Cybersecurity in OT: a need with differences

Diego Samuel Espitia    19 December, 2022

Cyber incidents in industrial environments have been increasing significantly since 2010, but it is undoubtedly in the 2020s that these incidents have affected the general population or made the news.

There are several examples:

  • 2015: Ukraine’s power grid was shut down after a worker opened a hoax email (phishing).
  • 2017: criminals were apparently able to override the entire protection system of a petrochemical plant in the Middle East.
  • 2021: the USA’s largest oil pipeline had to stop the flow of fuel for 8 days after a worker’s password was compromised and used to hijack the control system.

These are just a few examples of incidents that have occurred in recent years. As can be seen in many cases caused by employees’ actions.

Differences in approaches to cybersecurity

This is due to several circumstances, but the main one is due to a difference in the mentality associated with security.

In industrial environments, terms such as Anti-DDoS, two-factor authentication or other common expressions in IT security environments are not even unknown.

There is a difference in mindset and training related to cybersecurity between corporate and industrial environments

It is these differences that generate many of the drawbacks in implementing or enforcing security measures at the convergence between IT and OT (operational technology) environments. So, this provides a great lesson for security teams, where it is not possible for the security approach between IT and OT to be the same, making it necessary to clearly understand the root cause of these differences.

The vision of priorities in IT and OT

We have always talked about cyber security being based on three pillars, which are integrity, reliability, and availability. These are the same in any system that handles information, but the priority we give to them is different.

  1. Decision-making in corporate environments (IT) is fundamentally based on data, so data reliability is the priority objective.
  2. Very different in operational environments (OT) that, when interacting with physical environments, data is required in real time in order to have control of the operation, which orients cyber security to give priority to availability.

This change of focus means that processes such as automatic updates, micro-segmentation or any action that generates a delay in signals or a shutdown of the operation is not so simple to implement, because the priority of the operation and the problems that these detections generate are more important and prioritised than the implementation of a patch or a security requirement.

Vulnerabilities, threats and cyber-attacks on industrial systems

Calculating cyber risk

One of the first steps in cyber security is the calculation of cyber risk, which is why all standards and best practices show how to perform risk calculations and the importance of putting in place controls or mitigation measures to reduce risk.

It is always said that the probability of the attack by the impact it generates on the operation, but in operational environments it is said that these two are not the only factors to consider for industrial cybersecurity, but by having the aforementioned interaction with the physical world it is essential to place the parameter of the consequence within the equation.

This additional parameter in the equation drastically changes the risk assessment and includes valuable details for operators, whose main focus of security is on life or impacts on their environment, which are never taken into account in IT.

The importance of devices

In addition to the risk analysis, operational environments have clearly identified devices that are essential to the operation, which are often considered the “crown jewels” and which emerge from the process analysis.

Many of these “jewels” are often very old equipment, which from an IT point of view are obsolete, but within the operation are normal times and even within the warranty of the equipment, which shows that security and changes have different speeds between environments.

Cyber security concepts

Cyber security terms are new to the world of operations, which until less than 5 years ago (even today) relied on the fact that, because they are not connected to the internet, cyber threats do not affect them. That certainly no longer applies, but it brings with it the need to understand and manage concepts that are new.

Even the most common concepts of Cybersecurity have not yet permeated industrial companies with sufficient force

As we said at the beginning, concepts such as Anti-DDoS are not only unknown, but in some cases inapplicable, but also standards such as IEC62443, models such as Purdue or standards such as NIST, have not permeated strongly enough in industrial companies, so they are still concepts that are not known or are not fully applied.

This is a challenge for Industry 4.0, which is gradually being worked on, but which opens a window for cyber-attacks that affect many areas of society, as the interaction with physical elements in systems such as water treatment can affect millions of people.

Cyber Security Weekly Briefing, 10 – 16 December

Telefónica Tech    16 December, 2022

Microsoft fixes in its December Patch Tuesday two 0-day vulnerabilities and 49 other bugs

Among the fixed vulnerabilities, two of them are 0-day, one of them actively exploited and identified as CVE-2022-44698 and CVSS 5.4, which refers to a bypass vulnerability in the Windows SmartScreen security feature.

An attacker could exploit this vulnerability by creating a malicious file that bypasses Mark Of The Web (MOTW) security, resulting in the loss of security features such as protected view in Microsoft Office. Threat actors exploited this vulnerability through malicious JavaScript files in numerous malware distribution campaigns.

The other 0-day, identified as CVE-2022-44710 and CVSS 7.8, would allow privilege escalation of the DirectX graphics kernel. The rest of the fixed bugs would allow information disclosure, denial of service and impersonation.

Finally, Microsoft has included in its update, 29 improvements and fixes among which fix problems in Task Manager, Microsoft OneDrive or Windows Spotlight.

More info

* * *

Citrix fixes actively exploited 0-day vulnerability

Citrix has issued a security alert warning administrators of a critical, actively exploited, 0-day vulnerability affecting Citrix ADC and Gateway. This flaw, tracked as CVE-2022-27518 and still awaiting CVSS score, would allow an attacker to remotely execute code without authentication.

Affected Citrix ADC and Citrix Gateway versions would be those prior to 13.0-58.32 and would be corrected by updating to current 13.0-88.16 or 13.1 versions. Although the company has not yet offered any further details, the security note mentions a small number of targeted attacks taking advantage of this vulnerability.

 The National Security Agency has issued an advisory stating that the attacks would be attributed to the group known as APT5, UNC2630 or MANGANESE and includes detection and mitigation steps.

