XDR, the cybersecurity trend that dominated the RSA Conference 2022

Alberto Sempere    15 June, 2022

After a two-year break, I am back at the RSA Conference in San Francisco, the international key event for the cybersecurity industry.

Having overcome the typical hurdles of a trip in the COVID era, we found ourselves at the conference with broad smiles, strong handshakes, and lots of lively conversations. Signs that proved this industry’s eagerness to get back on track, and also an optimism that is a far from the current scenario in which the average value of the major cybersecurity indices has fallen by 20% so far in 2022.

Every year that I have attended RSA there has been some new buzzword that becomes a kind of common thread for many companies at the conference and it seems you can’t not mention it if you want to be relevant to your customers. In the past years we have lived through the era of orchestration, SASE, the Human Factor, and so on.

Picture: RSA Conference 2022
Photo: RSA Conference 2022

And for this year surely some of us were betting on Zero Trust, which is a topic that is still relevant and has been less present in what I have been able to see of this conference. However, for me, the clear winner for 2022 is XDR.

What is XDR and why is it key to cybersecurity?

XDR stands for Extended Detection and Response. Without simplifying it too much, it has much to do with extending the detection and response tools and processes we had in place to ensure we have no blind spots and that we are much more efficient in our response.

Photo: RSA Conference 2022
Photo: RSA Conference 2022

It is therefore an extension of the detection tools beyond the Endpoint (EDR) and SIEM, taking detection to the network (NTA), to Cloud native environments (CSPM), around identity (ITDR), to applications, etc.

Technological convergence and visibility

XDR is along with two other trends that are closely related: first, technological convergence, which has a lot to do with it because it requires solutions that used to be seen separately and now come together to not only improve detection but also response, which traditionally required additional tools to automate and orchestrate, collect and apply intelligence, etc….

Basically, an integrated tool that allows us to achieve that XDR concept in the most efficient and simple way. Whether this convergence is the best option or whether it is the sum of several technologies coordinated by an orchestrator, a SIEM or other tools is a topic that requires more space than this article provides.

Here MSSPs such as Telefónica Tech can play an important role in supporting customers in this transformation process by providing XDR capabilities in both converged and heterogeneous environments.

The other closely related concept that I wanted to mention is Visibility. Another concept that appears recurrently. It is increasingly important for companies.

Photo: RSA Conference 2022
Photo: RSA Conference 2022

In order to know where they are, to be able to prioritise, in short, to give better visibility of their risk within their organisation. Many solutions have pushed this attribute and some do it in a specific way, such as ASM (attack surface management) solutions.

Essentially, through automated tools these services provide a clear and fairly comprehensive view of the most important vulnerabilities and areas of exposure and risk and unlike other traditional tools do so from an attacker’s perspective.

These tools could help to start automatic Red Team exercises in a lighter way or supplement existing services or capabilities with such activities on a recurring basis.

Mobile security and the presence of Spanish startups

Moving on, I also wanted to mention the security of mobile phones. I have to say that I didn’t see as much as I expected. It seems that the impact of the security breach of the mobile phones of members of the Spanish government has not had as much impact in the United States, and this was reflected at the fair.

I cannot finish without mentioning some of the startups present in the Spanish hall. Spanish startups that I always try to pay special attention to, as this year they were:

  • RedBorder with whom we were able to talk about visibility and XDR on their open and scalable network platform.
  • ETHEC who showed us how their company provides greater visibility through their risk assessment platform.
  • LEX Program, the legaltech startup that enables real-time compliance with the most common legal requirements in website consent taking through a dynamic platform.

As I said at the beginning, the level of enthusiasm experienced during the fair has been contagious and I am looking forward to continue working with many of the partners and customers with whom we had the pleasure of chatting those days.

Photo: RSA Conference 2022

Cloud Computing, the great ally for the digitalisation of the sports sector (and for athletes)

Roberto García Esteban    14 June, 2022

Data analytics has become fundamental to sport. Gone are the days of coaches and trainers taking notes with their pen in a notebook during matches or training sessions.

Everything from the fans’ experience when they enter a sports venue to the strategy of the game or the performance of the players during matches and training sessions is now thoroughly studied and analysed.

The results of these analysis are essential for decision making in the world of sports to the point that the market for data analytics applied to sports is expected to grow from $2.5 billion in 2021 to $8.4 billion in 2026.

Quick and easy access to data that improves sporting performance

Thus, the way in which sports organisations store and access the data and content they generate on a daily basis is a critical element for them. They need quick and easy access to this data and this is where Cloud Computing appears as a great facilitator, saving costs, time, and providing flexibility and scalability.

Being able to analyse an athlete’s performance in real time is the perfect example of how to take advantage of the potential of cloud services. A football team can for example analyse during a match millions of data related to the physical performance of the players, their position on the pitch and also the interactions of the fans on social media.

However, once the match is over, not as much data processing capacity is needed, so it is much better for the club to use a cloud service that pays only for the capacity it needs at any given moment than to buy a complex IT infrastructure on its own.

Cloud Computing and data analytics for all sports

On the other hand, knowing in real time data about an athlete’s physical performance can be the difference between winning and losing a match, and in this scenario the speed of access to data provided by Cloud Computing is critical.

In other sports it is common to have data on how fast an athlete is running, how hard a ball has been hit, how long a team has been defending or attacking, or how many watts of power a cyclist is generating in real time during a race.

In other words, all kinds of sports, including the not so mainstream ones, benefit from the data analysis capabilities derived from Cloud Computing.

Sports broadcasting taken to a new level

Cloud computing is also taking sports broadcasting to a new level, providing viewers with real-time statistics that make it much more interesting and contribute to more people being interested in watching.

Moreover, the current competition between the three big companies that dominate the cloud business (Amazon Web Services, Microsoft and Google) is also contributing to the development of new services dedicated to sport, as sport is a magnificent showcase for the services of the cloud giants.

