ElevenPaths Radio English #1 – Skills of a Cybersecurity Professional

ElevenPaths    8 July, 2020

Welcome to ElevenPaths Radio English! We proudly introduce our podcast about cybersecurity news presented by our Chief Security Ambassadors, now also in English.

If we put ourselves in the shoes of a CEO, on whom today depends the protection of the data that the company keeps for its customers, it is critical to have an effective information security plan. But how do they do it? Is it a matter of hiring professionals who really know the subject, but what skills should a cybersecurity professional have today?

In this first episode, our CSA Deepak Daswani discusses what a true cybersecurity professional must have to be valuable to companies. In addition, he covers the main areas of knowledge in cybersecurity, such as ethical hacking, pentesting, auditing, incident response, forensic analysis or malware analysis.

Press play and enjoy this episode!

First episode of ElevenPaths Radio English now available

Adversarial Attacks: The Enemy of Artificial Intelligence

Franco Piergallini Guida    7 July, 2020

A neural network has a simple objective: to recognise patterns inherent in data sets. To achieve this, it must have the ability to “learn” by going through a training process where thousands of parameters are adjusted until a combination that minimises a given error metric is reached. If it finally finds a combination of parameters allowing it to generalise the data, it will be able to recognise these patterns and predict, with an acceptable error tolerance, data inputs never seen in the training process. This data can be images, videos, audios, or tabular data. What if someone knows how to manipulate this data to provide the most convenient data for them?

Imperceptibly and unconsciously, we use neural networks in a multitude of tasks that we perform every day. Some of the most simple examples are the film recommendation systems on Netflix and music on Spotify, the identification and categorisation of emails, the interpretation of queries and next-word predictions in search engines, virtual assistants and their natural language processing, facial recognition in cameras and, of course, the identification of friends on social networks as well as the funny filters that change our facial features.

Without discrimination, neural networks succeed in an immense variety of fields. We can use them to diagnose COVID-19, track down drug dealers on social networks, or even detect fake news. However, it has been shown that they may also be hacked, taking us back to the essence and definition of hacking: manipulating the normal behaviour of a system.

One of the techniques used to arbitrarily manipulate neural networks is what is commonly known as “Adversarial Attacks”. Thanks to this we can produce the desired output by creating a carefully crafted input. For example, if we have a neural network that, based on the sound of a cough, predicts the probability of having or not having COVID-19, we could manipulate the recorded spectrograms by adding noise to modify the probability of response (increase or decrease it). Or we could even generate a spectrogram with no sense or similar to those generated by the cough and thus obtain any desired response probability.

Example with Deep Fakes

Let’s see a specific example: We have a system very good at predicting whether a video is deepfake or not. One of the traditional solutions to this issue begins with the collection and alignment of n faces appearing in the video by using a specific neural network for this task. Once collected, another network predicts the probability of a face being deepfake or not.

This image has an empty alt attribute; its file name is image-72.png
Source: Deepfake Detection Challenge (DFDC)

The last step is to take an average of all the probabilities for the n faces collected. If this average is greater than an established limit (for example, 0.6), then the video is classified as deepfake. Otherwise, it is classified as not deepfake. Clearly, we can see that in the example the quality of the generated deepfake is not very good, so the system is very confident when classifying it (0.86).

To modify the output probability of the system, we should add strategically generated noise and insert it into the video. To achieve this, we have three restrictions:

  • The noise generated must be sophisticated enough for the network that identifies the faces to continue to do its job well.
  • The noise must be generated in such a way as to lower the probability that the second network predicts on all collected faces.
  • The modifications should be as unnoticeable to humans as possible.

Analysing the second network in detail, we can see that the input received is always the same size: a 256-pixel high by 256-pixel wide RGB image. Neural networks are deterministic, that is, for any input image that fits the first layer, it will produce an output. Pixels take values between 0 and 256, which means that the space of possible combinations for inputs from the second network will be 256256*256*3 but only a very small subset will meet all three restrictions.

This image has an empty alt attribute; its file name is image-73.png

To generate noise, we use the Fast Gradient Sign Method (live demo), which involves a white box attack and full access to the system. But what happens when we have only one chance to fool the system? We could create our own replica model of the original and generate the noise based on it. There are high probabilities that the attack will work by transferability, a property that is still a case study but that basically says that two models with the same objective will be based on the same features to accomplish it.

How Can We Protect Ourselves from This Kind of Attack?

