The IT Nerd

ESET has put up a blog post titled, “Patch or perish: How organizations can master vulnerability management” that I think those who are responsible for patching all the things should read.

Cybercriminals are moving faster than ever, with vulnerability exploitation now a leading cause of ransomware attacks and data breaches. A recent report found that observed cases of vulnerability exploitation tripled in 2023 alone. Yet, with record-high CVEs and shrinking patching windows, many organizations are struggling to keep up. 

ESET’s latest blog post insights dive into: 

• Why organizations are overwhelmed by a relentless surge in software vulnerabilities 
• The rise of zero-day exploits and perimeter-based attacks 
• How AI-driven threat actors are making patching even more urgent 
• Actionable steps to automate and prioritize vulnerability management 

You can read the blog post here.

 ESET today announced its upgraded consumer offering, ESET HOME Security, with new features, such as ESET Folder Guard, Multithread Scanning, and Identity Protection featuring Dark Web Monitoring. These enhancements to ESET HOME Security, as an all-in-one solution for consumers, correspond to the increasing number of advanced, automated, and AI-driven threats targeting individuals and address growing concerns about data privacy, ransomware attacks, phishing, and scams.  

ESET HOME Security is available across all major operating systems—Windows, macOS, Android, iOS—and covers all typical smart home devices. Improvements have been made to enhance the existing layers of protection, including upgrades to the Link Scanner and Password Manager. Security for Mac users has been improved with a new unified Firewall offering both basic and advanced setup options in the main Graphical User Interface (GUI).  

Some of the top new and improved features include:  

New Dark Web Monitoring — ESET Identity Protection is now available in Canada, providing users with advanced tools to safeguard their personal information. This feature scours the dark web, black market chat rooms, blogs, and other data sources for the illegal trading and selling of personal data. ESET’s cutting-edge technology delivers prompt alerts, enabling users to take immediate action and mitigate potential identity theft risks. 

New ESET Folder Guard — This technology helps protect Windows users’ valuable data from malicious apps and threats, such as ransomware, worms, and wipers (malware that can damage users’ data). Users can create a list of protected folders — files in these folders can’t be modified or deleted by untrusted applications.   

New Multithread Scanning — Improves scanning performance for multi-core processor devices using Windows by distributing scanning requests among available CPU cores. There can be as many scanning threads as the machine has processor cores. 

Improved Gamer Mode — This feature is for users who demand uninterrupted usage of their software without pop-up windows and want to minimize CPU usage. The improved version allows users to create a list of apps automatically starting gamer mode. For cautious players, there is also a new option to display interactive alerts while gamer mode is running.  

This robust all-in-one security product is an ideal solution for all who have concerns beyond general cybersecurity, and it includes privacy protection, identity protection, performance optimization, device protection, and smart home protection. Because in a world of advanced cyberthreats, quality matters. 

More information about the consumer offering and subscription tiers can be found here. 

ESET North America proudly celebrated the Canadian winners of the Ninth Annual Women in Cybersecurity Scholarship at an event held at the ESET Canada office. The winners, Aidan Gurung from Gloucester, Ontario, and Lauren Hendley from Carp, Ontario, were recognized for their outstanding achievements and contributions to the field of cybersecurity.

Although Aidan could not be in attendance, the event highlighted the exceptional accomplishments of these two young women and featured a series of special recognitions:

• Meet and Greet with the ESET Team:  The ESET Canada team, including members of the head office in Markham and Jean-Ian Boutin, Director of Threat Research at the ESET Research Centre of Montreal,personally congratulated Lauren, several finalists, as well as previous winners, acknowledging their dedication to cybersecurity and STEM education.
• Video Message from local MP: Melissa Lantsman, Member of Parliament, Thornhill, Ontario, sent a heartfelt video message congratulating Aidan and Lauren and emphasizing the importance of their accomplishments in the male-dominated field of cybersecurity.
• Certificates from local MPP: Laura Smith, Member of the Provincial Parliament and Parliamentary Assistant to the Minister of Children, Community, and Social Services, sent congratulatory certificates on behalf of the Province of Ontario, recognizing the winners’ exceptional achievements and extending best wishes for their future endeavours.

Lauren Hendley was influenced by her father’s industry involvement and early programming experiences, Lauren’s passion for technology and cybersecurity was ignited in grade 12 when she co-founded her school’s Computer Science Club and competed in CyberPatriot. Lauren has been accepted to the University of Ottawa for an Honours Bachelor of Science in Computer Science (COOP Program), with a focus on cybersecurity and Artificial Intelligence. Lauren emphasized the importance of showing women they are necessary and capable in a male-dominated field.

