Cyber Security Weekly Briefing April 3-9

ElevenPaths    9 April, 2021

Malware distribution campaign via LinkedIn

The eSentire research team has published details on the analysis of a new malware distribution campaign via LinkedIn. Threat actors are sending zipped files under the pretext of job offers, naming the file after the alleged job position to gain the victim’s trust. Once the attachment is opened, the installation of More_eggs malware, which is characterised by using legitimate Windows processes to circumvent security solutions, starts stealthily. This malware would function as a dropper, since once the user’s device is infected, access to the system is generated in order to proceed with the download of other malware or to exfiltrate information. It is worth noting that this tool is sold as Malware as a Service (MaaS) by the Golden Chickens organisation, which, according to researchers, has links to other advanced actors such as FIN6, Cobalt Group and Evilnum.

Tax season impersonation campaigns

Several global fraudulent email campaigns have been detected which are using the tax filing season as a lure. The aim of the threat actors behind these operations would be both the distribution of malware, via attachments in the messages, and the collection of data via phishing pages. A warning issued by INCIBE points to an ongoing campaign targeting employees and/or the self-employed in Spain, in which the Tax Agency is being impersonated. Likewise, the US Internal Revenue Service (IRS) is reportedly suffering from identity theft in phishing emails targeting students and teaching staff, as well as the distribution of malware from download links or attachments.

BazarLoader uses underground call centres for distribution

Researchers at Recorded Future warn of a new campaign by the operators of the BazarLoader malware, active since January 2021, in which underground call centres are being used to trick victims into downloading and opening the malicious documents that will infect them. Although this is not the first time this methodology has been observed, it is the first time that call centres have been used by large-scale malware such as Bazarloader, in an operation that has been called BazarCall or BazaCall. These campaigns start by sending spam emails to targeted victims; the emails sent usually pretend to be offers, free trials or subscriptions to medical, IT or other financial services. In these emails, they are told that they can call a phone number to get more information about the offer, and if they call, they get English-speaking operators who guide them to download the attachment, disable Office security features and allow the document (usually an Excel or Word document) to enable macros, through which the malware is downloaded and infects the system. Security analysts have observed such campaigns also deploying the Ryuk ransomware or the Trickbot trojan.

No Pain, No Gain: Let´s Hack 2021

ElevenPaths    8 April, 2021

“No pain, no gain”, you have probably heard this on more than one occasion. An expression that is used endlessly in different environments, in a time when the body cult, sport and self-care are more fashionable than ever. If 20 years ago the daily practice of sport was limited to a few, nowadays practically everyone tries to dedicate as much time as possible to exercising their body. Not only for this purpose in itself, but also for the benefits it brings to one’s mind. Today there is no doubt about the great effects that regular physical exercise has on our psyche and our health at all levels.

This well-known motto was first associated with the world of bodybuilding. If this expression has transcended the mainstream and is so popular today, it is because it perfectly reflects the contradiction inherent in sport: it is necessary to suffer in order to get results. In those last few reps when you lift the bar with an endless number of discs on each side in a bench press, or during those despicable squats, as well as when you still have one more round to go in the ring. You can think of any example you like, whatever sport you do, the feeling is similar. You have to get through those moments when you are tempted to give up, to leave it for tomorrow or for another day. Those moments when we pull ourselves together and suffer the unspeakable are the ones that make it all worthwhile. No pain, no gain.

There is no need to say that all of the above makes sense as long as this suffering is within healthy limits. We already know that extremes are not good, but the truth is that the message is motivational and inspirational because it appeals to the epic, to sacrifice, to effort, perseverance and courage. Those values which are so often associated with sport that make us tremble and shiver, even when we are not the ones practising it, but rather enjoying it from the couch watching those professionals blessed by the gods.

Hacking: Effort & Passion

These are values that really apply to any area in life, for instance in the professional world. Especially in a discipline as complex as hacking. If there is one thing that those of us who work in this field know is that without effort, there is no reward. It means spending many, many hours reading, experimenting, making mistakes, reading again, experimenting and making mistakes once again until we achieve our goal, or not. Since in this field, we have the added complexity that suffering does not guarantee results. Often there may be a lot of pain, but little gain. Sometimes, we must invest hours and hours in following a path that can lead to a dead-end labyrinth. So-called rabitt holes. Likewise, all the hours spent studying and researching always add up to something and do not fall on deaf ears, sometimes the pain does not match the gain. It does not pay off in terms of cost-benefit. Fortunately, associated with the figure of a hacker is always the passion that moves one to solve a challenge, overcome an obstacle, break the limits that technology offers or satisfy our thirst for knowledge. Without this passion, it would be impossible to bring together the amount of patience, perseverance and determination required for this philosophy of “Try Harder” (OSCP’s well-known motto).

The world is constantly changing and evolving. And if not, just have a look to this 2020. As Heraclitus said, everything flows all the time. In the world of security, of course, things are also constantly changing. In fact, the approach has been changing for almost a decade now. Where once people tried to prevent incidents from occurring at all costs, as time has gone by, people have come to realise that this is not possible. This has led to the need for creating an incident response plan, so that organisations know how to react when an incident occurs. Assuming that at some point this is bound to happen.

Incident Response process of SANS

In recent years, we have become more aware than ever of the fragility in this regard. We do not demand that any system or organisation is perfect and always 100% in terms of integrity, confidentiality and availability. We have become used to seeing that all types of organisations, whatever their size, can fall victim to. Nowadays, companies are not judged by how they suffer from incidents, but by how they react to them.

It’s All About Learning From Your Mistakes

We have several curious examples of how user trust can vary from one extreme to another when dealing with security issues. Technology companies that are up one day and down the next, or the opposite. Blackberry never recovered from the crash its users suffered in 2011. It faced an irreparable reputational damage, which also coincided with the entry into the market of Apple and Android. Sometimes the network gives you a second chance, and sometimes it does not.

