Home Blog Page 229

Cybercriminals turn to bots and automation to make their attacks avoid detection

Naushad K. Cherrayil
-
0
Cybercriminals turn to bots and automation to make their attacks avoid detection
  • Top five attacks alone contributed to over 54% of all cyberattacks blocked by Barracuda Networks.
  • Organisations looking to bolster their defences should look for a WAAP solution that includes bot mitigation, DDoS protection, API security, and credential stuffing protection, as a minimum, and also make sure it is properly configured.

Cybercriminals are increasingly turning to bots and automation to make their attacks more efficient and effective and help them avoid detection.

Automated attacks use bots to try to exploit vulnerabilities in web applications and these attacks can range from fake bots posing as Google bots to avoid detection to application DDoS trying to crash a site by subtly overloading the application.

In December, Barracuda researchers analysed a sample of two months of data on web application attacks blocked by Barracuda systems and found a massive number of automated attacks.

The top five attacks alone contributed to over 54 per cent of all cyberattacks blocked by Barracuda in November and December 2020.

Tushar Richabadas, Senior Product Marketing Manager at Barracuda Networks, said that automated attacks can overwhelm or infiltrate web applications, and defending against all the varieties of automated attacks can be daunting.

The most significant attack type recorded were fuzzing attacks, which use automation to try to find and exploit the points at which applications break – one in five (19.5 per cent) of attacks recorded by Barracuda researchers were diagnosed as Fuzzing attacks.

Hackers still consider classic web app attacks

The second most significant attack types were made up by Injection Attacks, contributing 12 per cent to the total recorded. These use automated tools like sqlmap to try to get into applications, and they often involve script-kiddie level noise – attacks being thrown at an application without reconnaissance to customise the breach attempt.

 ‘Fake Bots’, a close third, accounting for just over 12 per cent of the web application attacks analysed. Application DDoS (distributed denial of service) was also surprisingly prevalent, making up more than 9 per cent of the sample Barracuda researchers analysed. Finally, a small portion of attacks (less than 2 per cent) come from bots blocked by site admins.

Barracuda Networks revealed that although bot traffic is a fast-growing problem, it doesn’t mean cybercriminals are moving away from their old standbys, as a large part of the attacks analysed are what could be considered classic web app attacks, such as injection attacks and cross-site scripting (XSS). Most of the attack traffic came from reconnaissance tools or fuzzing tools being used to probe applications.

However, Richabadas said that the good news is that multi-purpose solutions are consolidating into Web Application Firewall and WAF-as-a-Service solutions, also known as Web Application and API Protection services (WAAP).

“Organisations looking to bolster their defences against this growing threat should look for a WAAP solution that includes bot mitigation, DDoS protection, API security, and credential stuffing protection, as a minimum, and also make sure it is properly configured.

 “It is also important to stay informed about current threats and how they are evolving so that your business can be defended against them. Over the coming year we can expect automated bot attacks, attacks against APIs, and attacks against software supply chains to develop in quantity and sophistication, especially as these newer attacks have fewer protections and defences blocking them,” he said.

AWS still retains its lead as largest cloud infrastructure provider

Naushad K. Cherrayil
-
0
AWS still retains its lead as largest cloud infrastructure provider
  • Continuing pandemic restrictions drive intense demand for the cloud to support remote working and learning, e-commerce, content streaming, online gaming and collaboration.
  • Google Cloud was the fastest growing provider with 58%, followed by Alibaba Cloud with 54%, Microsoft with 50% and AWS with 28%.

Amazon Web Services (AWS) was the leading cloud service provider again in the fourth quarter of last year, accounting for 31 per cent of total spend, while Microsoft’s Azure accounted for 20 per cent.

According to research firm Canalys, cloud infrastructure services spending increased by 32 per cent to $39.9 billion in the fourth quarter, about $10 billion more than a year ago, due to heightened customer investment from major cloud providers and technology channels.

Continuing pandemic restrictions drove intense demand for the cloud to support remote working and learning, e-commerce, content streaming, online gaming and collaboration.