Through her experiences growing up in Nepal, Aidan Gurung, witnessed the importance of education and ethical standards in technological innovation. Her passion for EdTech and cybersecurity education has led her to pursue a master’s degree at the University of Cambridge. Aidan expressed her gratitude to ESET for supporting students like herself who aim to improve the technology landscape with a focus on ethics.

This scholarship is an annual initiative, and interested women should keep an eye on the WICS site for updates in 2025. Find out more here.

ESET today announced that Tony Anscombe,  Cyber Security Evangelist at ESET, will be the emcee for the Developer Track: FullSTK at this year’s Collision Conference. With topics ranging from AI and privacy to future tech, Anscombe will introduce and shed light on a range of critical technology topics during the event, which brings together the product managers, data scientists, coders and engineers programming the future to talk tech. 

Tony Anscombe brings a wealth of experience to the stage as Cyber Security Evangelist at ESET, having spoken at renowned industry conferences such as RSA, Black Hat, Infosec, Gartner Risk and Security Summit, and the Child Internet Safety Summit. Most recently, Anscombe presented on cyber risk insurance, and published an industry whitepaper on the topic, for ESET World 2024, an annual event where global cybersecurity professionals, analysts and decision-makers come together to discuss technological advancements.  

During the FullSTK Developer Track, the following topics will be highlighted: 

• Future Tech: Explore the potential of superpositions and DNA enzymes in processing data at unprecedented speeds, the impact of identity orchestration on development, the future of ambient computing, and advances in AI and machine learning. 

• Security and Compliance: With the escalation of cyberwarfare and increasingly stringent legislation, discover new security tools and tactics. Learn what companies and nation-states can do to thwart sophisticated cyberattacks and stay ahead of technological advancements. 

• Privacy and Diversity in Data: Address the pressing ethics of AI technology, including opaque terms and conditions and algorithmic biases. Discuss how technology companies are advancing data privacy and fostering diversity to design complex AI systems free from bias. 

• The Role of the Engineer: Analyze how DevOps teams have led the way in remote work and the ongoing influence of engineers on the future of work. Investigate the challenges companies face in acquiring technically skilled workers and the implications of nearshoring talent. 

As a speaker, author, and recognized expert in the current threat landscape, security technologies, data protection, privacy, and internet safety, Anscombe’s insights are highly sought after and respected globally. He is regularly quoted in leading security, technology, and business publications such as BBC, The Guardian, The New York Times, and USA Today. Additionally, he has made broadcast appearances on Bloomberg, BBC, CTV, CBC, CP24, Global News, and CBS, establishing himself as a trusted voice in the cybersecurity domain. 

Don’t miss the opportunity to engage with Tony Anscombe and gain valuable insights during the FullSTK sessions at Collision Conference 2024. For more details, visit here: LINK. 

ESET has announced the establishment of its first local data centre in Canada, marking a significant milestone in its commitment to delivering unparalleled service and security to its customers across the country. 

The local data centre plays a crucial role in accelerating the delivery of ESET’s innovative cybersecurity solutions to Canadian businesses and individuals. By leveraging state-of-the-art technology and robust infrastructure, ESET will be able to deploy updates and patches more efficiently, ensuring that customers are always protected against the latest threats.

The launch of the new data centre represents a strategic investment in Canada’s cybersecurity infrastructure, enabling ESET to better serve its growing customer base with faster response times, enhanced data protection and improved overall performance.

The importance of a local data centre is critical with cybersecurity threats evolving rapidly. By housing critical data and infrastructure within Canada’s borders, ESET ensures compliance with local regulations and provides customers with peace of mind knowing that their sensitive information remains secure and protected.

ESET Canada remains dedicated to empowering Canadians to enjoy the full potential of the digital world without compromise. With the establishment of its local data centre, ESET reaffirms its position as a trusted partner in cybersecurity, committed to safeguarding the digital lives of individuals and businesses across the country.

Current ESET customers can rest assured that a local representative will reach out to discuss options available for transferring data.

 ESET today announced the launch of two new Managed Detection and Response (MDR) subscription tiers: ESET PROTECT MDR for small and medium businesses (SMBs) and ESET PROTECT MDR Ultimate for enterprises. These offerings are built on the foundation of ESET PROTECT Elite and ESET PROTECT Enterprise, offering businesses of all sizes the most comprehensive, AI-powered threat detection and response capabilities, in combination with expert human analysis and comprehensive threat intelligence.

