Cloud services enabling remote working

Roberto García Esteban    9 December, 2021

There is no doubt that the hybrid model in which face-to-face and remote work is shared is here to stay in companies all over the world, including SMEs. To successfully make the leap to a work model that combines face-to-face and remote work, it is necessary, on the one hand, to change the management model of companies with a management that is committed to this model, increasing trust in the worker, favouring collaboration between departments and eliminating isolated work teams. But of course, it is also essential that workers have mobile devices and suitable hardware and that companies provide them with the appropriate technological tools to facilitate this hybrid work model, in which face-to-face and remote work coexist.

Cloud, to the rescue of companies

How can technology, and in particular cloud solutions, help to improve business productivity and encourage remote working? Because buying applications and devices on a whim is not the solution. Today’s businesses are faced with increasingly complex communications environments and a wide variety of communication methods. Employees, partners, suppliers and customers communicate with each other through endless combinations of fixed terminals, mobile phones, voice calls, email, chat and more. However, these tools are often not used as effectively as they should be, resulting in information overload, device overload, lack of agility and misdirected communications that slow down processes and reduce productivity rather than improve it.

So possibly the technologies that have the greatest impact on improving productivity and making remote working easier for companies of all sectors and sizes, both SMEs and corporations, are unified communications services, collaboration tools and mobile workforce solutions. Indeed, cloud computing plays a key role in the development of all of these:

  • Unified communications services serve to bring together mobile, voice, video and data applications, allowing users to connect to them anytime, anywhere and on any device or operating system via the internet. The concept of unified communications does not refer to a single product, but to a solution that encompasses elements such as email, voice and video messaging, telephony or presence status. These tools have a unified, easy-to-use interface across multiple devices, facilitating both real-time teamwork and enabling teams of people in different locations to work in a unified environment in the same way as if they were all in the same office. This helps control costs and increases productivity and competitiveness.
  • On the other hand, collaboration tools include file sharing, remote and simultaneous file editing, virtual meeting organisation and corporate social network integration. This makes it easier for team members to share knowledge among themselves, resolve doubts or work in real time on the same files, thus avoiding having to handle different versions of the same files. In short, it facilitates innovation and saves time.
  • Both of the above groups of services incorporate the notion of mobile employees, i.e., employees who may not necessarily work from the office. However, there is no doubt that opening up the range of possibilities for accessing company information brings with it security issues that need to be managed. It is therefore necessary to implement solutions such as establishing identity management in the cloud to enable authentication across all devices and applications and create a single sign-on so that employees can access resources from any device while working remotely. It is also highly recommended to have multi-factor authentication (MFA) so that employees must use a second security factor such as biometrics or authentication applications on mobile devices to access their corporate applications.

The benefits of implementing teleworking are clear: more possibilities of reconciliation for employees, more flexible working hours, cost savings, improved productivity for the company, reduced absenteeism, the possibility of hiring better candidates… but to implement it successfully it is not enough for the company to acquire the appropriate technological tools, but it is also necessary that the company’s management is committed to this change in the working model, giving confidence to workers, providing them with the necessary training in new technologies and guaranteeing their right to disconnect even if they work from home. The benefits of teleworking make it worth the effort.

Leave a Comment on Cloud services enabling remote working
Roberto García Esteban
Roberto García Esteban

Ingeniero de Telecomunicaciones por la UPM, diplomado en Administración y Dirección de Empresas en la UNED y MBA Executive por el Instituto de Empresa. Actualmente trabajo como Product Manager de servicios cloud en Telefónica Tech. Soy muy futbolero (por supuesto, del Real Madrid ), si bien me gusta seguir y practicar todo tipo de deportes (es fácil que me veas en una carrera popular por las calles de Madrid). Aunque mi verdadera pasión es disfrutar de una buena conversación con mis amigos o mi familia.

Cyber Security Weekly Briefing 27 November – 3 December

Telefónica Tech    3 December, 2021

Apple and Google fined 20 million for using user data

The Italian Competition and Market Authority (AGCM) has fined both Google and Apple 10 million euros for their method of collecting and processing user data for commercial purposes. The Authority found that both companies committed two consumer infringements. On the one hand, the Authority found that Google and Apple omit important information during the account/ID creation period, as well as when users use their services, as none of them clearly indicate how the data will be used. On the other hand, the institution highlights the companies’ approach to data collection practices as “aggressive”. During the account creation phase, Google predefines the user’s acceptance of the use of data for commercial purposes, avoiding the need for confirmation by the user. As for Apple, the Authority has ruled that the way of acquiring consent to the processing of data for commercial purposes is approached in a way that conditions the user in his choice, as he will be limited in the use of its services if he does not relinquish his control over the data provided. Both companies have reportedly expressed their disagreement on the charges, as well as their intention to appeal the sanction.

More: https://www.agcm.it/media/comunicati-stampa/2021/11/PS11147-PS11150

Attempted Exploits of Vulnerability CVE-2021-40438 Detected

Cisco has issued an advisory reporting the detection of attempts to exploit a recently patched vulnerability in Apache HTTP servers. The server-side request forgery (SSRF) vulnerability, identified as CVE-2021-40438 and with a CVSS 9.0, can be exploited against servers with the “mod_proxy” module enabled. The vulnerability was fixed in September with the release of version 2.4.49, but since then several PoCs have been published for exploitation. In addition to Cisco’s security alert, the German Federal Office for Information Security (BSI) has also issued a security advisory after detecting an attack in which the vulnerability was exploited to obtain the hash values of user credentials.