One solution may be to add a new neural network that works as a kind of IDS (SafetyNet) in our process. If it detects that the image or video contains this type of attack, it can discard the video and classify it as malicious. Another solution would be to generate these attacks and include them in our data sets and within the training process of our network so that it can tag them as malicious. However, this option is very cost-intensive due to the amount of combinations over which they can be generated.

A very clever solution from an NVIDIA team called BaRT (The Barrage of Random Transforms) proposes to apply different types of attacks to the data set where the neural network is trained to make it difficult for the attacker to perform a black box attack so that the network can correctly classify a video as malicious.

Cleverhans, from Tensorflow, and ART (Adversarial Robustness Toolbox), from IBM, are libraries where we can find a starting point with examples to learn more about this type of attacks in neural networks, as well as ways to fix them in our models and increase their robustness.

There are many places where attackers can exploit these types of techniques and have a significant impact: Identity theft in facial recognition systems, tricking detectors of sexual or violent content on social networks, traffic signs used by autonomous vehicles, fake news detectors, etc. Behind all these applications that we use daily there are models that, like any system, can become vulnerable and their behaviour can be disrupted.

Telefónica Invests in Nozomi Networks, a Leading Company in OT and IoT Security

ElevenPaths    7 July, 2020
  • Its technology guarantees advanced cybersecurity, improved operational reliability and simple IT/OT integration
  • The investment, made through Telefónica Innovation Ventures, reinforces an earlier joint services agreement with Nozomi Networks and ElevenPaths, Telefónica Tech’s cybersecurity company

Telefónica, through TIV (Telefónica Innovation Ventures), its corporate venture capital vehicle, has made an investment in Nozomi Networks Inc., a leading OT and IoT security provider that operates in 16 countries and enables real-time visualization of cyber risks, as well as managing and improving the resilience of industrial operations. This investment represents a strategic undertaking to increase Telefónica’s cooperation with this leader in cybersecurity, which specializes in protecting operational technology (OT) and internet of things (IoT) infrastructures in sectors such as energy, pharmaceuticals, manufacturing, logistics and the automotive industry.

Recognized as the market leader in OT and IoT security, Nozomi Networks is valued for superior operational visibility, advanced OT and IoT threat detection and strength across deployments. Nozomi Networks solutions support more than 3.6 million devices in more than 2,400 installations across energy, manufacturing, mining, transportation, utilities, building automation, smart cities and critical infrastructure. Nozomi Networks products are deployable onsite and in the cloud and span IT, OT and IoT to automate the hard work of inventorying, visualizing and monitoring industrial control networks through the innovative use of artificial intelligence. Use cases stretch beyond cybersecurity, and include trouble shooting, asset management and predictive maintenance

“With this investment in Nozomi Networks we are reinforcing Telefónica’s commitment to cybersecurity in industrial environments and critical assets exposed to constant and ever-changing threats. Monitoring and threat detection systems are highly important in helping to minimize these risks and in this field the artificial intelligence-based technology developed by Nozomi Networks is essential for our industrial customers”.

Guenia Gawendo, director of Telefónica Innovation Ventures

The investment through TIV reinforces the partnership agreement announced earlier this year between ElevenPaths, the cybersecurity company integrated into Telefónica Tech, and Nozomi Networks. The ElevenPaths partnership enables industrial infrastructure operators to gain advanced visibility and manage their security by means of a smart MSSP solution. The managed security service, available through ElevenPaths, incorporates Nozomi Networks solution to provide risk management capabilities for industrial network and critical infrastructure customers including energy, utilities and others.

“The COVID-19 pandemic has accelerated the need for companies to improve the visibility of their assets and update their inventories, as they urgently obtain new devices and applications to enable the possibility of teleworking”.

Pedro Pablo Pérez, CEO of ElevenPaths, Telefónica Tech’s cybersecurity company

“The support of Telefónica – one of the world’s largest international telecommunications providers and a leader in developing and delivering security services – helps strengthen global awareness for Nozomi Networks technology.

Telefónica fully understands that it’s no longer enough simply to protect IT networks. It’s also essential to invest in detecting, monitoring and mitigating OT and IoT-related risks.”

Edgard Capdevielle, CEO of Nozomi Networks

Over the next four years the ICS (industrial control systems) security market is expected to experience a 23% Compound Annual Growth Rate (CAGR).

Nozomi Networks’ total funding to date exceeds $54M with top-tier investors including GGV Capital, Lux Capital, Energize Ventures and Planven Investments. This investment in Nozomi Networks expands Telefónica Innovation Ventures’ portfolio of 11 invested startups and technology partners linked to the group’s global strategy and the transformation of the telco industry.

