6 common mistakes when quoting for a Cloud project

Roberto García Esteban    10 October, 2022

There is no doubt that Cloud Computing technology brings with it enormous opportunities for companies, but its financial particularities need to be well understood.

Traditionally, the IT model was about “owning” resources, whereas in the Cloud, the focus has shifted to “consuming” resources. This paradigm shift means that some companies make mistakes when designing and budgeting their Cloud projects, which limits them from getting the most out of the technology.

Here are some of the most common mistakes:

  1. Focusing on short-term results while neglecting long-term benefits. In the pursuit of immediate results, many companies focus on the immediate benefits of moving to the Cloud, such as savings on hosting or maintenance costs, while neglecting other longer-term benefits such as the ease of launching new services or the ability to innovate more quickly.

    Capturing these longer-term benefits sometimes requires greater investment than the short-term benefits, but it nevertheless pays to take the longer-term view
  2. Use of CAPEX instead of OPEX. Cloud services are operational expenditures (OPEX) because companies pay only for the resources they use, whereas a traditional IT model uses capital expenditures (CAPEX) that involve long-term financial planning.

    Companies therefore need to estimate as accurately as possible when and how much their daily use of Cloud resources will increase and have the operational budget for this, even if they can then reduce it when it is no longer needed.
  3. Estimating Cloud resource spending based on historical factors alone: As organisations make the leap from the CAPEX investment world of the traditional IT world to an OPEX model of the Cloud world, historical investments become a less accurate indicator of future Cloud spending.

    This is a problem when allocating budgets for Cloud migration projects and can result in up to 20% deviation between forecast and actual Cloud spending.

    The key to better budget forecasting is to link it to business needs rather than past IT investments. For example, if the company is planning a big Black Friday promotion, they will probably have a spike in demand during Black Friday that they may not have had in previous years.

    The same can be said if they are considering a business model change or launching new products that take advantage of the flexibility provided by Cloud Computing.
  4. Assume that all Cloud services have similar cost savings. The elasticity and scalability of the Cloud is economically ideal for workloads with varying patterns of resource consumption.

    However, enterprises sometimes fail to differentiate savings by workload, assuming that the savings from moving compute capacity to the Cloud will be the same as migrating storage when in reality, not all Cloud workloads have the same cost and therefore the same savings versus traditional models.

    Simplifying the cost savings model can lead to errors in project quoting.
  5. Estimate higher than the actual Cloud usage. When building the business case for a Cloud project, companies often assume optimistic levels of Cloud services usage. This over-inflates projected savings despite the Cloud’s ability to dynamically scale resource usage to meet application demand.

    High service usage rates depend, at least in part, on an architecture capable of supporting them, and companies’ financial plans are often not aligned with the needs to adapt their service architecture.
  6. Uploading everything to the Cloud. Some companies make a radical leap to the Cloud, uploading virtually all their workloads, even when it is unnecessarily costly.

    There are workloads that can remain in legacy environments without problems because moving to the Cloud does not bring significant savings for enterprises either.

All of these mistakes highlight the need for companies to adapt their traditional financial models when considering a migration to the Cloud, otherwise they risk making the wrong financial decisions.

To get the most out of Cloud services, it is crucial to budget projects accurately and to be aware of the occasions when they do not bring a significant benefit compared to traditional models, which also exist.

Cloud market trends until 2025
Leave a Comment on 6 common mistakes when quoting for a Cloud project
Roberto García Esteban
Roberto García Esteban

Ingeniero de Telecomunicaciones por la UPM, diplomado en Administración y Dirección de Empresas en la UNED y MBA Executive por el Instituto de Empresa. Actualmente trabajo como Product Manager de servicios cloud en Telefónica Tech. Soy muy futbolero (por supuesto, del Real Madrid ), si bien me gusta seguir y practicar todo tipo de deportes (es fácil que me veas en una carrera popular por las calles de Madrid). Aunque mi verdadera pasión es disfrutar de una buena conversación con mis amigos o mi familia.

Cyber Security Weekly Briefing, 1 — 7 October

Telefónica Tech    7 October, 2022

Lazarus targets Dell via new FudModule rootkit 

ESET researchers have reported a new Lazarus campaign targeting a Dell hardware driver using a new rootkit called FudModule. The rootkit uses a technique called bring your own vulnerable driver (BYOVD) to exploit a vulnerability in a Dell hardware driver for the first time.

This technique, known as BYOVD, happens when malicious actors load legitimate, signed drivers into Windows that have known vulnerabilities. The campaign, aimed at espionage and data theft, was conducted via spear-phishing from autumn 2021, affecting targets in the Netherlands and Belgium.

The malicious emails sent were presented as job offers, and deployed malware loaders (droppers), and customised backdoors. The most notable tool was a user-mode module that gained the ability to read and write kernel memory due to vulnerability CVE-2021-21551.

This vulnerability affected a legitimate Dell hardware driver (“dbutil_2_3.sys”) and has remained exploitable for 12 years until the manufacturer has issued security updates to fix it. 

More info

​* * *

Evolution of the Bumblebee malware 

Checkpoint researchers have published a study highlighting the constant evolution of this malware, which was discovered earlier this year. Checkpoint outlines several features that confirm the constant changes brought about by Bumblebee.

These include the input vector used for distribution, most commonly injecting a DLL into an ISO file, however, this has been modified in the past by using a VHD file and has again reverted to ISO delivery via malspam campaigns.

As a result, the researchers note the inclusion of checking mechanisms in sandbox environments, to prevent malware analysis. It is also estimated that, until last July, Bumblebee’s Command & Control (C2) servers only accepted one infected victim on the same IP address, i.e., if several computers in an organisation accessing the internet with the same public IP are infected, the C2 server only accepted one, but now they can communicate with multiple infected systems on the same network.

