Home Blog Page 218

SaaS security posture management becomes top priority for CISOs

Naushad K. Cherrayil
-
0
SaaS security posture management becomes top priority for CISOs
  • SaaS misconfigurations were reported among the top three risks that today’s organisations are aware of, with 85 per cent of companies calling out the threat.

Security professionals recognise that securing the SaaS estate without a solution in place is not maintainable as SaaS apps become the system of record for most companies across all industries.

SaaS misconfigurations were reported among the top three risks that today’s organisations are aware of, with 85 per cent of companies calling out the threat.

Interestingly, many of the other threats that are mentioned as a risk to today’s security posture can also come as a result of misconfigurations, showing that indirectly, the threat level is even greater.

With SaaS misconfigurations considered a top threat, you would expect that the more SaaS apps a company has, the more regularly they would check them. In reality, the opposite is true.

The more apps a company has, the less they check security settings and permissions for misconfigurations.

Only 12 per cent of companies with 50-99 applications check them weekly.

The concern over SaaS apps and their configurations could be attributed to the constant changes in the SaaS apps themselves — from native software updates and adding new users to the systems (internal, third parties, and employee turnover), to define roles and permissions, and more.

As a result, one might expect to see the frequency of checks increase with the reported concerns.

Frequency of checks remains low

A survey conducted by Global Survey for Adaptive Shield revealed that SaaS security posture management (SSPM) has risen to the top of the operational agenda and that it has become a top priority for CISOs and security professionals.

In 2020, Gartner named a new category of cloud security —SSPM.

Not covered by existing tools such as cloud security posture management (CSPM) or cloud access security broker (CASB), the most recent addition to the hype cycle can continually assess security risks from the SaaS app estate.

Often left unsecured or handed over to less-trained employees who manage marketing, product, or sales, SaaS errors such as misconfigurations, inadequate authentication protocols, insufficient identity checks, credential access, and key management leave companies at risk.

Despite the majority of survey respondents (60 per cent) reporting a high concern with more than 25 per cent of their SaaS app configurations, their frequency of reported checks remains low.

One of the biggest challenges for security teams is the ability to configure the settings of all internal SaaS apps. Each app has different settings, a different user interface, its terminology and its distinct complexities.

Impossible task

Manually configuring settings for these disparate apps for hundreds to thousands of users is an impossible task.

52 per cent of companies report delegating responsibility for app security to the SaaS owner, who may be in departments such as sales, marketing, or product, and is unlikely to be trained in security and compliance.

“One of the biggest challenges for security teams is being able to manage the many disparate and complex settings and configure them correctly for all of their SaaS apps. Each app has unique settings, a distinct UI, and its own ‘language’,” survey revealed.

Any human error by the SaaS owner, who is often not trained in security, can lead to an increase in SaaS security misconfigurations, a reported high concern of CISOs and security professionals.

Yet, in another paradox, one in four companies report that departments outside of security have access to the SaaS app security settings.

As opposed to the other cloud security solutions in the market, today, there are no real tools in wide usage that enable security teams to have full and continuous visibility of SaaS security settings and configurations.

The survey results show that SSPM has become the “top priority” for 48 per cent of companies in 2021.

With the high risk posed by a lack of SSPM, and this technology being reported as the top priority for investment, it should come as little surprise that 63 per cent of companies are either using or planning to use SSPM.

Related Posts:

Pakistani APT group attacks India’s public sector infrastructures

Mohammed Fahad
-
0
Pakistani APT group attacks India’s public sector infrastructures
  • Active since 2019, ‘Operation SideCopy’ appears to be cyber espionage campaign by Pakistan backed Transparent Tribe group against critical Indian departments such as defense, home, and government contractors.
  • Latest attacks are using Covid-19 as a lure and the e-mail content attempts to lure the user into extracting the attached zip archive.
  • Seqrite had alerted the Government authorities and are working with them to keep potential targets safe.  

Seqrite, an enterprise arm of Quick Heal Technologies, have come across a new wave of a cyber espionage campaign by the Pakistani APT group (Operation SideCopy) aimed at high profile targets of critical infrastructure public sector enterprises from telecom, power and finance sectors.

Researchers at Seqrite had exposed the operations of Operation SideCopy for the first time in September 2020, targeting Indian defence units.

Active since 2019, the findings revealed that Operation SideCopy has expanded its target list to critical infrastructure. As part of the investigation, the researchers have discovered potentials links between Operation SideCopy and its operators to Pakistan.

The APT group has now added new malware tools to its arsenal. Another attack campaign that they had discovered was in March 2021, part of the more extensive SideCopy campaign. The spear-phishing attack campaign used the Army Welfare Education Society’s scholarship form as a lure.