Moreover, a gradual recovery in economic confidence stimulated cloud investments by organisations in all industry segments to drive digital transformation. Cloud providers are extending their investments in channel partnerships to maintain high demand rates, and support customers, which will be critical for implementing projects in 2021 and beyond.

Blake Murray, Research Analyst at Canalys, said that demand for cloud services stayed strong across all enterprise customer segments, including industries most affected by the pandemic, such as retail and manufacturing. “The rate of digitalization, led by cloud, is gathering pace. Companies are now more confident about releasing budgets for business transformation,” he said.

For full-year 2020, total cloud infrastructure services spending grew 33 per cent to $142 billion, up from $107 billion in 2019.

After a mixed third quarter in terms of customer performance, AWS had a resurgence in customer investment. This fueled 28 per cent growth year on year for AWS in the cloud in the fourth quarter. AWS is making investments across its global partner ecosystem to sustain its momentum, including greater support for ISVs, launching new vertical partner competencies, further expansion into distribution to boost SMB adoption, and new partnerships as it extends its hybrid cloud strategy.

Diversifying business models

Microsoft’s Azure growth rate accelerated once again, up by 50 per cent to boost its market share, benefitting from the continued high demand for Teams, Windows Virtual Desktop and other Microsoft services running on Azure as lockdowns tightened.

Google Cloud was the third largest cloud service provider with a seven per cent share. It reported growth of 58 per cent in the fourth quarter, as it pushed its ‘open cloud’ strategy emphasising sovereignty, sustainability and multi-cloud management, and maintains a focus on its six target vertical industries. Alibaba Cloud grew 54 per cent in the quarter to account for six per cent of the total market.

It remained the leading cloud service provider in the Asia Pacific region, including China. It updated its hybrid cloud strategy during the quarter, with the launch of its Hybrid Cloud Partner Program and on-premises appliances targeting small and medium-sized businesses. The programme will enable partners to plan, design and resell Alibaba Cloud services with free licenses and unlimited CPU cores.

Murray said that large projects that were postponed earlier in the year are being re-prioritised, led by application modernisation, SAP migrations and workplace transformation.

Healthcare, financial services and pharmaceuticals are among the industries leading the way, he said but even those under most pressure are diverting investments to cloud, opening up new revenue streams and diversifying business models.

Digital transformation

All the major cloud providers are increasing their investments in the channel, both to leverage the consulting and managed services capabilities of partners, and to expand sales capacity to drive cloud consumption.

Microsoft holds the largest share of the indirect channel with Azure, though AWS and Google Cloud are gaining ground. Meanwhile, as customers deploy different workloads across public, private and edge cloud infrastructures, they are looking for independent partners with capabilities across multiple cloud providers.

Alastair Edwards, Chief Analyst at Canalys, said that organisations are turning to trusted business partners to advise, implement, support and manage their cloud journeys, and articulate the real business value of cloud migration.

 “Customer digital transformation projects are highly complex, requiring advanced consulting skills, combining deep technical skills with vertical expertise, which the cloud service providers are relying on partners to provide at scale. They are also turning to their partners to drive cloud consumption, and deliver full customer lifecycle support,” he said.

As organisations start to consider moving more mission-critical workloads to the cloud, he said that they will look to partners to define the right cloud platforms and strategies, as well as solve the most pressing issues around cost management, security, sovereignty and hybrid IT integration.

Many organisations still do not have sufficient security for their cloud deployments

Naushad K. Cherrayil
-
0
Many organisations still do not have sufficient security for their cloud deployments
  • Existing enterprise security stack, including security controls such as data loss protection, cannot scale to the cloud.
  • New controls to secure container-based workloads, lockdown cloud configurations and encrypt data in the cloud are still being deployed.

Many organisations still do not have sufficient security for their cloud deployments despite the widespread transition to cloud computing.

Many organisations have transferred their legacy applications to infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) platforms and have also expanded their use of software as a service (SaaS) to meet enterprise application requirements, resulting in a broad distribution of sensitive information across a variety of cloud platforms.

