Hackers step up obfuscation attacks to break into IT networks

by | Jan 7, 2021 | IT Security

Cybercriminals are introducing obfuscation-as-a-service to enable novice hackers on the dark web to make hard-to-break infiltration into corporate networks.
Share to lead the transformation

In 2020, cyber-attacks reached a new scale, disrupting the business community and Information security professionals. Malware, phishing, denial of service attacks, DNS tunneling, SQL injection, and zero-day exploits have seen a massive explosion in every large organization. According to a report from antivirus, cloud, and endpoint security firm McAfee, since 2018, the cost of global cybercrime has reached over $1 trillion. If that wasn’t enough, the industry has noticed a new pattern of cybercriminals investing in plug-and-play obfuscation software-based toolkits to infect corporate networks for financial gains. (See: Top enterprise cybersecurity trends of 2020)

Obfuscation is a proven technology widely used by security professionals and coders to make the source code anonymous and incoherent. The technique helps businesses secure their critical data and prevent hackers from using reverse engineering techniques to discover an enterprise network’s vulnerability and launch attacks.

The recent cyber intrusion in the software  IT monitoring and management software company Solarwinds was executed by an obfuscated advanced persistent threat (APT) that mysteriously took nine months to discover. (See: SolarWinds hack: CISOs need to revisit cyber resilience?)

However, as usual, hackers appear to be a step ahead of network protectors. Call it money as a motive or an innovative mindset; cybercriminals always develop enterprising ways to infiltrate defenses. Obfuscation-as-a-service is one such recently exposed illegal business model developed by cybercriminals. Professional hackers try to make money from selling such techniques on subscription-based models to other hackers.

As-a-service model for orchestrating a hack

Those who trust that the as-a-service models are currently only transforming legitimate business models will probably live on a different planet. Over the past few years, cybercrime as a service model is swiftly making inroads into the dark-web. Professional fraudsters and cybercriminals use illegal platforms to sell cyberattack tools, procedures, services, and a host of software programs to evade detection and launch fully automated cyberattacks.

Obfuscation-as-a-service model is operating on similar lines. In 2020, many instances were discovered by cybersecurity monitoring agencies and solution providers where hackers provided automated obfuscation service and android pocket kits (APKs) on a subscription basis to fraudsters. In the wake of a growing remote workforce, most organizations are introducing workplace productivity apps that can be accessed quickly by employees through their mobile phones. As such cracking mobile applications, especially android, through obfuscation has become a prime focus area for cybercriminals.

The entire business of purchasing and selling obfuscation service happens through illegitimate darknet marketplaces, making it very challenging for governments and law-enforcement authorities to keep a consistent track. This new development of obfuscation-as-a-service is perturbing for enterprises with global footprints, which have a massive amount of data located on different clouds. This unlawful cybercrime service model can give a ready-to-launch platform to even newbie cybercriminals who regularly exploit weaker networks.

What’s the remedy?

To protect networks from obfuscation techniques or deobfuscate malicious codes launched by hackers, organizations need to ensure the uppermost security level that fills the unwanted gaps. Applying integrity controls, encrypting as much as possible, transforming program codes and making them unintelligible, inserting anti-debugging logic are some of the fields that should be strengthened.

While there is no perfect solution that can give full-proof code security, a host of commercial tools can be tested and implemented to make your security architectures robust.

Most importantly, in 2021, organizations and cybersecurity leaders should set-up quality budgets to train their in-house talents and develop innovative solutions to fortify their resilience levels and mitigate new-age obfuscation security threats.


New CII forum formed to help build an AI ecosystem

New CII forum formed to help build an AI ecosystem

Confederation of Indian Industry (CII) has launched a new forum on artificial intelligence (AI) to help India develop a much-needed AI ecosystem to drive new opportunities and growth.

The CII AI Forum will focus on developing a robust AI ecosystem in India by developing awareness at scale and strengthening capabilities by skilling/reskilling the workforce for the future, CII said. The sectors prioritized for this year are banking and financial services industries (BFSI), retail, social (healthcare), and manufacturing (automotive).

The forum further aims at collaborating with the Indian government, to help shape conducive policies and a regulatory regime, encourage partnerships in research and development, and facilitate AI-based solution pilots in the priority sectors.

