Top 3 most read cybersecurity posts this year

Telefónica Tech    10 August, 2022

In our weekly summer compilation with the most relevant and most read contents of the Telefónica Tech blog since the beginning of this year, this time we bring you the 4 posts on cybersecurity that have had the most visits. Read them and dare to find out why.

Differences between encryption, hashing, scrambling and obfuscation

The first thing to do is to clarify the terms we are dealing with in these readings and, to do so, nothing better than this post where we learn to differentiate between very relevant terms within cybersecurity.

Differences between encryption, hashing, encoding and obfuscation

Where do you place your company on the road to cybersecurity?

This post will test your perception of how you see your company in terms of protection against possible attacks. Do you dare?

Where is your company on the cybersecurity journey?

How Lokibot works

We go one step further and go up a level with this post where we tell you what Lokibot is and how it works.

How Lokibot, the malware used by Machete to steal information and login credentials, works

Cyber Security Weekly Briefing, 30 July – 5 August

Telefónica Tech    5 August, 2022

Possible link between Raspberry Robin malware and Evil Corp infections

The Microsoft Threat Intelligence Center (MSTIC) team has published new information about the Raspberry Robin malware, first detected by the Red Canary team in September 2021 [1]. The main method of spread associated with this family is via infected USB devices, and one of its main features is the use of QNAP NAS devices as Command & Control (C2) servers. In their update, Microsoft experts reportedly discovered that Raspberry Robin, in more advanced stages, is deploying the FakeUpdates malware, traditionally linked to the DEV-0206 actor, on infected networks. However, once FakeUpdates is successfully distributed, the activity observed leads to actions that have traditionally been linked to those carried out by DEV-0243 (Evil Corp) prior to its ransomware infections. In terms of impact, it is worth noting that this malware is reported to have been detected in hundreds of organisations across a multitude of industries. [1] https://redcanary.com/blog/raspberry-robin/ 

​More info: https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/#DEV-0206-DEV-0243

VMware critical security advisory

VMware has issued a critical security advisory (VMSA-2022-0021) reporting ten recently detected and patched vulnerabilities. These include a critical vulnerability discovered by VNG Security researcher Petrus Viet and listed as CVE-2022-31656 with a CVSSv3 of 9.8. It is an authentication bypass vulnerability that affects local domain users and could allow an unauthenticated attacker to gain administrator privileges. Regarding the rest of the vulnerabilities, six of them have been catalogued with a “significant” risk (CVE-2022-31658, CVE-2022-31659, CVE-2022-31660, CVE-2022-31661, CVE-2022-31664, CVE-2022-31665, CVE-2022-31665), CVE-2022-31665) and three with “moderate” risk (CVE-2022-31657, CVE-2022-31662, CVE-2022-31663), including remote code execution, privilege escalation and cross-site scripting (XSS) bugs, among others. These bugs affect VMware Workspace ONE Access (Access), VMware Workspace ONE Access Connector (Access Connector), VMware Identity Manager (vIDM), VMware Identity Manager Connector (vIDM Connector), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager products. While VMware is urging that the patches be implemented as soon as possible, it should be noted that no active exploitation has been detected so far.

More info: https://www.vmware.com/security/advisories/VMSA-2022-0021.html 

Vulnerabilities in Apache HTTP Server

Multiple vulnerabilities have been discovered in Apache HTTP Server affecting versions prior to 2.4.54. A remote attacker could exploit some of these vulnerabilities to trigger a denial-of-service condition, disclosure of confidential information, cross-site scripting (XSS), or circumvention of security restrictions on the target system. The vulnerability catalogued as CVE-2022-31813 [1] stands out for having a CVSSv3 of 9.8 and its exploitation would allow the evasion of IP-based authentication control by not sending, under certain conditions, X-Forwarder-* headers. It should also be noted that these bugs affect many products that use the Apache server, such as IBM [2] or F5 [3], and it is therefore recommended that Apache HTTP Server is updated as soon as possible following the vendor’s instructions. [

1] https://nvd.nist.gov/vuln/detail/CVE-2022-31813

[2] https://www.ibm.com/support/pages/node/6595149

[3] https://support.f5.com/csp/article/K21192332

More info: https://httpd.apache.org/security/vulnerabilities_24.html 

Remote code execution vulnerability in DrayTek routers

The Trellix Threat Labs team has detected an important remote code execution vulnerability affecting DrayTek routers. Exploitation of the vulnerability, tracked as CVE-2022-32548 – CVSSv3 10.0 [1], would allow the execution of attacks that do not require user interaction, as long as the device’s management interface is configured for network services. If successful, the attacker would gain access to the device’s internal resources, completely compromise the device, and even launch attacks within the LAN from the device’s own default configuration. The flaw affects the Vigor 3910 along with 28 other DrayTek models that share the same code base and has been patched by the company. Trellix has also published a video [2] detailing the process of exploiting this vulnerability, so it is recommended not to expose the administration interface to the Internet, reset passwords and update the software of the affected devices to the latest version.