Finally, the researchers indicate that it is very likely that, depending on the network characteristics of the infected system, in later stages Bumblebee will deploy stealers or more complex post-exploitation tools such as CobaltStrike. 

More info

​* * *

Critical vulnerability in the PHP package repository Packagist 

The Sonar team has published the discovery of a new critical vulnerability affecting Packagist, the official package repository used by Composer, the world’s largest PHP package manager.

The security flaw, listed as CVE-2022-24828, CVSS of 8.8, allows arbitrary commands to be executed on the server running the Packagist instance. An attacker could exploit this vulnerability to modify the information in existing PHP software packages, even changing the download path of the packages.

This type of attack is known as a supply chain attack, one of the most effective techniques. According to the researchers, of the two billion component downloads that are performed with Composer per month, approximately 100 million of these require the metadata provided by Packagist.

The vulnerability was fixed immediately in an update in Composer versions 1.10.26, 2.2.12 or 2.3.5 

More info

​* * *

ProxyNotShell: Bugs and fixes for Exchange vulnerabilities 

The Microsoft team has made publications about the vulnerabilities in Microsoft Exchange Server, classified as CVE-2022-41040 and CVE-2022-41082 although no patches have yet been released to fix these flaws.

Pending such patches, Microsoft published a script to apply mitigations based on URL rewriting that, as published by some researchers, could be bypassed. In response, Microsoft corrected these temporary mitigations whose conditions, however, have been called into question again after researcher Peter Hiele demonstrated that one of them, string filtering in URI identifiers, did not consider the character encoding, which made Microsoft’s measures do not work.

This discovery was confirmed by other researchers, which has led to Microsoft once again having to correct its mitigations. In addition, researcher Kevin Beaumont pointed out that Microsoft’s vulnerability disclosures are focused on protecting on-premises servers, leaving out those in hybrid configurations.

In the meantime, attempts to scan for systems vulnerable to the flaws, known as ProxyNotShell, have been detected from IPs identified as malicious. Finally, the first attempts to sell exploits for the vulnerabilities via the GitHub platform have begun to be recorded.

However, these exploits are turning out to be fake, constituting scam attempts in exchange for high sums of money in cryptocurrencies without the code being used to exploit ProxyNotShell. 

More info

​* * *

Newly published vulnerability in macOS 

Apple software analysis firm Jamf has published details of an investigation by its researcher Ferdous Saljooki on a vulnerability affecting the macOS operating system.

The flaw lies in the Archive Utility function, which could allow unauthorised and unsigned malicious applications to run, bypassing all the protections and warnings that Apple usually includes. This is because the Archive Utility does not add the Apple-designed quarantine tag to files when trying to unzip files with two or more folders or subfiles in their root directory.

Quarantine tags are normally included by the system when trying to run software that is untrusted or does not give information about its developer and causes it to undergo scanning and the user has to manually authorise it to prevent the installation of unwanted programs.

Attackers could execute malicious software without the victim’s control due to the absence of these labels. The vulnerability has been given the identifier CVE-2022-32910 and, although it was patched by Apple in bulletins in May and July, it has only become known in the last few days. 

More info

How to build a Smart City: with IoT and Big Data

Olivia Brookhouse    5 October, 2022

A smart city is defined as a high-performance urban environment, where the aim is to optimize the use of resources and access to services.

Smart cities take advantage of technological innovations to improve essential aspects of our quality of life. Factors such as intelligent sensors, connectivity, access to data and cloud applications, which can be grouped within the areas of IoT and Big Data, are key to enabling the implementation of services.

Urban mobility also benefits from the combination of traditional transport systems, modern information technology platforms and the analysis of large volumes of data.

Most notably, transport is one aspect that can benefit from the use of devices with mobile connectivity.

In-car connectivity and access to real-time information allows for a more efficient use of the transportation system.

As we connect our devices and begin to leverage data, we are discovering the capabilities of smart cities.

Key factors for the sustainable development of a Smart City

Online access to information systems, e-government processes and digital citizenship are among the distinctive components of an intelligent city.

E-government, or e-administration, is the use of information and communication technologies (ICTs) to improve government management services. Digital citizenship refers to the process of education, skills development and behavioural norms required by citizens to have adequate access to ICT.

These three components make our lives easier, with benefits such as faster access to services, reduced paperwork and bureaucratic costs.

The smart city components are complemented by technologies aimed at improving sustainability, such as electric vehicles and efficient public transport systems.

Ecosystem of a Smart City

In addition to technological innovations, it is also essential to create an ecosystem for the development of a smart city that includes:

  • Continued incorporation of public-private partnerships.
  • Exchange with universities, research centres and information and communication technology (ICT) companies.
  • Support for digital innovators, entrepreneurs, start-ups and companies that develop cutting-edge technological solutions for citizen and management problems.
  • Constant investment in research and development (R&D).
  • Trained human resources, innovative and entrepreneurial culture.
  • Connectivity and mobility based on access to networks and the Internet of Things (IoT)
  • Management based on open data and analysis of large volumes of data (Big Data).

Electric vehicles in Smart Cities

The goal of technology is to improve our quality of life. That is why measures such as the use of electric vehicles and intelligent public transport systems have been implemented in the cities and have generated positive changes such as:

  • Reduction in the emission of pollutants into the environment, in sonic pollution and in heat emissions
  • Reduction of fuel consumption, in particular of non-renewable resources
  • Introduction of sustainable public and private transport systems

Other advantages of electric vehicles:

  • They do not require the construction of new road systems since they take advantage of the existing road infrastructure with some adaptations.
  • The maintenance expenses of an electric car are lower because they require fewer spare parts and components. Furthermore, they do not require oil or lubricant change services because they do not require mechanical transmission.
  • Also, they have incorporated technological innovations that facilitate data exchange through their connectivity.
What does it take to become a top class Smart City?

Smart city and smart mobility: well-being thanks to connectivity

The advances in connectivity facilitate our daily mobility, due to more efficient transport services.

