cloud

Jan 25 2021

Network File-Sharing Service Suffers Cryptojacking Attack

QNAP Inc., a company specializing in building file-sharing and storage management applications, has warned users about an ongoing crypto mining attack on its network-attached devices. According to a recent Bleeping Computer report, the attack is essentially a cryptojacking operation, forcing connected devices to mine Bitcoin.

Blaming Weak Passwords

A Taiwanese company, QNAP Systems is a giant in the file storage and memory devices space. The company provides a backup hub for storing files, essentially operating as a hard drive that users can access anywhere and anytime.

As Bleeping Computer reported, security experts have named the malware installed on connected devices as “Dovecat.” They explained that it had been affecting computer systems since November 2020, and QNAP appears to have been its most prominent target. With access to thousands of connected devices, the malware can get a massive amount of processing power for its mining operation.

QNAP explained to the news source that customers’ weak passwords were to blame for the malware intrusion. The company has asked that users replace weak passwords with stronger ones while installing malware blockers and updating their network-attached devices.

Will 2021 Continue Where 2020 Left Off?

Cryptojacking has been one of the most famous malware variants for the past year. With more people and companies requiring effective internet connection and support, hackers have had a vast network of victims to take advantage of.

Last June, Russian cybersecurity firm Kaspersky reported that Singapore alone had seen a significant spike in the number of cryptojacking cases in the first quarter of the year. Per the report, January to March 2020 saw 11,700 cryptojacking complaints from the country – up from 2,900 in the first three months of the previous year.

Mexico saw a similar trend, where local news source El Economista confirmed that more individuals and firms had fallen victim to crimes like cryptojacking and ransomware attacks than ever before.

The report explained that several companies had complained about unknown entities accessing their cloud computing systems and using them for cryptocurrency mining. However, a cybersecurity expert also told the news medium that many of the firms don’t seem to know much about cloud security, to begin with.

Network File-Sharing Service Suffers Cryptojacking Attack

Source

Jan 11 2021

Kava DeFi Platform to Release Robo-Advisor Service to Automate Strategies for Financial Services and Other 2021 Updates

The Kava decentralized finance (DeFi) platform is “coming out the gates swinging” in 2021 with a “feature-packed” product roadmap – which includes two new native apps and crypto tokens, “decentralized bridges” to onboard major cross-chain digital assets, and several other features to “reinforce the safety and security measures already enjoyed by all users of Kava’s DeFi applications and services,” according to Scott Stuart, who works on Product at Kava Labs Inc.

As noted by Stuart, Kava’s 4-month “major release cycles are targeted for Kava 2021 Development.” The platform’s HARD Protocol Version 2 will include “borrowing with variable interest rates and a distribution of HARD [tokens] to both asset suppliers and borrowers.” As confirmed by the Kava team, HARD Governance will be enhanced to include “more protocol parameters quickly by the HARD community.”

The DeFi platform’s developers revealed:

“Kava has seen significant usage in 2020, as such a number of software optimizations are needed to be made in order for validators to validate blocks in a timely manner, there are also consensus tweaks to improve system performance based on production data.”

They further noted:

“Kava services including cross-chain claim and refund bots, app front-ends, price reference software, Full nodes, historical nodes, REST and API endpoints, and others are run on Kava Cloud infrastructure. Significant enhancements in standardization, security, monitoring and alerting tools have been added to Kava Cloud services that drive infrastructural and end-user services.”

An Autonomous Market Making (AMM) service and application will reportedly be launched and will operate as an on-chain liquidity pool for Kava users so that they can swap different assets on the platform for use in other financial services.

The Kava SAFU fund will be proposed in order to provide more protection to Kava users by insuring and underwriting “some portion of infrastructure and cross-chain activities on Kava.”

As noted in the announcement, the KAVA staking derivative is an asset “derived from KAVA that is staked for POS security.” KAVA staking derivatives “allow more KAVA (derivative) liquidity to be used in various financial services on Kava while not foregoing the security and rewards offered by KAVA POS staking.”

The platform’s developers claim that the safety of Kava users’ assets is “the number one objective which guides development of the Kava DeFi platform.” The Kava team further noted that risk management optimizations such as the enhanced Tendermint mempool queuing and “prioritization of critical services in the mempool will improve transaction safety.”

As confirmed in the update:

“A Robo Advisor service and application will be released to help automate strategies amongst the various financial services offered on Kava, and will increase user onboarding by opening up a larger pool of less hands-on Kava users to participate in yield generating strategies.”

A direct Ethereum bridge to Kava will also be introduced in order to onboard native Ethereum-based assets such as ETH and ERC-20 tokens including LINK and DAI. A fairly large number of users have reportedly requested that they should be able to transfer Ethereum assets directly to Kava and “this bridge should be their service of choice.”

