Advanced Factories or how to drive the factory to a new productive dimension

Juan Manuel Ferrer    5 April, 2022

Many new friends and old friends. Last week we had the opportunity to share time, experiences, opportunities and business with colleagues, customers and suppliers. The Advanced Factories fair has quickly become a key event for the digital development of the industrial productive network in Spain. This is something we need. We are far from the weight that industry should have for our economy in Spain, but I am positive, I feel movement, joy in collaborating, a rush to grow and a political and financial commitment to the sector too.

The concept that gives the fair its name, Advance Factories, is very interesting despite not being very well known. There are many others that basically define the same thing: smart factory, digital factory or smart industry.

So, what is a smart factory?

A smart factory is completely paperless. Human operators interact exclusively with machines and software while machines communicate only with other machines. Information flows seamlessly from the sensor to the cloud ensuring fast, available and reliable communications among all the equipment that make up the production ecosystem. It also has great wireless communication capabilities incorporating next generation 5G or LTE networks that connect sensors or smart objects from remote or moving locations.

A smart factory generates robotic orders that link processes together, speeding up the manual administration of incidents or work orders. It stores and governs information enabling the creation of a data-driven company culture by making it accessible and empowering every employee to improve their processes based on the application of advanced analytics, artificial intelligence or machine learning algorithms. 

In short, a smart factory is the digital twin where the real state of production and business lies and where any initiative and use case for the development of Industry 4.0 rests.

Telefónica Tech is working to unite people and machines in a hyper-connected, collaborative, secure and efficient industrial environment where the real value is extracted from the intelligent analysis of data. This is our goal, and we will do our best to achieve it.

Leave a Comment on Advanced Factories or how to drive the factory to a new productive dimension
Juan Manuel Ferrer
Juan Manuel Ferrer

Juan Manuel Ferrer is an industrial engineer from the University of Seville and a specialist in business management and administration from the Polytechnic University of Madrid. He has developed his entire professional career in industrial multinationals such as SIEMENS, ROCKWELL AUTOMATION, GENERAL ELECTRIC and SMC. He is also a professor of the Industry 4.0 module within the Master in Instrumentation and Control ISA/REPSOL, as well as a professor and regular speaker on this speciality in postgraduate and specialisation courses. He is a member of the executive committee of the International Society of Automation (ISA) in Spain, previously serving as its president. He currently works as a Technology Specialist in Industry 4.0 | IOT | Big Data at Telefónica Tech.

How can IoT help with elderly care?

Miguel Maroto    4 April, 2022

In this second article I want to share another life experience where the technology in which I am an expert helps both to care for and make life easier for people I love.

Thankfully, I have two grandparents still alive and, as life inexorably passes, the risk of something bad happening to them, such as heart problems, falling, etc. increases. That’s why I turned to IoT solutions to help minimise that risk as much as possible.

The aim of this article is to give an insight into the market that is opening up in the IoT world for this business opportunity.

What is the potential market like?

First of all, we must take into account that the potential market for this type of solutions, people over 60 years of age, is growing year after year. On the one hand, the world population grew from 6.5 billion in 2005 to 7.71 billion in 2019 and, in addition, according to Eurostat, the percentage of people over 60 has also increased from 10.3% in 2005 to 13.2% in 2019, growing in all regions except Africa.

This trend is set to increase as projections predict population growth, for example in Europe, where Eurostat 1 projects a 43% increase in the number of people over 65 in 2050 compared to 2020.

Another aspect to take into account is that the adoption of the internet by this sector of the population is increasing. We can see for example that internet use by Americans aged 65+ has increased from 14% in 2000 to 73% in 2019 and in 2016, 45% of adults aged 65+ used the internet at least once a week in the EU vs. 82% of the EU population aged 25-64 2

The demographic change we have seen above, where the percentage of older people is increasing, has shown that the ageing population will need more dedicated care than babies and young children in the coming decades. The needs of the elderly have remained the same throughout history, however, it is the delivery of care that will change in the future.

We can identify different kinds of needs that this type of population has, which we can divide into the following:

  • Physical
  • Intellectual
  • Emotional
  • Social

Within the physical needs we can identify the following examples, depending on their level of ability:

  • Assistance with nutrition due to their lack of autonomy in cooking
  • Assistance with medical care and safety both inside and outside their home

Within the intellectual needs, the following examples can be identified:

  • Help with stimulation due to the fact that they suffer from lack of coordination, sight and hearing problems.
  • Help with learning new activities because they have often had to give up jobs or hobbies they previously enjoyed.

Examples of emotional needs include the following:

  • Help from family or carers to carry out everyday tasks that used to be done by this type of population but which they are no longer able to do due to loss of autonomy.
  • Help to overcome a feeling of not belonging, as they have often been unable to continue working or have lost friends and family in old age.
  • Make the person feel cared for, as this demographic group needs, above all others, to have this feeling.

Finally, we can identify the following needs at the social level:

  • Need for communication in their daily life to avoid isolation and feelings of frustration.
  • Need for social interaction outside their family, which may be from peers or others in society.

All these needs can be met in different ways and through different people such as carers, friends, family, neighbours….

However, in a society where Internet use among the older population has increased dramatically in recent years, and is expected to increase further in the future, there is an opportunity to change the way society deals with the older population.