Smart mobility or Intelligent transport is transforming the way we get around in cities. It combines the benefits of using Artificial Intelligence and IoT to exchange data between users, vehicles, infrastructure and service platforms.

Traditional technologies and disruptive innovations combine to create smart mobility that offers the following benefits:

1. Sustainability

The development of sustainable mobility in intelligent cities focuses on promoting more environmentally friendly forms of transport. The following options stand out for their contribution to these characteristics:

  • Electric and hybrid vehicles.
  • Public transport systems using renewable energies.
  • Bicycles and motor-skates.
  • Shared transport.

Sustainability in eco-sustainable cities is also supported by improvements of infrastructure:

  • Recharging islands for electric vehicles and gas stations.
  • Connectivity of public roads
  • Incentives for the use of more energy-efficient vehicles.

2. Efficiency

The development of an interconnected platform contributes to the more efficient use of road infrastructure and transport systems. This platform includes sensors, constant monitoring and intelligent signaling systems that change according to traffic conditions.

Access to ICT applications and cloud services makes it easier for us to consult traffic conditions.

Another advantage of connectivity is to use road routes more efficiently and to know parking areas or nearby shops. Gaining access to this information through intelligent devices permits more efficient access to resources and services.

3. Cost reduction

Electric vehicles and car sharing reduce the cost of transporting people and goods.

One of the characteristics of a smart city is that it provides us with useful information to improve mobility. Apps, smart assistants and updated signage on the roads help us to reduce costs.

More efficient management of mobility resources based on real-time data helps to reduce travel time.

Another service that benefits from the combination of IoT, Big Data and cloud processing is the management of passenger and cargo transport fleets. Apps used by drivers and companies, together with IoT connected devices allow end-to-end tracking on journeys.

Smart city and GPS solutions: improving service delivery

Smart Cities have improved the delivery of services to their citizens by combining GPS solutions and mobility platforms.

These technologies are integrated into vehicles such as police cars, ambulances, transportation, collection trucks or repair crews and generate real-time data on location and coverage.

Valencia in Spain and San Nicolás de los Arroyos in Argentina are two cities that have been able to integrate new technologies within their traditional services

Valencia, Spain

In this city, a model of a European smart city, a unique real-time data management system has been implemented for transport, bicycle and traffic systems.

The information is not only useful for the city’s management teams, but can also be made accessible to citizens via a mobile app.

With the integrated use of GPS, IoT and Big Data analysis solutions, Valencia seeks to build an efficient and intelligent mobility system. The benefits include more efficient use of transport systems, communication routes, energy savings and improved quality of life for Valencians.

San Nicolás de los Arroyos, Argentina

In this city, near Buenos Aires, police patrol systems and waste collection trucks have improved community visits by integrating GPS solutions into vehicles.

Massive data is generated, which is collected, processed and analyzed for local administration to make more efficient decisions.

In San Nicolás de los Arroyos, they can locate in real time where their police squads are, and which communities have been patrolled. Also, they can ensure services run to their timetables in the community.

There are numerous examples of successful projects which include the integration of technologies such as GPS support, connectivity and the use of mobility data within Telefónica’s Smart City platform. Its implementation has resulted in concrete benefits: better service coverage, fuel savings for vehicles and more efficient and integrated use of resources in cities.

How Big Data helped Stuttgart improve commutes and tackle Climate Change

Smart City Success Stories

According to the IESE Cities in Motion Index (ICIM) from the University of Navarra’s (Spain) Business School (IESE, 2018), the five cities with the best indicator in the “mobility and transport” dimension in 2018 were

  1. Paris, France.
  2. London, United Kingdom.
  3. Seoul, South Korea.
  4. New York, United States.
  5. Shanghai, China.

In Spanish Speaking countries, the following cities stand out in terms of transport:

  1. Madrid, Spain.
  2. Barcelona, Spain.
  3. Valencia, Spain.
  4. Buenos Aires, Argentina.
  5. Santiago, Chile.
  6. Panama, Panama.
  7. Bogotá, Colombia.

1. Paris

The city of Paris ranks first in mobility and transport in the ICIM index for its efficient and comprehensive metro system. Strategies implemented in the city include:

  • Use of bicycle sharing or free access bikes.
  • High-speed trains.
  • Numerous airports.
  • Access to information with options for connectivity between public transport systems.

2. Madrid

The city council of the Spanish capital is developing the Madrid Green Capital programme, in which improvements in transport are an important element.

Promoted by the city council, the aim is to reduce pollution levels and carry out various activities in the framework of the Climate Summit (COP25).

To achieve more efficient use of transport and the promotion of clean technologies, the programme includes several strategies:

  • Economic incentives for the use of electric vehicles and carpooling.
  • Promotion of low polluting vehicles: electric, hybrid and gas powered, among others
  • Awareness of a transport culture based on sustainable principles and habits.
  • Articulation of sustainable urban mobility plans
  • The development of Mobility as a Service (MaaS)

3. Medellín and Bogotá

In the region, Colombia leads the market for electric car sales, above Mexico, Chile and Ecuador.

The incentives in Medellin and Bogotá for the use of these alternative technologies are based around the desire to become a benchmark example in Latin America of a Smart City.

Some incentives for the use of more environmentally friendly means of transport, such as electric and hybrid vehicles, are as follows:

  • Lower tax payments: lower payment of VAT from 2016, for example.
  • Payment of a lower tariff (between 0 % and 5 %).
  • Renewal of taxi, public transport and cargo fleets with the use of non-polluting energy.
  • The incorporation of ICTs, mobile networks, artificial intelligence and the Internet of Things in applications associated with public services and mobility is highly beneficial to those cities which incorporate them, such as Columbia. It is not just chance that Bogotá, Medellín and Cali are in the top 10 intelligent cities in the region.

