News
Key IT security trends that are expected to shape 2021: Sophos
NEW DELHI: British security software and hardware company Sophos said that it has published the Sophos 2021 Threat Report, which flags how ransomware and fast-changing attacker behaviors, from advanced to entry level, will shape the threat landscape and IT security in 2021.
The report, written by SophosLabs security researchers, as well as Sophos’ threat hunters, rapid responders, and cloud security and AI experts, provides a three-dimensional perspective on security threats and trends, from their inception to real-world impact.
Three key trends analyzed in the Sophos 2021 Threat Report include:
1. The gap between ransomware operators at different ends of the skills and resource spectrum will increase. At the high end, the big-game hunting ransomware families will continue to refine and change their tactics, techniques and procedures (TTPs) to become more evasive and nation-state-like in sophistication, targeting larger organizations with multimillion-dollar ransom demands. In 2020, such families included Ryuk and RagnarLocker. At the other end of the spectrum, Sophos anticipates an increase in the number of entry level, apprentice-type attackers looking for menu-driven, ransomware-for-rent, such as Dharma, that allows them to target high volumes of smaller prey.
Another ransomware trend is “secondary extortion,” where alongside the data encryption the attackers steal and threaten to publish sensitive or confidential information, if their demands are not met. In 2020, Sophos reported on Maze, RagnarLocker, Netwalker, REvil, and others using this approach.
“The ransomware business model is dynamic and complex. During 2020, Sophos saw a clear trend towards adversaries differentiating themselves in terms of their skills and targets. However, we’ve also seen ransomware families sharing best-of-breed tools and forming self-styled collaborative ‘cartels,’” said Chester Wisniewski, principal research scientist, Sophos. “Some, like Maze, appeared to pack their bags and head for a life of leisure, except that some of their tools and techniques have resurfaced under the guise of a newcomer, Egregor. The cyberthreat landscape abhors a vacuum. If one threat disappears another one will quickly take its place. In many ways, it is almost impossible to predict where ransomware will go next, but the attack trends discussed in Sophos’ threat report this year are likely to continue into 2021.”
2. Everyday threats such as commodity malware, including loaders and botnets, or human-operated Initial Access Brokers, will demand serious security attention. Such threats can seem like low level malware noise, but they are designed to secure a foothold in a target, gather essential data and share data back to a command-and-control network that will provide further instructions. If human operators are behind these types of threats, they’ll review every compromised machine for its geolocation and other signs of high value, and then sell access to the most lucrative targets to the highest bidder, such as a major ransomware operation. For instance, in 2020, Ryuk used Buer Loader to deliver its ransomware.
“Commodity malware can seem like a sandstorm of low-level noise clogging up the security alert system. From what Sophos analyzed, it is clear that defenders need to take these attacks seriously, because of where they might lead. Any infection can lead to every infection. Many security teams will feel that once malware has been blocked or removed and the compromised machine cleaned, the incident has been prevented,” said Wisniewski. “They may not realize that the attack was likely against more than one machine and that seemingly common malware like Emotet and Buer Loader can lead to Ryuk, Netwalker and other advanced attacks, which IT may not notice until the ransomware deploys, possibly in the middle of the night or on the weekend. Underestimating ‘minor’ infections could prove very costly.”
3. All ranks of adversaries will increasingly abuse legitimate tools, well known utilities and common network destinations to evade detection and security measures and thwart analysis and attribution. The abuse of legitimate tools enables adversaries to stay under the radar while they move around the network until they are ready to launch the main part of the attack, such as ransomware. For nation-state-sponsored attackers, there is the additional benefit that using common tools makes attribution harder. In 2020, Sophos reported on the wide range of standard attack tools now being used by adversaries.
“The abuse of everyday tools and techniques to disguise an active attack featured prominently in Sophos’ review of the threat landscape during 2020. This technique challenges traditional security approaches because the appearance of known tools doesn’t automatically trigger a red flag. This is where the rapidly growing field of human-led threat hunting and managed threat response really comes into its own,” said Wisniewski. “Human experts know the subtle anomalies and traces to look for, such as a legitimate tool being used at the wrong time or in the wrong place. To trained threat hunters or IT managers using endpoint detection and response (EDR) features, these signs are valuable tripwires that can alert security teams to a potential intruder and an attack underway.”
