Empowering women in entrepreneurship: 10 female – led startups in Germany

Innovation Marketing Team    14 July, 2021

In Germany, only about 15% of startups are initiated by women. Sadly, the figure has been stagnant for years. Additionally, female-led startups receive significantly less Venture Capital than those owned by men. This is a shame, considering that data shows that startups founded by women achieve higher revenues and are therefore a more attractive investment. 

We at Wayra Germany use our resources and influence to bring more diversity to the startup world by explicitly supporting female entrepreneurship in multiple ways. For example, 

  • Diversity as a key performance indicator 
  • Mentorship for female entrepreneurs
  • Free data training opportunities

Check out the top 10 female-led startups in Germany and if you are interested in reading more about how we empower diversity, check out our blog.

vCoach

vCoach is a Munich based startup and is specialized in the digitization of communication training. They aim to develop scalable and impact-oriented soft skill training. With artificial intelligence and video analysis, vCoach enables an individual and measurable learning experience.

accu:rate

accu:rate is a spin-off of the Technical University of Munich and is based on the research work of Dr. Angelika Kneidl. The main focus is to simulate the flows of pedestrians with the software crowd:it. In this way, they help the customers visualize and solve the challenges of managing the dynamics of crowds.          

Amplitude

Amplitude wants its users to get on top of their money and start seeing beyond tomorrow, to make the right decisions, now and in the future. For young adults (between the age of 18-32) who’ve never learned how to manage their money, we provide a cash flow management tool that enables them to manage, plan and understand their personal finances.

AILY LABS

AILY LABS‘s vision is to develop beautiful digital AI products that are easy to integrate. They believe in challenging the status quo and empowering business with meaningful AI.

Femtasy

Femtasy is the first streaming platform for sensual audio stories for womxn. We make womxn happy and inspire; simple as that. We stand for zest for life – female empowerment is in our DNA.

Honeypot

Honeypot.io is Europe’s leading developer-focused job platform. Whether you’re a developer looking for a new job or a company looking for great talent, Honeypot’s the place for you. Developers on the Honeypot platform can enjoy salary and tech-stack upfront with no resumes, no cover letters, and irrelevant offers.

Lana Labs

Lana Labs is a team of international process and IT experts. As specialists for AI-supported analysis of business and production processes, their goal is to make companies smarter, more efficient and faster through automated process analysis.

audEERING

audEERING GmbH develops next-generation audio analysis algorithms using AI that makes machines emotionally intelligent. They also provide consulting services to help companies integrate state-of-the-art audio analysis technology into their products and their workflow.    

Parity Technologies

Parity Technologies’s mission is to enable businesses and organisations to capitalise on blockchain technology and benefit from the new opportunities it presents. They develop cutting-edge software solutions for enterprises and industries to unlock the full value of decentralised technology.                 

Planetly

Planetly develops user-friendly and straightforward software to enable intelligent carbon management for businesses. They aim to allow companies to transition to a net-zero economy successfully.

Telco’s: as a major player in the cyberspace

Bechara Kaddoum    13 July, 2021

For over a decade, telecommunication companies have shifted their primary focus to the rapid expandability in the consumer market. This growth was mainly promoted by the wide cell phone use turned out to be nearly universal, in addition to broadband, TV and other data services sold by Telco’s to clients at home and on the go. Throughout the last couple of years, top management of these companies became progressively reliant on securing and developing the business market, where they saw new opportunities and undiscovered potential in services dedicated to B2B.

During the first wave of COVID19, Telco’s from all over the world had to answer the rising need to connectivity either by bandwidth or by availability with most of the companies shifting to remote work strategy and cloud. A tremendous job has been done to secure and provide the best service for customers, businesses or individuals, in a short period of time. José María Álvarez-Pallete Chairman & CEO of Telefónica said: “It is impossible to predict the future, but I am convinced that the best way to predict it is to create it”.

According to GlobalData, by 2030, global security revenues will have nearly $238bn. Revenues are expected to grow at a CAGR of 6.4% between 2019 and 2030. (*)

Telco’s have the right to play in the cyberspace, having a long history of providing secure and reliable network access both within their own organization or to businesses, this experience puts Telco’s in a strong position to meet organizations need for security as they look forward to incorporating more cloud- based solutions and services.

Top management frequently challenges the profitability of B2B units in telco’s, which in general run lower compared to customer-based business due to the levels of customization, complex purchasers, and the low margin as a result of competition in IT business. In order to build a strong B2B business, it it’s recommended for executives to accept the long run investment payback.

To get ahead in this rapidly growing market of security and cloud services, Telco’s are required to prioritize the B2B  opportunity and embrace three essential capabilities:

  • Understanding the customer’s need and answering it in short period of time. It is important for Telco’s to efficiently assess the requirement of the business and create packages based on its underlying need.
  • Adding new security services to the core business. A selective addition of new security growth domains that are close to the core business is beneficial to start building the portfolio of businesses with high ROI and low investment over a 6-month period. This will often require finding partners equipped with the capabilities to deliver such services.
  • Industrializing the product portfolio with a scalable and modular set of offers. Investing in modular solutions to avoid the temptation to systematically develop bespoke solutions. This will help addressing the needs of small and medium customers with standard converged bundles.