Characteristics of cities with successful transport systems

The electric vehicle, autonomous transport systems, vehicle sharing and connectivity are key to mobility innovation in a smart city.

The incorporation of modes of transport that use renewable energies and encouraging citizen behavior changes makes the difference between cities.

Internet of Things and Big Data are two innovations that are changing the way smart cities improve their transport systems. Connectivity on a smart city platform also leverages the multi-dimensional benefits of IoT: easy access to the cloud, global connectivity and IoT ecosystems.

Connecting people, services, platforms, businesses, cities and society is what really matters. The Internet of Things is an enabler of digital transformation that offers endless possibilities for people and businesses. In addition to mobility and connectivity, it also improves the management of transport systems, resulting in more efficient cities and a better quality of life.

Cloud Computing is the future of the healthcare sector

Roberto García Esteban    4 October, 2022

Healthcare is a sector that is continuously generating a large amount of data. To put it in numbers, every year our National Health System manages 234 million medical consultations in primary care, 83 million hospital consultations, 23 million emergencies and 4 million hospital admissions…

Data and more data that should be stored, processed and analysed for two main purposes:

  • Build the medical history of each patient to provide a better service.
  • Facilitate critical public healthcare decision-making by aggregating (and, of course, anonymising) all data.

This last need has been well illustrated in these recent years of pandemic.

Healthcare data challenges

Healthcare data have several particularities and therefore certain challenges specific to them require to be solved.

Firstly, it is generated continuously (people go to the doctor every day) and comes from many different sources, from hospitals to the users themselves, who are increasingly connected and have advanced devices that allow them to provide a lot of relevant information.

Therefore, one of the main challenges is to implement scalable solutions to manage this BigData, which is why Cloud Computing seems to be the only viable option.

The aim is to achieve personalised and predictive medicine.

Another major challenge is that healthcare data can have many recipients: researchers, doctors, patients… and not everyone needs the same data presented in the same way.

They must also always be available to healthcare professionals, who may need to make use of them at any time of the 365 days of the year. The aim is to achieve personalised and predictive medicine, which is impossible to achieve without the management and processing of all the data provided by cloud technology.

Cloud market trends until 2025

Systems interoperability

Another problem to be solved is the interoperability of systems. If a person suffers a medical emergency outside their area of residence, it is essential to make their medical data available to the person treating them wherever they are.

Cloud technology makes it easier for patient data to be integrated into common platforms accessible to any healthcare professional.

Security is another fundamental point to take into account given the special sensitivity of healthcare data.

Given the particular sensitivity of healthcare data, security is another key consideration. There may be doubts about whether to use the public cloud or a private cloud, because of the security concerns that may exist with respect to the public cloud.

However, today the big players in the public cloud market have such secure solutions that security should not really be an issue.

Adoption of Cloud technology in the healthcare sector

The current situation is that, despite the advantages of Cloud, its adoption is still far from massive in the healthcare sector.

According to the report by the consultancy firm Quint “The current state and future of Cloud Computing in the healthcare sector”, the main barriers to the adoption of Cloud Computing in this sector are regulatory compliance, cultural limitations of the business, hidden costs and the amortisation of on-premises infrastructure.

These last two barriers are particularly significant in the healthcare sector compared to other sectors.

Cloud Computing as a key player in the future of the logistics sector

Conclusion

In conclusion, healthcare organisations are facing a major change in the coming years. According to the aforementioned Quint report, 43% of healthcare organisations plan to increase their IaaS and PaaS budgets by more than 20% in the next twelve months, while 14% will increase their SaaS budgets in the same period, a lower percentage given that SaaS is already widespread in the healthcare sector, accounting for more than 25% of all IT spending for almost a third of organisations.

Therefore, healthcare organisations will move in the next few years from using the Cloud primarily to store data to using the technology to analyse data, reduce costs and improve patient care.

Cloud is not a fad, not in this sector either, but is here to stay and to transform business processes, despite the very special characteristics of healthcare data that have so far slowed the adoption of Cloud solutions in this sector compared to other sectors.

Leave a Comment on Cloud Computing is the future of the healthcare sector
Roberto García Esteban
Roberto García Esteban

Ingeniero de Telecomunicaciones por la UPM, diplomado en Administración y Dirección de Empresas en la UNED y MBA Executive por el Instituto de Empresa. Actualmente trabajo como Product Manager de servicios cloud en Telefónica Tech. Soy muy futbolero (por supuesto, del Real Madrid ), si bien me gusta seguir y practicar todo tipo de deportes (es fácil que me veas en una carrera popular por las calles de Madrid). Aunque mi verdadera pasión es disfrutar de una buena conversación con mis amigos o mi familia.

How digitalisation makes it possible to accurately identify and meet the needs of an organic cherry farm

Nacho Palou    3 October, 2022

Before tackling the digitalisation of their organic cherry orchard, the Vicente brothers, the caretakers of the Frutas Mifra cherry farm, had to ride around the entire farm on a quad bike to open, close, check for leaks and supervise all the irrigation valves. Almost 40 valves in total had to be opened and closed by hand, one by one, then monitored to keep track of the amount of water reaching each tree.

A laborious task that required time, effort and energy: Frutas Mifra’s cherry orchard, located in the region of Codos, Zaragoza, is extensive, with a significant slope and has areas of difficult access that complicate the care of the fruit.

Now all this process is carried out remotely, from the farm’s office or from the mobile phone. This enables them to know at all times and attend to the changing needs detected by the connected sensors from anywhere, “even while you are doing other business, attending to personal matters or working on other tasks in the field”, the Vicente brothers explain in the following video:

English subtitles available

Connecting farmers to data

This remote management is possible thanks to the use of IoT sensors and actuators and 5G Narrow Band connectivity (NB-IoT networks) to configure a smart irrigation system that allows accurate control of the amount of water reaching each cherry tree, which is key to determining the taste of the fruit. Smart irrigation also detects over- or under-watering due to terrain, soil condition, weather or due to leaks and losses.