Press release:

Click to access ElevenPaths-Nozomi-PR-2020-EN.pdf

IoT and Big Data in football to enable intelligent decision making

Olivia Brookhouse    7 July, 2020

IoT and Big Data in sport are becoming ever more prevalent, bringing value to not only players but spectators too. Football, although a seemingly basic sport with a just one ball, two nets and 11 players on each side, is no exception to these technological advancements. Since its conception in the middle of the 19th century, technology has helped modernize and optimize the game. Read further to discover how IoT and Big Data have specifically made an impact.

Back in the 1950’s, Charles Reep created a system to record statistics of football players’ movements using just a pen and paper. It provided valuable insights; however, it took him over three months just to analyse the data captured during the 90 minutes of the 1958 World Cup final alone. So, the desire to capture data to analyse performance is nothing new, but the methods and accuracy have certainly progressed. Video analysis was brought in in the 1990’s but metrics such as passes completed, tackles made and so on were tallied manually by analysts watching the game and therefore was still very time consuming.

The introduction of IoT, sensors and devices connected to the internet which capture data from the pitch and players, have enabled real time integrated analysis. Whilst Big Data analytics and Artificial Intelligence enable the simultaneous processing and analysis of data from many sources to measure and predict players performance, crowd reactions, and many other aspects of the game. These technologies have made live analysis a key feature of the game.

IoT in football

Sensors and devices

Sensors and devices are worn by players to measure heart rate, running speed, distance covered, muscle activity and many other metrics to determine their performance levels. Devices can also be incorporated into clothing and football boots to measure force exerted on the ball and collisions with opposition. These sensors are connected to a low-powered cellular phone transmitter or the stadium’s Wi-Fi network to enable the teams to monitor the data feeds.

A startup, HUMANoX Soccer, has produced an innovative solution that meets the increasing demand to make decision making more intelligent in sport. Its digital platform connects to their IoT HX50 shin pads, made of carbon fiber, as light as they are resistant, which are equipped with intelligent sensors that offer thousands of data points of the player. The performance of the player is measured during training or in official matches and all in real time thanks to the mobile connectivity offered by Telefónica.

The data collected by these sensors and devices can be used to design personalised training plans that focus on individual weaknesses. Coaches can also see in real time during matches how each player is performing to make strategic substitutions.

Video assistant referee

VAR technology, which use IoT smart cameras were first incorporated on a large scale in the Russian world cup in 2018 to provide more accurate analysis on the goal line. This means decisions are more accurate and can reduce arguments and anger from players and supporters alike.

Smart stadiums of the future

The partnership of football and IoT may only be in its infancy, however, there are other solutions that can enhance the viewing experience.

For example, machine-to-machine (M2M) connectivity, where machines can communicate with each other will ensure that large stadium disasters around the world can be prevented. Police and stadium officials will be able to accurately track, analyse and control movements of crowds of fans to avoid accidents and crushing.

Whilst drones delivering food and drink to supporters in their seats may be a stretch too far, it is possible that drones could be used around the outside of the stadium and concourses to allow pre-orders to be delivered to specific collection points.

Big Data in Football

Coaches now have an entire backstage team, equipped with advanced computer analytics programs and monitoring equipment to gain insights on every aspect of the match. Performance analysts use time lapse software to track event frequencies which, by the end of a match or training session, will create a large data set which can be processed to draw out actionable conclusions.

Thanks to Artificial Intelligence and Algorithms, how the data can then be presented after it is collected is also developing from basic visualizations to more complex predictive models. This can provide more intelligent insight into how players should behave in certain circumstances. This is changing the game of football, as more coaches turn to data to inform their decisions during a match. Clubs that rely on a more evidence-based approach to performance can tailor training and games according to their next opposition. Whilst this clearly helps secure a win, it also helps prevent injuries.

We can see how IoT and Big Data play hand in hand, whilst IoT collects the necessary data, Big Data analytics allows teams to draw actionable insights to inform decision making.

https://www.youtube.com/watch?v=K77jT0Suurs

To keep up to date with Telefónica’s Internet of Things area, visit our web site or follow us on TwitterLinkedIn YouTube.

IoT and Big Data, essential technologies for Rugby Union
Big Data and IoT in tennis, serving up new insights

To keep up to date with Telefónica’s Internet of Things area, visit our web site or follow us on TwitterLinkedIn YouTube.

OpenPGP: Desperately Seeking Kristian

Sergio de los Santos    6 July, 2020

A year ago, OpenPGP was suffering from a problem of vandalism in its key servers. The system was dying and needed a change that was not trivial without betraying principles based on a 1990s Internet, naive in today’s eyes. Recently, a simple anecdote shows once again some serious shortcomings, an anachronism unworthy of today’s networks. An unbreakable will but unable to adapt to the new times that continues to seek Kristian desperately.