During the first months of confinement back in March 2020, users and organisations started to become testers of the different video calling alternatives available on the market, for obvious reasons. The one that generated the most attention and reception was Zoom. Precisely as a result of this, various vulnerabilities began to be discovered and published that put the security and privacy of users at risk. To such an extent that the company’s CEO had to issue a statement to silence the criticism and ask for users’ trust. A gesture like this is understood if it is accompanied by work on the path of continuous improvement. In this sense, Zoom managed to recover and today continues to be widely used as an application for personal, corporate and event video calls.

Another globally known application, which has been the king of instant messaging systems so far, WhatsApp, has been in the news for its security issues throughout its history. From starting by not even encrypting conversations, to using encryption correctly but exposing users’ phone numbers (which prompted my WhatsApp Discover tool back in 2014) and finally changing its protocol completely and adopting Moxie Marlinspike’s end-to-end encryption in 2016. So far, through improvements and updates, WhatsApp has been recovering from each and every problem, maintaining the trust of users. Now, however, it seems that it may have run out of opportunities. Not because of a security problem. In this case, because of a voluntary decision that affects users’ privacy. A change in the terms of conditions that has generated a lot of commotion in recent weeks, and which has caused an exodus of more than 25 million users to Telegram in just a matter of days. We will see how this ultimately affects us over time.

What seems to be clear is that in this life nothing is permanent. Much less the success of a model, technology or business continuity. In fact, the events of the past 2020 have had serious consequences in many sectors, where independent professionals, SMEs and large multinationals face the need to adapt to the new scenario and reinvent themselves in order to continue searching for their success. For many who, with great effort, had been able to achieve a balance or a position in the market, perhaps the new normal that we are now experiencing has put them back to square one. Terrible and unfair, but true. Fortunately or unfortunately, we have no choice but to be resilient, to keep learning from our mistakes and working every day towards different goals. To contribute to a more secure digital society, designing more secure systems and technologies, as well as to achieve our professional and personal, individual and collective goals. And we can only do this through sacrifice, effort, perseverance and determination. Epic or not, giving the best of ourselves every day.

No pain, no gain and let´s hack 2021.

What is VPN and What is It For?

ElevenPaths    7 April, 2021

VPN connections are nothing new, they have been with us for a long time, always linked to the business world. The great versatility and its different uses have made more and more people use technology. These factors, together with the rise of remote work due to the pandemic, has placed VPN connections as one of the musts in technology.

The use of VPN has benefits that make its use highly recommended. Using a private VPN network that connects to a public wireless network (WiFi) makes the generated traffic to travel encrypted and puts up more barriers to a cybercriminal trying to steal confidential information.

The VPN is a virtual private network as its very name indicates. To connect to the internet from any device (mobile, computer, tablet…) the most common way is to have a network in your home connected to a router or modem that connects at the same time with the internet provider you have contracted. Normally you do not have a single device connected, but several, creating a different local IP address for each of these connections. With the creation of these IPs, a local network is generated, a set of devices connected in such a way that they can share files in a very simple way using this local network. What we achieve with VPN is to create a local network without the need for its members to be physically connected to each other, but through the internet. In short, you create a private network using the internet with those people or devices that you want to share files with.

Advantages of VPN Connections

This connection works in all applications: it routes all internet traffic, unlike proxy servers, which are only used in the web browser and some other apps that let you configure advanced connection options.

In addition, the VPN is very easy to connect and disconnect, and has additional security at WiFi hotspots, as long as the connection is encrypted.

A VPN connection is an effective way to avoid censorship and location spoofing. In addition, with a VPN your internet provider would not be able to know what sites you visit, but the company that runs the VPN would.

Main Uses for VPN Connections

  • Remote work: widely used in companies that need access to a single private network. Moreover, it is a connection that is predictably encrypted and with protected access, the worker has the same access as if he/she actually was in the company.
  • Avoid content blocking and censorship: when you connect with VPN your device communicates with the VPN server, and it is the VPN server that talks to the Internet. This is how you can spoof your location and access content that your country prohibits, such as Facebook in China.
  • Extra layer of security: logging into your bank app while on open WiFi has never been a good idea. That connection is unencrypted, and this is where the VPN’s extra layer of security comes in, the packets would be sent encrypted so that whoever is “listening in” cannot do anything. But it is not all as pretty as it sounds; a VPN is only as secure and useful as its provider. If you do not trust your VPN, do not use it as they may be the ones capturing your traffic, logging what they do and selling your bandwidth to the highest bidder.
  • P2P downloading: It is important to know that VPN connections also have uses in P2P downloading even if you download legal torrents. However, it is very common for internet providers to try to boycott such downloads because you generate too much traffic. Therefore, some providers block P2P downloads while others only boycott them.

If you want to know more about VPN security and tips for secure homeworking, keep reading:

5 AI uses in Photography

AI of Things    5 April, 2021
On our blog, we enjoy sharing the applications of Big Data and Artificial Intelligence in sectors that may surprise you. Previously, in “Dining with Data” we saw how customers may be able to order pizza with their eyes, and how doctors can be trained with Virtual Reality. Today, we are going to explore the world of digital photography. This market is expected to be worth $100.79bn by 2021, and as technology has developed, the industry has become more accessible to all. Below you can find out five examples where AI is helping both amateur and professional photographers when shooting and editing.

 

1) Portrait Mode

 
Taking photos with our phone has come a long way since Sharp launched the first camera phone, the “J-Phone” in 2000 (it’s worth reading the comments on the article for some entertainment). We can now shoot incredibly high-quality pictures and videos without the need for bulky camera equipment. One of the trends in recent years has seen many top-end cameras include two rear-cameras in order to offer a portrait mode that can achieve the “bokeh” effect (Japanese for blur) in which the subject is in focus and the background nicely blurred. However, in the future, we may see this switch again, and instead, an AI camera based on Machine Learning (ML) algorithms may replicate the effect. The Google Pixel 2 is one such phone already using this. These algorithms get smarter over time and have been “trained” to detect which part of the image is the subject in order to then blur the background.
 
