Cyber Security Weekly Briefing, 19 – 23 June

Telefónica Tech    23 June, 2023

Critical vulnerabilities in Asus routers

Asus has issued a security advisory addressing a total of nine vulnerabilities affecting multiple router models. Among these security flaws, the one registered as CVE-2022-26376, which is due to a memory corruption in the Asuswrt firmware that could allow threat actors to perform denial-of-service attacks or allow code execution, stands out for its criticality.

The vulnerability registered as CVE-2018-1160 is due to a Netatalk write out of bounds weakness, which could be exploited to allow arbitrary code execution on vulnerable devices. In addition, Asus has indicated that if the new firmware version cannot be installed on the affected devices, it is recommended to disable the services accessible from the WAN side to avoid possible repercussions.

More info

​​​Critical vulnerabilities in WordPress plugins

Researchers at Defiant have identified two critical authentication bypass vulnerabilities in two WordPress plugins with tens of thousands of installations.

On the one hand, there is the security flaw registered as CVE-2023-2986, CVSSv3 of 9.8, which affects Abandoned Cart Lite for WooCommerce. Exploiting this vulnerability could allow malicious actors to log in as customers or access admin accounts and compromise the affected website. However, the issue has been patched in version 5.15.1 of Abandoned Cart Lite for WooCommerce.

On the other hand, there is the CVE-2023-2834 vulnerability affecting the WordPress Booklt plugin. An attacker could exploit this flaw to gain access to any account on the affected website, including the administrator account, knowing only the email address. This issue has been fixed in BookIt version 2.3.8.

More info

Apple patches the two 0-days used in Operation Triangulation

Apple has released an emergency security update to patch the two 0-day vulnerabilities used in Operation Triangulation, as the incident’s discoverer Kaspersky called the campaign. The two vulnerabilities, CVE-2023-32434 and CVE-2023-32435, were exploited in a zero-click attack (receipt of the message triggers the infection without the need for user interaction) against iOS devices via iMessage.

This security update from Apple coincides with Kaspersky’s publication of its final analysis of the so-called Operation Triangulation and the spyware in which it exploits the two 0-days. Kaspersky highlights that it has capabilities to manipulate files, interfere with running processes, exfiltrate credentials and certificates as well as transmit geolocation data, including the device’s coordinates, altitude, speed, and direction of movement.

More info

​Microsoft Teams flaw allows malware to be distributed

Researchers at Jumpsec have published the results of an investigation in which they claim to have identified a security flaw in Microsoft Teams that could allow malware to be distributed. Specifically, the experts say they have discovered a way for an account outside the target organisation to bypass the relevant security measures to allow malware to be delivered directly into the inbox.

The attack methodology works in case the victim is running Microsoft Teams with default settings, and the attacker needs to change the internal and external recipient ID in the POST request of a message, thus tricking the system into treating an external user as internal.

This way, when the executable is sent, it is actually hosted on a SharePoint domain and the target downloads it from there. Microsoft acknowledges the problem, but has pointed out that it does not meet the requirements to fix the bug immediately.

More info

New Mirai variant exploits multiple IoT exploits

A variant of the Mirai botnet has been discovered by researchers at Palo Alto Networks Unit 42. The variant targets nearly two dozen vulnerabilities in devices from brands such as D-Link, Arris, Zyxel, TP-Link, Tenda, Netgear and MediaTek, with the aim of using them in DDoS attacks.

The malware has been identified in two ongoing campaigns that started in March and escalated in April and June and targets a total of 22 known security holes in various connected products such as routers, DVRs, NVRs, access control systems, among others. The attack starts by exploiting one of the aforementioned flaws and then downloads a botnet client suitable for the compromised device and directly accesses the encrypted strings, making it difficult to detect.

Unlike other Mirai variants, this one does not have the ability to obtain brute-force login credentials, so it relies on manual exploitation of vulnerabilities by operators. Signs of infection of this botnet on IoT devices include overheating, configuration changes, frequent disconnections, and a general decrease in performance.

More info

Enlightened despotism vs NASA engineers: The origin of remote work, Geosocial Networks and tips for returning to the office

Marina Domínguez    21 June, 2023

⏰ Monday 06:00 a.m. Alarm clock goes off. Time to get back to the office after the weekend. 

This pre-pandemic habit that most of us workers had so internalised returns to us with the “new normal” and it is estimated that, currently, there are only 10% of people who still do not go to their workplace physically any day of the week. Can we say then that working from home has been a fad with an expiry date? Yes and no. 

You probably thought that this innovative model of relocating workers and letting them carry out their tasks a few kilometres away from the office is totally modern and disruptive: well, I’m sorry to say that you are wrong. 

Jack Nilles as the originator of the term “Remote working” 

If we consult Wikipedia (if you are a millennial) or even simply ask a guru today, ChatGPT, it will tell us that this way of work without limitation in space dates back to a few decades before the pandemic, with much more “limited” means but with the same purpose: to provide a solution to a problem.

And it will give us the name of Jack Nilles as the “father of remote work”. 

In 1973, this American NASA engineer coined the term ” remote work ” (telecommuting) in an attempt to solve a major problem in the USA. The so-called oil crisis had created a fuel shortage due to the embargo of barrels decreed by Arab exporters to the defenders of Israel, which would create major problems for the country’s industry. 

He argued that “if one in seven workers did not have to commute to work, the United States would not need to import oil”, which would, to a large extent, solve the consequences of the crisis. 

Jack Nilles began to think of ways to optimise resources and also to reduce pollution, congestion and mobility problems.  

To this end, his first big idea was to bring work to the worker instead of doing it the other way round in the traditional way, and he implemented the hybrid remote work model by connecting his colleagues’ keyboards and screens to remote stations close to the company’s headquarters.

In this bizarre way, they could continue to work as if they were there, but without being there, mixing days working in the office with days working remotely. All this, let’s not forget, in a time without Internet, laptops, mobile phones, Microsoft Teams. 

Such was the success of his idea that in 1980 Jack Nilles left all his jobs as an engineer and founded JALA International, a consulting company in the field of remote work and with which he continues to collaborate today, at the age of 89. 

Several Centuries before Nilles: from Enlightened Despotism to Geosocial Networks 3.0 

But that’s not all: at Telefónica Tech we are not satisfied with ChatGPT’s answer and we have found what we can define as the true father of remote work and we are going to introduce him to you. 

In the middle of the 18th century, in the middle of the Enlightened Despotism, and long before Nilles worked at NASA and from space it was possible to create detailed maps of any part of the planet, King Carlos III and his successor Carlos IV commissioned the feat of making an atlas of all of Spain and Portugal, motivated by the fear of a possible French invasion.

Image: Freepik

This was no easy task considering that they were at a time when there was a lack of photography, satellites, etc. Tomás López (1730-1802), a Spanish geographer and cartographer trained in the French school under d’Anville, was entrusted with such a task.