ESET’s MDR offerings are designed to cater to the specific needs of both SMBs and Enterprises. To that end, ESET PROTECT MDR delivers a comprehensive cybersecurity package, offering 24/7/365 superior protection that addresses the most common challenges of small and medium-sized businesses. This includes modern protection for endpoints, email, and cloud applications, vulnerability detection and patching, and managed threat monitoring, hunting, and response. It addresses the cybersecurity talent shortages and ensures compliance with cyber insurance and regulations, offering a remarkable 20-minute average time to detect and respond, a comprehensive MDR dedicated dashboard and regular reporting for complete peace of mind.

For enterprises, ESET PROTECT MDR Ultimate offers continuous proactive protection and enhanced visibility, coupled with customized threat hunting and remote digital forensic incident response assistance. This comprehensive service is designed to support overstretched SOC teams, providing them with 24/7 access to world-class cybersecurity expertise. It ensures enterprises stay one step ahead of all known and emerging threats, effectively closing the cybersecurity skills gap, and facilitating expert consultations for incident management and containment in a fully managed experience.

ESET also sets itself apart with its own telemetry and unique global coverage, leveraging its detections and ESET Research to gather unique data about attacks, a competitive edge not offered by many players in the market.

Enhancements to the ESET business portfolio

Additionally, all ESET PROTECT subscription tiers, starting from ESET PROTECT Advanced, are now enhanced with ESET Mobile Threat Defense (EMTD). This new value-added, standalone module extends attack vector coverage to an organization’s entire mobile fleet, seamlessly integrating into the ESET PROTECT Platform for efficient management, ensuring comprehensive protection for mobile devices. EMTD also includes a Mobile Device Management (MDM) functionality, with added support for Microsoft Entra ID.

Moreover, ESET Server Security introduces a firewall specifically designed for Windows servers, and Vulnerability & Patch Management, offering manual patch management and a 60-second delay of application process kill.

For more detailed information about ESET and its updated portfolio, please visit the dedicated offering pages forSMBs and Enterprises. 

ESET researchers have discovered a cyberespionage campaign that, since at least September 2023, has been victimizing Tibetans via a targeted watering hole (also known as a strategic web compromise), and a supply-chain compromise to deliver trojanized installers of Tibetan language translation software. The attackers aimed to deploy malicious downloaders for both Windows and macOS to compromise website visitors with MgBot as well as a backdoor that has not been publicly documented yet; ESET has named it Nightdoor. The campaign by the China-aligned Evasive Panda APT group leveraged the Monlam Festival — a religious gathering — to target Tibetans in several countries and territories. Targeted networks were located in India, Taiwan, Hong Kong, Australia, and the United States.

ESET discovered the cyberespionage operation in January 2024. The compromised website abused as a watering hole (the attacker infests a website that the victim likely or regularly uses) belongs to Kagyu International Monlam Trust, an organization based in India that promotes Tibetan Buddhism internationally. The attack might have been intended to capitalize on international interest in the Kagyu Monlam Festival that is held annually in January in the city of Bodhgaya, India. The network of the Georgia Institute of Technology (also known as Georgia Tech) in the United States is among the identified entities in the targeted IP address ranges. In the past, the university was mentioned in connection with the Chinese Communist Party’s influence on education institutes in the U.S.  

Around September 2023, the attackers compromised the website of a software development company based in India that produces Tibetan language translation software. The attackers placed several trojanized applications there that deploy a malicious downloader for Windows or macOS.

In addition to this, the attackers also abused the same website and a Tibetan news website called Tibetpost to host the payloads obtained by the malicious downloads, including two full-featured backdoors for Windows and an unknown number of payloads for macOS.

“The attackers fielded several downloaders, droppers, and backdoors, including MgBot — which is used exclusively by Evasive Panda — and Nightdoor, the latest major addition to the group’s toolkit and that has been used to target several networks in East Asia,” says ESET researcher Anh Ho, who discovered the attack. “The Nightdoor backdoor, used in the supply-chain attack, is a recent addition to Evasive Panda’s toolset. The earliest version of Nightdoor that we’ve been able to find is from 2020, when Evasive Panda deployed it onto the machine of a high-profile target in Vietnam. We have requested that the Google account associated with its authorization token be taken down,” adds Ho.

With high confidence, ESET attributes this campaign to the Evasive Panda APT group, based on the malware that was used: MgBot and Nightdoor. Over the past two years, we have seen both backdoors deployed together in an unrelated attack against a religious organization in Taiwan, in which they also shared the same Command & Control server. 