What’s Happened?

This image has an empty alt attribute; its file name is image-71.png

Key servers (SKS) are essential to the OpenPGP infrastructure. They ensure that we can locate people’s public keys. They allow these keys to be incorporated into the system and ensure that they are never lost and replicated to provide availability. To interact with them, the OpenPGP HTTP Keyserver protocol (HKP) is used. Through port 11371 keys can be uploaded and searched.

Public servers have never worked properly, and they have too many shortcomings. To test it, just connect to any key system (such as https://pgp.mit.edu) and search for keys. After several server errors (and adapting the eye to the 90s aesthetics), you may have the answer. It’s the same with https://keys.gnupg.net, https://pgp.key-server.io or any other. Unreliable and poorly-maintained servers are the root of public cryptography.

HKP over TLS is called HKPS. The hkps.pool.sks-keyservers.net server is responsible for the “pool” of HKPS servers that brings them together, arranges and “sorts” them from a DNS point of view so that they can be known and coordinated. To join the pool, servers must be validated and certified by their own CA, that allows their encrypted communication. This CA has been maintained manually by a single person for more than 10 years: Kristian Fiskerstrand.

The point is that Todd Fleisher, who manages one of those servers, had his certificate expired, one that allowed him to communicate with the main server and stay within the pool, therefore coordinated with the remaining servers. He tried “desperately” to contact Kristian for a month. Time was against him. Kristian gave no sign of life, neither by mail nor on social networks. 

Finally, his certificate expired, and he had to get one from Let’s Encrypt just to keep encrypting communications. He was aware that the pool hkps.pool.sks-keyservers.net  would not trust him, but at least it allowed him to keep working without synchronisation. Shortly after, Kristian replied. Without giving any further reasons, he said he had been on other business during the last month. He renewed his certificate. If it had taken longer, the other servers would have expired, and the pool would have ignored them.

Why Did This Happen?

Because a centralised critical point (that makes it possible the decentralised use of OpenPGP) is in the hands of a single person who voluntarily maintains it. A system from another decade (and not even the last one) prone to errors, failures and dependent on good will. Romantic but impractical.

We love free software, but let’s not forget that it also requires funding so that not just one person, but a team, can invest the corresponding time. Because we’re talking about a free encryption system, whose grandfather was the standard-bearer of cypherpunk in the 90s, and which Phil Zimmerman fought for. Let’s remember that until the year 2000, the export of cryptography outside the United States was very limited.

This image has an empty alt attribute; its file name is image-69.png

This is not the only problem with OpenPGP. Thunderbird, a classic that has experienced all kinds of problems (Mozilla wanted to get rid of it for a while to focus its efforts on Firefox) gave good news. In October 2019 Mozilla announced that it wanted to add native OpenPGP support to its Thunderbird email client. This meant removing its Enigmail extension, the queen for managing S/MIME and OpenPGP in the mail.

This fact brought to light some realities of the software world that, in the field of free and open source, are perhaps more surprising because of the expectations generated. Enigmail works almost miraculously. This means that Enigmail’s interface uses command line calls and collects the result that redraws in Thunderbird, with all the problems that this can entail. This is certainly not an ideal scenario, but it has been done for many, many years and nothing better has come up. Enigmail is a project of a few people in their free time living on donations. They’ve been maintaining it for over 15 years and, when they know they’re going to have to kill it, they even offer to help the Thunderbird development team get it integrated.

Even so, Thunderbird had to face licensing issues to incorporate encryption into its client natively, but there was a condition: if the effort made Mozilla lose focus on Firefox, it wouldn’t be worth it. However, it seems that it’s almost integrated. We can see the following message in the latest versions of Thunderbird:

This image has an empty alt attribute; its file name is image-65.png

This essentially means that they haven’t been able to make the two systems compatible for a while, neither Enigmail nor the new integrated system are working well in the latest versions. They haven’t had time. So you have to choose an outdated version of Thunderbird if you want to use OpenPGP with Enigmail for a period.

What Else Is Going to Happen?

This image has an empty alt attribute; its file name is image-62.png

A critical system can’t be maintained by good will. It requires critical mass of use (beyond promotion), investment (and not just donations), collaborations (beyond good words), infrastructure and people. Above all, people. It cannot depend on literally one single technician for a critical part of the system, because he puts all its functionality at risk. Free software can’t be seeking Kristian desperately.

