat Hacking

Dark Side Of Hacking... In Short Destruction Of Cyber Stuff.

Digital Stuff

All The Digital Stuff Is Under The Influence Of Cyber Attacks... Be Safe

Wednesday, March 31, 2021

Google offers Cybersecurity training for 2022 Midterm elections

Google has released an official announcement early this week stating to offer Cybersecurity training to state lawmakers, and their staff in entire North America from mid this month.

The training will help in better preparing the staff in mitigating the cyber threats that might target the 2022 midterm elections.

Dubbed as Cybersecurity for State leaders, the initiative will help the staff and the law-makers inculcate themselves about the threats lurking in the cyber landscape, especially those from adversaries. It will also recommend measures to protect individuals against cyber threats.

National Cybersecurity Center will assist the internet juggernaut in fulfilling the objective of Google and is expected to education individuals from both public and private sector.

Participation from tech companies like Microsoft, Amazon, IBM and Apple is also expected in the program along with those leading the government.

“Election trust can only be achieved in America when the entire critical infrastructure remains well protected from all variants of sophisticated cyber attacks. And the Alphabet Inc’s subsidiary is said to help achieve the aim”, says LaRose from Republican Party.

Note 1- Security researchers say that the move is said to bolster the digital defense infrastructure of the entire nation as the said web search giant has access to humongous amounts of data created by humans across the world. And the latest initiative shows how committed is the tech giant in safeguarding the data of online users and help safeguard the election trust among public.

Note 2-The 2022 United States mid-term elections are scheduled to be held on November 8th, 2022 and will be the first election event after the redistricting took place as per the 2020 US Census.

The post Google offers Cybersecurity training for 2022 Midterm elections appeared first on Cybersecurity Insiders.


April 01, 2021 at 10:10AM

Cyber attacks on Microsoft Exchange Email Servers could surge up cyber insurance claims  

From February this year, there have been multiple instances where hackers have taken control of corporate networks by exploiting vulnerabilities in MS Email Exchange Servers.

CyberCube, a cyber analytics firm, claims that the rise in cyber-attacks on Microsoft servers could also increase cyber insurance claims filed by many companies.  

The analytics stated that SMBs operating in North America are super-vulnerable to MS Exchange attacks than other parts of the world with the vulnerability that can pave way for an increase in insurance and reinsurance claims.  

It is believed that over ten different advanced persistent threat actors are actively busy exploiting the code that might witness an increase in victims list in coming days. 

Meanwhile, the IT staffs of Brown University in Rhode Island have confirmed that a critical cyber incident has made them shut down their data center for this entire week. Although the educational institute mentioned no further details, highly placed sources say that the Providence based university might have become a victim to a ransomware attack where hackers exploited a vulnerability of MS Exchange server to infiltrate the network. 

Bill Thirsk, the CIO of Brown University, confirmed the cyber-attack and added to the statement that the IT staff is working round the clock to bring back the digital systems online. 

Sources report that cloud-based tools like Canvas, Zoom and Workday are working fine and the only impact was felt by the VPN, RemoteApps and Banner that were hosted on the Brown.edu domain.

The post Cyber attacks on Microsoft Exchange Email Servers could surge up cyber insurance claims   appeared first on Cybersecurity Insiders.


April 01, 2021 at 10:07AM

5 Ways Blockchain Is Transforming Cybersecurity in 2021

Many people primarily know the blockchain as the decentralized digital ledger system used to record cryptocurrency transactions. That’s one definition of it. But the blockchain also shows promise for improving cybersecurity. Here are five compelling examples.

1. Stopping Ransomware Attacks

Ransomware attacks are devastating incidents that lock victims out of crucial files and networks. Some of these events force affected businesses to resort to pen-and-paper methods when operating.

Oklahoma-based company HeraSoft created a blockchain-based solution to combat ransomware attacks and other cybersecurity incidents. It recently raised $5 million in a Series A funding round. HeraSoft has two government clients. However, the company’s leaders have their sights set on expanding into other sectors.

In a recent interview, CEO Anthem Blanchard further discussed the blockchain aspect of his company’s solution, saying, “We are using distributed technology to eliminate single points of failure in enterprise cloud systems and guard against damaging cyberattacks.”

He also mentioned that this technology is especially relevant now, with so many people working at home due to COVID-19.

2. Enhancing Data Sharing

Today’s world involves the frequent transmission of data between private, public, and individual parties. Such data-sharing practices can facilitate business and productivity, but it also poses cybersecurity risks.

For example, a person may mistakenly send a confidential file to the wrong person. In other cases, a company may want to share data with several external parties but restrict what some of them see. If that’s not possible, individuals could have too much access to company data.

A company called Xage Security offers blockchain-centered industrial solutions that make data sharing a safer activity. The products provide extra safeguards by giving data holders more control over how they permit others to see and use the information.

3. Reducing the Need for Passwords

The blockchain represents an increasingly popular area of investment due to its ongoing growth. For example, four exchange-traded funds represent $1.3 billion in managed assets and more than 160 stocks. Even if investors aren’t blockchain experts, many can still appreciate its potential — particularly concerning cybersecurity.

Almost everyone has gone through the frustrating process of trying to recall — then having to reset — forgotten passwords. People commonly choose passwords that are easy to remember to avoid that situation. The trouble is, they’re often simple for other people to guess, too.

The blockchain offers fascinating alternatives to conventional passwords. One option is self-sovereign ID. Here, a person gets a private identifier that links to a public ID that exists on the blockchain. When they receive information that would typically require a password — such as a banking message — they use their private identifier to verify who they are instead.

This decentralized approach prevents hackers from getting the information they need to infiltrate a network.

4. Detecting Deepfake Content

Cybersecurity professionals are increasingly concerned about how deepfake content could pose a rising threat to businesses. More specifically, criminals can create fabricated material so that people appear to say false things. It’s easy to imagine the potential damage if a renowned leader became targeted for a successful deepfake attempt.

However, the blockchain may provide much-needed assistance in helping people verify the authenticity of videos and other types of online media. Many supply chain professionals already use blockchain technology to safeguard against counterfeit goods, so relying on it to check for fakes videos makes sense, too.

Graduate student Haya Raed collaborated with a professor at her university to develop a solution that uses the blockchain and smart contracts to combat fakes. The system works on the Ethereum blockchain and creates new contracts whenever someone wants to edit or distribute content. People can then see records of those transactions, thereby tracing the media to its source.

5. Opportunities for Safer E-commerce Transactions

E-commerce has soared lately, due in large part to COVID-19 and restrictions implemented to curb the virus. People spent more than $861 billion with e-commerce retailers in the United States in 2020. That was a 44% jump compared to the previous year. Of course, cybercriminals hacked online stores before COVID-19 happened.

For example, the “Keeper” group has broken into more than 550 e-commerce sites since 2017. After accessing them, those responsible inserted malicious code that captured credit card details as shoppers entered them into forms. If online shopping continues its rise, online criminals will likely find e-commerce sites even more tempting.

However, the distributed structure of the blockchain could thwart their efforts to seize information.

Building e-commerce platforms on the blockchain is not yet a widespread concept. However, it’s an option with exciting potential. An e-commerce marketplace called CashPay launched recently, and it uses Ethereum’s blockchain technology. The team behind it has several other projects in the pipeline, too.

For example, they want to create country-specific online stores and apps, plus offer payment integrations that let people purchase things at other shops with cryptocurrencies.

