obfuscation

Hackers step up obfuscation attacks to break into IT networks

by | Jan 7, 2021 | IT Security

Cybercriminals are introducing obfuscation-as-a-service to enable novice hackers on the dark web to make hard-to-break infiltration into corporate networks.
Share to lead the transformation

In 2020, cyber-attacks reached a new scale, disrupting the business community and Information security professionals. Malware, phishing, denial of service attacks, DNS tunneling, SQL injection, and zero-day exploits have seen a massive explosion in every large organization. According to a report from antivirus, cloud, and endpoint security firm McAfee, since 2018, the cost of global cybercrime has reached over $1 trillion. If that wasn’t enough, the industry has noticed a new pattern of cybercriminals investing in plug-and-play obfuscation software-based toolkits to infect corporate networks for financial gains. (See: Top enterprise cybersecurity trends of 2020)

Obfuscation is a proven technology widely used by security professionals and coders to make the source code anonymous and incoherent. The technique helps businesses secure their critical data and prevent hackers from using reverse engineering techniques to discover an enterprise network’s vulnerability and launch attacks.

The recent cyber intrusion in the software  IT monitoring and management software company Solarwinds was executed by an obfuscated advanced persistent threat (APT) that mysteriously took nine months to discover. (See: SolarWinds hack: CISOs need to revisit cyber resilience?)

However, as usual, hackers appear to be a step ahead of network protectors. Call it money as a motive or an innovative mindset; cybercriminals always develop enterprising ways to infiltrate defenses. Obfuscation-as-a-service is one such recently exposed illegal business model developed by cybercriminals. Professional hackers try to make money from selling such techniques on subscription-based models to other hackers.

As-a-service model for orchestrating a hack

Those who trust that the as-a-service models are currently only transforming legitimate business models will probably live on a different planet. Over the past few years, cybercrime as a service model is swiftly making inroads into the dark-web. Professional fraudsters and cybercriminals use illegal platforms to sell cyberattack tools, procedures, services, and a host of software programs to evade detection and launch fully automated cyberattacks.

Obfuscation-as-a-service model is operating on similar lines. In 2020, many instances were discovered by cybersecurity monitoring agencies and solution providers where hackers provided automated obfuscation service and android pocket kits (APKs) on a subscription basis to fraudsters. In the wake of a growing remote workforce, most organizations are introducing workplace productivity apps that can be accessed quickly by employees through their mobile phones. As such cracking mobile applications, especially android, through obfuscation has become a prime focus area for cybercriminals.

The entire business of purchasing and selling obfuscation service happens through illegitimate darknet marketplaces, making it very challenging for governments and law-enforcement authorities to keep a consistent track. This new development of obfuscation-as-a-service is perturbing for enterprises with global footprints, which have a massive amount of data located on different clouds. This unlawful cybercrime service model can give a ready-to-launch platform to even newbie cybercriminals who regularly exploit weaker networks.

What’s the remedy?

To protect networks from obfuscation techniques or deobfuscate malicious codes launched by hackers, organizations need to ensure the uppermost security level that fills the unwanted gaps. Applying integrity controls, encrypting as much as possible, transforming program codes and making them unintelligible, inserting anti-debugging logic are some of the fields that should be strengthened.

While there is no perfect solution that can give full-proof code security, a host of commercial tools can be tested and implemented to make your security architectures robust.

Most importantly, in 2021, organizations and cybersecurity leaders should set-up quality budgets to train their in-house talents and develop innovative solutions to fortify their resilience levels and mitigate new-age obfuscation security threats.

MORE FROM BETTER WORLD

EY, IBM join hands to tap into DX opportunities

EY, IBM join hands to tap into DX opportunities

Professional Services firm Ernst and Young and technology major IBM have entered into a multi-year deal to help enterprises accelerate their digital transformation goals. As EY and IBM join hands, the duo will leverage each other’s distinctive capabilities to create new business models by solving complex business challenges instigated by the Covid-19 scenario.