Additional trends analyzed in the Sophos 2021 Threat Report include:
· Attacks on servers: adversaries have targeted server platforms running both Windows and Linux, and leveraged these platforms to attack organizations from within
· The impact of the COVID 19 pandemic on IT security, such as the security challenges of working from home using personal networks protected by widely varying levels of security
· The security challenges facing cloud environments: cloud computing has successfully borne the brunt of a lot of the enterprise needs for secure computing environments, but faces challenges different to those of a traditional enterprise network
· Common services like RDP and VPN concentrators, which remain a focus for attacks on the network perimeter. Attackers also use RDP to move laterally within breached networks
· Software applications traditionally flagged as “potentially unwanted” because they delivered a plethora of advertisements, but engaged in tactics that are increasingly indistinguishable from overt malware
· The surprising reappearance of an old bug, VelvetSweatshop – a default password feature for earlier versions of Microsoft Excel – used to conceal macros or other malicious content in documents and evade advanced threat detection
· The need to apply approaches from epidemiology to quantify unseen, undetected and unknown cyberthreats in order to better bridge gaps in detection, assess risk and define priorities
News
Mobile tariff hike:Congress blames NDA government for Rs 34,824 crore burden on public
NEW DELHI: Hitting out at the NDA-led Narendra Modi government over three private firms increasing mobile service tariffs, the Congress on Friday accused it of “fleecing” 109 crore cell phone users and asked how can the firms be permitted to unilaterally increase rates without any oversight and regulation.
Congress general secretary Randeep Surjewala said it may be Modi 3.0 but the thriving of “crony capitalism” continues.
The Narendra Modi government is fleecing 109 crore cell phone users by sanctioning profiteering by private cell companies, he said at a press conference at the AICC headquarters here.
“Effective July 3, the three private cell phone companies, i.e. Reliance Jio, Bharti Airtel and Vodafone Idea, have increased their tariffs by an average of 15 per cent. The three private cell phone companies have a market share of 91.6 per cent, or 109 crore cell phone users out of a total of 119 crore cell phone users as on December 31, 2023,” Surjewala said.
The total additional yearly payment from the pockets of the common man and woman of India seeking connectivity is Rs 34,824 crore, he said, citing TRAI.
Cell phone market in India is an ‘oligopoly’ – Reliance Jio (48 crore cell phone users), Airtel (39 crore cell phone users), Vodafone Idea (22.37 crore cell phone users), Surjewala said.
Out of these, Jio and Airtel have a customer base of 87 crore making them a virtual duopoly, he said.
Effective July 3, 2024, Reliance Jio has increased its cell phone user’s charges from 12 per cent to 27 per cent and the average increase is 20 per cent, Surjewala said.
Effective July 3, 2024, Airtel has increased its cell phone user’s charges from 11 per cent to 21 per cent with the average increase being 15 per cent, he said.
Effective July 4, 2024, Vodafone Idea has increased its cell phone user’s charges from 10 per cent to 24 per cent with the average increase being 16 per cent, Surjewala said.
“Two things stand out ‘ Firstly, the date of announcement of increase of tariffs, appears to be clearly in consultation with each other by the three private cell phone companies. Secondly, the date of effective implementation of increased tariffs is the same,” he said.
Surjewala claimed that the additional per year burden of tariff increase is Rs. 34,824 crore for 109 crore cell phone users of these three private cell phone companies.
How can private cell phone companies be permitted to unilaterally increase cell phone tariffs by Rs 34,824 crore annually without any oversight and regulation by the Modi government, he asked.
Surjewala also asked why have the Modi government and Telecom Regulatory Authority of India (TRAI) abdicated their duty and responsibility towards 109 cell phone users.
“Wasn’t the increase in cell phone prices withheld till the conclusion of the Parliament elections as the Modi government would have been questioned on the justification for burdening 109 crore cell phone users and fleecing them of an extra Rs 34,824 crore?” Surjewala said.
Did the Modi government or TRAI conduct any study on need of CAPEX or impact on profitability by purchase of spectrum through auction after taking into account the previous set of concessions on AGR payable under Telecom Policy, 1999 or deferring of “Spectrum Auction Installments” by Modi 2.0 on November 20, 2019 or other related factors, he asked.
“How can all Private Cellphone Companies increase their average tariffs by the same range of 15per cent-16per cent, despite the fact that their profitability, investment and CAPEX requirements are completely different? Why is the Modi government is then turning a blind eye to the same?” Surjewala said.
“Isn’t it correct that the Supreme Court of India, in “Delhi Science Forum versus Union of India” clearly stated that ‘the central government and the Telecom Regulatory Authority have not to behave like sleeping trustees, but have to function as active trustees for the public good’?” he said.
Surjewala asserted that the prime minister must answer to the people of India, including the 109 crore affected cell phone users.