Portrait photo of a woman at a funfair
Figure 1: A “bokeh” effect (Japanese for “blur”) is a key part of a phone’s portrait mode.
      

2) Image Enhancing 

 
Next, we turn to the subject of image processing. Artificial Intelligence’s power doesn’t stop as soon as we take a photo! Traditionally, if a photo is in JPEG format, trying to scale the photo up will usually lead to an unsharp and blurry image. Once again, AI, and in particular Deep Convolutional Neural Networks (CNNs), appears to offer a solution. “Let’s Enhance” uses CNNs which have been trained on a huge library of images so that when you upload an image, it is capable of detecting certain features (e.g. a wall, or skin) and adds extra detail to the image. In this way, it can scale a JPEG image up to 4x without losing quality. Why not try it out for yourself
 

3) Capturing Daily Life

 
In October 2017, tech giants Google announced “Google Clips”, a wearable camera that takes the potential of AI to another level. The device is designed to “capture and save moments” from daily life. Once turned on, the camera will start capturing what it sees, and with the use of AI it will retain the “highlights” and discard the unwanted parts (for example, when a hand blocks part of the camera). It then sends these clips to your phone, where you can edit the photos and choose your favorites. Clips uses Google’s people-detection algorithms to identify the content of the image (smiles, surprises etc) and is an example of “machine vision”. For some, the idea of having a camera recording daily life may be too intrusive, but it is nevertheless a fascinating example of AI’s capabilities.

 

4) Even “Smarter” Smartphones

 
As mentioned previously, there is currently a wide range of phones capable of taking exceptional quality photos. According to DxOMark, one of the most well-known testers of cameras, lenses and smartphones, the Huawei P20 Pro is currently the leading option when ranked by smartphone image quality. One of its key features is its Neural Processing Unit (NPU) that powers its AI capabilities. For example, when taking a photo, the phone uses AI to detect 19 categories of “scenes” and apply appropriate image adjustments in order to create ever-greater images.
 

 5) An AI Photography Assistant

 
We’re going to finish by looking at Arsenal, not the football team, but the “intelligent camera assistant” created by Ryan Stout. As you can see in the video below, Arsenal has some impressive features that revolve around its AI which controls the setting of the camera (exposure, aperture etc) based on the scene it is shooting. Once again, it uses Neural Networks as the foundation of its capabilities. Broadly speaking, the process involves detecting the content of the image, comparing these finding to the thousands of photos it has been trained on, and then suggests the best settings based on 18 factors. One example of where Arsenal comes into its own is “image stacking“, the process of taking multiple photos in order to capture all the detail in a scene at various exposures. The device takes a number of photos, merges them, and then exports them directly to the camera’s SD card. A quick glance of the comments on the YouTube video below shows the divide between those excited by this powerful tool and those who feel it is borderline “cheating” and takes the skill out of taking photos. 
 

 

For many people, the joy of photography is in the composition of the photo, and developing the editing skills yourself. As such, it is likely that some may be weary of the “invasion” of AI into this sector, and may view it as a threat to their skills. However, everyday consumers are likely to eagerly anticipate technology that can help them take even better pictures to share on social media. Which side of the fence do you sit on? Let us know down below!
 
 

Cyber Security Weekly Briefing March 20-26

ElevenPaths    26 March, 2021

Analysis of the new cyber-espionage group SilverFish

The PRODAFT Threat Intelligence team (PTI) has discovered a highly sophisticated cybercriminal group called SilverFish, which operates exclusively against large enterprises and public institutions worldwide, with a focus on the European Union and the United States. SilverFish would use modern management methods, sophisticated tools and even its own sandbox to test malware against systems, using different commercial AV and EDR solutions. The group would be using compromised domains, mostly using WordPress, to redirect traffic to its Command & Control (C2) server. To do this, SilverFish creates new subdomains to make it difficult for the domain owner to realise that the domain is being exploited. According to the investigation, the SilverFish group has been linked to the supply chain attacks against SolarWinds. Furthermore, the group’s infrastructure has revealed links to multiple IoCs previously attributed to TrickBot. Finally, researchers say that SilverFish’s main objectives are likely to be to conduct reconnaissance and leak data from the victim systems of its operations.

All the details: https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf

Shell energy company hit by Accellion FTA incident

The Dutch oil company Shell, present in 70 countries and a member of the Fortune 500, issued a statement last week in which it admitted having suffered a security incident that has resulted in the leak of confidential documentation and files. The incident is the result of a third-party compromise that occurred in December 2020, in particular by IT partner Accellion. Several 0-day vulnerabilities in the firm’s file-sharing software, called Accellion FTA, were actively exploited by threat actors to distribute malware and exfiltrate documents hosted on the system. According to Shell, the attackers were unable to gain access to the entity’s digital infrastructure due to the file-sharing software being isolated from its main servers. The leaked files include information related to the group’s subsidiaries and partners, as well as personal information. This data has not yet been publicly disclosed on the website maintained by the operators of the Cl0p ransomware, where other victims of the incident such as Kroger or Singtel had their files compromised.

More info: https://www.shell.com/energy-and-innovation/digitalisation/news-room/third-party-cyber-security-incident-impacts-shell.html

Vulnerabilities in MobileIron MDM

Security researcher Matt Burch from Optiv has published three vulnerabilities in MobileIron MDM that, if chained together, could lead to user account breaches: 

  • The first flaw (CVE-2020-35137) could allow attackers to discover an organisation’s MobileIron authentication endpoint since the Mobile@Work mobile app stores the hardcoded API.
  • The second vulnerability (CVE-2020-35138) would allow MobileIron authentication requests to be constructed and, under certain circumstances, credentials to be captured via a MITM attack.
  • The last flaw (CVE-2021-3391) would allow attackers to perform user enumeration attacks.