The joint offerings, according to the statement released to analysts, will be developed by leveraging the hybrid cloud capabilities of Red Hat OpenShift and the AI prowess of IBM Watson, apart from IBM’s solutions in areas such as Blockchain and 5G and edge networks.

For EY, it will be an opportunity to further diversify its consulting portfolio and aggressively drive large-scale and complex transformation projects for clients by utilizing IBM’s advanced technology. IBM will be hoping to fortify its hybrid-cloud market share and AI powered solutions in the enterprise market and make further headway in a highly competitive IT market. By marrying EY’s developer ecosystem with IBM’s enterprise technologies, both companies will look to drive compelling results for their clients.

Why does this matter?

The widespread impact of the prevalent pandemic has created the urgency for organizations to speed up their digital transformation efforts to support wide-ranging requirements of their own employees as well as clients. Due to the sudden work-from-home transition, which is likely to continue for an unspecified time, organizations are navigating a range of issues around employee and client safety, business continuity, maintaining cash flows, fluctuating business models, and collaborating virtually, among others. As such, they are in a pressing need to innovate and equip themselves with solutions that can help them thrive in the ‘new normal.’

It is interesting to observe that while companies recognize the need for switching to the cloud native applications at large, they still own a major chunk of legacy software running on their data centers due to several security- and compliance-related reasons. Now, with the remote work environment in place, enterprises are setting out on the path to modernize their apps, automate their processes, and move a significant proportion of their data to the cloud. This is where IBM and EY wants to differentiate and be seen as market leaders.

To achieve the above, technologies like artificial intelligence (AI), robotic process automation (RPA), blockchain, data intelligence, and machine learning (ML) are going to play a pivotal role in analyzing transformed behaviors and create future-forward cloud solutions. Through this collaboration, both EY and IBM will work together to tap into the new opportunities driven by the rapid shift in mindsets, and address the evolving market needs.

The hybrid-cloud pie

“The EY-IBM Alliance is built on providing differentiating and transformational business value for clients. As organizations learn how to adapt to today’s new normal, leveraging the cloud, AI, analytics and other technologies have become increasingly important. IBM is a proven leader in hybrid cloud and AI, and together we’re developing innovative solutions to help provide the sustainability and resiliency that assist clients to operate and lead today, and in the years to come, as they reframe their future amidst an unpredictable and rapidly evolving environment,” Carmine Di Sibio, EY Global Chairman and CEO, said in a joint statement.

IBM has a big focus on hybrid-cloud and since its acquisition of Red Hat, has entered into several strategic partnerships to extend its foothold in the enterprise market. The technology major has also recently formed a strategic partnership with Adobe to help accelerate digital transformation and strengthen real-time data security for regulated industries such as banking and healthcare using hybrid cloud solutions.

“Expanding this global alliance bolsters our ability to bring our hybrid cloud and AI capabilities to clients. The EY organization is a leader in driving large and complex client transformations. Combining EY teams’ breadth of industry and regulatory knowledge, technology capabilities and longstanding strategy and business consulting leadership, with IBM’s powerful technology and Red Hat OpenShift’s open hybrid cloud portfolio, will play a key role in accelerating our clients’ journeys to the cloud,” Arvind Krishna, Chief Executive Officer, IBM, said in the joint statement.

IBM’s Watson technology, for instance, can define large set of unstructured data and provide micro business perspective. EY experts, in turn, can analyze the changed behavior patterns of consumers and employees and recommend best transformation approach to organizations.

The expanded alliance also enables EY professionals get access to the IBM public cloud ecosystem. “The new initiative supports global system integrators and independent software vendors to help their clients modernize and transform mission-critical workloads with RedHat OpenShift for any cloud environment, including IBM public cloud,” the joint statement adds.

Apart from IBM, players like H-P, Microsoft, Cisco, Amazon, Oracle, and Vmware have also been vying to increase their respective shares in a growing hybrid-cloud market.