Frutas Mifra uses the technological solution resulting from the partnership between Spherag and Telefónica Tech to have a better knowledge of what is happening on its farm.

Thanks to this knowledge, each cherry tree can be supplied with the water it needs to achieve a harvest of organic cherries with the quality and quantity demanded by customers in Abu Dhabi, Germany, Spain and France.

Organic cherry growing requires attention, time and resources. Each tree is exposed to external factors that are difficult to predict, such as weather, and needs careful care day and night, every day. This is particularly important during the months between blossoming and the delicate period of fruit set until harvesting. This is the only way to achieve a bountiful harvest of perfect cherries.

How can we bring IoT closer to the rural world?

Going digital for a more efficient, sustainable and competitive agriculture

Agriculture is a strategic sector exposed to numerous challenges: population growth, scarcity of water and generational replacement, rising costs of energy and fertilisers, nutrients or pesticides, loss of competitiveness, …

On top of this, there is the growing impact of the loss of arable land and weather anomalies resulting from climate change.

According to Ecologistas en Acción, agriculture contributes up to a third of the total greenhouse gas emissions – between direct and indirect emissions – to the process of climate change.

According to FAO, agriculture will need to produce almost 50% more food, fibre and biofuels than in 2012 to meet global demand by 2050

How digitisation is helping the agricultural sector to become more resilient and adapt to climate change

For all these reasons, agriculture urgently needs to address its digital transformation process in order to:

  • Increase productivity and shorten crop cycles to meet demand, save costs and be more competitive.
  • Make efficient use of scarce resources such as water and reduce the use of fertilisers and pesticides to make crops more sustainable and environmentally friendly.
  • Save energy and fuel in the production, supply and logistics chain to reduce costs and greenhouse gas emissions.

According to CaixaBank Research, the agricultural sector in Spain uses more than 82% of water usage

In this sense, new generation digitalisation technologies such as IoT (Internet of Things) devices and sensors, drones, 5G connectivity or Big Data and Artificial Intelligence, among others, already make smart and precision agriculture possible in most of the crop cycle.

The overall use of these technologies already makes it possible to:

  • Have a better understanding of the state of crops thanks to Artificial Intelligence and the combined use of data captured by IoT sensors and other sources of information, such as weather forecasts or aerial, satellite or drone images to anticipate and know what is always happening in the field.
  • Incorporate useful and valuable data in decision-making and have powerful agronomic management tools to prevent pests or diseases in the crop and reduce the use of pesticides, fertilisers and water by applying resources precisely and selectively.
  • Act with agility and adapt production processes to better manage economic, material, human and environmental resources, to increase yield and operational efficiency and to react to unforeseen events and sudden changes in the environment.

Photo: Mae Mu / Unsplash

Cyber Security Weekly Briefing, 24 — 30 September

Telefónica Tech    30 September, 2022

Two 0-day vulnerabilities exploited in Microsoft Exchange

The Vietnamese cybersecurity team GTSC reported two 0-day vulnerabilities in Microsoft Exchange three weeks ago through the Zero Day Initiative (ZDI) that are reportedly being actively exploited by threat actors.

Chaining both security flaws together would allow an attacker to remotely execute code (RCE) on compromised systems. Registered as CVE-2022-41040 and CVE-2022-41082, the first vulnerability consists of a server-side request forgery (SSRF) allowing an authenticated attacker to remotely trigger and exploit the second vulnerability.

According to the researchers, active campaigns have been detected making use of the 0-days pair for the implementation of the popular web shell, China Chopper, on vulnerable servers. Once the system is compromised and persistence is achieved, the malicious script will collect information and move laterally to other systems in its victims’ networks.

Microsoft currently recommends considering implementing a temporary mitigation that would block attack attempts by adding a new rule in IIS via the URL Rewrite Rule module.

More info

* * *

Critical vulnerability in Sophos Firewall actively exploited

Sophos has reported the discovery of a critical vulnerability affecting the Sophos Firewall User Portal and Webadmin which would allow an attacker to perform remote code execution (RCE).

The security flaw, listed as CVE-2022-3236 with a CVSS of 9.8, is reportedly being used in campaigns primarily affecting organisations in the South Asia region, which have already been reported, the company said. Sophos has released fixes to address the vulnerability, which affects Sophos Firewall v19.0 MR1 (19.0.1) and earlier.

Sophos Firewall applies the new versions by default without any action required from customers, users without this default setting enabled will need to manually upgrade to the new version. If this is not possible, the company advises disabling WAN access to the User Portal and Webadmin.

More info

* * *

Chaos: Versatile GO-based malware

Researchers at Black Lotus Labs have released a statement with information about the Chaos malware, a new multi-functional GO-based botnet that is experiencing rapid expansion in recent months.

First detected in April, Chaos is developed for Windows and Linux devices, with the ability to infect various types of architectures, has capabilities to perform DDoS attacks, cryptomining, establish persistence and propagate automatically, either by brute-force on private SSH keys or using stolen SSH keys.

The malware has been associated with a Chinese threat actor, given the language in which it is written and the use of a Chinese-based command-and-control (C2) infrastructure.

Although the victims of its attacks tend to be European, the bots are also being distributed across devices in the Americas and Asia, targeting a wide range of industries, as well as devices and systems not so closely linked to a business environment, such as SOHO routers, or the FreeBSD operating system.

More info

* * *

New malware on VMware ESXi with backdoor capabilities

The Mandiant research team has discovered a new malware family targeting VMware system and aimed at installing multiple persistent backdoors on ESXi hypervisors. Mandiant links its discovery to the threat actor tracked as UNC3886, which appears to have focused on developing and deploying malware on systems that do not normally support EDR.