While MobileIron has not yet released updates to fix these flaws, it has provided a number of recommendations to mitigate them. Optiv has also published a tool on GitHub to test these security flaws in MobileIron.

Learn more: https://www.optiv.com/explore-optiv-insights/source-zero/mobileiron-mdm-contains-static-key-allowing-account-enumeration

Purple Fox acquires worm capabilities and infects Windows servers via SMB

Guardicore researchers have published a report on the Purple Fox malware’s newly acquired worm capability to infect Windows servers through brute-force attacks against vulnerable SMB services exposed to the Internet via port 445. If authentication is successful, Purple Fox creates a service named AC0X (where X is an integer from 0 to 9) that downloads the MSI installation package from one of the HTTP servers in its botnet, which has more than two thousand compromised servers. This new entry vector, observed since the end of 2020, coexists with Purple Fox’s previous infection techniques such as exploiting web browser vulnerabilities or the use of phishing campaigns via email.

More: https://www.guardicore.com/labs/purple-fox-rootkit-now-propagates-as-a-worm/

Severe vulnerabilities in OpenSSL

The OpenSSL team has issued a warning about two high-severity vulnerabilities, classified as CVE-2021-3449 and CVE-2021-3450. OpenSSL is a software library widely used to create network and server applications that need to establish secure communications. On the one hand, the CVE-2021-3449 vulnerability could lead to a denial of service (DoS) failure, due to the bypass of a NULL pointer that only affects server instances, not clients. This issue, fixed by Peter Kästle and Samuel Sapalski, was reported to the entity on 17 March 2021 by Nokia. On the other hand, vulnerability CVE-2021-3450 deals with a flaw in Certificate Authority (CA) certificate validation, affecting both server and client instances. The flaw was discovered on March 18 by the Akamai team and the patch was developed by Tomáš Mráz. Both vulnerabilities are fixed in OpenSSL version 1.1.1k, with version 1.0.2 being unaffected by this issue.

All the details: https://www.openssl.org/news/secadv/20210325.txt

Cyber Security Mechanisms for Everyday Life

ElevenPaths    26 March, 2021

It is becoming more and more common to find in the general media news related to cyber-attacks, data breaches, privacy scandals and, in short, all kinds of security incidents. These incidents are not limited to attempts on large companies or important governments, as these tend to be the most protected ones.

When it comes to attacking, cybercriminals do not distinguish between company size or sector (remember that SMEs are the most targeted companies), also affecting the end user, most of the time totally unprotected. Given that this is such an obvious and important problem of which we are all aware, the question that arises is: are there cyber security mechanisms that allow us to strengthen our daily security?

In this blog we have already explained methods for working from home while applying cyber security or what to do in the event of an incident. Now, in this article, we would like to list the main measures that a user can implement to avoid becoming a victim of a cyber-attacks:

Protect Your Security with These Simple Tips

  • Be updated: every time we receive a notification to update the system, the first things that come to mind are things like “I don’t have time”, “it’s not convenient for me now”, “I’m too lazy”, etc. In short, excuses to postpone the update, which in many cases never comes. Keeping systems up to date is of vital importance, as in many cases these updates correct security flaws or vulnerabilities that have been discovered. An outdated system is much easier to corrupt.
  • Configure your home Wi-Fi network correctly: this is a simple step to take and can save you a lot of trouble. Change the default name and password on your Wi-Fi network – these passwords are often repeated from one network to another and can be easy to access. It is also important to hide the name of the Wi-Fi network and disable WPS.
  • Robust passwords: your date of birth, your dog’s name, your favourite football team… These are some of the most common tactics for choosing easy-to-remember passwords, but it’s a big mistake. Use robust passwords by making use of everything the keyboard has to offer, lots of characters, including both numbers and letters, upper and lower case and special characters.
  • Además, estos gestores tienen versión móvil así que los podemos llevar a todas partes. Use a password manager: a very common (and very dangerous) practice is to reuse passwords over and over again. Ideally, you should have a password for each application, social network or system you use. We are aware that remembering each and every password you should have is impossible, that’s why there are password managers such as Keepass, LastPass or 1Password. In addition, these managers have a mobile version so we can take them everywhere.
  • iPatches, cover the camera! You will have seen more than once some small pieces of plastic that are used to cover the webcam of your laptop when you are not using it, its name is iPatch, and it helps to hide it from prying eyes. They can be purchased for very little money, or you can use a piece of paper with a piece of tape, a small coin or anything else you can think of.
  • Make sure you are up to date: if you are aware of the most common scam techniques and methods (often via phishing) it will be much more difficult for you to fall into the trap. Every Friday we publish, on this blog, a weekly newsletter with the latest relevant cyber security news.
  • Common sense: It seems obvious, but to avoid falling for cyber-attacks it is important to use common sense. Usually, if something is too good to be true, it is most likely to be a scam and can end up badly. Think twice, look for information and if you suspect, don’t take the risk.
  • Also on mobile phones: many users think that threats only affect computers, but this is not the case. Lately we have been seeing more and more campaigns directed specifically against mobile devices, so everything we have told you about, apply it to your mobile phone as well.

Coca-Cola’s use of AI to stay at the top of the drinks market

AI of Things    26 March, 2021

Coca-Cola is the largest beverage company in the world serving over 1.9 billion drinks daily across its 500 brands. Being such a large conglomerate active in so many countries around the world, AI powers everything which the business does acting as the company’s foundation.

One large aspect of business with which AI is used extensively is that of marketing. With the number of different brands all offering various products in over 200 different countries, there are local differences concerning flavours, sugar, calories and marketing preferences between regions.

As a result, in order to stay at the ‘top’, it must collect and analyse huge amounts of data from disparate sources to find out which brands are likely to be received well in which locations. Even the taste can vary from location to location so managing these small things is equally important to the success of the brand.