At Telefónica we understand that your organization must meet customer demands for cyber security and cloud solutions with a comprehensive portfolio. We know that choosing the right security partner is critical for success.

As a Telco, we understand the needs of our partners and can help guide you in implementing cyber security and cloud solutions that are tailored-made for your customers’ needs. We share the same DNA and timing, and we have gone through the same steps they will follow if willing to enter the cybersecurity market. They will learn from our successes, but even more importantly, from our failures.

To conclude, in order for Telco’s to create this rapid customized go to market model and plan a rapid ROI (Return on investment), it is in their favor to partner with telco’s providing cybersecurity under white label model since most of them faced similar problems and managed to overcome the difficulties which gave them an insight on how to modify their offerings in order to deliver highly effective products and services to SME as well as large enterprises.

If you want to receive guidance on cybersecurity for Telco companies, CONTACT US.

Discover the benefits of being a Telefónica Tech Partner.

We’re talking about technology, will you join the conversation?

Telefónica Tech    12 July, 2021

It is increasingly common to come across concepts such as Big Data, Artificial Intelligence, Internet of Things, Cyber Security, Cloud or Blockchain in any field and any conversation, disruptive technologies that are here to stay. A few years ago, these technologies were only known by a few experts but, more and more, we find them in everyday situations, so the interest and knowledge of these terms has grown exponentially, as well as their use in all kinds of businesses and services. This is why we have created an ecosystem of channels and content based on the knowledge of our experts and what we are learning day by day with our clients, so that you can keep up to date with the advances in these technologies.

#WeAreTelefónicaTech

We are Telefónica Tech and we are passionate about technology. What’s more, we are experts because we work with it on a daily basis, because we do research, because we share our passion with other experts and, above all, because we aim to use it for a purpose: to make people’s lives easier, with solutions that range from the application of the Internet of Things (IoT) for the development of family farms to the use of Blockchain to guarantee the traceability of the COVID19 vaccine.

You may be wondering where Telefónica Tech comes from, who we are and where our passion and expertise comes from. Here, let me tell you how we got here:

  • Cyber Security: for almost a decade, Telefónica has been clear that cyber security is of vital importance. As early as 2013, the prominent hacker Chema Alonso joined the company with Informática64, which gave way to ElevenPaths, first as Telefónica’s cyber security unit and, afterwards, as a company. Nowadays it is included in the holding’s subsidiary together with the Cloud business under ” Telefónica Tech Cyber Security & Cloud”.
  • Cloud: who hasn’t heard of “the Cloud”? Especially after a 2020 in which remote work conquered practically all sectors. One of the most mature and important new technologies, which will continue its rise with concepts such as Edge Computing and, as we have already mentioned, located very close to cyber security. Telefónica has a long history of activity in this area, which includes the presence of companies such as Acens, for example, which is currently also part of Telefónica Tech.
  • AI of Things: a few months ago we presented the concept of “Artificial Intelligence of Things“, which brings together several leading technologies such as Big Data, Artificial Intelligence, Internet of Things (IoT) and Blockchain. The combination of these technologies gives rise to interesting solutions that allow us to provide our clients, and consequently the end user, with an improvement in the quality, sustainability and speed with which they receive the product or service purchased. The union of technology companies such as onthespot or LUCA with the Telefónica IoT area resulted in this innovative concept focused on helping companies in their digital transformation.

In this video we summarise everything we do at Telefónica Tech:

Writing our own story

In just two years of existence, Telefónica Tech has reached several remarkable milestones, signing a multitude of agreements with major companies such as Microsoft and Siemens. We have acquired companies such as Altostratus, received ratings from leading industry analysts such as recognition as a leader in the Gartner quadrant of managed IoT services for the seventh time or recognition as a leader in leveraging unique customer and network data by Forrester. In addition, we have collaborated with the Movistar Team and have committed to innovation and startups business with the creation of Telefónica Tech Ventures. We have also created an ecosystem with the best partners to extend our own capabilities and generate a complete set of solutions adapted to the needs of today’s clients.

Where can you find us?

We are present in the main social media networks. In each of them you will find our content, adapted to the characteristics of each network. Do you want to keep up to date with what’s happening at Telefónica Tech? Follow us on our accounts:

Are you also passionate about technology? Join the conversation! #WeAreTelefónicaTech