The detected malware currently targets VMware ESXi, Linux vCenter servers and Windows virtual machines, and would allow transferring files between hypervisors and guest machines, modifying registries and executing arbitrary commands between virtual machines.

It would also allow persistence as an administrator on infected systems by installing backdoors, named by researchers as VirtualPita and VirtualPie, via malicious vSphere installation packages (“VIBs”).

More info

* * *

​WhatsApp fixes critical 0-day vulnerabilities

Over the last few days, it has come to light that WhatsApp has fixed two 0-day vulnerabilities affecting Android and iOS versions that have received a CVSS rating of up to 9.8, making them critical. Both flaws, CVE-2022-36934 and CVE-2022-27492, would allow attackers to execute arbitrary code remotely.

The first one is an Integer overflow vulnerability that allows code execution via a video call without the need for user interaction, by exploiting bugs in the Video Call Handler component code and is present in WhatsApp versions prior to v2.22.16.12.

The second one is an Integer underflow flaw that, on the contrary, does require user interaction. The attacker will send a manipulated video file via WhatsApp that will allow the manipulation of Video Call Handler components and will cause additional memory corruption bugs.

The versions of WhatsApp affected by this vulnerability are versions prior to v2.22.16.2 on Android and v2.22.15.9 on iOS. There are currently no known active attempts to exploit both flaws.

More info

AI of Things (X) 10-minute delivery: how Artificial Intelligence optimises delivery routes

Javier Coronado Blazquez    29 September, 2022

Nowadays, speed and immediacy is a necessity for almost any company, especially for those in the logistics sector dedicated to the transport and delivery of goods. Due to the high volume of orders, it is essential to try to optimise the entire process, including physical delivery, and even react in real time to possible unforeseen events. This is possible with the Artificial Intelligence of Things (AIoT) platform, which combines Big Data and Artificial Intelligence.

Analytics as a planning tool

How many times have we taken the car and found ourselves stuck in an unexpected traffic jam in the city? Especially during rush hour or if there is an event in the area, it is quite possible that a 10-minute drive can turn into a frustrating half-hour give-and-take.

Now imagine that instead of going from point A to point B, we have to constantly move around the city, as would be the case for a transport company delivering goods. In this situation, possible delays would accumulate successively, seriously affecting our logistical planning.

We could fantasise about imitating films such as the remake of The Italian Job (2003), where, in order to get through the city in the shortest possible time, they hack the traffic lights so that they can turn green when we need them to. The dark side of this idea is also found in cinema: in The Jungle 4.0 (2007), a cyber-terrorist paralyses several cities by turning all the traffic lights green simultaneously, creating hundreds of accidents.

Optimizing delivery routes with Smart Mobility

While remaining within the law, there are different ways to try to optimise our routes, both in real time and for predicting possible delays, with so-called Smart Mobility. The first step if we want to work in real time is to sensor our delivery fleet, with the so-called Internet of Things (IoT).

With IoT sensors, the entire fleet status is always known and any incidents can be traced in real-time

In general, these sensors are simply and non-invasively connected to the vehicle’s OBD (On-Board Diagnostics) connector. In this way, we can know the status of our entire fleet at all times and have full traceability. If a delivery vehicle deviates from the route, runs out of battery, suffers a breakdown or exceeds the maximum speed, the system will send an immediate alert.

In recent years the costs of this IoT infrastructure have been drastically reduced. Today, the sensors themselves, the network connection and the information processing platform are very affordable at the enterprise level, with packaged solutions from leading cloud service providers.

Real-time tracking and tracing of all shipments

All this, moreover, with the highest standards of security and privacy, using technologies such as Blockchain. With this, we can have real-time tracking and tracing of any goods on their route, including environmental conditions (humidity, temperature, pressure, vibrations, etc.) with alerts if certain parameters are exceeded, as well as detecting possible tampering or opening.

The next challenge is to plan the route for each of these delivery vehicles. This is made possible by combining IoT and Artificial Intelligence (AI) in the Artificial Intelligence of Things (AIoT) platform. By combining IoT sensor data with advanced AI analytics, economic, operational and energy factors will be taken into account to increase operational efficiency.

The optimal route (i.e., the one with the shortest time/fuel consumption) does not necessarily have to be the shortest distance. For example, if tolls exist, the route with the lowest overall cost may be one that involves taking a small detour to avoid using the toll road. When assigning deliveries to the different vehicles and determining the best route, the AI will consider parameters such as the combination of packages to be delivered, delivery or collection times, product characteristics, load volume, vehicle type and information from its sensors, etc.

Since artificial intelligence makes decisions based on more information, the better predictions it can make with more quality data.

All this data is internal, i.e., information generated by the company itself. However, we can enrich it by incorporating external sources. This new knowledge can be critical when planning our route. In general, the more data we have (as long as it is relevant and of good quality), both in variety and extent, the better the prediction the AI can make, as it will use more information to make its decisions.

For example, we can add weather information, to predict whether there is going to be a big snowstorm or torrential rain potentially affecting the logistics chain. In such a case, the optimal route in terms of weather may be a large deviation from the base route.

Another important external source is the calendar of public holidays, events or incidents (road closures due to sporting events, demonstrations, festivals, etc.). Finally, statistical traffic data can be used to predict traffic jams, according to geography, time of year, time of day, etc. Thus, the AI will design the optimal route considering all these boundary conditions. Still, this only allows us to plan our route a priori, but we will not be able to react in real time to unforeseen events. Or will we?

AI reflexes

Let’s imagine now that we have our route perfectly designed and optimised, taking into account all relevant factors. However, if there is an accident blocking a street, or a major traffic jam that we didn’t expect, we would suffer an unforeseen delay. Is there a way to react to this in real time?

This is where services like Telefónica Tech’s Smart Steps come into play. With this technology, it is possible to geolocate mobile devices, either by location based on the mobile network or the WiFi network.