One example of this is the stir caused in the cloud market when Major League Baseball, the American professional baseball league, decided to replace AWS in favour of Google as the league’s official statistics provider, which went on to promote Google’s Statcast service as a source of all kinds of data for fans, from how much spin a ball carries to the level of difficulty of the catch.

“The demand for cloud computing services from the sports industry is growing as it is able to generate more and more data”

Thus, major sports organisations around the world are signing agreements with leading cloud service providers, which also serve as a way for companies such as Microsoft to promote their products.

For example, Microsoft provides a service to the Seattle Seahawks football team whereby players use a Surface to chat during a game with fans who connect via Teams or has developed a Microsoft Azure-based platform for Real Madrid that allows the club to personalise its interactions with its fans.

Benefits of the Cloud also for individual and amateur athletes

It is not only sports organisations that can benefit from cloud computing, but also individual athletes.

Belgian footballer Kevin de Bruyne once became the highest paid player in the English Premier League because he used performance metrics from a Big Data programme to negotiate his contract renewal with Manchester City, proving his enormous influence on the team’s game.

Photo: Solen Feyissa / Unsplash
Photo: Solen Feyissa / Unsplash

Any amateur athlete can also use a wearable device to store their training data in the cloud to monitor their progress or next training steps.

Thus, the demand for cloud computing services from the sports industry is growing as it is able to generate more and more data.

Both individual athletes and sports organisations are aware of this and are increasingly relying on these services as an indispensable aid to achieve their goals, both sporting and financial.

Cyber Security Weekly Briefing, 6 – 10 June

Telefónica Tech    10 June, 2022

LockBit threatens Mandiant after linking them to Evil Corp

The LockBit 2.0 ransomware group announced on its dark web publishing page afternoon, 6 May, the alleged compromise of cybersecurity firm Mandiant and its intention to publish a total of 356,841 files allegedly stolen from the firm. The publication included a file called “mandiantyellowpress.com.7z”, which would be related to the domain registered that same day, mandiantyellowpress[.]com, which redirected at the time to ninjaflex[.]com.

The LockBit threats followed Mandiant’s publication of an article indicating that the Russian-based group Evil Corp had begun using LockBit ransomware in its targets to evade US sanctions.

Since the threat became known, Mandiant has always said that they had no evidence of any kind of intrusion, but indicated that they were monitoring the situation. According to Bleeping Computer, which has been able to analyse the data, it is now confirmed that there has been no compromise. What LockBit has published is a message in which they deny the accusations made by what they call “tabloids” (referring to Mandiant) about a possible relationship between LockBit and Evil Corp.

The group points out that the scripts and tools for attacks are publicly available and can be used by any user, so a similarity between the tools used by two groups does not mean that they can be linked to a single identity. They also include a final line in their message disassociating themselves from any kind of political ideology or special service of any country.

More info: https://www.bleepingcomputer.com/news/security/mandiant-no-evidence-we-were-hacked-by-lockbit-ransomware/

* * *

​​​​Symbiote: stealthy new malware targeting Linux systems

Researchers at BlackBerry and Intezer released information yesterday about a Linux malware they have named Symbiote. The malware, originally detected in attacks on the financial sector in Latin America in November 2021, is notable for its highly advanced capabilities in stealth and process hiding.

Symbiote achieves this, in part, by not consisting of an executable itself, but rather a shared object library that is loaded into all running processes via the LD_PRELOAD directive, providing the attacker with rootkit functions, password-stealing capabilities and remote access.

Loading itself into numerous processes, the malware can manipulate the responses of various tools and system functions, allowing users and researchers to see only a biased version of the results they are looking for.

Among other things, it uses the Berkeley Packet Filter function, observed in backdoors developed by the Equation Group (NSA), to hide malicious traffic and determine which packets are visible when an administrator tries to capture traffic.

More info: https://www.intezer.com/blog/research/new-linux-threat-symbiote/

* * *

​​​​Attacks on telecommunications companies and network service providers

The US agencies NSA, CISA and FBI issued a joint security advisory warning about the detection of attacks perpetrated by malicious actors against telecommunications companies and network service providers globally.

According to them, this campaign is carried out by exploiting existing vulnerabilities, mainly in network devices, pointing to a total of 16 security flaws in different brands.

The advisory also highlights that, by gaining an initial foothold in a telecommunications organisation or network service provider, these malicious actors can identify critical users and systems responsible for maintaining the security of a country’s critical infrastructure.

Regarding the attribution of these campaigns, no specific actor has been identified as the one carrying out these intrusions, indicating that the purpose of the alert is to urge all organisations to patch the list of vulnerabilities and apply the mitigation measures provided in order to prevent potential security incidents.

More info: https://www.cisa.gov/uscert/ncas/alerts/aa22-158a

* * *

​​​​​Long-running espionage campaign by actor Aoqin Dragon

SentinelLabs researchers have published research reporting the discovery of a state-linked APT called Aoqin Dragon, allegedly running undetected espionage campaigns for 10 years. This new actor is said to have been active against governmental organisations, educational organisations and telecommunications companies, all of them geographically located in Southeast Asia.

According to analysts, Aoqin Dragon has developed three major infection mechanisms among its TTPs: between 2012 and 2015 they used malspam campaigns with office document attachments that exploited vulnerabilities CVE-2012-0158 and CVE-2010-3333; between 2016 and 2017 their entry vector consisted of obfuscating malicious executables masquerading as fake antivirus icons; and since 2018, they use a removable disk shortcut file that when executed allows the injection of malicious code.

Aoqin Dragon is also notable for using two backdoors, Heyoka and Mongall, to exfiltrate information and allow communication with its victims’ networks.