Cyber Security Weekly Briefing 3-9 July

Telefónica Tech    9 July, 2021

Kaseya VSA incident

On Friday July 2nd, the Revil ransomware group compromised third party companies by exploiting a 0day vulnerability in Kaseya VSA. Kaseya VSA is a remote system monitoring and management solution widely used by Managed Service Providers (MSPs) in the US and UK. The compromise of this solution allowed attackers to gain access to the workstations and corporate networks of hundreds of MSP customers to install their payload and encrypt their files. According to Huntress’ traceability of the incident, the attack vector was an authentication bypass flaw in the Kaseya VSA web interface, which allowed unauthorised code execution via SQL injections. The Revil ransomware group has asked for 70 million US dollars to decrypt the affected systems. In terms of the impact of the incident, it was confirmed that it was focused on VSA servers in customer premises (on-premises), so the impact was reduced to around 40 customers, according to the company. Therefore, the rest of the VSA solutions in the cloud and associated SaaS services would not be affected, even though initially when the incident became known, the disconnection of all SaaS servers was requested. Despite a more limited number of potentially affected customers, the risk arises from the fact that some of these customers are managed service providers (MSPs), which could in turn affect their customers. According to the telemetry of ESET, which applied detection rules for the Win32/Filecoder.Sodinokibi.N ransomware variant on July 2, the bulk of the compromises appear to be taking place in the UK, South Africa, Canada, Germany, the US and Colombia. So far, on a preventative level, it remains recommended that customers using Kaseya VSA on-premises disconnect VSA servers and make use of the tool provided by Kaseya to locate IoCs on VSA servers and VSA-managed machines to rule out possible compromise.

Learn more: https://www.kaseya.com/potential-attack-on-kaseya-vsa/

Cobalt Strike distribution using the Kaseya VSA incident as a lure

Malwarebytes researchers have detected a malspam campaign that is using the fallout from the Kaseya incident as a pretext to distribute Cobalt Strike to potential victims, masquerading as Microsoft security updates. In this campaign, the attackers attach a malicious file with the name “SecurityUpdates.exe” as well as a link that redirects to a URL (hxxp://45.153.241[.]113/download/pload.exe). From this URL, a supposed Microsoft update is downloaded to help protect against ransomware threats. It is worth noting that this same methodology was used by threat actors to also distribute Cobalt Strike after the Colonial Pipeline incident.

All the details: https://twitter.com/MBThreatIntel/status/1412518446013812737

Microsoft update does not always fix PrintNightmare

Microsoft has released an urgent security update to patch the critical vulnerability known as PrintNightmare (CVE-2021-34527) for which only mitigating actions have been provided so far. This vulnerability allows remote code execution with system privileges through the Windows Print Spooler service, giving an attacker the ability to install programs, view, modify or delete data, and even create new accounts with full user rights. Once the patch was released, several prominent security researchers reported that they have managed to bypass, under certain conditions, the Windows security update released to patch PrintNightmare, again replicating locally and remotely the vulnerability in the printing protocol. The origin of the vulnerability lies in a poor implementation of the updated code, which would allow an attacker to remotely execute arbitrary code when PointAndPrint policies are active and warnings are disabled when installing new drivers (PointAndPrint NoWarningNoElevationOnInstall = 1). Microsoft has not yet made any statements on the subject. Therefore, it is still recommended to disable the print function on any system where it is not strictly necessary, whenever possible.

All the details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

Analysis of the GrimAgent malware, linked to Ryuk’s operations

Group-IB researchers have carried out a technical analysis of the GrimAgent malware, a new backdoor related to Ryuk’s operations following the dismantling of previously used infection vectors such as Emotet and Trickbot. The link between this malware and Ryuk was established through analysis of GrimAgent’s C2 servers, as when a request was made to the malware’s C2 domain, it returned content designed for Ryuk’s victims. Based on this relationship, the researchers suggest that GrimAgent is being used as part of Ryuk’s operations. They also note that no sales on underground forums related to this malware have been identified, nor any use of the malware in the infection processes of other ransomware families. GrimAgent’s main functions include the collection of system information (IP, location, OS, usernames, privileges, etc.) and the download and execution of shellcodes and DLLs. Researchers also highlight the ability to circumvent different security measures, which indicates that we are dealing with a meticulous and highly capable actor.

More info: https://blog.group-ib.com/grimagent

Vulnerability in access to QNAP NAS devices

QNAP has fixed an unauthorised access vulnerability in the security of its network-attached storage (NAS) devices. This vulnerability (CVE-2021-28809), discovered by researchers at TXOne IoT/ICS Security Research Lab, is due to a bug in the software code that does not properly restrict access privileges, allowing an attacker to escalate privileges, execute remote commands and compromise the security of the device, gaining unauthorised access to sensitive information. QNAP recommends upgrading to the latest version available for its HBS 3 devices: QTS 4.3.6: HBS 3 v3.0.210507 or later, QTS 4.3.4: HBS 3 v3.0.210506 or later, and QTS 4.3.3: HBS 3 v3.0.210506 or later. QNAP NAS devices running QTS 4.5.x with HBS 3 v16.x are not affected. This is not the first time QNAP has had to fix vulnerabilities of this type recently, having had to fix in April this year a poor access management issue that gave backdoor access to its devices, and which ended up being used by several ransomware operators QlockerAgelocker or eChoraix.