Mohammed Al-Moneer, Regional Director for the Middle East, Turkey and Africa at Infoblox, said that the existing enterprise security stack, including security controls such as data loss protection, cannot scale to the cloud and new controls to secure container-based workloads, lockdown cloud configurations and encrypt data in the cloud are still being deployed.

As of the end of 2020, he said that many organisations have still not implemented necessary cybersecurity to protect this far more distributed user base. 

Mohammed Al-Moneer, Regional Director for the Middle East, Turkey and Africa at Infoblox.

“Email, a vital and essential tool, remains the top threat vector used to attack both government and businesses of all sizes. Despite training and warnings, users continue to open suspicious emails, both in their business and personal accounts. They click on malicious email attachments and URLs and view websites not generally associated with business use,” he said.

According to Infoblox’s Quarterly Cyberthreat Intelligence Report for the fourth quarter of last year, Email, social media and collaborative software have created more vectors than ever for threat actors to target organisations while Infection from malware can result in the loss of sensitive data and open channels for threat actors to target more victims.

“Proprietary business information is at risk when workers use personal and business instances of applications such as Office 365 on the same machines, collaborate within clouds and connect to an ever-increasing number of SaaS clouds that are not work related and not sanctioned by their IT department,” Al-Moneer said.

However, he said that many cybersecurity procedures and security controls used within enterprise facilities cannot provide the same level of security for remote locations. 

Move to new controls needed

The on-premises legacy enterprise security stack will not work for remote workers without significant redesign, planning and a move to new security controls to support distributed infrastructure and cloud deployments, he said and added that Domain Name System (DNS) security can be configured to protect teleworkers but many organisations don’t yet have the additional protections and visibility that DNS security deployment would provide. 

“The same is true for expanded threat intelligence data – it can be tremendously useful, but only if you have it. The situation is further complicated by teleworkers who must use personal “untrusted” devices to access critical corporate resources and information,” he said. 

For all of these reasons and more, he said that cyber threats remain alive and well and the threat actors will innovate, adjust and sustain proven methods in 2021. 

“Rogue nation-states and organised crime will continue to build on their offensive capabilities. Accurate intelligence about timely, relevant threats enables an organisation to make thoughtful, targeted improvements to its defences and lower its risk,” he said.

Related posts:

Pandemic-accelerated gaming will continue even after Covid in UAE and Saudi Arabia

Naushad K. Cherrayil
-
0
Pandemic-accelerated gaming will continue even after Covid in UAE and Saudi Arabia
  • Growth in the laptop gaming segment was higher in Saudi Arabia than in the UAE.
  • 55% of respondents in the UAE and 57% in Saudi Arabia would consider purchasing a laptop for gaming by mid-2021.
  • Directly after the lockdown restrictions ended, UAE respondents (15%) purchased more gaming consoles than in the Kingdom (8%).

People in the UAE and Saudi Arabia, including women, turned to gaming as a form of entertainment during the pandemic and the time spent on gaming have increased in these two countries.

Latest findings from a gaming survey conducted by research firm GfK in the two markets revealed that more than half of all the UAE and Saudi respondents increased their time spent on gaming.

In addition, the pandemic has also triggered a newly installed base of gamers in the UAE (+15 per cent) and Saudi Arabia (+10 per cent) with women accounting for over 40 per cent of this new base. The majority of new gamers overall were between the ages of 26 and 35.

“With social distancing and strict policies to curb Covid-19 being imposed by policymakers in both countries, gaming is still seen as one of the leading forms of entertainment, and more women turned to gaming to fulfil that void,” Shika Samuel, Analyst for IT panel at GfK, said.

The pandemic has significantly altered gaming habits on the three main devices – smartphones, consoles, and laptops.

Survey findings revealed that nearly 1.5 additional hours daily spent on smartphone gaming post lockdown.

Even though the number of gaming hours was reduced after the lockdown ended, Samuel said the time spent on gaming post lockdown was still higher than before it began as people continued to spend more hours playing games.

In the UAE, an additional 1.4 hours were spent daily on smartphone gaming after the lockdown ended, compared to before it began, and the duration is slightly higher, at 1.5 hours, in Saudi Arabia.