All the info: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ

Old vulnerabilities affect HP printer models

Researchers at F-Secure have discovered several vulnerabilities affecting at least 150 multifunction printers manufactured by Hewlett Packard. The vulnerabilities listed as CVE-2021-39237 and CVE-2021-39238 date back to at least 2013, so it is assumed that they could have affected a large number of users over a long period of time. The first of the vulnerabilities, with a CVSS of 7.1, refers to two exposed physical ports that grant full access to the device, the exploitation of which could lead to a potential information leak. The second vulnerability, on the other hand, has a CVSS score of 9.3, which if exploited would give malicious actors a means of remote code execution. Researchers have also reported several ways in which these vulnerabilities could be exploited, including printing from USB, social engineering the user to print a malicious document, printing from another device under the attacker’s control, or cross-site printing, among others. The company issued firmware updates for these two most critical vulnerabilities on 1 November, in addition to providing a hyperlink in each CVE to the products affected by each vulnerability and providing a security best practice guide for printers.

Learn more: https://www.f-secure.com/en/press/p/f-secure-discovers-vulnerabilities-affecting-over-150-hp-printer

Emotet spread via malicious Adobe Windows App Installer packages

The reactivated Emotet malware has been detected running via malicious bundles of a built-in feature of Windows 10 and Windows 11, called App Installer. The malicious actors behind this malware aim to infect systems by installing Windows App Installer under the guise of Adobe PDF software. This new campaign, which starts with stolen email response chains that appear as a reply to an existing conversation, adds a URL that redirects to a malicious PDF apparently related to the current thread. The link spoofs a Google Drive page showing a PDF preview button, which is actually a URL that attempts to open an application installation file hosted in Microsoft Azure. This same method was also detected to distribute the BazarLoader malware, where it installed malicious packages hosted on Microsoft Azure. Actions like this have allowed Emotet to resurface and conduct large-scale phishing campaigns that subsequently install TrickBot and Qbot, as well as lead to ransomware attacks.

All the details: https://www.bleepingcomputer.com/news/security/emotet-now-spreads-via-fake-adobe-windows-app-installer-packages/

ManageEngine ServiceDesk Plus flaw actively exploited

Researchers at Unit 42 in Palo Alto have published a paper exposing that an APT is exploiting a critical vulnerability in Zoho’s ManageEngine ServiceDesk Plus service listed as CVE-2021-44077 with a CVSS of 9.8. Last September, CISA warned that a malicious actor was exploiting the vulnerability CVE-2021-40539 and CVSS 9.8 in Zoho’s ManageEngine ADSelfService Plus. In November, Palo Alto warned of a second, more sophisticated campaign using the same flaw, which was called TitledTemple. Palo Alto had detected that the same APT that in previous months was exploiting the CVE-2021-40539 vulnerability had possibly extended its operations, now also exploiting the CVE-2021-44077 flaw. Exploiting this flaw could allow an unauthenticated remote user to load malicious executables, as well as webshells that could allow them to steal administrator credentials, perform lateral movements, among others.  Attribution for the moment remains unclear, with Palo Alto pointing to the Chinese group APT27 (TG-3390) in both cases, while Microsoft’s Threat Intelligence team indicates that the September attacks were carried out by DEV-0322.

More: https://unit42.paloaltonetworks.com/tiltedtemple-manageengine-servicedesk-plus/

The impact of cybersecurity attacks on SMEs and corporates

New Markets Team    2 December, 2021

New Markets from Telefónica Cyber & Cloud Tech, together with Telefónica Global Solutions and GlobalData delivered a webinar highlighting the impact of cybersecurity attacks on both small and medium-sized enterprises and global Corporates. It was moderated by Rajesh Muru, Principal Analyst – Cybersecurity Solutions at Global Data.

The objective of this webinar was to show the scale, size, and scope of the challenges facing enterprises, as well as the key steps service providers, and especially Telcos, need to take to easily and quickly capitalize on this lucrative cybersecurity opportunity.

Are you aware of the cost of cybersecurity for enterprises?

In 2020, businesses made ransomware payments of more than $400 million in cryptocurrency, a 300% increase compared to 2019. However, the average cost to a business in terms of financial impact, down time and lost opportunity is far greater, with some enterprises, for example in the private Healthcare sector, highlighting post-cyberattack revenue losses in the millions and damage to brand and shareholder value.

Additionally, as Amy Larsen DeCarlo, Principal Analyst – Security Services at GlobalData said, the COVID-19 pandemic has had a huge impact globally on businesses of all sizes, including global multinationals. Almost all Fortune 100 and 500 companies have experienced major disruptions to their operations and markets. As businesses transition to full operations under the new post-lockdown norm, they still struggle with operational changes in employee working styles and supply chains across different sectors.

GlobalData’s research in cybersecurity and discussions with the industry highlights some of the following drivers in the escalation of cybersecurity attacks globally:

  • The dispersed legacy nature of IT in sectors like Government, Healthcare and Utilities, which over time has improved with upgrades but still has vulnerabilities to cyber-attacks.
  • Despite the growing threat of ransomware cyberattacks on sectors, Utilities and Energy are still behind the curve in creating robust security policies and resilient network fortification. The emergence of OT/IoT makes these verticals more vulnerable.
  • The realization by cyber criminals of the ‘high impact’ cyberattacks can create on verticals like Utilities, Energy and Government, and the opportunity this creates in increased ransom demands.

Partnerships are key in security to deliver value to enterprises

As enterprises contemplate longer term hybrid work scenarios, changes to their IT infrastructure due to digitization, and operational challenges (i.e. supply chains and internal security team resourcing across IT), they seek external support closing the security gaps.

As Sebastian Garcia de Saint-Léger, Head Offnet Sales and Alliances at New Markets (Telefónica Cyber Security and Cloud Tech) said during the debatePartnerships and alliances are critical in the rapidly evolving cybersecurity market. No single company can cope with the speed at which new technologies develop in cybersecurity. That is why at Telefónica we have agreements with top cybersecurity vendors and invest in cybersecurity start-ups. Building a wide ecosystem of partners is critical to deliver high quality services to our customers and channel partners”.

Telefonica’s differentiated value proposition for Channel Partners 

During the debate, Bechara Kaddoum, Strategic Account Manager – Cybersecurity – EMEA & APAC at Telefónica Global Solutions, emphasized Telefónica’s willingness and desire to support third-party service providers through partnerships that deliver strong differentiated security solutions that meet the needs of modern digital enterprises challenged with security in the current climate. With Telefonica value proposition, other telcos or system integrators can define and deliver services in cybersecurity and create additional revenue streams with reduced investment.