More: https://www.qnap.com/en-us/security-advisory/QSA-21-19

Frequently Asked Questions About Printnightmare (CVE-2021-34527)

Sergio de los Santos    7 July, 2021

We are going to try to clarify some common doubts about this vulnerability, since it has turned up with some confusing data about whether it was patched or not, what it is called, how it can be exploited and how to protect yourself.

Why Is It Coming Out Now and Without a Patch?

 Zhiniang Peng and Xuefeng Li are going to Black Hat this year to show how to exploit vulnerabilities in the Windows print queue. For some reason they published all the details of a vulnerability they initially called CVE-2021-1675 but later confirmed as CVE-2021-34527 and with the ” printNightmare” alias”.

They published the exploit on github and shortly after they regretted it and deleted it. But it was too late and it was copied in many other places with other formats, languages, etc.

Is It Patched?

No. Initially it was thought to be somehow a variant of CVE-2021-1675, patched on June 8th, but no. It’s a different bug. However, having or not the patch influences the decision flow to be more or less vulnerable.

How do they attack me?

You need to have a valid user on the system or on the network (hosted on the domain controller) and at the same time, the domain controller must allow remote printing. These are the basic conditions. From there on, anyone with not too much knowledge can inject a DLL into the server with SYSTEM privileges, which in practice means full control of the whole network.

Am I vulnerable?

Probably yes. All Windows are potentially vulnerable. There are already exploits of all kinds. It is very easy to exploit. If the print queue is accessible and the patch is not applied, the exploit will work. The print queue is not directly accessible through a port so regulating access through the firewall won’t help (unless you want to block ports 445 and 137 which are more delicate to manage).

If the patch is on a domain controller, and the attacker is in the pre-2000 compatibility group, the exploit will work. “Pre-windows 2000 Compatible Access” is a group that relaxes and adapts certain measures so that 9x systems can run on the controller. This is not as uncommon as it may seem.

If it is not a domain controller, then look at another parameter since the above does not apply. Look at the status of “point and print” and “EnableLUA”. The first one is a one-click printing system, i.e., automatic driver installation if necessary. The second one has to do with UAC and if it is disabled, the exploit will work. It looks much clearer in this decision tree.

How can I protect myself?

It depends on what you want to sacrifice. If you do not need to print at all, the easiest thing to do is to turn the service off and disable it.

If you need to print locally but do not want anyone to be able to exploit this remotely, you can disable remote printing from the GPO.

This is achieved by disabling the “Allow Print Spooler to accept client connections”. It is necessary to restart the service.

One thing that is disabled by default but is worth making sure of is point and print:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint
  • NoWarningNoElevationOnInstall = 0
  • NoWarningNoElevationOnUpdate = 0

What happens if you want to print in all conditions from the outside and the inside? A riskier formula, but one that allows you to operate more freely, is to change the permissions.

With this hack, the impact is that no more printers can be added to the system, but the exploit will not work, but the bug will still be there. It is risky but seems to be effective. More info here: https://blog.truesec.com/2021/06/30/fix-for-printnightmare-cve-2021-1675-exploit-to-keep-your-print-servers-running-while-a-patch-is-not-available/

How do I know if I am being attacked??

Here Microsoft has published some Microsoft 365 data: https://aka.ms/printspooler-rce-ahq

Here are details on how to detect it with several manufacturers: https://github.com/LaresLLC/CVE-2021-1675

It is also a very good idea to enable the Windows-specific registry:

Technology and people living together through change

Raúl Hernáinz Ortega    6 July, 2021

Today I would like to start this article by referring to one of the 8 steps that, according to John P. Kotter, a researcher in the field of digital transformation and change management, must be taken care of in an organisation that is committed to a Data Governance programme. We are talking about the point concerning:

We live in hectic times in which technology is evolving so fast that it is becoming increasingly difficult to be able to process the data that is generated.

The implementation of data governance in the organisation is complex, as it involves orchestrating initiatives with very different approaches or points of view (DAMA disciplines). All this complexity represents a great effort, but at the same time it will be the easiest way to break down an impossible problem into smaller pieces that the human mind, with the help of technology, would be able to process.  

Pursuing Common Goals

Kotter shows how a well-defined and communicated vision can lead to the right way to implement change. Every choice counts.

People need a clear and convincing statement of the intended change to make it a common goal. Let’s have a look at the implementation of a new technology.

While it is highly relevant, it does not imply a change in the organisation’s vision or objectives. We often say that it is a vehicle and not the end. What the organisation can do with the technology (e.g., centralise reporting or create a glossary of business terms as a common language) would be part of the vision, and this starts with defining a good strategy.

Getting Started

Wayfarer, only your footprints

are the path, and nothing more;

wayfarer, there is no path,

you make the path as you walk

The road to choosing the right technology to support the vision is an arduous process. Any breakdown of a Data Governance programme needs a tailor-made and fine-tuning actions. These include:

  • Meetings with the main stakeholders in order to know the needs or requirements that are expected to be achieved from a tool from both its functional and technical aspects. This will take into consideration aspects such as control over the architecture, source systems, governance disciplines to be deployed, usability to be achieved and costs to be managed.
  • Knowledge of the market situation and the level of compliance with our selection criteria by the best existing solutions. In this case, we will turn to reputable sources such as Gartner or Forrester, which evaluate the viability of these technologies based on success stories and customer opinions.
  • SWOT analysis of each of the tools, and weighted evaluation of the different functionalities, assessed according to different criteria or axes.