There is an opportunity for technology-based solutions in the health care sector, independent living sector and social sector for the older population as more of this population uses technology and the internet.

What types of IoT solutions for the elderly are offered in the market?

In my search for solutions that would help me improve the care of my grandparents, I have found different types based on solving the needs described above. Mostly, I have found products that help improve the monitoring of the person’s health, their safety and help reduce the feeling of loneliness.

In my case, the solutions that I am thinking of implementing in my grandparents’ home are:

  • Presence sensors: This type of sensor is installed in a non-intrusive way in the home of the person to be monitored, and in an NB-IoT gateway that transmits the information to a cloud platform. The caregiver receives notifications and smart alarms by WhatsApp, email or SMS of the most relevant events occurring in the home, and can access the information securely and in real time from any device and without the need to install any app.
  • Surveillance cameras: easy-to-install cameras that allow the family member or caregiver to see what is happening inside the home in real time.
  • Smart bracelets: this type of solution helps to monitor the person’s state of health in real time, providing alerts for possible heart attacks or other types of health problems that may arise.
  • Assistance button: this is a button that the elderly person wears around their neck so that, in the event of any problem that may arise, such as a fall or a heart attack, pressing the button sends an alert to the emergency centre.

Other solutions have also emerged, which I don’t yet need to implement, that help people not to feel alone, such as a mini smart robot that uses IoT technology and Artificial Intelligence to determine the user’s behaviour and preferences to deliver verbal notifications to remind them to take medication and allow them to make video calls.

All these types of IoT solutions and others that are being commercialised provide the following benefits:

  • Improved interaction between health professional and patient
  • Regular reporting of the user’s well-being to the caregiver
  • Continuous assessment of cognitive status
  • Generation of reminders to perform daily tasks
  • Reduced caregiver anxiety about the individual
  • Improved home security systems
  • Improved energy efficiency
  • Quick and easy installation of new devices without the need for external assistance
  • Relief of depression and increased quality of life.

We must also take into account the risks that this type of solution can have, especially in the field of cybersecurity and fraudulent use of people’s data.

In conclusion, I believe that IoT solutions will help me improve both the care and the interaction that my family, carers and I have with my grandparents. I also think it is a market that is going to have a very high level of innovation because it will not stop growing and the market will demand more and more new sorts of solutions.

  1. Ec.europa.eu. 2020. Database – Eurostat. [online]
  2. European Union, 2015. People In The EU: Who Are We And How Do We Live?. Luxembourg: Publications Office of the European Union

Cyber Security Weekly Briefing 26 March- 1 April

Telefónica Tech    1 April, 2022

Spring4Shell vulnerability

Spring has released security updates for the 0-day remote code execution (RCE) flaw known as Spring4Shell. Since the appearance of the vulnerability, unconfirmed information has been released from different researchers and media. Regarding this vulnerability, Spring published about specific details of the vulnerability, as well as assigning a CVE and publishing the patches that fix the bug. The vulnerability has been identified with the CVE-2022-22965 and, although its criticality under the CVSS scale is unknown for the moment, it is a vulnerability of critical severity. While the flaw can be exploited in multiple ways, Spring developers have stated that exploitation requires JDK version 9 or higher, Apache Tomcat as a Servlet container, WAR packaging and dependencies on the spring-webmvc or spring-webflux frameworks. Vulnerable versions have been confirmed, so it is recommended to upgrade to Spring Framework 5.3.18 and 5.2.20 or higher, and for Spring Boot to versions 2.6.6 and 2.5.12 or higher. They have also published a series of mitigations for those who are unable to deploy the updates.

More info: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement

​​​Phishing campaign impersonating Spanish organizations

The Spanish Internet Security Office dubbed as, Oficina de Seguridad del Internauta (OSI), alerted about a phishing campaign impersonating the Spanish Tax Agency. The emails were sent from a spoofed address, displaying the domain @hacienda.hob.es, with the subject line “Comprobante fiscal digital – MINISTERIO DE HACIENDA Y FUCION PUBLICA”. These emails urge victims to download an alleged .zip file containing documentation to be submitted to the public body, but in reality it contains malware. The Spanish Office states that the impersonation of other government bodies within the same campaign might not be discarded, therefore changing the subject and sender of the emails. The Digital Risk Protection Service has also been able to analyze this campaign, detecting the impersonation of the Ministry of Health and the Ministry of Finance, and identifying the malware distributed as the banking Trojan Mekotio.

All details: https://www.osi.es/es/actualidad/avisos/2022/03/phishing-suplantando-la-agencia-tributaria-con-riesgo-de-infeccion-por

Apple fixes actively exploited 0-day vulnerabilities

Apple has released security updates fixing two new 0-day vulnerabilities that are reportedly being actively exploited and affecting its iPhone, iPad and Mac products.  The first of the flaws, classified as CVE-2022-22674, is an out-of-bounds write vulnerability in the graphics driver for Intel, which, if exploited, could allow disclosure of kernel memory information. The second bug, classified as CVE-2022-22675, also corresponds to an out-of-bounds write vulnerability, but in the AppleAVD component. Affected products include: macOS Monterey, iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation). Both bugs have been resolved with iOS 15.4.1, iPadOS 15.4.1 and macOS Monterey 12.3.1.