CII said that the forum would be chaired by Sandip Patel, Managing Director, IBM India/South Asia

“As the economy moves into the recovery and revival phase, the transformational potential of responsible AI-driven solutions can be used to fuel India’s growth story in a big way. CII AI Forum will look at initiatives to spur local innovations. This will make AI adoption a reality and further the national agenda of Digital India and Make in India for India and the world. More importantly, the forum will work on policies to embed trust and transparency into AI applications and processes, a critical step in realizing the true promise of the technology for business, society, and the world,” said Sandip Patel in a press statement.

India’s focus on AI has been steadily growing, and the government think tank is consistently working to leverage technology for the country’s economic growth. As part of its efforts, India has recently launched a National Artificial Intelligence Portal (http://www.ai.gov.in) to promote and showcase the local AI-related advancements.

This portal is a one-stop digital platform for AI-related developments in India, featuring resources such as articles, startups, investment funds in AI, resources, companies, and educational institutions related to AI in India.

The website has been developed by the National Association of Software and Service Companies (Nasscom) in consultation with the National e-Governance Division of the Ministry of Electronics and Communications Technology (MeitY). (See: India gears up for AI leap in post-Covid-19 era)

Chandresh Dedhia, Head – IT, Ascent Health

Chandresh Dedhia, Head – IT, Ascent Health

In Focus

Chandresh Dedhia

Head of Information Technology
Ascent Health

There is a strong emphasis on touchless behavior and hence on AI-based touchless technologies.

As the COVID-19 pandemic has persisted, businesses have responded with due precautionary measures, while making a swift transition from the traditional physical work environment to an virtual work ecosystem as much as possible. For a majority of enterprises, the remote-working model was implemented almost overnight and turned out to be a massive experiment during the first phase of lockdown. 

In India, the work-from-home (WFH), was earlier mostly limited to privileged users. However, the pandemic introduced a significant and extraordinary change. Now, many companies have extended the complete WFH policy for their employees until June 2021. Today, all eyes are on the technology leaders who have assumed an enormous responsibility to devise and execute a differentiated tech strategy to embrace this new normal as part of a process.

In a recent interaction with Jatinder Singh of Better World, Chandresh Dedhia, Head of Information Technology, Ascent Health, outlines the top technology trends and challenges that the businesses are facing in the wake of COVID-19 pandemic. He also shares some of the best practices and technology implementations that could lead enterprises to deliver an exceptional customer experience with minimal disruption. Excerpts.

On the new normal and learnings
In today’s highly fluid situation, the business and IT landscapes are becoming more and more complex. Traditional models and architectures have lost their sheen. The longer the pandemic stays, the stronger the chances are that we will not go back to the pre-COVID normal. The last few months have helped us learn and unlearn many things, and these learnings will pave the way for the new model. Things have changed, people have transformed, and mindsets have changed. There is an indelible impact on almost everyone.

Moreover, because of the new operational dynamics, organizations have altered their policies. They are now focusing more on innovation and agility. Digital transformation is high on the agenda. The current crisis has given a growing sense of belief and visibility to enterprises on the best ways to tackle any future disruptions.

On technology trends and business order post COVID-19
I feel that there is a natural push towards the implementation of new-age technologies such as machine learning, artificial intelligence, business analytics, and robotic process automation (RPA). Until now, the adoption was happening at an unhurried pace. Now, digital transformation is no longer an option but a competitive advantage. The new normal is here to stay for a very long time, and no organization will like to be stuck because of its traditional ways of working. Enterprises have understood that they will need to explore ideas and means to ensure that the business continuity remains intact. Of course, given the fact that businesses have managed to stay afloat in the last four months, most of them are well equipped to plan their working models for the future.

There is a strong emphasis on contactless behavior, and this is likely to remain in place for an unspecified time. The pandemic has compelled us to keep focusing on social distancing, and hence enterprises will have stringent policies around contactless behaviors. Much focus will be on AI-based touchless and remote monitoring technologies implementation. So, the traditional model of working will be replaced by new working ways. Technologies like video and web-conferencing will continue to witness tremendous traction.

It is also expected that most of the organizations will invest a significant amount in multiple cloud environments to keep disruption at bay. The hybrid cloud model is likely to gain substantial traction businesses across sectors.