Assessing Possibilities

At this point, it is necessary to lay the foundations of what was acquired in the previous instance. It is therefore time to be able to collaborate, among other activities, in:

  • The elaboration of supporting documentation, where aspects of the future tool can be detailed, such as:
    • The licensing model
    • Attendance of DEMOs, if required
    • The way it is installed (on premise, SaaS, Cloud)
    • The definition of future sessions or workshops to be undertaken
    • Necessary actions at configuration level (extra modules, integration with other tools, metamodel at asset level, connections to DBMS, etc.)
  • Deepen the functionalities offered by the resulting tools by means of proof-of-concept tests, in order to corroborate that the initial requirements are covered.
  • The progressive shaping of a template, map or outline of points that will allow a better parameterisation or migration to the tool.
  • Support in the final and justified decision of the selected tool, and control with purchasing and legal, if necessary, in order to know the status of the acquisition process.

Seeking Symbiosis

Technology advances in accordance with the needs and trends of the moment. Therefore, its use entails an exercise of continuous reinvention and specific maintenance. As a novelty, change is fragile and requires a process of reaffirmation.

For this reason, the implementation of any technology will be carried out gradually and through incremental improvement processes. We should look at:

  • Work together with the supplier in adapting its technology to our organisation’s environment. In this way, all the functional and technical needs previously mentioned will be reflected in the operation of the tool.
  • The impetus we can give to training efforts will help to create a favourable climate for technology adoption and achieve new cross-cutting synergies (OGD, business and technology).
  • Promote and define a channel of action with the technological supplier for the generation of developments, data sources to be incorporated and releases or versions.
  • Create a vehicle for incident management and ensure data availability and service continuity.

The Path Never Ends

We need perseverance because change and technology bring us qualities such as agility, dynamism and accountability. Perseverance to continuously improve, and through a cyclical and unidirectional process move forward, extending the Data Governance function to all areas of the organisation and incorporating new capabilities and/or strengthening existing ones.   

As indicated above, the sheer volume of data being generated is becoming increasingly evident and, as a result, Data Governance is here to stay. And along with it, technology is positioned as a necessary enabler to help bring order to all this chaos.

According to Charles Darwin’s acknowledgement:

“The species that survive are not the strongest, nor the fastest, nor the most intelligent, but those that adapt best to change”

And as we indicated in our last article The Gestalt Theory in Data Governance: “the whole is greater than the sum of its parts”. And you, do you feel part of this new technological and cultural paradigm.

MWC21: 5G and digital technologies, a reality for the post-covid recovery

Andrés Escribano    5 July, 2021

This year’s edition of MWC21 has been a very important step towards post-pandemic Face-to-Face events. The attendees came with a clear vision of establishing new relationships, pushing new businesses, motivated by the possibilities that appear after this “stop”.

The most relevant, due to its impact on the media, has been the communication of Elon Musk: Starlink to offer internet anywhere in the world, with his doubts about the viability of it as a business.

By not attending some of the big brands like other years, he has allowed startups to shine a lot, allowing us to discover disruptive solutions, in various stages of maturity,  from smart holograms to AI models for all kinds of solutions.

Obviously 5G continues to be a traction engine for the entire business world around MWC21, now in a much more mature way, and focused on multiple real use cases.

6G is already being glimpsed, with a series of very initial characteristics where the transfer speed seems to be its greatest additional value over 5G.

As fundamental axes in the vision of the world companies:

Industry 4.0, and its evolution towards Industry 5.0 with a focus on the employee.

Sustainability in multiple cycles (energy, food, agriculture, etc)

Digitization of multiple sectors (Public Administrations, Industry, etc)

As Telefónica Tech we have been very active, participating in multiple panels, etc, and with demos at the Telefonica stand:

– Industry 4.0 use cases in ports, integrating robotics solutions, Intelligent Image Processing, Edge, 5G, etc. With predictive maintenance solutions in a massive way in the Industrial world massifying its use in many sectors.

Sports analytics integrating IoT, Edge Computing and Artificial Intelligence solutions. In this case we focus on the world of soccer, but can be extrapolated to many more sports disciplines

Sustainable agriculture solutions. Apply the digital transformation to the agricultural sector, with the use of technologies such as IOT / AI, etc. in a different way and with a real application already in clients.

As a final summary, we have not seen great “WoW” effects or disruptive technologies that we will use in 3 or 5 years, but rather like many of the technologies that in previous events were emerging, now they are mature technologies that are already being used in the process of The Digital Transformation of companies and the economy. And above all a feeling of proactivity and acceleration so that the technologies serve as an accelerator of the recovery.

