Connect with us

Featured

Cyber arms race escaletes

Published

on

In the ongoing, constantly-escalating security arms race, what do new vulnerabilities in our networks and data-centers look like?  Doros Hadjizenonos, country manager, Check Point SA offers his predictions.

The more things change, the more they stay the same.” Jean-Baptiste Alphonse Karr’s famous line resonated back in the 19th century Parisian literary circles, and it resonates today in the 21st century cyber security industry. With every new tool and technology introduced into the business IT environment, new vulnerabilities follow — ripe for cybercriminals and hackers’ hopes of making either a dishonest dollar or cause disruption, fear, uncertainty and doubts in the minds of the general public.

In this ongoing, constantly-escalating security arms race, what do new vulnerabilities in our networks and data-centers look like?  Here are Check Point’s predictions for 2018.

Ransomware & Malware Multiply

Ransomware has been a cash cow for criminals, as well as a disguise for more destructive purposes; for example, Petya looked like ransomware but caused damage by locking up data.  All types of users – from consumers to corporations – have fallen prey to ransomware, causing reasonable suspicion that it will continue to grow.  We can expect to see large, orchestrated worldwide outbreaks along the lines of the early 2017 WannaCry attack.  We can also expect to see criminals getting creative in their extortion tactics, tactics such as “if you infect two contacts, we’ll give you your data back at a lower cost.”

Overall, as operating systems beef up their security, we expect to see a decline in the use of exploits to target vulnerabilities, in favor of an increase in the use of human-error driven basic hacking techniques. However, targeted attacks using sophisticated, nation-state sponsored weaponized tools are emerging, and the rate of attack is likely continue to rise.

Cloud Concerns

Utilization of server-less computing and data storage in the cloud is becoming more widely adopted in business. However, it’s worth remembering that cloud technology and the infrastructure that supports it is relatively new and evolving, and that there are still serious security concerns that provide a backdoor for hackers to access enterprise systems and spread rapidly across networks.  Misconceptions about the responsibilities and level of security needed operate safely within a cloud environment are common – as are misconfigurations – which leave the door open to breaches.

During 2017, over 50% of security incidents handled by Check Point’s incident response team were cloud-related, and more than 50% of those were account takeovers of SaaS apps or hosted servers.  With the increased use of cloud-based file sharing services, data leaks will continue to be a major concern for organizations moving to the cloud. This was seen most recently when a breach at consultancy firm, Deloitte  enabled hackers to access confidential records of several clients.

The growing adoption of SaaS-based email such as Office 365 and Google’s G-Suite makes for attractive cybercrime targets, and we expect cybercriminals to ramp up their cloud attacks during 2018.

Mobile mishaps

Mobile devices are part of the business IT fabric everywhere, yet they continue to be rarely, if ever, secured appropriately, in light of the vulnerability risk they present. We’ll continue to discover flaws in mobile operating systems that highlight the need for organizations to take a more serious approach to the protection of their mobile infrastructure and end-point devices against malware, spyware, and other cyber-attacks.

Mobile malware will continue to proliferate, especially mobile banking malware, as Malware as a Service (MaaS) keeps trending upward.  MaaS allows threat actors of lower the technical barriers to launching attacks.  Cryptominers also gained prominence in 2017, and we can expect to see more cryptomining malware being dropped onto mobile devices to harvest cryptocurrencies for criminals in the near future.

Critical Infrastructure

The majority of critical infrastructure networks were designed and built before the threat of cyberattacks. Whether the target involves telephone/mobile phone networks, electrical grids, power plants, or water treatment plants, it speaks to our good luck that there hasn’t been a large-scale, successful attack on critical infrastructure that impacts millions of people… yet. The DDoS attack against domain directory service DynDNS in 2016, which caused an internet outage affecting users of large web businesses such as Netflix and Amazon, provides a glimpse of what is possible in critical infrastructure cyberattack.  An attack of this type and scale will happen, and it would not be surprising to see it happen in the next 12 months.

Internet of (Insecure) Things

As more smart devices are built into the fabric of enterprise networks, organizations will need to start using better security practices for their networks and the devices themselves.