Choosing targets carefully

The latest attacks are using Covid-19 as a lure and the e-mail content attempts to lure the user into extracting the attached zip archive.

Upon extraction, the user would see a document file which is in fact an extension spoofed LNK file which is usually seen as shortcuts.

If the user opens the document, the LNK payload gets launched and initiates the malicious activities in the background. To ensure the user is not suspicious, a decoy document is also presented.

The APT group carefully chooses their targets, upgrades tools in their arsenal based on the targets, and mainly uses limited but effective functionality in being evasive.

Most of the backdoors used in the campaign are NJRat; however, in one specific case, we came across a new payload written in C#, which installs an implant enabling attacker to examine the target and install other backdoors.

Leveraging compromised websites

According to the Seqrite report, threat actors were leveraging compromised websites, which resemble the websites that the targeted organisations would generally access. This shows that attackers did detailed reconnaissance before launching the attack campaign.

Upon thorough analysis of the attack chain, the command-and-control (C2) server communication, and the available telemetry data, researchers at Seqrite could identify some compromised websites that are being used to host the attack scripts and act as C2 servers.

Further analysis of data accessible from some C2 servers led researchers at Seqrite to an IP address that was commonly found across different C2 servers.

In fact, this IP address turned out to be the first entry in many logs, which indicated that the corresponding system is likely being used for testing the attack before launch.

Further investigation of that IP, using data from whatismyipaddress.com, revealed that the provider of that IP address is Pakistan Telecommunication Company Limited (PTCL). This revelation further strengthens the claim that Operation SideCopy which is operated by the Transparent Tribe group is originating in Pakistan.

The report further revealed the lists of targets were identified through the analysed C2s. These targets include critical infrastructure of telecom, power, and finance sectors. This is likely only a subset of targets since there are several other C2s being used in Operation SideCopy APT, which are probably targeting other entities.

Seqrite had alerted the Government authorities and are working with them to keep potential targets safe.  

META public cloud services spending to reach $11.6b in 2025

Naushad K. Cherrayil
-
0
META public cloud services spending to reach $11.6b in 2025
  • UAE is the fastest-growing public cloud services market with an annual growth rate of 27.8%.
  • Mandate to comply with government regulations around data residency and data privacy is one of the major factors driving the hybrid cloud model.
  • Continuous investment in cloud datacentre space by hyperscalers has certainly accelerated the adoption of public cloud services in highly regulated sectors.

The total spending on public cloud services in the Middle East, Turkey and Africa (META) has crossed $3.7 billion in 2020 and is expected to grow at a compound annual growth rate of 25.5 per cent over the next five years to reach $11.6 billion in 2025.

“South Africa, UAE and Saudi Arabia remain the three biggest markets within the region where UAE is the fastest-growing public cloud services market with an annual growth rate of 27.8 per cent,” Manish Ranjan, Program Manager for Software and Cloud at research firm IDC (META), told TechChannel News.

Manish Ranjan, Program Manager for Software and Cloud at IDC (META).

Moreover, he said that hybrid and multi-cloud ecosystems are evolving in the region, where both public and private cloud coexist with the traditional on-premise IT landscape.

“Mandate to comply with government regulations around data residency and data privacy is one of the major factors driving the hybrid cloud model in the Middle East, Turkey and Africa (META), “he said.

The continuous investment in cloud datacentre space by global cloud providers, he said has certainly accelerated the adoption of public cloud services in highly regulated sectors.

At the same time, he added that for organisations from other markets where there is no in-country cloud datacentre, hybrid cloud offers much more flexibility, and gives them a choice to use the cloud features as they like, while following the data governance of the country.

Hybrid cloud gaining traction

Given the importance of hybrid cloud, players like Microsoft, AWS and Oracle all have hybrid cloud offerings with Azure Stack, Outpost and Cloud@Customers respectively. These solutions take public cloud services and extend these into on-premises datacentres.

Some of the major benefits of a hybrid cloud are the greater flexibility of selecting the desired cloud model to ensure better security, and control over data.

“Organisations from highly regulated sectors such as banking and finance, healthcare and government are increasingly adopting a hybrid cloud model. This allows them to leverage public cloud functionalities in a private cloud deployment model by hosting on their on-premises hardware, following the mandate of cloud data governance,” he said.

IDC’s latest survey found that about 45 per cent of organisations across the region are planning to migrate a large proportion of workloads on both public and private clouds in a hybrid environment in the next couple of years.