Leave a Comment on MWC21: 5G and digital technologies, a reality for the post-covid recovery
Andrés Escribano
Andrés Escribano

Andres Escribano is New Business & Industry 4.0 Director in Telefonica Tech. He is responsible for developing the new business verticals for IoT, Artificial Intelligent and Blockchain, and lead the Industrial IoT Solutions business, including 5G for enterprise Solutions. He is co-chairman in GSMA Smart Manufacturing Group. Previously, was responsible for the Global IoT connectivity business in Telefonica during 4 years (more than 18 Mll IoT lines around world), including the Telefonica IoT Platform Global Product Area, IoT Partners Program & Business Technology Area) . For 6 years, he implemented and managed the ERP/PDM information systems in EADS (Airbus), Later he joined Telefonica in 1999 where he was responsible for IT and Security in Quam Switzerland (former O2 group). For 9 years in different organizations in Telefonica (Spain and Latam Corporation & MNCs), focus in the B2B Business.

Cyber Security Weekly Briefing June 19- July 2

Telefónica Tech    2 July, 2021

New activity of the threat actor Nobelium

Microsoft has issued an update on the activities of the Russian threat actor known as Nobelium (aka APT29), which is credited with compromising the SolarWinds supply chain in late 2020. This time, researchers warn of targeted brute-force and password spraying attacks against entities in 36 different countries, almost half of which are focused on the United States. In terms of sectors, the attacks are mainly affecting technology companies (57%) and government (20%), as well as, to a lesser extent, financial institutions and think tanks. So far, there are three known compromises as a result of this activity. Additionally, as part of this investigation, Microsoft identified a credential-stealing trojan installed on the device of one of its customer support employees. With this intrusion, Nobelium gained access to basic account information of a limited number of Microsoft customers, data that has been used to launch targeted phishing campaigns.

More information: https://msrc-blog.microsoft.com/2021/06/25/new-nobelium-activity/

Microsoft releases technical details of critical vulnerabilities in NETGEAR routers

Security researchers at Microsoft 365 Defender Research have published details of three critical vulnerabilities with CVSS scores between 7.1 and 9.4 in NETGEAR DGN-2200v1 routers with versions prior to v1.0.0.60. These were reported in a security advisory by Netgear in December 2020, along with details for patching the vulnerabilities. The three vulnerabilities lie in the HTTPd component and allow an unauthenticated remote attacker to bypass authentication and perform the backup function to obtain access credentials, as well as recover these through side-channel attacks by measuring the response time upon authentication. These vulnerabilities could provide an entry vector into the internal networks of companies that have the exposed administration port of the vulnerable router.

More information: https://www.microsoft.com/security/blog/2021/06/30/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise/

Brute-force attack campaign by members of the Russian GRU

Several American and British agencies, NSA, CISA, FBI and NCSC, have published an alert about a campaign of brute force attacks carried out from the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). According to the researchers, this campaign has been running from mid-2019 to the beginning of this year and is reportedly being directed against entities from different sectors that mainly use Microsoft Office 365 cloud services, among others. This brute-force attack methodology allows the actors to obtain the credentials of their victims, to subsequently use these accesses to carry out lateral movements. In addition, the researchers indicate that they have also managed to exploit the CVE 2020-0688 and CVE 2020-17144 vulnerabilities in Microsoft Exchange servers, in order to allow remote code execution and further access to victims’ networks. It is recommended to apply the mitigation and blocking measures for IOCs attached to the briefing note.

More information: https://media.defense.gov/2021/Jul/01/2002753896/-1/-1/1/CSA_GRU_GLOBAL_BRUTE_FORCE_CAMPAIGN_UOO158036-21.PDF

New Mirai botnet variants exploit a zero-day in KGUARD DVRs

Netlab researchers have identified two new botnets based on Mirai code that use a 0-day vulnerability in KGUARD digital video recording devices as a method of propagation. The vulnerability allows remote code execution without authentication and is found in those KGUARD DVR devices with firmware prior to 2017, including up to 3,000 devices currently exposed online. Analysis of the botnets, named mirai_ptea and mirai_aurora, reveals that they use Tor proxies to communicate with the C2 and the TEA algorithm to hide sensitive data, with their ultimate goal being DDoS attacks. Researchers have observed a steady activity of 2,000 infection attempts per day, with peaks of up to 15,000 attempts. Territorially, most of the infections are located in the United States, South Korea and Brazil, although their reach is global.

More information: https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/

What we should remind ourselves of on International Social Media Day

Marina Salmerón Uribes    30 June, 2021

Today is the international day of social networks, tools that have changed our day-to-day personal and professional lives and from which we find it hard to detach ourselves. On a day like today, and through this article, I felt the need to put special focus on certain aspects that, as a lover and active user of them, we must sometimes remind ourselves.

Did you know that there is a theory that explains that all of us living on the planet are connected through six people? It is called the theory of six degrees of separation and was proposed in 1930 by the Hungarian writer Frigyes Karinthy.