The potential attack surface expands with the growth of IoT device usage, and attacks on compromised IoT devices will continue to grow. We will see more variations of the Mirai and BlueBorne attacks coming our way in 2018.    Better security practices in IoT will be critical for preventing large-scale attacks – and may even need to be enforced by international regulation.

For every business opportunity that our hyper-connected world is creating, that same hyper-connectivity creates criminal opportunity for cyber attackers. Every environment is a potential target:  enterprise networks, cloud, mobile, and IoT connected devices.   Defending these networks require proactivity: pre-emptively blocking threats before they can infect and damage.  By using threat intelligence to power consolidated, unified security measures, businesses can automatically protect against new and emerging types of attack, across all environments.  Proactivity coupled with innovation marks the path to winning the cybersecurity arms race.

Featured

AppDate: Prepare for space

In this week’s AppDate, SEAN BACHER highlights Space Nation Navigator, Hitman Sniper, Snake Mask, Memrise, WhatsApp Web, and Carrot Weather.

Published

on

Space Nation Navigator

Space Nation Navigator is a bit of a strange app. It is part game, part exercise and part educational. On the game side, users have to navigate the Mars Rover, put the International Space Station back into orbit or move their Martians to safety before a sand storm hits Mars. When it comes to exercise, Space Nation Navigator provides users with a range of exercises and Yoga videos to prepare them for space travel and working in an anti-gravity environment. The education aspect teaches users about the planets, and star constellations, and then offers quizzes on what has been taught.

Platform: Android and iOS

Cost: A free download.

Stockists: Visit the store linked to your device.

 

Memrise

Memrise takes a new approach to help people learn new languages. Instead of providing a user with random phrases and words to memorise, the app connects you with a person already fluent in the language you want to learn. In turn, the person you are speaking to wants to learn the language in which you are fluent. Once your profile is filled out and languages selected, it connects you with people around the world who are interested in your language, and then allows you to chat with them in real-time. Memrise also lets one learn new languages through games, chatbots and grammarbots that help with spelling, tenses and pronunciations.

Platform: Android and iOS

Cost: A free download.

Stockists: Visit the store linked to your device.

 

Hitman Sniper

Hitman Sniper is loosely based on the Agent 47 movie released a few years ago. The game offers players the ability to hone their shooting skills through a range of training courses and, once they think they are ready, they can start taking out the bad guys. Things start off easy enough, but they get more and more difficult as one progresses through the 150 missions on offer. One will also have to upgrade various gun components, like scopes, magazine capacities and silencers, to make the missions a little easier. Hitman Sniper lets users buy 16 to tackle each of the missions – either with real money or via the points accumulated by completing missions. Money and points can also be used to upgrade firearms.

Platform: Android and iOS

Cost: R7 – with a range of in-app purchases.

Stockists: Visit the store linked to your device.

 

Snake Mask

The iconic Snake game that was preinstalled on most older Nokia phones has had a complete make-over. It now uses Facebook’s AR technology, meaning that you have to navigate the snake around obstacles in your home or office, all the while collecting coins and stars that change the snake’s speed and length. Unfortunately, Snake Mask is only available on Nokia’s new range of smartphones. However, it should not take long before it slithers onto other devices.

 

Platform: New Nokia smartphones running Android.

Cost: Free to use through the Facebook app installed on the device.

Stockists: Available through the Facebook app.

 

WhatsApp Web

Although this is by no means a new app, it is an extremely useful one, and one that not many people know about. Tapping out WhatsApps on your phone is easy enough, but thanks to WhatsApp Web it can be even easier. Open the WhatApp Web page under WhatsApp and you will see a QR code. Scan this code through WhatsApp on your mobile and you will be shown a replica of what you would normally see on your phone. You can then type and reply to messages using your computer instead of having to stop everything and unlock your phone every time a message comes through. WhatsApp Web is great if you share your computer with other people as it automatically disconnects when the browser is closed. However WhatsApp also offers an app that when installed will stay connected to your phone unless you manually remove it.