How does Coca-Cola use AI in practice?

Vending machines:

Coca-Cola serves a large proportion of its drinks through vending machines. On many new machines, customers can interact with the machine up to a point where they can choose different customisations of their drinks with shots of altogether different drinks added. This was first introduced in America in 2009 called Coca-Cola Freestyle and according to statistics, around the world there are now 50,000 units in use serving 14 million drinks per day.

In these machines, Coca-Cola have begun using AI algorithms which allows them to promote the drinks and flavours which are more popular overall and make suggestions to users depending on the location of the drinks dispenser.

What is exciting is that the company has stated that they are constantly looking to stay relevant and people will soon be able to concoct their own beverages using an app allowing them to quickly get their specific drink poured when they arrive at the machine.

Social Media:

Coca-Cola also uses AI algorithms to understand when, where and how its customers like to consume their products as well as what the popularity is of individual products by location.

The use of AI in social media is vital in the world we live in with statistics showing that over 90% of user making product purchasing decisions based on social media content. Therefore, understanding how their billions of customers are interacting with, and talking about the brand is a crucial part of the Coca-Cola marketing strategy.

In practice, Coca-Cola analysed 120,000 pieces of social media content in order to gain an understanding of the demographics and behaviour of its customers and those active in talking about their products.

Proof of Purchase:

The final AI application to mention is that of its use in securing proof of purchase for the company’s loyalty and reward schemes.

At first, for obvious reasons, when the instructions were given to customers to manually enter a 14-digit product codes printed on bottle caps, the uptake was rather low. So, in order to encourage more people to do this, Coca-Cola made it easier, the company developed image recognition technology allowing purchases to be verified with a single smartphone picture.

What technology, tools and data were used?

Vending machines:

To collect large quantities of data, Coca-Cola collects data on local drink preferences for different regions through the interfaces in its touch screen machines (currently there is already over 1 million of these in Japan alone).

Social Media

With social media, the company has set up 37 ‘social centres’ which collect data and analyse it to generate insights using the Salesforce platform. What they aim to achieve is to figure out which type of content is more successful with generating positive engagement, and to create more of it.

Social media analysis has been historically been undertaken by humans but Coca-Cola is looking and investing into developing automated systems that will create adverts and social media content informed by the social data which is generated.

Additionally, image recognition technology is used in order to target those users who post pictures online which may infer that they could be potential customers. For instance, the algorithm could spot a competing brand of a similar product and then go on to target that customer to become a Coca-Cola customer instead. It is all about making the advertising process more efficient and a better use of revenue.

Proof of Purchase

Off-the-shelf image recognition technology proved to not be sufficient in,

“reading the low-resolution dot-matrix printing used to stamp product codes onto packaging”.

In turn, Coca-Cola worked with Google’s TensorFlow technology which used convolutional neural networks. These enabled the machine recognition of codes that could often appear differently depending on when and where they have been printed.

The results:

Figure 1: Results chart

From the AI algorithms in the vending machines, Coca-Cola can gain a more accurate understanding of how tastes and preferences vary across Coca-Cola’s billions of customers around the globe. This information is vital in informing new product decisions, and when, where and how to produce and market them.

Now with computer vision analysis, Coca-Cola is able to produce social media content which is more likely to resonate with its target audience in varying locations around the world meaning that a more efficient use of marketing funds can be achieved and hopefully drive higher sales margins.

Finally, customer engagement with the brand has improved hugely since the use of Google’s TensorFlow was applied allowing easy reading of barcodes with a mere photo.

I believe this shows that even the most successful of companies around the world can greatly benefit from using Big Data and Artificial Intelligence technologies. If Coca-Cola were not able to use such in-depth and advanced information it would be impossible for them to keep expanding their company and introducing new brands. However, as we have seen these technologies together are meaning that businesses can work more efficiently and focus on placing and marketing certain products in specific places in line with their customers’ needs and wants.

To stay up to date with LUCA, visit our Webpage, subscribe to LUCA Data Speaks and follow us on TwitterLinkedIn YouTube.

Written by Stephan Leadbeater

Everything You Need to Know About SSL/TLS Certificates

ElevenPaths    23 March, 2021

What is a digital certificate?

Secure Sockets Layer/Transport Layer Security digital certificate is the most widely used security protocol that enables encrypted data transfer between a web server and a browser.

Its main function is to ensure confidential data such as passwords, usernames, credit card numbers, email addresses, etc. are used securely on a website by encrypting sensitive data on the one hand and certifying the authenticity of the website we are accessing on the other.

Certificate Authorities (CA) are in charge of validating, issuing and revoking certificates in the same way that a government issues official documents such as ID cards or passports. Certificate Authorities must follow very strict rules and policies when deciding who can or cannot receive a certificate and therefore, having a certificate issued by a CA is an indispensable step to ensure the trustworthiness of the website.

A digital certificate will therefore fulfil two basic functions for establishing a secure connection:

  • Authenticate and verify the website
  • Encrypt the information exchanged

Why is it important to have a certificate?

Any website where transactions are carried out or any personal data is requested from the user needs to have an SSL certificate. Whether you sell online or collect data, you need a certificate to ensure that your company and customer data is safe and secure.

The website is one of the most important digital assets for companies as it acts as a constant showcase and must provide security and confidence to your customers.