APTs using Covid-19 for cover, warns NTT threat report

APTs using Covid-19 for cover, warns NTT threat report

Global technology services provider NTT Ltd. has released its Global Threat Intelligence Center (GTIC) Monthly Threat Report for the month of July 2020. The GTIC protects, informs, and educates NTT Group clients through threat research, vulnerability research, intelligence fusion, and analytics. According to the NTT threat report, attacks from Advanced Persistent Threat (APT) actors continued to be on the rise, despite Covid-19 situation.

In fact, the virus has added fuel to the fire and has provided a cover for their operations. Organizations and industries that are considered as essential were increasingly targeted: power grids, oil and gas, postal and delivery services, first responders and law enforcement– assets which are even more valuable during a global crisis.

Key findings

APTs, particularly those suspected to be backed by nation-states, are focusing on intelligence-gathering efforts on Covid-19 research.

APT groups with links to Iran have attempted to breach the World Health Organization (WHO) via phishing campaigns, likely seeking information on testing, treatments, or vaccines.

Extortion, espionage, financial gain, and disinformation were the key objectives behind APTs conducting various operations, especially now, during a global crisis.

Companies researching the disease should expect to be targeted, whether for purposes of medical advantage to better treat or prevent Covid-19, for monetary gain or purely to inhibit the target from making progress.

Normal APT operations have also continued during this same timeframe; and operations related to or leveraging Covid-19 have served as a smokescreen as countries continue to focus their efforts in response to the pandemic, from both healthcare and cybersecurity perspectives

Considerations recommended

As enterprises continue to digitally transform and rapidly expand their footprint, they’ve been looking for a network that balances cost, user experience, agility and efficiency. The answer, and solution is a software-defined wide area network (SD-WAN), a virtualized network overlay and a lightweight replacement for traditional physical WAN infrastructure.

While WAN technologies have some native security features, unless reviewed holistically, it’s likely not enough to ensure your SD-WAN is inherently secure. It is a fundamental requirement to do a risk analysis and assessment that considers your organization’s risk profile at the outset of designing your SD-WAN and selecting appropriate security controls.

As the threat landscape evolves, even the organizations that may not be considered an essential service cannot let their guard down. Enterprises must continue to espouse best practices and build awareness in both their network environment and their global state of things.

Leveraging intelligence capabilities and resources from around the world, NTT Ltd.’s threat research is focused on gaining an understanding and providing insights into the various threat actors, exploit tools and malware.

To download the NTT Global Threat Intelligence Center Report for July 2020, click here.

Jio driving digital shifts in the economy

Jio driving digital shifts in the economy

For most of the companies, the past few months have been extremely challenging due to the unprecedented breakdown in economic activities, resulting from the Covid-19 pandemic. While enterprises are trying to deal with matters such as changing consumer behaviors, work-from-home setups, and psychological effects of the pandemic on their employees, with telcos like Jio driving digital shifts in the economy.

While this sudden outbreak has impacted many traditional brick-and-mortar businesses to the extent that they had to close their shops, for companies like Jio Platforms, it has accelerated growth, led by a new surge in opportunities.

A gold rush for Jio Platforms

Since the beginning of the pandemic, Jio Platforms, the telecoms and digital arm of the Indian multinational Reliance Industries Limited (RIL) has raised over Rs 15.2 billion (Rs. 1,52,056 crore) by attracting investments in 13 companies.

From the likes of Facebook, Google, Qualcomm, and Intel to General Atlantic and Mubadala, leading tech- and private-equity giants seem to yearning to retain some stake in the world’s most treasured digital player of the moment.

This has not only helped company Reliance Industries Limited (RIL) to pare a literal mountain of debt, but also set it on a clear path of turning RJio into a digital products and services behemoth of a global scale.