The Blockchain Should Continue Improving Cybersecurity

Cybersecurity professionals are well aware that new technologies could spur progress in their field. These examples show why the blockchain is well worth further exploration on the grounds that it could make the internet and its associated activities less prone to security breaches.

As more companies develop related products, people should expect to see even more use cases demonstrating blockchain’s potential in cybersecurity.

The post 5 Ways Blockchain Is Transforming Cybersecurity in 2021 appeared first on Cybersecurity Insiders.


April 01, 2021 at 06:57AM

Learning from the Oldsmar Water Treatment Attack to Prevent Critical Infrastructure Breaches

By Tony Goulding, Cybersecurity Evangelist at Centrify

The consequences of a data breach can vary greatly depending on the intention of the adversary. Some hackers simply aim to cause disruption. Others extract valuable personally identifiable information (PII) to sell on the Dark Web, while others look to extort money due to ransomware. When a cyberattack is attempted against critical infrastructures such as hospitals, electrical grids, or water systems, the potential repercussions can affect thousands of individuals like you and me. It can be devastating — or even deadly.

The 2020 Global State of Industrial Cybersecurity report found that 74% of IT security professionals are more concerned about a cyberattack on critical infrastructure than an enterprise data breach. Over 65% believe that a cyberattack on critical infrastructure has the potential to inflict more damage.

The attempted attack on the Oldsmar, Florida water treatment plant in early February 2021 demonstrated the potentially dangerous and life-threatening consequences of compromised critical infrastructure. The attacker successfully infiltrated the computer system that controlled the water treatment facility and remotely manipulated a computer to change the water supply’s chemical balance. In particular, the increase of sodium hydroxide could have seriously harmed or even killed human beings. Luckily, a supervisor was able to catch the act in real-time and revert the changes.

After an investigation of the Oldsmar incident, it was revealed that the hacker was able to gain access because the computer system was using an unsupported version of Windows with no firewall. The system was also only accessible using a shared TeamViewer password among the employees. These two issues are widespread amongst critical infrastructure organizations and the private sector alike.

Despite being discovered and stopped, the incident amplified the discussion on how the government and private sector can prevent these attacks. While the federal government investigates more serious breaches, state and local agencies are left picking up the pieces for more minor attacks. Unfortunately, smaller municipalities do not have the resources to respond and will often be left struggling for hours, or even days, as the attack rages on. Therefore, it is vital to be proactive rather than reactive to reduce these cyber-risks.

The water plant breach demonstrated the importance of critical infrastructure organizations taking steps to implement the necessary security measures now to escape the consequences of a data breach later. Below, we outline the top actions these institutions can take today to protect themselves from attacks of this nature that leverage privileged credentials to achieve their goals.

Secure Remote Access for Administrators Without a VPN

The pandemic has changed the way most people work, with some companies not looking to return to office environments until the end of 2021 or 2022 (or ever). As a result, many companies have implemented virtual private networks (VPNs) to connect their employees safely and continue operations remotely.

Amid the chaos of switching to remote operations practically overnight at the beginning of the pandemic, many companies focused on regular employees. They failed to consider the extra access security that administrators require. These users – internal and outsourced IT, managed services providers, and other third parties – use accounts representing the “keys to the kingdom”; the highest potential value to hackers.

For many organizations, extending VPN-based remote access for the entire workforce was relatively quick and easy. However, VPNs introduce challenges and risks. With a VPN-less approach, IT overhead is reduced. The user workstation is not network-attached and so can’t transmit any virus or malware to the internal systems (a “clean source”) plus, IT overhead to manage policy management solutions such as Cisco NAC is avoided. It also constrains access to only the resources required for each individual and not the entire network, preventing lateral movement if a breach does occur.

Securing remote access, however, goes beyond the VPN. Critical infrastructure organizations need to evaluate how they protect access to privileged accounts and protect the systems where sensitive data lives. The best practice is to consolidate privileged identities and avoid standing privileges through the best practice of least privilege. Organizations must also ensure a high level of certainty that it is indeed a legitimate admin taking actions on the resources and not an adversary – as was the case with the water treatment facility.

Enforcing least privilege and adopting what is referred to as a “Zero Trust” approach means trusting no one until they have been adequately verified and validated, re-establishing trust.  Through self-service workflows, admins can request elevated privileged just-in-time for a limited time. This approach of verifying who is requesting access, the context of the request, and the access environment’s risk combine to mitigate the risk of a breach.

Vaulting Shared Passwords

The water treatment plant attacker was able to gain access to the network partially due to the same TeamViewer password being shared among its employees. While a shared password can be convenient, it’s a huge exposure. In fact, it is one of the easiest ways an adversary can gain access. If a disgruntled employee leaves and has access to the password, they can easily log back into the system if the credentials are not rotated. Potentially even worse, they can be sold to the highest bidder.

One step organizations can take to reduce the chances of a shared password being misused is password vaulting. This practice involves taking highly-privileged administrative accounts and passwords out of IT’s direct control and storing them securely in a software vault.

Roles and rights defined in the vault then control who is allowed access, when, and for how long – significantly reducing the risk of passwords being abused by internal or external threats. Password vaults include additional security features such as password rotation, password reconciliation, MFA, and a just-in-time access request and approval service.

Privilege Elevation

Organizations with more resources and mature privileged access management (PAM) implementations may augment the vault with privilege elevation controls. While the vault is excellent for protecting shared privileged accounts, privilege elevation protects the machine. It controls who can log in and what applications or commands they’re allowed to run once logged in. This is important because if a vaulted shared privileged account is compromised, the attacker can use it to log into systems masquerading as a legitimate user with a legitimate password. With a vault alone, the system can’t tell the difference.

Thus, both vaulting and privilege elevation are essential components of a mature PAM deployment. Still, privilege elevation has a much more significant positive effect on your PAM maturity and risk posture.

Multi-Factor Authentication

Forrester Research has estimated that 80% of security breaches involve weak, default, stolen, or otherwise compromised privileged credentials. Because organizations cannot often verify whether the user accessing data is who they say they are, multi-factor authentication (MFA) has become the gold standard for password security.

MFA requires an extra step to verify an identity beyond a username and password. Typically, it is recommended that the organization uses something the user knows, like a text code or PIN; something they have, such as a mobile device or smart card; or something they are, such as a facial or fingerprint scan. These additional verification factors can validate the user’s identity and provide an extra layer of security for the organization.

The Oldsmar water treatment plant incident should serve as an urgent reminder to organizations about taking precautionary steps before a cyberattack occurs. The consequences could be severe damage to the organization’s reputation and bottom line or perhaps endangering human lives. By implementing secure VPN-less remote access, vaulting shared administrative account passwords, enforcing least privilege with privilege elevation, and incorporating MFA everywhere, critical infrastructure organizations can arm themselves – and the citizens they serve – against adversaries.

The post Learning from the Oldsmar Water Treatment Attack to Prevent Critical Infrastructure Breaches appeared first on Cybersecurity Insiders.


April 01, 2021 at 06:50AM

National health passes: Short-term fix or long-term legacy?

This article originally appeared in a global white paper examining the issues around vaccination certificates and immunity passports, and released by Reconnaissance International during the Digital Documents Security virtual event.

As vaccination programmes gather momentum, attention is turning towards restoring individual freedoms and reviving economies. In realising these ambitions, so-called health passes (aka vaccine passports or certificates) are seen by many governments as a potentially powerful asset. To date, much of the focus has been on enabling international travel. Inevitably, establishing the global standards necessary for success here will take time. However, schemes that provide citizens with trusted proof of their vaccinated status, quarantine compliance, and the results of PCR (polymerase chain reaction) or antibody tests, can play a valuable role within national boundaries. While governments await international harmonisation, health passes deployed at the domestic level offer a means of reopening – or keeping open – a wide array of businesses, venues and events, without putting public health at undue risk. And the good news for governments is that successful rollout is more straightforward than it might initially appear.

