Sectrio

IoT

SUBEX BLOG BANNER 7

7 Petabytes of unclaimed Data indicate a productive year for hackers!

In 2020, over 7 petabytes of new data dumps were discovered across the Dark Web. This included passwords, confidential proprietary information, and data that could make a significant impact on business. This is a huge increase from over 3 petabytes discovered in 2019 and points to some startling conclusions: Hackers have diversified their targets These discoveries are just the tip of the iceberg. More data might For some of the data, the victims could have ended up paying a ransom but still had their information exposed While cybersecurity investments are going to increase in 2021, so are the threats. Misinformation, new variants of ransomware, new backdoors, and increasing sophistication of cyberattacks will together create new fault lines in the cyber armor of businesses. Beyond these trends, new batches of hackers and state-sponsored APT groups will also get active this year adding to the risks and threats already identified. With the rollout of 5G gathering momentum, the focus will shift to targeting data at rest while infiltrating data in motion. On the Operational Technology side, Information and Communication Systems (ICS) and controllers will face the brunt of multi-stage and deceptive cyberattacks. It is essential to understand these threats before you start addressing them at an institutional, leadership, employee, infrastructure, or vendor level. Subex has been at the forefront of cybersecurity for over four years now. Last year, in December alone, we prevented over 17.3 billion sophisticated cyberattacks through our IoT and OT cybersecurity solution Subex Secure, our cyber deception offering Subex Secure Honeypot, and our managed security services. Throughout 2020, we helped the cybersecurity teams of businesses offload their priorities to us while they focused on steering their organizations through some testing times. None of our customers were breached in any way in 2020 and their data and assets remain safe. We encourage you to continue investing in cybersecurity measures while increasing employee sensitivity, building, and evolving cyber resilience measures, and staying alert and vigilant. Nat will be glad to help in case you wish to learn more. You can drop her a line: natalie.smith@subex.com.

7 Petabytes of unclaimed Data indicate a productive year for hackers! Read More »

SUBEX BLOG BANNER 6

Summarizing January 2021, the cost of Cyberattacks thus far!

Cybersecurity lapses are expected to cost the world trillions in lost revenue in 2021. So how has 2021 turned out so far? Here are a few statistics put together by Subex’s research team based on data gathered from public sources. • Cybercrime has already cost global businesses nearly USD 397 million so far • The above number includes the cost of breaches in terms of lost revenue and recovery costs, ransom payouts, and cost of data leaked by hackers • In the first month of the year, while the number of reported breaches came down, the number of successful breaches leading to data leaks has increased by 23 percent • 15 new families of IoT devices added to those that were breached in 2021 • On the OT side, attacks on ICS and SCADA systems has risen significantly • 1 new APT actor detected in the Asia-Pacific region These developments have a bearing on your institutional cybersecurity posture and pose a significant threat to your business. In addition to the threat landscape, there are also internal cybersecurity challenges that will have to be addressed on priority in order to script a coherent institutional cyber resilience narrative. Talk to us Subex has been at the forefront of securing businesses across the globe. We simplify cyber resilience and cyber defense through our offerings. Subex Secure, an IoT and OT cybersecurity solution work across four levels to secure your assets from cyber threats and sophisticated attacks. Our cyber deflection solution Subex Honeypot can help you divert and study cyberattacks while keeping your core infrastructure safe. Our managed security services help in offloading your cybersecurity monitoring and management efforts helping you focus on other areas of business and market priority. We understand these threats and know how to manage them. Nat will be glad to help in case you wish to learn more. You can drop her a line: natalie.smith@subex.com.

Summarizing January 2021, the cost of Cyberattacks thus far! Read More »

SUBEX BLOG BANNER 4

Why 2021 could be the best year yet for Cybersecurity for your business

Yes, you have heard it right. After all the bad news that we heard in 2020 ending with the SolarWinds episode in December, it is now time to set things moving in the right direction. Five things went wrong in 2020: Significant distraction and disruption caused by the Covid-19 pandemic induced changes at the workplace Cybersecurity was not given enough attention from a resourcing perspective globally Tech teams were not imaginative enough to figure out what could be attacked Employees were not sensitized enough on the need to remain cyber aware 600 percent rise in stolen data appearing online as per Subex’s threat research team The New Year gives us a chance to fix and improve our cybersecurity posture. Last week we told you about 5 cost-effective and easy ways to do that. Beyond these measures, this is also the right time to look at revamping your cybersecurity priorities and paying attention to the right areas. Subex’s threat research team has found that the volume of cyberattacks has reduced in the last 10 days but is expected to pick up as we approach February 2021. February has traditionally seen the launch of new malware and new methods of cyberattacks by hackers. So, it is not advisable to wait till then to build cyber resilience. A discussion with our experts will help you reach there faster. Subex has been protecting cyberspace for a while now. Our IoT and OT cybersecurity solutions along with SOC services and a cyber deception solution can go a long way in protecting your business. All our customers stayed safe in 2020 and were able to focus on their business priorities.  You can learn more about them here, here, and here. Don’t let the hackers gain an upper hand. Nat will be glad to help in case you wish to learn more. You can drop her a line: natalie.smith@subex.com.