RJio stands to leverage a plethora of new-age technologies such as artificial intelligence (AI), IoT, cloud and edge computing, block chain, analytics, and augmented and mixed reality to develop solutions and services that could reshape the user experience for its growing base of customers.

On path to becoming a digital multinational

Amidst the global downturn and massive growth in internet consumption due to the pandemic-enforced work-from-home environment, the recent investments have given Jio a strategic leapfrog.

With most of the population expected to stay indoors even after the lockdown is gradually phased out, the market will need innovations and digital products that could meet customers need at their convenience. Jio Platforms has clearly realized this early on.

Its telecom unit, Jio Infocomm, has already surged past the competition by providing quality services at surprisingly low costs. Now, the company is strategically poised to enter new digital domains by leveraging partnerships.

In this context, the getting together of Reliance Jio (with around 400 million telecom subscribers) and Facebook (with around 300 million Indian users) is specifically important and will help Jio drive growth by potentially catering to a largely dispersed SMB sector of India. (See: Will FB–Jio deal create magic?).

Leveraging the potential of Facebook-owned WhatsApp messenger service, the company has already begun to bring local vendors, independent hawkers, and small ration stores to its Jio Mart platform, for delivering online groceries across 200 cities and towns in India. Its online delivery services are well-backed by Reliance Retail, which is country’s largest retailer in terms of revenue.

According to company sources, Jio has already prepared a roadmap to flesh out its e-commerce services beyond the groceries and is likely to offer a range of merchandise and solutions, competing directly with the likes of Amazon in future.

Mass market for niche consumer tech?

A very significant element of Jio’s recent intents is its focus to become a tech-solutions company.

Besides expanding its offerings as an e-commerce service provider, Jio is also looking at developing cutting-edge next-generation solutions to facilitate the surge in the use of video-based collaborative technologies. In its recently concluded AGM, RIL announced several new initiatives to accomplish its refreshed agenda.

By partnering with Google, for instance, Jio plans to increase the reach of digitization across the length and breadth of India, beyond the current 500+ million Internet users in the country. Jio has also entered into a collaboration with Google to develop an entry-level affordable smartphone with optimizations to the Android operating system and the Play Store.

Another interesting announcement that caught everyone’s attention was the company’s showcasing of a prototype virtual reality (VR) and mixed reality (MR) headset, called Jio Glass at its recent annual general meeting. While the company has refrained from sharing details around its market launch or pricing, it said that the device would work with over 25 applications and connect to the internet via a smartphone cable. Once available to the masses, Jio Glass can be a turning point for India’s video-conferencing market and give users more power to collaborate and connect virtually.

India’s education and health sector are likely to be the biggest gainers of the technology as it will enable schools and medical institutes showcase real time projections through various 3D models. Much will be dependent on the pricing of the product as both VR and MR products have so far remained restricted to niche markets.

A gear-making venture in the making

Reliance has also surprised the telecom gear makers by announcing the development of a made-in-India 5G solution to help global service providers roll out advanced 5G infrastructure. The solution is expected to be ready for field deployments next year.

This is a striking development as it will not only help Jio launch 5G services at a significantly lower cost but also endanger the existence of already pressured companies such as Huawei.

RIL hasn’t yet disclosed the roadmap or its vision to develop 5G solutions. However, 5G gear making may not be a cakewalk, considering the fact that players like Huawei are well-ahead in their tech journeys and Jio will need to do a lot of catching up.

At the same time, Reliance is also understood to be forging partnerships to develop other future technologies such as connected cars, drones, and smart homes.

There is no doubt that Reliance Jio is sitting on a unique hotbed of opportunities. The multiple technology partnerships that it has forged, along with its massive domestic telecom subscriber base, create a formidable combination that bodes well.

However, to prove its mettle globally and conquer new markets, the company will need to test different strategies, diversify its product mix, and move up the value chain.