Going forward, companies will evaluate if they can save costs by reducing real-estate, and heavily relying on the new-age technologies for scaling-up. Technology is a great enabler, and ultimately all these benefits will be passed on to the employees. Organization can enhance the existing CCTV setups to accommodate social distancing, face masks, and hand gloves algorithms.

On balancing the short-term revenue requirements against long-term technology investment: 
It is natural for any organization to rationalize its investments. We are no exception either. Every technology investment is being seen in the long-term horizon of, say, three to five years. Anything less than that is technically not a tech investment. For instance, there might be days when manufacturing costs may outweigh any tech-implementation decision. However, that doesn’t mean that the company won’t invest in the required technology. Yes, at times, you’ve to face such tests, but tech investments always have their significance, and decisions are taken based on the value that the technology provides. For instance, let’s say an organization needs to invest in a face-scanning or a retina-based attendance system. Probably before the pandemic, there was no urgency to implement this technology. But in the current environment, everyone understands the long-term benefits of such contactless technologies.

On challenges related to security threats
Remote working has become a new reality, and in a way, the new normal. The COVID-19 pandemic has created a concept of work from anywhere. Not just thousands but lakhs of people have shifted to WFH almost instantaneously. Hackers are always game to take advantage of such unparalleled situations. And for enterprises, it has become challenging to monitor and analyze the behaviors of employees who are accessing corporate data and networks remotely. Much focus will soon be on combining detection tools with machine-based cyber threat intelligence. Organizations will strengthen their capabilities to monitor behaviors and applications accessed by employees. Enterprises will continue to revisit their security policies and solutions to reduce risks to IT infrastructure. It is the need of the hour for businesses to consistently evaluate their readiness for supporting remote working as they scale up. There will be growing pressure on implementing a very sophisticated information security policy. Even SMEs will move away from free security tools and focus on robust and advanced information security solutions.

Chandresh is an IT business transformation leader with experience in digital, IT infrastructure, enterprise applications, information security, and IT governance and compliance. He has won numerous awards for his wide-ranging work in the domains of IT infrastructure and security.

An eloquent speaker and writer, Chandresh is also a marathon runner, environmentalist, and fundraiser. He has been associated with the Umeed Foundation for last three years and has raised more than Rs 6 lakh for education of needy children.


  • Warehouse management and automation
  • Data virtualization on Denodo
  • Robotic process automation (RPA)
  • Software-defined WAN (SDWAN)
  • Mobile application development (Low Code)
  • Information security management
  • Cloud-based services on Amazon AWS and Google GCP
  • Enterprise applications and integrations
  • ERP implementation and support
  • B2B application support
  • DevOps and data engineering


  • Global CIO Programme, Digital Innovation, Indian School of Business
  • MBA in Business Management, Marketing and Related Services from ITM and Southern New Hampshire University
Crypsis buy will augment Palo Alto’s AI-driven offerings

Crypsis buy will augment Palo Alto’s AI-driven offerings

Global cyber security major Palo Alto Networks has signed a deal to acquire The Crypsis Group, a consulting firm that operates in incident response, risk management, and digital forensics. Palo Alto will pay $265 million in cash for the purchase. The acquisition process is likely to finish during the quarter ending 31 October 2020.

Palo Alto Networks already has the capability to provides prevention, detection, and response capabilities through Cortex XDR, its ambitious artificial intelligence (AI)-based cyber security solution that natively integrates network, endpoint, and cloud data. Launched in 2019, XDR is an open-standard solution that harnesses technologies such as AI and machine learning (ML) to rapidly detect and respond to threats across an enterprise and its network.

Post Crypsis acquisition, Palo Alto plans to incorporate the Crypsis Group’s processes and technology into Cortex XDR. This integration will help Palo Alto strengthen its security consulting and forensics capabilities to collect rich security telemetry and to analyze, manage breaches, and initiate rapid response actions.

“The proposed acquisition of The Crypsis Group will significantly enhance our position as the cybersecurity partner of choice while expanding our capabilities and strengthening our Cortex strategy. By joining forces, we will be able to help customers not only predict and prevent cyberattacks but also mitigate the impact of any breach they may face,” said Nikesh Arora, chairman and CEO of Palo Alto Networks in a company statement.

The Crypsis Group boasts of managing some of the most complex and significant cyber security incidents and manages over 1,300 security engagements every year, serving organizations across the healthcare, financial services, retail, e-commerce, and energy. As part of the agreement, post-acquisition, all of Crypsis Group employees and the CEO, Bret Padres, will join Palo Alto Networks.

