Archive for August 3, 2022

Commvault Named a Leader for 11th Consecutive Year in Gartner Magic Quadrant

Posted in Commentary with tags on August 3, 2022 by itnerd

Commvault, a global enterprise leader in cloud data management, today announced that it has been positioned by Gartner as a “Leader” in its most recent report: “2022 Gartner Magic Quadrant for Enterprise Backup and Recovery Software Solutions.”[1]

The 2022 Gartner Magic Quadrant evaluates vendors based on a range of factors, including completeness of vision and ability to execute.

As enterprise IT organizations are faced with challenges such as ransomware attacks, rampant data proliferation, rising security threats, and resource limitations, they need solutions that not only protect against these threats, but also detect them before they happen. As a result, customers are turning to Commvault to mitigate risk with its integrated software and SaaS solution for air-gapped ransomware protection. Additionally, Commvault expanded its portfolio to include Threatwise™ which gives customers extended end-to-end proactive and responsive ransomware protection. 

Commvault continues to expand its offerings with its broad partner ecosystem to engineer and deliver solutions designed to change the face of the hybrid cloud for customers. Most recently, Commvault partnered with Oracle to include Metallic Data Management as a Service (DMaaS) on Oracle Cloud. As part of Commvault’s multi-cloud strategy, Metallic’s industry-leading services will be offered on Oracle Cloud Infrastructure (OCI) and available in all commercial OCI regions globally. 

To read the 2022 Gartner Magic Quadrant for Enterprise Backup and Recovery Software Solutions report, visit: https://www.commvault.com/itleaders

I’ve Spotted Another Phishing #Scam Involving TD Bank That’s Delivered By Text Message

Posted in Commentary with tags on August 3, 2022 by itnerd

It seems that a phishing scam involving TD Bank is back. Like the last one, it is delivered by text message. Specifically looking like this:

Now a quick look at the URL should tell you that wasn’t sent by TD Bank as their official URL is td.com in Canada and tdbank.com in the US. But a few people might be fooled by this as the URL starts with “TD”. Remember, a scam doesn’t have to be successful in quantity to be successful.

In any case, if you click on the URL, which by the way you should NEVER EVER DO, this is what you will see:

You get taken to an exact clone of the TD website. I got my wife to have a look at this as she’s a TD customer and she confirmed that this website is so good, there’s almost no difference between this phishing website and the real website. Thus it might fool people.

So this is where I got curious, I typed in a bogus credit card number and a password that was nonsensical and was promptly presented with this when I clicked login:

So this website actually takes into account two factor authentication. Very sophisticated as at first glance they are either trying to convince you that this is the real website, and/or they want to get your mobile number to do a SIM swap or something similar so that they can take control or you bank account. Bonus points for that. Though this website didn’t validate the bogus card number I put in. So I’ll deduct some points for that. For giggles, I clicked call me where I expected a prompt for a phone number. Instead I got this:

Well that’s a wee bit of a mistake But I am pretty sure that they are assuming that you will click on “text me” rather than call me. Thought it really doesn’t matter at this point because if you actually typed in your real TD card number and password in the previous steps, you’ve been pwned and your bank account will be drained in short order. And the fact that they didn’t ask for a phone number means that they were simply trying to gain your confidence that this was the real website.

I should note that when I tested this in Safari on macOS, it was spotted as a deceptive website right away. Ditto for Firefox on macOS. But that wasn’t the case in Chrome on macOS or Edge on macOS which allowed me to access the site to take these screen shots. That interesting. And not in a good way if you’re a Chrome or Edge user.

In any case, I reported this to TD and sent them all the documentation that they requested. Though the last time that I came across a scam like this, TD wouldn’t or couldn’t shut the scam down. Thus I am not holding my breath in terms of TD taking action on this. Which means that you need to be on your toes as this example proves that the bad guys are getting more and more savvy when it comes to their attempts to separate you from your money.

Equinix Expands Its Digital Services To Empower Canadian Business From Coast To Coast

Posted in Commentary with tags on August 3, 2022 by itnerd

Equinix, Inc., the world’s digital infrastructure company™, today announced a series of product expansions to empower Canadian businesses from coast to coast. The enhanced offerings include the expansion of Network Edge to Vancouver, the launch of Equinix Managed Services in Canada – the first time it has been offered in North America; as well as the enhanced portfolio of offerings in Western Canada and Montreal. With the expansion of latest offerings, Equinix continues its investment in region to bring the full value of Platform Equinix and its portfolio of solutions to businesses across Canada. 

Equinix will be expanding its Network Edge service to Vancouver, British Columbia, marking the latest expansion of the service which is also available in Toronto and Montreal.  As a result, Equinix will empower businesses from coast to coast to build virtual infrastructure at scale while deploying network services at a predictable cost with no additional hardware. 

Equinix is launching its Equinix Managed Services offering to all Canadian customers, which is the first time the service will be offered in North America. Managed Services offers customers an optimized way of consuming market leading technology and services while accelerating time-to-market through pre-provisioned, and scalable infrastructure. 