Table: A quick glance at Jio Platforms investors

Investor Stake (%) Funding (in Rs crore)
     
Facebook 9.90 43,573.62
Google 7.7 33,737
Vista Equity 2.30 11,367
KKR 2.30 11,367
Public Investment Fund (PIF) of Saudi Arabia 2.30 11,367
Silver Lake Partners 2.08 10,202.55
Mubadala 1.85 9,093.60
General Atlantic 1.34 6,598.38
Abu Dhabi Investment Authority 1.16 5,683.50
TPG 0.93 4,546.80
L Catterton 0.39 1,894.50
Intel Capital 0.39 1,894.50
Qualcomm 0.15 730
  32.79 152,055

 Source: RIL, BM Nxt

Tech M intros PG diploma course in digital skills

Tech M intros PG diploma course in digital skills

Tech Mahindra, a leading provider of digital transformation, consulting, and business reengineering services and solutions, has designed a new digital transformation course approved by All India Council of Technical Education (AICTE). The Indian multinational technology company has partnered with Jawaharlal Nehru Engineering College (JNEC), under Mahatma Gandhi Mission (MGM) University, to roll out a two-year post graduate program in the academic year 2021.

According to an official statement released by Tech Mahindra, the custom curated curriculum is aimed at addressing the industry-academia skill gap in new-age technologies including digitalization, mobility, artificial intelligence, and machine learning, among others.

Tech Mahindra’s research and development arm, Makers Lab will be working closely with JNEC on reviewing the format of the course and helping them to create an environment of learning and innovation. As part of this course, students will be trained to work with dynamic, diverse, and agile teams to find solutions that will benefit people, society, and industry. This interdisciplinary course is aimed at providing holistic training to the students by imparting skills in competencies around digital transformation and technologies and cultivating an environment of entrepreneurship and design-led thinking.

“Digitalization is fundamentally changing the way organizations engage with both, their customers and their workforce. As part of our TechMNxt charter, we are investing heavily in reskilling our employees in next generation digital technologies. The inter-disciplinary course gives students an opportunity to look beyond existing expertise and discover how digital transformation is re-shaping the businesses of the future. Through this one-of-its-kind course, we aim to collaborate and co-create digital-warriors and nurture their talents and bridge the skill-gap,” said Nikhil Malhotra, Global Head of Makers Lab, Tech Mahindra, in a statement released to media and analysts.

The course is based on four main pillars: offering software engineering with relevant processes, methods, and tools to upskill students in new-age technologies; helping students hone their skills in designing and applying digital systems; involving people as co-producers by focusing on user-centered development processes; and equipping students in transversal skills with special emphasis on project work and hands-on training, which accredit students with relevant competencies for job market and a progressive attitude.

As part of its TechMNxt charter, Tech Mahindra is betting big on next-gen technologies to solve real business problems of the customers by delivering innovative solutions and services. Industry programs like these are a welcome move and are expected to play a crucial role in developing digital talent for the future.

See also: Tech M recognized as a best mega employer from India.

Tech M recognized as a best mega employer from India

Tech M recognized as a best mega employer from India

Tech Mahindra Ltd., a leading provider of digital transformation, consulting and business reengineering services, has been recognized among India’s 50 best companies to work for in 2020 by the Great Place to Work Institute. Listed as a best mega employer (organizations with more than 50,000 employees), Tech Mahindra is also one of the five ‘Best Companies in Career Management.’ Tech Mahindra has achieved the 21st rank among India’s 100 Best Companies to Work For 2020 by the Great Place to Work Institute. This was one of the largest workplace studies in India, representing the voice of more than 2.1 million employees, across more than 21 industries.

Tech Mahindra has earned this best mega employer recognition for creating a great place to work for all the employees and has excelled on the five dimensions of building a high-trust, high-performance culture. These are credibility, respect, fairness, pride, and camaraderie. The awarding organization, Great Place to Work Institute, is the ‘Global Authority’ for creating, sustaining and identifying high-trust, high-performance culture. Great Place to Work is considered the ‘gold standard’ in workplace culture assessment and they identify best workplaces solely on the basis of employee feedback and quality of people practices in an organization. No jury or individual can influence the results of the assessment.