García Saint-Leger explained that, if the SP is a Telco, there is an even added intangible value in our proposition. As he quoted: “We share the same DNA and timing, and we have gone through the same steps they will follow if willing to enter the cybersecurity market. Other Telcos will learn from our successes, but even more importantly, from our whole journey”.

Case Study: How Telefónica helped a Telco become a Managed Security Service Provider in less than a year

Kaddoum highlighted some good customer examples in the Webinar where Telefonica has supported partners in regions like the Middle East to deliver digital security services to their enterprise customers, within a 12-month timeframe.


With Telefónica’s support the partner was able to implement a successful go-to-market strategy to launch innovative services leveraging white-label technology, execute multiple PoCs with high-profile customers, provide full training with the internal teams that supported the end-to-end delivery of security opportunities, and implement & operate Managed Security Services from its own SOC and multiple large MSS propositions that are currently in operation.

To learn more about Telefónica’s value proposition for Channel Partners, you can contact us here.

Here you have the most relevant moments of the webinar:

TCP/IP Stack Gruyere

Diego Samuel Espitia    30 November, 2021

In May 2020 during the most complicated phase of the global pandemic, we were told that the internet was broken as a result of bugs (called Ripple20) affecting millions of IoT devices. But this was just one of a series of findings in a series of problems detected in the TCP/IP stack that have been brought together in research called the Memory Project.

This project reports vulnerabilities in the implementation of 14 TCP/IP stacks detected after 18 months of research. The result is the disclosure of 97 vulnerabilities grouped in 6 reports that, by their very nature, are rated with a very high risk level and impact millions of devices and hundreds of manufacturers.

The first striking feature of the report is the initial release date of the fourteen TCP/IP stacks, which are at least 7 years old and at most 28 years old. Evidence that as in previous occasions in other base protocols, unknown vulnerabilities have been carried over from many decades ago.

Year of initial release of each TCP/IP stack analysed

This does not imply that all stacks or protocols are vulnerable just because they are old, but it does show that on many cases the processes of correction and improvement in this type of basic elements for the functioning of the internet are somehow slow. The study also indicates that one of the main problems is the lack of response from many manufacturers when they are notified of vulnerabilities or the slow adoption of patches, as in the case of Schneider Electric, which took 308 days to publish the patches to correct the vulnerabilities known as AMNESIA:33.

The other very important point is the impact of these vulnerabilities, as most of the implementations are in IoT, IioT and OT devices, which are the basis of the operation of critical infrastructures and industries in the world. Devices such as gas turbines, electrical transmission elements and Siemens brand RTUs, have confirmed by their own CERTs the existence of vulnerabilities in their devices in the last two months SSA-044112 and SSA-316383, which confirm NUCLEUS:13 and NUMBER:JACK respectively.

However, it is not the only industry affected. The government and medical services environments have also been severely impacted. In fact, they are the most affected devices reported, both of which account for around 60% of all affected devices.

Figure 2: Vulnerable devices per sector

As in previous cases, this case highlights the need for greater scrutiny of how vendors and developers are creating or making use of the different TCP/IP stacks in their implementations.

The good news is that these types of responsibly reported bugs indicate not only the importance of such analysis, but how vital it is to provide early warning to the world’s organisations to raise awareness of the other as yet undiscovered vulnerabilities that can be found in critical environments.

#LadyHacker: Proud of you all

Telefónica Tech    29 November, 2021

#LadyHacker 2021 campaign is coming to an end. Throughout this year we have followed the lives of our women, from their childhood to their maturity, including their school and university lives. Examples of women fighters, passionate and experts in technology who, every day, become real references for children and young people.

Thank you all for making this global initiative a reality, which aims to make the role of women in the technology sector more visible and to raise awareness among our girls about their potential to study STEM careers.

Press PLAY and don’t miss the latest video 👇

Cyber Security Weekly Briefing 20-26 November

Telefónica Tech    26 November, 2021

Reacharound: possible resurgence of the triple threat Trickbot-Emotet-Ransomware

Last January, an international action orchestrated by Europol and Eurojust led to the dismantling of the Emotet infrastructure, a malware widely used in the early stages of the ransomware infection chain. These events contributed, according to security researchers, to the shutdown of multiple high-level ransomware-as-a-service (RaaS) operations. However, since last week there have been reports of a resurgence of the threat from researchers such as GData and AdvIntel, who have indicated that operators of the Conti ransomware have allegedly convinced the former Emotet operator to rebuild its infrastructure. These actions were allegedly carried out through a campaign named “Reacharound“, which is characterised by the infection of devices with TrickBot, which included an Emotet payload. According to AdvIntel researchers, they estimate that the return of this threat will have a significant impact on ransomware operations due to three reasons: the high sophistication of Emotet’s capabilities, the promotion of crime-as-service in this area and the return of the classic TrickBot-Emotet-Ransomware triple threat.

More: https://securityaffairs.co/wordpress/124807/cyber-crime/trickbot-emotet-conti-triad.html

PoC published for a vulnerability in Microsoft Exchange

Security researcher @testanull, has published a working proof of concept (PoC) for the vulnerability identified as CVE-2021-4231 and CVSS of 8.8, which would be affecting Microsoft Exchange, which was fixed by Microsoft in the last November Security Bulletin. The vulnerability is said to affect Exchange Server 2016 and 2019 on-premises services and could allow an authenticated attacker to execute arbitrary code remotely. Microsoft reports that they have detected activity related to the exploitation of this vulnerability occasionally in targeted attacks, so they recommend its correction. It should be noted that this would not be the first time in 2021 that vulnerabilities in the Microsoft Exchange service have been exploited to carry out attacks, as attempts to exploit ProxyLogon and ProxyShell are well known. It is recommended to make use of the Exchange diagnostic program to check the possible involvement of these vulnerabilities.