More info

* * *

New Apple 0-day vulnerability exploited

Apple has released the monthly security bulletin fixing vulnerabilities affecting iOS/iPadOS 15.7.2, Safari 16.2, tvOS 16.2 and macOS Ventura 13.1, including the tenth 0-day of the year affecting iPhone devices, which could be actively exploited.

Specifically, this security flaw identified as CVE-2022-42856 is a problem in Apple’s Webkit browser engine, which could allow threat actors to create a malicious website specially designed to use code execution on a vulnerable device.

This vulnerability was discovered by security researcher Clément Lecigne, a member of Google’s threat analysis team, and although no further details on this issue are available now, it is expected that more information on this vulnerability will be published sometime after the patches are released once users update their devices.

More info

* * *

Royal ransomware becomes a potential threat

Researchers from Cybereason Global SOC and Cybereason Security Research Teams have published an analysis of the Royal ransomware group, describing its tactics, techniques and procedures (TTP).

The ransomware was detected earlier this year, but it was not until September that it began using its own ransomware, making it the most active ransomware at the moment, surpassing Lockbit. Royal’s entry vectors are diverse, one of them being through phishing campaigns, also using loaders such as Qbot or BATLOADER, which subsequently implement a Cobalt Strike payload to continue the infection operation.

The ransomware is also known to employ multiple threads to speed up encryption, and to use partial encryption, making detection more difficult. Researchers estimate that Royal is made up of former members of other ransomware groups, specifically pointing to Conti.

Cybereason also points out that Royal ransomware is a high-potential threat, because its victims are not sector-specific and are spread across the globe.

​More info

* * *

​​Atlassian cookies allow unauthorized access even with two-factor login enabled

Recently, security company CloudSek was the victim of a cyberattack and its internal investigation has uncovered a vulnerability in Atlassian products.

CloudSek identified that the threat actor gained access to an employee’s Jira account by using a session cookie stolen with a stealer and sold on the darkweb, which led the investigation to reveal that cookies in Atlassian products (Jira, Confluence, Trello and BitBicket) remain valid for 30 days even if the user’s password has been changed or two-factor authentication is enabled.

Atlassian has not yet patched the vulnerability, so Cloudsek warns of the wide-ranging impact it could have given that it affects more than 10 million users of the 180,000 companies that have signed up for Atlassian products.

More info

Cloud Computing for a more sustainable future

Roberto García Esteban    15 December, 2022

Governments and businesses around the world have been trying to reduce the environmental impact of their activities since the Paris Climate Summit in 2015 and the subsequent implementation of the 2030 Agenda.

However, the increasing use of information technologies also has an impact on the environment. According to a study by Lancaster University in the UK, the use of ICT accounts for between 2% and 4% of the world’s CO2 emissions, so digititalisation must also continue to contribute to their reduction.

The use of Cloud Computing, on the other hand, can reduce these emissions. In the same way that the philosophy of cloud technology is that several customers share the same technical infrastructure and thus gain in efficiency, it also saves CO2 emissions. 

Companies that migrate their applications to the cloud reduce their carbon emissions by 84%, mainly due to the 65% saving in energy consumption

—Accenture

In other words, Cloud Computing helps to reduce the carbon footprint and can become a key element in curbing climate change because it is always more efficient to concentrate the infrastructure in large data centres than to have it dispersed in a multitude of private servers.

Renewable energy to reduce the carbon footprint of data centres

Data centres consume an estimated 200-terawatt hours (TWh), or 1% of the world’s energy demand. Approximately 86 TWh are consumed by the big three hyperscalars: Amazon Web Services, Microsoft and Google.

This is even though these hyperscalers data centres can boast of being much less electricity intensive than those run by individual companies, as they have a Power Usage Effectiveness (PUE) value of around 1.1, i.e., they only need an additional 0.1 KWh for every KWh consumed by the servers to cool or maintain them.

Major hyperscalers data centres are making great efforts to reduce their energy consumption and consequently their CO2 emissions

Major hyperscalers data centres are making great efforts to reduce their energy consumption and consequently their CO2 emissions, relying increasingly on renewable energies to reduce the carbon footprint emitted by their data centres.

In the case of data centres, the cost of cooling is particularly relevant, as keeping the rooms that house these data centres at an optimal temperature requires powerful air conditioning systems to compensate for the heat emitted by thousands of servers operating at full capacity.

Architecture, digitalisation, and sustainability as pillars of the transformation of football stadiums

Alternatives: data centres under the ocean or in the Arctic

The most peculiar alternatives are currently being pursued in order to reduce these cooling costs. In 2018, Microsoft launched the Natick project, which consisted of placing a data centre at the bottom of the Atlantic Ocean one kilometre off the coast of the Orkney Islands (Scotland), where there is an important renewable energy centre that generates one hundred percent of the electricity consumed by its inhabitants and which powered the data centre in its entirety.

The Microsoft Natick project in 2018. Photo: Microsoft Research

The cold Atlantic waters kept the data centre cool and at a near-constant temperature and, believe it or not, the absence of human intervention was shown to reduce the failure rate.

When the data centres were recovered two years after the start of the project, it was found that of the 864 servers that had been submerged, only eight had experienced any kind of failure, which is about eight times less than the usual failure rate.

The seabed is not the only particular location for a data centre. Underneath Helsinki’s Uspenski Cathedral is an Equinix data centre inside a former air raid shelter that uses the cold waters of the Baltic for cooling and heats the water that heats some 500 Helsinki homes with the heat it emits.