All info: https://support.apple.com/en-us/HT213220

​​New IcedID distribution campaign

Researchers from Interzer and Fortinet have analyzed a new campaign of the IcedID malware, a modular banking Trojan first detected in 2017, commonly used in ransomware distribution. This campaign has been distributed via phishing emails from legitimate email accounts that have been previously compromised, reusing existing threads, containing malicious attachments. There is also a variation in the message attachment, which corresponds to a password-protected ZIP file, but instead of containing office documents as usual, it now contains an ISO image with a Windows LNK file and a DLL that executes the malware. The use of such files allows attackers to bypass Mark-of-the-Web controls and execute the malware without alerting the user. From the analysis of the compromised accounts, the researchers point to vulnerable Exchange servers publicly exposed to ProxyShell, suggesting that this may be the initial entry vector to the accounts being used in the campaign. Activity has focused on organizations in the energy, healthcare, legal and pharmaceutical sectors. Finally, overlaps have been observed in some of the TTPS used that have associated this activity with actors TA577 and TA551.

More info: https://www.intezer.com/blog/research/conversation-hijacking-campaign-delivering-icedid/

​​​Large-scale fraud against the retail sector

Researchers from Segurança Informática have published an in-depth analysis of a fraud campaign against multiple brands in the retail sector, active since the end of 2020, whose activity has been increasing since the beginning of 2022. In this fraudulent scheme, domains similar to the original ones of the impacted brand,  have been used to distribute phishing via malicious Google, Instagram or Facebook ads. All the malicious domains detected bear some similarity to the legitimate domains of the impersonated organizations, using typosquatting techniques, followed by different TLDs, including “.shop”, “.website” or “.online”. Once the victim accessed the advertisements, they were redirected to the fraudulent page where they found great discounts and offers and could place an online order and track the package. The victim’s data was collected for future scams, and in some cases, they were sent parcels full of waste. The operators used homemade content management system (CMS) templates published on GitHub, in which, after changing a few images, they could clone any brand. The largest number of victims has been focused in Italy, Chile and Portugal, followed by other countries such as Spain and France. Through these operations, the attackers could have made a profit of more than one million euros to date.

More info: https://seguranca-informatica.pt/shopping-trap-the-online-stores-scam-that-hits-users-worldwide/

Affordable fleet management for Spanish SMEs

Telefónica Tech    30 March, 2022

We live in a fast-changing environment. Spanish SMEs have sharpened their wits to stay in the business after the pandemic. Most of them have begun a process of digitalisation to meet the demands of their customers. Customers who, nowadays, want their products and services instantly.

Agile and flexible logistics

And, for these companies logistics plays an important role at this very moment. They have to respond to new customer demands in an agile, fast and flexible way.

These companies cannot afford large investments, they need to save costs, improve productivity and ensure efficient delivery of their products.

A fleet pilot of 300 cars

In this context, Net4things together with Telefonica Tech are launching a pilot test to offer an affordable fleet management solution. The pilot has been implemented in a car rental dealership in Catalonia. In the first phase, only 10 cars will be connected and the project will gradually reach a total of 300 vehicles.

The aim is to obtain their location, the vehicle’s status and the driver’s habits. All the information is centralised in the Net4Things platform, which allows these data to be controlled and visualised. In this way, the company can really know, with data, how its fleet is doing at all times.

A suitable solution for any SME

With this pilot project, we want to offer a solution that is affordable, functional, simple to use and easy to integrate into any company. According to the latest data provided by the Directorate General for Industry and Small and Medium Enterprises for February 2022 in Spain, there are 2,925,224.

We firmly believe that we can accelerate the process of fleet digitalisation in these companies. At the moment they cannot afford electrification, but they have a solution that will make them more competitive, empower them and strengthen their products.

Facts and lies about the famous concept of NFTs

María Teresa Nieto Galán    28 March, 2022

The NFT concept is becoming more and more popular, in fact, one could even say that it is trendy. And it is certainly no wonder, as the NFT market is estimated to be worth $41000 millions by 2021.

What do these acronyms stand for??

NFT comes from “Non-Fungible Token”, which is a cryptographic asset that has the ability to be unique and unrepeatable and also resides within a blockchain network. NFTs can take many forms, such as collectibles, event tickets, digital identity documents, and even music and video recordings.

About a year ago, we already analysed this trend under the protection of Blockchain networks and discovered the imminent rise of this type of cryptoasset.

One of the main use cases for NFTs today is digital art. This artistic trend can be defined as a creative discipline of the visual arts, through which works are generated and which incorporate digital technologies in both their production and exhibition processes.

A well-known example of this type of art was the Terravision project, an artwork created in the 1990s that digitally represented the Earth. The digital experience it offered users was to be able to move freely and in real time over any location on our planet. This was achieved through interactive, 3D photographs generated by satellite imagery and geographic data.  In this way, users could go sightseeing without having to physically move around. Can we say that it was one of the first approaches to what we now know as the metaverse?

However, beyond the digital piece of work, it ended up becoming a Berlin-based technology startup that ended up getting into legal disputes with Google due to similarities with Google Earth. But what would have happened if this work of art had been an NFT? Would these legal proceedings and proofs that both companies had to submit have been processed more quickly?