All the details: https://techcommunity.microsoft.com/t5/exchange-team-blog/released-november-2021-exchange-server-security-updates/ba-p/2933169

New Windows 0-day with public exploit

Security researcher Abdelhamid Naceri has made public an exploit for a new 0-day in Windows that would allow an attacker to gain administrator privileges and affects all versions of Windows, including Windows 10, Windows 11 and Windows Server 2022. Naceri managed to bypass the patch that Microsoft included in its November monthly bulletin for an escalation of privilege vulnerability in Windows Installer (CVE-2021-41379), a vulnerability that he reported to Microsoft. Following this new discovery, he was able to identify a new 0-day for which the researcher has now decided to publish the exploit (InstallerFileTakeOver) on his GitHub account. With the publication of this exploit, Naceri intends to join the feeling of discontent already shown by other researchers with Microsoft, for what they claim would be a continuous degradation of the bounties that are reported to the firm. Microsoft is expected to patch the new bug in its next bulletin. The researcher recommends waiting for the official fix given the complexity of the vulnerability. Cisco Talos security researchers have reportedly already detected malware samples that are trying to exploit the new 0-day. Researchers have indicated that the exploitation attempts observed are part of low-volume attacks, so they could be tests to make adjustments to the exploits and can therefore be understood as a possible preliminary step before larger-scale campaigns.

More information: https://www.bleepingcomputer.com/news/microsoft/new-windows-zero-day-with-public-exploit-lets-you-become-an-admin/

Security breach at GoDaddy

Domain registrar GoDaddy has made public a security incident detected on November 17th, in which an unauthorised third party allegedly gained access to the company’s Managed WordPress hosting environment via a compromised password. The investigation, which is still ongoing, determines that the attacker had access to customer information from the 6th of September of this year until the time of its detection, which was blocked and expelled from the system. Among the information exposed is email address and customer number of 1.2 million active and inactive Managed WordPress users, the WordPress administrator password set at the time of provisioning, sFTP and database usernames and passwords of active users, and the private key of SSL certificates for certain active users. The company is contacting customers affected by this security breach. It is worth noting that GoDaddy suffered a data breach in May last year.

Learn more: https://www.sec.gov/Archives/edgar/data/1609711/000160971121000122/gddyblogpostnov222021.htm

Vulnerabilities in MediaTek allow spying on Android devices 

Semiconductor company MediaTek has fixed several security flaws that could have allowed attackers to eavesdrop on phone calls from Android devices, execute commands or escalate privileges. MediaTek’s SoCs (System on a chip) are embedded in around 37% of the world’s smartphones and IoT devices, including devices from brands such as Xiaomi, Realme and Vivo, among others. Three of these vulnerabilities (CVE-2021-0661CVE-2021-0662 and CVE-2021-0663) are due to incorrect boundary checking and were fixed in MediaTek’s security bulletin last October, all with CVSS of 6.7. The fourth vulnerability is assigned the identifier CVE-2021-0673 but has not yet been fixed. The company will publish more details about the flaw, as well as its fix, in the next security bulletin to be published in December.

More: https://research.checkpoint.com/2021/looking-for-vulnerabilities-in-mediatek-audio-dsp/

Technology and social psychology applied to Internet consumption: The ” Black Friday” case

Martiniano Mallavibarrena    25 November, 2021

No one will be surprised if we suggest that social networks and other large Internet platforms base their business model on advertising and that all of them, in some way, try to direct us towards the consumption of certain products or services.

It is quite another thing to explain, as we will do in this article, how technology (especially big data and artificial intelligence) is combined with the most basic principles of social psychology to turn us all into targets of personalised digital marketing campaigns whose sole and clear objective is to transform us into future buyers of a product. Let’s use the specific case of the worldwide event called “Black Friday” as a mental reference. This “special day” has its origins in the United States and is celebrated every year on the Friday after Thanksgiving Day, becoming, since 2005, the busiest shopping day of the year. It is considered, globally, as the unofficial start of the Christmas shopping season, breaking records for online transactions year after year. As an international benchmark, it is only comparable – in volume – to “China’s Single’s Day“.

Today’s digital marketing relies on the principles of social psychology to create a huge population profiling platform to support international advertising campaigns. The efficacy of the approach, leaving aside possible ethical nuances, is beyond question.

First element: Technology

The first thing we need when launching a successful advertising campaign is a target audience and sufficient knowledge about that population. For the last 20 years we have had widespread use of social networks on the Internet (current TikTok usage figures are 1 billion active users per month), universal web access and more active mobile devices than inhabitants, which certifies that it is an environment where we can safely have a chance to succeed with our campaign.

The large mass Internet environments offer their “customers” (not paying to use email does not imply that “you are not part of the product”) two great benefits (in the case of advertisers on Google Search or Facebook, it is obvious): precise profiling at the level of the individual and an adequate level of engagement. Let’s look at both concepts.

  • Accurate profiling: If we use a platform like Spotify regularly, we are unintentionally giving the platform information such as what device we connect from, what day/time we usually do it, what kind of music we usually listen to, what kind of playlists we follow (e.g. if we search for the word “workout” we might be doing sports activity at the same time) and whether or not we use external devices which, in turn, can give additional information (we listen to music from “Android Auto” in a car, for example). The same could happen with our favourite video streaming platform and with all so-called social networks, without exception.
    • With all this information (which can be combined in many cases, due to being publicly visible or being platforms of the same business group) the level of detail of each user is too tempting to resist using machine learning techniques and automatically profiling the millions of users in our environment (for a small fee as an advertiser on a social network, we automatically benefit from this).
    • Thus, as advertisers, we can target our digital marketing budget at “young teenagers from peripheral areas” or “women with studies and liberal professions” or homosexual groups or followers of certain political ideologies. The model is not perfect, but we will be fine-tuning our campaign.
    • The data is inside the platforms, updated every second and with simple automatic models, each user is tagged by age range, gender, sexual orientation, political ideology, musical tastes, purchasing power, sports routines, specific brands they use, etc. The list is endless.
  • Engagement: Every advertiser’s dream is to keep their target audience in touch with their product (those shop windows in the high street where people spend minutes looking inside, now on the Internet). To achieve and maximise the effect in today’s network of networks, the resource is to constantly feed the user with new stimuli, so that they are reluctant to stop watching videos on YouTube or a new series on Netflix. Recommendation algorithms play a central role here: the profiling we have just discussed allows the platform, in a really simple way, to calculate which new video you might be interested in if you have just watched several in a row on a certain theme. The rest is predictable: you’ll find the new video or song interesting and you’ll stay connected for a few more minutes. The new “cop” series will seem most suggestive once the main menu starts showing you the trailer (without having asked for it) and once you have logged in with your “personal” user (so that your partner and your children can use their own profiles and the whole family can be properly profiled). Instead of going to bed early, you might decide to try your luck by watching the pilot episode.