Cybersecurity Weekly Briefing June 27-July 3

ElevenPaths    3 July, 2020

Adobe, Mastercard and Visa Warn of the Need to Upgrade to Magento 2.x

Payment providers Visa and Mastercard, together with Adobe, have tried for the last time to convince online shop owners to upgrade their platforms to the Magento 2.x version. On June 30, Magento 1.x platform has reached its official end of life date (EOL), after which Adobe plans to stop providing security updates. Last week, Adobe released the latest security updates for Magento 1.x but, unfortunately, despite the fact that online shop owners know since late 2018 that this EOL was approaching, many have not acted. About 75% of Magento stores currently still operate with version 1.x. Once the 1.x branch reaches the EOL, any new Magento 1.x exploits will be a disaster for the online store market since there will be no patches available. Due to the large amount of major changes between the two versions, many online store owners have chosen to stay with the previous 1.x version and avoid having to redeploy their stores from scratch.

More information: https://www.zdnet.com/article/adobe-mastercard-visa-warn-online-store-owners-of-magento-1-x-eol/

Critical Vulnerability in PAN-OS

Palo Alto has issued a security advisory to report a new vulnerability (CVE-2020-2021) that has been given a maximum base severity in the manufacturer’s bulletin: CVSSv3 of 10, since it is a remote, low complexity vulnerability, with no previous requirements or need for interaction with third parties. It is an authentication bypass vulnerability when SAML authentication is enabled and the Validate Identity Provider Certificate option is disabled. Exploiting the vulnerability for GlobalProtect Gateways, GlobalProtect Portal, VPN Clients, Captive Portal and Prisma Access products would allow a malicious user with network access to the vulnerable server to gain access to the resource, if allowed by the device configuration and policies applied. Regarding Panorama’s PAN-OS and web interface, exploiting the vulnerability would allow an unauthenticated remote user with network access to the vulnerable system to gain access as an administrator. Currently, there is no evidence of the vulnerability being exploited, although following information from the USCC, a tweet was posted alerting of the need for urgent patching. Before carrying out the update, it is recommended to check the manufacturer’s indications in the bulletin and to follow the previously recommended steps. Telefónica is taking the necessary actions to detect and patch the vulnerability.

Learn more: https://security.paloaltonetworks.com/CVE-2020-2021

Microsoft Security Updates

Microsoft has released emergency patches that address two bugs in the Windows 10 and Windows Server 2019 Codecs library. The two vulnerabilities were reported to the firm by the researcher Abdul-Aziz Hariri last March.

  • CVE-2020-1425: This is a critical-severity vulnerability that, if exploited, would allow a threat actor to access valuable information from the affected system, thus opening the possibility of future use with the aim of compromising the victim’s machine.
  •  CVE-2020-1457: This is an important-severity vulnerability that could allow an attacker to execute arbitrary code on an affected system.

Microsoft guarantees that customers and users do not need to take any action to fix this issue, since they will receive the updates automatically. 

More details: https://searchsecurity.techtarget.com/news/252485557/Microsoft-fixes-Windows-Codecs-flaws-with-emergency-patches

Critical Vulnerabilities in Apache Guacamole

Check Point researchers have discovered multiple critical reverse RDP vulnerabilities in Apache Guacamole, an open-source remote desktop application used by system administrators to access and manage Windows and Linux machines remotely. These vulnerabilities would allow an attacker who had previously compromised the computer to reattack through Guacamole when a user remotely connected to the infected computer. This would allow the threat actor to gain full control of Apache Guacamole server and intercept and control all sessions connected to the server. Apache has already deployed patches to mitigate this threat.

More: https://blog.checkpoint.com/2020/07/02/hole-y-guacamole-fixing-critical-vulnerabilities-in-apaches-popular-remote-desktop-gateway/

Agent Tesla Distribution Campaign Impersonating Logistics Companies

This week a new wave of a malspam campaign has been detected, targeting users and entities in the Spanish area and aimed at the distribution of the keylogger & infostealer Agent Tesla. The e-mails pretend to come from the messaging company TIBA, in the same way that last week the company GLS was impersonated. The content of these emails refers to a supposed delivery that the user is waiting for, and says that he or she can check more details by clicking on a link included within the email. This link leads to a free file hosting service (mediafire.com) where a compressed file in 7z format containing a malicious executable named “Detalles de envio.exe” is downloaded. 

New Call: ElevenPaths CSE Programme

ElevenPaths    2 July, 2020

As many of you may have seen on our blog and social networks, ElevenPaths CSE (Chief Security Envoy) programme, born as a pilot experience, has been a success. That’s why we’re going ahead with it.