According to this theory, each person knows “on average”, counting family, friends, work colleagues, hobbies, school, etc., about 100 people. If each of these close acquaintances is related to another 100 acquaintances, any individual can have a point of contact with up to 10,000 people. In other words, if I give a message to one of my acquaintances, just by asking them to tell their 100 acquaintances, that message is reaching 10,000 people. And I continue with the explanation: if those 10,000 people know another 100, the network would expand to 1,000,000 connected people in a third step, to 100,000,000,000 in a fourth, to 10,000,000,000,000 in a fifth and to 1,000,000,000,000,000,000 in a sixth.

Those of you who are still reading the post (thank you for continuing given my previous explanation), you may be wondering what this theory has to do with the international day of social networks. Let’s stop and think for a moment: if this theory emerged more than 100 years ago without the existence of technology and, therefore, social networks, are we really aware of the impact that a message, post, comment, etc. can have when we make it public on our social networks? Technology makes it possible for something we post to reach almost any individual on the planet.

According to data from the latest study published by We are social, Digital 2020 Global Digital Overview, more than half of the world’s population, specifically 53% of the population is connected to the Internet. The majority are active users of social networks, a figure that continues to grow year after year.

We live in a connected world, 3 billion people are connected via the Internet, and at Telefónica we know that better connectivity means a better quality of life. However, due to economic barriers, social obstacles and lack of infrastructure, 2/3 of the world is still not connected. Those of us who, fortunately, are already connected, are we aware that in one click we can get the information we are looking for? How can we educate those who do not yet have access to the Internet to use social media in the most appropriate way once it is available to them? Are we putting into practice a responsible use of social networks, protecting our identity and digital footprint?

The answer is simple: responsible use of technology is everyone’s job, and above all, I put the focus on those of us who are passionate about our work and work with social media on a daily basis. We must be loudspeakers and explain the benefits of social media and raise awareness of the precautions we must take to use them responsibly. Let’s make it simple, social media have become a very valuable and necessary tool in our daily lives and with a correct use the impact is positive, however, in order to enjoy the benefits, we must first be aware of the risks.

Let’s go back to the six degrees theory. It is an important day for us in our personal sphere; the wedding of a family member. We upload content on our networks in which we include, mention, tag our entire circle and in which, without realising it, we exempt our surroundings from privacy, often overexposing minors and without being aware that a few photos in a relaxed atmosphere can be used against us or against those who appear in them and have a negative impact on their and our digital footprint and reputation. Let us remember that when we publish something, we make public and visible a message that remains on the network and “ceases to belong to us”, so we lose control and can reach millions of people without being aware of it.

Let’s educate and protect our minors: grooming, sexting, etc. are terms that only a couple of years ago were known by digital marketing professionals, however, unfortunately they are increasingly common terms that we must focus on as adults in order to educate. Are we protecting our minors by limiting the use of the websites they browse? By making them aware of the importance of digital disconnection in our daily lives? After the pandemic, Red de Atención a las Adicciones (UNAD) launched a campaign called #GánaleLaPartida in which it claimed that being connected can disconnect us from everything after verifying that during the coronavirus crisis and due to the confinement, a notable increase in calls for help related to the abuse of video games, online gaming, excessive exposure to mobile phones and the Internet by children and adolescents was detected; exacerbating problematic behaviours derived from the misuse of technologies.

With this post, I really don’t want to dramatise; but as I began by saying, on many occasions we must remind ourselves and… I amend the mea culpa that even when talking about social media for personal and professional use, it is also necessary for our heads to know how to disconnect in order to connect.

We are a loudspeaker and we have a responsibility, therefore, on this international day of social networks I wanted to claim the importance that thanks to technology they gain in our daily lives for people, brands and companies going a step further and hoping that among all those and not only marketing professionals we manage to convey and educate that fun, information and communication are not incompatible with privacy, cybersecurity and privacy on the network through social media; a responsible use is possible 🙂

Happy International Social Media Day to all users!

What On Earth Is Going on With Ransomware And Why We Won’t Stop It Any Time Soon

Sergio de los Santos    29 June, 2021

In the last few months, it is not rare that every now and then we read about a large company that has fallen victim to ransomware, either brought to a halt or extorted. Anyone reading this has some recent examples in mind. A devastating epidemic that, let’s face it, is not going to stop anytime soon. At least until, as with the viral pandemic we are also suffering from, we manage to coordinate all relevant forces globally. Let’s look at the minimum necessary.

Due to the global COVID pandemic, many have come to understand basic concepts that can be brought to cyber security. For instance, the importance of layered security and complementary mitigations (ventilation but also masks, hand washing but also social distance… even when vaccinated). In addition, we have questioned the concept of false sense of security (outdoor mask, is it really useful in all circumstances?). We have learned notions such as calculating the risks and benefits of applying some measure (potential side effects of a vaccine versus real risks of contagion) … Perhaps with all this, the average user is more prepared to understand how complex problems such as ransomware require multiple complementary approaches once the severity of the threat is understood. Before understanding this, defence measures are likely to be erratic, incomplete, insufficient… A process of trial and error (we went through a phase of underestimating the danger of Coronavirus, initially emphasising the use of gloves until the focus shifted to masks as more research was done…). Did anyone believe that, with social distance and masks, we would end the pandemic by 2020? We suppose that (let’s be honest) deep down we knew they were necessary, but not enough. We always hoped for vaccines, because we knew that something was missing in the equation to win the war. We were “defending” against the virus, but not yet “attacking” it as a strategy. And that is perhaps where we are now if we draw parallels with ransomware. Something else is missing.