Why 2021 could be the best year yet for Cybersecurity for your business Read More »

SUBEX BLOG BANNER 3

5 Easy and cost-effective ways to stay Cyber Safe in 2021

A new year has arrived and how will things change this year as far as cybersecurity is concerned? An analysis of data on cyberattacks in 2020 might point to some answers. In 2020, as in the years before, businesses that were distracted didn’t prioritize cybersecurity and didn’t invest in sensitizing employees on various aspects of cybersecurity were targeted. Hackers were studying such businesses for a while and when the pandemic arrived, they got a break they were waiting for. The shift in network environments, remote access, and devices operating out of unmonitored environments and a high sense of distraction gave the hackers what they wanted – an opportunity to strike. So how do you work towards staying secure in 2021? Here are 5 cost-effective ways of doing that: Develop in-house expertise: identify employees across departments who will champion cybersecurity. Visualize and drill extreme scenarios: even a moderate cyberattack can cause significant monetary losses. Conduct cybersecurity drills regularly across departments. Such drills should start/end by painting a bleak scenario of how bad things will be if a cyberattack succeeds. This includes loss of clients, potential revenue, hardware, and yes jobs too. Employees should be sensitized about these losses. Set a budget aside for recovering from cyberattacks: in case this budget is not used, it can be disbursed as an increment or a bonus among employees at the end of a calendar/fiscal year or it can be rolled over into the next year. Promote a culture of cyber hygiene: reward employees who report phishing or other types of attacks. Sacrifice comfort for security: storing passwords, use of default passwords and other practices should be banned, and repeat offenders should be made to undergo a deep course in cybersecurity. Take small but visible steps with discipline: your organization won’t turn into a cybersecure one overnight. Invest in bringing in a culture of cybersecurity backed by a strong commitment from all levels working together to realize small yet important steps towards cybersecurity. We are the people to talk to for taking your institutional security a few notches higher. You can visit us here to know more about our offerings or drop us a line to marketing@sectrio.com to know more.  

5 Easy and cost-effective ways to stay Cyber Safe in 2021 Read More »

SUBEX BLOG BANNER 2

Cybersecurity plans for the Year 2021

From every perspective 2020 was a tough year and the demands businesses and markets had from leaders was never this high and engaging. To help prepare for 2021, we have put together some of our most popular cybersecurity content. We hope these will feed into your cybersecurity plans for the New Year. We began the year by preparing a comprehensive evaluation of the global threat environment. As much as 79 percent of the predictions made by us in this report were realized this year in batches. Subex was among the first OT and IoT cybersecurity vendors to draw a correlation between the onset of the Covid-19 pandemic and its implications for the digital world. Our first advisory on this event was issued in February 2020. To keep up with the pace at which malware developers were launching new and modified malware, we published a number of malware reports throughout the year.  From the feedback we received from the industry and other stakeholders, we are happy to report that these reports helped many leaders firm up their cybersecurity posture. We also published a few case studies to highlight the challenges we are solving for our customers. You can find them here, here and here. To cover threats surrounding 5G and IoT we joined hands with industry body GSMA to do a webinar with industry experts. On this occasion we did a deep dive on IoT and OT security to help stakeholders understand specific interventions needed to secure installations. We also brought out a series of blogs that investigated aspects of cyber resilience, data theft, basic cybersecurity mistakes, cyber espionage and pandemic-era cybersecurity. We are ending the year with a series of blogs on predictions and things to do to stay secure in 2021. We hope you find these curated content pieces relevant and informative. Nat will be glad to help in case you wish to learn more. You can drop her a line: natalie.smith@subex.com.