[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32548

[2] https://youtu.be/9ZVaj8ETCU8

More info: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/rce-in-dratyek-routers.html

RapperBot: new botnet targeting Linux systems

Fortinet security researchers have discovered a new botnet, called RapperBot, that specifically targets Linux systems. This new malware is reportedly based on the original source code of the Mirai botnet but is notable for having unique features that are rare in this type of malware, such as its own Command & Control (C2) protocol. Also unlike Mirai, RapperBot focuses on using brute-force techniques to access SSH servers instead of Telnet, launching tests on lists of credentials downloaded by the malware from its own resources. If it succeeds in gaining access to the server, the bot adds a new SSH key and creates a Cron task that re-adds the user every hour in case an administrator discovers the account and deletes it. It is currently unknown what RapperBot’s main purpose may be, as its authors have kept its DDoS functions limited. However, the addition of persistence and detection evasion mechanisms indicate that the botnet’s operators may be interested in initial access sales to ransomware actors.

More info: https://www.fortinet.com/blog/threat-research/rapperbot-malware-discovery

The 3 posts about Blockchain that you have to read

Telefónica Tech    2 August, 2022

Continuing with our series of posts on the most read content for each technology, this week we stop at Blockchain to learn more and better about it together with our experts from Telefónica Tech. Here we go!

The 7 priorities of a company when adopting Blockchain

This technology has been attracting the attention of all companies for some time now. Do you want to know why?

The 7 priorities of a company when adopting Blockchain

5 key trends for the massive adoption of Blockchain

Yes, it is a reality that the Blockchain has become one of the keys to the technology market and we tell you the best trends for its adoption.

5 key trends for mass adoption of Blockchain

Incentives in enterprise blockchain networks: a new approach

But this technology does not stop evolving, and new approaches have already arrived. Do you want to be the first to know about them?

Incentives in business blockchain networks: a new approach

You take a holiday, but your cybersecurity doesn’t: 5 tips to protect yourself this summer

José Vicente Catalán    1 August, 2022

Holidays are a necessity, that’s for sure. Everyone needs to relax, to spend quality time with family and friends, to disconnect. But, ironically, in order to disconnect, we end up connecting (our mobile, our laptop) to whatever network we have at hand.

And here comes the danger, because we could be opening the door (to our data, our identity, our bank account or, given the expansion of smart homes, the door to our home) to all those criminals who use cyberspace to find victims.

But that is not the only danger: holidays take us out of the (a priori) safe space of the office and home and, either out of necessity or due to the relaxation of our habits at this time of year, we lower our guard against threats.

That’s why we’ve compiled a series of tips to help you go on holiday, but not your cybersecurity.

1. Caution when posting on social media

Let’s start with the basics: information is power, right? Well, if you give away your personal information, you are giving away power over you to strangers. What could happen if you post on your social networks that you are going on holiday with dates and destination?

It could be that someone interested in stealing your data designed a super-convincing phishing scam posing as your hotel or your airline.

Or it could be that a thief with a bit of patience and basic internet skills could find out where you live: it’s not that hard either, who, when looking for a job, hasn’t uploaded their CV with all their personal details including postal address? If they know where your house is and that you are sunbathing on the beach, it will be much easier for them to find you.

2. Beware of the “out of office” message: this is how to set it up

However, not all the risks are in social networks: what about corporate email and automatic “out of office” replies? A priori it seems good practice to enable the automatic response so that the client who has written to you knows that you are not going to attend to them because you are on holiday, but these automatic responses do not discriminate and will send sensitive information about your company to anyone, including possible attackers who will use the information to try to gain access to corporate systems.

As the DirectDefense website explains: “Email phishing is a very common attack vector that relies heavily on a person in a company clicking on an incorrect link or unwittingly providing personal information to a malicious entity. To gain access to the network through phishing, attackers can also take advantage of employees who are not even using their email”.

Here’s a typical “out-of-office” email: 

I am currently unable to attend to you due to my holiday period from 1 to 15 July, inclusive.

Please contact my supervisor Mr. So-and-so [email protected] in case you need urgent attention.

Juan López,
915555555, Digital Operations
mycompany.com

The recipient of this information (who could be the sender of a spam campaign) will receive the employee’s full name, position within the organisation, address and telephone number, the name and email address of their supervisor (and will be able to deduce the pattern of corporate email creation) and the time window in which the employee could be impersonated.

Therefore, if you are not going to reply to emails and you want to have the courtesy to inform anyone who may write to you of this, it is advisable not to include contact information or personal details (including removing the usual signature) of yourself or colleagues.