Certainly, there are significant challenges. To make a worthwhile impact, deployment needs to be swift. At the same time, schemes must provide absolute trust in the authenticity of any information shared by the pass holder. Verifying documentation needs to be quick and easy, and accessible to a wide range of businesses and organisations.  As with any personal medical data, maintaining privacy and security is paramount.

Leveraging the near ubiquity of the smartphone is an obvious response. But when it comes to developing apps to support Covid-related programmes, the record of governments to date has been mixed. In several cases, purpose-designed apps have fallen short of expectations in terms of protecting privacy and securing trust. To be fair and effective, any solution must also recognise that not everyone carries a smartphone. What’s more, some who do are unwilling to share personal data via a mobile device.

In fact, there’s no need to reinvent the wheel. All the necessary bricks are already supporting the latest generation of digital identity programmes. Thales is at the forefront of many of these initiatives, embracing not only smartphone-enabled solutions, but also the secure paper-based methodologies that are essential for any truly inclusive deployment.

Health passes, just like digital identity programmes, will invariably require a chain of trust to be built between issuing authorities, digital identity holders and the organisations that verify these credentials. For the mobile channel, a Digital Identity Wallet should stand at the heart of the ecosystem, providing a secure, fully interoperable and standards-based environment for encrypted credentials within the holder’s smartphone. Ideally suited to the demands of health passes, in contrast to a standalone app, it delivers an extra layer of protection for the information contained within it. A virtual wallet also ensures that credentials are inextricably linked to the holder’s identity.

To be universally accepted, health passes must provide reassurance they have been issued by the legitimate authority and presented by the genuine holder. Thales’ own Digital Identity Wallet, for example, is supported by a secure and interoperable platform, and incorporates the modularity necessary to extend to forthcoming standardised international health passports. Beyond that, it will also facilitate broader digital transformation initiatives. Crucially, the wallet can interface securely with a broad array of different health systems, guaranteeing the aforementioned chain of trust and secure issue of a digitalised version of the health pass, proof of vaccination and/or test results to the authenticated individual’s Digital ID Wallet. It also enables lifecycle management of these digital documents. In the current context, this is particularly significant. Understanding of the virus, and the on-going efficacy of vaccines, is evolving continuously; to maintain trust, passes must remain current.

Health passes will be checked by a wide array of stakeholders. A fast, accessible and intuitive verification process is therefore crucial to maximising adoption and compliance. It will also be essential for avoiding delays, particularly at mass spectator events. Once again, to ensure relevance, scheme rules will need to be updated over-the-air.

Thales’ proposal is built on standards defined by international standardisation bodies including ISO – International Organisation for Standardisation – and ICAO – International Civil Aviation Organisation. Thales’ certified mobile security technologies ensure that all the relevant vaccination, test, antibody or quarantine data is securely processed and stored. Whenever proof of this information is needed, users simply authenticate to open their mobile wallet, select the information they want to share, and generate a QR code to invite third party verifiers to engage with the wallet using ISO 18013-5 compliant mechanisms. Once consent is given, data is shared via Bluetooth Low Energy, Wi-Fi Aware or NFC. To optimise privacy, only the information required needs to be shared by the holder.

For citizens unable or unwilling to use a smartphone, QR codes can be distributed via a PDF as an ICAO Visible Digital Seal. Trust is ensured by embedding ID document information within the code. Verification is performed in exactly the same way as the mobile version, with the citizen presenting a physical document such as a passport or ID card to prove they are the genuine holder of the printed code.

As well as addressing all the technical considerations, governments also need to undertake a rigorous cost-benefit analysis. Will the returns on a domestic health pass justify the investment? In contrast to a proprietary app, developed exclusively to support a vaccination programme, a Digital ID Wallet is a truly future-proof solution. Above and beyond the requirements of the health pass, it provides a standards-based platform for on-going digitisation programmes, including any future, internationally harmonised vaccine passport. In addition to reigniting economic growth, and offering welcome relief to lockdown-weary citizens, health passes therefore represent a unique opportunity for governments to create a positive legacy that prevails long after the immediate challenges of the pandemic have passed.

Interested and want to learn more? Leave a comment below and follow us on Twitter at @ThalesDigiSec!

The post National health passes: Short-term fix or long-term legacy? appeared first on Cybersecurity Insiders.


March 31, 2021 at 09:10PM

Wow…. Ziggy Ransomware gang to refund its victims

Ziggy Ransomware gang has decided to do good to the society by offering a refund to all its victims. Why they are doing so or their motive behind this act of kindness is yet to be known. But those spreading the said file encrypting malware have taken a pledge on Telegram to refund back the money extracted from their victims as ransom through. 

Therefore, the refund campaign that started in February this year is said to benefit over 300 victims and additionally the threat actors have also chosen to release over 1000 decryption keys for those whose data was encrypted. 

Sources have confirmed in the first week of March that the operators have shut down their operations and have released a decryption tool dubbed ‘Virus Total’ that not only wipes of the ransomware, but also cleans any malware or backdoors that might have been added by cyber crooks while distributing the Ziggy Ransomware. 

Cybersecurity researchers have a different version to explain over this kindness. They say that those spreading ransomware are nowadays fearing about the law enforcements operating across the world as they are found taking stringent actions against those spreading malware in recent times.  

One such example is Emotet that was taken down by Europol in association with other security agencies from US, Germany, Netherlands, and Australia in January 2021. Fonix that offers ransomware as a service has also come up with a similar offer as the leader of the group has decided to shut down the shop to do good to the society that is already struggling with economic jolts due to the corona virus pandemic led business lockdowns. 

FYI, Maze ransomware, Wannaren Ransomware and those spreading GandCrab ransomware have already announced that they are shutting their business for reasons best known to them.

The post Wow…. Ziggy Ransomware gang to refund its victims appeared first on Cybersecurity Insiders.


March 31, 2021 at 08:42PM

Tuesday, March 30, 2021

Kaspersky says most of the ransomware victims cannot get back their data

To all those who think paying a ransom would help in retrieving back their data from hackers, here’s research that proves it wrong. According to a survey carried out by Kaspersky, over 50% of ransomware victims have claimed that they did not get back their data as promised by hackers even after they bowed down to the demands of hackers.

Kaspersky report says that there was an increase in ransomware attacks and payments at the same time last year when whole of the world was in a govt imposed lock down because of the rapid spread of Corona Virus Pandemic.

Out of 15,000 customers surveyed by the Russian Cybersecurity firm, only 29% of victims stated they recovered back their data from encryption after paying a ransom in cryptocurrency. Others claimed to have lost most of their stolen files, or were never offered the stolen data by the hackers.

Highlight of the survey is that it was conducted in Britain and the respondents were those belonging to companies operating in and around UK.

Marina Titova, the head of marketing at Kaspersky, reiterated the fact that paying a ransom doesn’t guarantee the return of the decryption key to the locked database or retrieval of stolen files.

In November 2019, FBI issued a press statement urging all ransomware victims not to bow down to the demands of hackers as it not only guarantee the return of the decryption key but also encourages the criminals to populate the cyber attacks further.

