Information Technology

Image: Microsoft

For many years, the Microsoft Security Intelligence Report has been the gold standard in terms of providing a yearly overview of all the major events and trends in the cyber-security and threat intelligence landscape.
While Microsoft unceremoniously retired the old SIR reports back in 2018, the OS maker appears to have realized its mistake, and has brought it back today, rebranded as the new Microsoft Digital Defense Report.
Just like the previous SIR reports, Microsoft has yet again delivered.
Taking advantage of its vantage points over vast swaths of the desktop, server, enterprise, and cloud ecosystems, Microsoft has summarized the biggest threats companies deal with today in the face of cybercrime and nation-state attackers.
The report is 88 pages long, includes data from July 2019 and June 2020, and some users might not have the time to go through it in its entirety. Below is a summary of the main talking points, Microsoft’s main findings, and general threat landscape trends.
Cybercrime
2020 will, without a doubt, be remembered for the COVID-19 (coronavirus) pandemic. While some cybercrime groups used COVID-19 themes to lure and infect users, Microsoft says these operations were only a fraction of the general malware ecosystem, and the pandemic appears to have played a minimal role in this year’s malware attacks.
Email phishing in the enterprise sector has also continued to grow and has become a dominant vector. Most phishing lures center around Microsoft and other SaaS providers, and the Top 5 most spoofed brands include Microsoft, UPS, Amazon, Apple, and Zoom.
Microsoft said it blocked over 13 billion malicious and suspicious mails in 2019, and out of these, more than 1 billion contained URLs that have been set up for the explicit purpose of launching a credential phishing attack.
Successful phishing operations are also often used as the first step in Business Email Compromise (BEC) scams. Microsoft said that crooks gain access to an executive’s email inbox, watch email communications, and then spring in to trick the hacked users’ business partners into paying invoices into wrong bank accounts.

Image: Microsoft
Per Microsoft, the most targeted accounts in BEC scams were the ones for C-suites and accounting and payroll employees.
But Microsoft also says that phishing isn’t the only way into these accounts. Hackers are also starting to adopt password reuse and password spray attacks against legacy email protocols such as IMAP and SMTP. These attacks have been particularly popular in recent months as it allows attackers to also bypass multi-factor authentication (MFA) solutions, as logging in via IMAP and SMTP doesn’t support this feature.
Furthermore, Microsoft says it’s also seeing cybercrime groups that are increasingly abusing public cloud-based services to store artifacts used in their attacks, rather than using their own servers. Further, groups are also changing domains and servers much faster nowadays, primarily to avoid detection and remain under the radar.
Ransomware groups
But, by far, the most disruptive cybercrime threat of the past year have been ransomware gangs. Microsoft said that ransomware infections had been the most common reason behind the company’s incident response (IR) engagements from October 2019 through July 2020.
And of all ransomware gangs, it’s the groups known as “big game hunters” and “human-operated ransomware” that have given Microsoft the most headaches. These are groups that specifically target select networks belonging to large corporations or government organizations, knowing they stand to receive larger ransom payments.
Most of these groups operate either by using malware infrastructure provided by other cybercrime groups or by mass-scanning the internet for newly-disclosed vulnerabilities.

Image: Microsoft
In most cases, groups gain access to a system and maintain a foothold until they’re ready to launch their attacks. However, Microsoft says that this year, these ransomware gangs have been particularly active and have reduced the time they need to launch attacks, and especially during the COVID-19 pandemic.
“Attackers have exploited the COVID-19 crisis to reduce their dwell time within a victim’s system – compromising, exfiltrating data and, in some cases, ransoming quickly – apparently believing that there would be an increased willingness to pay as a result of the outbreak,” Microsoft said today.
“In some instances, cybercriminals went from initial entry to ransoming the entire network in under 45 minutes.”
Supply-chain security
Another major trend that Microsoft chose to highlight was the increased targeting of supply chains in recent months, rather than attacking a target directly.
This allows a threat actor to hack one target and then use the target’s own infrastructure to attack all of its customers, either one by one, or all at the same time.
“Through its engagements in assisting customers who have been victims of cybersecurity intrusions, the Microsoft Detection and Response Team has observed an uptick in supply chain attacks between July 2019 and March 2020,” Microsoft said.
But Microsoft noted that while “there was an increase, supply chain attacks represented a relatively small percentage of DART engagements overall.”
Nonetheless, this doesn’t diminish the importance of protecting the supply chain against possible compromises. Here, Microsoft highlights dangers coming from the networks of Managed Service Providers (MSPs, third-parties that provide a very specific service and are allowed to access a company’s network), IoT devices (often installed and forgotten on a company’s network), and open-source software libraries (which make up most of a company’s software these days).
Nation-state groups
As for nation-state hacking groups (also known as APTs, or advanced persistent threats), Microsoft said this year has been quite busy.
Microsoft said that between July 2019 and June 2020, it sent out more than 13,000 nation-state notification (NSN) to its customers via email.
According to Microsoft, most were sent for hacking operations linked back to Russian state-sponsored groups, while most of the victims were located in the US.