As you know, ElevenPaths always promotes talent and passion for technology and cybersecurity. ElevenPaths CSE (Chief Security Envoy) is a programme to recognise and support outstanding security professionals within the industry who enjoy sharing their knowledge with the community.

For this reason, and after a successful year, we are launching a new call for all those professionals within the sector who want to join it.

What Is ElevenPaths CSE Programme?

It is an initiative launched from ElevenPaths intended to recognise and support professionals within the sector. In addition, the professionals selected by this programme will take advantage of several benefits.

The selected CSEs will directly collaborate with the mission of the CSAs (Chief Security Ambassadors) in the promotion of the cybersecurity culture and of their own knowledge and skills through the participation in specialised events, interviews and posts. To this end, they will receive support of different communication channels where ElevenPaths has presence.

Who Is It Aimed at?

To all those passionate about IT security who are a reference in the sector and enjoy sharing their knowledge. From ElevenPaths, Telefónica’s Cybersecurity Company, we want to recognise their work and support them in spreading their knowledge in cybersecurity.

What Are the Tasks of an ElevenPaths CSE?

  • Participation in specialised forums.
  • Writing articles for blogs and magazines.
  • Participation in security research.
  • Support on social networks.

In What Areas of Cybersecurity Do We Seek to Recognise Experts as ElevenPaths CSEs?

  • Communications, Wi-Fi, Mobile, VoIP RSD.
  • Industrial systems and critical infrastructures, industry 4.0, IoT, IIoT, OT.
  • Hardware hacking and car hacking.
  • Video games and consoles.
  • Mobile devices.
  • Reversing, malware, APT and botnets.
  • Forensics and IR, DFIR.
  • Vulnerabilities, fuzzing, exploiting and pentesting.
  • Cloud, CASB and virtualisation.
  • Cryptography, cryptocurrency, blockchain, identity management and biometrics.
  • Health, medical devices and wearables.

ElevenPaths CSEs Benefits

ElevenPaths CSEs will get the following benefits:

  • Title recognising the CSE as a cybersecurity expert.
  • Support and promotion of the CSE through ElevenPaths’ official communication channels.
  • Access to ElevenPaths’ own tools, services and training in cybersecurity.
  • Attendance to world-class cybersecurity events and meetings, as well as from other professional fields, free of charge.
  • Participation in research.

What Are the Differences between a CSA and an CSE?

A CSA (Chief Security Ambassador) is a person who represents ElevenPaths and has among their objectives the dissemination and promotion of the cybersecurity culture in forums, conferences, magazines, etc. where we participate.

On the other hand, a CSE (Chief Security Envoy) is a person who collaborates in the mission of CSAs to promote the culture of cybersecurity, expanding its scope and therefore the scope of ElevenPaths.

Becoming an ElevenPaths CSE Does not Mean…

  • Being hired by ElevenPaths or having an economic retribution.
  • Paying for travel and accommodation within the development of their functions.
  • Conducting commercial actions and selling products or services.
  • Developing and/or giving training or workshops.
  • Being required to perform the actions proposed by a CSA. The CSE decides whether to carry them out or not.

If you want to apply for the programme or need more information, please write to [email protected] explaining why you think you would be a good candidate to join our CSEs team.

COVID-19, Insight from the Telco Security Alliance

ElevenPaths    1 July, 2020

The Telco Security Alliance (TSA) is formed by AT&T (AT&T Cybersecurity), Etisalat (HelpAG), Singtel (Trustwave), SoftBank, and Telefónica (ElevenPaths). The TSA aims to offer enterprises comprehensive cybersecurity insights to help them address the threat of cyberattacks and the evolving threat landscape.

Three members of the TSA have joined together to create this report through their respective cybersecurity and threat intelligence units and companies: AT&T Cybersecurity (AT&T Alien Labs), Singtel (Trustwave) and Telefónica (ElevenPaths). The report covers noteworthy discoveries related to COVID-19 in the cyber domain.

From ElevenPaths, the experts that have participated in the report are Miguel Ángel de Castro, José Ramón Palanco, Helene Aguirre Mindeguia and Sebastián García de Saint-Léger.

Abuse of COVID-19 in the cyber domain

The cyber threat landscape has evolved quickly since the start of the COVID-19 pandemic, shifting attacks to a new tempo and success potential. Along with many in the cybersecurity community, TSA members have observed a sharp increase in malicious activity taking advantage of the pandemic while nations and organizations are at their most vulnerable. These adversaries are increasingly seeking to opportunistically benefit financially, gain unauthorized access to networks for immediate and long-term strategic benefit, and spread misinformation with political agendas. The three members of the Alliance participating in this report investigated multiple threat actors (from crimeware to nation states) who are continuing or increasing attacks during the pandemic against private organizations and government agencies.