We will never answer these questions, but it is up to us to understand or approximate the value that NFTs can offer today. To do so, we will subject certain claims about this new and famous ecosystem to my favourite test, the polygraph.

NFTs can generate new business models

Digital artists have been the first professionals who have decided to use Blockchain technology and the NFT ecosystem to exploit their business.

This new model, based on cryptoassets, provides them with a different and innovating way of interacting with their potential clients, or even being able to capture them. Likewise, thanks to blockchain technology and the existence of smart contracts, new business models can be implemented for digital artists.

In this way, unlike other artists who died without knowing that their works were worth millions, as in the case of Vincent Van Gogh, artists can have returns every time their work is transferred in the market and trace the ownership of it. All this would be built through a decentralised application, which would automatically transfer a certain percentage of the sale to the artist.

In addition, this whole process provides extra traceability that was previously not possible or very difficult to manage, as it can happen that a painting disappears and can never be heard from again. However, thanks to blockchain technology, this traceability would appear natively.

On the other hand, as we have already seen, it is not only digital art that is the main application of NFTs, as they can represent any type of digital asset, such as, for example, a ticket or a second-hand product. Hence, the polygrapher says that this statement is true.

NFTs are a collection of digital stickers that provide no value

After the creation of what is known as the first collection of NFTs in history, the Cryptokitties, it has always been associated that an NFT is a digital sticker that belongs to a collection and that nothing else can be done with it, except its storage. A similar concept to the sticker collections of our childhood, but digital.

However, NFTs go much further. If we continue with the theme of digital art, an NFT can also be a tool that can be used to represent this art and be able to trace the entire life of the work.

This hypothesis has already been validated this year at the latest edition of the contemporary art fair in Madrid, ARCO. One of the trends that most attracted the attention of those attending was that of crypto-art.

Solimán Perez, the first artist to sell an NFT work at ARCO, stood out among all the works on display. His creation, which mixes agriculture with the cryptocurrency economy, is represented by an oil containing DNA molecules. If a sample of this oil is sent to a laboratory, the associated digital work is reconstructed.

On the other hand, beyond the token itself, another thing to take into account regarding these digital assets is the utility, the project or the community behind it. An example of this is being part of a membership club, which provides a series of benefits for the mere fact of owning an NFT.

Another example is the Pokemon-inspired Axie Infinity game. In this game, players battle each other with their Axies, the digital creatures of that world. An Axie, like a CryptoKitty, is represented by an NFT, so in addition to being a collectible asset it also allows you to interact within the game. Depending on the Axie’s abilities, such as speed or attack, it can also be used in different types of battles.

The polygrapher raised the alarm that this statement is a lie.

Crypto scams may be behind multi-million-dollar sales

As we saw at the beginning of the article, sales of NFTs soared to more than $41 billion. Unfortunately, when there are such volumes in any kind of market, not just cryptoassets, we can find scams.

It is very important, when buying or selling an NFT, to do some research beforehand on the collection or token you want to buy. This is because most scams are a result of a lack of research.

A clear example of this is the launch in October 2021 of the “Evolved Apes” collection, launched after the success of the “Bored Ape Yacht Club”. In this collection, in addition to the possession of the NFT, the project proposed a fighting game between the apes where the winners received rewards in cryptocurrencies.

This game was supposedly in development, but the developer, who called himself “Evil Ape”, disappeared shortly after selling the NFT after having raised 798 ether (about $2.7 million at the time).

So, no matter how dramatic, the polygraph tells the truth.

Owning an NFT gives you intellectual property rights.

Currently, according to existing regulations, copyrights and all intellectual property rights belong to the issuer, who is the only person who has the power to grant them.

A case of great impact in the ecosystem, related to the intellectual property of an NFT, has been related to a book by the artist Alejandro Jodorowsky, in which he captured his attempt to create his own Dune movie.

This work, auctioned as an NFT in January this year, a group of crypto-enthusiasts, called The Spice DAO, claimed to own one of the copies after paying almost €3 million.

The intention of this group of people was to produce an entertainment series and sell the rights to a streaming service, however, having acquired this work would not have given them those rights to the intellectual property.

Today, at a legal level, the purchaser of an NFT has no more than evidence recorded in blockchain that he or she is the owner of this digital asset, but natively, he or she would have neither ownership nor exploitation rights. Moreover, it would also be interesting to analyse the legal repercussions that could befall individuals, or companies, that engage in making NFTs over existing digital works to which they have no rights whatsoever.

Finally, we would find the same situation if a non-fungible token were a physical asset since its possession of the token would not provide rights over its twin either.

Therefore, our polygrapher would find this statement to be false.

Beyond digital art collecting, there may be more applications within the world of NFTs.

Based on the premise that a non-fungible token represents a unique digital asset that can be traced on a blockchain platform, this digital asset does not have to be digital art, but could represent anything that lives in the digital world or even something physical that has been digitalised: an image, a skin for use in a video game or even a telecommunications tower.