Luleå Data Center. Photo: Meta / Facebook

Meta (Facebook) built another data centre in Lulea, Sweden, very close to the Arctic Circle, where temperatures rarely rise above ten degrees Celsius, which contributes to the data centre’s energy needs being approximately 40% lower than average.

The challenge of becoming more efficient and sustainable

AWS (Amazon) also announced in 2014 its commitment to the use of clean energy sources and in 2018, 50% of the energy consumed by the multinational was already of renewable origin.

To this end, it has its own solar farms, some of the most important in the world being those it has built in Seville and Zaragoza (Spain).

Finally, Google wants its data centres to run on clean energy 24 hours a day by 2030, for which it is offsetting its emissions and buying solar and wind energy for its facilities.

Companies that find the most efficient solutions will have a significant competitive advantage in terms of savings and also in terms of reputation.

So energy efficiency and sustainability are key parameters when designing a data centre. Companies that find the most efficient solutions will have a significant competitive advantage in terms of savings and also in terms of their image in society.

In short, Cloud is proving to be one of the great allies of sustainability, so that migration to Cloud Computing not only brings productivity improvements or economic savings, but also becomes a very important aid in curbing climate change.

Leave a Comment on Cloud Computing for a more sustainable future
Roberto García Esteban
Roberto García Esteban

Ingeniero de Telecomunicaciones por la UPM, diplomado en Administración y Dirección de Empresas en la UNED y MBA Executive por el Instituto de Empresa. Actualmente trabajo como Product Manager de servicios cloud en Telefónica Tech. Soy muy futbolero (por supuesto, del Real Madrid ), si bien me gusta seguir y practicar todo tipo de deportes (es fácil que me veas en una carrera popular por las calles de Madrid). Aunque mi verdadera pasión es disfrutar de una buena conversación con mis amigos o mi familia.

AI of Things (XIII): Data visualisation for optimal fleet management

AI of Things    13 December, 2022

Witten by Víctor de Andrés
AI & Analytics Full Stack Engineer at Telefónica Tech

There is a current growing need for companies with fleets of vehicles to analyse the performance of their fleet and to anticipate preventive maintenance of vehicles. This requires a visualisation that allows us to see the most important indicators in a clear and simple way.

In order to create an efficient visualisation that helps us to optimise the management of the vehicle fleet, the following steps should be followed.

Definition of KPIs

Each vehicle in the fleet generates a large amount and variety of data. Therefore, the first step is to create a list of the most important KPIs, those that will help us to achieve our objectives in a quick and easy way.

Once we have defined our list of KPIs, we will group them according to the nature of the KPIs. We must ensure that the storytelling of the visualisation has continuity.

An example of grouping, at a very high level, could be as follows:

  • Driving behaviour data.
  • Vehicle status data.
  • Alarms.

This grouping will allow us to create a first level of aggregation in our visualisation. In this way, the user will have quick and intuitive access to the KPIs they wish to visualise.

Aggregation levels

Prior to starting with the development of the visualisation, there is another important point to define, the level of aggregation.

As we have indicated above, each vehicle provides us with a large amount and variety of data. In order to be able to carry out a correct visualisation, it is necessary to define aggregation levels that allow us to carry out the different analyses of the KPIs based on common metrics.

An example of aggregation levels would be as follows:

  • Date.
  • Vehicle manufacturer / make.
  • Vehicle model.

These levels of aggregation are also defining the possible filters that we can have in our visualisation.

New business opportunities using Internet of Things (IoT)

Data organisation

Another important point for an optimal visualisation of the data is the organisation of the KPIs within each of the groups that we have previously defined.

At the top of the visualisation we should always have the most important KPIs for the user and those with the highest aggregation. This will make it easier for the user to read the visualisation.

We should always remember that the information the user should find is from most to least important, allowing the user to dive into the information in the logical direction of reading

In the event that the number of KPIs to be represented had to be divided into several screens, we would follow this same pattern.  

Chart selection

The selection of charts for the representation of information is also important. Depending on the information we want to represent, we will have to use some graphs or others, as each type of graph is used to show a certain type of information.

Some of the most common graphics that can be used are the following:

  • Bar chart: This chart is used to summarise data sets in categorical form. This chart will allow us to make comparisons between two or more values.
  • Pie chart: Pie charts are used to show the proportional share of a data set over the total data.
  • Line chart: Used to show series of data over a continuous range, usually over time. Allowing us to see at a glance both the general trend of a KPI, as well as the simultaneous comparison with other KPIs in the same time range.
  • Histogram: Visually similar to a bar chart, but instead of comparing categories, it shows how the data for a single category is distributed over time.
  • Area chart: Similar to line charts, these charts are used to represent cumulative totals over time. In addition to representing a proportional share of a total, area charts are used to show the distribution of data for a single category over time.

These are some of the types of graphics we can work with. But the ones described above are the ones we will mostly work with when we develop our visualisation for the control of a fleet of vehicles.

Another important characteristic to consider when creating the graphics is their colour. The colours must be within the range of colours of the corporate style and must not be informative.

Titles

Once we have defined all the graphs that we are going to include in our visualisation, the last step we must take is to define the titles of each graph.

Each graph must have a title that tells the user what the graph represents. This information is very important because we are indicating to the user what we are representing in each KPI.