And the only way he could do it personally would be to travel all over the Iberian Peninsula and draw every corner by hand, a Herculean feat he was not prepared to undertake due to lack of time and resources. 

So, what did he do? From the comfort of his office in Madrid, he decided to look for “remote workers” scattered all over the country who would send him pieces of atlases for him to compile.

But as it was difficult to find great trained draughtsmen who could read and write and who would do a thorough job throughout the length and breadth of Spain, he opted to send letters to the more than 1,000 parish priests with the request for the drawing and the answers to a questionnaire of 15 questions about the geography around him, asking him about villages, cities, towns, villages, farms, chapels, rivers, mountains, roads, hills… 

The atlas by Tomás López can be viewed in its entirety at the Hispanic Digital Library (BNE).

After 33 years of arduous work of compilation and persecution of the presbyters (what they called the “memory of the natural” of the area) and with much power of imagination (and the help of other old atlases), in 1810, a few years after his death, his sons published the Geographical Atlas of Spain, which includes the general map of the Peninsula, all the particularities of our provinces and of the Kingdom of Portugal, which is now in the National Library of Spain, together with the manuscript “geographical relations” that were sent to him.

Taking into account that Tomás López composed his atlas without traveling even one kilometer from his home, the result was remarkable.

As you can imagine, we cannot say that the result was a faithful reflection of today’s reality, but, bearing in mind that he did it without having to travel a single kilometre working from home, the result is more than remarkable and served as a reference until the end of the 19th Century. 

This way of remote working devised by López de Vargas would be exported to Europe and America and would be used to make navigation charts and atlases of other territories and would be rescued and renamed today as Geosocial Networks with OpenStreetMap or Mapcesible promoted by Fundación Telefónica, among other examples of collaborative maps 3.0. 

* * *

If you have to go back to the office, tips to cope with the return to the office and not die in the attempt 

Coming back to the present day, having contextualised our theory on the origin of teleworking, if you find yourself, like the Gauls in Asterix, among those 10% who still enjoyed working in your pyjamas and you finally have to return to the office after a long period away from it, take heart. Here are a few tips to make your return to work less of a hardship: 

Image Freepik
  1. Avoid negative thoughts. Be positive, going back is not always a bad thing. Think about those things around your workplace that you have missed when you have been separated from your work environment (coffee with your colleagues, talking face to face with your clients or superiors, visiting the restaurant across the street at lunchtime, those colleagues from other areas that you pass in the corridor…). 
  1. Prioritise face-to-face meetings. If you are in the office, take the opportunity to have face-to-face meetings whenever you can. There is no longer any excuse for not wearing a camera because you have to travel long distances or wear a tracksuit. There is nothing better than a good face-to-face chat to prioritise tasks or unravel problems and work efficiently across the board. 
  1. Get to know each other. You probably have colleagues you haven’t met in person yet, or if you have, you haven’t been able to work with them side by side from the same desk. This is the time to build relationships, to take advantage of synergies and to give and receive feedback. It is also the time for coffees and afterworks. 
  1. Plan your travel. Perhaps one of the main problems of returning to the office is “finding yourself” in the morning traffic jam or on the way out. Traffic jams may have changed to when you used to go or may have been brought forward or delayed. As much as possible, try to adapt to these changes so that you don’t feel like you are wasting time on your commute.  
  1. Take breaks. As in remote work, breaks are necessary and it is quite normal that being in the office, with all the hustle and bustle of work, colleagues, meetings, commitments, you can’t stop, and you end up exhausted and frustrated when it’s time to leave. 
  1. Respect the timetable and leave your work at the office. The great advantage of going back is to take advantage of the digital disconnection (as far as possible) that comes with having your personal and work environments separate. Try to respect the timetables for entering and leaving the office and don’t take your work home with you.  
  1. Mens Sana in Corpore Sano. Eat properly and at regular times and make time for exercise. A good practice on your way home from work is to change your heels or shoes for trainers and take a walk to clear your head. Take advantage of these moments of “leisure” to take stock of the day and plan for the next day and disconnect. 

Finally, and most importantly, be yourself, smile and make the most of your time. Think positive. 

Featured image: Freepik.

Meet #LadyHacker Karla Parra, Cybersecurity expert at Telefónica Tech

Telefónica Tech    20 June, 2023

Our series of interviews with #WomenHackers from Telefónica Tech continues. The purpose of this is to get to know a little better the experts who, with their knowledge and skills, make us more capable and innovative.

* * *

Who are you and what do you do? 

I am Karla Parra, systems engineer, runner, passionate about technology, cyber security, and digital transformation. 

I have more than 20 years of professional experience leading the management of operations, commercial, product development and pre-sales for cyber security services, IT services, IT and information security, technological continuity, and business continuity. 

I currently lead the Cybersecurity and Cloud Provisioning team at Telefónica Tech Hispam & USA. 

What is your specialisation and how did you come to do what you do now?  

The specialisation I have is aligned to Cybersecurity and management.

However, my beginnings were not in technology. I studied forestry engineering, but life led me to the world of technology, drawing me to the analysis and research side, which is why I followed the line of cyber security. 

Was it clear to you at an early age that you wanted to work in the world of technology? Was it something vocational? 

When I was a child, it was not clear to me that I was going to dedicate myself to the world of technology. I dreamt of other professions, such as doctor, veterinarian, park ranger… 

The things that happen during our lives, and the fact that I am curious, allowed me to learn about an exciting career that few people were betting on. 

How would you describe your career so far and what are the skills you use at Telefónica Tech? 

Karla Parra, Head of Cyber Security & Cloud Provision Perú

I would describe my professional career as challenging, passionate, and fun. I enjoy what I do, and I don’t stop learning every day, because technology is constantly evolving, especially in the field of security. 

The skills I use are respect, humility, and commitment. I believe these are essential skills in security, where professional ethics are your trademark and allow you to gain the trust of your customers, your team, and the company. It is crucial to achieve your goals. 

What do women bring to STEAM professions? 

Every individual brings something to the world of technology. In the case of women, I feel that we complement with our analytical approach and attention to detail. 

In the Cybersecurity sector we have female profiles, and we are seeing more and more participation. In fact, according to IT User, women occupied 10% in 2013, 20% in 2019 and 25% in 2022, these figures translate into an increase of women in Cyber Security of 150% in the last decade.

The digital transformation is a valuable opportunity to balance the participation of women in the technological world.

The digital transformation we are experiencing today is a valuable opportunity to balance the participation of women in the technological world due to greater flexibility, hybrid work or labour demand, among other factors. 

What makes Telefónica Tech a great place to work for women and how does the company promote gender diversity and inclusion? 

Telefónica Tech allows me to develop professionally and provides me with work facilities so that I can take on the different roles that we have to live as women. 