Kaspersky is offering some tips to victims of ransomware attacks, and they are as follows-

· Never entertain the demands of the cyber criminal and instead contact the law enforcement

· Never click on links sent by unknown senders on the mobile phones and laptops

· Avoid opening spam emails or text messages

· Never insert Pen drives on your computing device sent by unknown sources.

· Having an effective data recovery plan and using a threat monitoring solution do helps

· Creating awareness among employees about the cyber threats lurking in cyber landscape also helps

 

The post Kaspersky says most of the ransomware victims cannot get back their data appeared first on Cybersecurity Insiders.


March 31, 2021 at 10:32AM

Beware of this Royal Mail Cyber Scam

In the past couple of weeks, most of the populace living in the suburbs of London is complaining of a cyber fraud in which all their earnings were drained out by a Royal Mail text that had a malicious link. What’s interesting about the scam is that even the law enforcement cannot intervene in the issue to get refunds back from the bank.

Cybersecurity Insiders has learnt that millions of people across UK have received a message that is leading to a money draining fraud with an estimate of victims loosing over ₤479 million.

Even the National Crime Agency is not in a position to put an end to this cyber fraud, as it is finding it difficult to track down the culprits in the current situation.

Now, to those uninitiated, the scam is taking place interestingly. First, the scamsters are sending text messages to victims and requesting them to make a payment on the link provided in the text message. And as the message appears to be from parcel service Royal Mail, most of the victims are doing as said in the text message because of their sheer innocence, only to learn later that it was a cyber fraud.

Later, say after a couple of days, a caller posing as a bank official is seen calling the victim to say that they have become a victim to a cyber fraud on a recent note and asking the victims to transfer residue money in the account to a safe account–thus siphoning all their hard earned money by making them transfer to a fraudulent account.

When contacted, a spokesperson from Royal Mail stated that it was a scam where hackers are seen using the British Multinational Postal service name to tap in the victims.

Actress Emmeline Hartley of UK has become the latest victim of the said scam as she lost ₤1250 to the latest fraud. And she posted her experience on a social media platform to help other online users stay safe from such terrible digital experiences.

The banking ombudsman of Britain has taken a note of the fraud and has started an investigation.

The post Beware of this Royal Mail Cyber Scam appeared first on Cybersecurity Insiders.


March 31, 2021 at 10:31AM

What educational institutions need to do to protect themselves from cyber threats

This blog was written by an independent guest blogger.
Educational institutions are reaping the many benefits and new possibilities offered by online learning, but these new methods of educational instruction come with serious cyber security concerns. These institutions are also a prime focus for hackers because they often host a lot of sensitive data about teachers and students. 
Furthermore, schools and universities are an easy target because not every teacher or professor is technologically savvy. In fact, many educational institutions have been caught off guard amidst the pandemic and had to rush to implement a remote learning framework that they weren’t hitherto prepared to roll out. 
The increase in the different amount of devices used to connect to a network from a wide variety of locations adds another factor of complexity when it comes to cyber defense. To make matters worse, there are laws and regulations…

Nahla Davies Posted by:

Nahla Davies

Read full post

     

The post What educational institutions need to do to protect themselves from cyber threats appeared first on Cybersecurity Insiders.


March 30, 2021 at 09:09PM

Over 100 million MobiKwik user data leaked in Cyber Attack

MobiKwik, an India company that facilitates mobile based payment services, is trending on Google for alleged data breach that the company has readily denied. Going further into details, a French Cybersecurity researcher named Elliot Anderson is claiming to have found a data trove of over 3.5 million accounts available for sale on the dark web.

Another Indian security researcher named Rajshekar Rajaharia has confirmed the news and said that the digital payment firm has been provided the evidence for proof.

However, Bipin Preet Singh, CEO of MobiKwik, has claimed the news as false and assured that no data leak took place on the company servers or at the third party payment services.

Mr. Bipin added that the company has taken the incident seriously and will surely conduct a data audit followed by a third party security review to confirm its stand on an official note.

Note 1- MobiKwik data leak was being discussed on various social media platforms from early this month and some twitter users claim that the hack might have taken place last month and since the company failed to bow down to the demands of hackers, they released a data worth 8.2 terabytes for evidence. And the leaked information includes KYC details of customers, their addresses, phone numbers, Aadhaar card details and card details that were linked to the MobiKwik Wallet, respectively.

Note 2- A telegram message posted by a user group is seen circulating on the dark web that claims to provide a link to a data trove that contains KYC details of over 3.5 million people, 99 million user phone numbers, email ids, hashed passwords and addresses- all for just a fee of 1.5 BTC or $85,000.

Note 3- As per the stats released in November 2016, MobiKwik reported having over 1.5 million merchants linked to its service and claims to have over 55 million customers.

The post Over 100 million MobiKwik user data leaked in Cyber Attack appeared first on Cybersecurity Insiders.


March 30, 2021 at 08:47PM

Monday, March 29, 2021

Over $20m loss to CompuCom from Ransomware Attack

We all know that North Carolina based Managed Service provider CompuCom suffered a ransomware attack in the first week of March this year. Information is now out that the malware attack that took place on March 3, 2021 has infected many of the systems operating in the IT environment of CompuCom disrupting most of its services rendered to customers for days.

Office Deport aka ODP, the parent company of CompuCom responded that its preliminary inquiries reveal that the attack could cause a $20 million (10m from 1st quarter) loss to the company that might terribly hit the profit margin of the technology based company.

Highly placed sources say that most of the services were restored by March 17 of this year and ODP expects that the revenue loss might cut down its profit margin to zero for this month as an estimated loss between $5.8m to $8m could be incurred as CompuCom had to suspend some services to customers.

DarkSide Ransomware 2.0 is said to be behind the incident and Managed Service Providers are being requested to focus more on improving their Cybersecurity culture as a cyber attack could make or break the business forever.

Note- Such incidents on MSPs might cause a significant loss to customers, as their defenseline against cyber attacks might get negatively impacted. So, creating awareness among employees about the threats lurking in the cyber landscape, patching up the operating systems, using threat monitoring solutions and avoiding human errors by automating the threat detection and mitigation process will surely help.

The post Over $20m loss to CompuCom from Ransomware Attack appeared first on Cybersecurity Insiders.


March 30, 2021 at 10:20AM

Microsoft Exchange Server vulnerability patching doesn’t end the menace

Microsoft issued a press statement yesterday saying that simple patching of its Exchange Servers will not remove the access of the attacker on systems that have been compromised.

So, the cyber threat still exists in the patched systems and can be exploited by hackers soon, says a research conducted by F-Secure.

Supporting this newly discovered theory is the research carried out by Microsoft 365 Defender Threat Intelligence Team that released a report that human operated ransomware attacks or data exfiltration cannot be reversed just by fixing the vulnerability on the exchange server.

Therefore, hackers can launch follow-on attacks on Exchange Servers that are already compromised, steal data and compromise systems creating other entry points for future exploitation.

Acer Company that manufactures laptops and other computing devices in Taiwan has become a victim of one such attack where critical information such as bank communication, bank balance, financial data related to employees was compromised in the network attack.

Satya Nadella led company says that the attack was launched by Hades Ransomware gang that operates for Hafnium, a state sponsored cyber threat funded by Chinese intelligence.

What’s interesting about the attack is that those spreading Hades exhibit several characteristics mimicking other ransomware gangs, either to divert the focus of investigators or to conceal their actual identity.

The Awake Security Division of Arista Networks confirmed the news and claims that it has enough evidence to that Hades has links to Chinese hacking group Hafnium.