More info: https://www.sentinelone.com/labs/aoqin-dragon-newly-discovered-chinese-linked-apt-has-been-quietly-spying-on-organizations-for-10-years/

* * *

Updates, PoCs and active exploitation of 0-day vulnerability at Atlassian

After Atlassian issued a security alert concerning the 0-day vulnerability CVE-2022-26134 in its Confluence Server and Data Center products last week, the company issued an update on Friday afternoon to fix the flaw in the event of a proliferation of exploit attempts.

Atlassian has urged customers to upgrade to versions 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4, and 7.18.1 of its products as soon as possible, and has also released temporary mitigation measures for those unable to upgrade their software immediately. Several easy-to-implement exploits showing how to exploit the vulnerability to create new administrator accounts, force DNS requests, collect information, and create reverse shells were made public on Friday, and several attempts at exploitation have since been detected, as reported by researchers at Grey Noise.

More info: https://www.bleepingcomputer.com/news/security/exploit-released-for-atlassian-confluence-rce-bug-patch-now/

Architecture, digitalisation, and sustainability as pillars of the transformation of football stadiums

Raúl Matarranz Villagordo    8 June, 2022

What do I do with 30 million euros? This is the recurring question facing first and second division football clubs.

Seventy percent of the money that the clubs receive from the CVC funds will have to be invested in improving their infrastructures.

There are many possibilities and scenarios and quite a few clubs already had in their roadmap certain actions to develop. Remodelling the stadium, enlarging its capacity, covering the stands, improving facilities, creating new sports cities, digitalising processes and facilities, metaverses, digital twins, new user experience, multifunctional stadiums beyond match day…

Telefónica Tech’s experience: Civitas Metropolitano, Nuevo Santiago Bernabéu, Espai Barsa …

Civitas Metropolitano (antes Wanda), Nuevo Santiago Bernabéu and Espai Barsa are some of the projects in which Telefónica Tech has participated as the main partner for their digital transformation.

However, Telefónica Tech goes one step further by offering a comprehensive project for the transformation of stadiums and associated infrastructures.

To do so, we rely on 3 pillars:

ARQUITECHTURE            +             DIGITALISATION             +             SUSTAINABILITY

Our experience has taught us that the joint conceptualisation of the architectural and digitalisation project represents a cost saving and efficiency improvement of 20% in implementation costs. The objective is to prevent the architecture from being a watertight project on which to implement the digitalisation elements a posteriori.

The effects and interferences of technological infrastructures on the architectural project and the physical space are significant:

  • A change in the configuration of the stadium structure implies a resizing and possible relocation of the luminaires for a correct illumination of the field.
  • Architectural changes in the way the stadium is accessed mean rethinking and adapting the security, control and access systems.
  • An increase in capacity will inevitably lead to a resizing of the communications network (LAN, WIFI, 4G, 5G) to support the demand needs in terms of latency, bandwidth and simultaneity.
  • A new roof or stands will make it necessary to adapt the video scoreboards for proper viewing from all angles of the pitch.
  • The emergence of new spaces such as VIP areas, experiential boxes, shops, restaurants and museum areas will require the implementation of functional digitisation elements to enable a renewed ultimate experience.

Combining architecture and digitalisation in a single transformation Project

Approximately 80% of the overall budget that clubs will invest in the refurbishment and modernisation of stadiums will be spent on purely architectural actions, while the rest will be spent on digitalisation. Combining both in a single transformation project is vital to achieve excellence.

To make all this possible, Telefónica Tech works with Morph Estudio from the start and conceptualisation of the projects, which, with César Frías at the helm and a team of more than 150 architecture, interior design and engineering professionals, responds to the needs of adaptation, refurbishment, expansion or new construction of the stadiums.

César Frías: “We try to fill our projects with an idea that gives them an identity, that stems from the uniqueness of the environment and the club, in order to connect with the city and its fans. No two clubs, no two locations are the same, so each stadium we design must be unique, iconic, local, recognisable…”

Digital transformation, a sustainability driver

However, the fusion of architecture and digitalisation must integrate a final pillar that has to do with the social responsibility inherent in high-impact infrastructure transformation projects in urban environments such as football stadiums. This last pillar is that of sustainability:

  • Reuse of rainwater for grass irrigation;
  • photovoltaic solar panels for renewable energy generation;
  • energy community concept;
  • monitoring of consumption through sensors (metering);
  • improvement of air quality;
  • reduction of the stadium’s energy demand through passive measures (improvement of the envelope, breaking of thermal bridges…);
  • reduction of CO2 emissions;
  • improvement of the efficiency of HVAC equipment;
  • sustainable landscaping;
  • sustainable mobility like electric vehicle, scooter and bicycle charging points, etc.

“Technology and sustainability are two sides of the same coin, without monitoring, we cannot evaluate consumption, nor can we act to achieve improvements or synergies. BIM technology enables us to unite the material world with the virtual world and both with the world of data”

César Frías, Morph Studio

A data-driven solution for football clubs

As a support base for these three pillars of transformation we have the DATA layer. Static data on the stadium and other associated infrastructures; dynamic data on use, occupancy, attendance, heat maps, origin, socio-demographic profiling; business and exploitation data; data oriented to elite sport and also data focused on the fan.

Powerbim Digital Twin Platform Estdio BIM6D - Telefónica Tech
Powerbim Digital Twin Platform Estdio BIM6D – Telefónica Tech

Technological levers such as connectivity, cybersecurity, cloud, AI & analytics, IoT & Big Data, Blockchain or RPA, will be the basis on which to build a Data Driven proposal that generates relevant information for clubs.

All this will allow us to monitor in real time what happens in the stadium and consequently generate a digital twin of exploitation and business with the most relevant KPIs for the club.