As noted in the announcement, Kava is currently evaluating assets which will use Kava’s “audited Issuance module for USDT, USDC, WBTC, and HBTC amongst others, and will continue to do so through the first half of 2021.”

Kava has moved more than $100 million in asset value “automatically between Binance Chain and Kava.” There have reportedly been many requests to “apply a similar technology to Ethereum assets and Kava will deliver this in Kava 6, such that any project partners built on Ethereum will have access to Kava decentralized financial applications and services,” the update confirmed.

Kava remains focused on helping more users join the DeFi space. The Kava API will be launched as a standardized plugin for application developers and financial institutions to “unlock DeFi services for their users initially including borrowing, lending, and trading.” Prototypes have been integrated with partners such as Binance and Bitmax.io with “many more business integrations to come in 2021.”

Source

Dec 21 2020

Mobile Security Predicted to be Fasted Growing Security Segment in 2021

According to Analysys Mason’s predictions for business connectivity, communications, IoT and security in 2021, mobile device security will be the fastest growing cyber-security category.

In its predictions, Analysys Mason – a global consulting and research firm specializing in telecom, media and technology – said, “COVID-19 has highlighted the importance of mobile security. Enterprises have been slow to secure mobile devices, but will pay more attention to this because they have had to rely on mobile devices during lockdown and new security threats are emerging.

“We forecast that spend on mobile security will grow at 17% CAGR between 2019 and 2025 to reach almost USD13 billion.”

From what we are seeing, we believe this prediction to be true. We are standing at the precipice – – the threats are real and both the private and public sectors are beginning to see it.

As a matter of fact, The U.S. Department of Defense (DoD), through its Defense Information Systems Agency (DISA) and Defense Innovation Unit (DIU), selected Zimperium to deliver comprehensive Mobile Endpoint Protection (MEP) to service members around the world. Our mobile threat defense (MTD) solutions will protect DoD mobile endpoints against phishing, malicious/risky apps, OS exploits and network attacks. And, in the wake of the SolarWinds hack, CISOs and CIOs are scrambling (at least they should be) to address mobile security concerns.

The reality is hackers are getting more creative and bolder in their efforts. Scammers – masquerading as more than 25 different companies, brands and government agencies – used 265 Google Forms to steal user passwords and credentials. While all of the Google Forms were removed by Google after we reported it, the links were active for several months after being added to public phishing databases.

We saw a 6x increase in the amount of phishing attacks – many of which tied to the pandemic – from Q2 2020 over Q1 and, as of September, 2020 recorded more mobile app breaches, failures, and data leaks than all of 2019.

And we could go on. Our researchers uncovered a new variant of the money-siphoning MobOk malware. The samples found evaded detection by AV vendors for months. We also detected 64 variants of “Joker” trojans unreported by the anti-malware industry.

Again, precipice.

CISOs and CIOs are taking note. During one of customer advisories, one security leader stated flatly that “mobile devices are no longer the forgotten endpoint.” As another customer noted, the overnight shift to remote working for most employees has forced organizations to acknowledge the proverbial “elephant in the living room:” mobile devices are accessing/containing corporate data and are the keys to Zero Trust/two-factor authentication. Unfortunately, most organizations have left these devices completely unprotected.

The Zimperium way

Zimperium, the global leader in mobile device and app security, offers real-time, on-device protection against Android, iOS and Chromebooks threats. The Zimperium platform leverages our award-winning machine learning-based engine – z9 – to protect mobile data, apps and sessions against device compromises, network attacks, phishing attempts and malicious apps.

Our solutions include zIPS which runs locally on any mobile device and detects cyberattacks without a connection to the cloud and our first-of-its-kind Mobile Application Protection Suite (MAPS), a comprehensive solution that helps organizations protect their mobile apps throughout their entire life cycle.

MAPS is comprised of three solutions: zScan, which helps organizations discover and fix compliance, privacy, and security issues; zShield, which hardens the app through obfuscation and anti-tampering; and zDefend (formerly zIAP), an SDK embedded in apps to help detect and defend against device, network, phishing and malicious app attacks while the app is in use.

To learn more on how we can help, please contact us.

Mobile Security Predicted to be Fasted Growing Security Segment in 2021

Source

Nov 10 2020

Top 3 Ways to Protect Microsoft Teams on BYO Mobile Devices

During a recent webinar on the Top Five Mobile Security Stories of a Crazy 2020, I listed my number one story around COVID-19 creating a situation unlike anything any of us have ever seen; yet one that will likely leave permanent changes in remote working and learning.