We currently have 30% female participation in the operational areas in Peru 

In this way, emphasis is placed on equal and fair participation between genders by promoting women’s participation. In this regard, we have recently held two events that have given us the opportunity to promote diversity and inclusion: 

  • Leading the Tech World, where I had the opportunity to share the conversation with two great professionals from the world of technology: Elena Gil – Global Director of Product Commercial Operations; and Carolina Navarrete – Director Marketing B2B HISPAM. The objective of the session was to transmit our experiences and challenges that we have as women in the technological world. 
  • HackaCyber, a hacking party full of challenges designed to discover the different strengths of the students, which allowed new talents to be identified. This experience speaks volumes about the importance of maintaining these spaces to discover and encourage the development of talent, and thus increase the presence and involvement of women in the technological world. 

Could you explain to us what the Lady Hacker initiative means to you? 

Karla Parra, part of the Telefónica Tech #LadyHacker initiative

It means inspiring and motivating more and more women to show their talent in the world of technology and cyber security. It means contributing my professional experience to build a safer world. 

What advice would you give to other women who want to pursue a STEAM career? 

The advice I would give them is to be confident. To be challenging, self-learners and, above all, to enjoy what they do.

In the ever-changing world of technology, our strategy must be to stay one step ahead. 

* * *

Meet #LadyHacker Jess Woods, Cloud expert at Telefónica Tech
“To be a hacker in life is to be a passionate, talented person who manages to influence the transformation of society”, Carmen Alonso
«We are moving towards genderless professions», María Martínez

Cyber Security Weekly Briefing, 12 – 16 June

Telefónica Tech    16 June, 2023

Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday

Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities. Three of the critical vulnerabilities, CVE-2023-29363 , CVE-2023-32014 and CVE-2023-32015, with CVSS 9.8, are in the Windows Pragmatic General Multicast server environment and can lead to remote code execution by sending a specially crafted file over the network.

On the other hand, flaw CVE-2023-29357, also with CVSS 9.8, would allow privilege escalation in Microsoft SharePoint Server. Exploitation of this vulnerability does not require user interaction and Microsoft advises to apply updates and enable the AMSI function.

Another vulnerability that allows remote code execution is CVE-2023-28310, with CVSS 8.0, in Microsoft Exchange Server. On the other hand, CVE-2023-29358, allows privilege escalation in the Windows GUI to SYSTEM, as does CVE-2023-29361. As for the flaw in Microsoft Exchange, with CVE-2023-32031 and CVSS 8.8, it allows an attacker to target server accounts in an arbitrary code execution.

Finally, the flaw CVE-2023-29371, in the Windows Win32k kernel driver, could lead to an out-of-bounds write, granting SYSTEM privileges and the one identified as CVE-2023-29352, not as serious, refers to a security feature omission in Windows Remote Desktop.

More info

​Third security flaw discovered in MOVEit Transfer application

Progress Software recently reported a third critical vulnerability in its MOVEit Transfer application. The new vulnerability, still without a CVE identifier, is a SQL injection that can allow privilege escalation and unauthorised access. A patch addressing this new critical security flaw is not yet available; the company stated that one is currently being tested and will be released soon.

Progress also strongly advised users to modify firewall rules to deny HTTP and HTTPs traffic to MOVEit Transfer on ports 80 and 443 as a temporary protective measure. This disclosure comes a week after another set of SQL injection vulnerabilities were reported that could be used to access the application’s database. And they come on top of CVE-2023-34362, which was exploited by the Clop ransomware gang in data theft attacks whose actors continue to extort money from affected companies.

An analysis by Censys revealed that nearly 31 per cent of the more than 1,400 exposed hosts running MOVEit are in the financial services industry, 16 per cent in healthcare, nine per cent in information technology and eight per cent in government and military sectors.

More info

AiTM campaign against companies in the financial sector

Microsoft Defender researchers have uncovered the existence of a Business Email Compromise (BEC) campaign that uses the AiTM (adversary in the middle) technique against large companies in the financial sector.

In AiTM phishing, threat actors set up a proxy server between a targeted user and the website the user wants to visit, which is the phishing site under the control of the attackers. The proxy server allows the attackers to access the traffic and capture the target’s password and session cookie.

According to Microsoft, the attack started with the compromise of a reputable company’s email account, using that email address to distribute the phishing AiTM and thus steal the credentials of its contacts, who would have accessed the URL given the trust relationship with the supposed sender (impersonated by the attacker) of the email. Microsoft attributes this campaign to a threat actor it has named Storm-1167 (in Microsoft’s taxonomy, the name Storm indicates that the origin of the criminal group is unknown).

More info

DoubleFinger distributes both Remcos RAT and GreetingGhoul stealer

SecureList has published a report on a new loader called DoubleFinger, which is notable for its use of shorthand techniques as a way to hide payloads.

This malware runs a shellcode on the infected machine that downloads a PNG file from the image-sharing platform Imgur.com, but it is not actually an image: the file contains several components in encrypted form: GreetingGhoul, a stealer targeting cryptocurrency wallets, on the one hand, and the remote access Trojan Remcos, on the other.

SecureList claims to have seen DoubleFinger, which is distributed via email phishing, attacking entities in Europe, the United States and Latin America.

More info

Powerful BatCloak engine used to make malware completely undetectable

Trendmicro has published an analysis of the BatCloak malware obfuscation engine, its modular integration into modern malware, proliferation mechanisms, and implications for interoperability as threat actors take advantage of its fully undetectable capabilities.

As a result, threat actors can seamlessly load multiple malware families and exploits leveraging highly obfuscated batch files. Research results showed that a staggering 80% of the recovered samples were not detected by security solutions.

This finding underlines BatCloak’s ability to bypass traditional detection mechanisms employed by security vendors. Furthermore, when considering the total set of 784 samples, the average detection rate was less than one, highlighting the challenge of identifying and mitigating threats associated with BatCloak-protected pieces of malware.

More info

Our participation in DES 2023, the leading event on trends and digitalization

Telefónica Tech    15 June, 2023

The Digital Enterprise Show 2023 (DES) has come to an end after one of the most exciting and intense weeks of the year. As we say goodbye to Málaga, we also say goodbye to our headquarters for the Telefónica Tech Laboratory and Innovation Area, making the capital of the Costa del Sol a benchmark in cyber security and technological innovation.

This year’s DES event celebrates its seventh edition, becoming an international meeting of reference on trends and technologies enabling digitization and digital transformation of companies of all sizes and sectors.

Telefónica Tech has been a global sponsor at DES 2023, sharing space, knowledge, products and conversations with tens of thousands of professionals from around the world, including experts, managers and professionals from multiple sectors, including banking, health, energy, tourism, commerce, mobility or industry.