AI of Things (VI): Generative Artificial Intelligence, creating music to the rhythm of perceptron

Guillermo Caminero Fernández    7 June, 2022

In recent years, the number of AI (Artificial Intelligence) models that are used to generate synthetic information has exploded. One of the most famous, and one that has been with us since 2014, is GANs (generative adversarial networks). These neural networks have been used to generate images of all kinds and can be used for creative purposes such as creating works of art; or not so ethical purposes such as, for example, creating synthetic faces in order to create fake profiles on social networks.

AI models are also capable of ‘creating’ text. While it is true that text generation by AI has existed for a long time using memory networks such as LSTMs (Long short-term memory), it was not until the last few years (specifically in 2017) with the appearance of Transformers that texts were really generated with the quality and coherence that could have been written by a human.

Thanks to these state-of-the-art neural networks, words can be autocompleted, sentences can be finished or even novels (of dubious quality) can be written. The following website uses a transformer to complete a sentence

We have already mentioned that a computer today can create an image or a text with high quality. We could be satisfied with creating a digital painting, or writing a novel with a computer, but why not go further and create other types of data? In this blog, we will go into detail and talk about how an AI can create audio and music in particular.

The mathematics of music

An image for a computer is nothing more than a set of pixels arranged with certain intensities. Like images, a text for a computer is a set of letters arranged in a certain order, so the algorithm only has to find the correct order and value.

Pixels are the basis of images and letters are the basis of texts. So what can we use to create music? For this we will briefly talk about how a loudspeaker or a headphone works. These devices convert an electrical impulse into movement, this movement generates waves that compress the air generating longitudinal waves. These waves that are transmitted through the air are what we know as sounds and as a wave we can act on certain variables such as duration, intensity (amplitude), tone (frequency) and phase.

Depending on the frequency we will hear one sound or another, for example, a scale of musical notes can be represented as a sinusoidal signal with a certain frequency. We can see an example of the waveform of these notes in the image below.

Code to create the scale in image and sound with Python using the PyAudio library: gist scale
Code to create the scale in image and sound with Python using the PyAudio library: gist scale

We can play scores for a single instrument or channel with these basic notes, but if we want more complex sounds, we can make combinations of these notes or chords. For example, to play the chord corresponding to the notes do, mi, sol, we make a harmonic composition of the sines corresponding to these notes and add them in phase. The resulting waveform is the one shown in the following image.

Code to create the chord in image and sound with Pytho: gist chord
Code to create the chord in image and sound with Pytho: gist chord

Mathematics is very present in music and this application of mathematics in music has been studied a lot in order to know which frequencies sound “good” (consonance) and which sound “bad” (dissonance) together. For the analysis of these signals, and of music in general, there is a lot of information on the internet.

The following video will give you a clearer understanding of sounds, scales and how to generate different sounds with different waves.

Generating music with Artificial Intelligence

We are already seeing the complexity of creating a sound and we only have 2 seconds of audio, to get a complete song we need a huge composition of such sounds of different lengths and different pitches.

We might start thinking about a reinforcement learning algorithm for this task so that it would start offering random pitches and lengths while a user would choose the ones he likes and the ones he doesn’t like. Another alternative could be, for example, the use of genetic algorithms. In this case, different melodies are offered, the user selects the ones he/she likes and with these the new generation originates.

The above-mentioned options are processes that could take days, months or years to get something we like. In order to make this task fast and efficient, supervised algorithms combined with the use of knowledge transfer are used. Starting from music that has already been created and is to our liking, we can create new music that resembles the previous one.

There are different types of methods for this kind of music generation. The best known are the GAN’s (mentioned above) and the VAE’s (Variational Autoencoder).

  • GANs are trained as a competitive environment where there is a generator and a discriminator where each competes to beat the other. The generator generates music from random noise (fake music) and the discriminator is trained with real music and the generator’s fake music. When this discriminator is not able to differentiate between the real music and the music generated by the generator, it means that we have an “almost” real music generator. At first the generator creates completely random music, but with training it becomes more and more similar to the real music samples provided.
  • VAE has a latent space reduction and reconstruction structure. This type of music generation is widely used and is what OpenAI’s company OpenAI uses in its latest advance in the creation of Jukebox music. In addition, it makes use of the latest neural network technology such as Transformers (already mentioned) to achieve near-real music qualities. We can find a wide range of examples of songs created with this technology on the website https://jukebox.openai.com/.

These neural networks are very computationally expensive and difficult to train without good hardware such as a GPU or TPU. OpenAI provides sample code for generating music using this model on Google Colab. Thanks to the resources provided by Google for free, we can train a model to create a few seconds of a song in the style of our favourite singer and with the lyrics of the song of our choice. 

There are other libraries or projects with the aim of creating music, such as Google Magenta, where we can find many examples of music creation in a multitude of ways, such as the aforementioned GAN, VAE, etc.

Now, if we are able to generate music that resembles that of certain artists with their rhythms, bases and even with an audio that could represent them, how far can AI go? Is it ethically correct to use the creations of these artists to create new ones? Do the rights of the music created deserve the rights of the original artist? Many questions arise that are likely to generate discussion and not all of us will have the same opinion.

If you want to know more applications of the fusion of the Internet of Things and Artificial Intelligence, known to us as AIoThings, you can read other articles in the series:

AI of Things(I): Multiplying the value of connected things
AI of Things (II): Water, a sea of data
AI of Things (III): IoT anomalies, how a few wrong pieces of information can cost us dearly
AI of Things (IV): You can already maximise the impact of your campaigns in the physical space
AI of Things (V): Recommendation and optimisation of advertising content on smart displays

World Environment Day: Green digital transformation as a lever for change

Nacho Palou    5 June, 2022

The UN has been celebrating World Environment Day on 5 June every year for 50 years. It is an initiative that seeks to raise awareness among the world’s population of the need to respect, care and protect nature.