Criminal organizations and nation states have historically taken advantage of large-scale events, using social unrest, fear, and confusion to their advantage. However,  the global impact of COVID-19 has raised the bar in attack operational value. The extent to which threat actors are using it in campaigns may ebb and flow over the next 12 months, however it’s not likely that COVID-related threats will be going away anytime soon. This report provides insight into a few of the threat actors and campaigns that have been active in the last few months

Full report available here:

Click to access covid19-insight-from-the-telco-security-alliance.pdf

How will Education change post-covid?

AI of Things    1 July, 2020

We have been in lockdown for several weeks now, and along with the common struggle we are all going through, one thing is becoming increasingly clear to us: when this is over, when we get through this crisis, and when we look back, we will see that the world before the Coronavirus was very different. I am not talking about what the world will look like immediately after the pandemic, but a few years later.

By then, we will have acquired new habits that seemed impossible before 2020: we will work differently, travel differently, pay differently, interact differently and also, this time, educate ourselves differently. These new habits, once acquired, will be difficult to stop and will change many aspects of society. So how will this impact on education?

What will education be like after COVID-19?

Digital

The first change is, of course, that we have become more digital. In education, the technological dimension will become much stronger than before and this will force us to rethink our methodologies. The masterclass will make less and less sense (although it won’t disappear completely), and will derive into asynchronous formats. Students will expect that, if the teacher is going to give them a monologue, they will be able to pause, move forward and backward in the class as they wish, just as they already do with videos on Youtube or other platforms. What’s more, in a world where we are increasingly busy and bombarded with stimuli, it will be common to see the most tedious lessons being played at 1.5x or 2x the playback speed. If you find this surprising, consider that there are already people demanding to be able to change the playback speed on services like Netflix. If this happens with entertainment, be sure that we will also do it in other types of content.

Fluid

The first few months after confinement, classes may not be 100% full, so teachers will need to be prepared to teach both face-to-face and online. Therefore, digitalization will also lead to a more fluid education, alternating and combining face-to-face phases with non-presential phases and synchronous methods with asynchronous methods. Flipped classrooms will become even more important and, hopefully, increase their adoption. This will require teachers to adapt to new methodologies to which they were not accustomed. First, they will have to become digital content generators, and second, able to create and manage dynamic activity sessions in the classroom. Students who attend classes in person will expect these to be memorable moments with experiences that are worth investing their time in.

The flipped classroom model

Life-long

Life-long learning was already in place, but now it’s here to stay. We are in a VUCA (Volatile, Unknown, Complex, Ambiguous) world and the pressure for constant improvement and upgrading will be stronger than ever. The increasing pressure to digitize companies and organizations will only accelerate this process. And this is where MOOCs and other similar initiatives will have to take up the challenge. So far, despite the great promise, they still face huge dropout rates and reducing them will (already) be their next challenge.

Probably the direction to take will be to move towards smaller and smaller modules where the student will be able to acquire specific skills in a very short time. This is in line with two current trends: the first is the immediacy that we all demand in this hyperconnected society, while the second is the skills-based market, a consequence of changes in the demand for profiles in companies (they no longer look for candidates to fill their positions, but look for specific skills to cover needs).

Open and collaborative

Education will be more open and collaborative. Before the Internet, the book and the teacher were the only source of knowledge. Now students have to learn to filter information from a sea of abundant, not always reliable, sources. But the Internet has not only brought more sources of information. It also has allowed us to be permanently connected with colleagues, friends and family. So, let’s be realistic, in a hyper-connected society we don’t expect students to be happy when their teachers ask them to disconnect from the world to “learn”. Ask any teenager you know how they “stay virtual” in Whatsapp and other instant messaging applications to solve exercises together. It is paradoxical that we expect students to solve their work and exercises individually when the world of work greatly values the abilities of collaboration and teamwork. Instead of banning these practices, we should encourage them!

No exams

The test will lose its strength as an evaluation tool. In a fluid, highly asynchronous and deeply collaborative educational environment, the test loses its meaning and will give way to other assessment methodologies. Among others, peer review and automated assessment systems, capable of giving feedback in real time to the student, will become increasingly important.

To this end, tutors and trainers will have to design educational experiences whose evaluations will allow the student to correct and improve almost at the same time as he or she is learning. Other more qualitative and, depending on the type of education, self-evaluation aspects will also gain strength.

