Connect with us

Tuesday 19th January, 2021

ADVERTISEMENT

TechExtra

Economic Uncertainty To Shape 2021 Cybercrime Agenda In Africa- Experts

Published

on

Photo credit: CodeXtra Trends

Kaspersky experts expect growing economic turbulence along with the impact of COVID-19 to contribute to an increase in cybercrime across South Africa, Kenya, and Nigeria this year.

“Even though every country globally has had to deal with the pandemic in its own way, developing economies across Africa have been especially hard hit by national lockdowns and limited business activity.

“And thanks to the increased connectedness of people, the rise in unemployment will not only see a spike in traditional crime, but this will also extend to the digital environment – something we are already seeing,” says Lehan van den Heever, Enterprise Cyber Security Advisor for Kaspersky in Africa.

While the increase in these crimes will vary by country, African nations must prepare themselves for the inevitability of increases in malware that already topped 28 million by August last year, according to Kaspersky research.

Adding further pressure to this melting pot of cyberattacks is an expected rise, along with changes in strategy, in Advanced Persistent Threats (APTs).

Heever adds: “Our researchers anticipate that in 2021, across the globe though where Africa is not immune, there will be a change in threat actors’ approach to the execution of APT attacks and as such, organisations must pay special attention to generic malware as it will likely be used to deploy more sophisticated threats.”

Compounding this is the concern around hackers-for-hire and cyber mercenary groups targeting SMEs and financial institutions.

“Businesses are under pressure to differentiate themselves in a highly competitive market as they struggle to survive these trying times, amplified further by the effects of COVID-19. The current landscape may likely lead to bankruptcy and an increase in legal disputes in court.

“This makes an ideal breeding ground for these malicious groups to operate in. And although such activity has not been rife in Africa yet, the region is not immune to this cyber threat.”

Cyber-mercenaries are hired to search for sensitive, private information that can be used in disputes to win court rulings or to steal business trade secrets and provide their ‘employers’ with competitive intelligence to get ahead in the market.

Additionally, van den Heever believes that the normalisation of remote working will further put existing organisational IT systems under pressure as companies now must contend with an influx in connections into the corporate back-end.

“More companies are exposing their systems online while their focus turns to always-on availability. However, few of them have considered how to adapt their cybersecurity controls to this new environment. This results in some databases and systems inevitably being left open to intruders,” he says.

To this end, van den Heever expects data breaches across Africa to increase in the coming months with many companies racing to tighten their security.

“This year is going to be a watershed for cybersecurity as organisations start realising the importance of having an integrated and threat intelligent approach to safeguard their systems and data against increasingly sophisticated threat agents,” he concludes.

Share Post

TechExtra

Samsung Electronics Vice Chair Jailed Over Bribery Scandal

Published

on

Lee Jae-Yeong, jailed Samsung Electronics Vice Chairman…….Photo credit: ABC News

A South Korean court has sentenced Samsung Electronics vice chairman Lee Jae-Yeong to two-and-a-half years in prison, the court said.

The sentencing will have major ramifications for his leadership of the tech giant as well as Korea’s views toward big business.

With this sentence, Lee will be sidelined for the time being from major decision-making at Samsung Electronics as it strives to overtake competitors.

He will also be unable to oversee the process of inheritance from his father, who died in October — crucial to maintaining his control of Samsung.

Lee, 52, was convicted of bribing an associate of former President Park Geun-hye and jailed for five years in 2017.

He denied wrongdoing, the sentence was reduced and suspended on appeal, and he was released after serving a year.

The Supreme Court then sent the case back to the Seoul High Court, which issued Monday’s ruling.

The Seoul High Court found Lee guilty of bribery, embezzlement and concealment of criminal proceeds worth about 8.6 billion won ($7.8 million), and said the independent compliance committee Samsung set up early last year has yet to become fully effective.

“Lee has shown willingness for management with newly stronger compliance, as he has vowed to create a transparent company,” Presiding Judge Jeong Jun-Yeong said.

“Despite some shortcomings… I hope that over time, it will be evaluated as a milestone in the history of Korean companies as a start of compliance ethics for a greater leap forward.”

Wearing a mask and black suit and tie, Lee was taken into custody following the ruling.

He didn’t answer questions by reporters upon his arrival at the court.

Lee’s lawyer expressed regret over the court’s decision, saying that the “essence of the case is that a former president abused power to infringe upon the freedom and property rights of a private company.”

“The nature of this case is the former president’s abuse of power violating corporate freedom and property rights. Given that nature, the court’s decision is regrettable,” Lee’s lawyer said.

He didn’t specifically say whether there would be an appeal. Samsung did not issue a statement over the ruling.

With Lee returning to prison, the year he already served in detention is expected to count toward the sentence — leaving 18 months of his sentence to be served.

Monday’s sentencing can be appealed to the Supreme Court within seven days, the judge said, but legal experts said that because the Supreme Court has already ruled on it once, chances are lower that its legal interpretation will change.

Shares in Samsung Electronics dropped as much as 4 per cent after the ruling, while shares in affiliates such as Samsung C&T, Samsung Life Insurance and Samsung SDI also fell sharply.

Reuters/AP

Share Post
Continue Reading

TechExtra

REPORT: Over 22M Records Exposed In Data Breaches In 2020

Published

on

A man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017........Photo credit: REUTERS/Kacper Pempel/Illustration

An analysis of breach data by Tenable’s Security Response Team (SRT) has shown that from January to October 2020, there were 730 publicly disclosed events resulting in more 22 billion records exposed worldwide.