An example of this is the project we have carried out in the Blockchain team at Telefónica Tech together with the infrastructure company Atrebo. Using the TrustOS platform, it has been possible to register 200,000 telecommunications infrastructures in order to trace in real time their status and all the operations carried out, both operationally and logistically. In addition, the use of the NFTs model allows the commercialisation of the rights to a tower and the implementation of crowdfunding models based on future returns.

This would therefore imply that NFTs are a tool for the creation of new secondary market models.

In this case, the polygrapher would say it is true.

Finally, let’s not forget that this technological trend, like any other, can carry an associated hype in which we can find all sorts of issues, both with negative and positive connotations.

It is only a matter of time before we can see which aspects of NFTs are the ones that have been completely different and have brought value to the world in which we live.

Cyber Security Weekly Briefing 19-25 March

Telefónica Tech    25 March, 2022

Privilege escalation vulnerability in Western Digital

Independent security researcher Xavier Danest has reported a privilege escalation vulnerability in EdgeRover. It should be mentioned that EdgeRover is a software developed by storage products manufacturer Western Digital for content management by unifying multiple storage devices under a single interface. Identified as CVE-2022-22988, the vulnerability has been rated as critical with a CVSSv3 of 9.1 as, due to a directory traversal flaw, it would allow an attacker who has previously compromised the target system to gain unauthorised access to restricted directories and files. This could additionally lead to local privilege escalation, disclosure of confidential information or denial of service (DoS) attacks. The flaw affects the desktop versions of EdgeRover for Windows and Mac, and it is currently unknown whether it is being actively exploited on the network. Western Digital has already fixed file and directory permissions to prevent unauthorised access and modification and recommends upgrading EdgeRover to version 1.5.1-594 or later, which addresses this vulnerability. 

For more: https://www.westerndigital.com/support/product-security/wdc-22004-edgerover-desktop-app-version-1-5-1-594

Serpent: new backdoor targeting French organisations

Researchers at Proofpoint have discovered a new backdoor that would target French organisations in the construction and government sectors. The detected campaign makes use of macro-enabled Microsoft Word documents under the guise of GDPR-related information in order to distribute Chocolatey, a legitimate, open-source package installer that, after various stealth techniques such as steganography and scheduled task bypass, would implement the backdoor that Proofpoint has named “Serpent”. Once the infection chain is successfully completed, the attacker would be able to manage the target host from its Command & Control (C2) server, exfiltrate sensitive information or even distribute additional payloads. Proofpoint highlights the possibility that Serpent is an advanced, targeted threat, based on its unique targeted behaviors such as steganography, although there is currently no evidence to attribute it to any specific known group.

All the details: https://www.proofpoint.com/us/blog/threat-insight/serpent-no-swiping-new-backdoor-targets-french-entities-unique-attack-chain

Critical vulnerabilities in HP printer models

HP has recently published two security bulletins reporting critical vulnerabilities affecting hundreds of the company’s LaserJet Pro, Pagewide Pro, OfficeJet, Enterprise, Large Format and DeskJet printer models. On the one hand, on March 21st HP published a security advisory (HPSBPI03780) identifying a security flaw catalogued as CVE-2022-3942, CVSS 8.4. According to them, this is a buffer overflow flaw that could lead to remote code execution. The second bulletin (HPSBPI03781) contains three other vulnerabilities, two of which are classified as critical, namely VE-2022-24292 and CVE-2022-24293, CVSS 9.8. Exploitation of these vulnerabilities could allow malicious actors to cause information disclosure, remote code execution or denial of service. All of these security flaws were discovered by Trend Micro’s Zero Day Initiative team. It should be noted that HP has released firmware security updates for most of the affected products, although not all models are patched yet.​

Discover more: https://support.hp.com/us-en/document/ish_5948778-5949142-16/hpsbpi03780

Spying campaign using new variant of Korplug malware

ESET security researchers have detected a malicious campaign that has been active for at least eight months and is distributing a new variant of the Korplug remote access trojan (RAT). According to the investigation, the distribution of this malware would be carried out by sending emails under lures associated with current events such as COVID-19 or related to European institutional themes. Among the targets detected, ESET mentions that the campaign targets European diplomats, internet service providers and research institutes in countries such as Greece, Cyprus, and South Africa, among others. Korplug is a trojan previously associated with similar variants of PlugX malware that, depending on the campaign or threat actor using it in its operations, can have the ability to enumerate drives and directories, read and write files, execute commands on a hidden desktop, initiate remote sessions and communicate with the attackers’ Command & Control (C2) server. However, we do not rule out the possibility that Korplug is in the midst of development, adding new stealth functionality. ESET attributes this campaign to the China-linked threat actor Mustang Panda (aka TA416), known to be primarily motivated by political espionage.

More: https://www.welivesecurity.com/2022/03/23/mustang-panda-hodur-old-tricks-new-korplug-variant/

New North Korean APT campaigns exploiting 0-day Chrome exploits

Google researchers have identified new campaigns attributed to two North Korean-linked cybercriminal groups that would have exploited remote code execution vulnerabilities in Chrome. The activity of these groups has previously been referred to as Operation Dream Job on the one hand, and Operation AppleJesus on the other. These APTs would have exploited the vulnerability CVE-2022-0609 for just over a month, before the patch was made available on 14 February. The activity is said to have targeted US entities, including media outlets, organisations in the technology sector, cryptocurrencies and the financial technology industry; however, it is possible that other sectors and geographies have also been targeted.  The published analysis details the tactics, techniques and procedures (TTPs), indicators of compromise and details about the exploit used by the attackers, which could be exploited by other groups linked to North Korea. 