Cybersecurity plans for the Year 2021 Read More »

SUBEX BLOG BANNER

The SolarWinds cyberattack episode has just begun unraveling

The worst could be yet to come. As the events unfold, the full impact of the layered cyberattack on the Austin-based IT management software firm’s customers will be felt well into the next five years or beyond. Here is what we know so far: It is clearly among the biggest ever cyberattacks on the US government According to reports, over 400 of the Fortune 500 companies in the US and top 10 telcos have all been impacted A ‘trojanized’ software update was used to install the sunburst malware into a commonly used IT management and monitoring software The update was installed by as many as 18,000 customers using the software Parts of US Treasury, Department of Commerce, Department of Homeland Security, and the Pentagon have all been targeted and have borne the brunt of the attack This is an example of a ‘supply-chain’ attack wherein the intended target is attacked through vendors or third-parties who have some connection with the core networks and IT infrastructure of the intended victim A different threat actor was found to have deployed another malware during the same episode Discussions on the litigation fallout have begun and are moving in the direction of a Class action suit Companies across the US are on a state of high alert. The ones affected by this cyber attack will have to spend time, effort and money in cleaning up as also in shoring up their defenses to avoid any secondary attacks or release of data. These attacks have brought cybersecurity to the forefront of strategic attention from businesses everywhere. In a tough year, where multiple vendors including Subex had issued a range of cyber attack advisories from as early as March, this was not an unanticipated attack but what is shocking is the scale and the modus operandi used by the alleged state-backed hackers who are supposed to be behind the episode. While cybersecurity governance questions are being asked, one thing is clear, there is a lot more that needs to be done to prevent and deter such attacks in the future: The threat actor involved in SolarWinds attack demonstrated patience, sophistication, and tactics so removing them from the compromised environments will be a tough task. If such efforts (that are now needed in the cleanup effort) were put in securing enterprises with diligence, then post-facto efforts won’t be needed. Securing your organizational assets cannot be considered a one-horse race. Instead, the challenge has to be addressed at multiple levels. Vectors of vulnerabilities known and unknown are everywhere and they need to be addressed at the government, institutional and employee levels. Within organizations, multiple strategies and tactics need to be adopted A two-way authentication will go a long way in securing assets and blocking malicious users Implement a Zero trust-based approach especially for those services that reside on/are accessed from the cloud or those where the updates are forced across a multitude of devices without human intervention Code-Orange should be the normal threat perception level. With the prevalence of threat actors, state-backed APT groups, independent actors, and disgruntled stakeholders, it is always important to be at the highest level of alert. The SolarWinds attack has set the agenda for 2021. While nations and businesses start transitioning out of the Covid-19 induced economic and business slowdown, inadequate attention to cybersecurity could not just slow down these recovery efforts but could also harm reputations beyond repair prolonging the impact. Nat will be glad to help in case you wish to learn more. You can drop her a line: natalie.smith@subex.com.

The SolarWinds cyberattack episode has just begun unraveling Read More »

cybersecurity solutions solarwinds

What the SolarWinds episode has taught us so far

Unless you have been on a digital detox vacation, you must have heard of the SolarWinds breach. Just to refresh your memory, multiple US government agencies were compromised by pushing a trojanized update. Post installation, this update allowed the hacker to conduct multi-level reconnaissance, modify user privileges, move laterally into other critical environments and compromise the data. The scope and scale of this breach has ‘shaken cyber defenders and governments alike. It is now time to focus on the takeaways from this incident. Cyber supply chain awareness: a dual-purpose risk assesment should be conducted to assess the state of security emanating from third-party solutions and evaluating the implications of such risks Finding the right cybersecurity models: such models and frameworks should be able to uncover security gaps and prioritize them. Businesses should work towards constantly reviewing these models while keeping their risk appetite to the lowest level possible There is no ‘business as usual’ for cybersecurity: in 2021, the new normal will be about being cyber risk aware at all times. Cybersecurity teams will have to overwork their imaginations to identify new sources of vulnerabilities Developer access management: the backdoor introduced by the hacker must have been in a file not often accessed by developers (a developers account must have also been compromised). If developer access was managed diligently and reviewed to check for anomalies, the breach would have been discovered earlier. Trust is dangerous: as many such episodes before have shown, trust should not be be implicit, explicit or stated with caution. Instead trust should be established on a session to session, device to session and connection to connection and time basis. No entity should be allowed to transact for long durations from a position of trust no matter the level of privilege. Zero trust should be the way forward Subex has been working to secure businesses in all livable continents for over two decades now. Our offerings use a blend of tactics to introduce layered security including discovery of rogue and compromised assets. As of today, we are securing some of the toughest and hard to secure OT and IOT-based deployments globally. We can help you improve your cybersecurity posture to secure your assets. In just under 45 minutes, we can tell you how our solution can keep such episodes of grief at bay. Get in touch with natalie.smith@subex.com  to learn more

What the SolarWinds episode has taught us so far Read More »

OT cybersecurity

Cyber risks: espionage mercenaries, ICS threats and stealthy IoT botnets in the cloud