Welcome to our booth at DES 2023

The Telefónica Tech booth at DES 2023

At DES 2023, we provided attendees with a networking area and product exhibition. There were also five experiential areas dedicated to our IoT technologies, Big Data, Artificial Intelligence, Blockchain, Cybersecurity, Cloud, that attracted a good number of professionals.

Telefónica Tech stand institutional visit

Our stand also hosted representatives from different institutions, such as Francisco de la Torre, the mayor of Malaga, Juanma Moreno, the president of the Junta de Andaluca, and Francisco Salado, the president of the Malaga Provincial Council, on the opening day. They were accompanied by María Jesús Almazor, CEO of Telefónica Tech, and Joaquín Segovia, director of Telefónica’s southern territory.

Attendees enjoyed the demos we presented and our value proposition during their visit, including:

The ThinX Lab

At DES 2023, our applied technology laboratory The ThinX will be featured on Telefónica Tech’s stand

Bringing a little bit of The ThinX, our open lab for AI of Things. In our pioneer space The ThinX, clients, partners, and organizations can test their IoT projects in real conditions, reducing costs and speeding up development and deployment.

Visitors to our lab were able to see connected V16 beacons, Geotab tracking devices for fleet management, smart lighting solutions, and components of our Smart Water solution, among others, that have passed through our laboratory.

Digital Operations Center (DOC)

An area of the Telefónica Tech booth at DES 2023 was dedicated to our Digital Operations Center (DOC).

Our DOC provides comprehensive and global services for the monitoring and operation of our clients’ Cybersecurity and Cloud services.

Physically located in Madrid, Spain, and Bogotá, Colombia, the DOC, in coordination with our SOC, brings together thousands of cybersecurity and cyberintelligence experts.

Demo: Quality Control with Industrial IoT

This small demo combines advanced technologies such as our private 5G networks, Edge Computing solutions, vision algorithms and Artificial Intelligence. It automates a real-time industrial monitoring and classification task.

Audiovisual Portfolio In addition, customers could firsthand, accompanied by our experts and through audiovisual means, learn about our portfolio of solutions and capabilities. In addition, customers could learn about success stories.

Telefónica Tech eShop

Telefónica Tech eShop Corner

Because well-being and leisure time are also of importance, our visitors, clients, and friends explored and acquired some of the products from our eShop.

Our participation in talks and presentations

At DES 2023, we took part in various talks and presentations where our Telefónica Tech experts shared their knowledge, experiences, and projects:

Daniel Ribaya, Director of Cloud Products and Services, gave a talk titled ‘Discover Edge Computing With Telefónica Tech. In this talk, he discussed the role of Edge Computing technology and the benefits of bringing Cloud capabilities to where they are needed. This includes reducing response times (latency), and ensuring data security.

Daniel Ribaya, Director of Cloud Products and Services at Telefónica Tech

Telefónica Tech in Spain is at the forefront of implementing both Proof of Concepts (PoCs) and real customer deployments of Edge Computing, 5G connectivity, and the Internet of Things (IoT).

Juan Campillo, Director of Product Marketing for Cybersecurity, participated in the ‘Inspiration Theatre’ with his talk ‘Guardians of the Digital Frontier’.

Juan Campillo, Director of Product Marketing for Cybersecurity at Telefónica Tech

I would like to bring some optimism for those of us who find ourselves in the ‘valley of despair.’ A formula for cyber resilience in critical infrastructure is risk = probability x impact.

Alexis Hostos took the stage with his speech on ‘The Silent Revolution: Technology and Innovation in Future SMEs.’ Besides highlighting the importance of innovation and digitization to ensure SMEs’ sustainability and continuity.

The question we should ask ourselves is not ‘what future our SMEs can have,’ but ‘what future we want them to have.’

María Jesús Almazor, CEO of Cybersecurity and Cloud at Telefónica Tech, participated in the event ‘Meet the Disruptors: A Conversation with Game Changers and Visionaries.’

María Jesús Almazor, CEO of Cybersecurity and Cloud at Telefónica Tech

There is no single order of importance for technologies. Beyond ensuring basic technologies are implemented correctly and building more comprehensive solutions, the greatest power of digital transformation is achieved.

Alfredo Serret, our Global Managing Director of Business Development, and Manu Marin from Livall participated in the talk ‘Accelerating Towards a New Ecosystem: Mobility, Cities, and Data.’

José Luis Núñez, our Blockchain Lead, was present at the event ‘The Web3 Super App that Connects City, Businesses, and People through the New European Digital Identity (EU ID Wallet)’ at the Smart Cities & Urban Mobility Forum.

José Luis Núñez, Blockchain Lead at Telefónica Tech

Blockchain is the online digital notary for information exchanged between individuals, businesses, and services that was not public or verifiable until now.

During the second day of DES 2023, we continued to share our knowledge and experience in different presentations, talks, and panel discussions, including:

Maria Muñoz Ferrer, Business Development Director, and José Luis Domínguez, Sales Director, spoke about digital services and the use of enabling technologies such as Big Data, Cybersecurity, Cloud, and Artificial Intelligence in the presentation ‘Towards a Happy Citizen’.

Maria Muñoz Ferrer, Business Development Director, and José Luis Domínguez, Sales Director at Telefónica Tech

The application of next-generation digital technologies creates a new paradigm that also responds to digital transformation needs and the new challenges faced by relevant sectors of public management: health, employment, and tourism. All of this is aimed at providing a better citizen experience and improving service management.

Carlos Martínez Miguel, Global Director of IoT, Big Data, and Artificial Intelligence Solutions and Services, was present with his talk ‘Embracing the Power of Big Data and AI. In this talk, he discussed how organizations are leveraging business transformation opportunities enabled by Big Data and Artificial Intelligence.

Carlos Martínez Miguel, Global Director of IoT, Big Data, and Artificial Intelligence Solutions and Services

Artificial Intelligence brings significant opportunities but also significant challenges. All stakeholders must work together to manage them.

Peter Moorhead, Head of Security Pre-Sales at Telefónica Tech UK&I, participated in the panel ‘Challenges, Issues and Opportunities of Managing Global Health Locally. Big Data and Privacy,’ where he shared insights regarding data privacy in healthcare.

One of the main challenges is knowing where healthcare data is stored and how it is used, with the goal of guaranteeing patient privacy.

We couldn’t miss our appointment with the audience on the last day of DES 2023 either:

Andrés Escribano, Director of New Business and Industry 4.0, spoke in ‘Revolutionizing Industries: Exploring the Power of Industry 4.0, IoT, and Digital Technologies’ about the technologies that are transforming the industry towards a more efficient, productive, and sustainable model.

Andrés Escribano, Director of New Business and Industry 4.0 at Telefónica Tech

We can measure the real impact digitization and associated technologies have on companies’ results and KPIs.

Alberto Sempere, Director of Product and Innovation, participated in the CEO & Leadership Summit with his presentation ‘Zero Trust Everywhere, all at once. He highlighted that the current level of disruption is an overhaul for all companies and enables innovation for “differentiation paths.”