So, a suggestion for a safe automatic reply email would be:

Thank you for getting in touch. I am not available at the moment. I will get back to you as soon as possible.

Another cybersecurity risk vector related to email and holidays is the potential for phishing. It is a time when we receive many emails from companies to confirm a hotel room reservation, a rental car payment or a plane ticket purchase.

As the OSI (Office of Internet Security) says: “If you are going to check your inbox, remember to take a few extra seconds to think before replying to an alarming email, downloading an attachment or clicking on a suspicious link”.

3. Say “no, never” to free wifi networks (and even more so to open wifi networks)

Let’s move on to another possible holiday scenario. You are travelling, for example, to Thailand and your flight has a stopover in China. Once at the airport you discover that the flight that was supposed to take you to Thailand has been cancelled and the airline offers you no help whatsoever. You’re trapped and you’re desperate to find another flight to get you out of there, so you wander around the airport looking for a wifi network to connect to with your mobile phone and buy the flight.

You try the paid networks, but they’re in Chinese and you can’t get through the login process, so you connect to a free wifi network, which is much simpler. OK, you log on to the website, buy the flight by entering your credit card and then log on to your email to see that you have received your boarding pass. Problem solved, then?

You may have found a way to continue your dream holiday, but in return you have left your credit card number and all the associated security codes, as well as your personal details, your email address and the password to access it, on an untrusted network.

Never connect to public networks because, you know, if a product is free, then the product is you

The chances of someone on the other side of the free WIFI charging your card are terrifyingly high. Therefore, and this advice applies all year round and not just on holidays, never connect to public networks: you know, if a product is free, then the product is you (or your information).

In the long run it is always cheaper to pay the extra data charge on your SIM card than to expose all your information, especially your bank details, on an unreliable public network. However, if you have no choice but to connect to a public network, avoid accessing personal accounts and entering sensitive data, especially bank details, as much as possible.

Photo: Anete Lusina
Photo: Anete Lusina

By the way, your company’s security managers will be very grateful if you do NOT connect to your corporate email, or any type of company application, from this type of untrusted network because the credentials you use could fall into the hands of an attacker and lead to extremely valuable losses for the company. You are on holiday, remember, you have to disconnect.

4. Don’t download PDF travel guides or install apps of suspicious origin

It’s also typical of a holiday when you’re too lazy to carry around a standard paper travel guide, with all the weight and space it takes up in your backpack, and you decide to download an app or PDF you’ve just found on the internet.

It’s possible that the writer of that guidebook put their best tips and knowledge of the city you’re going to, but it’s also possible that someone took that app or PDF and repackaged it with a virus before uploading it again.

So don’t download files of dubious origin and never install apps outside the official Android (Google Play) or iOS (Apple’s App Store) markets.

5. And one more thing

One last tip before you go on holiday: update your passwords and keep them in a safe place such as a password manager application, so that when you return to work you don’t add to your post-holiday depression the stress of finding that your passwords have expired and you are unable to resume your work duties.

To close on a good note, digitalisation has not only brought cybersecurity risks to the holiday environment. It also offers interesting possibilities such as programming your smart light bulbs to switch on and off at different times or raising and lowering your home automation blinds, making a potential burglar believe that you are inside your home.

Happy and safe holidays!

Cyber Security Weekly Briefing, 23-29 July

Telefónica Tech    29 July, 2022

New Critical Vulnerability in SonicWall Products

Researchers from DBappSecurity HAT lab have discovered a critical vulnerability that affects several SonicWall Analytics On-Prem and SonicWall Global Management System products. The vulnerability, a SQL injection flaw, has been labelled CVE-2022-22280, with CVSS 9.4, and grants the attacker with access to sensitive information, and the possibility to bypass authentication and delete information from databases. The vulnerability is considered critical given that it does not require authentication, user interaction nor is complex to be exploited. So far, no active exploitation of the flaw has been detected nor any exploits have been found. The vulnerability affects Analytics On-prem versions  2.5.0.3-2520 and prior [1], as well as SonicWall Global Management System versiones 9.3.1-SP2-Hotfix1 and prior [2]. Finally, SonicWall has urged all organizations using these products to install the new security patch as soon as possible. 