Note- As per F-Secure, countries that have been most affected in Microsoft Exchange Server hack are Italy, Germany, France, UK, US, Belgium, Kuwait, Sweden and the Netherlands along with Taiwan.

The post Microsoft Exchange Server vulnerability patching doesn’t end the menace appeared first on Cybersecurity Insiders.


March 30, 2021 at 10:19AM

Adaptive cybersecurity: 3 strategies that are needed in an evolving security landscape

This blog was written by an independent guest blogger.
Cybersecurity is no longer an outlandish concept to many business enterprise executives. What is still relatively unfamiliar to many organizations and their leadership, however, is the task of evaluating their cyber strategy and risk to determine how best to adapt and grow to stay secure while remaining competitive. 
Executives must initiate thorough evaluations of their existing cybersecurity strategies to figure out which types of new technologies and risk management strategies they need the most.
Apart from remaining competitive with other businesses that are also increasing their cybersecurity posture, it's vital for businesses both large and small to implement more adaptive cybersecurity to combat the ever-looking threat of data breaches and attacks from cybercriminals.
To that end, let’s take a look at the top three most important strategies that enterprise executives need to adopt to keep up with…

Theodoros Karasavvas Posted by:

Theodoros Karasavvas

Read full post

     

The post Adaptive cybersecurity: 3 strategies that are needed in an evolving security landscape appeared first on Cybersecurity Insiders.


March 29, 2021 at 09:09PM

Ransomware Cyber Attack news headlines trending on Google

Honeywell, a firm that specializes in serving aerospace, energy and security with related equipment is in news for malware disruption and recovery. A spokesperson released a press statement yesterday and confirmed that the attack was a ransomware variant and the incident was contained finally with an in-house disaster recovery procedure.

A vulnerability on the Microsoft email exchange server is said to have led to the ransomware attack. But Honeywell has assured that no customer information was compromised in the incident.

Second, an Australia-based healthcare provider named Eastern Health is said to have become a recent victim of ransomware attack and highly placed sources say that the incident led to severe disruption of Information Technology Systems on March 16,2021.

Only critical patient care is being attended by the doctors, and all surgeries and services have been postponed to a later date.

As the Box Hill Hospital has an efficient business continuity plan in place, it is helping in offering required amount of care to patients.

Harris Federation that acts as a centralized platform for 49 schools in London is reported to have suffered a ransomware attack on Saturday last week. Email systems, phone communications and laptops given to Pupil have been deeply affected.

MangaDex website is down since March 17th,2021 and a report is that the company might take weeks to recover its content as it has become a victim of a ransomware attack. The website that offers Japanese literature inspired comic scripts and images has posted a statement on its website and stated that its staff is doing its best to bring back the site to life as soon as possible.

As per the sources reporting to our Cybersecurity Insiders, the source code and data on the server have been compromised as the threat actors accessed the said content fraudulently. So, all users using Mangadex are being requested to change their passwords on an immediate note to avoid any digital future troubles.

Note- In all the above stated 4 instances, the ransomware variant that compromised the systems is yet to be made public.

The post Ransomware Cyber Attack news headlines trending on Google appeared first on Cybersecurity Insiders.


March 29, 2021 at 08:44PM

Sunday, March 28, 2021

Australia Channel 9 TV Ransomware Cyber Attack

Channel Nine, an Australian free to air TV network, was reportedly hit by a cyber attack that sources confirm could be of ransomware variant. The Melbourne based company that is co-owned by Nine Entertainment Co, confirmed that it cannot host a popular weekend television show titled ‘NRL Sunday Footy Show’ as the digital attack has impacted the broadcast services of Channel Nine content deeply.

Although no official statement was released in this regard, senior management of Channel 9 TV Channel has informed its staff that the disruption could have been caused by a malicious cyber attack.

The broadcast of the regular news bulletin is being done by an untouched server from one of the channel’s remote offices in Melbourne.

All predetermined broadcasts such as the National Rugby League Season, the usual 6PM news and evening TV shows such as 60 minutes will be aired as usual- all thanks to an in-house business continuity plan.

Sydney Morning Herald (SMH) and The Age Newspapers remained accessible as they operational servers were placed on a separate domain.

Ransomware attack is a kind of malware attack that compromises the data on a server and locks it down from access until a ransom is paid. And according to highly placed sources, Channel Nine cyber attack has all traits that match a ransomware attack.

Whether the management will bow down to the demands of hackers and pay them in cryptocurrency or will recover the data from a data continuity plan is yet to be known.

Note- As per some speculations doing round in some media resources, the cyber attack could have been launched by a hackers group funded by Russian Intelligence as the Channel Nine TV show was about to broadcast an investigation related to Russian President Vladimir Putin’s involvement in chemical assassination in the morning show ‘Under Investigation’ scheduled to be aired between 7 am to 10 am.

The post Australia Channel 9 TV Ransomware Cyber Attack appeared first on Cybersecurity Insiders.


March 29, 2021 at 10:29AM

Beware of this malicious Android system update

Cybersecurity firm Zimperium has uncovered a latest mobile security threat as a critical system update that is actually a sophisticated malware that steals data and conduct espionage on targeted smart phones.

Zimperium zLabs says that the malware has capability of sending images, videos, contacts, messages and documents from the targeted device to remote servers and might also allow the cyber crooks to take control of the android smartphone after few weeks.

Sreedhar Mittal, the CEO of Zimperium said that the attack was devised as a targeted attack that can involve a range of malicious actions after it takes complete control of the device. He added that his company researchers have found that the malware is seen communicating with a Firebase server of the hacker, after which data is siphoned and stored in spyware’s private storage.

Another highlight of this malware is that it also keeps a track of victims bookmarks, search history on Chrome, Firefox and other internet browsers and helps cyber crooks in developing a profile of the targeted hacker.

Meanwhile, in a separate update, Google has made a new announcement about Android Ready Secure Element(SE) Alliance where it offers new Android malware seen its Pixel phones to other OEM’s who manufacture android based devices.

All these days the hardware based security was only available on Titan M Chips of Pixels phones, but the tech giant now wants this exclusive feature to be implemented on other phones and so has extended support of SE tamper resistant hardware to products offered by other manufactures based on Android OS platforms.

The post Beware of this malicious Android system update appeared first on Cybersecurity Insiders.


March 29, 2021 at 10:27AM

Saturday, March 27, 2021

Why is Third-Party Risk Management important in 2021?

This post was originally published by Abi Tyas.

Third-party risk management is important because failure to assess third-party risks exposes an organization to supply chain attacks, data breaches, and reputational damage.

To reduce the inexorable digital risks associated with vendor relationships, regulators globally are introducing new laws to make vendor risk management a regulatory requirement. This can include the management of sub-contracting and on-sourcing arrangements (fourth-party risk).

What is third-party risk management?

Third-party risk management is the process of analyzing and controlling risks associated with outsourcing to third-party vendors or service providers. Increasingly, the scope of vendor management extends to sub-contracting and on-sourcing arrangements to mitigate fourth-party risk.

This is particularly important for high-risk vendors who process sensitive data, intellectual property or other sensitive information.

This means due diligence is required to determine the overall suitability of third-parties for their given task and increasingly, whether they can keep information secure.

Due diligence is the investigative process by which a third-party is reviewed to determine if it’s suitable. In addition to initial due diligence, vendors need to review on a continuous basis over their lifecycle as new security risks are introduced over time.