Alberto Sempere, Director of Product and Innovation at Telefónica Tech

Applying a Zero Trust mindset helps us increase our resilience and digital sovereignty.

Esther Cardenal, Senior Product Manager, participated in the Retail & Logistics Forum, in the session ‘The Wellness Center of the Future. In this session, she discussed the implementation of our video analytics and Artificial Intelligence solution in GO fit centers. Manuel Estébanez, CEO of GO fit, talked about the challenge of implementing this technology to extract knowledge from data while respecting user privacy.

Technology plays an essential role in sports and wellness center design.

Cloud AI vs. Edge AI: know their differences and choose the right approach for your AI project

AI of Things    14 June, 2023

As we discussed in a previous article, Edge AI and Cloud AI are two different approaches to implementing Artificial Intelligence developments or machine learning models.

In a nutshell,

  • Cloud AI stores and processes data on Cloud platforms or servers, where AI algorithms and models are executed.
  • Edge AI captures or receives data and runs AI algorithms and models on local devices such as wearables, IoT devices, or Edge Computing servers.

Since each approach has its advantages and disadvantages, the choice between the two models will depend on the project’s needs and requirements, context, environment, and even location.

Edge AI advantages

In Edge AI: Artificial Intelligence outside Cloud, we saw that even in environments with poor coverage or no connectivity, Edge AI can make decisions, execute instructions, or provide real-time insights or responses. This is especially crucial for critical IoT solutions in industries like manufacturing (IIoT), healthcare (IoMT), or mobility.

This is made possible because Edge devices can capture, process, and analyze data locally, close to where the data is generated or needed. For example, in factories, offices, hospitals, or farms, without the need to send large amounts of information to remote servers or cloud platforms. It can even function without relying on a permanent broadband connection or low latency.

Additionally, Edge AI offers additional advantages:

  • By processing and storing data on the device, the risk of interception or storage by third parties is reduced. It also reduces exposure during transmission or storage. This often provides greater control over the data and makes it easier to comply with local regulations regarding data protection, residency, or privacy.
  • Operational cost savings, as only the most relevant or already processed data is sent to the cloud. This typically requires less computing power and storage space in the cloud.
  • Edge AI devices can be configured and programmed according to the project’s needs at a relatively low cost, allowing for customization and adaptation to the solution to make them more efficient.
How to start programming in Artificial Intelligence: languages, tools and recommendations

Edge AI disadvantages

Edge AI devices have limited data processing and storage capacity. Some tactics, such as algorithm optimization or the use of Application-Specific Integrated Circuits (ASICs) applied to Artificial Intelligence, can improve their performance. However, their capacity is still limited compared to cloud platforms’ virtually unlimited resources.

This characteristic can limit the complexity of machine learning models and Artificial Intelligence algorithms that can be executed on Edge AI devices. This is particularly relevant to devices like wearables or IoT sensors that operate on battery power. Algorithm execution consumes significant energy, diminishing autonomy.

Additionally, it’s worthwhile to consider that:

  • Incorporating Artificial Intelligence or machine learning capabilities into specifically designed devices can result in higher hardware costs than equivalent devices or IoT sensors without this capability.
  • For the same reason, these devices often require more maintenance, both at the hardware and software levels, to ensure they remain updated and operational.
  • Although storing and processing data locally has advantages, Edge AI devices are also vulnerable to security or privacy breaches and attacks, exposing their data to potential attackers. Encryption or obfuscation can help protect Edge AI data.
Raspberry Pi for Edge AI: Artificial Intelligence at the Edge for Everyone

Cloud AI advantages

Scalability, capacity, and accessibility are some of the main attributes and advantages of the Cloud. Cloud AI is capable of processing and storing large amounts of data, even massive volumes, adapting to the needs and demands.

Cloud AI also:

  • Often, they utilize well-known platforms with abundant training and informational resources. This streamlines the deployment of Artificial Intelligence models through intuitive interfaces and training and deployment tools that simplify implementation.
  • For this reason, implementing Cloud-based Artificial Intelligence solutions can be simpler and cheaper than implementing Edge AI solutions on proprietary hardware. The cloud allows companies to pay only for the resources they need (pay-as-you-go), saving costs on infrastructure, maintenance, and personnel.
  • It is accessible from anywhere and at any time, as long as there is an internet connection. This enables remote and real-time access to processed data, facilitating integration with other existing applications and business processes.
  • Additionally, automatic hardware and software updates provided by Cloud providers ensure that Cloud AI solutions run on up-to-date platforms with the latest security updates.

Cloud AI disadvantages

  • Availability and latency (the time it takes for data to be sent and received between the device and the cloud) can be problematic for applications that require real-time response.
  • Data processing and machine learning consume high resources, increasing operational costs.
  • Sending data and information to Cloud platforms can pose risks, regulatory non-compliance, and even data exposure, especially when dealing with sensitive data transferred to third-party Cloud platforms in cross-border regions.
  • Cloud AI applications require a robust and capable internet connection. This can be a hurdle in environments or areas with limited connectivity, low bandwidth, or no connection or coverage.
What is AI-winter and how to avoid it

Differences in Security: Risks and Challenges

As we have seen, both approaches entail risks and challenges regarding data security.

Edge AI is worth noting for the following reasons:

  • Edge devices, being located in accessible physical environments, may be more prone to physical attacks, including theft, breakage, or tampering.
  • Edge devices are also vulnerable to interceptor attacks during data transmission or storage on the device.
  • The diversity and quantity of Edge devices and proprietary developments can make security updates challenging, leaving them vulnerable to threats.
  • Limitations of Edge devices can also hinder sophisticated security measures, like end-to-end encryption or biometric identification.

Risks and security challenges in Cloud AI:

  • Cloud service providers implement appropriate security measures to prevent data theft, leaks, or security breaches.
  • In some cases, sensitive data may be subject to specific regulations regarding data location and residency. If cloud providers fail to comply with these regulations, they risk regulatory non-compliance.
  • When using third-party cloud services, data protection policies and privacy regarding data protection depend on the Cloud provider.
  • The time required to transmit data to and from the cloud (latency) can create delays, which can be problematic for applications requiring real-time responses. Additionally, lack of connectivity or interruptions can affect cloud services availability and access.
A concept popularized by a former Google CEO is more relevant today than ever

When is Edge AI more suitable? When is Cloud AI better?

The choice between Edge AI and Cloud AI depends on the specific use case. This will depend on factors such as connectivity availability, scalability, or data sensitivity.

Edge AI is highly suitable for situations where real-time response is required or network connectivity is limited.

For example,

  • In industrial environments, Edge AI allows for real-time processing of sensor data without latency, ensuring no interference with the production process.
  • In healthcare, Edge AI can process patient information without medical data leaving hospital premises. This provides an immediate response that is vital in critical situations.
  • Self-driving robots, autonomous vehicles, drones, or AGVs (Automatic Guided Vehicles).