The Tenable report also highlighted that 35% of the breaches that were analysed were linked to ransomware attacks, resulting in tremendous financial cost, while 14% of breaches were the result of email compromises.

One of the overarching themes of the threat landscape in 2020 was that threat actors relied on unpatched vulnerabilities in their attacks as well as chaining together multiple vulnerabilities as part of their attacks.

This analysis has been published in Tenable’s 2020 Threat Landscape Retrospective (TLR) report which provides an overview of the key vulnerabilities disclosed or exploited in the 12 months ending December 31, 2020.

As organisations around the world prepare to face the new cybersecurity challenges looming in 2021, it’s crucial to pause and take a look back at the most critical vulnerabilities and risks from the past year.

Understanding which enterprise systems are affected by the year’s vulnerabilities can help organisations understand which flaws represent the greatest risk.

From 2015 to 2020, the number of reported common vulnerabilities and exposures (CVEs) increased at an average annual percentage growth rate of 36.6%.

In 2020, 18,358 CVEs were reported, representing a 6% increase over the 17,305 reported in 2019, and a 183% increase over the 6,487 disclosed in 2015. Prioritising which vulnerabilities warrants attention is more challenging than ever.

According to the report, pre-existing vulnerabilities in virtual private network (VPN) solutions — many of which were initially disclosed in 2019 or earlier — continue to remain a favourite target for cybercriminals and nation-state groups.

It also pointed out that web browsers like Google Chrome, Mozilla Firefox, Internet Explorer and Microsoft Edge are the primary target for zero-day vulnerabilities, accounting for over 35% of all zero-day vulnerabilities exploited in the wild.

Fixing unpatched vulnerabilities, implementing strong security controls for remote desktop protocol, ensuring endpoint security is up-to-date and regularly performing security awareness training are steps organisations can take to thwart some of these attacks.

“As defenders, it is difficult enough to prioritise remediation given the hundreds of vulnerabilities released on Microsoft’s Patch Tuesday every month and Oracle’s Critical Patch Update each quarter.

“Add in the impact from COVID-19 for defenders trying to protect their new remote workforce and you have a recipe for chaos,” said Satnam Narang, Staff Research Engineer at Tenable.

“Security teams know to pick their battles, but when there is a flurry of vulnerabilities with a CVSSv3 score of 10.0 released within weeks of each other, the battles are being chosen for you and they’re happening simultaneously.

“In order to manage vulnerability overload, you’ll need to take inventory of your entire network, identify your most critical assets and ensure they receive patches in an appropriate time frame.

“Additional indicators, such as CVSSv3 scores and the availability of PoC exploit scripts, can provide further insight into  whether or not  a vulnerability is more likely to be exploited in the wild, helping your team focus first on the most severe threats facing your network.”

Maher Jadallah, Regional Director – Middle East, Tenable, said, “If we learnt anything from 2020, it is that we are all reliant on the infrastructure and supply chains underpinning modern society — be it agriculture, pharmaceutical development, and food and beverage manufacturing — especially in times of crisis.

“Unfortunately, threat actors are also looking for ways to capitalise on any lowering of defences. The challenge might appear insurmountable — particularly given the ever-expanding attack surface of IT, operational technology (OT) and internet of things (IoT) devices.

“Given the reliance of threat actors on unpatched vulnerabilities, it is increasingly obvious that vulnerability management has a central role to play in modern cybersecurity strategies.”

Share Post
Continue Reading

Innovation

Nokia Transforms Hong Kong Int’l Airport With Mission-Critical IP Network

Published

on

Hong Kong International Airport....... Photo credit: Travel Off Path

Nokia Shanghai Bell has confirmed that it will provide Airport Authority Hong Kong (AAHK) with a new, high-bandwidth, mission-critical Nokia IP/MPLS network, to support the digital transformation of its tower operations.

Nokia Shanghai Bell will also support and manage the migration of legacy non-IP aviation applications to the new network, according to reports at itp.net.

Mervyn Harris, Head of Air Traffic Management, Nokia Cloud and Networks Services said, “As we deploy this robust next-generation network, not only will we complete a flexible, seamless migration of legacy applications but we will also deliver Hong Kong International Airport wide-ranging benefits that include increased passenger capacity, reliability and ease of expansion.

“Nokia possesses extensive experience in mission-critical IP networking with air navigation service providers (ANSPs) elsewhere in the world. This enables us to deliver an unparalleled combination of technical skills and domain expertise, which is essential to provide the highest levels of network availability, performance and safety for such a high-profile airport.”

As part of the deal, Nokia will supply a range of operational aviation-specific professional services for network design, architecture, integration and deployment. Following the completion of the deployment later in 2021, Nokia will continue to provide long-term support and maintenance for the airport.

During the project, Nokia will partner with Shun Hing Systems Integration. Shun Hing Systems Integration has extensive experience in design, project management, installation, maintenance of telecommunication and transport infrastructure related systems.

“This project is an important step in plans to expand the airport’s operations, enabling it to take advantage of IP networking to modernise aviation communications,” said S.F. Chan, Assistant General Manager, Shun Hing Systems Integration Co., Ltd.

 

Share Post
Continue Reading

Trending