The goal of any third-party risk management program is to reduce the following risks:

 

  • Cybersecurity risk: The risk of exposure or loss resulting from a cyberattack, data breach or other security incidents. This risk is often mitigated by performing due diligence before onboarding new vendors and ongoing monitoring over the vendor lifecycle.
  • Operational risk: The risk that a third-party will cause disruption to the business operations. This is generally managed through contractually bound service level agreements (SLAs). Depending on the criticality of the vendor, you may opt to have a backup vendor in place to ensure business continuity. This is common practice for financial institutions.
  • Legal, regulatory and compliance risk: The risk that a third-party will impact your organization’s compliance with local legislation, regulation or agreements. This is particularly important for financial services, healthcare and government organizations as well as their business partners.
  • Reputational risk: The risk arising from negative public opinion caused by a third-party. Dissatisfied customers, inappropriate interactions and poor recommendations are only the tip of the iceberg. The most damaging events are third-party data breaches resulting from poor security controls, like Target’s 2013 data breach.
  • Financial risk: The risk that a third-party will have a detrimental impact on the financial success of your organization. For example, your organization may not be able to sell a new product due to poor supply chain management.
  • Strategic risk: The risk that your organization will fail to meet its business objectives because of a third-party vendor.

Read more here: www.upguard.com

The post Why is Third-Party Risk Management important in 2021? appeared first on Cybersecurity Insiders.


March 27, 2021 at 09:21PM

Friday, March 26, 2021

Four innovative payment services using a banking app

The mobile app is the new bank branch.

With an installed base of more than three billion iOS and Android smartphones, the mobile banking app has become the main channel for consumers to interact with their bank. In less than a decade, services beyond the simple balance verification emerged, such as check deposits, statements review, bill payments, money transfers, new account opening, setup of new beneficiaries, P2P money transfer, and many more.

Mobile wallets embedded into the mobile banking app, with a portfolio of payment, loyalty, transport and ID solutions, emerged as did new mobile payment options using acceptance networks like optical with QR codes. These new innovations enriched the mobile banking app, driving usage and traffic. In fact, the mobile banking app has captured all the innovations of the last decade but one: near-field communication (NFC).

The rise of OEM payments

Since October 2014 when Apple Pay first launched in the U.S., followed by Samsung Pay and Google Pay, more than one billion cardholders have enrolled at least one payment card into an OEM wallet to perform in-store, NFC tap payments, or in-app and in-web payments. Looking at iOS devices, the card emulation mode of the NFC stack is only accessible via the Apple Wallet app, ensuring a great Apple user experience. However, this prevents banks from deploying their own wallet from their mobile app and with local, market specific functionalities that could fit the bank’s market blueprint.

Android devices offer the flexibility needed to access and use the NFC stack in its card emulation mode, but the diversity of security frameworks from brand to brand makes it more difficult for banks to reach all their customers. Google’s Host Card Emulation (HCE), a software mock-up of a hardware secure element, has been the only possible path to implement a mobile wallet using the NFC stack on Android devices to date. Beyond the technical considerations, the market has mainly suffered from a lack of innovative services to help bring a credible, challenging alternative to OEM Pay. This might be about to change.

The devil is in the details

OEM Pay delivers a Tap&Pay contactless card-like experience via smartphones. That alone is great, but we believe there is room for more personalised user experiences that are closely aligned with local markets’ needs. Banks own this local market knowledge and could be the ideal prime audience to deploy an innovative mobile payment journey.

Here are four applications that could be embedded with other services into the mobile banking app for an optimal mobile payment journey:

Tipping: Just like the Uber app offers a ‘+Tip’ button on top of the card-on-file payment, a smart customisation of the app user interface would be to transform Tap&Pay into Tap + Tip &Pay. This type of customer need and behaviour highly varies from one market to another. In the U.S. for example, tips are second nature for customers, but in other countries like Japan and China, tipping isn’t commonplace. With fewer people carrying cash today, having the Tap + Tip option would provide a quick and convenient way to pay gratuity.

Splitting: App payment providers want to make it as easy and frictionless as possible for customers to pay. Most of us have been in a situation where a group of people try to split the bill in a restaurant. Processing multiple individual payments can take a long time for the merchant, and is cumbersome for the diners. What if there was a “split” button prior to tapping on one of the guest’s banking apps? One person would be able to perform a Tap&Pay for the amount in full, saving time and hassle for the merchant and the guests. The rest of the group would then perform a NFC P2P payment of equal amounts toward the total to the person who paid.

Credit & Debit selection: The transaction amount can trigger a decision of whether to either use a credit or debit card. The mobile banking app could capture the transaction amount through the first tap, and then assist the customer by offering them a choice between debit and credit card prior to the second Tap&Pay. The innovation here is the “capture amount” function prior to Tap&Pay, which does not have to be done via NFC. Instead, it could be performed using other technologies such as Bluetooth so that it doesn’t make the user journey more complex. Capturing the amount prior to the payment transaction opens a range of services using the mobile banking app.

P2P, smartphone-to-smartphone payment: While most people are familiar with NFC’s “Card Emulation Mode”, made popular by leading OEM Pay providers, it also consists of two more communication modes that could be hugely beneficial for users. One of them is the “reader” mode that allows smartphones to read NFC tags, which could be used as an alternative to QR codes to build a payment acceptance network. The other one is a “P2P” mode that allows two smartphones to communicate when within a one-inch distance. P2P payments with back-to-back smartphones could be a very innovative mobile banking service to perform for payments among friends, for example.

The mobile banking app can be the home to a variety of innovative and personalised payment services triggered by NFC card emulation, reader or P2P modes, and also optical QR codes. While there are a lot more possibilities that could enrich banks’ mobile apps to reflect local market needs, only usage within different markets would tell which ones are pertinent and will survive. It’s time for BankPay (mobile payment branded by banks) to bring the second and third billion users to the convenience of digital, mobile payments.

What other services would you be keen to see enabled by mobile banking apps? Let us know in the comments below of by tweeting us @ThalesDigiSec.

The post Four innovative payment services using a banking app appeared first on Cybersecurity Insiders.


March 27, 2021 at 09:10AM

SD-WAN vs. MPLS: how do they compare from a security perspective?

This article was written by an independent guest author.
SD-WAN and MPLS are two technologies that are often perceived as either-or solutions. For many organizations, however, SD-WAN and MPLS can complement each other.
This article will define and compare the technologies, explaining how, in many cases, they work together.
We’ll also explore SD-WAN’s popularity and its role in enabling modern security architectures like SASE.
Defining SD-WAN and MPLS
SD-WAN
Software-defined wide area networking (SD-WAN) is a distributed networking technology that provides a sustainable alternative to high-latency hub-and-spoke network topologies.
Before SD-WAN, hub-and-spoke networks directed branch office traffic to a centralized data center, often through MPLS dedicated lines, as remote and home-based workers connected through VPN. While this model worked well in the past when all applications were installed on the desktop or data center servers, the rapid proliferation of cloud applications and services overloaded MPLS circuits….

Mark Stone Posted by:

Mark Stone

Read full post

     

The post SD-WAN vs. MPLS: how do they compare from a security perspective? appeared first on Cybersecurity Insiders.