By having Equinix manage technology lifecycle, capacity, configurations, and procurement, businesses can reduce IT cost and complexity, while being able to scale up or down as needed, without unpredictable costs or worrying about supply chain hardware shortages.  

Equinix will also be expanding its portfolio of services at its Kamloops and Vancouver Data Centers. Businesses will now be able to access Equinix Fabric, Equinix Internet Access, and Equinix Precision Time. Additionally, customers in Montreal will be able to now access Equinix Internet Exchange – which is the second metro in Canada to offer the service after Toronto.  

According to Equinix’s latest Global Tech Trends Survey, the majority of Canadian IT decision-makers (52%) report more aggressive IT strategies and 55% said they are further along in their digital transformation journeys as a result of the COVID-19 pandemic. Additionally, more than a third (39%) of global respondents said they plan to facilitate global expansion plans by deploying virtually via the cloud. As a result, businesses are increasingly moving to a virtualized, multicloud approach to reduce costs and mitigate risks including hardware supply issues. 

Highlights/Key Facts:

  • Designed to accelerate digital transformation for global businesses, Network Edge by Equinix offers enterprises a new way to deploy virtual network services, within minutes, at the digital edge without a physical data center deployment or hardware requirements.
  • Network Edge enables companies to reduce capital expenses and scale IT and network services globally by virtually deploying digital-ready infrastructure. By utilizing network functions virtualization (NFV), Network Edge offers customers the choice of virtual network services from leading vendors.
  • Equinix Managed Services in Canada offer services for digital transformation that include the replacement, modernization and expansion of the IT environment.  Backed by stringent Service Level Agreements (SLA), these services help to solve data challenges through secure, flexible and scalable solutions. We use best practices with a variety of technical certifications to ensure world-class performance, flexibility and reliability. This provides up-to-date insights in IT infrastructure and data to optimize performance, availability, security and cost efficiency.
  • Customers across Canada and from around the world can access Equinix Managed Services today through nodes in Calgary, Greater Toronto Area, Montreal and Saint John.
  • Equinix Fabric is a software-defined interconnection service that allows any business to connect between its own distributed infrastructure and to any other company’s infrastructure on Platform Equinix. With Equinix Fabric integration built into both Network Edge and Equinix Metal over the trusted Equinix platform, digital leaders can bring together all the right places, partners and possibilities to create the foundational infrastructure needed to succeed.
  • Equinix Precision Time is a network timing service globally available on Platform Equinix that’s designed to help enterprises that require precise time synchronization to run critical applications more effectively and securely. 
  • Equinix Internet Access provides internet access in Equinix International Business Exchange™ (IBX®) data centers. With at least two upstream ISPs in each market, Equinix Internet Access offers the resiliency that organizations demand and direct connections to major content destinations for superior performance.
  • Equinix Internet Exchange enables networks, content providers and large enterprises to exchange internet traffic through the largest global peering solution across more than 30 markets.
  • Equinix now operates 15 high-quality International Business Exchange™ (IBX®) data centers coast to coast in Canada with six Toronto facilities three in Calgary, and one in each of the following metros: Kamloops, Montreal, Ottawa, Saint John, Vancouver and Winnipeg.

Equinix is the world’s digital infrastructure company, enabling digital leaders to harness a trusted platform to bring together and interconnect the foundational infrastructure that powers their success. Equinix enables today’s businesses to access all the right places, partners and possibilities they need to accelerate advantage. With Equinix, they can scale with agility, speed the launch of digital services, deliver world-class experiences and multiply their value.

Nozomi Networks Releases 2022 1H Threat Landscape Report

Posted in Commentary with tags on August 3, 2022 by itnerd

Nozomi Networks, the leading OT and IoT security and visibility solution, has released its 2022 1H Threat Landscape Report. In this report, Nozomi Networks Labs analyzes the current threat landscape, ransomware and IoT botnet attacks, ICS, OT/IoT device vulnerability and exploitation trends, and steps to improve cyber threat remediation strategies. 

Nozomi Networks Labs explores key threat mitigations for more robust security, including backups, threat intelligence, cloud security, threat detection, and SBOMs. Based on this latest analysis, Nozomi Networks provides a forecast with some of the critical cybersecurity trends they expect to see throughout the rest of 2022. 

High level report takeaway from Roya Gordon, OT/IoT Security Research Evangelist and Nozomi Networks Labs:

  • With added IoT and analytics technologies for business efficiency come security concerns for both hard-coded passwords and internet interfaces for end-user credentials, in addition to networks security gaps and concerns 
  • Manufacturing and energy continue to lead in threat actor activity, however, healthcare, and commercial facilities targeting is on the rise 
  • As each sector becomes more targeted, unique risks arise for each, growing the overall risk landscape across critical infrastructure sectors 
  • Fewer CVEs recorded, however, more vendors and additional product vulnerabilities reported as we see threat actors more carefully tailoring attacks to specific environments and use cases 
  • Decision makers are inundated with information, including security research and threat reports, but they often don’t equate to actionable intelligence in lieu of mounting vulnerabilities – some manageable and others un-patchable 
  • Good quote: “Most reported critical weaknesses include misused authentication, improper access controls, and integer overflow variables.”