It should be remembered that profiling and engagement form a never-ending virtuous circle: the better the profiling of the person, the higher the level of engagement which, if it occurs, will improve the profile of the new person.

Second element: Social psychology

Now that we have profiled the population (we are talking about more than 4.5 billion people using the Internet worldwide) and we have kept them nicely “hooked” (a high level of engagement produces frequent and loyal access to the corresponding digital platform), we only have to decide how to approach each and every one of these people to convince them of the benefits of the product, its reasonable price and the needs (often social) that they will cover if they buy it.

The universal recipe in this case is to resort to the basic principles of social psychology and to remember the current doctrine on the mechanisms of persuasion. (We have, therefore, to try to persuade millions of people around the world in two ways.

  1. The need (basically, socially) to buy something on Black Friday
  2. That what we buy is what the advertisers are offering and not something else.

In the second half of the 20th century, several famous social psychology experiments (which could not be repeated today due to obvious ethical problems) highlighted how effective good persuasion can be. Stanley Milgram’s experiments on the influence of “authority” (this YouTube documentary describes them perfectly) and, years later, the case of the “Stanford Prison” (in this TED talk, Professor Zimbardo himself explained this whole line of experiments) demonstrated, without a doubt, that any of us, under certain conditions and with the right level of persuasion, will perform actions that under normal conditions we would not do. Compulsive buying of products we dubiously need could clearly be another desired outcome, using similar approaches.

When human beings understand that an issue is not important or a priority in our lives (choosing whether or not the pizza we order has cheese on it) we resolve it using what is known in psychology as the “peripheral route” and act in a basically impulsive way to make that micro-decision. If, on the other hand, we are changing jobs to another country, we are more than likely to use the “central route” and reflect for long hours with our immediate environment before making a decision. E-commerce and digital marketing focus exclusively on the first case, trying to persuade us that we really need certain products and that the offer we have one click away on our mobile is the best ever, so it makes no sense for others to buy the product before us. We must buy that product and we have to buy it immediately. This is the goal on Black Friday.

The American psychologist, Robert B. Cialdini explored in detail these decisions and this influence in the case of “peripheral routing” (decisions we choose to spend very little time on). His work has been used to develop many of today’s sales techniques, as well as personalised digital marketing on the internet. We can see his six principles clearly used in the case at hand.

  1. Commitment and coherence: If the narrative persuades us that the product fits our profile, we will have half a purchase won. It is logical (coherent) that a person like me (profile) buys this product because it fits perfectly with my lifestyle (the message adapts to the profile).
  2. Reciprocity: How can I not buy something from this kind portal that gives me vouchers to buy at a discount and congratulates me on my birthday; it even reminds me of my last purchases, suggesting the next ones!
  3. Social approval: Again, persuasion will be in charge of convincing us, no doubt that, if we buy this product, all our close environment (your partner, your friends, the people at the office) will approve it socially and your valuation by all of them will go up again (as in the last purchase, the profile will detail it).
  4. Authority: The (alleged) doctor in the ad explains to me how germ-free my mouth will be if I use the toothpaste. I cannot doubt (remember Milgram’s experiments and the value of authority) that this is true, if an expert says so.
  5. Sympathy: If my favourite actress, singer or media celebrity appears wearing those shoes or using that cologne, I can’t be any less. They can’t make the wrong choice.
  6. Scarcity: The famous (and not always “accurate”) “only 3 units left” banner pushes our mind to the maximum on its peripheral decision route: “Only 3 units left and it’s so cheap! It goes with my personality and others will accept me better! What can I do if there are only 2 units left now?

The formula for success in mass e-commerce on the Internet is obvious and public, but this does not detract from its effectiveness:

Accurate profiling + appropriate level of engagement + appropriate use of persuasion techniques (peripheral route) = Maximum influence on platform users and increased likelihood of purchase…

Let’s keep this in mind next Black Friday, especially before we click on the ” Buy ” button.

Cyber Security Weekly Briefing 13-19 November

Telefónica Tech    19 November, 2021

​​Emotet returns​

Security researchers from Cryptolaemus have identifed what seems to be the reappearence of the popular Emotet malware, whose infrastructure had remained inactive since January after a joint intervenion by security forces worldwide to thwart its operations. The new samples used the same propagation mechanism traditionally linked with this botnet: malspam with Excel or Word attachments or ZIP files protected with passwords, spoofed senders and information stolen from old victims’ email threads. The only important difference lies in the use of encypted communications with the C2 severs through HTTPS. Even though it has been only one day since the detection of the spam campaign, other researchers have started warning about this new Emotet activity and its delivery as second payload by the Trickbot malware. Operators of this same malware, Trickbot, who are known by the alias of ITG23, have been recently spotted participating in several campaigs along with the Shathak (TA551) threat actor, in attempts to delivery its malware as a previous step of a compromise with the Conti ransomware.