Big opportunity

The COVID-19 pandemic has put enterprises under severe stress, and they are continuously redefining their business continuity plans for enabling their remote workforce to deliver exceptional results for clients. In such a scenario, their IT assets, cloud systems, departmental servers, and data centers have become all the more critical. (See: What it takes to secure IT in the COVID-19 era)

With a remote working environment becoming the new normal, there has been a growing risk for businesses to face new and advanced threats while they focus on agility and manage the scale. (See: Combating threats in the new normal)

“As threat actors continue to professionalize and grow in sophistication, the risk of revenue and the reputational impact of a security breach increases dramatically. To focus on the health and growth of their business, organizations need trusted partners to not only quickly and efficiently respond to and contain attacks but also leverage their learning and insight to prevent future attacks,” said Palo Alto in its release mentioning the Crypsis Group buy.

The current uncertain environment has given cybercriminals a lucrative opportunity to invent novel attacks for data theft. Given the fact that enterprises have accelerated their digital transformation plans and all operations are expected to move into a virtual environment, businesses cannot afford to take risks and are hence expected to invest massively in cyber security solutions in the next few years.

IT security players like Palo Alto are making full use of this opportunity and fast-tracking their capabilities to capture a significant share in the growing market. Since its debut in 2005, the company has expanded its horizons significantly and is offering a diverse set of solutions such as next-generation firewall, endpoint protection, and malware prevention to enterprises. Its acquisition spree in the last two years includes CloudGenix for $420 million in March 2020; micro-segmentation company Aporeto in December 2019; and cloud security companies PureSec (June 2019) and Twistlock (July 2019).

Driven by the work-from-home requirements, Palo Alto reported robust fourth-quarter 2020 financial results. Palo Alto’s non-GAAP net income for the period was $144.9 million, with revenue growth of 18% year-on-year at $950.4 million.

Palo Alto competitors in the market include FireEye, Fortinet, Check Point Software, CrowdStrike, Juniper Networks, and Cisco, among others.

Tech majors extend work-from-home to keep pandemic at bay

Tech majors extend work-from-home to keep pandemic at bay

Cloud software major Salesforce has joined the list of companies who’ve extended their work-from-home policies. Salesforce has announced an extension until July 31, 2021. Top technology companies such as Google and Facebook have already extended their work-from-home policies for employees till mid-2021. Other tech majors, such as Amazon, Apple, and Microsoft, have announced remote working until January 2021.

“Over the past few months, we have been working diligently to support our employees as they navigate this difficult time. The safety of our employees and communities remains paramount. And while we continue to work on plans to re-open our offices safely, the timing of when we bring employees back will be unique to each office — and we will continue to make those decisions in a way that’s consistent with local government guidelines and the advice of our medical experts and local leadership team,” said Brent Hyder, Chief People Officer of Salesforce in the company’s blog.

The San Francisco headquartered tech-major has also announced to give an additional $250 financial support to each of its employees for buying office supplies. The company had provided similar assistance to its employees earlier this year as well. Earlier this month, consulting major EY had also announced similar financial support of US$200 to each of its employees.

Besides, Salesforce employees who are parents will be entitled to take six additional weeks of paid leave. “In all situations where schools have been closed, and students are learning remotely, parents and guardians will be allowed to work from home, even if that date extends beyond our offices re-opening,” Hyder added.

The last six months have been challenging for a majority of companies and leaders. The uncertainty brought in by the COVID-19 pandemic has made it extremely hard for both employees and employers to focus on work solely. People are dealing with issues such as social distancing, remote working, job-loss, elderly care, and ambiguity around almost everything.

As such, enterprises are finding several ways to motivate their talent and prevent burnout. Financial assistance, work-flexibility, and paid leave are some of the measures that companies are offering to support and attract employees.

The new normal is here to stay

Before the COVID-19 pandemic, the majority of the companies would offer work-from-home to a very particular set of people on a rotational basis. At that time, In India, the remote-working model was mostly viewed as pointless, with much suspicion from employers. Companies were reluctant to experiment, and employees too were not attuned to an entirely virtual work-environment. However, things changed in a short time. The pandemic has suddenly pushed people to transform their behaviors and compelled them to adopt the new normal quickly.