Conclusion

Once we have developed our visualisation with the steps we have seen above, we will be able to proactively manage our vehicle fleet. This visualisation will allow us to, among other actions, for example:

  • Obtain different insights on the condition of the vehicles and carry out proactive maintenance that allows us to reduce the repair time of the vehicles, as well as their useful life.
  • Know the behaviour of drivers to be able to drive more efficiently and increase driver safety.
  • Optimise delivery routes to optimise distribution costs.

Here are some examples of the benefits that can be gained by having a visualisation for fleet management.

🔵 More content on IoT and Artificial Intelligence can be found in other articles in our series – the first article of which can be found here,

AI of Things(I): Multiplying the value of connected things
AI of Things
AI of Things

Desde la unidad de negocio de AI of Things, Telefonica Tech ayuda a sus clientes en su proceso de transformación digital unificando las capacidades de IoT, Inteligencia Artificial, Big Data y Blockchain.

XVI STIC Conference: 5 trends in Cyber Security highlighted by our analysts for 2023

Félix Brezo Fernández    12 December, 2022

The CCN-CERT STIC Conference has been a classic security event at the end of the year for more than a decade. Held between 29 November and 1 December 2022 at the Kinépolis in Madrid, the National Cryptologic Centre has once again organised an event with several rooms in parallel and a multitude of talks.

This year’s topics ranged from regulatory issues to Threat Intelligence research with a geopolitical slant and a clear defensive focus on threat modelling and the value of people as fundamental elements in defensive management. 

This year Telefónica Tech Cybersecurity & Cloud has had a representation of the Threat Intelligence Platform & Reports team who attended the event to take note of the trends, TTP and threats that the different manufacturers and suppliers have marked for 2023.

In this regard, in this article, we have compiled a chronicle of the talks of greatest interest to our team of analysts.

Cyber Intelligence in the National SOC Network: Telefónica Tech a leader in sharing

One of the main elements of the conference revolved around Cyber Intelligence Sharing (CIS). The second day’s talks revolved precisely around the National SOC Network (RNS) project sponsored by the National Cryptologic Centre itself.

The initiative aims to be a focal point for the sharing of cyber-intelligence at national level and makes available the information known and reported on security events identified in the different national SOCs.

Each of the events reported to the platform is valued according to the nature of the information shared with different criteria, rewarding those events that describe specific tactics, techniques and procedures seen in them, as well as detection rules (Yara, Snort, STIX, etc.) of similar behaviour.

Telefónica Tech Cyber Security & Cloud is the organisation that leads the ranking in terms of contributions since the beginning of the project

Telefónica Tech definitively joined the initiative at the beginning of September and the work carried out by our colleagues has been explicitly recognised by the CCN-CERT at the conference for clear reasons: Telefónica Tech Cyber Security & Cloud is the organisation that leads the ranking in terms of contributions since the beginning of the project. The effort made to integrate the information generated from different services of the Digital Risk Protection, malware or SIEM teams is bearing fruit in an activity that, moreover, is publicly recognised by public bodies such as the Cryptologic Centre itself.

Supply chain and industrial environment security: a strategic priority

The sophistication required to carry out supply chain attacks shows that the structures and resources needed are far from being accessible to single adversaries. While MITRE’s proposed definitions of supply chain attacks have not previously focused as much on supply chain or mitigation solutions, the System of Trust (SoT), a proposed methodology for monitoring supply chain risks in an objective manner, has already been proposed in July 2022.

At the same time as integrating security controls that take supply chain risks into account from their design, at Telefónica Tech Cyber Security & Cloud we have promoted several initiatives with different organisations that also focus on another environment: industrial control systems, which also includes MITRE in its ICS (Industrial Control Systems) matrix.

Proprietary solutions such as Aristeo aim to facilitate the task of identifying attack patterns related to these environments which, by their nature, have higher barriers to entry than conventional ones.

In the Aristeo project, industrial decoys (honeypotting) are used to attract attackers, extract information, and generate intelligence to help protect our clients

The complexity involved in emulating complete plants and industrial centres in Telefónica Tech Cyber Security & Cloudand the wide variety of systems and platforms under control make understanding how they work and how they interact a necessary first step in securing these systems.

Name the malware you have, and I’ll tell you which botnet you belong to

Cyberspace as a battlefield

The importance of cyberspace as a scenario that cannot be ignored when planning national defence strategies remained in the air throughout the conference.

If around 2015 it was the Asian countries that were reorganising their military structure with the aim of equipping themselves with offensive cyber capabilities, the current geopolitical reality is showing that the trend will not only not be reversed but, on the contrary, will reinforce the thesis of those who defend the consideration of the cyber environment as a space in which to be present given the large number of connected critical infrastructures.

Cyberspace has been called the ”fifth domain”, of equal strategic importance to land, sea, air and space

The existence of units that in the case of many countries increasingly operate as regular soldiers, with their physical bases in which to train and operate, motivates the increase in cyber capabilities that must be responded to from a purely defensive point of view, on the understanding that the sophistication of these adversaries can escalate all the more the greater the interest of their sponsors.

Human factor key in cyber security

Behaviour as an Indicator: Tactics, Techniques and Procedures

The security incidents analysed by our colleagues in the Threat Hunting and Digital Forensics and Incident Response units share a common characteristic: attackers are increasingly agile in deploying new infrastructure and using specific tools in each incident. These capabilities highlight a reality that forces defensive teams to act treating observables (IP addresses, domains, files, etc.) as elements with an increasingly shorter life cycle and with less capacity to detect offensive actions, precisely because of their high linkage to specific incidents in a very specific time frame.