For this year’s edition, the United Nations Environment Programme (UNEP) has revived the slogan “One Earth”. It is the same slogan it used for the first edition, in 1972, and it is a message that in 2022 is more powerful than ever: it invites us to live sustainably and reminds us that this planet is our only home and that we are responsible for safeguarding its resources.

In this context, the technologies that underpin the digital transformation of companies —connectivity, the Internet of Things (IoT), Big Data and Artificial Intelligence, etc.— have proven their potential as a lever for change and their ability to resolve many of the environmental challenges we face.

Among other examples,

  • They allow us to improve the efficiency and sustainability of production processes, reduce energy and water consumption and reduce emissions of polluting and greenhouse gases, such as CO2.
  • They help us to improve the management of natural resources and waste, to optimise transport logistics and mobility, to promote renewable energies and to encourage teleworking and the circular economy.

However, these same challenges also force us to analyse the environmental impact of adopting these technologies in our businesses and processes, and to identify possible improvements to achieve a green digital transformation with a genuine positive impact on our environment and society.

Technologies such as 5G, Internet of Things (IoT), Big Data and Artificial Intelligence or Blockchain, among others, can help reduce CO2 emissions by 15% by 2030.

Source: European Commission,

Sustainable technologies for (real) green digitalisation

With the aim of developing technologies that promote green digitisation, most of the technological solutions offered by Telefónica Tech for the digital transformation of companies generate direct, significant and measurable environmental benefits for our customers or for the customer’s users.

These products are identified by the Eco Smart seal, certified by AENOR, an independent entity. This is a distinctive sign that visually shows, with an icon and a colour code, whether the product or service is associated with:

  • Energy savings​
  • Water consumption reduction​
  • CO2 ​emission reduction
  • Circular economy promotion

Therefore, customers of Telefónica Tech products and services with the Eco Smart seal generate significant environmental benefits in their production process or daily activity, and also obtain a financial return from the digital transformation by developing their business in a more efficient and sustainable way.

How Eco Smart solutions help the environment

Eco Smart services are already being used by companies of different sizes in key sectors – such as tourism, industry, logistics and distribution, retail and banking – to reduce resource consumption and CO2 emissions.

Here are some examples of technological solutions that bring direct, significant and quantifiable environmental benefits:

  • Smart corporate spaces and workplace and teleworking solutions for companies and public administrations that reduce commuting: workplace digitalisation avoids millions of tonnes of CO2 emissions.
  • The sensorisation of a building with IoT devices that take into account the context and the environment (occupancy of people, weather conditions, date and time…) to reduce lighting and air conditioning consumption.
  • Smart and connected meters, reduces leakage and water losses in the public network, in irrigation communities or in households.
  • A medical remote care service that saves patients from having to travel to the medical centre. It saves fuel (energy) and reduces pollutant and greenhouse emissions.
  • Monitoring and predictive maintenance, in order to know the state of equipment at all times, makes it possible to anticipate incidents and predict machinery repairs, extending its useful life and contributing to the circular economy.

Our customers avoided more than 8.7 million tonnes of CO₂ with Eco Smart solutions last year

Solutions for aligning financial, social and environmental sustainability

It is essential for companies and public administrations to opt for digital transformation solutions that have a certified environmental benefit, such as the Eco Smart label, to ensure their financial resilience and sustainability and to reduce their environmental impact.

It is also to set an example by achieving your ESG goals such as decarbonisation, emission reductions or meeting the United Nations Sustainable Development Goals (SDGs) agreed for your sector.

Our Eco Smart solutions saved our customers 8.7 million tonnes of CO2 emissions in 2021, equivalent to planting 158 million trees. Our goal is to avoid 12 million tonnes of CO₂ emissions by 2025.

One thing that remains unchanged is our purpose: that the Eco Smart technologies that underpin the digital transformation bring our customers an economic benefit that is aligned with social and environmental sustainability.

Featured impage: Photo: Mert Guller / Unsplash

Cyber Security Weekly Briefing, 28 May – 3 June

Telefónica Tech    3 June, 2022

Rapid evolution of the EnemyBot botnet

Since its discovery last March by Securonix researchers, the botnet known as EnemyBot, focused on carrying out DDoS attacks, has continued to expand, thanks in particular to the addition of exploits for recent critical vulnerabilities in web servers, content management systems, IoT devices and Android devices.

Back in April, samples analysed by Fortinet showed the integration of the exploitation of more than 12 vulnerabilities to exploit flaws in processor architecture. Now, a new report from AT&T Labs reports the detection of a new variant in which exploits have been added for 24 vulnerabilities, most of them critical and some of which do not even have a CVE assigned to them.

Among the flaws, it is worth highlighting the addition of exploits for recent important flaws such as those known in VMWare May (CVE-2022-22954), Spring (CVE-2022-22947) or BIG-IP (CVE-2022-1388). This threat has been attributed to the Keksec group, which has specialised in building botnets since 2016.

In addition, the malware code has been published in a GitHub repository [6], making it accessible to other threat actors. Thanks to its publication, it has been confirmed that it is a threat built from the code of multiple botnets (Mirai, Qbot or Zbot), which makes it a more powerful and adjustable threat.

The rapid evolution of EnemyBot makes it necessary to closely assess the progress of other projects from this group, such as Tsunami, Gafgyt, DarkHTTP, DarkIRC and Necro.

More info: https://cybersecurity.att.com/blogs/labs-research/rapidly-evolving-iot-malware-enemybot-now-targeting-content-management-system-servers

* * *

​​Mozilla fixes vulnerabilities in its products

Mozilla has released a new security update to fix several vulnerabilities affecting its Thunderbird email client and Firefox and Firefox ESR browsers.

None of the fixed bugs have been identified as critical, but several vulnerabilities classified as highly critical have been fixed. It should be noted that the exploitation of these flaws by a remote threat agent could lead to the following impacts: remote code execution, evasion of security restrictions, disclosure of sensitive information, spoofing, denial of service and data manipulation.