Many teachers are skeptical, but I guarantee that there is life beyond exams. When I’ve taught at university, I’ve never tested my students with these kinds of tests, and now that I’m teaching in a business school, I don’t plan to do so either. But don’t think that this applies only to university or post-university education. My daughters go to a school without tests, and every term I receive a full report indicating where they are strong and where they need more development. Not using exams doesn’t mean not evaluating or not knowing how well students are doing but doing it differently. And in the post-covid world this should no longer be the exception.

Challenges to be addressed

Technological

The digital divide is real in many countries and governments will have to fight to ensure that it does not affect the equal right to basic education. This will have less weight in tertiary and corporate education, but primary and secondary education will be especially important. It has already happened during confinement and will be one of the challenges to be resolved. Providing technology and connectivity to classrooms is key, but it is also necessary to guarantee access to connectivity and technological means for all students in their homes.

Skill building

In any process of digital transformation (and the process of transformation of education is one) it is of vital importance to ensure that the workforce acquires the appropriate skills to be able to carry out this transformation. Digital literacy will be more important than ever, requiring teachers to become experts in multimedia content creation, web publishing and administration, digital community management, etc.

Methodologies

In the educational field, teachers will not only have to learn new tools, but more importantly, they will have to learn new methodologies. Technology is the basis, but we should not think that we can solve a problem by just throwing technology at it. When electricity came into the factories, one of the first criticisms it received was that it did not provide any benefit over steam. It was not until several years later that it was understood that this technology allowed the layout and arrangement of machines in the factory to be reconfigured, allowing huge gains in productivity and efficiency. With education the same thing will happen, the best teachers will not be those who have the best technologies, but those who discover what new methodologies can be applied in this new educational model.

Sir Ken Robinson, in one of the most famous TED talks, assures that we have an educational model that dates back to the industrial revolution. The time has come for us to modernize it by jumping from the industrial revolution to the digital revolution. We have an unparalleled opportunity and the time is right. Those who think that everything will remain the same, know that your clients, your students, have changed their habits, have discovered a new world, the digital world, and have already migrated towards it. Rest assured that they will not return. It is time to decide whether we migrate with them or stay in the old world… for another century.

Translated by Olivia Brookhouse, read the post in spanish here

To stay up to date with LUCA, visit our Webpage, subscribe to LUCA Data Speaks and follow us on TwitterLinkedIn YouTube.

Looking for a MDR partner? Beware, not all MDRs are the same

Nikolaos Tsouroulas    30 June, 2020

Are you throwing more money than you can afford into your SOC but still failing to detect and respond quickly enough to incidents? Have you suffered the impact of an incident and need to quickly ramp up your security operations before the next one arrives? Are you confused with the hundreds of products and acronyms that the market is pitching to you everyday and just want a MDR partner you can trust to help you create the right solution for you?

This is what we do at Telefonica Tech Cybersecurity & Cloud company. We believe that all organizations should be able to count on modern security operations with focus on:

  1. Post-breach detection on the endpoint and network based on full visibility and behavior-based techniques
  2. Threat intelligence to better detect new threats and guide preparation and response
  3. Advanced analytics on all sources available to the organization to add an additional advanced detection layer that unifies all threat vectors
  4. Proactive hunting campaigns to make sure nothing slips through the cracks
  5. An incident response and crisis management program with all the required capabilities available for when the rainy day comes
  6. Scalability and automation to reduce costs

Everything you should know about the Managed Detection and Response market

We believe that no size fits all and that not all MDR offerings are made equal. To further help our customers understand what they should be looking for in and MDR program and partner we have worked together with Harden Stance and leading MSSP and MDR providers in a report that reviews the MDR market and highlights all the important aspects that a customer looking to improve her detection and response capabilities should consider before engaging with a provider.

What does ElevenPaths have to offer as a MDR partner?

Our main components are:

  • MDR Lab (detection and response)
    • Our expert team of threats evaluate technologies from leading manufacturers (e.g. EDR, NTA, TIP, Intelligence Feed, Advanced Analytics Platforms etc.), in order to provide consulting services based on organizations’ needs and technical requirements.
  • Managed services in technologies and platforms
    • ElevenPaths provide tailored or turn-key managed services for those technologies and platforms. Administration and investigation of EDR alerts or integration of IoCs and management of TIPs for the application of threat intelligence.
  • Intelligent SOC (iMSSP)
    • Traditional MSSP capabilities merge with the sophisticated features of MDR to enable the customer to outsource their advanced capabilities of monitoring, detection, hunting and response in an ElevenPaths i-SOC.