[1] https://www.sonicwall.com/support/knowledge-base/security-notice-sonicwall-analytics-on-prem-sql-injection-vulnerability/220613083254037/

[2] https://www.sonicwall.com/support/knowledge-base/security-notice-sonicwall-gms-sql-injection-vulnerability/220613083124303/

​More info: https://www.bleepingcomputer.com/news/security/sonicwall-patch-critical-sql-injection-bug-immediately/

​Analysis of new CosmicStrand rootkit

Researchers with SecureList have discovered a new advanced rootkit for UEFI firmware for Windows that has received the name CosmicStrand. This type of malware is highly evasive and persistent, as it remains on the victim’s system even after several reboots. As per the infection chain, CosmicStrand attacks on kernel level, aiming at firmware images from Gigabyte or ASUS’ motherboards. These firmware images are modified in the CSMCORE DXE controller to execute a code chain during system boot that downloads the payload hosted on Windows. According to researchers, the modifications on the firmware images could be achieved by exploiting a vulnerability. This would imply that the attackers had previous access to the victim’s computer to extract, modify and overwrite the motherboard’s firmware. The countries where this operation is taking place so far are China, Vietnam and Iran. Plus, the victims are normally users with free versions of the products impacted.

URL: https://securelist.com/cosmicstrand-uefi-firmware-rootkit/106973/

0-day vulnerability in PrestaShop exploited against e-commerce stores

The exploitation of a 0-day vulnerability has been detected in PrestaShop, the most popular open source e-commerce platform in Europe and Latin America, used by around 300,000 customers worldwide. PrestaShop reported that the attackers were exploiting a combination of vulnerabilities to inject malicious code into websites using its software, allowing them to execute arbitrary code with the purpose of stealing e-commerce customers payment information. Among the exploited flaws, the PrestaShop team detected a SQL injection 0-day (CVE-2022-36408 [1]) that has been fixed in the version 1.7.8.7, however, they state that there may be more methods to carry out this attack.  In addition, PrestaShop has published a series of tests to verify the attack, as well as recommendations to keep the e-commerce site secure such as keeping the software updated and disabling the MySQL Smarty Cache function, used by the attackers to carry out the attacks.

[1]  NVD – CVE-2022-36408 (nist.gov)

More info: https://build.prestashop.com/news/major-security-vulnerability-on-prestashop-websites/

5 key trends for mass adoption of Blockchain

Jorge Ordovás    28 July, 2022

In a recent article, we looked through Gartner publications to see how expectations for blockchain application have evolved in recent years

Today we will delve into some of the most relevant trends that we can observe in its latest “Hype Cycle”, explaining from Telefónica’s experience why we believe they are key to the massive implementation of this technology (especially in the business environment).

Gartner Hype Cycle for Blockchain – 2021

Telefónica’s commitment to Blockchain goes back almost 5 years. We have navigated and lived this story in first person, and although we have not been always relevant, we started 2021 with the recognition of Forbes as one of the 50 companies that are leading the use of Blockchain (the only Spanish company in the world to have been recognised as a leader in the use of Blockchain).

If we review this latest Blockchain Hype Cycle, our positioning is very much in line with several of the trends it covers, to which we dedicate a large part of the activity we develop

Blockchain Platforms / Blockchain PaaS

When we talk about Blockchain, we are talking about a business enabler that allows information to be managed in a more transparent way, guaranteeing that it cannot be modified once it has been recorded. And it makes it possible to develop reliable and auditable business logic based on this data, avoiding the possibility of third parties affecting this processing for their own benefit.

In the business environment, we all have systems, applications, portals and other multiple environments that need to interact with Blockchain networks to record and consult the information required in business processes. And in each of the projects where we have used Blockchain in Telefónica we have needed to create an “abstraction layer” that would make it easy to use the different existing technologies (private, public and consortium), as well as their quick and easy integration by all the systems and actors participating in the process.

Thanks to this experience, we have developed our Blockchain PaaS service, TrustOS, which offers generic capabilities to easily and quickly compose projects that make use of traceability, certification, identity… in Blockchain, accessible through APIs. This solution avoids the need to know the characteristics of the multiple existing technologies and facilitates access to different networks (private, public or consortium) to make the most of their advantages with minimum effort. And it makes it possible to migrate from one Blockchain technology to another, or between networks, without impacting the business processes built up.

Blockchain and IoT

No single technology can be the “philosopher’s stone” that transforms data into gold. The combination of technologies is key in general to bring the most value to the business, and the case of Blockchain is no exception.

One of the challenges we face when applying Blockchain in a use case is how to ensure that the information recorded in the blockchain is correct. Otherwise, we risk having immutable data that we cannot trust. And for this we need to integrate other technologies, because Blockchain does not solve this problem.

That is why Telefónica Tech has developed in our IoT solutions the ability to record information obtained by devices in Blockchain networks, through TrustOS. This integration is carried out simply and independently of the network and technology used, through APIs. Either through generic IoT platforms (for those devices that do not have “intelligence”) or directly from the device (as is the case of the agreement for the development of IoT+Blockchain solutions that we reached with Aitos.io and Fibocom). In this way, we guarantee the non-repudiation, validity and integrity of the information without the existence of any intermediate service or platform that could alter the information.