The trend already observed by our own teams is motivating threat modelling by increasingly considering behavioural indicators in the form of attack patterns and tools used to describe the behaviour of malicious actors linked to both common cybercrime and advanced persistent threats.

Thus, the use of terms such as TTP, attack patterns or threat modelling schemes using standards such as STIX 2.1 will become more and more trendy and the generation of intelligence that allows teams to anticipate in the defence of infrastructures will become more and more important.

Disinformation and fake news: what initiatives do exist to combat them?

The cryptocurrency ecosystem: cybercrime does not lose focus

During the workshops, real cases of actual fraud against the backdrop of cryptocurrency investment were presented. In this regard, among the workshops held during the first day, a session was dedicated to the tracking of cryptocurrency and NFT transactions.

In this regard, the capacity of specialised companies to trace cryptocurrency transactions in general and non-fungible tokens (NFT) in particular was highlighted. Specifically, those projects that do not implement privacy and anonymity concepts from the design stage, which is still the case in most projects related to cryptocurrencies, have been highlighted.

Among the most relevant trends observed is the large volume of operations identified in 2022 associated with DeFi (decentralised finance) environments, as opposed to conventional centralised exchangers

The main vehicles for carrying out scams and extortion in the NFT ecosystem are not necessarily new (social engineering remains an ideal vehicle in a particularly technically complex environment), but they have the particularity that monetisation for an adversary is much more direct if they manage to directly steal the tokens.

The effectiveness of the use of digital beacons and reverse social engineering has also been demonstrated, using different models of interaction with suspected fraudsters as a lure to track money by deploying decoys under the pretext of making a new investment and obtaining information from the attacker that can facilitate tracking, such as IP address or ASN, among others.

Along the same lines, the new component of cryptocurrencies does not escape the security flaws that may occur in smart contracts. Smart contracts are still programmed applications and, therefore, subject to weaknesses and programming errors. Thus, our colleague from Telefónica Digital, Pablo González, gave a workshop in the afternoon in which he outlined the basic principles for identifying some of the most basic exploitable weaknesses and how to set up a working laboratory to carry out security audits on Ethereum smart contracts.

A particularly practical session in which technologies and work methodologies were identified for those who want to enter a world with a lot of room for improvement that shows that the inertia points to the fact that fraud related to this technology will still be very present in 2023.

Cyber Security Weekly Briefing, 3 – 9 December

Telefónica Tech    9 December, 2022

Ninth Chrome 0-day of the year

Google has released Chrome 108.0.5359.94 for Mac and Linux, and 108.0.5359.94/.95 for Windows, which fixes a 0-day vulnerability, the ninth detected in Chrome this year.

Catalogued as CVE-2022-4262 with a high criticality according to Google, it is described as Type confusion in V8 in Google Chrome, for versions prior to 108.0.5359.94. Exploitation of this security flaw could allow a remote attacker to potentially exploit stack corruption via a manipulated HTML page.

Google has not provided further details of this flaw detected by Clement Lecigne of Google’s Threat Analysis Group on 29 November, until most users have updated their browsers.

It is worth noting that the security advisory published by the company reports that an exploit for this vulnerability currently exists.

More info

* * *

RCE vulnerability in Visual Studio Code

Google security researcher Thomas Shadwell has identified an important vulnerability in Visual Studio Code. This security flaw, identified as CVE-2022-41034, with a CVSSv3 of 7.8, could allow malicious actors to perform remote code execution, making it possible to take control of the victim’s computer.

The methodology used to carry out the attack consists of forwarding a link to a website in order to take over a Visual Studio Code user’s computer and any other device connected through Visual Studio Code’s remote development feature.

According to the researcher, this issue affects GitHub Codespaces, github.dev and Visual Studio Code web and desktop versions. It should be noted that this remote code execution vulnerability affects VS Code 1.71 and earlier versions.

It is also recommended to apply the patch released by Microsoft to fix this security flaw.

More info

* * *

Vulnerability in Netgear routers patched urgently

Within the context of Pwn20wn Toronto 2022, a bug hunting competition that has been held as part of the CanSecWest security conference since 2007, the manufacturer of Netgear devices has been forced to patch a vulnerability as a matter of urgency.

In this regard, researchers at Tenable have published an article in which, based on code published by Netgear to mitigate the vulnerability in Netgear Nighthawk WiFi6 Router (RAX30 AX2400 series) devices, they reveal details of the patched bug, namely a configuration error at the network level whereby access restriction policies were not being applied correctly to the devices when they had an exposed IPv6 interface.

The vulnerability, which at the time of writing has not yet been assigned a CVE, would be mitigated with the update proposed by the manufacturer to versions 1.0.9.90 and later.

Following Tenable’s indications, it is recommended to perform the manual check since devices with versions higher than v1.0.6.74 would not be able to auto-update automatically.

More info

* * *

High severity vulnerability in Cisco IP phone devices

Cisco has issued a security advisory warning of a high-severity vulnerability affecting several models of its branded IP phone devices. The security flaw, catalogued as CVE-2022-20968, and with a CVSSv3 of 8.1 could allow a malicious actor to cause a stack overflow, triggering a remote code execution or denial of service (DoS) attack.

While the company’s security incident response team is aware of the existence of a proof of concept, they have no evidence that it has been exploited in attacks.

It should be noted that Cisco has indicated that it will release a security patch next January 2023, and that until then it recommends a series of mitigation tips by disabling Cisco’s discovery protocol on the affected devices, which are IP Phone 7800 and 8800 Series running firmware version 14.2 and earlier.

