A hacking and cyberespionage group is currently targeting industrial control systems at energy companies. According to a survey by Symantec they have broken into 27 corporate networks so far. The Dragonfly group, also known as Energetic Bear is using spear phishing campaigns and malware-infected websites to collect credentials for corporate networks. Dragonfly has been active since at least 2011 and was exposed by security analysts in 2014. Afterwards, the group seemed to go underground and has only recently emerged again in the public eye. Symantec researchers refer to the current attacks as “Dragonfly 2.0” because they replicate many aspects of the previous attacks. The attacks target industrial control systems (ICS) which belong to companies that operate pipelines, generate electricity, and other energy-related companies. The Dragongly group appears to be particularly active in Switzerland, Turkey and North America.
A VPN needs both a client and remote gateway. While NCP offers a complete solution with Secure Enterprise Client and Secure Enterprise VPN Server, some manufacturers only develop their own gateways. Client software is then purchased from another company such as NCP. This type of cooperation is rare in the security sector, as the compatibility of the products is very important and may not meet all the requirements of a given scenario. This is not the case at NCP which shows that partnerships without compromise can be achieved in the security sector. NCP has been working with Juniper Networks for many years and this partnership recently reached a new level of cooperation.
People are often quick to adapt – now we don’t seem to blink an eyelid when we read news about another hacked server and the loss of a few million records of personal data. Only the most spectacular cases often attract our attention such as an attack on a high profile target like the German parliament or incidents where vast amounts of data were stolen, for example the Yahoo breach. And the bar is constantly being raised of what needs to happen to catch our attention. News which used to grab headlines throughout the media is now limited to specialist magazines or blogs. Nevertheless, companies are paying attention to such threats as a high priority. A study by PriceWaterhouseCoopers lists cybercrime as the second most reported economic crime. In the study, 32 percent of companies said they had already been victims of cybercrime and 34 percent expected an incident in their company over the next two years. Analysing the development of cybercrime in the last few years reveals interesting trends. A infographic on Bestvpn.com lists the 10 most serious incidents according to the impact or the quantity of stolen data. Although the list is based on incidents in America, the findings are impressive. Even the last place begins at 50 million data records stolen from the retailer Home Depot in 2014.
The RSA Conference (RSAC) is always a major highlight in the IT security professional calendar and this year’s show was no exception. In this blog, NCP engineering reviews some of the standout enterprise machine-to-machine (M2M), mobile client and cloud security trends to emerge from RSAC 2017. The show is also a win-win for NCP. Our strong track record with US technology partners means that NCP is well-known to US-base customers and prospects. At the same time, our experience in fulfilling Industrial Internet of Things (IIoT) or Industry 4.0 projects in Germany means we had a great deal of knowledge and insight to share with prospects in this security segment, one that is in its early stages in the United States.
Most IT devices have some form of remote access, whether via web browser or app. As long as devices are accessed by an authorized user from within an internal network, this isn’t a problem. Unfortunately, many devices, especially routers and smart home gateways are also accessible from the internet. And that’s where the problems begin. In fact, they have never stopped. Open remote access is among the greatest yet unfortunately inevitable threats of IT devices. Anybody who can access the management interface can control the device and usually the owner will not notice. Devices that are connected to the internet are constantly scanned and scrutinized for vulnerabilities. Open remote management interfaces should be treated as the digital equivalent of a loaded gun. It can be used but you need to know exactly what you are doing and take every possible precaution.