Image: Microsoft
These email notifications were sent for email phishing attacks against its customers. Microsoft said it tried to counter some of these attacks by using court orders to seize domains used in these attacks.
Over the past year, Microsoft seized domains previously operated by nation-state groups like Strontium (Russia), Barium (China), Phosphorus (Iran), and Thallium (North Korea).
Another interesting finding of the Microsoft Digital Defense Report is that the primary targets of APT attacks have been non-governmental organizations and the services industry.
This particular finding goes against the grain. Most industry experts often warn that APT groups prefer to target critical infrastructure, but Microsoft says its findings tell a different story.
“Nation state activity is more likely to target organizations outside of the critical infrastructure sectors by a significant measure, with over 90% of notifications served outside of these sectors,” Microsoft said.
As for the techniques that have been preferred this past year (July 2019 to June 2020) by nation-state groups, Microsoft noted several interesting developments, with the rise of:
Password spraying (Phosphorus, Holmium, and Strontium)
Use of penetration testing tools (Holmium)
The use of ever-more-complex spear-phishing (Thallium)
The use of web shells to backdoor servers (Zinc, Krypton, Gallium)
The use of exploits targeting VPN servers (Manganese)

Image: Microsoft
All in all, Microsoft concludes that criminal groups have evolved their techniques over the past year to increase the success rates of their campaigns, as defenses have gotten better at blocking their past attacks.
Just like in years prior, the entire cybersecurity landscape appears to be sitting on a giant merry-go-round, and constant learning and monitoring is required from defenders to keep up with the ever-evolving attackers, may them be financially-motivated or nation-sponsored groups. More

James Gosling, the father of Java, one of the world’s most widely used programming languages, has talked with research scientist Lex Fridman about Java’s origins and his motivations for creating a language that would be used on tens of billions of devices and become central to the development of Android at Google. 
Gosling designed Java 25 years ago while at Sun Microsystems. In 2009, Java would be one of the key reasons Oracle acquired Sun. According to Oracle, today there are 51 billion active Java Virtual Machines (JVMs) deployed globally. 
But long before Oracle’s acquisition of Sun, Gosling said he and a team at Sun “kind of worried that there was stuff going on in the universe of computing that the computing industry was missing out on” – what would become today’s Internet of Things.