Cyber mercenaries are targeting industrial control systems (ICS) and IoT deployments like never before. Threat actors are now shifting significant resources to exploit emerging network edge environments. Securing these new environments, including new technologies and converging systems, is more challenging than it may seem. Ransomware continues to evolve. In 2019, ransomware developers implemented a new strategy to counteract the decision of many organizations to not pay a ransom choosing instead to restore compromised systems on their own. Now cybercriminals, in addition to encrypting data and systems also post that data on public servers. They then not only demand a ransom but also threaten to publicly release valuable IP and sensitive information if their ransom demands are ignored. Such changing strategies indicate a high level of investment in studying and investigating not just the cybersecurity systems and responses, but also the organizational motivations that drive decision making. Subex’s threat researchers have found that ICS are increasingly gathering attention from cyber threat actors. Given the nature of these threats, it becomes imperative to talk to an IoT, OT and cyber deception partner to help you keep these threats at bay. Subex Secure is securing some of the toughest to secure businesses that are using IoT and critical infrastructure across 3 continents. Nat will be glad to help in case you wish to learn more. You can drop her a line here. We also encourage you to read our Threat Landscape Report for Q2 2020 here

Cyber risks: espionage mercenaries, ICS threats and stealthy IoT botnets in the cloud Read More »

IoT Security Data banner 1

Who stole my data: Solving the IoT security puzzle!

Internet of Things security is presenting governments and businesses with an unprecedented challenge. Consequently, a largely divided U.S. Congress identified it as a bipartisan issue ready for legislation. Last month, both houses of Congress passed the Internet of Things Cybersecurity Improvement Act recognizing IoT security as a matter of national security. Despite all this attention, IoT deployments are still getting breached. In a recent episode, a set of IoT devices (camera with a doorbell) were found sending user credentials to China. The number of IoT-focused attacks hit an all-time high this year underscoring the need for action at all levels. Critical infrastructure components such as industrial control systems (ICS), safety systems, video surveillance systems, and asset tracking systems are now being attacked frequently to enter IT systems to steal data through laterally moving malware. As the Christmas gifting season appears on the horizon, a new wave of cyberattacks will emerge harnessing gifted connected devices that are less secure. Guess where your stolen data could end up? Such episodes will repeat till such a time that we prioritize IoT security and embed it by default in every activity from inception. Subex Secure is here to help We are today offering critical infrastructure grade security to our customers across the globe. With Subex Secure, you can afford to focus on your core business goals while we protect your assets, data, and infrastructure. Yes, our offerings can go a long way in helping you get more out of your IoT investments without worrying about security. Anything else is a compromise. Contact sai.kunchapu@subex.com to learn how 30 percent of information security leaders are successfully managing IoT threats and vulnerabilities. Read our latest threat landscape report to learn about cyber threats you need to know about. Proof of value: How we helped a leading manufacturer improve their cybersecurity posture and avoid such threats.

Who stole my data: Solving the IoT security puzzle! Read More »

Banner 1

Don’t miss this critical cybersecurity requirement

Targeted attacks on supply chains connected with various sectors rose significantly in the last 8 months, according to various research firms. And this is just the tip of the iceberg as these findings relate to existing threats or threats that have been identified.  There could be many new ones lurking in the Dark Web and elsewhere. Most information security leaders tend to ignore the potency of unknown threats. This is because the security architecture in most enterprises and projects doesn’t permit adequate versatility to understand and identify latent threats to deal with them.  The problem is compounded by security practices based on restrictive network activities at the perimeter rather. This means that a threat that somehow manages to trick the perimeter-based security mechanism is free to wreak havoc inside the core network. Unfortunately, even the compliance mandates that are prevailing in various countries also fail to encourage businesses and other entities to look into emerging threats through a combination of insights, forecasts, and sheer imagination. Besides, thanks to the increasing diversity of processes and devices, it is easy to lose track of baseline cybersecurity requirements with every increase in surface area. No matter what your network architecture, industry, or level of security sophistication, gaps could arise during periods of transition, capacity expansion, or infusion of new technology. The addition of IoT exponentially amplifies the threat factor. In another survey, over 70 percent of cybersecurity practitioners reported some level of unfamiliarity with threats that emerge in converged environments spanning IT, OT, and IoT. Unfortunately, these converged environments represent the event horizon – a vista that presents infinite possibilities for hackers, malware developers, and threat actors to exploit. Converged environments needn’t be your organizational Achilles heel. Instead, such environments can be harnessed for testing new tech and workflows to improve efficiency, data analytics, and insights as also improving your cybersecurity posture and providing depth to your cyber resilience strategies. Connect with natalie.smith@subex.com to learn how you can join 30 percent of leaders who have successfully addressed this threat. Read our latest threat landscape report here to learn about cyber threats you need to know about. Proof: How we helped a leading manufacturer improve their cybersecurity posture and avoid such threats

Don’t miss this critical cybersecurity requirement Read More »

Scroll to Top