On the other hand, Cloud AI is more suitable in situations where scalability is essential to handle large volumes of data.

For example,

  • In logistics or e-commerce companies, Cloud AI enables efficient processing and analysis of vast amounts of information, including user data, customer data, and transactions.
  • Banking risk analysis and fraud detection require processing large amounts of data to identify complex patterns. This is done to detect suspicious or fraudulent operations.
  • In services like automatic translation or voice recognition, Cloud AI can perform large-scale language analysis and understanding, improving response accuracy and quality.

Some applications will require immediate response and less dependence on network connectivity, while others will require extensive processing and data analysis capabilities.

These free Google courses will get you started with generative-AI

Ethical considerations: a common need for both approaches

Both Edge AI and Cloud AI require careful consideration of data security and privacy.

  • In the case of Edge AI, it is imperative to ensure that data is adequately protected on Edge devices and that there are no risks of privacy breaches or unauthorized access.
  • In the case of Cloud AI, it is necessary to verify that Cloud service providers have appropriate security policies and measures in place to protect data and comply with data protection regulations.

In both cases, Artificial Intelligence development and models should avoid biases and discrimination. This can happen because the data used to train the models may be biased, or because the algorithms themselves unintentionally introduce biases.

To mitigate biases and discrimination, it is necessary to conduct testing and evaluations that identify and address potential biases. This ensures that AI systems are fair and unbiased.

Furthermore, Artificial Intelligence implementation, whether in Edge AI devices or Cloud AI, requires careful consideration of responsibility and accountability. It is critical to clearly define who is responsible for AI systems’ outcomes and functioning, and to establish mechanisms to address any issues or consequences that may arise.

Lastly, it is always critical to understand and explain how AI models work, how they make decisions, and how they generate results. Therefore, ensuring transparency and explainability of the algorithms and AI models used is essential, particularly in critical domains such as healthcare.

Artificial Intelligence ethical considerations should be comprehensively and carefully addressed throughout the entire development and implementation process. This is regardless of whether the model is applied using Edge AI or Cloud AI approach. The goal is to ensure that AI models are fair, transparent, explainable, responsible, and respectful of privacy and individual rights.

More articles in this series:

Featured photo: DilokaStudio on Freepik.

‘Insiders’ in Cybersecurity: “Catch me if you can”

Martiniano Mallavibarrena    13 June, 2023

If any of us were asked about the hypothetical appearance and profile of those responsible for a serious cyber security incident in a large company, I think we would all automatically think of the archetype that movies constantly show us: teenagers in hoodies, working with laptops full of stickers in a communal house where the music is too loud and the atmosphere is of the most “criminal” kind.

The interesting thing is that there is a significant window of opportunity for security and cybersecurity incidents within organisations: employees, temporary staff, service companies, contractors, etc.

Insider typologies

Let’s look at the different typologies of “insiders”, which is the common name used in this field to generically refer to all typologies that produce the same effect: security incidents whose perpetrator is within the “perimeter” of the organisation (as a concept, the walls of the medieval castle where the population to protect lived):

Disgruntled or resentful employees

Very often, there are employees in organisations who are underperforming or in difficult situations which often lead to tensions, sanctions, career stagnation, threat of dismissal, etc.  These people assume or know that they will be fired or that their career in the company is over or on a dead end. Faced with this prospect, some people decide to damage the company, steal data, carry out acts of vandalism (even physical) or give third parties remote access for malicious purposes.

Addictions and personal problems

Another group that is often present in organisations are those people who, for different reasons, are in a complicated personal situation: financially, emotionally, suffering from an addiction, etc. This often makes it easier for them to carry out desperate acts to get money or to attract the attention of their superiors. It also facilitates, as we will see below, extortion-type scenarios.

Bribery and extortion

Especially related to the military ecosystem and patent-linked industries (pharmaceuticals, aerospace engineering, mobile device manufacturers, etc.), cases of bribery and extortion (especially through the use of deception, prostitution, etc.) are sadly frequent. By these means, external actors manage to influence internal staff to become their collaborators (“insiders”).

Political, religious motivation – Activism

In some cases, especially in sectors where ethics and personal beliefs can play an important role, “opinion or belief” type motivations can be critical: sectors such as the arms industry, pharmaceuticals, etc. They can provoke extreme reactions among their staff (the case of employees who left Google in 2018 because of the company’s relations with the US DoD on the JEDI or Marven projects is very significant).

Negligence and accidents

This group also has its place in the general statistics: internal staff who through negligence cause security incidents: either by a constant effect (Example: not having configured a system properly and leaving it exposed to the Internet without proper protection), or by a specific act at a given time (Example: forgetting a pendrive or confidential documents in a cafeteria which causes a scandal in the media).

Human factor key in cyber security

What can we do as a company?

All these circumstances often lead to an “insider” type of behaviour, where we must not forget that we also have other groups such as temporary staff, interns and trainees, temporary consultants and auditors or service companies (cleaning, catering, maintenance) who have access to our offices, sometimes at unusual times and with special access to systems or premises.

The key question now is what can we do as a company? It is a really complex problem as the casuistry is very broad (what company does not often have isolated people in remote locations?).

Early detection

The main point to comment on is the early detection of potential high-risk or high-profile individuals. Normally, corporate security has a regular link with the Human Resources area (people management) and these people are usually identified jointly for supervision, sanctioning, etc.

  1. As mentioned above, one possible case would be that of people who are really angry with the company by vandalising it or people with clear addictions who ask for financial advances on their salary every month. Complaints or comments usually first reach human resources: fights in the cafeteria, vandalism in certain areas, people with symptoms of alcoholism or working under the influence of substances, etc.
  2. In the same block, some organisations use platforms generically called “People Analytics” to detect inconsistent or suspicious patterns of behaviour that may be predictive of future problems: long after-hours connections, failed attempts to access corporate systems, sudden unjustified changes in working hours, radical changes in their social activity in the company (on internal social networks, Intranet-type portals, etc…)

Focus on the risk (not the motivation)

In the field of cybersecurity, we must have our protection, prevention and detection systems well configured to be able to cover the case of the insider actor in the right way.

Obviously, the approach is to focus on the risk and not to analyse the motivation. Some commonly used platforms include:

  • CASB (Cloud Access Security Broker) type platforms often detect many anomalous situations which, if properly dealt with, can be related to “insider” incidents (e.g., massive out-of-hours file movements to personal storage services) or recurrent use of unauthorised software to connect to atypical locations on the Internet.
  • DLP (Data Loss Prevention) type functionalities which, being oriented to legal problems with data loss or data leaks, may be the first phase of a much bigger problem, if successful, as the insider will continue to escalate his attack in search of the greatest possible damage.
  • IAM (Identity & Access Management) type services that will alert us in case of inconsistent or exceptional situations in terms of connections (logins, failed attempts, etc.). A typical case could be the use of a non-privileged account on a personal computer of a person using classified information. This case could correspond to that of an insider spying on the computer of the person in charge or the finance department (perhaps the owner did not lock the system during his or her lunch break…).