Here are some examples of the type of information that requires an active digital certificate:

  • Login and password usage information
  • Financial information (credit cards, bank accounts)
  • Personal data (names, addresses, VAT number, dates of birth…)
  • Legal documents and contracts
  • Customer lists
  • Medical history

In addition to protecting the information on your website, having a digital SSL certificate:

  • It will avoid failures in the most used browsers such as Chrome and Firefox by avoiding displaying the “not secure” message.
  • Improve your SEO positioning by being detected by Google.
  • You will have insurance coverage and quality seals.
  • You will be protected against attacks such as man in the middle.
  • Encrypt information end to end.
  • It will provide trust to your users and will be visible in the browser as shown in this example:

Types of Certificates

Before issuing a certificate, the Certification Authority (CA) must confirm that the entity or person requesting it is real and authorised to request the certificate. Elements such as the type of trust they grant, the needs and uses of the certificates have led to the emergence of different types of SSL certificates. We talk about them below:

Certificates according to the type of validation

  • Certificates with Domain Validation (DV): these are the most basic level certificates as they use the simplest validation. It validates that the applicant is really the owner of the domain in which the certificate will be installed. This is normally done by email and after performing some checks through the DNS records of the domain. Therefore, the level of trust provided by this kind of certificates is low because any applicant who is the owner of a domain can get the SSL certificate and change the “http” of his website for an “https”.
  • Certificates with Organisation Validation (OV): these are certificates in which the verification process increases with respect to the previous ones, as a verification must be carried out at company or organisation level. In this case, this is done through a manual process in which a person verifies the domain and the company through information on the entity, tax headquarters and a series of official data to ensure the authenticity of the application. This is one of the most commonly used certificates by SMEs and medium-sized companies because, once the verification process has been completed, all the company’s information will be shown in the certificate details, thus providing extra trust to users who visit the website. It is usually used to certify corporate websites or tools used by the company’s clients.
  • Certificates with Extended Validation (EV): these certificates already represent the highest level of security and trust. Their verification is much stricter and includes, in addition to the legal verification of company data and official documentation, the physical inspection of the company. With these certificates the company name will appear in green in the browser bar in front of the web address. Large corporations often apply for such certificates and the approval process usually takes several weeks because the validation mechanisms are much more rigorous.

Certificates According to Domains or Subdomains

  • Wildcard certificates: wildcard certificates are necessary when the website uses several subdomains under a main domain so that this type of certificate can protect the main domain and all the associated subdomains. For example, within the main domain telefonica.com we can have the following subdomains: tech.telefonica.com ; pymes.telefonica.com or empresas.telefonica.com. Companies that, due to their type of business, need to associate tools to subdomains or simply need to have several protected subdomains to cover their offer. Depending on the number of subdomains that need to be protected, the choice of a wildcard could be the most economical option and its use is only recommended for environments where the technical platform may require it, such as some proxies, balancers, etc.
  • Multi-domain certificates: multi-domain certificates known as certificates with SAN (Subject Alternative Name) option are the best choice if it is necessary to protect several domains and subdomains under the same certificate. One of the main advantages of this type of certificate is that it simplifies the server configuration process by allowing several services to be run under the same IP address, and it also makes changing, adding or deleting any SAN certificate easier. They are often used to secure Microsoft Exchange Server, Office Communications Server, Mobile Device Manager or, as we mentioned, to secure multiple domains that meet a single IP address.
  • Certificates from Let’s Encrypt: Let’s Encrypt is an automated and open CA that allows you to get a free SSL certificate for your domain. The main advantage, apart from being free, is that it is installed immediately and automatically. It is a valid solution depending on the type of certificate you need, but is there any risk in using this type of certificate? In this article we detail some of the security problems that have affected Let’s Encrypt (Spanish only).

 How Often Do They Expire and How Can I Check Their Expiry Date?

Officially, the maximum lifetime of certificates is currently 397 days (13 months) and it is therefore important to set automatic reminders for renewal.

There is management software that sends automatic reminders when an SSL/TLS certificate is about to expire, so there is no excuse for forgetting about it.

These are some of the tools available to check the expiry date of a certificate:

To Manually Check When an SSL Certificate Expires

  1. Access the website whose certificate you want to verify through your browser
  2. Click on the padlock next to https:// in the browser bar as shown in the image below
  3. In the certificate section you can check the expiry date

Common TLS/SSL server failures

Although the TLS/SSL security layer has become widespread as an essential service in organisations such as web servers, file sharing, etc., and its main function is to strengthen security, it must be audited to ensure that its purpose is properly fulfilled.

In this article (Spanish only), we briefly explain some of the common failures in SSL/TLS servers and X509 certificates, because it is the combination of both entities and their correct configuration that can ensure a reliable and secure connection.

 Where is the TSL heading?

These are challenging times for cryptography. Although the ordinary user may not realise it, the world of encrypted and authenticated (but not secure) websites is undergoing a profound overhaul of everything that has been established. Something as immutable in principle as cryptography is going through a strange moment in which we do not know how it will end. What is certain, however, is that we must change our classical beliefs about how the web works.

As it already happened with Symantec in 2017 when Google questioned the reliability of its certificates, or the case of FMNT for Firefox to include its certificate in its repository (Spanish only), which took several years, in 2021 it is the turn of Carmerfirma, a CA that has been affected by the new update of Google’s security policies coinciding with the release of Chrome 90.

In the following articles we will review some recent developments that have turned the world of digital certificates upside down:

26 Reasons Why Chrome Does Not Trust the Spanish CA Camerfirma
More and Shorter Certificates with a Lower Lifetime: Where Is TLS Going to?
Nobody on The Internet Knows You Are A Dog, Even If You Use TLS Certificates

What is Certificate Transparency?

Certificate Transparency is a mechanism devised and supported by Google for SSL certificate monitoring that aims to combat a long-standing problem in the web world: fake certificates or certificates issued in the name of someone else. In this way, domain owners can use this framework to monitor the issuance of certificates for their domains and detect erroneously issued certificates.

Certificate Transparency became known around 2014, when Google announced that it would be a mandatory requirement for Extended Validation (EV) SSL/TLS certificates issued from January 2015 onwards. Since then, these requirements have been extended over the years so if you want to know more about Google’s Certificate Transparency you can read more about the what, how and why of Certificate Transparency in this article.

What is a PKI?