“It was all about what was happening in terms of computing hardware, processors and networking that was outside the computing industry,” he said. 
“That was everything from the early glimmers of cell phones that were happening then to – you look at elevators and locomotives and process-control systems in factories and all kinds of audio and video equipment.  
“They all had processors in them they were all doing stuff with them and it felt like there was something going on there that we needed to understand.” 
At that stage C and C++ “absolutely owned the universe” and everything was being written in those languages. 
Gosling says his team went on several “epic road trips” around 1990 to visit Toshiba, Sharp, Mitsubishi and Sony in Japan, Samsung and several other South Korean companies, and went “all over Europe” to visit the likes of Philips, Siemens and Thomson. 
“One of the things that leapt out was that they were doing all the usual computer things that people had been doing 20 years before,” he recalls.
“They were reinventing computer networking and they were making all the mistakes that people in the computer industry had made.
“Since I’ve done a lot of work in the networking area, we’d go and visit company X that would describe this networking thing they were doing, and just without anything, I could tell them like 25 things that were going to be complete disasters.”
Discovering that industry outside the traditional computing world was now repeating earlier mistakes was one of the key reasons Gosling and his colleagues thought they could offer something useful in Java. 
However, he also realized the consumer electronics industry and the computer industry had a very different view of customers, which helped inform how he would design Java. 
“High on the list was that [consumer electronics companies] viewed their relationship with the customer as sacred. They were never ever willing to make trade-offs for safety. One of the things that always made me nervous in the computer industry was that people were willing to make trade-offs in reliability to get performance,” said Gosling.  
“Just figuring out … how to make sure that if you put a piece of toast in the toaster, it’s not going to kill the customer. It’s not going to burst into flames and burn the house down,” he added.         
After those road trips, Gosling and the company built a prototype control system in C and C++ code for home electronics goods, such as a TV and VCR. Security was a key consideration in his objectives for what would become Java. 
“Back in the early 1990s it was well understood that the number one source of security vulnerabilities was just pointers, was just bugs, like 50% to 60% to 70% were bugs and the vast majority of them were like buffer overflows. We have to make sure this cannot happen. And that was the original thing for me was ‘This cannot continue’.”    
But earlier this year, Gosling read a news report about the Chromium team finding that 70% of security bugs in the Chrome code base were memory management and safety bugs.  
“Chrome is a like a giant piece of C++ code. And 60% to 70% of all the security vulnerabilities were stupid pointer tricks. And I thought it’s 30 years later and we’re still there,” said Gosling.  
Beyond safety and security considerations for Java, he wanted to ensure “developer velocity”. 
“I got really religious about that because I’d spent an ungodly amount of time of my life hunting down mystery pointer bugs. The mystery pointer bugs tend to be the hardest to find because … the ones that hurt are a one in a million chance,” he notes.  
“When you’re doing a billion operations a second, it means it’s going to happen. I got religious about if something fails it happens immediately and visibly. One of the things that was a real attraction of Java to lots of development shops was that we know we get our code up and running twice as fast.”
Object-oriented programming was also an important concept for Java, according to Gosling. 
“One of the things you get out of object-oriented programming is a strict methodology about what are the interfaces between things and being really clear about how parts relate to each other.”
This helps address situations when a developer tries to “sneak around the side” and breaks code for another user. 
He admits he upset some people by preventing developers from using backdoors. It was a “social engineering” thing, but says people discovered that restriction made a difference when building large, complex pieces of software with lots of contributors across multiple organizations. It gave these teams clarity about how that stuff gets structured and “saves your life”. 
He offered a brief criticism of former Android boss Andy Rubin’s handling of Java in the development of Android. Gosling in 2011 had a brief stint at Google following Oracle’s acquisition of Sun. Oracle’s lawsuit against Google over its use of Java APIs is still not fully settled after a decade of court hearings. 
“I’m happy that [Google] did it,” Gosling said, referring to its use of Java in Android. “Java had been running on cell phones for quite a few years and it worked really, really well. There were things about how they did it, in particular various ways that they kind of violated all kinds of contracts.” 
“They guy who led it, Andy Rubin, he crossed a lot of lines. Lines were crossed that have since mushroomed into giant court cases. [Google] didn’t need to do that and in fact it would have been so much cheaper for them not to cross lines,” he added. 
“I came to believe it didn’t matter what Android did, it was going to blow up. I started to think of [Rubin] as like a manufacturer of bombs.”

James Gosling: “People were willing to make trade-offs in reliability to get performance.”  
Image: James Gosling/UserGroupsAtGoogle/YouTube More