All of the details: https://blog.google/threat-analysis-group/countering-threats-north-korea/

3 Key Cyber Security Considerations

Mark Skelton    22 March, 2022

To tackle cyber security effectively, we need to find new ways to meet the cyber challenges facing all of us. As CTO for Telefónica Tech UK&I, I regularly speak to organisations that find it hard to know what they need in today’s fast-evolving threat landscape. Many others, despite using ‘a proliferation of’ cybersecurity tools, are simply overwhelmed. 

To maintain cyber resilience and keep employees, data, and systems safe, it is important to consider the following 3 points when assessing your cyber security strategy.

1. Can you move fast enough?

Business leaders must evaluate the capacity of IT teams and stress-test for when things go wrong. How long would it take your IT team to spot a breach, for example? Would this time put many of the team offline and affect business operations? Downtime is highly costly for businesses, with estimates of loss of income at more than $5,600 per minute*, depending on company size and outage time. That’s why the speed of detection is what many customers are now focussing on; however, few companies have 24×7, always-on security professionals at hand that can swiftly detect and remediate. And this slow response time can cost businesses crippling amounts, especially when it comes to large-scale attacks.

Many IT teams are unsustainably stretched – which the numbers only back up. According to Government figures, half (50%) of all businesses have just one person managing or running cyber security in-house; even among large businesses, the average cyber team comprises just two to three people.** Defending businesses against increasingly sophisticated cyber threats is an incredibly demanding task; as a result, teams struggle to stay on top of important security practices such as vulnerability management and 24/7 network monitoring.

2. Do you have sufficient resources?

Identifying, deploying, and updating several best-of-breed technologies into one comprehensive security position takes time, effort, and continuous resources. This is why many under-staffed CISOs, CTOs, and technical managers opt for smarter, security-as-a-service alternatives. Security consulting and managed services aim to take a proactive approach, learning from threat intelligence and the customer base, to help customers stay in step with the changing threat landscape.

To ensure applications and data held within cloud and data centre solutions are better protected, implementing a zero-trust approach will be high on all business agendas for the next 12 months. Similarly, the Gartner-coined Cyber Security Mesh approach is becoming a business priority, and one of the principals for ensuring your Cyber Security ecosystem can work harmoniously together to protect against threats. This approach further underlines how our thinking needs to evolve beyond point solutions to consider how security tools need to work together to provide the ultimate protection.

However, with the greater adoption of cloud technologies, continued hybrid working, and the increasing cost of preventing cyber threats, only organisations who can access specialist expertise and advanced cyber security solutions will be able to successfully adopt these new security principles. 

3. Do you have the right expertise?

Governments and cyber security bodies across the world have flagged the growing cyber security skills gap and the pressing need for more cyber skills training across the board. For example, ENISA, the EU’s transnational cybersecurity agency, says despite the number of cyber security graduates doubling in the next two years, cyber skills will remain in short supply.***

The cyber threat landscape is constantly evolving, meaning that managing cyber security requires specialist knowledge and skills that must be continuously refined and updated to reflect the complex threat landscape.

To compound the skills shortage further, companies are also being challenged to think differently about how they protect their assets.  For example, concepts like Zero Trust requires a cultural shift in order for  design and architecture solutions to be successful. 

This further emphasises the need to seek external expertise to carry out dedicated security training, especially if already-stretched IT teams are expected to take this on as an additional task.

A Way Forward

To limit the risks posed to both businesses and the well-being of IT staff, effective cyber security and risk management requires dedicated professionals that are specifically trained, able to continuously identify new threats and maintain digital resilience across your entire organisation – from your infrastructure, your apps, and data, to your network and endpoints.

By outsourcing security, businesses can gain access to a breadth of specialised expert knowledge, as well as an external viewpoint and fresh perspectives, which are essential when making any changes in or additions to IT infrastructure as businesses grow.

Sources:

Understanding the UK Cyber Skills UK Labour Market
Understanding the Cybersecurity Skills Gap in the EU

The Cost of IT Downtime. The 20.com

Leave a Comment on 3 Key Cyber Security Considerations
Mark Skelton
Mark Skelton

Mark Skelton is Vice President and CTO at Telefónica Tech UK&I with responsibility for the technology strategy. Before this, his background was with big system integrators and large consulting firms including Accenture. He is an expert in digital transformation, workplace transformation, and hybrid IT strategy. He is passionate about bridging the gap between technology and business requirements to ensure customers achieve a good return on investment. He regularly consults on the following technology areas: - cloud transformation (Azure, AWS, private cloud) - digital transformation (IoT, data analytics) - productivity transformation (O365, VDI)

Towards a green digital transformation

Sandra Tello    21 March, 2022

COVID-19 has created challenges that were previously unimaginable, but it has also given us an incredible opportunity to reinvent and rebuild ourselves. In my last blog post we saw how digitalisation and decarbonisation will go hand in hand as catalysts for change in the coming years.