Mozilla recommends upgrading to the following versions of its Firefox 101, Firefox ESR 91.10 and Thunderbird 91.10 products to mitigate the vulnerabilities.

More info: https://www.mozilla.org/en-US/security/advisories/

* * *

​​Killnet threatens Italian entities again

Italy’s CSIRT has issued an alert warning that there is a risk of imminent attacks against national public entities, private entities providing a public utility service or private entities identified with Italy. This warning comes after the hacktivist group Killnet issued a statement on its Telegram channel inciting massive and unprecedented attacks against Italy.

This is not the first time that the group has shown interest in this country, having already carried out denial-of-service attacks against it last May. Killnet announced on 24 May that it was launching operation Panopticon, calling on users to become part of the group and providing them with tools to carry out the attacks.

The name of the operation, as they have indicated, refers to a type of construction designed so that the whole of a structure can be observed from the inside and from a single point. In relation to the name used, Bleeping Computer suggests that it is possible that DDoS is the main target but that Killnet may want to focus efforts on mitigating this type of attack rather than remediating other types of cyber-attacks, perhaps hinting at some kind of information leakage with the name used.

Finally, yesterday Italian media reported that several services such as the Italian state police and the Ministries of Foreign Affairs and Defence had their services interrupted, although the group has not claimed responsibility for such events so far.

More info: https://www.bleepingcomputer.com/news/security/italy-warns-organizations-to-brace-for-incoming-ddos-attacks/

* * *

​​Actively exploited 0-day in Confluence

Atlassian has issued a security advisory to warn of the active exploitation of a 0-day vulnerability in Confluence for which no patches are yet available. This vulnerability, listed as CVE-2022-26134 and with a critical risk, allows remote unauthenticated code execution in Confluence Server and Confluence Data Center (pending confirmation if in all versions, but most likely so).

Exploitation of this vulnerability was detected by the Volexity team during the investigation of a security incident last weekend where they observed that, after initial access through exploitation of this 0-day, the attackers deployed an in-memory copy of BEHINDER, an open-source web server that provides the attacker with capabilities such as in-memory webshells and built-in support for interaction with Meterpreter and Cobalt Strike.

Once BEHINDER was deployed, the attackers used the in-memory webshell to deploy two additional webshells to disk: CHINA CHOPPER and another custom file upload shell. Atlassian recommends that customers restrict Internet access to the affected product instances and disable the instances in both Confluence Server and Data Center. Atlassian also said that customers using Confluence hosted in the Atlassian Cloud would not be affected. 

More info: https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html

AI of Things for smart and sustainable water management

Nacho Palou    2 June, 2022

The European Drought Observatory (EDO) monitors, analyses, forecasts and measures the impact of droughts and their consequences on the economy, agriculture and other areas.

In its latest report EDO highlights a “severe deficit” in precipitation in such important basins as the Po and Danube rivers since the end of last year. It also points to the snow deficit in the Alps region (61% less than the 2009-2021 average) which anticipates a lower amount of melt water in the coming months.

EDO’s April report for southern Europe (including countries such as Spain, Portugal, France and Italy, among others) warns of drier than usual conditions, and warns of severe droughts in several regions of Europe.

EDO alerts for unusually dry (red) and unusually wet (purple) conditions for the next three months from May 2022. Source: EDO

Technology for the digital transformation of water utilities

Water is a natural resource that is as valuable as it is scarce and requires smart management of its integral cycle through the digital transformation of water management companies.

Telefónica Tech’s Smart Water solution applies technology to give water management companies greater control of water use, distribution and recovery in order to:

  • Improve supply management to minimise leakage and adapt infrastructure investment plans.
  • Guarantee the correct recovery, treatment and use of the used water.
  • Raise awareness and empower consumers by giving them greater control and information on what their water consumption is and how to reduce it.

All this is possible thanks to the intelligent sensorisation of water distribution networks. Telefónica Tech works with specialised partners such as Contazara and Idrica to implement IoT and data analytics technologies with Big Data and Artificial Intelligence aimed at the integrated management of the water cycle.

In this way, management companies have much more metrological information and in-depth knowledge of what is happening in their network, from monitoring water quality at different points in the network to receiving detailed data on the volumes distributed or variations in flow rates.

Advantages of more efficient water management

For instance, detecting anomalies with respect to average measurements or differences between volumes distributed and volumes consumed makes it possible to identify fraudulent consumption, leaks or water losses at the time they occur, both in the network and at the household level.

Digitalisation of the complete water cycle saves millions of m3 of water each year and reduces operation and maintenance costs by 20% and maintenance costs by 20%, according to Idrica.

Data from the sensorisation of water infrastructures also allows water managers to improve their processes —such as prioritising interventions according to the criticality of the detected incident— and to make an accurate prediction of demand to meet consumption.

Making strategic decisions based on data even makes it possible to accurately anticipate seasonal or one-off demands, such as the influx of tourists or the holding of large events, for example.

This leads to more efficient water management and savings in operating and energy costs. At the same time, the environment is protected and an adequate supply of water in terms of both quantity and quality is guaranteed.

How Smart Water’s solution helps Canal de Isabel II improve its water distribution service

Canal de Isabel II (CYII) manages more than a dozen reservoirs in six river basins to supply water to more than 6 million people. CYII is using Telefónica Tech AI of Things products and services to address its digital transformation, with the objectives of:

  • optimise its sourcing processes and operations,
  • provide a better service to its customers,
  • protect this resource from inefficient consumption.

In this case, as part of the Smart Water solution, Telefónica Tech, together with Contazara, is working on the deployment of smart meters that allow remote reading of water meters.

Thanks to these connected IoT meters, the company receives a reading of consumption every hour or according to the customer’s needs, instead of working with estimated consumption or with readings taken by hand every two months.