See also Work-from-home even after Covid-19?

Most of the enterprises and employees have successfully navigated this transition and are looking forward to remote ways of working even after the pandemic subsides. For employers, the new normal is a significant opportunity to save substantial real-estate costs and translate the cost benefits to their employees. For employees, it’s a way to be more productive by reducing travel time while staying connected with their families.

According to a recent study, Technology and the Evolving World of Work by Lenovo, the majority of those surveyed (72 percent) confirmed a shift in their daily work dynamic in the last three months. Employees feel more connected and more productive than ever before as they work from home, but the data shows financial, physical, and emotional downsides for the global workforce.

There is no doubt that the experience of the physical work environment is vital to develop strong teaming and diverse skillsets and hence cannot be completely evaded. To balance that, companies could be mulling to rotate days or weeks of in-office presence for their employees in future, especially in the services sectors.

Can OnwardMobility make Blackberry bloom again?

Can OnwardMobility make Blackberry bloom again?

After a massive downslide in the last decade, the erstwhile dominant enterprise smartphone maker is eyeing an ambitious comeback in 2021. Will Blackberry bloom again?

The enterprise smartphone maker has collaborated with OnwardMobility, a US-based company in the mobile security space, and Taiwanese multinational electronics contract manufacturer Foxconn to design and develop a new 5G Blackberry Android smartphone with a physical keyboard. According to an announcement by OnwardMobility, BlackBerry has given OnwardMobility the right to create, engineer, and bring to market a BlackBerry 5G mobile device. The new phone is likely to arrive in the first half of 2021.

“BlackBerry is thrilled OnwardMobility will deliver a BlackBerry 5G smartphone device with a physical keyboard leveraging our high standards of trust and security synonymous with our brand. We are excited that customers will experience the enterprise and government level security and mobile productivity the new BlackBerry 5G smartphone will offer,” said John Chen, Executive Chairman and CEO, BlackBerry in a statement released to analysts and media.

John Chen, who is widely credited as having earlier saved Sybase from the verge of a bankruptcy, was brought at the helm in 2013 and has since then stayed put.

See: CEO John Chen has pressed the BlackBerry restart button, actually!

Also read: With selloff shelved, BlackBerry hinges even more by Watsa

Return of the Motion?

The iconic Canadian smartphone maker once ruled the mobile market, with over 50% of the US and 20% of the global smartphone market share. However, it started losing the grip after the arrival of the iPhone4 in 2010 and its inability to foresee the rapid shifts in the market and the reluctance to transform swiftly. Today, the company is struggling with a share of less than 0.5% of the total smartphone market.

One of the biggest letdowns for Blackberry enterprise users was the company’s failure to develop a robust app store like Android and iOS. Besides, a delayed approach in introducing modern-day features such as dual camera and dual SIM also paved the way for its accelerated collapse.

In 2016, when Blackberry finally lost all hopes to reclaim its market share, it decided to move away from designing smartphones and awarded the development contract to TCL Communication. The not-so-fruitful association with TCL came to an end early this year, and the new covenant has now been given to OnwardMobility. The last flagship Android-based Blackberry phone launched by TCL was KEY2 LE, which received a lackluster response from the market. It would be interesting to see if OnwardMobility can make Blackberry bloom again.

Banking on the new normal

Due to the recent COVID-19 situation, a significant part of the population is working from home today. This trend is likely to remain in place even after the pandemic subsides. Most of the enterprise technology leaders are beefing up their network security architectures to support end customers and employees efficiently.

Despite losing its numero uno position in the enterprise mobility market, Blackberry continues to attract a specific set of users because of its classy physical keyboard and focused approach on privacy and security. As such, the new normal can present a unique opportunity for Blackberry to explore a wild-card entry in the smartphone market.

“With the increasing number of employees working remotely with critical data and applications, coupled with the constant threat of cyberattacks, there is an absolute need for a secure, feature-rich 5G-ready phone that enhances productivity. Employees are demanding better workplace technology experiences, and organizations are facing increasingly complex challenges in selecting, deploying, securing, and managing devices to meet expectations and maximize employee productivity,” says the joint statement from Blackberry and Onwardmobility.