CP Gurnani, Managing Director and Chief Executive Officer, Tech Mahindra, said, “This is a collective win of 125,000+ people, who resolved to become and build a great institution by working in more than 125,000 different ways, towards a common goal. They were led by purpose, powered by technology and driven by a culture of Rise. We are humbled and honored to be counted among India’s 50 best companies.” Gurnani extended his special thanks to the human resources function.

Tech Mahindra remains rooted in the business and social ethos shared by the entire Mahindra Group through the Rise tenets – accepting no limits, alternative thinking, and driving positive change. The same has been demonstrated through initiatives like – ‘Don’t be plastic’, ‘3-4-3 for Good’ amongst others.

Harshvendra Soin, Global Chief People Officer and Marketing Head, Tech Mahindra, said, “We, at Tech Mahindra, believe the future of work is ‘Human-Centered’. Our focus has been on providing  ‘meaningful work’ and creating an enabling environment where our employees feel trusted, respected, recognized and empowered. As a mega employer, having a dispersed and large workforce, we leveraged technology to create hyper personalized experiences and Moments of Truth that embedded ‘People Engagement’ in our core business strategy, TechMHRNxt.”

Through a myriad of wellness programs, upskilling options, reward and recognition efforts, progressive policies for diversity and inclusion, Tech Mahindra is fostering an environment where learning, growth and innovation is promoted. Under its latest #lovetobeTechM initiative, the associates are encouraged to  share anecdotes, stories and testimonials on – celebrating good times, surviving the tough times and preparing for the future – together. These initiatives, among others, have helped the company mature as a best mega employer.

Tech Mahindra under its TechMHRNxt charter, focuses on reimagining people function for creating ‘Human Centered workplace’ and enhance employee experience by leveraging next-generation technologies along with human interactions. Associates at Tech Mahindra are digital change makers who are here to disrupt, blaze new trails, and create connected experiences for a connected world.

VIL joins Apple Watch Cellular club for select circles

VIL joins Apple Watch Cellular club for select circles

Vodafone Idea Limited (VIL) has finally launched the Apple Watch Cellular (GPS + Cellular) service. According to a company release, this service is available for Vodafone Postpaid customers, including Enterprise Postpaid, in select circles of Mumbai, Delhi, and Gujarat beginning 12 June 2020. Services will continue to be expanded to additional circles in the coming weeks.

Before VIL, only Bharti Airtel and Reliance Jio were providing the cellular service to Apple Watch users in India.

The announcement comes as a bonus for many postpaid enterprise subscribers of VIL who have been using Apple Watch for a variety of different enterprise implementations. Starting today, they have the freedom to leave their phones behind and stay connected with just their Apple Watch, helping them make calls, use wide range of productivity apps and stream Apple Music, even without having the iPhone nearby.

Speaking about the development, Avneesh Khosla, Director–Marketing, Vodafone Idea Ltd, said, “Consumers today are increasingly moving towards having connected products in their lives. With the launch of cellular support for Apple Watch we are enabling our customers to connect their Apple Watch to their iPhone using the same / existing mobile number and enjoy the freedom of using their Apple Watch independently to stay connected.”

How to set up the service:

  1. Update iPhone to latest iOS
  2. Open the Watch app on your iPhone
  3. Start the pairing process of Apple Watch and iPhone
  4. Sign in with your Apple ID and password to continue
  5. Tap “Setup Mobile Data” to share your Postpaid number and plan with Apple Watch
  6. Enter your Vodafone postpaid number and self-care password
  7. (Note: If not registered then tap on register to login to register your phone number)
  8. Tap confirm once login is successful
  9. On second confirmation the service will get activated within 30 minutes

It is important to note that enterprise postpaid customers will need prior confirmation from their authorized signatory to set up the service.

0 Comments