Prepare a forensic report

If we finally have an incident involving “insiders”: In this case, the way of working is usually the conventional one (DFIR type services, Threat Hunting type analysis on SIEM or EDR/XDR type platforms) but with the important nuance that we may have to produce a forensic report that can be used in a judicial process.

In these cases, the extraction and custody of evidence must follow certain guidelines and the same with the legal aspects (especially if a report has been made to the police or corresponding security body).

Most of the investigations into this type of situation will undoubtedly have to go through two types of systems:

  • Authentication and access: As mentioned above, of the IAM type or similar, where we can carry out searches and checks on all types of accesses or access attempts to connect them with an account that will be completed on other platforms.
  • Activity on personal computers: Normally, actors of this type will use their own or personal computers or those of colleagues or managers to carry out their malicious activity. Therefore, investigations of this type often use EDR or XDR type platforms to obtain these suspicious patterns based on complex queries.

The rest of the systems to be used will almost always be the end systems affected (if applicable): financial or commercial platforms, document management systems, etc. And the aforementioned perimeter protection systems (SASE, CASB, DLP, etc.).

Two final conclusions

  1. Not assuming that we may have the “enemy at home” is a fundamental mistake that precedes many serious security incidents. The motivations vary but the risk is always the same. If we as an organisation do not pay the same attention to the outside as we do to the inside, we are creating a significant risk.
  2. Early detection is the best measure we can take to try to minimise the occurrence of such events. Many of these people are just out for revenge, to send a message or to compulsively solve a personal problem. If we can identify them, there is room for peaceful resolution.

Let us never forget the quote from “The Godfather (Part II)”,

“Keep your friends close, but your enemies closer”.

FF Coppola, 1974
Human Factors in Cybersecurity: Protect Yourself

Cyber Security Weekly Briefing, 5 – 9 June

Telefónica Tech    12 June, 2023

Barracuda warns of immediate replacement of compromised ESG appliances

Security firm Barracuda has issued a warning in which it is urging organisations affected by the 0-day vulnerability (CVE-2023-2868) in their Email Security Gateway (ESG) appliances to replace them completely. Although it has been patched and the attackers’ access to the compromised devices has been removed, the company’s recommendation is to immediately replace the affected devices, regardless of the version of the patch installed. The exact scope of the incident is still unknown.

The vulnerability, which has been exploited for at least seven months, allows remote code injection into incoming email attachments, installing custom malware, uploading, or downloading files, executing commands, establishing persistence and setting up reverse shells on a server controlled by a malicious actor. Affected users have already been notified via the ESG user interface. Barracuda urges organisations that have not yet replaced their devices to contact support urgently by email.

More info

Joint CISA and FBI Advisory regarding CLOP ransomware

As part of the #StopRansomware campaign, CISA and the FBI have jointly issued an alert including new tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with the CLOP ransomware. The advisory highlights the group’s exploitation of CVE-2023-34362, a 0-day vulnerability in MOVEit Transfer, to execute a webshell called LEMURLOOT on victims to steal data.

CLOP, in a statement on its TOR network website, acknowledged that this vulnerability has compromised hundreds of companies and that it is giving those affected until 14 June to contact them and begin ransom negotiations. If they do not reach an agreement within 72 hours of the start of negotiations, they will publish the data.

Also, Kroll researchers discovered evidence of similar activity was found in logs of affected customers in the past, indicating that threat actors were testing access and data mining on compromised MOVEit Transfer servers since at least 2021.

More info

Critical vulnerability in Cisco products

The company Cisco has issued several security advisories to correct up to a total of 8 vulnerabilities, 2 of which are classified as critical, 3 as high risk and 3 as medium risk. Among the most critical security flaws are those affecting the Cisco Expressway Series and Cisco TelePresence Video Communication Server products, which have been registered as CVE-2023-20105 and CVE-2023-20192. Regarding the first vulnerability, it derives from the incorrect handling of password change requests, which would allow an attacker to alter the passwords of any user on the system.

As for the second, it could allow a local, authenticated attacker to execute commands and modify system configuration parameters. Cisco says there is no evidence that these vulnerabilities have been exploited, but recommends that users update their assets as soon as possible to mitigate these security flaws.

More info

New Chrome security update

Google has issued a security update for its Chrome browser in which it addresses two security updates, one of which is classified as highly critical. This security flaw was identified by security researcher Clément Lecigne on 1 June 2023, being registered as CVE-2023-3079, and still pending CVSS. It is a vulnerability in V8 that would allow a remote attacker to create an HTML page that triggers privilege escalation and execute arbitrary code.

It should also be noted that Google has indicated that it is aware that an exploit for this vulnerability exists. This security flaw has been fixed with the update in versions 114.0.5735.106 on Mac and Linux devices and 114.0.5735.110 for Windows. 

More info

Image: Freepik.

These free Google courses will get you started with generative-AI

AI of Things    8 June, 2023

Google Cloud has recently launched some new free courses focused on Generative Artificial Intelligence. Generative Artificial Intelligence is a branch of Artificial Intelligence (AI) that focuses on content creation, enabling a “more interactive way of interacting with information” and data.

Some of the most well-known examples of generative artificial intelligence include ChatGPT, Midjourney, or Bing, which demonstrate the potential of this technology for automatic content generation.

In the past few weeks, Google Cloud has released up to ten online free courses related to Generative Artificial Intelligence. The introductory courses are suitable for any level of technical knowledge and can be completed in minutes. Others, though fewer, are intended for intermediate levels.

The courses are available and accessible to anyone interested in learning. After each video, there is a short quiz to validate what has been learned.

How to start programming in Artificial Intelligence: languages, tools and recommendations

Introduction to Generative and Responsible Artificial Intelligence

The learning path in Generative Artificial Intelligence designed by Google Cloud includes a general introduction to this field. It also includes image generation, and language models such as LLM.

Furthermore, more specific topics are addressed, such as Google Cloud’s Vertex AI platform for building, training, and deploying machine learning models. There’s also Generative AI Studio, a tool that allows prototyping and testing of generative models.

Among the offered courses, Introduction to Responsible AI focuses on the responsible development of Artificial Intelligence. This microcourse addresses the importance of data privacy and ethical considerations in all phases and processes of model development. It also explains why we need ethical Artificial Intelligence systems to achieve trusted AI.

Google Cloud’s course on Responsible Artificial Intelligence emphasizes the importance of incorporating ethical considerations in data and throughout the development stages of AI models.