More information: https://isc.sans.edu/diary/28044

​​​0-day in FatPipe VPN actively exploited

The FBI has issued a statement warning about an advance persistent threat (APT) abusing a 0-day vulnerability in FatPipe VPN devices since at least last May. Specifically, FBI forensic analysis claims that the attackers could have accessed the file upload function in the device’s firmware and install a webshell with root access, leading to elevated privileges in the internal networks of the targeted organizations. The 0-day vulnerability described affects FatPipe MPVPN, IPVPN and WARP virtual private network (VPN) devices and is not yet identified with a CVE number or criticality. FatPipe has already released a path and a security advisory (FPSA006). The FBI advisory also contains YARA rules and indicators in order to identify related activity on the systems.

More details: https://www.ic3.gov/Media/News/2021/211117-2.pdf

​​​ChainJacking: new software supply chain attack

Security company Intezer, together with Checkmarx, has published a paper on a new supply chain attack against sofware providers that could put at risk several common use management tools. Known as “ChainJacking”, the attack consist on the modifitacion or corruption of Github, Go Package Manager or NPM open source packages that are included by default in management tools. In the case of Github, an attacker could claim ownership of an abandonned username and start delivering malicous code to anyone downloading the package, taking advantage of the trust gained by the username’s former owner. By exploiting this in a repository of Go packages, it could lead to a chain reaction that would amplify the spread of the malicious code and would infect a wide range of products, causing a damage comparable to that of last year’s Solarwinds incident or that of this year’s Kaseya attack. So far, no active exploitation of this attack has been reported, but this cannot be overlooked given the recent tendency of software supply chain attacks that are difficult to detect, have a huge impact, and give threat agents further changes of infection.

All details: https://www.intezer.com/blog/malware-analysis/chainjacking-supply-chain-attack-puts-popular-admin-tools-at-risk/

​​​​​​0-day vulnerability in ManageEngine ServiceDesk

Researchers from IBM have discovered 0-Day flaw in the ManageEngine ServiceDesk engine. This is a widely used help desk management platform that includes applications for the management of projects and IT services. The vulnerability, CVE-2021-37415, could be exploited to grant access to an unauthorized attacker in a API rest subset of an application, which is responsible for the recovery of information from the existing tickets within said application. Moreover, upon successful exploitation, a threat agent could access confidential data through the Internet, including information on the patches to be applied or the internal network structure of an organization, among others. Also, this could lead to a supply chain attack, due to the widespread use of this product and the nature of the vulnerability. ManageEngine has issued version 11302 to correct the flaw and that shall be applied as soon as possible.

Discover more: https://securityintelligence.com/posts/zero-day-discovered-enterprise-help-desk/

The TALENT NETWORK moment at Telefónica Technology & Automation LAB

Rocío Muñoz Paul    18 November, 2021

The Telefónica Technology and Automation Laboratory has not stopped in its first five months of life since its relocation to the Distrito Telefónica.

So far, we have announced how the laboratory became a base for research on quantum cryptography working, together with the most relevant manufacturers in QKD technology and security, in the development of pilots in our LAB facilities, to demonstrate the ability to deploy and use this quantum technology.

We have also seen how Telefónica and NEC began their collaborations for the validation and implementation of cutting-edge Open RAN technologies and several use cases at the Telefónica Technology & Automation LAB.

In addition, our Laboratory is part of the MadQCI project (Madrid Quantum Communication Infrastructure), an ambitious network that demonstrates the viability of different implementations of QKD technology (Quantum Key Distribution) and the coexistence of different manufacturers and operators. 

And finally, in our Lab we are building our proposal for Private 5G Networks, combining 5G Access, Edge Computingand SVAs from different partners in a single product. This is our 5G Telco Edge platform to deliver 5G leveraged B2B services in a fully automated, certified, and click-to-deploy way.

But the LAB is not only a space for research and exploitation of the latest technology, but a place to retain talent. Hence, the Talentum Lab initiative, a commitment to young talents for researching and analyzing data from our network through Artificial Intelligence and Machine Learning.

Now, it is time to open the Laboratory to the rest of the company’s areas and OBs through our TALENT NETWORK.

Connecting needs, interests, knowledge and technology

TALENT NETWORK

This initiative aims to capture all those technical projects or ideas from the different areas and operators of the company in which we can add value from the Laboratory.

The areas that manage the laboratory (CTIO and CDO) have carried out a survey of the type of projects and activities within the laboratory that we are working and that we can make available to everyone. A total of 17 topics organized into 6 global categoriesAnalysis & AI / ML, Access and Transport Network, Automation & Virtualization, Business Support, Devices & TV and Network as Platform & New Services.

Have you got any project or idea about…

What’s in the LAB

From the LAB we offer technical teams different types of support and collaboration such as ENVIRONMENTS AND TOOLS for Data Analysis and AI / ML, 5G Core and Radio, Edge Computing, Open Broadband OLTs, video infrastructures to access real transmissions, OLT deployed in Telefónica or triple play services over FTTH by Telefónica.

We also give the opportunity to work with DEVICES that we have in situ, such as 4G and 5G mobile devices, home devices from the Telefónica catalog, video retail devices with different models, brands and years of manufacture, different families of STB IPTV from Telefónica and third-party HTML applications from IPTV STB.

But beyond technology, we once again turn to sharing knowledge by offering CONSULTING, TRAINING AND SUPPORT, making internal and external experts (partners and universities) available to the company, support in Proofs of Concept, information on regulations and technical documentation, training courses, workshops, communities, datathons …

We also offer the RESOURCES that we have available through collaborations with internal or third-party specialists, the possibility of generating agreements with third parties, obtaining collaborations in industry forums (O-RAN, GSMA, Telco Global API Alliance, TIP … ) and offering services of system managers, installation and commissioning HW and SW.

You can access the complete information in detail here.

Through the TALENT NETWORK project, we have invited all colleagues who may be interested to send us their project proposals in which we can help and collaborate, immediately becoming part of the Telefónica Technology & Automation LAB family.

We believe it is essential to share needs, interests, knowledge and technology in order to grow together and grow more.

It is crucial to combine internal talent and that of our partners with cutting-edge technologies in order to be prepared and to be able to welcome the Future of Telefónica.