 

Platform: Any up-to-date Internet browser

Cost: Free to use and install

Stockists: Visit www.WhatsApp.com

 

Carrot Weather

There are thousands of weather apps on the Internet these days and all of them do the same thing – inform you of the weather in your area. However, Carrot Weather has taken what is just another app and turned it into something fun. By fun, I mean sarcastic, rude and completely politically incorrect. A user starts off by selecting religious and political views. It then asks about personality, ranging from friendly to homicidal to overkill – which includes profanity. So, for instance, instead of waking up to to the standard partly cloudy forecast, Carrot Weather will display something like: “It’s only partly sunny, the sun is a total effing failure.” It also has a range of insults that it throws at you whenever you open the app – some of them downright insulting, so it is definitely not for those who are easily offended. The app’s user interface is very simple, displaying a week’s daily forecast and hourly forecasts for the day selected.

Platform: Android and iOS

Cost: Free to download but with adverts. The premium, advert free version costs R12 per month.

Stockists: Visit the store linked to your device.

* Sean Bacher is editor of Gadget.co.za. Follow him on Twitter on @SeanBacher

Continue Reading

Featured

SA Start-up reinvents PABX

For any South African business, the idea of setting up or changing a telephonic switchboard system is the stuff of nightmares. Dealing with expensive hardware and hearing things like QSIG and VOIP is not what you’d call exciting.But now there is an app.

Published

on

Enter BuzzBox (www.buzzboxcloud.co.za), a web-based telephone switchboard that is aimed at small and medium sized businesses wanting to take the hassle and cost out of the company switchboard. Whether you are a small one-man operation or a larger organisation with staff working remotely, BuzzBox is the best switchboard solution.

What sets BuzzBox apart from anything else on the market is its easy-to-use dashboard. It puts you in control of everything from picking your phone number to setting up voice prompts and managing your business-hours schedule.

BuzzBox was developed when the startup behind it, Jini-Guru, needed such a service for its own use across multiple continents. “When we started Jini-Guru we could not find a seamless online process that would allow us to set up a full web-based switchboard, so we decided to build one for ourselves,” says Mike Smits, Director at Jini-Guru.

He says a lot of startups today are tech savvy and know how to use apps and the services that go with it. “It’s the uberisation of services and its driving demand for instant service activation.”

BuzzBox works as an app on both iOS and Android but users wanting a desk phone option can choose from a variety of devices on offer or use their existing VOIP phones.

Setting up a BuzzBox account takes 5 minutes. During registration your FICA documents are uploaded [ID and proof or residence] and you get to pick your phone number before the account is created. Companies that want to keep an existing number can do so too.

The real magic happens when you log on to the BuzzBox Dashboard. The main screen displays a summary of statistics for your account while the left-hand menu provides you quick access to various configuration settings and reports.

Setting up new extensions or external numbers is done with a few clicks and you can even set up various departments which is a great way to route a call to various people in a department, like sales or support.

The intuitive user interface also makes it easy to set up hold-music and voice prompts. You can add voice prompts by recording them straight to your phone, just make sure you use a clear voice with quiet surroundings for the best customer experience.

One of the main features of BuzzBox is its call recording feature that allows an organisation to record calls for legislative purposes, such as a lawyer, or for customer service purposes such as support. Recordings are stored securely online, and you have the ability to download recordings for playback. Companies can opt-in for this service and it’s free to use. Recordings are stored online and are fully encrypted so only you can listen to, or download them. Storage costs R1 for every 1000 minutes of stored recordings.

Other features include call forwarding and scheduling. The latter allows you to set office hours for your organisation which will divert calls to an after-hours messaging service. You also have the option to enable routing to an employee who is on call after hours.

BuzzBox also has a reseller program for companies wanting to offer this as a switchboard solution to their existing customers.

The costs for this service is R89 p/m for the first phone number which includes your first extension for free. Thereafter you’ll pay R89p/m per extension. Calls between extensions are free but you pay per second for all outgoing phone calls. More info on pricing can be found here: https://buzzboxcloud.co.za/pricing/

BuzzBox is offering a Launch promotion where they are offering the first line and extension free for 12 months. Only pay for calls. Use promo code “feoifyaa” during sign-up to apply your discount.

Continue Reading

Trending

Copyright © 2018 World Wide Worx