Benefits of the Smart Water solution for consumers

This amount of data provides Canal de Isabel II with greater knowledge of what is happening in its network, and of the consumption habits of its customers. For the consumer, this has benefits such as, for instance:

  • know their consumption and compare it between periods and with the average consumption of households with a similar profile.
  • pay for actual consumption and not estimates, which reduces complaints and billing incidents.
  • receive personalised savings plans and recommendations to reduce water consumption, and therefore the amount of the bill.
  • detect anomalous consumption (by default or excess), for example in second homes or in the homes of dependent persons.

Remote reading of water meters has an additional environmental benefit by reducing fuel consumption and pollutant emissions from travelling to check, maintain and read meters.

Technology is key to smart and sustainable water management

However, remote meter reading is only one part of Telefónica Tech’s Smart Water solution that allows water managers to undertake a complete digital transformation of the entire water cycle. This allows them to address the smart management of a resource that is so sensitive to climate change, weather variations and increased demand.

Today more than ever, it is not only the health and well-being of consumers that depend on the proper and sustainable management of the complete water cycle – from its collection, treatment and distribution to its recovery, purification and reuse or return to watercourses. The economy and sectors such as industry, livestock, agriculture, tourism… and, of course, the environment, also depend on it.

AI of Things (II): Water, a sea of data

Differences between encryption, hashing, encoding and obfuscation

Cristina del Carmen Arroyo Siruela    1 June, 2022

There is currently a lot of confusion about the terms encryption, encoding, cryptography, hashing and obfuscation techniques. These terms are related to computer security, specifically to the confidentiality and integrity of data or information, except in the case of encryption and obfuscation.

Given the high importance of data and information, which are considered key elements in information systems, it is useful to know which mechanisms are available to protect them and in which cases one or the other should be used.

Cryptography, a methodology for information systems security

Cryptography is part of the field of cryptology, a science that is composed of fields such as cryptanalysis and steganography. Cryptography focuses on the study of the methods used to ensure that a message or information cannot be read by an unauthorised third party, i.e., to guarantee the confidentiality of information.

It is also used to prevent unauthorised access to and use of network resources, information systems, etc.

Cryptography is a methodology whose objective is to provide security in information systems and telematic networks, including among many of its functions the identification of entities, authentication and access control mechanisms to resources, the confidentiality and integrity of transmitted messages and their non-repudiation.

Message encryption

Encryption is a process of transforming data into a format different from the original. It is done using a public method, available to anyone and in most cases using a widely used standard format.

An example is the American Standard Code for Information Interchange, known as ASCII. In this standard, alphabetic characters and special characters are converted into numbers. These numbers are known as the “code”.

Encryption is not used for security purposes, as it only transforms the presentation of data from one format to another, without using any key in the process, and using the same method or algorithm to encrypt and decrypt the data or information.

This process was born in response to the need to transmit information over the Internet using standards that would allow the interpretation of the data or information by different environments, programmes and other elements.

Examples of encryption are the use of ASCII, UNICODE, MORSE, Base64 and URLEncoding tables.

Using mathematical functions; hashing

The hash function is the cryptographic process by which a unique string of characters is obtained through a mathematical function. This mathematical function or hash is at the core of the algorithm, which is capable of transforming any arbitrary block of data into a character string with a fixed length.

The length of the resulting string will always be the same size, regardless of the length of the input data, as long as the same hash algorithm is used. Examples of hash functions are MD5, SHA1, SHA-256, etc.

In the following image you can understand how, depending on the input, and according to the hash algorithm applied (in this example SHA1), the digest or output will be in one way or another.

If, for example, we were to use SHA-256, in all the above cases, the output would be of a fixed length, in any case, and independently of the length of the input, of 256 bits and 64 characters, although the digests would be totally different.

To consider that a hash function is secure, it must meet these 3 properties:

  • Collision resistance: It must be unfeasible for any two different inputs to produce the same hash as output.
  • Pre-image resistance: Must meet the improbability or very low probability of “reversing” the hash function (finding the input from a given output).
  • Resistance to second pre-image: Unfeasible to find a collision, i.e., the same hash cannot exist for different inputs.

Hash functions can be used in multiple use cases, some examples include the following:

  • Specific searches for information in large databases.
  • Analysis of large files and data management.
  • In message authentication, digital signatures and SSL/TLS certificates.
  • Generation of new Bitcoin addresses and keys in the mining process.

What is data encryption?

Data encryption is the process of converting text or data in readable form into unreadable text or data, known as encrypted output.

Encryption is based on the application of an algorithm using a key or master key that allows the transformation of the structure and composition of the information to be protected, in such a way that, if this information is intercepted by a third party, it cannot be interpreted or understood, i.e., it is unreadable.

Lock in a door
Photo: Maxim Zhgulev / Unsplash

When data has been encrypted, only those who have the key that allows decryption will be able to carry out that action, allowing access to the data in a readable format.

Therefore, this mechanism has a focus primarily on protecting confidentiality.

The use of complex cryptographic keys makes such encryption more secure, making it more difficult for cyber-attacks, brute-force or otherwise, to be carried out on them.

The 2 most common encryption methods are symmetric encryption and asymmetric encryption. The names refer to whether or not the same key is used for encryption and decryption:

  • Symmetric encryption keys: Also known as single key encryption. Its main characteristic is the use of the same key for both encryption and decryption, making this process more convenient for users and closed systems.

On the other hand, the key must be available to all interested parties and distributed through secure mechanisms. This increases the risk that it could be compromised if intercepted by a third party such as a cybercriminal, unless it is encrypted with an asymmetric key, which is the usual practice. This method is faster than the asymmetric method.

  • Asymmetric encryption keys: in this type of encryption, 2 different keys (public and private) mathematically linked together are used. The keys are basically large numbers linked together, but they are not identical, hence the term “asymmetric”.