Also, he said that nearly 40 per cent of the organisations claimed that they will be spending more in the hybrid cloud in the year 2021 as compared to 2020, while 45 per cent will continue to spend the same as planned last year. Hybrid and multi-cloud environments will become the foundational technology model for the next normal.

Challenge of finding skillsets

With hybrid cloud, organisations can decide to keep their critical data and workloads in the private cloud environment and also enables organisations’ IT staffs to optimise the network and minimise latency.

Similarly, Ranjan said that organisations can also leverage the public cloud’s features to handle unpredictable workloads due to the seasonality and fluctuating workloads of the business need where organisations can easily scale up and scale down the cloud usage and fulfil their temporary cloud need which is difficult in a private cloud environment.

While the hybrid cloud offers a lot of business benefits, it also comes with certain challenges, he said. Managing multiple clouds via any third-party provider or by an in-house IT team is always challenging.

Moreover, finding skillsets to manage hybrid-cloud with cloud experts is also a challenge in many countries across the region.

Ranjan said that organisations need to do a thorough technical evaluation to understand the roadmap of their cloud journey, ease of migration, need to re-factor and re-engineer their existing applications, SLA management, and most importantly, understanding the role and responsibilities of their overall cloud management.

Era of multiplied innovation

Apart from the technical assessment, he said that data classification is also a critical factor that organisations need to do to decide which workloads need to stay on-premise in the private cloud and which can go in a public cloud environment.

“Evaluating regulatory or data privacy rules and personal data security compliances are of paramount importance.  We are in an era of multiplied innovation where we see a lot of companies collaborating to drive the innovation within technology space,” he said.

Lack of interoperability and standardisation, he said will pose a challenge to the advancements of any technology and the cloud is not alone.

However, he said that he sees a lot of collaborations happening in the cloud space where vendors are collaborating to support customers together in their cloud journey.

One such example is SAP and Microsoft collaboration, another example is AWS and Salesforce.com partnerships.

“Apart from such global partnerships, the cloud providers have also invested to address the interoperability issues considering the accelerated adoption of hybrid and multi-cloud model where interoperability brings the win-win situations for the overall cloud ecosystem,” he said.

Related posts:

India to register over 930% growth in 5G-enabled smartphone shipments in 2021

Naushad K. Cherrayil
-
0
India to register over 930% growth in 5G-enabled smartphone shipments in 2021
  • 5G has been gaining steam in India despite the official rollout of the fifth generation of the network.
  • Telecom operators in India are expected to do a soft launch of 5G network in 2022 in metro cities using the NSA networks and Dynamic Spectrum Sharing.
  • Smartphones are expected to grow from 152m in 2020 to 170m this year, registering a growth of 11.84%.
  • 5G smartphone shipments in the first five years will surpass the shipments of 4G smartphones.
  • Realme wants to be the 5G leader in India in 2021 and plans to bring devices under Rs10,000 while new models priced above Rs15,000 will be 5G enabled.

India will witness more than 930 per cent growth in 5G smartphone shipments to 31 million units this year compared to about three million last year.

Tarun Pathak, Research Director at Counterpoint Research, said that 5G has been gaining steam in India despite the official rollout of the fifth generation of network.

“The 5G device ecosystem preceded the network rollout for the first time than any other Gs.  Consumers are buying early, as OEMs deliver step-change improvements in performance, features and design across a very broad range of segments,” he said.

Bharti Airtel takes lead

Telecom operators in India are expected to do a soft launch of the 5G network in 2022 in metro cities using the NSA (non-standalone) networks and Dynamic Spectrum Sharing.

Bharti Airtel took the lead by testing the first live network in Hyderabad in January.

In May 2021, DoT approved telcos applications for 5G trials.

Pathak said that 5G is not only available in premium flagships but also mid- and low-range devices.

India is the second-biggest market, after China, for smartphones and he said that it still not saturated yet.

In May 2021 data, 14 per cent of the smartphones sold in India were 5G-enabled smartphones.

Smartphones are expected to grow from 152 million in 2020 to 170 million this year, registering a growth of 11.84 per cent.

Huge opportunity

Pathak said that India provides a huge growth opportunity for everyone in the value chain.

“We believe that India will connect half a billion internet users for the first time in the next five years and close to a billion smartphones will be sold, along with 300 million feature phones,” he said.

In terms of revenue opportunity, he said that it is about $30 billion per year and in the next five years, it is expected to be worth $150 billion.

In the next five years, he said that the cumulative number of 5G smartphone shipments will surpass the shipments of 4G smartphones in first five years.

In India, he said that the average smartphone replacement rate is 24 months and customers want their phones to be future-ready with their investment today.