In the UAE, 52 per cent of respondents downloaded new games on their smartphones, with the average of AED50 spent in the past three months on in-app purchases. It was slightly less in Saudi Arabia with 44 per cent downloaded new games and made in-app purchases of approximately SAR42.

A quarter of the respondents in the UAE also looked at the app rating before downloading it, whereas one in five in Saudi Arabia did the same.

Almost a third of the UAE respondents also wanted the capability of playing offline, whereas only a quarter of Saudi respondents mentioned the same.

Among smartphone gamers, 31 per cent of the UAE respondents are bothered that they could not play the game offline whereas 25 per cent Saudi respondents mentioned the same.

Online purchases soar

Growth in the laptop gaming segment was higher in Saudi Arabia. Amongst those surveyed in the Kingdom, 57 per cent purchased a laptop for gaming compared to 49 per cent of those in the UAE.

Among this segment of gamers, online purchases of gaming titles were relatively higher in Saudi than that in the UAE, a trend that continues from before until after the lockdown period.

 The report also showed that 55 per cent of respondents in the UAE and 57 per cent in Saudi Arabia surveyed would consider purchasing a laptop for gaming by mid-2021.

The top five gaming genres amongst laptop gamers remained the same in both the UAE and Saudi

Arabia; Action, Adventure, Sports, Racing, and Massively Multiplayer Online Role-Playing Game (MMORPG).

However, console gaming habits saw a significant change, wherein Saudi Arabia (+63 per cent) it increased more than the UAE (+55 per cent).

Also, more respondents (53 per cent) from Saudi Arabia are likely to buy gaming consoles, than UAE respondents (45 per cent), in the next six months. However, directly after the lockdown restrictions ended, UAE respondents (15 per cent) purchased more gaming consoles than in the Kingdom (8 per cent).

Amongst console gamers in both the UAE and Saudi Arabia, the top five types of gaming titles were also the same in both countries: Action, Adventure, Sports, Racing, and Arcade.

With restrictions still being imposed, Samuel said that more people are turning to gaming as a form of entertainment.

“We will most likely see a continued growth in time spent playing across all devices in the coming months. I believe that experience fosters a growing habit, and with more time for gaming, we will most likely see an increase in purchasing consideration for devices, accessories, and games as people might look to enhance their gaming experience.”

Where are gamers buying their device?

Online has registered unprecedented growth in recent months, thanks to multiple lockdowns, social distancing, and compelling online retailer promotions. Gamers have always preferred shopping for devices online as they are certain of the products they want to buy and look out for discounts on what could be considered as expensive gaming devices.

 Amongst PC gamers, 46 per cent in the UAE and 48 per cent in Saudi Arabia have purchased their PC used for gaming through the online channel. This number is higher for console gamers with 56 per cent in the UAE and 49 per cent in Saudi Arabia making their console purchases online.

Open RAN Explainer: Why do interfaces need to be open?

Contributor
-
0
Open RAN Explainer: Why do interfaces need to be open?
  • It eliminates vendor lock-in and results in significant Capex and Opex reductions and faster deployments.

A question that often comes up in Open Radio Access Networks (Open RAN) discussions is this: why do we need the Open RAN approach if the networks use 3GPP-based interfaces, which are already open and standardised? 

Here is the explanation.

Role of 3GPP Interfaces

Let’s start with looking at the basic wireless architecture. Using 4G/LTE as an example, the two interfaces in the RAN are:

  • The air interface, also known as Uu or LTE-Uu interface that uses the RRC protocol
  • The S1 interface, between the RAN and the Core

In theory, both interfaces are standardised by 3GPP and open. However, the simplified 4G network has two more interfaces that are the key reason the Open RAN movement started.



Eugina Jordan, Vice-President for Marketing at Parallel Wireless.

Let’s have a look at the two main components in the virtualised RAN. 

The virtualised BBU software (DU/CU) that runs on COTS servers and the Remote Radio Head (RRH) or RU. The interface between them is known as fronthaul, and it uses the CPRI protocol. This protocol generally has vendor-specific implementation and is not open which means, it doesn’t allow to mix and match components which hinders any interoperability. The lack of interoperability causes vendor lock-in.