While there are numerous options to get started in Artificial Intelligence, Google Cloud’s offering is an excellent starting point for understanding the foundations of generative Artificial Intelligence.

This knowledge is useful for adopting these tools capable of improving our work processes and making us more productive and efficient. It also serves as a stepping stone to continue learning about Artificial Intelligence.

5 free online courses to learn IoT (Internet of Things) in 2023

The 7 principles of Google for responsible AI

Within this course, Google’s 7 principles are also explained to ensure Artificial Intelligence models:

  1. Be socially beneficial.
  2. Not create or reinforce biases or prejudices.
  3. Be built and tested for safety.
  4. Be accountable to people.
  5. Incorporate privacy protection principles.
  6. Maintain high scientific excellence standards.
  7. Be available for uses that align with these principles.

__
Google Cloud is part of the Telefónica Tech partner ecosystem, the network of alliances that allows us to develop the most advanced solutions on the market for our clients.

Featured image from Freepik.

Typosquatting: how to detect and protect yourself

Nacho Palou    7 June, 2023

Typosquatting is a type of cyberattack that involves creating a domain name that is very similar to that of a well-known, legitimate website with the intention of deceiving users.

This type of misleading domain name can also be used in e-mail addresses to make them appear legitimate to the naked eye, but which are fake.

Typosquatting is a combination of the words “typo” and “squatting”.

The attacker can exploit common typos, misspellings or typing errors to carry out the deception. These errors may omit or change the order of letters. They can also substitute characters, replacing visually similar letters. Anything to create a misleading domain name. For example:

  • Change an “l” or an “i”, the “o” for a “0” (zero) or use “rn” instead of an “m”.
  • Register the same domain name but with a different extension, such as “.co” instead of “.com”.
  • Use a domain name with a similar appearance, such as goggle.com instead of google.com

In addition, “in this type of cyber-attacks it is very common to use alternative spellings or words with double spelling and also the use of special characters, such as hyphens”, explains Susana Alwasity, Threat Intelligence Team Lead at Telefónica Tech.

In this case, for example:

  • If the legitimate domain is bankXonline.com a typosquatting could be bankX-online.com

In either case, the attacker’s purpose is to trick users into visiting the fake site believing they are on the legitimate website.

It is from such a website (which may be the same or even a duplicate of the original site) that attackers can distribute apps and malware or steal information such as login credentials, bank card numbers or personal information.

How is typosquatting used in cyberattacks?

Typosquatting is a popular technique used by cybercriminals to launch different attacks, including:

  • Phishing attacks: attackers can create a fake login page that looks like the page of a legitimate website. When users type their login credentials into the fake page, the attacker gets hold of them to use them for malicious purposes.
  • Malware distribution: Attackers can create a fake website that prompts users to download a file or software. When users download and install that file, they are actually unknowingly installing malware on their computer or device.
  • Ad fraud: Attackers can create a fake website that generates advertising revenue by tricking users into clicking on ads. The attacker earns money for each click, even if the ads are irrelevant or harmful.

“In addition to the theft of personal information, which can lead to phishing attacks, typosquatting can also be aimed at redirecting the domain to another destination or blackmail and reputational attacks against companies or individuals,” explains Susana.

The case of the Icelandic national pólice

An example of a phishing attack based on typosquatting took place in Iceland in 2018. Then, cyber attackers used a domain name similar to the official domain of the Icelandic national police (Lögreglan, in Icelandic) to deceive citizens.

In this case, the attackers registered a domain that replaced the “l” with an “i” (logregIan.is instead of logreglan.is), making it appear at first glance to be the legitimate domain of the country’s police. But it was not.

As in the previous paragraph, in the email the “i” in the URL was capitalised (“I”) to make it look like an “l”. At first glance, and taking advantage of the fact that our brains sometimes read words that are not words, many recipients did not detect the deception.

Converting the text to small caps reveals the deception: what looks like a lowercase “L” is actually a capital “i”.

They then used that domain to create a fake website that looked exactly like the legitimate website. And they sent phishing emails asking the recipient to access that URL and enter personal information.

The full story and analysis of the attack can be found at Police Phishing Attack Targets Bank Credentials.

How to detect and protect yourself from typosquatting?

Often, as in the case of Lögreglan, it is not easy to detect and protect yourself from typosquatting. But following these recommendations from our experts at Telefónica Tech helps to reduce the risk:

  • Look at the URL before accessing a website or the sender’s email extension when it is an email: look for spelling mistakes or other suspicious elements in both the domain name and its TLD extension (.com, .es,.co…).
  • Manually copy and paste the URLs of links received by email: this prevents the malicious destination URL from being hidden under a linked or anchor text.
  • If in doubt about what is actually written in a URL or email address, copy and paste it into a text processor such as Word: changing the font helps to detect visual deception because some fonts reveal the differences between characters better than others. It also helps to convert the text to capital letters. Word also detects the language, which is very useful when typosquatting using letters of the Cyrillic alphabet.
Although they look the same, the letters ‘A’ and ‘J’ of the Cyrillic alphabet are different characters from the ‘A’ and ‘J’ of the Latin alphabet.
  • Use a password manager: password managers automatically enter access or login credentials only on legitimate sites, where the credential was generated.
  • Install antivirus software: they are useful for detecting and blocking malicious websites that could be used in typosquatting attacks.
  • Don’t trust the little padlock 🔒 in the browser bar: at first glance it reveals neither the authenticity of the certificate, nor who it belongs to, nor its intentions.
  • Enable two-factor authentication: two-factor authentication adds an extra layer of security, making it harder for attackers to steal login credentials on websites or apps.
  • Enable Google Passkeys: This is a Google identification or login method that combines the benefits of password managers and two-factor authentication in the same process.

It is important to check every little detail in a URL and to be suspicious, no matter how small the error may seem. It is advisable to invest time in prevention, as the consequences can be harmful and irremediable. -Susana Alwasity, Telefónica Tech.

How does Google Passkeys protect against typosquatting?

Google Passkeys generates unique and complex passwords for each website the user visits. When the user visits a website, Google Passkeys automatically fills in the login credentials, such as username and password.

With Google Passkeys, there is no need to remember or type the password on apps and websites, minimising the risk of the user mistakenly typing their login credentials on a fake website.

How language puts business Cybersecurity at risk

Continuing with the example above, if a user trying to visit google.com mistakenly ends up at goggle.com Google Passkeys will not work because there is a difference in the domain. So it will not automatically enter the login credentials. If this happens, it is best to leave the website, without trying to enter the credentials by hand.

Conclusion

Typosquatting is a cyber threat that can result in identity theft, account theft, financial and reputational loss, or lead to ransomware, among other possible consequences.

Therefore, it is always important to pay attention to URLs and email addresses that may be suspicious or of unknown origin, in order to minimise the risk and protect yourself from this type of cyberattack.

Featured image: Freepik.