Technology companies are fully aware of the importance of ESG and we are a key player in the environmental value chain, both as a source of emissions and as a key enabler of efficiencies through the different services and solutions we offer to our customers.

Telefónica Tech has extensive experience helping our customers improve their performance by helping them build responsible businesses, including sustainability by design. Our portfolio of decarbonisation solutions is already delivering tangible results for our customers. Our cloud-based services coupled with cybersecurity allows:

  • Eliminating of multiple local servers that are inefficient in terms of energy consumption.
  • Increased server utilisation rates in shared infrastructures.
  • Obtaining the best value, performance and security of the infrastructure.
  • Using modern leading-edge infrastructure, which reduces energy loss through better cooling and air conditioning.
  • Reducing wasted computing resources through dynamic provisioning allocation.
  • Enabling remote collaboration, flexible working practices and therefore reduce commuting.

Telefónica Tech’s cloud services are based on highly efficient data centres that help customers reduce their energy consumption, avoiding CO2 emissions and therefore contributing to fighting climate change. Throughout the pandemic, it has been proven that reducing commuting, as a result of hybrid or remote working, can prevent around 1.4 tonnes of CO2 per person per year from being released into the atmosphere. On the other hand, according to a study carried out by the consulting firm Accenture, migration to the public cloud reduces the carbon footprint by 60 million tonnes per year, reducing IT emissions by almost 6%.

Telefónica Tech, through our IoT, Big Data, AI and Blockchain services, helps our customers optimise their business by making data-driven decisions that minimise environmental impact. For example, we offer end-to-end solutions for energy efficiency, smart water and gas management, and smart production solutions for agricultural and livestock environments. These types of solutions are already making a real difference in terms of sustainability for our customers. As a result, we have seen water telemetry reduce water leakage by 35%, reduce operating and maintenance costs by 20% and improve customer satisfaction rates by up to 60%.

Thanks to our collaboration with Vertical Green we have managed to reduce water consumption by 95% for clients such as Onubafruit; at the same time, we have increased the production of organic vegetables by 40%. At Tendam, thanks to the implementation of Telefónica Tech’s energy efficiency solution in 36 of its establishments, we achieved a saving of more than 15% in energy consumption in the shops.

On the other hand, thanks to smart waste management through our mobility management solutions (fleet management, asset tracking, etc.), we managed to reduce fuel consumption by around 10-15%, thus optimising waste collection routes and generating a positive impact on the environment.  As part of our collaboration with Ecoembes, we have set up smart yellow bins, an accessible and sustainable technology for public administrations to facilitate recycling and thus support the circular economy.

These are just a few examples of how digital transformation can contribute to a positive impact on society and the sustainability of the planet. There is certainly a growing opportunity for a new economy that puts innovation and respect for the environment at its core. Telefónica Tech therefore wants to support its customers in their journey towards a green digital transformation.

Cyber Security Weekly Briefing 12-18 March

ElevenPaths    18 March, 2022

Vishing by impersonating Microsoft

The Office of Internet Security (OSI) has issued a security advisory to report an increase, in recent weeks, of fraudulent calls in which a supposed Microsoft employee indicates that the user’s device is infected. In this type of fraud, known as vishing, the attacker urges the victim to install a remote access application, which will supposedly disinfect the device. Once the cybercriminal has gained access to the user’s computer, they can steal all kinds of files stored on the device, get hold of the passwords stored in the browser, and even install malware that locks the computer and then asks for payment to unlock it. If the user has answered the call and installed the programme mentioned by the cybercriminal, the OSI recommends disconnecting the device from the network, uninstalling the installed programme and using an antivirus.

More info: https://www.osi.es/es/actualidad/avisos/2022/03/vuelven-las-llamadas-fraudulentas-del-supuesto-soporte-tecnico-de

Linux kernel Netfilter vulnerability

Security researcher Nick Gregory has discovered a new vulnerability in the Linux kernel. This flaw, identified as CVE-2022-25636 and with a CVSSv3 of 7.8, involves an out-of-bounds write vulnerability in Netfilter, a Linux kernel framework that allows various network operations like packet filtering, address and port translation (NATP), connection tracing and other packet manipulation operations. A local attacker could exploit this vulnerability to escalate privileges and execute arbitrary code on the vulnerable system. It should be noted that the flaw affects Linux kernel versions 5.4 to 5.6.10, so it is recommended to upgrade to the new version as soon as possible, since there is a PoC available.

More info: https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/

Brazilian trojan variant Maxtrilha targets Portuguese users

Researcher Pedro Tavares of Segurança Informática has detected a possible new variant of the Brazilian Trojan known as Maxtrilha. This variant has been detected being distributed via phishing templates impersonating the Portuguese tax services (Autoridade Tributária e Aduaneira), targeting banking users in Portugal. Researchers consider this malware to be a new variant of the Brazilian trojan Maxtrilha due to the similarity of the samples, and the fact that it uses the same templates to attack users. In the distributed malicious emails, there is a URL that downloads an HTML file called “Dividas 2021.html” or “Financas.htm”, which then downloads a ZIP file, ultimately downloading the malware. This new variant can install or modify trusted Windows certificates, perform a banking window overlay with the aim of stealing credentials, and can deploy additional payloads executed via the DLL injection technique.