This makes it possible, for example, to see whether a shop or a street is very busy at the moment, by analysing the movement patterns of individual devices. Always with anonymised data, as it is only relevant in aggregate, it is possible to calculate footfall, using both streaming data and historical data.

This also makes it possible to estimate traffic density in real time. For example, if there is a major traffic jam, Smart Steps will detect how both devices are moving in fits and starts on the road, very slowly, generating a traffic jam alert.

With all this information, the AI can update the planning in real time, i.e. it can be prescriptive. Imagine, for example, that we are in a city centre making deliveries in neighbourhood A, but in a while we will be moving to neighbourhood B.

Artificial intelligence has the advantage of having all the information at its disposal, so it will make better decisions than a human.

If in the optimal pre-calculated route, we will be able to plan our route in real time. If an accident has occurred on the pre-calculated optimal route that has generated a traffic jam, AI will use all this information in real time to design a new itinerary on the go, modify delivery times, prioritise the order, send a message to the end customer with possible updates, etc.

The main advantage over a human reaction is that the AI has all the information available and will therefore make a better decision. In short, the AIoT platform offers a differential value to any company seeking to increase the operational efficiency of its logistics processes, with full traceability of its fleet of vehicles, optimisation of delivery routes and a system of real-time alerts in case of possible unforeseen events.

🔵 More content on IoT and Artificial Intelligence can be found in other articles in our series – the first article of which can be found here,

AI of Things(I): Multiplying the value of connected things

Human factor key in cyber security

Marta Mallavibarrena    28 September, 2022

Dozens of vulnerabilities are discovered every day in the current landscape (an average of 50 in 2021), and attackers are finding new and ingenious ways to exploit them. It is obvious that the cybersecurity sector needs to keep up its efforts to prevent these attacks from succeeding. 

This technological race has led to countless advances and developments in the technological infrastructure of companies and institutions, but we cannot forget one critical factor: people, systems with hundreds of known vulnerabilities since the beginning of time, the vast majority of which remain uncorrected.

According to data collected by Proofpoint, 20% of users would have interacted with e-mails containing malicious files, and another 12% would have accessed links provided in such e-mails. Various sources put the percentage of employee-induced data leaks at between 88% and 95%. Ignoring this human factor in cyber security poses a huge risk to organisations.

Why does it happen?

Although there are infinite causes and motivations for a human action to trigger a security incident, from an insider intentionally sharing company information to an accidental mistake that leaves information exposed, the focus of this article is on those cases where there is intentionality on the part of the attacker, but not on the part of the victim. Common examples of this type of cases are phishing campaigns, vishing (by phone) or smishing (by SMS).

The techniques used in these types of attacks have not changed much over time. The same methods used by Frank Abagnale Jr. in the 1960s or Kevin Mitnick in the 1980s and 1990s to carry out the frauds that made them famous are just as effective today. Some of them, such as those proposed by Cialdinni, are still used in marketing and communication, and we have even discussed them previously on the blog.

If you think technology can solve your security problems, you neither understand the problems, nor understand the technology

Bruce Schneier

The set of techniques and procedures used to try to motivate the user to perform some action in favour of cybercriminals is known as Social Engineering. Although it is also known by other more artistic names, such as “mental manipulation” or “human hacking”, it is nothing more than another example of persuasion or attitude change.

In this context, the Elaboration Likelihood Model (ELM) is proposed in psychology. A person’s level of elaboration is based on two factors: their ability to understand the message, and their motivation to do so. To be honest, when reading emails on a Monday morning before our first coffee, we do not have either one of these.

The risks of not having controlled exposure to information (I)

Attitude changes produced in a highly processed subject are handled by the so-called “central pathway”, and are more profound and long-lasting over time, but require stronger arguments to take effect. Fortunately for cybercriminals, it is enough to last for the seconds necessary for victims to follow a link or enter their credentials, so the victim does not need to be paying too much attention.

This combination of factors makes an employee under the effect of factors such as fatigue, stress or sleep the perfect victim of social engineering. This does not necessarily mean that if we are in perfect condition we cannot fall victim to the same techniques, but it does make us enormously vulnerable.

What can we do about it?

Leaving aside the purely technological component, and focusing on the human component, both companies and users can take measures to try to reduce the success of these social engineering techniques. These include awareness campaigns and training in the detection of fraudulent messages and activity or offering reporting channels so that users can alert in the event of detecting them, among others.

As users, also on a personal level, it is important to be aware of our digital footprint: the information available about ourselves in cyberspace can be used to more accurately target attacks using social engineering.

Attacking login credentials

Big Data and Artificial Intelligence solutions for the tourism industry

Telefónica Tech    27 September, 2022

Big Data technologies and Artificial Intelligence techniques offer an infinite world of opportunities in all sectors of the economy, and especially in tourism. We are talking about having the ability to understand the real needs of tourists, as well as making it possible to optimise the resources of cities, allowing the activity to be more environmentally sustainable.

The tourism sector, which generates one out of every ten jobs in the world, is aware of the importance of applying Information and Communication Technologies in its areas of activity.

As the World Tourism Organisation rightly mentions, applying innovation in the tourism industry will allow the sector to stay at the forefront of business models by generating initiatives associated with digital transformation, which increase the knowledge of tourists and improve decision-making.

Mobile device use, a social revolution

Parallel to the technological revolution that all sectors are experiencing, the so-called social revolution is present in all of us. Tourists are becoming busier, more connected and on the move through mobile devices. They leave footprints for us to know through their connections, what we call “digital footprints”.

This information, applied in the context of associated data protection, allows public and private entities to make decisions for the intelligent development of tourist destinations, helping to obtain a 360º vision of the tourist in order to anticipate their needs and adapt public services to the visitor’s reality.

Several years ago, Telefónica, as a global telecommunications company and through its company Telefónica Tech, began the path of providing solutions in line with the digital footprint that our customers leave us. Anonymously, aggregated and extrapolated, with the prior consent of the customer, we are able to generate information that helps in commercial decision-making.