OEMs are driving the transition; he said and added that new brands like Realme are already helping to make 5G phones accessible.  The other 5G brands in India are OnePlus, Oppo, Xiaomi and Samsung.

OnePlus led the 5G smartphone shipments with a 33 per cent share in the first quarter while Realme had the cheapest 5G offering in the quarter.

In May, Realme was the number one 5G-ranked smartphone.

Realme to bring devices to masses

“We want to be the 5G leader in India in 2021, making the technology more accessible from premium to the masses. We are the first to bring 5G at different price points. After we bought 5G phones under Rs30,000, other brands are following our footsteps,” Madhav Sheth, Vice President of Realme and CEO for India and Europe,  said.

He said that the company aims to bring 5G devices under Rs10,000 while new models priced above Rs15,000 will be 5G enabled.

“Currently, 90 per cent of its R&D resources are converted to 5G technology and products. 5G has been identified as a growing trend in India and customers are looking to embrace 5G,” he said.

Quoting Google’s data, he said that 5G-related searches have grown more than 245 per cent between June 2020 and June 2021 while YouTube searches by more than 326 per cent.

Realme is planning to launch series of GT models in India in the next quarter as part of its 5G strategy and planning to expand its 5G portfolio in the Narzo line.

“5G is coming more quickly than previous mobile technology. However, the real impact will take some time. The average selling price of a 5G device was $663 in 2020 and it is expected to be $520 this year and will eventually fall to $230 by 2024,” Pathak said.

In China, there are 5G phones for as low as $140, he said, and the same is going to happen in India and other markets.

Access brokers on the rise in cybercrime market

Contributor
-
0
Access brokers on the rise in cybercrime market
  • Hackers are now willing to pay six-figure sums for access data from access brokers.
  • Access brokers are raising prices for stolen credentials.

Cyber threats are a real danger to businesses of all sizes. eCrime activity, in particular, continues to grow in volume and reach.

Last year alone, four out of five detected attacks were perpetrated by cybercrime actors, those hackers who seek to generate revenue through criminal activity in a variety of ways. They are constantly evolving their modus operandi.

CrowdStrike’s intelligence team closely monitors changes in the eCrime economy and in light of the unprecedented growth of cybercrime activity, recently unveiled the eCrime Index (ECX).

It reflects the strength, volume and sophistication of the cybercrime market and is updated weekly in real-time based on 18 unique indicators of criminal activity. One trend that experts are increasingly seeing: Access brokers are raising prices for stolen credentials.

Role of access brokers in cybercrime ecosystem
Jörg Schauff, Strategic Threat Intelligence Advisor at CrowdStrike.

Access brokers, which are cybercriminals who steal access data from companies of various sizes and resell it in underground forums, are a kind of middleman in the ecosystem.

In doing so, they usually obtain the access information via commercially available malware, password guessing, or exploiting unpatched security vulnerabilities.

Among others, the hawked credentials are bought by ransomware actors. They use access to the victim company’s network to collect and encrypt data, then demand high ransom sums for decryption keys from their victims.

In addition, some of these perpetrator groups have increasingly begun exfiltrating data to threaten to release embarrassing or confidential information. A sort of backup plan to increase the pressure if a victim refuses to pay. 

It’s a business that seems to be doing well, as prices for access data to victim companies on underground forums continue to rise.

Although the price negotiations take place in private communication channels and are therefore only insufficiently visible, a strong trend is nevertheless emerging:

Hackers are now willing to pay six-figure sums for access data from access brokers! In return, they receive extensive information for their attack plans.

The access broker sales ads offered in underground forums are often structured similarly and provide potential buyer hackers with the most important key data about the victim company.

Among other things, the publicly reported turnover, the estimated number of employees or even the business field of the target organisation is named. In addition, access brokers often disclose information about the access method, i.e. whether it is VPN or RDP access. 

The ultimate price for the access data is influenced by various factors and is usually composed of the reported revenue of the respective company as well as its geographic tier.

The following three geo-clusters are made: Tier 1 covers the US, Canada, Australia, New Zealand and the UK.

Tier 2 covers Europe and Southeast Asia while the Middle East, Japan and South Korea are part of Tier 3.

Lucrative deals for access brokers

Prices vary depending on the type of access and the value of the targeted victim organisation: While the vast majority of accesses are sold at low prices, higher-priced deals increase the average price and this is reflected in the ECX.

In recent months, CrowdStrike Intelligence has observed prices for access ranging from five figures to as low as 10 bitcoin. 

An increasing purchase price for access indicates that cybercriminals are receiving a decent return on their investment. Ransom demands in the tens of millions of dollars illustrate how lucrative the market is and it is highly likely that prices for access to target organisations will continue to rise.