A Public Key Infrastructure is the body and place where a certificate is issued (among other actions). It provides the necessary trust to ensure the identity of the certificate holder.

A PKI requires

  • Technology: sufficiently proven and reliable security technology must be used.
  • Qualified operators: the personnel operating the PKI must be qualified and trustworthy.
  • Qualified administrators: administrators must have security skills.
  • Secured facilities: facilities must have additional security measures, both physical and logical. For example: volumetric control or dual access.
  • Policies: requires the existence of legal documents covering the entire lifecycle.
  • Procedures: both IT-specific and security-specific procedures must be in place.
  • Integration: requires to be recognised by other organisations and applications. For example by browsers

Advantages of certificates obtained through a PK

  • Secure remote access (VPN)
  • Strong authentication on the web
  • Authentication in infrastructures (WiFi).
  • E-mail encryption and signature.
  • Digital document signature.
  • iOS compatible.
  • Mobile device management.
  • M2M security.

Artificial Intelligence of Things, how things plan to make our lives simpler

AI of Things    23 March, 2021

Just as in the Grimm Brothers fairy tale where two little elves teamed up to help the cobbler have a better life, Artificial Intelligence and IoT, Big Data technologies join forces to make up the Artificial Intelligence of Things, so that “things plan how to help us and make our lives safer, more efficient, more sustainable and more human”.

Tomás woke up that morning feeling a bit under the weather; he simply didn’t seem to have slept well. Maybe it was the change of season or maybe he had been worrying too much that night about things.

Indeed, his smartwatch was informing him that his sleep had been poor. Fortunately, Tomás knew that soon his whole house would conspire to make him feel better: the room temperature would be adjusted to the best level for him, the temperature of his coffee and toast would be just as he preferred at that moment, even the volume of his television would be adjusted so that the news would reach him in a more pleasant way.

After this self-care and a quick shower, he was ready to face another exciting day of work. And it was exciting because Tomás was well aware of how technology was transforming the world in so many ways. 

Not only was his home taking care of him in an almost invisible way, but his entire social and professional environment was being profoundly transformed.

On the way to his office, he recalled how technological solutions just a few years ago were focused on sensing machinery, physical elements, tools, vehicles, etc. with the aim of being able to “see” what was really going on and act accordingly. 

A few years ago, in the days of the dashboard

There was a time when having a dashboard was a very legitimate aspiration for most businesses. Factories, vehicle fleet management of all kinds, shops or customer service areas, cities or the countryside and mining… all of them were beginning to be digitally transformed through the use of what was known as the Internet of Things (IoT). Operators were observing reality (e.g. that engine that vibrates more than normal, where delivery drivers should go to be more efficient, how a medicine or food has been preserved in a cold chain and taking corrective action. But now we have gone beyond this. 

In parallel with the IoT explosion, another great technological revolution has emerged: the use of data as a source of knowledge and decision-making. The capacity for ever faster and more complex processing of large volumes of data (well-known as BigData), together with new artificial learning techniques, all with names that evoke something that we thought was purely human until now (e.g. Machine Learning, DeepLearing, Generative Learning, etc.), positioned us before a quantum leap. Behind it, things, those inanimate but connected things, began to learn and decide in a more autonomous, efficient, safer and sustainable way. 

The next step: Artificial Intelligence… of things

Now we have to talk about the next step: the Artificial Intelligence of Things (AI of Things). Things are now able to learn, share information with each other and make decisions in an almost unattended way. The dashboard was nothing more than a representation of reality and of how things helped each other to manage a business more efficiently, helping all kinds of businesses in a selfless way (it could not be less coming from things).

And it is not that all ‘thing’ have to be a super brain or implement a computing power several orders of magnitude greater, but that this ecosystem of change is supported by other technological pillars that are being born adjacent to this combination of IoT and BigData/AI. 

Here we consider elements such as;

  • The immediacy of new connectivity technologies (e.g. 5G) that provide high bandwidths and minimum latencies,
  • The flexibility and scalability of deployment models in the Cloud together with the distribution of computing capabilities closer to the things themselves (e.g. Edge Computing),
  • Increasingly advanced models of predictive (i.e. things know what is going to happen) and prescriptive (i.e. things tell us what to do to make certain things happen or not) analytics.
  • Distributed computing models (swarm intelligence) in which, similar to a colony of ants or bees, small pieces of information distributed among many subjects (in this case, our connected things) are able to generate superior value.

And that’s how Tomás spent the pleasant drive to his office. His connected car was talking to other cars and elements in the city to generate the connected traffic model that had made the city so comfortable in recent times. 

His office was already aware of his arrival and the presence of his colleagues and clients in the building to start the first meeting of the day just in time. Of course, the room was automatically adapted to the needs and preferences of lighting and sound that its occupants had in profile.

And Tomás was able to explain to his customers how his new AI of Things proposition was going to save them thousands of dollars: through motors that help each other to adjust their performance and efficiency; call for maintenance well in advance of failures they won’t be able to repair; and even indicate how to evolve the layout of the manufacturing plant to adapt to changes in demand.

A connection that brings us closer and inspires new and better solutions for everyone.

Over the years, Tomás and his team have focused on bringing together the capabilities of IoT and Artificial Intelligence to deliver technology that further connects things with people, in a connection that brings people closer together and inspires new and better solutions for everyone:

  • From smarter, more flexible connected factories, to mobility solutions based on data collected from thousands of cars. 
  • From patient care solutions using predictive metrics to improving crop quality efficiently.
  • From the personalisation of the entire customer experience to improvements in the overall sustainability of cities… 

They had worked very hard (and continue to do so) to drive that intelligence connected to things to help organisations make decisions that improve people’s lives.

Or as he saw it, this AI of Things was like letting things plan how to help us and make our lives safer, more efficient, more sustainable and more humane, across the board. 