More info: https://seguranca-informatica.pt/brazilian-trojan-impacting-portuguese-users-and-using-the-same-capabilities-seen-in-other-latin-american-threats/

Apple fixes 87 vulnerabilities

Apple has published 10 security bulletins that fix a total of 87 vulnerabilities in its different products and platforms: iOS 15.4 y iPadOS 15.4watchOS 8.5tvOS 15.4macOS Monterey 12.3macOS Big Sur 11.6.5Actualización de seguridad 2022-003 CatalinaXcode 13.3Logic Pro X 10.7.3GarageBand 10.4.6 e iTunes 12.12.3 para Windows. The vulnerabilities detected include flaws in WebKit (web browser engine used by Safari, Mail or App Store) that could lead to remote code execution (CVE-2022-22610, CVE-2022-22624, CVE-2022-22628 and CVE-2022-22629). There are also four other vulnerabilities in document, audio and video viewing components on iPhone and iPad that could allow malware deployment or privilege escalation (CVE-2022-22633, CVE-2022-22634, CVE-2022-22635 and CVE-2022-22636). Finally, it is worth noting that macOS includes updates for both the current version and the two previous versions, but only the most current versions of iOS, watchOS, iPadOS, and tvOS support these updates.

https://nakedsecurity.sophos.com/2022/03/15/apple-patches-87-security-holes-from-iphones-and-macs-to-windows/

LokiLocker: new RaaS with wiper functionality

BlackBerry’s research team has identified a new Ransomware as a Service (RaaS) targeting computers running the Windows operating system. According to experts, this malware was first discovered in mid-August 2021, and would have affected victims worldwide, although most of these would be located in Europe and Asia. Among the most notable features of LokiLocker is that it is written in .NET and protected with NETGuard, and it also uses KoiVM, a virtualisation plugin that makes it difficult to analyse malware and is not commonly used. In addition, LokiLocker sets a time limit for paying the ransom if the victim does not agree to the ransomware’s blackmail, uses a file-wiping function on the computer, except for system files, and overwrites the master boot record (MBR) of the system drive to render it unusable.

More info: https://blogs.blackberry.com/en/2022/03/lokilocker-ransomware

#CyberSecurityReport2021H2: Log4Shell, the vulnerability that has exposed the software’s reliance on altruistically maintained libraries and their enormous security impact.

Telefónica Tech's Innovation and Laboratory Area    17 March, 2022

There are many reports on security trends and security summaries, but Telefónica Tech wants to make a difference. The Innovation and Lab team has just launched our own report on cybersecurity that summarises the highlights of the second half of 2021. The philosophy behind, is to offer a global, accurate and useful overview of the most relevant facts and data on cybersecurity and is designed to be easily used by both professionals and amateurs in a simple and visually appealing way.

The aim of this report is to summarise the cyber security information of the last few months, adopting a perspective that covers most aspects of the discipline, in order to help the reader, understand the risks of the current landscape. The information gathered is largely based on the compilation and synthesis of internal data, cross-checked with public information from sources we consider to be of high quality. Here are a few points that we believe to be particularly important.

News highlights

One of the most remarkable news not only for the second half of the year, but for the whole year, came in December. The bug in the Java log processing software, log4j, suffered a critical vulnerability that was not patched. From this point on, there was a relentless search for projects containing this library, new forms of exploitation, patches that were not complete, new vulnerabilities found… It was an obstacle course as attackers incorporated these vulnerabilities into their set of attack tools.

This failure opened up an interesting debate: up to what point can such widely used, ubiquitous and relevant software be maintained on the free time of a single person? This incident made us think about the role of open-source software in the industry, how vendors use it freely but do not all provide support to its creators in return, which creates a very unbalanced dependency that can later turn against them: the software will inherit potential bugs introduced by the developer.

Fuente: https://xkcd.com/2347/

Mobile Security

The second half of 2021 ended with 250 CVEs or vulnerabilities fixed for Android, 29 of them critical, very similar figures to previous semesters.

However, many of these flaws affect the software or firmware of particular manufacturers, which means that the same vulnerability does not necessarily affect the entire Android device fleet, but only those with the affected components.

For Apple iOS, the second half of 2021 closed with 120 patched vulnerabilities, 40 of which are considered high-risk, with the possibility of executing arbitrary code. Some of them affect the core of the system itself.

In this report you will find a summary of the main conclusions that can be drawn from the report that Apple publishes on the data requested by governments, which ones and to what extent the requests are met by 2020.

We can highlight that Spain is the country that has made the most requests for account information due to fraud in 2020.

OT Security

Telefónica Tech believes that it is essential to have a holistic vision of security that incorporates industrial environments. For this reason, we have internally developed the Aristeo project: a network of industrial decoys that use real OT devices to confuse attackers and extract the necessary information to generate intelligence that strengthens our clients’ defences.

More information: https://aristeo.elevenlabs.tech

In our OT threat analysis, we have been able to verify the truth of the statement that criminals are the ones who know the legislation and the reality of society best. As an example of this reality, we can see in the following graphic how, as soon as the omicron variant appeared, certain types of attacks in the OT area related to the increase in teleworking increased.

Access full report