In the words of Gonzalo Martín-Villa, Global Director of Telefónica Tech AI of Things, our mission as a technology company has always been “to drive the digitalisation of companies and organisations so that, using technology, they can be more efficient and competitive”.

What information do tourists leave us with their connections?

Dynamic data from the mobile network are obtained from the analysis of the real behaviour of national tourists, always anonymously, respecting data protection, which allow us to extract insights on origin, segmentation, volume, location, length of stay and behaviour at the tourist’s destination.

Based on the study of variables such as tourist activity, length of stay and origin, several questions can be answered such as:

  • How many tourists visited my city?
  • What periods have the highest flow of tourists?
  • How long do tourists stay in the municipality?
  • Which areas do they choose to spend the night??

Faced with a permanently connected tourist, in search of personalised experiences, insights extracted from the mobile data network, and the application of technologies such as Big Data, advanced analytics, IoT and Artificial Intelligence, become essential allies to help the tourism sector understand behavioural patterns and improve the offer.

Conclusion

Without a doubt, being able to approach at the right time, with the right information, and provide services in accordance with the real needs of tourists, will be the competitive advantage in any activity in the tourism sector.

All this will allow us to become data-driven organisations, i.e. organisations where data becomes the most relevant asset for decision-making, being able to make decisions based on the reality that surrounds us, and no longer on inferences or intuition.

Cyber Security Weekly Briefing, 17 — 23 September

ElevenPaths    23 September, 2022

Quantum and BlackCat ransomware use Emotet as entry vector

Researchers at AdvIntel have published the results of an investigation reporting that ransomware operators Quantum and BlackCat have adopted the use of Emotet as a dropper in their operations among their TTPs.

Specifically, Emotet emerged in 2014 classified as a banking trojan, however, its evolution eventually turned it into a botnet that Conti ransomware operators used in their operations until June 2022, when it was disbanded.

The methodology currently adopted by Quantum and BlackCat to use Emotet is to install a Cobalt Strike beacon that deploys a payload that allows them to take control of networks and execute ransomware operations.

According to experts, Emotet has increased its activity since the beginning of the year by distributing itself via .lnk files, and it is estimated that more than 1.2 million computers are infected. This increase has also been corroborated by other research teams such as ESET and Agari.

More info

* * *

Revolut suffers data breach with more than 50,000 users exposed

The online bank Revolut, which has a banking licence in Lithuania, has been the victim of a cyber-attack in which the personal information of more than 50,000 customers has been compromised.

The incident, which occurred a week ago, has been described as “highly targeted”. According to the Lithuanian Data Protection Agency, 50,150 customers have been affected, 20,687 of them belonging to the European Economic Area.

At this stage, details of how the attacker gained access to the bank’s database have not been disclosed, but all indications are that the threat actor relied on a social engineering attack as an entry vector.

The Agency notes that the information exposed includes: email addresses, first and last names, postal addresses, phone numbers, limited payment card details and account details.

Revolut has issued a statement saying that the personal data compromised varies from customer to customer and that no card details or passwords have been accessed.

More info

* * *

Critical vulnerabilities in industrial control system environments

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a total of eight security advisories warning of vulnerabilities in industrial control systems (ICS), including critical flaws affecting Dataprobe iBoot-PDU products.

It should be noted that power distribution units (PDUs) are used to remotely manage the power supply of systems commonly used in critical infrastructures. Claroty security researchers discovered a total of seven vulnerabilities in the Dataprobe product, including CVE-2022-3183 and CVE-2022-3184 with a CVSS of 9.8.

These security flaws could allow malicious actors to access unauthenticated users and remotely execute code on affected systems.

David Weiss, CEO of Dataprobe, has indicated that the security issues have been patched in version 1.42.06162022 and that others are fixed by proper configuration such as disabling SNMP, telnet and HTTP.

More info

* * *

Old Python vulnerability affects thousands of repositories

Researchers at Trellix have released details of the exploitation of a vulnerability in the Python programming language that has been overlooked for 15 years.

The bug could affect more than 350,000 open-source repositories and could lead to code execution.

The report explains that they rediscovered the vulnerability while reviewing other unrelated bugs, concluding that it was CVE-2007-4559, already documented in an initial report in August 2007, and which has remained unpatched to this day.

Only during the year 2022, from the Python Bug Tracker, was an update provided to the documentation that only warned developers about the risk. For its part, Trellix points out that the bug persists, providing explanatory videos on how to exploit it.

The vulnerability is in the extract and extractall functions of the tarfile module, which would allow an attacker to overwrite arbitrary files by appending the sequence “…” to filenames in a TAR file.

In addition, Trellix has announced patches for just over 11,000 projects, although, for the moment, the Python Software Foundation has not commented on the vulnerability, so extreme caution is recommended as this is a bug that represents a clear risk to the software supply chain.

More info

* * *

​ Chromeloader malware increases its activity and boosts its capabilities

Researchers from Microsoft and VMware have reported a malicious campaign by the Chromeloader malware, a malicious extension for the Chrome browser, aimed at infecting victims’ devices with multiple malicious programs.

During the first quarter of 2022, Chromeloader came to the limelight in the form of adware and later became a stealer specialising in stealing data stored in the browsers of targeted users.

However, according to Microsoft, there is currently an ongoing campaign attributed to the threat actor tracked as DEV-0796, which makes use of this malware to launch much more powerful and targeted payloads.

Chromeloader has been found to be deployed in ISO files that are distributed via malicious advertisements and YouTube video comments.

In addition, as VMware also details in its report, there are at least 10 variants of this malware camouflaged under utilities intended to manage movie subtitles, music players and, more worryingly, a variant of Chromeloader that implements the Enigma ransomware in an HTML file.

More info