More info

* * *

Zombinder: app repackaging service containing malware

Researchers at ThreatFrabric have published an article detailing the existence of a service on the dark web, which they have named Zombinder, that allows threat actors to add malware to legitimate apps in order to evade security controls.

The researchers point out that applications repackaged with Zombinder are 100 per cent compliant with their original purpose, so the victim does not suspect that they have been infected with malicious software, usually of the stealer type.

ThreatFrabric reports that they have mainly identified the clipper called “Laplas” and well-known information stealers such as “Ermac”, “Erbium” and “Aurora” in applications modified by Zombinder.

Finally, the service targets Windows and Android operating system app users.

More info

VMware Explore ’22 leverages interoperability among multiple & Cross-Cloud environments

Telefónica Tech    5 December, 2022

Written by Matheus Bottan
Partner Development at Telefonica Tech

Formerly dubbed VM World (brand that stamped the first editions since 2004) suffice it to say that VMware Explore is a giant pivot in the software industry evolution and is entrenched among the “don’t-miss events” for IT Marketplace and those interested in the modern app infrastructure.

During the last VMware Explore (Europe edition), in Barcelona this November, attendees, as usual, had a vast range of activities to participate in. Going from general key notes sessions with the VMware executives, to hands-on labs and hackatons with the cloud and security experts of TanzuVsphere+ and NSX.

My personal Experience at VMware Explore 2022

I focused on the partner sessions for professional reasons, went to a few tech sessions, and for fun, stood about 30 minutes in the biggest cue of the event to experiment the McLaren Racing F1 simulator (disastrous 3 laps​).

Matheus Bottan at VMware Explore 2022
Matheus Bottan at VMware Explore Europe 2022

Personally, what I take from the event is the certainty that the adoption of cross-multi-cloud environments will never stop, as admins will keep running their workloads in the best cloud that suits each app. Meaning, you’ll run artificial intelligence on GoogleCP; Workplace, in Azure; critical instances, on AWS; and so on. Also, you’d keep top secret, state-of-the-art stuff in some private Cloud as well (e.g. Dell, HP, Oracle, Alibaba, etc.). Let alone the sovereignty clouds projects of the near future.

New Tech Trends

That said, we cannot not mention K8. The moto of the event was “any app, any cloud, any K8”.

For the ones not familiar with the acronym, I’m sure you know it by its “scientific” name: Kubernetes. Google open-sourced the Kubernetes project in 2014.

Telefónica Tech's Lounge at VMware Explore Europe 2022
Telefónica Tech’s Lounge at VMware Explore Europe 2022

Similar to what VMware has done a decade ago with the Virtual Machines, K8 is now the new reality for building complex applications and it is helping to pave the way. Not only to the workplace of the future, but to whole new sectors as true Clean & Bio Tech, Future Hyper-Connectivity & Cybersecurity, Space Tourism, Quantum Computing, to name a few.

VMware’s Tanzu platform is ready to address and orchestrate the multi-cloud environments needed for these types of cutting-edge deployments.

The next wave of tech trends will be a reality pretty soon, and K8 is certainly takes part towards that evolution —as containerized apps push Cybersecurity and IoT/OT (operational technology) to evolve, thus 

  1. new kinds of network traffic emerge,
  2. new methods of deploying software appear,
  3. K8 will also evolve within its own chapters —and it seems to be future-proof, as it provides portability of workloads and is largely adopted by all industries.

I’ll elaborate in a few of those future trends and let’s speculate a bit around them, as an exercise of matching them to the subjects of the technical sessions of VMware Explore Europe 2022:

  • Trust Architectures in Cybersecurity: new type of cybercrimes will pop-up in the next decades due to the evolution of machines and software —being a growing tech trend, Trust Architectures will help in the fight against the future cybercrime.
  • Future of Hyper-connectivity: IoT will be virtually in every device by ~2050, meaning super computing power and hyper connectivity needed, which will be provided by Laser Communications technologies & interconnected satellites.
  • Next-Generation Computing Power: shifting from CPU to GPU (or even DPU offloads) will be an ancient topic around ~2040, as real quantum computing will help us find answers to problems that have bedeviled science and society for centuries.
  • Coding 2.0: this is my personal favorite, as I look back to my early career days ​ – from ~2030 on, we’ll start to see the new coding platforms, where artificial intelligence codes, and you just watch for debris and deviations. Welcome to software 2.0! —or whatever you want to call the workstation of the developer of the future.
  • True integration of Artificial Intelligence & Robotics: Just imagine, self-replicating nanorobots​ that can do the dirty work in several critical circumstances; from medical emergencies to space exploration, from extreme farming to rescuing people.
  • Clean Tech: of course, energy will always be a concern to the new coming world, and here Kubernetes is a protagonist and an early-adopter with its super energy-efficiency environments, it will help companies to meet net-zero and ESG standarts.

How Telefónica Tech backs VMware technologies and promotes co-innovation projects

Emilio Moreno, Product Manager at Telefónica Tech, during our presentation at VMware Explore Europe 2022

Telefonica Tech has a huge wallet of distinct customers in the multi-cloud world and is a leader in digital transformation of our B2B customers, recognized by Industry Analysts’.

Partnering with VMware is key not only to our projects with end-users, but also to the internal use of VMware technologies inside our house to build the best Managed Services we possibly can. As we’ve been doing since many years ago, when Telefonica firstly adopted VMware solutions in our VDC core and edge computing nodes.

Stay tuned for more about the Telefonica Tech & VMware new roadmaps of products and co-innovation projects. If you’re a customer, reach out to us to learn more about our multi-cloud orchestration SKUs running VMWare technology.