Role of X2 Interface

The second interface to look at is the X2 interface. Even though it has been defined by 3GPP, it is an optional interface. X2 is useful for a 4G network as multi-vendor networks need to function seamlessly, especially for managing interference between different radios.

Many legacy RAN vendors, intentionally, did not implement this initially and when they did implement it, they used many proprietary messages over this interface. This ensured that multi-vendor networks were difficult for an operator to deploy, basically; again, an MNO was locked in into one specific vendor.

As you may be aware, all the 5G deployments today are 5G Non-Standalone (NSA) deployments. What this means in simple terms is that the 5G New Radio is used for the access network, but it only works in conjunction with the 4G LTE access network and the 4G core (EPC).

So, if the X2 interfaces are not open, then operators are forced to deploy 5G today using their existing 4G LTE vendors, hence the lock-in continues into 5G as well. 

Open interfaces would be very helpful in such a scenario to enable vendor diversity, and this is why the Open RAN movement is still necessary even though we have well defined 3GPP interfaces for many different connections, be it air interface or connecting to the core and the outside world. Open RAN enables vendor interoperability.

Interface options for MNOs

Option one is to have their vendors open up interfaces between the RAN components like the radio and the BBU/DU/CU software. The greatest example of this is Nokia in the Rakuten deployment when they opened up their radios to another vendor’s software.

But there is no guarantee that legacy vendors will continue to open up their radios to other vendors’ software. This is where TIP comes in, by creating an ecosystem of hardware and software vendors, initiating PlugFests and developing blueprints and promoting, educating and deploying OpenRAN globally. 

The second option is to use O-RAN Alliance-defined interfaces. The O-RAN Alliance was formed after the merger of the C-RAN Alliance and XRAN. Today, it has more than 160 mobile operators, vendors, and research & academic institutions operating in the Radio Access Network industry. 

The O-RAN Alliance publishes new RAN specifications, releases open software for the RAN, and supports its members in integration and testing of their implementations. The O-RAN Alliance develops, drives and enforces standards to ensure that equipment from multiple vendors like Rus and DU/CU software interoperates with each other. 

The Alliance creates standards where none are available – for example, the Fronthaul specifications for the RAN functional splits to ensure interoperability. Besides, it creates profiles for interoperability testing where standards are available – for example, the X2 interface. 

Source: O-RAN Alliance

In 2020, these two groups announced a liaison agreement to ensure their alignment in developing interoperable Open RAN solutions. Because TIP is agnostic about the specifications it uses to create the solutions service providers are looking for, it has to work with various standards bodies to ensure smooth operation.

But the liaison agreement with O-RAN Alliance allows for the sharing of information, referencing specifications and conducting joint testing and integration efforts. 

If you look at the TIP OpenRAN 5G NR Base Station Platform requirements document, you see normative references to the O-RAN Alliance specifications. Within TIP, only companies that are members of both the TIP and the O-RAN Alliance can participate in any discussions related to O-RAN specifications.

Option three is specifically for small cells. The Small Cell Forum, or SCF, has created its ecosystem of Open RAN with small cells in mind. Recently they have been focusing heavily on creating open interfaces. Earlier this year, they expanded the set of specifications they released last year, to enable small cells to be constructed piece-by-piece using components from different vendors, to easily address the diverse mixture of 5G use cases. 

These open interfaces are called FAPI and nFAPI, which stands for network FAPI. FAPI helps equipment vendors to mix PHY & MAC software from different suppliers via this open FAPI interface. So, FAPI is an ‘internal’ interface. On the other hand, nFAPI, or more specifically 5G-nFAPI, is a ‘network’ interface and is between a Distributed Unit (DU) and Centralized Unit (CU) of a split RAN small cell network solution. 

This will help network architects by allowing them to mix distributed and central units from different vendors. In short, the SCF nFAPI is enabling the Open RAN ecosystem in its way by allowing any small cell CU/DU to connect to any small cell radio unit or S-RU.