One of the relevant aspects to be able to connect the world of devices to Blockchain networks is to manage their identity and guarantee control of who is accessing what at any given moment. This need has led us to develop our own decentralised identity solution for Hyperledger Fabric, as this technology (the most widely used in the business world) has a centralised identity architecture that makes this type of project unfeasible. In order to facilitate its use by other companies that have this need, Telefónica has released the TrustID identity solution as an open-source project within the Hyperledger ecosystem, which evolves within the scope of the consortium.

Decentralised identity

The promotion of digital identity supported by distributed registry technologies is one of the clearest trends in the public sphere, both in Europe and in Spain, which are leading some of the most outstanding initiatives worldwide.

In our country we can boast of the approval in early 2021 of the Reference Framework for Decentralised Identity Management (DID) with Blockchain technology. This is the first official standard developed in the world in this field, which places Spain at the forefront in the standardisation of these new technologies. The private sector has collaborated decisively in the development and approval of this standard, with the participation of Telefónica, companies such as BME and Astrea, and organisations such as Alastria, the Spanish association for the development of the national Blockchain ecosystem.            

At the European level, decentralised identity is an essential part of the European Blockchain Services Infrastructure, an initiative created in 2018 that includes all EU member states. EBSI’s goal is to work together to harness the potential of Blockchain for the benefit of citizens, society and the economy. As part of this commitment, the association has built an infrastructure, consisting of a network of nodes distributed across the different member states, which will provide cross-border public services across the EU and will enable the development of applications in different fields (the aforementioned identity, as well as traceability, notarisation or secure information sharing, among others).

Recently, moreover, the Secretary of State for Digitalisation and Artificial Intelligence has signed a cooperation agreement between Spain and Germany to work in the field of cross-border digital identity. This initiative aims to give citizens full control of their digital identities.

All this suggests that in the coming years this specific area of decentralised digital identity will be one of the most relevant for the development of Blockchain-based services that can achieve mass use by EU citizens in their relationship with the public administration and with private companies.

Interoperability between networks

As initiatives based on Blockchain are developed in both the private and public sectors, the development of interoperability solutions between networks becomes a key aspect in order to connect and extend services and avoid “silos” that limit the full potential of this technology.

This need is not new, every time networks are developed on which the possibility of sharing information and building value-added services is enabled (Internet, mobile networks…) interoperability is one of the decisive challenges for its mass adoption, going from limited environments (intranets, private networks, messages limited to customers of your own operator, etc.) to connecting any user and service in the world.

In the coming months, Telefónica will combine different networks and technologies through TrustOS to respond to different needs in areas such as traceability, certification or identity. Facilitating our customers access to private and consortium networks (Alastria, EBSI, LACChain…) to develop interoperable use cases and take advantage of the capabilities of each ecosystem.

Tokenisation

Finally, we highlight the potential of tokenisation to enable the development of new business models, in which it is possible to create digital representations of assets (tangible or intangible) to facilitate their exchange and traceability.

One of the most fashionable trends in recent months related to tokenisation are NFTs (Non-Fungible Tokens, another of the technologies included in the “Hype Cycle”). These tokens represent unique assets, such as works of art or collectibles, facilitating their exchange in markets and enabling not only the traceability of their life cycle, but also the creation of new business models (for example, guaranteeing the creator of a work a percentage of future sales, which he obtains automatically each time the ownership of the NFT that represents it is transferred).

Tokens also allow for new gamification and reward mechanisms. As an example, to celebrate a decade of Wayra, Telefónica’s innovation ecosystem, 10 NFTs corresponding to 10 original works were issued through TrustOS and given to participants in a competition in recognition of their participation.

In the financial sphere, the use of Blockchain networks and tokenisation is enabling the sector to begin to evolve towards a decentralised environment. We are talking about DeFi (Decentralized Finance), another of the most important trends of recent times, which is enabling the development of alternative financial services, supported by stable coins (tokens that represent a digital dollar) and protocols developed on Blockchain networks. Commercial banks and central banks, as well as other players (such as Facebook) are also experimenting with the tokenisation of money to create a new ecosystem to solve some of the current limitations, such as the transparency of the monetary system, or the traceability of transactions to combat money laundering or tax evasion.

The Blockchain Hype Cycle includes many other trends, which, together with those discussed in this article, will undoubtedly allow us to develop new services in the coming years that we have not even identified yet. An exciting time for all of us who are working to make Blockchain’s expectations a reality. See you in the next Hype Cycle!