See you soon in the next VMware Explore ’23!

Telefónica Tech
Telefónica Tech

Telefónica Tech is the leading company in digital transformation. The company offers a wide range of services and integrated technological solutions in Cyber Security, Cloud, IoT, Big Data and Blockchain.

Cyber Security Weekly Briefing, 26 November – 2 December

Telefónica Tech    2 December, 2022

Urgent update to Chrome to prevent the eighth 0-day of 2022

Google has released an urgent security update for Chrome to prevent exploitation of the eighth 2022 0-day in the browser. The release patches vulnerability CVE-2022-4135, a stack overflow issue.

This type of vulnerability allowed an attacker to execute arbitrary code. Google became aware that the vulnerability was being actively exploited by malicious actors, so it released the patch just days after its Threat Analysis Group team discovered the vulnerability.

The company has declined to provide details of the problem until users have had time to apply the patch to prevent its exploitation from spreading.

Chrome users are advised to update to version 107.0.5304.121/122 for Windows and 107.0.5304.122 for Mac and Linux, which fixes CVE-2022-4135.

More info

* * *

Data of 5.4 million Twitter users exposed

Security researcher Chad Loder posted on Twitter that a database containing 5.4 million entries was currently being shared for free on a forum on the dark web, and that it collected both public (usernames, IDs, followers, location, biography, etc.) and confidential (phone numbers and email addresses) information on users of the social network itself.

After the publication, Twitter suspended Loder’s account, so he shared the information through Mastodon. According to Loder, this database is the same one that was offered for sale in July and was obtained by exploiting a (now patched) vulnerability in Twitter’s API that allowed an attacker to learn the account associated with phone numbers or email addresses.

When the sale of the database came to light, Twitter acknowledged the authenticity of the database.

More info

* * *

Phishing ring that defrauded 12 million euros broken up in Spain

The Spanish National Police has issued a statement reporting the success of an operation that has led to the dismantling of a criminal group that had defrauded a total of almost 300 victims of more than 12 million euros by phishing.

The six people arrested in Madrid and Barcelona have been charged with alleged membership of a criminal organisation, fraud, money laundering and usurpation of civil status.

According to the police statement, the investigation began with the complaint of a Spanish bank for a case of phishing in which it was being impersonated by criminals, who offered through these fake websites financial operations of equities, cryptocurrencies and contracting of financial products to French customers.

The police have not made public the malicious URLs used by the criminal organisation.

More info

* * *

Three vulnerabilities in industrial products from Festo and Codesys

Forescout researchers have discovered three vulnerabilities in industrial automation products from the companies Festo and Codesys. The most critical of the three is vulnerability CVE-2022-3270 which, pending publication at NIST, Forescout has preemptively given a CVSS score of CVSS 9.8.

The flaw lies in Festo PLCs and would allow an unauthenticated attacker to take control of the device or achieve a denial of service (DoS). Vulnerability CVE-2022-4048, which Forescout has scored with a CVSS 7.7, affects Codesys V3 products and is a weak coding issue that would allow an attacker to logically manipulate the product. F

inally, vulnerability CVE-2022-3079, with a CVSS 7.5, allows an unauthenticated attacker to remotely access critical functions of the product website and could allow a denial of service.

At this time, no patches have been released for these vulnerabilities.

More info

* * *

Google’s research on the Heliconia framework

Google’s Threat Analysis Group (TAG) has published the results of an investigation into an exploitation framework targeting already patched vulnerabilities in Chrome, Firefox and Microsoft Defender that could deploy a payload in affected devices, in particular spyware.

Google researchers became aware of this framework through an anonymous submission to its Chrome bug-reporting program.

It contained three bugs, with instructions and a source code file.

  1. “Heliconia Noise” allows deploying an exploit for a Chrome renderer bug followed by a sandbox escape.
  2. “Heliconia Soft” deploys a PDF containing a Windows Defender exploit.
  3. “Heliconia Files” contains a set of Firefox exploits for Windows and Linux.

According to Google, although no active exploitation has been detected, the vulnerabilities were most likely exploited as 0-days before remediation in 2021 and early 2022.

It should also be noted that Google has been able to trace the origin of this exploitation framework Heliconia thanks to the analysis of the source code, being able to link its development to the Barcelona-based company Variston IT, a provider of security solutions, according to the information on its website.

More info

LPWA and 5G networks enable new IoT solutions

Nacho Palou    30 November, 2022

LPWA and 5G networks enable the interconnection of millions of objects and IoT (Internet of Things) devices such as connected sensors to send captured or generated data to Cloud platforms where this data is managed and processed.

Thanks to these networks, IoT technology offers new business opportunities in multiple sectors or enables efficient management of resources such as water or energy, among other use cases.

What is LPWA connectivity

Low-Power Wide-Area (LPWA) networks and 5G connectivity are key to the mass adoption of IoT solutions. Both connectivities are complementary and enable the mass use of connected IoT devices when thousands of them concur in a limited area, such as in a smart building or connected factory, and up to millions of IoT devices in the same geographical area, such as a city.

LPWA connectivity stands out for:

  • Low power consumption, which guarantees the autonomy of IoT devices for as long as 10 years or more even when running on batteries.
  • Long range, allowing sensors and actuators to be installed in remote locations or difficult to access terrain, such as crops in rural areas.

LPWA also has a high penetration capability in case of physical obstacles, both indoors (such as basements or garages) and outdoors.