Evasive Panda (also known as BRONZE HIGHLAND or Daggerfly) is a Chinese-speaking and China-aligned APT group, active since at least 2012. ESET Research has observed the group conducting cyberespionage against individuals in mainland China, Hong Kong, Macao, and Nigeria. Government entities were targeted in Southeast and East Asia, specifically China, Macao, Myanmar, The Philippines, Taiwan, and Vietnam. Other organizations in China and Hong Kong were also targeted. According to public reports, the group has also targeted unknown entities in Hong Kong, India, and Malaysia.

The group uses its own custom malware framework with a modular architecture that allows its backdoor, known as MgBot, to receive modules to spy on its victims and enhance its capabilities. Since 2020 ESET has also observed that Evasive Panda has capabilities to deliver its backdoors via adversary-in-the-middle attacks hijacking updates of legitimate software.

For more technical information about the latest malicious campaign of the Evasive Panda group, check out the blogpost “Evasive Panda leverages Monlam Festival to target Tibetans” on WeLiveSecurity.com. Make sure to follow ESET Research on Twitter (today known as X) for the latest news from ESET Research.

ESET has been honoured with a prestigious Reseller Choice Award, named the Best Zero Trust Vendor.

ESET, a global leader in cybersecurity solutions, is thrilled to announce its latest accolade at the 17th Annual Reseller Choice Awards in Canada. ESET has been recognized as the Best Zero Trust Vendor, marking this win to be its 16th Reseller Choice Award. The recognition from resellers emphasizes ESET’s excellence in providing trustworthy and effective security solutions based on the principles of Zero Trust, reinforcing its position as a trusted leader in cybersecurity and meeting the evolving security needs of organizations in an era of increasingly sophisticated cyber threats.

Held in Toronto on February 1, 2024, the 17^th Annual Reseller Choice Awards hosted representatives from Canadian Managed Service Programs, Value-Added Resellers, Information Technology Solution Providers, Managed Security Service Providers and Information Technology Consultant vendors and distributors from across the country at an in-person gala to compete for awards in more than 50 categories. Accepting the award was Zoey Dimitrova-Chappell, Director of Marketing at ESET Canada. 

Every year, the Reseller Choice Awards aim to provide recognition for vendors and distributors in the IT sector. Winners are selected following a national survey of qualified vendors; those with the most votes from the channel community win.

For more than 30 years, ESET has been developing industry-leading IT security software and services for businesses and consumers worldwide. From a small, dynamic company, ESET has grown into a global brand with more than 110 million users in 202 countries and 13 international research and development centres — including one in Montreal.

The Reseller Choice Awards are organized by eChannelNEWS.com, the news media division of TechnoPlanet.

 ESET published their H2 threat report over the holidays that reveals latest malware trends as seen by ESET telemetry and from the perspective of ESET threat detection and research experts.

The second half of 2023 saw notable cybersecurity incidents, including the Cl0p group’s “MOVEit hack,” a kill switch affecting the Mozi IoT botnet, emergence of the Android/Pandora threat, AI-enabled attacks on tools like ChatGPT, increased Android spyware cases with SpinOk, persistent threats like JS/Agent and Magecart due to unpatched websites, and a rise in cryptostealers, particularly the Lumma Stealer targeting cryptocurrency wallets, highlighting the dynamic nature of the cybersecurity landscape.

Read the full report here.

Everyone’s talking about ChatGPT, Bard and generative AI as such. But after the hype inevitably comes the reality check. While business and IT leaders alike are abuzz with the disruptive potential of the technology in areas like customer service and software development, they’re also increasingly aware of some potential downsides and risks to watch out for.

In short, for organizations to tap the potential of large language models (LLMs), they must also be able to manage the hidden risks that could otherwise erode the technology’s business value.

How do LLMs work?

ChatGPT and other generative AI tools are powered by LLMs. They work by using artificial neural networks to process enormous quantities of text data. After learning the patterns between words and how they are used in context, the model is able to interact in natural language with users. In fact, one of the main reasons for ChatGPT’s standout success is its ability to tell jokes, compose poems and generally communicate in a way that is difficult to tell apart from a real human.

RELATED READING: Writing like a boss with ChatGPT: How to get better at spotting phishing scams

The LLM-powered generative AI models, as used in chatbots like ChatGPT, work like super-charged search engines, using the data they were trained on to answer questions and complete tasks with human-like language. Whether they’re publicly available models or proprietary ones used internally within an organization, LLM-based generative AI can expose companies to certain security and privacy risks.