The owner keeps the private key secret, while the public key is shared among authorised recipients or made available to the general public. The encryption process is therefore carried out with the public key, and the decryption process with the recipient’s private key.

Encryption is used in many cases, some of which include the following:

  • Encryption of voice communications.
  • Encryption of banking and credit card data.
  • Database encryption.
  • Digital signatures, for verification of the authenticity of the origin of the information.

Obfuscation

The purpose of obfuscation is to make something more difficult to understand, usually for the purpose of making it more difficult to attack or copy.

Photo: Markus Spiske / Unsplash

This mechanism is commonly used to obfuscate the source code of an application in order to make it more difficult to replicate a given product or function. This mechanism is not a strong security control, but it is a hindrance to making something more unreadable, helping to make reverse engineering more difficult.

It is often reversible, like encryption, using the same technique that was used in obfuscation. Other times it is simply a manual process that takes some time.

Some applications that help with this process, although it is always recommended to do it manually, are JavaScript Obfuscator, and ProGuard.

Featured image: Pexels / ThisIsEngineering.

Cyber Security Weekly Briefing, 21–27 May

Telefónica Tech    27 May, 2022

​​Unpatched vulnerability in PayPal

Security researcher H4x0r-DZ has disclosed an unpatched vulnerability in PayPal’s money transfer service that could allow attackers to trick victims into stealing money by completing targeted transactions through clickjacking attacks.

This technique allows an attacker to trick a user into clicking on seemingly harmless elements of a web page for fraudulent purposes: downloading malware, redirecting them to malicious websites, or revealing sensitive information.

The researcher discovered that a paypal[.]com/agreements/approve endpoint, designed for billing agreements, and which should only allow tokens of the type billingAgreementToken, actually allowed another type of token to be received.

This would allow an attacker to include a specific iframe, which causes a victim logged into the website to transfer their funds to a PayPal account controlled by the attacker simply by clicking a button.

The researcher has decided to publish the proof of concept, after reporting the flaw to the company last October 2021 without having received any compensation or fix for this flaw from PayPal.

More info: https://medium.com/@h4x0r_dz/vulnerability-in-paypal-worth-200000-bounty-attacker-can-steal-your-balance-by-one-click-2b358c1607cc

* * *

Predator spyware distributed through 0-days exploitation

Researchers from Google’s Threat Analysis Group (TAG) have revealed details on the use of new 0-days in Chrome and Android for the distribution of spyware known as Predator, a commercial cyber-espionage tool developed by Cytrox. The researchers report three separate campaigns.

The first campaign was detected in August 2021 and exploited a vulnerability in Chrome to redirect to SBrowser (CVE-2021-38000 CVSSv3 6.1). The second campaign started in September 2021 and exploited several vulnerabilities in Chrome to escape the browser sandbox (CVE-2021-37973 CVSSv3 9.8 and CVE-2021-37976 CVSSv3 6.5). Lastly, the third campaign dates from October 2021 and involves the use of 0-days in Chrome and Android (CVE-2021-38003 CVSSv3 8.8 and CVE-2021-1048 CVSSv3 7.8).

Despite exploiting different 0-days, the base of the campaigns was the same. The attackers distributed “one-time link” links (valid only once and expiring after 24 hours) by spoofing URL shortening services to Android users via email, from which they distributed the exploits.

The aim of the campaigns was to distribute the Android malware called ALIEN, which subsequently downloaded the Predator spyware. Regarding the attribution of the campaigns, the researchers suggest that the actors behind the campaigns are backed up by governments, and they particularly point to at least those of Egypt, Armenia, Greece, Madagascar, Côte d’Ivoire, Serbia, Spain and Indonesia. Their conclusions are in line with investigations carried out by CitizenLab in December 2021.

More info: https://blog.google/threat-analysis-group/protecting-android-users-from-0-day-attacks/

* * *

​​​​​​​​Distribution of Cobalt Strike via fake PoCs

Cyble security researchers have discovered that threat actors have reportedly used fake proof-of-concepts for two recent Windows vulnerabilities to infect their victims with Cobalt Strike. The attackers posted malicious PoCs on GitHub for the remote code execution vulnerabilities CVE-2022-24500 and CVE-2022-26809, both of which were fixed by Microsoft last April.

The two repositories belonged to the same GitHub user, named “rkxxz”, whose account and repositories have now been removed. The target of this type of practice, which is becoming increasingly common, tends to be individuals involved in information security.

According to Cyble’s analysis, the malware used in this campaign is a .NET application that displays a fake message about the attempted exploitation of the vulnerability and then executes PowerShell commands to download the Cobalt Strike beacon.

More info:  https://blog.cyble.com/2022/05/20/malware-campaign-targets-infosec-community-threat-actor-uses-fake-proof-of-concept-to-deliver-cobalt-strike-beacon/

* * *

​​​​0-day vulnerability in Tails

Tails has issued a security advisory warning that a vulnerability has been found in its Tails 5.0 version which could affect users who use the Linux distribution to access the Tor browser.

For this reason, they recommend not to use Tor until May 31st, when the update to version 5.1 will be released. This bug is related to the security advisory issued by Mozilla, which fixed two critical vulnerabilities affecting its Thunderbird email manager and Firefox browser. These flaws were classified with the identifiers CVE-2022-1529 and CVE-2022-1802 and were related to a bug in the JavaScript engine, which is also used by Tor.

Tails states that, if exploited, it could allow an attacker to obtain confidential information such as passwords, private messages, among others, although the encryption of connections used by Tor to maintain user anonymity would not have been affected.

Tails recommends rebooting the system and claims that Mozilla has detected activity related to the exploitation of these flaws.

More info: https://tails.boum.org/security/prototype_pollution/index.en.html