Leave a Comment on 5 key trends for mass adoption of Blockchain
Jorge Ordovás
Jorge Ordovás

Tengo más de 20 años de experiencia en el desarrollo de Servicios TI, liderando proyectos de Transformación Digital para grandes empresas en múltiples sectores (Servicios Móviles, Servicios Financieros, Seguridad, eHealth, Energía, Cloud...). Actualmente soy corresponsable del equipo de Blockchain en Telefónica IoT & Big Data Tech. Mi trabajo consiste en identificar el verdadero potencial de transformación de esta tecnología, definir la estrategia y el posicionamiento de Telefónica, y hacer realidad proyectos en distintos ámbitos (eficiencia de procesos, tokenización, identidad, infraestructura...) con nuestras soluciones, como TrustOS.

Edge Computing, 3 case studies   

Marta Nieto Gómez-Elegido    27 July, 2022

2021 was a turning point for the arrival of Edge Computing in our lives. Newscasts, written press, social networks, chats among friends… This term did not escape from any of our spheres because we all wanted to know what Edge Computing really was.

Now that we know what it is, we wonder how, through which projects, it is being implemented. What use cases are already demanding this technology? To find out, nothing better than to learn about Telefónica Tech’s case studies on this journey that will conclude with the arrival of the “real” 5G, the 5G SA (StandAlone), which will bring new capabilities.

Navantia

Navantia, a leading company in the manufacture of high-tech ships, has found in Telefónica the best travelling partner on the road to its digital transformation. In this project, 3 use cases of 5G Edge Computing applied to ship reparation and construction processes have been defined:

  • 5G and Edge Computing for remote assistance
  • 5G and Edge Computing for real time processing of 3D scanning
  • 5G and Augmented Reality for Shipbuilding

Find out all about this case study in the following video:

APM Terminals

APM Terminals, one of the largest operators in port, maritime and land terminal design worldwide, joins this list of Edge Computing case studies thanks to its pilot project with Telefónica. As its technology partner, Telefónica is developing a pilot project at APM Terminals’ container terminal in the port of Barcelona to improve security through a combination of 5G, Edge Computing and C-V2X technology.

Here we find two case studies:

  • Geolocation and virtual positioning of fixed objects
  • Geolocation of moving elements

Learn more about this case study in the following video:

IE UNIVERSITY

Edge Computing has also reached classrooms and the best example of this is the case study of IE University. Together with Telefónica and Nokia, this well-known educational centre has developed an immersive experience at its Campus in Segovia, thanks to the application of 5G and Edge Computing.

These are immersive virtual lessons where students learn in streaming and from their own devices. In this use case, a third key element is added to 5G and Edge Computing: Virtual Reality. If you want to know how it is possible and the role of each of these elements to make this pioneering experience a reality, press play:

Smart football stadiums: the world’s greatest show, made even better

Nacho Palou    26 July, 2022

Stadiums are where the magic of football happens. They are the meeting place where fans and rivals experience the thrill of competition. Passion and joy, and also sorrow, are shared in the stadiums with the players and the team, with thousands of fans and even with millions in front of a television.

That is why it is always exciting to go to a stadium to watch a football match. An experience that technology, applied to the digitalisation of stadiums (smart stadiums) has the capacity to turn into a memorable experience, increasing the attractiveness of sports venues for fans, viewers and sponsors.

Innovative technologies such as 5G connectivity, the Cloud, Big Data and Artificial Intelligence, and the Internet of Things (IoT) offer football clubs everything they need to improve and extend their relationship with their fans, to attract new audiences and to increase the number of spectators in their stadiums. It also allows clubs to be more agile in responding to the demands of fans and advertisers; and to adapt to new football consumption habits, especially among young people.

Technology to engage viewers and attract sponsors

The digitalisation of stadiums and sports facilities allows clubs to provide services and entertainment ecosystems to attendees. It also enables new dynamic and proximity marketing actions to increase audience participation and loyalty at events or at the club itself. For example,

  • Wifi or 5G connectivity inside the stadium makes it possible for spectators to connect with their mobile phone via the club’s app to access exclusive content in high definition and in real time: camera views and additional shots without delay, on-demand replays, interactive content and even live and 360° virtual reality, or overlaying statistical and player performance data.
  • Artificial Intelligence can automate sports broadcasts, enabling clubs to offer spectators a personalised mobile experience, giving them the ability to choose what they want to watch and what they want to share so that they don’t miss out on what is happening inside and outside the stadium.
  • This combination of high-speed connectivity and AI also enables new advertising media and formats to capture the attention of spectators and get a better economic return from sports facilities and communication channels, and to expand the sponsorship portfolio.
Photo: Thomas Serer / Unsplash
Photo: Thomas Serer / Unsplash

Digitalisation also makes it possible to offer 360° video scoreboards and turn stadiums into visual and acoustic spectacle generators in tune with the development of the match and the emotions of the crowd. Both during football matches and at events of all kinds, such as meetings, cultural events or concerts.