Thoughts on trend analysis from Danielle Jablanski, OT Cybersecurity Strategist at Nozomi Networks:

  • Threat actors are doing their homework, focusing on techniques to maintain access undetected, and mitigating potential unintended consequences. 
  • There has been broad realization that operations that tolerate little to no physical downtime are lucrative targets, with seemingly no sector off limits – food, hospitals, transportation 
  • It remains difficult to standardize attack patterns in OT/ICS, and case-by-case tacit knowledge is required to sufficiently secure each operation based on what is treated, produced, fabricated, manufactured, pumped, assembled, etc. 
  • Supply chain manipulation and chain of custody concerns for OT and ICS, as well as the potential to hijack native functionality of these systems, represents a more pressing concern in this domain than traditional zero days software vulnerabilities 
  • OT/ICS owners and operators underappreciated the potential effects of social engineering campaigns on their companies and environments 
  • Cyber-attacks on critical infrastructure are not just a force multiplier in times of crisis or conflict, but can also overwhelm local resources and cause public panic and require appropriate risk reduction and contingency planning 
    • One of the most heroic events in any ICS sector took place in March 2022 as a result of the Russian invasion of Ukraine when Ukraine securely integrated with Europe’s power grid due to market, regulatory, cybersecurity and legal concerns. 
  • Companies and individuals are still mostly reacting to security incidents, rather than reducing the severity of potential impacts 
  • The looming threat of highly sophisticated, often nation-state level attacks, narrows focus to threat hunting at the expense of other indicators worth investigating 
  • Limited resources, lack of technical competency, talent and expertise gaps, and siloed communications continue to be notable hurdles to the holistic adoption of security best practices 
  • Market for cyber insurance is at a critical inflection point, recognizing that although the sensitivity of data across many industrial sectors is not extremely high, the potential for business disruption and severe physical impacts by cyber means remains high 
    • Fewer providers offering coverage and premiums increasing, and most recently Travelers insurance has filed suit to rescind cyber insurance policy coverage to a customer for allegedly misrepresenting information gathered on their coverage application concerning their use and implementation of multi-factor authentication 

Executive Summary: https://www.nozominetworks.com/downloads/Nozomi-Networks-OT-IoT-Security-Report-ES-2022-1H.pdf

Full Report: https://www.nozominetworks.com/downloads/Nozomi-Networks-OT-IoT-Security-Report-2022-1H.pdf

A webinar will occur. You can register: here

Guest Post: Ransomware hackers drained over 30 terabytes of sensitive data in 2022

Posted in Commentary with tags on August 3, 2022 by itnerd

Ransomware attacks have been terrorizing businesses of all sizes and industries worldwide. According to the data presented by the Atlas VPN team, ransomware hackers stole over 30 terabytes (TB) of personal and other sensitive data throughout more than 300 attacks in 2022.

In January, ransomware hackers stole 5 TB of personal data. Ransomware attacks in February locked out businesses out of 7 more TB of data. Ransomware hackers stole 16 TB of personal data during March, the most out of all months.

In April, ransomware hackers locked 3 more TB of data. While during May, the total amount of stolen personal data through ransomware attacks accumulated to 34 TB and remained the same until the end of June.

In February, the largest semiconductor chip company Nvidia suffered a major ransomware attack. Hackers from the group Lapsus$ claimed they stole 1TB in exfiltrated company data and demanded a $1 million ransom.

Cybersecurity writer at Atlas VPN Vilius Kardelis shares his thoughts on ransomware attacks:

“Ransomware has become more efficient and devastating in its attacks. Businesses should be prepared for their most confidential information to be taken and potentially exposed or sold on the internet. To mitigate the impact of ransomware attacks, companies must build resilience and report the cases to competent authorities.”

Ransomware remains dangerous

While some hackers might have taken a summer break, the ransomware threat continues to loom. Throughout the first half of 2022, businesses suffered 320 ransomware incidents.

In January, businesses reported 25 ransomware incidents. Next month, ransomware attacks skyrocketed by 116% to 54 incidents. Hackers performed 92 attacks against companies in March, bringing the total incident count in the first quarter of 2022 to 171.

The second quarter started with 113 total ransomware attacks in April, the most so far. Despite that, businesses suffered 32 incidents in May, about 72% less than the previous month. Throughout June, hackers attacked businesses with ransomware just 4 times.

To read the full article, head over to: https://atlasvpn.com/blog/ransomware-hackers-drained-over-30-terabytes-of-sensitive-data-in-2022

New Phishing Attack: American Express & Snapchat Exploited To Manipulate Victims Using Open Redirects

Posted in Commentary on August 3, 2022 by itnerd

INKY has released its newest discovery of hackers sending phishing emails that took advantage of open redirect vulnerabilities affecting American Express and Snapchat domains.

In both the Snapchat and the American Express exploits, hackers inserted personally identifiable information (PII) into the URL so that the malicious landing pages are customizable on the fly for the individual victims.   

Phishing emails in the Snapchat open redirect group impersonated DocuSign, FedEx, and Microsoft, which led to Microsoft credential harvesting sites.

You can read the full report here.