5 of the key LLM risks

1. Oversharing sensitive data 

LLM-based chatbots aren’t good at keeping secrets – or forgetting them, for that matter. That means any data you type in may be absorbed by the model and made available to others or at least used to train future LLM models. Samsung workers found this out to their cost when they shared confidential information with ChatGPT while using it for work-related tasks. The code and meeting recordings they entered into the tool could theoretically be in the public domain (or at least stored for future use, as pointed out by the United Kingdom’s National Cyber Security Centre recently). Earlier this year, we took a closer look at how organizations can avoid putting their data at risk when using LLMs.

2. Copyright challenges  

LLMs are trained on large quantities of data. But that information is often scraped from the web, without the explicit permission of the content owner. That can create potential copyright issues if you go on to use it. However, it can be difficult to find the original source of specific training data, making it challenging to mitigate these issues.

3. Insecure code

Developers are increasingly turning to ChatGPT and similar tools to help them accelerate time to market. In theory it can help by generating code snippets and even entire software programs quickly and efficiently. However, security experts warn that it can also generate vulnerabilities. This is a particular concern if the developer doesn’t have enough domain knowledge to know what bugs to look for. If buggy code subsequently slips through into production, it could have a serious reputational impact and require time and money to fix. 

4. Hacking the LLM itself

Unauthorized access to and tampering with LLMs could provide hackers with a range of options to perform malicious activities, such as getting the model to divulge sensitive information via prompt injection attacks or perform other actions that are supposed to be blocked. Other attacks may involve exploitation of server-side request forgery (SSRF) vulnerabilities in LLM servers, enabling attackers to extract internal resources. Threat actors could even find a way of interacting with confidential systems and resources simply by sending malicious commands through natural language prompts.

RELATED READING: Black Hat 2023: AI gets big defender prize money

As an example, ChatGPT had to be taken offline in March following the discovery of a vulnerability that exposed the titles from the conversation histories of some users to other users. In order to raise awareness of vulnerabilities in LLM applications, the OWASP Foundation recently released a list of 10 critical security loopholes commonly observed in these applications.

5. A data breach at the AI provider

There’s always a chance that a company that develops AI models could itself be breached, allowing hackers to, for example, steal training data that could include sensitive proprietary information. The same is true for data leaks – such as when Google was inadvertently leaking private Bard chats into its search results.

What to do next

If your organization is keen to start tapping the potential of generative AI for competitive advantage, there are a few things it should be doing first to mitigate some of these risks:

• Data encryption and anonymization: Encrypt data before sharing it with LLMs to keep it safe from prying eyes, and/or consider anonymization techniques to protect the privacy of individuals who could be identified in the datasets. Data sanitization can achieve the same end by removing sensitive details from training data before it is fed into the model.
• Enhanced access controls: Strong passwords, multi-factor authentication (MFA) and least privilege policies will help to ensure only authorized individuals have access to the generative AI model and back-end systems.
• Regular security audits: This can help to uncover vulnerabilities in your IT systems which may impact the LLM and generative AI models on which its built.
• Practice incident response plans: A well rehearsed and solid IR plan will help your organization respond rapidly to contain, remediate and recover from any breach.
• Vet LLM providers thoroughly: As for any supplier, it’s important to ensure the company providing the LLM follows industry best practices around data security and privacy. Ensure there’s clear disclosure over where user data is processed and stored, and if it’s used to train the model. How long is it kept? Is it shared with third parties? Can you opt in/out of your data being used for training?
• Ensure developers follow strict security guidelines: If your developers are using LLMs to generate code, make sure they adhere to policy, such as security testing and peer review, to mitigate the risk of bugs creeping into production.

The good news is there’s no need to reinvent the wheel. Most of the above are tried-and-tested best practice security tips. They may need updating/tweaking for the AI world, but the underlying logic should be familiar to most security teams.

About ESET

For more than 30 years, ESET® has been developing industry-leading IT security software and services to protect businesses, critical infrastructure, and consumers worldwide from increasingly sophisticated digital threats. From endpoint and mobile security to endpoint detection and response, as well as encryption and multifactor authentication, ESET’s high-performing, easy-to-use solutions unobtrusively protect and monitor 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company that enables the safe use of technology. This is backed by ESET’s R&D centers worldwide, working in support of our shared future. For more information, visit www.eset.com or follow us on LinkedIn, Facebook, and Twitter (X).