A cyber espionage campaign is using new malware to infiltrate targets around the world including organisations in media, finance, construction and engineering.
Detailed by cybersecurity company Symantec, the attacks against organisations in the US, Japan, Taiwan and China are being conduced with the aim of stealing information and have been linked to an espionage group known as Palmerworm – aka BlackTech – which has a history of campaigns going back to 2013.
The addition of an US target to this campaign suggests the group is expanding campaigns to embrace a wider, more geographically diverse set of targets in their quest to steal information – although the full motivations remain unclear.
In some cases, Palmerworm maintained a presence on compromised networks for a year or more, often with the aid of ‘living-off-the-land’ tactics which take advantage legitimate software and tools so as to not raise suspicion that something might be wrong – and also thus creating less evidence which can be used to trace the origin of the attack.
Researchers haven’t been able to determine how hackers gain access to the network in this latest round of Palmerworm attacks, but previous campaigns have deployed spear-phishing emails to compromise victims.
SEE: Cybercrime and cyberwar: A spotter’s guide to the groups that are out to get you
However, it’s known that deployment of the malware uses custom loaders and network reconnaissance tools similar to previous Palmerworm campaigns, leaving researchers “reasonably confident” it’s the same group behind these attacks.
Palmerworm’s malware also uses stolen code-signing certificates in the payloads in order to make them look more legitimate and more difficult for security software to detect. This tactic is also known to have been previously deployed by the group.
The trojan malware provides attackers with a secret backdoor into the network and that access is maintained with the use of several legitimate tools including PSExec and SNScan which are exploited to move around the network undetected. Meanwhile, WinRar is used to compress files, making them easier for the attackers to extract from the network.
“The group is savvy enough to move with the times and follow the trend of using publicly available tools where they can in order to minimise the risk of discovery and attribution,” said Dick O’Brien principal on the threat hunter team at Symantec. “Like many state sponsored attackers, they seem to be minimising the use of custom malware, deploying it only when necessary”.
Organisations Symantec have identified as victims of Palmerworm include a media company and a finance company in Taiwan, a construction firm in China and a company in the US; in each case attackers spent months secretly accessing the compromised networks. Shorter compromises of just a few days were detected on the networks of an electronics company in Taiwan and an engineering company in Japan.
SEE: Security Awareness and Training policy (TechRepublic Premium)    
Symantec haven’t attributed Palmerworm to any particular group, but Taiwanese officials have previously claimed that the attacks can be linked back to China. If that is the case, it suggests that Chinese hackers have targeted a Chinese company as part of the campaign – although researchers wouldn’t be drawn on the potential implications of this.
However, what is certain is that whoever Palmerworm is working on behalf of, the group is unlikely to have ceased operations and will remain a threat.
“Give how recent some of the activity is, we consider them still active. The level of retooling we’ve seen, with four new pieces of custom malware, is significant and suggests a group with a busy agenda,” said O’Brien.
While the nature of advanced hacking campaigns means they can be difficult to identify and defend against, organisations can go a long way to protecting themselves by having a clear view of their network and knowledge of what usual and unusual activity looks like – and blocking suspicious activity if necessary.
“Most espionage type attacks are not a single event. They are a long chain of events where the attackers use one tool to perform one task, another tool to perform the next task, and then hop from one computer to another and so on,” said O’Brien
“There are lots of steps the attacker has to take to get to where they want to go and do whatever they want to do. Each individual step is an opportunity for it to be detected, disrupted and even blocked. And what you’d hope is that, if they aren’t detected during one step in that chain, they will be detected in the next,” he added.
READ MORE ON CYBERSECURITY More

Computer security firm McAfee has filed for an initial public offering (IPO) on the NASDAQ market in a move that could see Intel totally divest itself of the company it acquired in 2010. 
Enterprise IT companies have been dominating IPOs in 2020 and McAfeee hopes that the market’s enthusiasm for IT companies will extend to its offering. It is looking to raise capital at around $8 billion valuation but it could go higher.
Intel acquired McAfee for a record $7.7 billion 10 years ago as former Intel CEO Paul Otellinni initiated a strategy to improve enterprise security across hardware and software. 
However, Intel struggled to integrate the company —  renamed as Intel Security — and decided to spin it out under the original McAfee name. In April 2017 Intel sold a 51% stake to TPG Capital at a $4.2 billion valuation — losing nearly half its initial value.  
Intel could regain some of its losses if the IPO does well. The recent Snowflake IPO was expected to start trading at around $75 to $85 but the IT cloud firm started trading at $245 a share before finishing its opening day at $120. Snowflake’s bankers were criticized for leaving too much money on the table by mispricing demand for the shares.
McAfee’s revenues for 2019 were $2.64 billion up 9.4 percent from $2.41 billion in 2018.
McAfee has been acquiring smaller cybersecurity companies to strengthen its portfolio of products and services. It will trade under the ticker symbol $MCFE.

Tech Earnings More

VMware has kicked off day one of its virtual VMword 2020 conference with a slew of announcements focused on its idea of a “digital foundation for an unpredictable world”.