Sensing the environment to connect with the crowd

The use of IoT sensing and Artificial Intelligence also allows clubs to know in detail the behaviour and profile of those attending the course and its surroundings.

In this way, clubs obtain insights about tourists or visitors to take into consideration when making operational, strategic or business decisions. For example, to decide what is the best date and time to hold a specific event or launch a promotion, and what type of promotion.

Also to know with which public, at what times or in which areas of the stadium different commercial actions work best; or to optimise access control and the flow of attendees, improving their safety and that of the stadium.

Sensorisation also increases the operational efficiency of sports facilities when combined with high-speed, delay-free connectivity (5G) and Cloud and Edge Computing technologies.

Autonomous and automatic coverage of matches in smart football stadiums

This combination of technologies enables autonomous and automated coverage of sporting events. Connected remote cameras and artificial intelligence algorithms are capable of performing real-time game analysis, tagging plays and orienting and switching cameras to produce a signal suitable for live broadcasting -on television, social networks, digital platforms…- that, in addition to:

  • It facilitates the reporting and broadcasting of events, and even eliminates the need to deploy mobile TV units, streamlining operations and reducing broadcast costs while improving efficiency and sustainability.
  • Managed broadcasting from the Cloud platform allows recording and broadcasting to be carried out from multiple locations and in near real-time, thanks to high-speed data transfer.
  • Through the Cloud, production can be done from anywhere in the world, with the best specialists and the best resources. This means an improved experience for the viewer, providing them with a greater number of viewing options, shots and effects to enrich broadcasts and make them more personal.

Cloud platform stores a historical audiovisual archive that remains available and easily accessible for the club, the media and the fans, erasing the limits to the capacity to store and manage all the content generated by the smart stadium.

The possibilities offered by digitalisation are many, both for football clubs, their fans and spectators. Also for football: the digitalisation of football stadiums turns the world’s greatest spectacle into a memorable experience.

Cyber Security Weekly Briefing, 16 — 22 July

Telefónica Tech    22 July, 2022

Lightning Framework: new malware targeting Linux environments

Researchers at Intezer have published information about a new type of malware targeting Linux environments, which they have named Lightning Framework. While the researchers have not located a complete sample and some details of the malware are still unknown, some of its characteristics have been analysed.

It is an advanced malware that installs itself on the victim’s system via a downloader that will download all its modules and plugins. From there, the malware impersonates the GNOME password manager to connect to a polymorphic Command & Control server and download more components.

Other features include the manipulation of timestamps and process IDs, the creation of a script with the name “elastisearch” to create persistence and the implementation of a backdoor by creating its own SSH server.

According to Bleeping Computer, Lightning Framework is the latest in a growing wave of malware variants attacking Linux systems, following recent detections of OrBit, Symbiote, BPFDoor and Syslogk.

More info

* * *

​Cisco fixes multiple vulnerabilities

Cisco has released security patches to fix 45 vulnerabilities (three critical, one high and 41 medium) affecting various products. Three of the patched flaws, listed as CVE-2022-20857 CVSS 9.8, CVE-2022-20858 CVSS 9.8  and CVE-2022-20861 CVSS 9.8, affected the Cisco Nexus Dashboard datacentre management solution and could allow an unauthenticated remote attacker to execute arbitrary commands and perform actions with root or administrator privileges.

Another high-severity flaw, listed as CVE-2022-20860 CVSS 7.4, is also highlighted in the SSL/TLS implementation of Cisco Nexus Dashboard that could allow an unauthenticated remote attacker to alter communications by intercepting traffic in man-in-the-middle attacks.

While these flaws are not known to be actively exploited, Cisco is urging users of affected devices to apply the patches as soon as possible.

More info

* * *

Luna: new ransomware targeting Windows, Linux and ESXi

Kaspersky security researchers have discovered a new ransomware family based on the Rust programming language, named Luna, on a ransomware forum on the dark web. This new ransomware appears to have the ability to encrypt devices running various operating systems, including Windows, Linux and ESXi systems.

According to Kaspersky experts, at this stage Luna appears to be a simple ransomware in development and, for the time being, limited to command-line options only.  However, its encryption scheme is unusual, combining the Diffie-Hellman elliptic curve X25519 secure key exchange, using Curve25519 with the Advanced Encryption Standard (AES) symmetric encryption algorithm.

Furthermore, the trend of using a cross-platform language such as Rust denotes the trend of cybercriminal gangs developing ransomware capable of targeting multiple operating systems, without much effort and adaptation for each target.

According to the research, there are no known data on possible victims of this ransomware family, as its operators have only recently been discovered and their activity is still being monitored.