The access broker market is booming – all the more reason to take a hard look at the ever-changing threat landscape and its players to find effective methods against their tools, techniques and procedures (TTPs).

  • Jörg Schauff is the Strategic Threat Intelligence Advisor at CrowdStrike.
Related posts:

SaaS firms in India to be worth $1b by 2030 as digitisation gains pace

Naushad K. Cherrayil
-
0
SaaS firms in India to be worth $1b by 2030 as digitisation gains pace
  • India has nearly a thousand funded SaaS startups and ten unicorns, collectively generating $2-$3b in annual revenue.
  • SaaS is expected to generate about 80% of software revenues by 2030, up from about 35% today.
  • The report revealed that the Indian SaaS ecosystem may need to increase funding to 3 to 4 times current levels to reach its potential over the next ten years.
  • India may likely need to triple or quadruple funding to achieve its full potential in SaaS.

India’s software-as-a-service (SaaS) industry could reach $1 trillion in value and create nearly half-million new jobs by 2030 as businesses around the world transform digitally, according to a new study.

SaaSBoomi, a community of industry founders and product builders, along with consultancy McKinsey & Company and supporting partner Nasscom, revealed that SaaS is driving about 50 per cent of the value creation while comprising 20 per cent enterprise technology spending.

India has nearly a thousand funded SaaS startups and ten unicorns, collectively generating $2-$3 billion in annual revenue and employs nearly 40,000 people.

Of the $3 trillion global enterprises IT and communications market spending, software, including SaaS, constituted $600 billion in 2020, growing at eight per cent per year – almost twice as fast as the overall market.

Most attractive segment

While software comprises only 20 per cent of the global market in terms of spend, it drives 47 per cent of the total value-creation across spend segments, thus representing the most attractive segment in terms of enterprise value.

The Covid-19 global crisis has created an unprecedented push towards SaaS, with companies across the spectrum moving to online and remote work. Legacy software players are transitioning to SaaS, delivering further impetus to the industry. SaaS is expected to generate about 80 per cent of software revenues by 2030, up from about 35 per cent today.

 “India has an exciting opportunity to propel itself on to the world stage as a SaaS force to be reckoned with,” Manav Garg, CEO and Founder of Eka Software Solutions and Founding Partner SaaSBOOMi, said.

While there are challenges ahead, he said that these are not insurmountable and SaaSBoomi is of the view that there is nothing that can stop the Indian SaaS community from building on its strong foundation to make SaaS a preeminent industry in India that employs a lot of talent, contributes significantly to India’s GDP and creates unmatched global products and platforms.

The report revealed that Indian SaaS companies face significant challenges around growth in earlier stages through product and go-to-market excellence and developing talent at scale.

Collaboration is need of the hour

“Need to shift to a growth-first mindset with a focus on investing in core operational capabilities to scale and win and Indian SaaS ecosystem may need to increase funding to 3 to 4 times current levels to reach its potential over the next ten years. This requires concerted support across all stakeholders – industry associations, government, corporates and investors to scale talent by 3 to 6 times,” the report said.

To create awareness around the potential of SaaS in India, Debjani Ghosh, President of Nasscom, said that the Government must collaborate with industry associations, investors, and corporates, and drive large-scale training programs by partnering with universities and institutions.

SaaSBoomi expects digital transformations to drive a 60 per cent increase in enterprise tech intensity over the next 10 years. As a result of these broad secular trends, the global SaaS market could be worth about $1.3 trillion by 2030 led by growth in content, collaboration and remote work enablement software. 

Six new SaaS unicorns were born during the pandemic: Postman, Zenoti, Innovacer, Highradius, Chargebee and Postman, Zenoti, Innovacer, Highradius, Chargebee.

In 2020, $1.5 billion was invested in Indian SaaS companies, representing a fourfold jump over the last two years. 

If Indian SaaS providers execute to their full potential, the report revealed that they could generate annual revenues of $50-$70 billion by 2030 and win 4-6 per cent of the global market.

Need for more investment 

Investments in the Indian SaaS industry are rising, with about $1.5 billion in VC funding being invested in 2020 alone. A lot more would be required to keep this momentum going. India may likely need to triple or quadruple funding to achieve its full potential in SaaS. 

The Indian SaaS space also has had limited exits via acquisitions, buyouts or IPOs so far only 5-10 per cent of Indian companies had exited in the last decade, compared to 20 per cent of their US counterparts. Significant development of exit routes could drive the virtuous cycle of value-creation. 

1...217218219...271Page 218 of 271