The place where everything happens is the Telefónica Technology & Automation LAB.

Growing impact and future potential of blockchain for telcos: A Game Changer?

José Luis Núñez Díaz    18 November, 2021

Could blockchain really impact on the business of communications providers? As an industry, have telcos already embraced this technology? Do they see any opportunity behind blockchain? Do blockchain and decentralized technologies make sense for telco industry? If you search for telco blockchain in Google, you have a lot of results, but most of them are posts listing uses cases in the telco businesses identified by consultancy firms and analyst as relevant for applying blockchain. Repeatedly we find use cases for roaming and intercarrier settlements, fraud detection, IoT identity and security, 5G provisioning and so on. However, they are not identified by the telco companies themselves.

In fact, if we exclude the banks and the financial industry in general or some big players in the world of logistics and distribution (such as Maersk or Walmart), telcos and industry consortium like GSMA or GLF have been one of the most active companies and institutions in exploring the possibilities of this technology. However, very few, if any, projects have gone beyond proofs of concept or narrowly scoped implementations.

Relevance of telcos in adopting blockchian

One way to measure the relevance of telco industry in adopting blockchain can be to look at the Blockchain50 list published by the renowned Forbes magazine. Each year, this list recognises the 50 biggest companies in the world that are using blockchain tech. Last list, published early this year only includes two telcos: Swisscom and Telefónica. So, why being so active telcos don’t have more presence here? Despite the fact that financial institutions and companies holding or handling cryptocurrencies are over-represented, we can explain that because projects pushed by telcos have no significant impact on their core operations yet.

In fact, Swisscom merits for entering the list are related with crypto projects and digital assets. In our case, Telefónica is part of the list because of the massive adoption of blockchain in supply chain management and TrustOS, the sw suite for easily building consortiumless but decentralized enterprise blockchain applications.

Revisiting the Blockchain Magic Quadrant

Can we measure or advance in anyway the impact of blockchain projects in the telco businesses? Almost 3 years ago we presented a tool which allowed us to analyse in a very simple way how and when the different blockchain projects and initiatives we were considering at the time would impact the organisation. We call this framework The Blockchain Magic Quadrant. The quadrant was just a conceptual exercise but simplified how we can compare completely different projects to allocate resources and manage the expectations about the technology.

The Blockchain Magic Quadrant

We reviewed any project from different perspectives, but at the end each one had a main business driver: it activated savings, generated incomes or created new markets. There is also a lot of projects using Blockchain just as a technological enabler. They don’t have any special impact in the business. They creates value because of the solution itself, not for using blockchain. For the rest of projects, the Quadrant allows us to group initiatives in three big families depending on the nature of their impact in the business. So, we divide the quadrant in 3 sectors: IMPROVE, TRANSFORM and DISRUPT.

The IMPROVE sector in the quadrant

It is the base of the quadrant and we find a first group of projects that take advantage of the adoption of decentralized ledgers in pre-existing business processes. These initiatives IMPROVE the companies current businesses, creating efficiencies and savings for the existing products and services that justify the migration of traditional approaches to new solutions based on decentralized architectures and blockchain technologies. They make the same things they had been doing and in the same way, but better because of adopting blockchain. These efficiencies come mainly from reducing the operating time of control processes and operational costs due to non-conformities or disputes resolution in complex and multiparty information exchange processes.

Besides, cumbersome verification and auditing processes are also simplified, even making the requirement of a trusted neutral third party unnecessary, as the technology itself notarises the information and turns it into immutable and irrefutable by the parties. Blockchain becomes in many cases the excuse for the digitalization of the process. The complexity of these projects lies in their integration with legacy systems. The paradigmatic example of this family of projects is the application of Blockchain in the supply chains. These projects are not telco specific. If we focus on the telco industry, the IMPROVE projects deals with settlement betweens carriers and operators.

The Magic Blockchain Quadrant: IMPROVE sector

Supply chain management

There are a lot of productive projects acting on this field and improving the way in which commercial relationships between companies are faced. Telcos usually are very big companies with global supply chains and intercontinental logistics that involves a very complex network of participants. So, blockchain is a powerful tool for telcos to optimize their operations by applying it to face the supply chain challenges. Will the supply chain impact enough in the telco business? Well, obviously it can help in reducing costs and so, increasing profit but the business remain the same. Remember the statement for this sector. We do the same things, in the same way but a little better.

Intercarrier settlement

The other big case to apply blockchain in existing processes is the settlement of data and payments between different companies. These means for telcos the roaming and wholesale business. While supply chain projects are a reality, in this case, we find a lot of multilateral proof-of-concepts sponsored by existing consortia like GSMA or GLF. They are even trying to standardize how the networks should evolve to a decentralized paradigm. In some successful cases, the projects have even been deployed between some operators to improve their bilateral relationships. In any case, impact in business is still not very significant.

The TRANSFORM sector

The second sector groups those initiatives that TRANSFORM businesses. In contrast with supply chain or settlement cases, they take advantage of Blockchain to propose new ways of doing the same things. They are projects enabling trusted ecosystems where new entrants can play a role that contributes with extra value to the products and services: they are transforming the value chain to provide them, both enabling new business models or creating new sources of revenues in the existing markets.

Examples of these TRANSFORM projects are the Self Sovereign Identity concept or those projects that we call platform uberisation initiatives.

The Blockchain Magic Quadrant: TRANSFORM sector

Decentralized management of Digital Identity

This concepts implies that the user is the key player and central entities that verify identities become unnecessary. Companies can issue verifiable credentials that proof some attributes of your identity that anyone can verify without asking the issuer to validate them. This new scheme for authentication and authorization services completely transform the digital identity field. The new players in this game will be those companies having a deep knowledge about their customers that will develop a new source of revenues.