More info → 

* * *

Atlassian fixes critical flaw in encrypted Confluence credentials

Atlassian has released a security update that fixes a critical encrypted credential vulnerability in Confluence Server and Data Center that could allow unauthenticated remote attackers to log into vulnerable servers.

The encrypted password is specifically added after installation of the Questions for Confluence application (versions 2.7.34, 2.7.35 and 3.0.2) for an account with the username disabledsystemuser, which is designed to assist administrators with the migration of application data to the Confluence cloud.

The disabledsystemuser account is created with an encrypted password and is added to the confluence-users group, which allows viewing and editing all non-restricted pages within Confluence by default. Exploitation of this vulnerability, classified as CVE-2022-26138, would therefore allow an attacker to log in and access any page to which the confluence-users group has access.

So far, no active exploitation of this flaw has been observed, and Atlassian claims that this application, which helps improve internal communications, is reportedly installed on more than 8,000 Confluence servers.

To patch this bug, it is recommended to upgrade to the fixed versions (2.7.38 or higher to 3.0.5), or disable or delete the disabledsystemuser account, as uninstalling the Questions for Confluence application would not be enough. 

More info

* * *

CloudMensis: New malware targeting macOS

ESET researchers have discovered a new malware that is being used to implement backdoors and exfiltrate information on macOS devices.

The malware was first detected in April 2022 by the ESET team and has been named CloudMensis. One of its most notable features is the use of cloud storage services such as DropBox, Yandex Disk or pCloud to communicate with its command and control (C2) servers.

CloudMensis also manages to execute code on the target system and obtain administrator privileges to execute a second, more functional phase that collects information such as email attachments, screenshots, document exfiltration, keystrokes and other sensitive data.

Similarly, it is currently unknown how it is distributed and what the infection vector is, as well as who the end targets of this malware would be and the threat actor to attribute this activity to.

More info → 

What are operational technology (OT) security “Patch Tuesdays”?

Diego Samuel Espitia    21 July, 2022

In the cybersecurity world we are used to the release of packages that fix vulnerabilities detected in business software. One of the releases that has established a periodicity and continuity to this process is what Microsoft has called “Patch Tuesday”. But it is not the only one.

Designating a specific day for the release of security updates is very useful for defence teams, who have a list to review which fixes to apply based on the criticality of the risk and the applicability to their systems. This practice is therefore considered a good reference for the market.

More cyber threats to industrial equipment

In this last year, where the industrial operations sector has been involved in a growing wave of cyber threats, it is essential for industrial cybersecurity teams to start adopting this type of practices that allow a more proactive management of the threats found in the equipment used in the industry.

Industrial sector have started to follow in the footsteps of the IT world in terms of publishing the threats detected in their different products or systems.

There are several governmental entities in the world that have portals where it is possible to find daily alerts on the weaknesses found. The most recognised in the industrial world is the CISA publication, but in Spanish, INCIBE has undoubtedly gained a lot of strength. Other sources that link IT and OT are VDE in Germany and ZDI in the United States.

This trend has meant that two large companies in the industrial sector have started to follow in the footsteps of the IT world in terms of publishing the threats detected in their different products or systems.

This publication is not something new for these companies, but they have adopted the good practice of making this publication jointly on a single day of the month, and following Microsoft, they took Tuesday as the ideal day for this publication.

Where is your company on the cybersecurity journey?

The origin of “Patch Tuesday”

The first company in the industrial sector to adopt this practice was Siemens, which created a team called ProductCERT, which has been integrating all of the company’s security publications since 2011 and where on the second Tuesday of each month it publishes the vulnerabilities detected or updated in each month.

This practice began in the first months of 2021, consolidating itself as the publication expected by industrial security teams and which, on average, publishes 30 vulnerabilities each month, including new ones and updates. In July 2022, 34 alerts were published, of which 20 are new and 5 of these new ones are classified as critical risk.

Photo: This is Engineering RAEng
Photo: This is Engineering RAEng

The other company in the sector that has joined this practice is Schneider Electric, which has had its own security publication portal since the beginning of 2020, but which a few months ago started publishing vulnerabilities in a unified way on Tuesdays. In July 2022, they published 8 critical alerts on various devices.

These are not the only ones published. If a critical alert arises within the established period, it is published on the portal and announced in various ways on the Internet, which also ensures that the cyber defence teams of the companies have a clear understanding of the importance of the immediate application of these patches.

Conclusion

In conclusion, the best practices that have worked in the IT world are now being adopted by the OT world, although the approach to vulnerability management and remediation is completely different, being able to have this source of early warnings allows the incident recovery plan to be much more preventive than just reactive.

The industrial sector is rapidly migrating to systems and services that are increasingly similar to those traditionally used in IT, with several differences and particularities of the sector, but where the advantages of the good practices that have evolved in IT cybersecurity can be implemented and taken advantage of.