Another key aspect is that the cost of the hardware required to connect IoT devices to LPWA is relatively low, which makes it cheaper and simpler to deploy and provides an additional driver for mass adoption of IoT solutions.

  • An important difference between LPWA and 5G is that LPWA, unlike 5G, is not designed to transmit large amounts of data, such as that needed to make a voice call or stream video.
  • In contrast, LPWA is very efficient and gives connected devices the ability to send small data sessions for years; such as measurements of water consumption, soil moisture or temperature or gas pressure, to name a few examples.

Therefore, as we say, LPWA and 5G are complementary connections and both play a key role in the mass adoption of IoT.

NB-IoT, the LPWA and 5G connectivity from Telefónica Tech

Telefónica Tech is committed to providing IoT technology with robust, secure, and efficient connectivity through two communications technologies that fall under the umbrella of LPWA and 5G communications:

  • NB-IoT (Narrow Band-IoT) for mass deployment of sensors, meters or IoT telemetry.
  • LTE-M (LTE for Machines) for uses requiring mobility, such as fleet management.

Both connections support 5G and LTE and benefit from features such as end-to-end security and authentication offered by LTE, among other advantages.

New business opportunities using Internet of Things (IoT)

Nacho Palou    29 November, 2022

Internet of Things devices and sensors enable the sensorisation of the environment, the fusion between the real world and the digital world. Thanks to IoT, smart devices generate a large amount of data that can be captured and processed with technologies such as Cloud, Big Data and Artificial Intelligence, allowing better decisions to be made and connected objects to act automatically and accurately, without the need for human intervention.

The development of technology has always revolutionised the business sector in one way or another. In the case of the Internet of Things, its use in the internal organisational aspect of companies can be a revolution when it comes to optimising work, production or processes.

The connectivity provided using IoT devices linked to Cloud platforms makes it possible to create new business models, products and services, and market strategies. In the business world, this also brings benefits such as optimising the use of assets, improving the customer experience, saving on operating costs and creating jobs

IoT devices generate a wealth of information that can be captured and processed with technologies such as Cloud, Big Data and Artificial Intelligence, helping to make data-driven decisions.

On the one hand, this technology allows companies to know what their weaknesses and strengths are, as they know their customers’ activity and even their interests, due to the data provided by this type of device. The advantage of this is that the company can adapt the products or services offered to the specific needs of each customer. In addition, it also makes it possible to analyse the strengths and weaknesses of the employee in order to make the most intelligent decisions and distribute the work in the most efficient way.

The remote monitoring provided by IoT reduces operating costs by automating internal and external processes. It also enables the redeployment of available resources in a way that is more consistent with business objectives.

Smart football stadiums: the world’s greatest show, made even better

Examples of IoT technology in industrial and business environments

IoT technology, in combination with technologies such as Big Data and Artificial Intelligence, depending on the needs and characteristics of each organisation, is already being used successfully in different market sectors, such as:

  • Logistics: The installation of a connected device in a company’s distribution vehicles provides real-time information on the use and status of the vehicle and its precise location at all times thanks to the GPS system. This enables the optimisation and protection of personnel, vehicles and cargo and the optimisation of delivery routes. The logistics of the companies are also improved, as the coordination with distributors and suppliers’ benefits.
  • Agri-food: The use of connected IoT sensors and actuators in the agriculture and livestock sectors enables improved productivity, efficiency and decision-making processes based on data captured by sensors and machinery that make up the value chain to form smart agriculture. The data collected will allow production models to be updated more frequently, shortening planning and improvement cycles, while historical data will allow trends, patterns and opportunities for improvement to be understood with lessons learned and combined with information captured by moisture sensors, soil, satellite and drone imagery
  • Tourism: it allows both public and private entities to have a complete view of the anonymised behaviour of tourists, allowing them to anticipate their needs and adapt to their demands and preferences, as well as to provide and improve the tourism offer.
  • Healthcare: there are major challenges facing the healthcare sector, in particular the ageing population and demographic growth, which make it necessary to seek efficiency in the delivery of healthcare services, while maintaining economic sustainability and offering a better patient experience.
  • Industrial: IoT sensors can capture information from any process and turn it into value through the application of Big Data and Artificial Intelligence. LPWA and 5G Narrow Band (NB-IoT) wireless connectivity enables wireless and connected factories, improving employee productivity and safety, savings and efficiencies from IoT sensor data analytics, predictive maintenance for rapid response and planning, augmented reality environments and digital twins.
  • Energy and utilities: IoT enables smart management of essential resources such as water, energy and gas, as well as technical infrastructures for greater operational efficiency and reliability of a large part of their processes, which in turn allows for a reduction in environmental impact and the development of new business models.
  • Retail: to ensure a better, personalised and homogeneous shopping experience across all channels and to differentiate from the competition. Some of the main trends in the sector include localisation and hyper-personalisation in the shopping experience, the improvement of the physical shop experience and commercial spaces, the transformation of certain locations or points of sale into distribution centres and home delivery service to satisfy online sales.

A good example of what IoT can offer to make business environments more efficient and productive.

The big challenge facing companies that implement IoT technology is the control and management of this type of technology, employees must be trained to know the functions of these new devices in order to make the most of them and ensure that there are no errors in their use.

In this way, the installation of this technology also means the creation of new jobs. In fact, new courses and master’s degrees specialising in the operation of IoT are gradually being established.

All this without losing sight of the main objective: to facilitate the daily lives of the people involved in the different processes. After all, the human being is at the heart of digitalisation and IoT transformation.