With the overnight shift towards entire workforces working remotely from home, on all variety of corporate and personal (bring your own) devices, IT and security teams have been in triage mode from a security and risk perspective.

Businesses and governments around the world are rushing to enable employees to operate effectively from home, and Microsoft Teams is at the forefront of those efforts.

There are many security options on corporate managed endpoints, but what can an organization do to secure Teams sessions on personal (bring your own) mobile devices?

Sakshi Tiwari – Senior Product Manager, Microsoft – and Mark Tinker – Senior Sales Engineer, Zimperium – joined me in explaining the three top ways to protect Microsoft Teams on BYO mobile devices. To view the entire webinar, click here.

The first way to protect Microsoft Teams on your BYO device is to ensure foundational Teams protections are implemented and used. For example, Teams users and admins should:

Get visibility into endpoints that are accessing corporate resources;
Enforce security policies on mobile devices and apps; and
Use the meeting lobby option to make meetings more secure.

The second way is by actively detecting any risks on users’ mobile devices to ensure security and privacy. Candidly, Zimperium provides the best solution to achieve this goal. Zimperium, the global leader in mobile device and app security, offers the only real-time, on-device, machine learning-based protection against Android, iOS and Chromebooks threats. Powered by our machine learning engine, z9, Zimperium detects more mobile device, network, phishing and malicious app attacks than any other solution.

Our solutions include zIPS which runs locally on any mobile device and detects cyberattacks without a connection to the cloud. zIPS provides persistent, on-device protection for mobile devices similar to what next generation endpoint protection platform (EPP) solutions do for traditional endpoints.

The approach Microsoft takes is really smart. It’s mobile application management (MAM), as opposed to mobile device management (MDM). So – as shown below – you are actually protecting access to the app, not the whole device.

So, how does this work? Take a look at this visual:

1 – Our management console syncs directly with Azure Active Directory, ensuring that we are fitting into the established user groups and policies. Our philosophy being that we should fit into the enterprise, not the other way around.

2 – When the user first goes to one of the Microsoft solutions – including Teams – he/she is prompted to download zIPS

3 – Using its on-device, machine learning-based detection, zIPS detects a critical event.

4 – All of the relevant intelligence – forensics and event information – is immediately sent to our console

5 – Based on the established policy, and since the risk posture is critical – in this example – the device risk level is set to “high” and sent to AAD

6 – Remediation takes place where there’s a block of the launch (“conditional launch”) of the Team’s app.

[embedded content]

To learn more

Click here to view the entire webinar. If you would like a personal demonstration of how Zimperium helps protect Microsoft Teams and other Office apps on personal mobile devices, click here to contact us.

Top 3 Ways to Protect Microsoft Teams on BYO Mobile Devices

Source

Nov 07 2020

Dave Hodgson: CIO at NEM Group and MD at NEM Ventures Discusses Plans for Enterprise Blockchain Development and Support for DeFi

We recently connected with Dave Hodgson, Chief Investment Officer at NEM Group and Managing Director NEM Ventures. NEM (XEM) is a major blockchain or distributed ledger technology (DLT) based platform for building and deploying decentralized applications (dApps).

Hodgson’s role encompasses group investment management, jurisdictional analysis, partnership building, and corporate structure design. He has 15 years of experience consulting for various sizes of organizations, government agencies and NGOs on technology projects, and was an early adopter and program lead for public Cloud projects, having led multiple large organizations through their adoption programs.

Hodgson talked about the explosive growth of the decenralized finance (DeFi) ecosystem this year. He also discussed NEM Group and NEM Ventures’ plans for 2021 and beyond. Our conversation is shared below.

Crowdfund Insider: Symbol is described as NEM’s next generation enterprise blockchain platform. Please explain how it differs from NEM NIS1, and how enterprises in particular can benefit from the chain?

Dave Hodgson: Symbol builds upon the rich feature list of NEM NIS1 and includes specific features that appeal to both enterprise and other use-cases. For a start, Symbol is a hybrid chain, thus offering the best of both worlds to enterprise, as it can be deployed as both a Private or Public chain. Atomic cross-chain swaps allow for the migration of data and value across Symbol networks (for example, from private to public chains), and with other public chains, including Ethereum, Bitcoin and others which support Hash/Secret Lock Transactions.

On-chain, multi-level, multi-signature governance allows for the modelling of control mechanisms such as departmental sign-offs, delegated financial authority and key-person opsec management processes to allow firms flexibility in customizing the processes that work best for their operations. Symbol also provides on-chain security token support to rival ERC-1404 (an open-source standard for security tokens), with support for the feature proven in a regulated environment in Singapore.