And usually telcos know a lot about their subscribers. They know who they are, how and when they move or their history of payments for their subscription. All of them are attributes easily issuable as verifiable credentials that can add value to third parties business models. Besides, telcos can easily and trustworthily deploy a wallet in subscriber’s handsets to make easier to them managing their credentials. So, if self sovereign identity ecosystems exploit in the near future, telcos are in a very good position to capture part of the value. Digital Identity services already exists, they are the same things, but thanks to blockchain and decentralization, new players will enter the ecosystems to do them in new ways.

Platforms uberisation

Another trend enabled by decentralization and blockchain technologies that could seriously impact in telcos and digital services providers is what we can call the uberisation of networks using the cryptoeconomy. Platform economy isn’t new, however, blockchain adds to platforms the power of decentralization and total transparency to the economical incentives that engage users to contribute to the ecosystems. There are a lot of projects where users rent out their assets in exchange for crypto-based tokens. They works when new participants become computing providers, storage providers or connectivity providers.

Beyond peer to peer networks for storage or computing, especially disruptive is the proposal of startups like Helium, called itself the people’s network. Its aim is to build a wireless network deployed by normal people connecting a simple device to the Internet in their home or office. This device acts as a hotspot providing low-power network coverage (LoRa) for billions of IoT devices. Users become connectivity providers and can quickly recover the investment in the device by earning cryptocurrency because of the coverage it is providing.

Today, Helium network has almost three hundred thousand hotspots, adding seventy thousands new ones the last month. Thanks to blockchain-based incentive model they are deploying the largest decentralized wireless network in the world. Decentralization ensures network robustness, although availability and network service can’t be committed in the same terms that traditionally deployed and operated telco networks do. Today, the LoRa coverage can’t compete with operators’ 5G network. However, Helium plans including also the deployment of 5G hotspots in the near future. This will change completely the way in which telco operators traditionally deploy and operate radio networks. Anyway, these models show us that again, things can be done in new ways and new entrants can transform the existing markets.

The DISRUPT sector: tokenising everything

We have the more aspirational projects in the DISRUPT sector. Disruption comes for its ability to create and open NEW MARKETS, either generating new assets that did not exist before or creating secondary markets from the inefficiencies or inelasticities of the previous scenarios. We have no idea about what new markets enabled by blockchain disruptors are imagining right now, but in my opinion, many of them will be related with tokenization.

Currently, the king of the trends based on tokenization is the NFTmania. We can spend very long time reviewing what things are people monetizing by creating Non Fungible Tokens. I’m not going to question what can be or can not be a token. They are everywhere right now. Brands are issuing NFT collections for raising funds from their fans. Other guys are creating Kitties, Zombies or even Digital Art that can be commercialized in the NFT markets.  

And the most nerd trend enabled by blockchain is the metaverse. Even Mark Zuckenberg announced some weeks ago his plans. He thinks that the future of Facebook is in the metaverses, those virtual worlds populated by avatars. They can be implemented without blockchain, but blockchain enables the possibility to close economical transactions in a trustworthy way. If banks were the first companies to explore cryptocurrencies, gaming companies are the first making business not exactly in the metaverse, but with the metaverse. They are actively selling wearables for the avatars in the same way the placed them in the videogames. And the best way they found to ensure the buyers that they are buying an authentical complement for their avatars is blockchain, or more precisely, issuing NFTs.

The role for telcos

Can play telcos any role in the metaverse? Will the communication between avatars in the metaverse a service that the telcos can provide? We don’t know, but new digital services like metaverses only can exists in a hyperconnected world, with ubiquitous low-latency networks that allows to interact with the avatars in real time from everywhere. In addition to this, the network becomes relevant as the only “centralized” element that can anchor the decentralized world. The communication network can notarize everything travelling through it, becoming the only trustworthy and shared element that connects people and companies. This notarization, in terms of collecting evidences of executed transactions could be also one of the roles that telcos could play in the next years.

The Blockchain Magic Quadrant; The DISRUPT sector

FORECASTING

Summarizing, we introduced the Magic Quadrant framework to asses the eventual impact of blockchain in organizations, positioning the projects we mentioned in three waves depending on the timeframe we think they will be in production. But I have intentionally not tried to give estimates of market size, opportunities or revenues.

According to IBM, the impact of lack of supply chain visibility are around $300 billion globally. Just by improving efficiency by a few percentage points we have a billion dollar business. The disputes in global roaming market reach several billion dollars yearly. Juniper Research found that the SSI (self-sovereign identity) movement will reach annual revenue of $1.1 billion by 2024. Market cap of Filecoin and Helium reach $12 billion. Decentraland, one of the popular metaverse, values $5 billion and all-time sales of NFTs will reach $10 billions next week. All these flourishing businesses needs reliable blockchain networks to operate and telcos know how to do that. So, just capturing some of the value we are facing a market worth billions.

Value for telcos

So, is blockchain a game changer for telcos? It may not be as disruptive and transformative as promised, but it will be an endless source of opportunities. Some reports suggest that Blockchain Market worth $67.4 billion by 2026. We can look forward to a few months from now to see if telcos are indeed playing a role in the new markets that have been created around metaverses and NFT containers and tokenisation projects.

But in the meantime, we cannot ignore the opportunity to provide reliable blockchain infrastructures that allow all these opportunities to develop. By capturing just two percent of this market, we are already looking at a billion dollar opportunity and beyond the big cloud providers, what other companies can provide this infrastructure? I believe telcos can and should develop it. We are in the best position to help companies in adopting blockchain and provide them with reliable infrastructures and easy-to-use services to develop their disruptive business models.

Footprint

This content was part of my keynote at Telecoms World Asia conference run virtually in November 2021. You can find the presentation I used at https://www.slideshare.net/jota.ele.ene/growing-impact-and-future-potential-of-blockchain-for-telcos-a-game-changer

This article has been published by José Luis Núñez Díaz on 18 November 2021 in Think Big blog has been registered in blockchain via TrustOS with the following identifier: did:vtn:c1:certid:ebb6ad47f2d4b70c6ef62a8b32c2c43def9abdb16e7fd9c82bbefbbdb7bb6da3. You can verify it by clicking on this link.