Source: Small Cell Forum

Summary

Global MNOs are realising the economic benefits of an open architecture that can only be fully realised when the interfaces are open. The industry is setting up teams and focusing on innovation and engagements in Open RAN architecture, be it through opening up 3GPP interfaces, or utilising O-RAN Alliance or Small Cell Forum common and open interfaces. 

While earlier MNOs used to buy hardware and software together from one specific vendor, they are now splitting the orders for hardware and software, and open interfaces allow them to do it. This eliminates vendor lock-in and results in significant Capex and Opex reductions and faster deployments.

  • Eugina Jordan is the Vice-President for Marketing at Parallel Wireless.

Related Posts:

Board directors rate cybersecurity as the second-highest source of risk for enterprises

Mohammed Fahad
-
0
Board directors rate cybersecurity as the second-highest source of risk for enterprises
  • Change in governance and oversight is likely to impact the relationship between the board and the CISO.
  • 60% of CISOs will establish critical partnerships with key executives in sales, finance and marketing by 2024, up from less than 20% today.

Many boards of directors are forming dedicated cybersecurity committees that allow for discussion of matters in a confidential environment, led by someone deemed suitably qualified, to ensure that cyber risk receives the attention it deserves, an industry expert said.

Cybersecurity-related risk is rated as the second-highest source of risk for the enterprise, following regulatory compliance risk.

Research firm Gartner predicts that 40 per cent of boards of directors will have a dedicated cybersecurity committee overseen by a qualified board member by 2025, up from less than 10 per cent today.

This is one of several organisational changes Gartner expects to see at the board, management and security team level, in response to the greater risk created by the expanded digital footprint of organisations during the pandemic.

Sam Olyaei, Research Director at Gartner, said that the change in governance and oversight is likely to impact the relationship between the board and the chief information security officer (CISO).

However, he said that relatively few directors feel confident that their company is properly secured against a cyberattack.

“While CISOs should experience more scrutiny as a result, they are also likely to receive more support and resources, according to Gartner. CISOs must expect executive conversations to shift away from performance and health-related discussions to risk-oriented and value-driven exercises,” he said.

Key partners

Gartner also predicts that by 2024, 60 per cent of CISOs will establish critical partnerships with key executives in sales, finance and marketing, up from less than 20 per cent today.

“Effective CISOs realise that heads of sales, marketing and business unit leaders are now key partners as the use of technology and, subsequently, the incurrence of risk happens outside of IT,” Olyaei said.

According to the Gartner CISO Effectiveness Index, top-performing CISOs regularly meet with three times as many non-IT stakeholders as they do IT stakeholders; and they meet with them more frequently than bottom performers. 

For asset-intensive enterprises such as utilities, manufacturers and transportation networks, security threats targeting cyber-physical systems present an increasing risk to the organisation.

Bad actors increasingly target weaknesses wherever they are, as demonstrated by the surge in ransomware affecting organizations’ operational systems and recent supply chain attacks.

The siloed nature of today’s security disciplines then becomes its own risk and a liability to the organization, and the IT-centric focus of most security teams needs to expand to include threats in the physical world.

Gartner predicts that by 2025, 50 per cent of asset-intensive organisations will converge their cyber, physical and supply chain security teams under one chief security officer role that reports directly to the CEO.

Remote work can improve access to security talent

Gartner research conducted pre-Covid-19 found that 61 per cent of organisations surveyed were struggling to find and hire security professionals.

“As organisations shifted to remote working in response to the pandemic, it proved that some, if not all, security capabilities could be delivered remotely,” Richard Addiscott, Senior Research Director at Gartner, said.

“This includes security monitoring/operations, policy development, security governance and reporting, security awareness, and incident response via dispersed teams. Cybersecurity teams can work remotely and still provide effective capabilities.”

As a result, Gartner predicts that by 2022, 30 per cent of all security teams will have increased the number of employees working remotely on a permanent basis.

Gartner recommends that security and risk leaders consider adapting their operating models and expand their job advertising to gain access to candidates residing outside of their organisation’s traditional recruitment geographies.

Related posts:

1...228229230...271Page 229 of 271