Crowdfund Insider: NEM has a collaboration with Wave Financial in the tokenization of bourbon funds. What other use-cases are currently based on the NEM blockchain?

Dave Hodgson: There are a range of exciting use-cases currently building on the NEM blockchain. We recently integrated with Singapore based digital securities platform Propine, to enable complete custody and issuance support for digital securities on Symbol.

Digital asset management firm, Wave Financial will be the first client to implement this service offering. Central bank digital currencies (CBDCs) is a particular area of focus, with the LBCoin pilot CBDC issued by the Central Bank of Lithuania in July using a combination of NEM NIS1 and NEM Symbol Private Chain.

There are a number of track and trace supply chain solutions building on NEM chains, including TrackGood, BaioTraze, Luxtag and several others still private at present. Another exciting use-case in construction tracking and tokenization is taking place by BimTrazor, a platform which tracks Building Information Modelling data and stores it on a private chain solution for easy tracking and reporting to investors in large scale construction projects, such as the FIFA World Cup stadia construction in Qatar. With the Symbol mainnet launch coming soon, we hope to be able to publicly announce a number of other large projects launching on the NEM chain in the coming months.

Crowdfund Insider: The Central Bank of Lithuania is using the NEM blockchain for its LBCoin initiative, towards the development of a Central Bank Digital Currency (CBDC) in the country. What are NEM’s plans in the area of CBDCs?

Dave Hodgson: Since the issuance of the world’s first CBDC on a public blockchain network by the Central Bank of Lithuania, we have received a significant amount of interest from multiple state central banks. In short, we intend to be active in the space and one of a small number of chains that can support a CBDC on either Private or Public chain. We are also investigating the possibility for cross-chain CBDC transactions with solutions that are based on other technologies.

NEM’s chains have been proven to reliably and effectively support CBDC operations and we are in advanced discussions with several nation states in relation to similar initiatives. The LBCoin project has been widely regarded as a success and I understand there may be ongoing discussions about expansion in Lithuania and further roll out options across other European states. It is clear that further roll out in Europe will need to occur with the blessing of the ECB and the process may take some time to complete.

Crowdfund Insider: DeFi has been the crypto buzzword of 2020. How do you view the rapid growth of the industry and does NEM plan to capitalize on this trend?

Dave Hodgson: I view the growth in the DeFi space as both very interesting and very experimental. At this stage, the technology is still quite nascent and is clearly exploring ways in which both new and traditional products can be offered in a decentralised way. Overall I think this is a positive move for the crypto industry. Bitcoin has already cultivated a strong presence in the DeFi space as it begins to take the first steps to replace reserve currencies among major enterprises and governments.

NEM has a roadmap in place for entering the DeFi space, and has recently partnered with Stakehound to allow users to bridge NEM and Ethereum to create free circulation of ERC-20 wrapped and staked XEM tokens between both networks. XEM holders will also be able to earn yield by staking XEM through StakeHound and the resulting staked XEM tokens will be tradable or usable in DeFi scenarios, such as for collateralizing a loan, multi-level earning, earning staking rewards, access to credit lines or liquidity provider payment.

Another partnership with HummingBot, also solidifies our entry to the space, with traders able to benefit from providing liquidity for specific token pairs, which will initially be XEM/ETH and XEM/BTC. While these partnerships represent our first steps into the space, we expect several more exciting announcements over the coming months as the space begins to mature and consolidate around real services and solutions.

Crowdfund Insider: 2020 has been a momentous year for enterprise and institutional adoption of distributed ledger technology (DLT). What do you think is next for the blockchain industry in 2021?

Dave Hodgson: Enterprise adoption of DLT certainly has reached an unprecedented level in 2020. This momentum is likely to continue into 2021 to an even greater extent. A number of significant developments are likely to occur next year:

Bitcoin and the wider crypto market is likely to continue the bull run it started in 2020, multiple central banks will enter the CBDC space, and security tokens will finally begin to come to fruition after several years of development and regulatory changes. Each of these developments drives investment, building and innovation in underlying technology platforms, which in turn increases enterprise confidence and adoption of the technology for non-finance/Fintech use-cases as well.

2021 will see the DeFi space continue to mature and become more mainstream, driven by both the new retail and institutional moves into the crypto market and the wider macro environment (covid, political uncertainty, hyper-inflation etc). This maturation process is likely to present huge opportunities and risks as we go through the experimentation phases but it will be exciting and ultimately get us to somewhere that is better than the current state of Centralized Finance (CeFi).

Finally, I think we will see continued moves away from centralized exchanges toward solutions such as Uniswap (DEX) and LeverJ (DEX + Derivatives).

Source