Something very similar happens in the field of security. The first thing is to have a good understanding of the risks… and this is what reality is forcing us to do with a great deal of discomfort. Then, we must propose mitigations that (again, let’s be realistic) are not going to be effective on their own and in a short term. Because unless all strategies and actors work together globally, persistently and with the same level of maturity, the strategy will fail. Without that, we will continue to suffer more or less aggressive waves of attacks.

They Are Way Ahead of Us

The malware industry developed in the early 2000s, when cyber security was still called computer security and was just a thing for crazy people. They are way ahead of us when it comes to organising attacks and connecting them to the global crime industry. First, they tried to get rich with banking trojans and, when the breach was closed because the legitimate industry reacted, as we became more dependent on digitalisation, they turned to extortion, which has resulted in the magic formula they successfully explored and still maintain. First by locking users’ screens, then by encrypting their files. Next, they moved on to hijacking SMEs, from there to large companies. From these to all kinds of organisations and finally to the critical infrastructures of a country, which is where we are now. No hesitation, they attack where the impact can put lives at risk or destabilise a country, wherever they know it is easier to get paid. In these circumstances, it doesn’t seem so easy to follow the mantra of “don’t pay”..

Legitimate industry matures at a different pace, much more reactive. Although it may not seem like it, perhaps where we are best positioned is in terms of company awareness (no other chance) and, in a way, technical. We concentrate on patching and responding, auditing and certifying within our budgets. This will prevent many security problems. But attackers move faster at a technical level (against harder defences, more complex vulnerabilities exploited earlier and better) and there, we will always lose. We will not move fast enough against the ransomware industry if we don’t get other actors on board as well. As it happened with the pandemic, what will change the rules of the game and make us bend the curve will not only be individual “technical” responsibility, but global coordination at the scientific, economic and legal levels… in other words, the equivalent of what has been achieved with the enormous global public-private and logistical effort that vaccines have meant, but in cyber.

What Is the Vaccine For The Ransomware Epidemic?

Everything counts, but the most important thing is to coordinate so that attackers do not find motivation in this type of attack. To discourage them technically (the cost of breaking into certain systems), economically (the benefit of extortion) and legally (the punishment if they are caught). How to strangle them from an economic point of view? By not paying? It is not that simple. AXA recently took a decision in France: cyber insurance coverage will cover certain damages but will not refund ransom money to clients who pay for extortion. Cyber insurers such as AXA have concluded that this clause normalised precisely the least traumatic of the exits: paying and giving in to extortion. And we also assume that it did not pay off with so many incidents. And normalising payment has not only made the insurance business unprofitable but has also fuelled the cybercrime industry itself.

But what is the alternative for organisations that are forced to close down if they do not pay? Either they give in to extortion and feed the process that strengthens the attackers, or they resist payment and lose everything. In this respect, cyber insurers have yet to find a sustainable and viable model, their niche as a relevant player, insuring companies under a premise of minimum cyber security adoption and correctly adapting policies. Dynamise the industry to minimise the risk (so that they do not turn to their insurance so much) and in the worst-case scenario, effectively help in their recovery.

On the legal side, Joe Biden recently signed an Executive Order to improve national cyber security and therefore efficiently protect the federal government’s networks. The attack on pipeline operator Colonial Pipeline was the last drop. This executive order aims to update defences and will mean that companies will have to meet minimum standards. And just in case we were missing laws that would make it easier to prosecute attackers, identify them and impose global sanctions, progress was also made recently in this direction: ransomware will be treated as terrorism. Another way to discourage attackers.

In short, the ransomware business must not only be tackled by preventing the financing of extortion, but also by improving the end-to-end security of companies and by effective laws that prosecute criminals with exemplary penalties. Easy to say, complex to orchestrate and implement.

And Finally, Let’s Not Forget That This Is a Global Problem

Supply chains are a serious problem for cyber security. The SolarWinds incident made this clear. An interconnected world demands global measures at every step of the chain. As with vaccines, we are not all safe until we have all received our doses. When we know how to apply all these mitigations from different angles and the actors find their niche, we must also ensure that they are applied precisely by all relevant and minority actors globally. Even those who think it is not their problem (as happens in the US with random prizes for those who have been vaccinated, to motivate the anti-vaccine activists).

This combination of global actors, approaching the problem from different angles and according to their capabilities, is the best vaccine against ransomware. Patience, it will not be solved in a short term because of the complexity of the situation… but it will happen. The necessary elements are already in place. Let us apply defensive techniques on the technical side, but also offensive ones on other levels.

Download our new guide created in partnership with Palo Alto to help you prepare, plan, and respond to Ransomware attacks