Bharti Airtel last month announced a 10-21 per cent hike in prepaid and postpaid mobile tariffs from July 3, a day after larger rival Reliance Jio announced an increase in rates.
Later that day, loss-making telecom operator Vodafone Idea (Vi) also announced its plan to raise mobile tariffs by 11-24 per cent from July 4.
Source: Press Trust of India
News
Indian Tech Startups Surge Ahead with $4.1 Billion in Funding for H1 2024
NEW DELHI: Indian tech startups have secured an impressive total of $4.1 billion in funding during the first half of 2024, reflecting a 4% increase from the latter half of 2023, according to Tracxn’s latest report. Although this figure represents a notable decline from the $4.8 billion raised in H1 2023, India continues to hold its position as the fourth-highest funded country globally.
The United States remains the leader in overall funding volumes, followed closely by the UK and China. Tracxn’s India Tech Semi-Annual Funding Report H1 2024 offers insights into funding trends, sectoral performances, and major developments within the Indian technology sector for the specified period.
Notable increases were observed in seed-stage funding, which climbed to $455 million, marking a 6.5% rise from H2 2023 but a 17.3% decline from H1 2023. Late-stage funding also saw a modest increase of 3.8%, amounting to $2.4 billion. The period also witnessed eight significant funding rounds exceeding $100 million each, including Flipkart’s $350 million and Meesho’s $275 million rounds.
Source: Press Trust of India
5g
Ericsson has been ranked as the leader in the Frost Radar 5G Network Infrastructure Market 2024
For the fourth consecutive year, Ericsson has been ranked as the leader in the Frost
Radar™ 5G Network Infrastructure Market 2024 analysis, highlighting the impact of the
company’s strategy to meet the evolving needs of communications service providers (CSPs).
Maintaining top ranking in the Frost Radar™ report over the past years has shown that
Ericsson’s investments in R&D and across a wide product portfolio – which includes all areas
of 5G network infrastructure as well as previous generations of network infrastructure – is
valued in a market where technology is constantly evolving.
The report has also acknowledged Ericsson’s sustained focus on offering the latest and
lightest energy-saving products and solutions. It also touched on the company’s Open RAN
plans.
Fredrik Jejdling, Executive Vice President and Head of Networks at Ericsson, says: “The
latest Frost Radar report highlights our unwavering commitment to innovation and technology
leadership through the most competitive portfolio. In a challenging market, we remain
focused on our customers and move forward with even greater determination.”
Commenting on Ericsson’s top ranking, Troy Morley, Industry Principal, at Frost & Sullivan’s
Information & Communication Technology group, says: “Ericsson has done an excellent job
keeping its current customers and adding new customers, including significant replacement wins over competitors. Ericsson has a significant pipeline of customers that have yet to move
to 5G but will over the coming years.”
Ericsson currently powers *160 live 5G networks in 68 countries, which is the highest level
that Frost & Sullivan has seen publicly reported.
“Ericsson’s strategy continues to center on CSPs’ evolving needs in all areas of the world,”
Morley says. “However, with its 2020 acquisition of Cradlepoint, Ericsson also is expanding
its role with enterprise customers.”
The report has also discussed the importance of the open and virtual RAN movement and
the belief that eventually open and virtual RAN will be the norm. “Ericsson’s step into offering
Open RAN solutions in 2024 will help make this movement a reality,” Morley says. “The
company plans to offer O-RAN-compliant solutions in 2024; Frost & Sullivan believes this will
result in significant growth in open and virtual RAN revenue.”
Commenting further on the report, Morley says: “Energy efficiency has been a buzzword for
a few years and Ericsson continues to tout solutions that are smaller and lighter and that
save energy, answering its customers’ needs. This will continue with its traditional RAN
solutions and accelerate with its new Open RAN offerings.”
The Frost Radar report measures growth rates in addition to absolute revenue and combines
them with several other factors to measure companies’ performance along the Growth Index.
The report also measures innovation for each company by assessing its product portfolio, the
scalability of its innovations, the efficacy of its R&D strategy, and several other factors.
The latest report from business consulting firm Frost & Sullivan reaffirms Ericsson’s
leadership in the 5G network infrastructure market, which spans radio access networks
(RAN), transport networks, and core networks.
-
News3 months ago
Mobile tariff hike:Congress blames NDA government for Rs 34,824 crore burden on public
-
5g5 months ago
Ericsson Showcases differentiated connectivity for the value of 5G
-
5g4 months ago
Ericsson has been ranked as the leader in the Frost Radar 5G Network Infrastructure Market 2024
-
News4 months ago
Indian Tech Startups Surge Ahead with $4.1 Billion in Funding for H1 2024