More humane, yes, because that is precisely how things plan to help us do what really matters to us, what differentiates us and shapes our true essence: to invent, to build, to be creative, to thrill and excite, to make us laugh? In short, to live.

Original post written by Bernardo Campillo, translated by Patrick Buckley.

To keep up to date with LUCA visit our website, subscribe to LUCA Data Speaks or follow us on TwitterLinkedIn or YouTube 

NextDefense: The ultimate cyber defence solution for any organisation

Nikolaos Tsouroulas    18 March, 2021

It was on a Wednesday at 17:00h when the CIO of a potential customer, who was visiting our offices, asked for a meeting with the product team before leaving. During the session he asked many questions about the scope of our services, the SLAs, the customer portal and security status dashboards, the architecture of our platform, the processes of our SOCs, the training programme we use to keep our staff up to date, our roadmap and vision for the future, and so on. He did not ask anything about technologies. In fact, when I asked him about preferences and opinions his answer was surprisingly “whatever you think is best”.

His questions made it clear that he did not want a supplier simply to manage the security technology. Neither was he looking for a security supplier to patch up an occasional hole he had in his programme. He urgently needed a partner he could trust with all his security operations. His experience with a recent breach had made it clear to him that rebuilding everything from scratch with internal resources or a jigsaw puzzle of suppliers was not going to work. He did not have the time, budget or knowledge to do it. Especially in a market where there is plenty of technology, but a shortage of experienced professionals.

This meeting was 3 years ago and since then we began to see a very clear trend. Very sophisticated customers, such as financial institutions, were increasingly asking to outsource most of their security operations. And smaller organisations, less mature in cyber security, were asking directly for turnkey end-to-end solutions. We began to respond to this type of demand with special projects, bespoke to each client. This customised approach is very powerful but is beyond the reach of some organisations due to its cost, leaving part of our customers unprotected.

NextDefense is born

As the leading cyber security company in Spain and Latin America, we had an obligation to do something to help as many customers as possible. And so the idea of NextDefense, our new brand of advanced cyber security services, was born.

“NextDefense’s mission is to provide a complete, leading edge cyber defence solution within the reach of any organisation.”

The most important pillar of a solution with this ambition is undoubtedly the team, the cyber security operations. Over the last few years we have been recruiting over 1500 of the best cyber security professionals, and building a global SOC with 11 locations around the world that offers the most advanced services a customer could ask for. This year we have opened our global Managed Detection and Response competence centre, with intelligence analysts, malware analysts, hunters, forensic analysts, vulnerability analysts and all those profiles needed to offer advanced detection and response services.

This team is supported by our iMSSP platform, which contains all the necessary pieces to offer cyber security services in an efficient, effective, and integrated way. A platform that, if a customer wanted to copy it, would take several million euros and several years to build. The journey starts with the customer portal for a single, integrated view of all services, case management for full control and millimetric measurement of everything that happens during service delivery to a customer. We have an orchestration and automation layer to deliver the fastest, most efficient service at the lowest possible cost. And telemetry and analytical capabilities based on the best technologies on the market, which have been selected after exhaustive testing in our laboratory and validated in the day-to-day work of hundreds of customers.

On these pillars we have built a comprehensive portfolio of advanced cyber security services that can cover most of the functions of the NIST Cybersecurity Framework:

Vulnerability Risk Management

Most cyber security programmes are doomed to fail because of basic failures in the process of eliminating known vulnerabilities. Much of the complexity lies in the vulnerability remediation process and not just in the discovery of vulnerabilities. That is why we offer a managed Vulnerability Scanning service that does not stop just at discovery. Our analysts filter and prioritise vulnerabilities, and our portal makes it easy for customers to manage and track the entire lifecycle of a vulnerability, from discovery to remediation.

Another basic limitation of many vulnerability programmes is that they do not monitor the risk introduced by their partners. Thanks to our Benchmarking, Audit and Compliance solution that uses automatic rating techniques, we can have a very broad, real-time picture of what is happening in our supply chain and therefore act.

Finally, in all organisations there are vulnerabilities in proprietary applications or architectures that are only discovered when expert analysts try to gain access by combining different techniques and taking several consecutive steps to reach the target. These types of problems are not discovered with automated tools. That is why at NextDefense we incorporate Pentesting and Security Assistance services, as well as Red Team Assistance in order to provide our clients with a complete guarantee.

Cyber Intelligence

Sun Tzu said in his “Art of War” that a successful warrior had to know both himself and his enemy. If vulnerability management is the knowledge of oneself, then Cyber Intelligence is the knowledge of the enemy. We have invested a lot of effort over the last few years to have the best tools, identify the best sources and communities for Cyber Intelligence sharing, and carefully select the partners we work with to acquire and share intelligence. Intelligence at NextDefense is as much an attribute of differentiation and quality as it is a catalogue of services. Having our own indicators of compromise feed that is among the highest rated for quality in sharing communities such as the CyberThreat Alliance, where all the market leaders participate, allows us to offer better quality detection and response.

On the other hand, we also offer the market leading Digital Risk Protection service in Spain and have incorporated specialised feeds from our partners into NextDefense to meet the most advanced Cyber Intelligence needs.  

Detection and Response

Everything we have told you so far comes together in the core service of our value proposal. Detection and Response family. In short, what our clients ask us to do is to take responsibility for the entire detection and response process, and this is precisely what we have set out to do at NextDefense with our Managed Detection and Response service. A service that allows any company to have a complete and modern SOC without any initial investment. Offered as a monthly subscription, it includes both endpoint detection and response technology from the market leaders (Crowdstrike and Palo Alto) and the entire layer of detection and response services: deployment and configuration, 24/7 monitoring of alerts, threat hunting managed on a regular basis, and a DFIR retainer to provide peace of mind if something happens. A comprehensive service that is sure to bring security and reassurance to many of our clients.

For more information about NextDefense you can read this report or get in contact with our experts.