The announcement may be surprising for many industry onlookers who wrote the obituaries for Blackberry Mobiles early this year after the termination of Blackberry-TCL collaboration. The move, however, is pleasing for the loyal Blackberry enterprise customers who have trusted its capabilities time and again.

“Enterprise professionals are eager to secure 5G devices that enable productivity without sacrificing user experience. BlackBerry smartphones are known for protecting communications, privacy, and data. This is an incredible opportunity for OnwardMobility to bring next-generation 5G devices to market with the backing of BlackBerry and FIH Mobile,” adds Peter Franklin, CEO of OnwardMobility.

It would be interesting to see if Franklin’s confidence can  translate into a renaissance for Blackberry in the post-COVID world.

For other articles related to telecom/smartphones, click here.

Facebook entices creators as it eyes the online events market

Facebook entices creators as it eyes the online events market

Social media conglomerate, Facebook, has recently launched a new paid event feature that will enable Facebook page owners and event managers to create, set up, and collect payments for virtual events. While there are many platforms available to host online business events today, Facebook’s new feature is a first of its kind, which is completely free and doesn’t charge a commission, at least for now. Better World is of the view that with this launch, Facebook entices creators in a very emphatic way.

“With social distancing mandates still in place, many businesses and creators are bringing their events and services online to connect with existing customers and reach new ones,” said Facebook in a blog statement.

“By combining marketing, payment and live video, paid online events meet the end-to-end needs of businesses. Pages can host events on Facebook Live to reach broad audiences, and we’re testing paid events with Messenger Rooms for more personal and interactive gatherings,” it added.

The feature comes free to all web and android users. iOS users, however, will have to pay a 30% app store tax as part of Apple’s tax policy. All apps on Apple’s platform have to use its payment system for the in-app payments and required to pay 30 percent tax for the same.

“We asked Apple to reduce its 30% App Store tax or allow us to offer Facebook Pay so we could absorb all costs for businesses struggling during COVID-19. Unfortunately, they dismissed both our requests and SMBs will only be paid 70% of their hard-earned revenue,” Facebook clarified in the blog post.

A tactical strategy

Facebook says users in 20 countries, including India, will be able to take advantage of this new paid event feature initially. What makes this announcement exciting is that businesses and professionals can launch, promote, accept payments, and build their user base through a single Facebook page. Event promotions can be done online by targeting specific users on the Facebook platform itself, who can pay and watch the event online.

This means that all kinds of events, from Yoga and dance classes to insightful knowledge sessions, can be hosted on Facebook for free.

Facebook is tactically marketing this new initiative as SMB-focused. The company is well aware that SMBs are the growth engines in many developing and emerging economies. By offering an exclusive and highly specialized service, it can create a vast market for itself in the post-COVID work environment. Simultaneously, by providing the services for free, it will be able to test the waters with less noise.

“In our most recent State of Small Business Report with OECD and World Bank, we found that access to cash continues to be the most common ongoing challenge for SMBs. Only 19% of surveyed businesses were getting any financial help (down from earlier in a pandemic). Many businesses are struggling, and every cent matters. Shifting in-person events to online is costly enough that companies shouldn’t have to worry about fees charged by platforms,” Facebook said.

Early this year, Facebook had also announced the launch of Facebook Shops. This initiative was to enable businesses to display and sell their products directly to Facebook users across its ecosystem, including Instagram. (See: Facebook Shops shake-up marketplaces)

A low-hanging events opportunity

The online events industry has suddenly become more lucrative due to a burst in demand, especially in the wake of the COVID-19 scenario. With work-from-home and physical distancing measures likely to remain in place for an unspecified time, businesses will continue to focus on digital avenues for meetings, conferences, and customer interactions.

Tech giants like Google and Microsoft, among others, are already putting more research and development efforts to enrich their solutions and increase their share of a lucrative online events market with good upside potential. Various studies pegged the current market size of online events at around $100 billion, slated for a five-fold increase in the next six to eight years.

Facebook, with its vast network and community of over 2.7 billion users, stands a unique chance to create a niche in the online events space. Additionally, Facebook’s Oculus division, which it acquired in March 2014 for US$2.3 billion, specializes in virtual reality hardware and software products. In future, the social giant could very much leverage the Oculus base for creating an ecosystem around virtual-reality conferences, aka events 2.0.


Submit a Comment

Your email address will not be published. Required fields are marked *