March 26, 2021 at 09:10PM

How the eSIM market is pushing boundaries in 2021

‘This article first appeared on Philippe Vallée’s LinkedIn’

2020 underlined just how vital connectivity is to our lives – and the start of 2021 is no different. The COVID-19 pandemic has completely reshaped how we work, shop and socialise – as well as redefining how businesses operate – prompting hundreds of millions of people and enterprises around the world to ‘go digital’ so they can carry on with their lives with some sort of normality. It’s remarkable to think that the ability to stay and keep connected with loved ones, colleagues and friends has only been made possible by components the fraction of the size of your fingernail.

eSIM, the SIM’s worthy heir bringing connectivity to your smartphone or smartwatch, continues to play a bigger role in our ever digital worlds. What’s more, its transformative effects stretch far beyond just mobile devices with 1.4 billion eSIMs to be delivered for IoT devices out of the more than 2.7 billion consumer eSIM-compliant devices that are predicted to be shipped by 2025.

What’s more, Gartner estimates in a new report entitled ‘Emerging Technology Horizon for Devices’ that eSIMs are among a number of emerging technologies and trends that will significantly impact the computing devices market over the next three year horizon. But what is propelling this and which areas are truly benefitting from the uptake of eSIM?

What is driving the growth in eSIM uptake?

It’s important to note that, while the increasing universe of IoT devices is certainly playing a key part in why eSIMs are growing in popularity, this doesn’t paint the whole picture.

Their growing use is testament to their eminent convenience and inherent security. For network operators, eSIMs allow them to support full digital journeys with their customers. This means the ability to sign up new customers without having to go into a branch and being able to sell family bundles where several eSIM-enabled devices in one

No alt text provided for this image

home can be managed by a single contract. In 2020, Samsung tapped into this convenience with the widespread launch of its eSIM-equipped handset, the S20 – leveraging Thales’ own innovative Connected eSE solution – recently selected as the winner of the “ IoT Semiconductor Product of the Year” award by the 5th IoT Breakthrough Awards. Motorola also introduced the world’s first mass-market eSIM-only smartphone, Motorola Razr.

For consumers the advantages of eSIM are clear. The ability to instantaneously access the mobile connectivity service without having to wait for and physically change the SIM from the new carrier is a big benefit. This has some obvious alternative advantages in the current COVID-19 climate where any opportunity to reduce face-to-face interaction in stores is important. eSIM is also good for regular travellers, as they allow the end user to connect to local pre-paid numbers when travelling abroad – avoiding expensive roaming fees.

These benefits to MNOs and their customers are also behind the maturity of the eSIM market in these four emergent use cases.

The age of the wearable

Of course, on-the-move connectivity isn’t just the preserve of smartphones. In the last few years we’ve seen wearable smart devices – like smart watches, fitness trackers and health monitors – all rocket in popularity.

As wearables have become more sophisticated, the need for more advanced technology to enable them has also risen. OPPO’s new smartwatch was recently unveiled with in-built connectivity and the ability for users to activate a mobile subscription from their device. This is all enabled by the inclusion of an eSIM, provided by Thales, allowing users to make voice calls from the watch without needing to be tethered to a mobile phone.

Smart watches and fitness bands have been around for a few years now, but giving them self-contained connectivity is an important development that has been powered by miniature eSIMs.

Connectivity in transit

These tiny components are also providing convenience and security in the growing connected vehicles space. Indeed one of the first widespread uses of eSIMs was in the automotive sector when, the European Parliament required all new cars to be fitted with eCall technology from 2018 onwards, which would automatically call emergency services in the event of an accident. Since then, eSIM tech in vehicles has continued to develop at a pace. They are now used to equip vehicles with the connectivity to receive software patches over-the-air – meaning drivers don’t have to head to their local garage to fix a glitch. Instead, the update is done remotely.

What’s more, eSIMs are able to change cellular network when roaming. This is key; with the promise of a vaccine, you might be looking to drive down through Europe for your summer holiday this year, but are concerned that with a long trip planned, your car’s connectivity could be subject to expensive local data regulations after a while. eSIM removes the need to equip your car with a local SIM wherever you’re staying, and instead connects seamlessly to a high performing local connection.

eSIM technology has even enabled ground-breaking smart functionality in the likes of bikes. Greyp’s eMTB bike, for example, contains intuitive tracking systems and always-on connectivity, allowing cyclists to share their journeys as they travel.

Secure connectivity in flight

The drone market continues to expand, not least because its commercial applications in farming, infrastructure and security, for example, are multiplying at a rapid pace.

Mobile connectivity, powered by eSIM, is catalysing this growth. eSIMs play an important role in enabling beyond line of sight operations – such as flight path tracking and remote identification – and are essential as drones innovate towards autonomy. The delivery of much-needed medical supplies to the Isle of Wight in the UK by drone earlier in the year gives a good flavour of how cellular-enabled drone flight could be transformative in myriad situations.

eSIMs and the rise of healthtech 

This year it’s never felt more important to be cognisant of our health. While health services have done a brilliant job of treating COVID-19 cases, it has been equally as important to track and monitor symptoms in order to limit the spread of the infection – as well as reducing the exposure of more vulnerable people to the virus.

Once again, connected technology has played an important role here. IoT devices have allowed doctors to track the vital signs of their patients from afar, as well as providing connectivity for medical staff to keep in touch with their patients remotely. This protects those that are most vulnerable from having to potentially expose themselves to coronavirus.

A final word on eSIM

Over the past few years, eSIM has benefited from increased market demand and active support from different industry stakeholders. During the COVID-19 pandemic context, its genuine benefits have been further surfaced, particularly as part of mobile operators’ strategies to digitalise their services.

To find out more about how eSIM is playing a key role in transforming a host of different industries, visit our Thales page here. Thales was also ranked number one by independent technology analyst Counterpoint for eSIM enablement in 2020, the second year in a row it has been handed such a commendation.

The post How the eSIM market is pushing boundaries in 2021 appeared first on Cybersecurity Insiders.


March 26, 2021 at 09:10PM

How telecom operators can address the challenges of ‘going digital’

In this blog, I am joined by my colleague Emmanuel Legros, Strategy & Marketing Director to discuss the digital transformation of telecom operators

Why is it important for telecom operators to increase their digital offers?

EL: To remain competitive, telecom operators must respond to a rapidly evolving market that is being re-shaped by changing consumer habits – in particular there are a few key drivers of digital transformation.

Firstly, new consumer expectations are pushing this trend forward: both digital natives and newbies are increasingly looking for a fully digital, Uber-like journey and they expect the same experience from their mobile subscription.

Secondly, telecom operators need to anticipate the risks from pure digital players. Disruption to various industries’ ‘status quo’ now mostly comes in the form of 100% digital applications such as Spotify, Uber or Netflix.

These digital experiences in other sectors are now setting the benchmark for telecom operators who are under increased pressure to provide similar journeys. This redefines the way they engage with consumers and, in turn, ’disrupt the disruptors.’

DB: In addition to this, technologies such as Online ID verification and enrollment systems, supported by the drastic growth of the eSIM (embedded SIM), are enabling the delivery of remote enrolment and mobile subscriptions. This is another key driver behind this digital transformation.

Behind all these trends is the 5G rollout, which is further powering change. Benefits such as low latency, high data rates, reduced energy use and cost savings are sparking new digital revolutions throughout the commercial domain.

Finally, it would be an oversight not to mention how the pandemic has further accelerated the need to service customers through digital means. This trend will continue after, it is a global shift towards a 100% digital customer experience.

What is the best strategy and potential internal challenges for operators for their digital transformation?

DB: This all depends on each operator’s situation, but from our experience there are clearly a number of best practices and universal challenges that operators face.

Firstly, by developing pure digital brands, telecom operators can foster faster growth. Many companies already have a plan for digital transformation but it’s often a long and protracted programme. What might work more efficiently is to create a specific digital brand to test innovation, new distribution channels and brand-new offers. For instance, Verizon’s Visible, is one such brand, created to explore the digital-first approach and specifically target digital natives. It has launched the innovative Party Pay programme, which enables up to four people to share a single plan to reduce the cost of unlimited data, creating a “community” approach and flexibility in the choice of members.

As mentioned earlier, a full digital experience is now completely possible thanks to technologies such as eSIM solutions, online ID verification, also referred to as eKYC (electronic Know Your Customer), and 5G. However, operators need to be careful to ensure a good quality of customer experience throughout their journey as people are used to great digital experiences in other walks of life.

In terms of the changes that need to be made internally, existing back-end systems are typically not adaptable to a digital experience, often instead requiring extra layers to plug on it to provide consumers with a full digital experience – which should be a key consideration before undergoing this change.

EL: Indeed, some telecom operators have found it difficult to offer a flexible user experience due to their existing IT infrastructure. One operator even told us they have 25 different systems in place and each time they want to implement something new they were concerned there would be a knock-on effect elsewhere.

Resistance from IT departments can also be a major pain point for Telecom marketers, so any digital implementation should cover an end-to-end digital offer without impacting legacy systems.

Another issue is logistics. It is never easy to distribute physical goods quickly, but now we have had to in the context of the pandemic. Digital distribution is for sure the most efficient channel, and with increasing adoption of eSIM this has also become much easier.

DB: Organisationally, there is a need to have a specific, agile team dedicated to digital projects. For example, if you have an application but are not able to update it regularly to create interest for the end user, it will become useless.

Also, people download a lot of applications, but after a few weeks they delete many of them, and here it is exactly the same. You can create stickiness with end users with a good proposition, but for that you need to have the right tools and be more flexible than you can with outdated IT legacy systems.

How does Thales’ value proposition works for telecom operators and what are the expected benefits?

EL: We’ve put together a whole journey, called Thales Trusted Digital Journey which helps mobile operators to switch to offering a full digital experience for their customers. This includes identification, billing, access to the connectivity service and customer care. It’s a complete end-to-end digital solution – in fact a complete ‘digital operator’ in white label form, which can be combined with eSIM management. We can also provide tools enabling trusted digital identities and mobile payments as well as delivering digital BSSs (Business Support Systems) that plug into existing legacy systems.

DB: We also have the means to measure the benefits for telecom operators.

Our approach facilitates full deployment in a short timeframe, and gives operators the ability to launch new offers on any digital channel in days instead of months. Moreover, the benefits are clear and quantifiable.

For example, at the crucial first step of enrollment and subscription, the Trusted Digital Journey enables Telcos to improve user completion rates from 52% to 80%. McKinsey even estimates that a full digital transformation could help mobile operators nearly double cash flow conversions within five years.

Moving forward, what digital technologies do you think will further support telcos and their customers?

EL: Without doubt, technologies such as AI and machine learning can fully transform the telecom industry in a number of ways; this includes decision-making, by helping operators to anticipate and predict the right service offers for customers, based on their habits and past preferences. However, such solutions must guarantee privacy and compliance with local regulations.

From an operations standpoint, AI could also be used to streamline operations by anticipating peaks in network traffic and the like. In addition, those technologies are also enabling the deployment of augmented solutions, leveraging existing solutions in place and human domain expertise to create an enhanced hybrid experience.

If you are in interested in helping create a seamless digital experience for your mobile customers, you can find out more about the Thales Trusted Digital Journey at our webpage.

The post How telecom operators can address the challenges of ‘going digital’ appeared first on Cybersecurity Insiders.


March 26, 2021 at 09:10PM

Four clever ways smart technology can help create big energy savings

Every year, at 8:30 pm local time on the last Saturday of March, millions of people across the world join in raising awareness of the issues facing our planet for Earth Hour. Started by WWF (World Wildlife Fund) and partners as a symbolic lights-out event in Sydney in 2007, the event is now one of the world’s largest grassroots movements for the environment.

However, Earth Hour goes far beyond the symbolic action of switching off lights – it has become a catalyst to reflect on ways we can create a positive environmental impact by reducing our energy usage and driving major legislative changes by harnessing the power of the people and collective action.

It’s well known that innovation in smart technology is already significantly improving countless parts of society. Indeed, the benefits of using smart meters to monitor and reduce our energy use has been well documented. Looking at the four groundbreaking examples below, we also wanted to detail some of the ways that smart tech can help slash how much power we use as a society.

Charging Electric Vehicles in off-peak periods

Electric vehicle (EV) use is gathering pace around the world. In fact, Western Europe saw a new record number of registrations of battery electric vehicles in December 2020. And, with governments across the world banning the sale of new petrol and diesel cars from as early as 2030, this trend towards electric vehicles is only expected to rise.

Obviously, the drive towards EVs is great news for the environment, as it reduces our dependence on the scarcest fossil fuels. However, this is not the only benefit when it comes to saving energy. The connected nature of these cars also enables consumers to set up a mode that means their EV only charges during off-peak energy usage times, putting a lower load on the grid for energy manufacturers, while also providing cost savings as a bonus for consumers. In fact, it is estimated that off-peak charging would cost consumers £110 a year to power their car, versus £280 for charging at peak times – a significant saving.

With a smoother and more predictable energy demand curve, energy companies are also able to boost the proportion of green energy in total energy production.

Smart factories tweaking their power load

Industry at large can also benefit from the introduction of smart technology. By using IoT sensors, for example, companies can collect detailed analytics and enable real-time monitoring to track energy consumption. With this data in hand, factory owners can see in real-time when energy spikes are occurring, predict seasonal demand, and can help determine if there are any ‘energy leakages’.

One practical example of these sensors in action can be seen by looking at the example of the Schneider Electric factory in Kentucky. Through IoT analytics, it achieved a 12% reduction in energy consumption over the course of three years. Using IoT-enabled energy monitoring allowed them to solve issues that were core to hindering the plant from its real energy conservation efforts. In turn, this not only saved the company money but also paved the way for the true implementation of Industry 4.0 and the predictive maintenance of machinery.

Heating and cooling systems that learn your movements

Smart heating and cooling controls are the unsung heroes of energy savings in the workplace and in the household. With geolocation sensors embedded inside, many of these devices switch off the heating or air conditioning automatically when people aren’t using a room.

In addition, these energy management systems learn household and workplace schedules and adjust heating routines accordingly, as well as showing consumers how much energy they’ve saved through heating controls. Personalising the amount of heat or air conditioning needed based on demand in each operational area can save a lot of energy and money.

Smart grids to help reduce energy wastage

Smart grids can be truly transformative in the way we manage energy consumption and will be a key component of the EU’s goal to be carbon neutral by 2050.

By enabling a two-way flow of electricity and data, smart grids can detect, react to and predict changes in usage and multiple issues. Not only do these grids allow a more efficient transmission of electricity, but they also provide a quicker restoration of electricity after power disturbances, and reduced operations and management costs for utilities – ultimately lowering power costs for consumers, who can track their energy use in real-time via a smart meter.

By looking at these four innovative ways to save and better manage energy use, it’s clear to see how the IoT is having a truly transformative impact on industry, businesses and our home lives in a variety of important ways. This will not only benefit manufacturers and consumers but also society as a whole, as we can rely on more personalised energy use and analytics to save money and to limit our impact on the environment. It will be fascinating to watch as the energy industry truly transforms in the coming years.

 

The post Four clever ways smart technology can help create big energy savings appeared first on Cybersecurity Insiders.


March 26, 2021 at 09:10PM