More VMworld

The first is Project Monterey, which the company considers as redefining hybrid cloud architecture for the data centre, cloud, and edge.
Speaking with ZDNet, vice president of VMware’s advanced technology group Chris Wolf said Project Monterey will help customers address the requirements of a new generation of applications.
As organisations modernise existing apps and deploy news ones, traditional IT architectures are being stretched to meet their unique requirements, he said next-generation apps spanning 5G transformation, cloud native, data-centric, machine learning, multi-cloud, and hybrid apps distributed across environments have produced new challenges for IT organisations.
To avoid adding further silos to the process, such as resulting from the adoption of GPUs, field programmable gate arrays (FPGAs), and smart network interface controllers (SmartNICs), VMware believes Project Monterey will tackle the problem from the start.
The initiative will span support for SmartNICs, platform re-architecture, and security.
“If we look at where we are at …. cloud native, telco, 5G transformations — this is really increasing the amount of network traffic and scale. How does the next-generation infrastructure handle that? It’s really looking at network I/O and virtualisation offload that would come in the form of SmartNICs as they continue to grow,” Wolf said.
“For machine learning and data-centric apps, there’s a stronger need for hardware acceleration requirements and then for multi-cloud and hybrid apps, we’re seeing a lack of traditional perimeter create a need for newer security models as well.
“We’ve been looking at ways to create better isolation for those particular use cases.”
VMware is working to evolve VMware Cloud Foundation — vSphere, vSAN, and NSX — to support SmartNIC technology, which is a new architectural component that offloads processing tasks that the server CPU would normally handle.
“By supporting SmartNICs, VMware Cloud Foundation will be able to maintain compute virtualisation on the server CPU while offloading networking and storage I/O functions to the SmartNIC CPU,” the company said in a statement.
“This will allow applications to maximise the use of the available network bandwidth while saving server CPU cycles for top application performance.
“VMware has taken the first step of this evolution by enabling ESXi to run on SmartNICs.”
As part of Project Monterey, VMware will rearchitect VMware Cloud Foundation to enable disaggregation of the server including extending support for bare metal servers.
“This will enable an application running on one physical server to consume hardware accelerator resources such as FPGAs from other physical servers,” the company said. “This will also enable physical resources to be dynamically accessed based on policy or via software API, tailored to the needs of the application.”
VMware said as ESXi is running on the SmartNIC, organisations will be able to use a single management framework to manage all their compute infrastructure, be that virtualised or bare metal.
“Another cool use case is around bare metal and composability. What gets really fascinating from a virtualisation perspective is if we take the ESX control plane that’s normally running on the server, running your applications in virtual machines, and we move that off to the SmartNIC, we can actually now start to get the best benefits of VMware virtualisation such as NSX and vSAN storage and be able to apply that to bare metal workloads running on the server,” Wolf added.
“So for some of your applications that may want to take advantage of just bare metal, we can give you the best of both worlds.”
He added the decoupling of networking, storage, and security functions from the main server allows these functions to be patched and upgraded independently from the server.
VMware said with Project Monterey, advancements in silicon further enable its vision of bringing “intrinsic security” to life.
“Each SmartNIC is capable of running a fully-featured stateful firewall and advanced security suite. Since this will run in the NIC and not in the host, up to thousands of tiny firewalls will be able to be deployed and automatically tuned to protect the particular services that make up the application — wrapping each service with intelligent defences that can shield any vulnerability of that specific service,” it added.
“This will enable a custom-built defence that will be able to be automatically tuned and deployed across tens of thousands of application services.”
To bring Project Monterey to life, VMware is working with its partners including Intel, Nvidia, and Pensando Systems, and system companies Dell Technologies, Hewlett Packard Enterprise, and Lenovo, to deliver solutions based on the new project.
Project Monterey is currently in preview.
MORE FROM VMWORLD 2020 More

After unveiling its new apps portfolio Tanzu last year, VMware has on Tuesday announced it is expanding the offering.

More VMworld

The Tanzu portfolio debuted in March, providing a package of tools for building and managing applications. VMware’s goal, CEO Pat Gelsinger said at the time, is to become “the ubiquitous, central infrastructure to enable our customers’ digital transformation.”
Over the last year, VMware has added to the Tanzu portfolio, expanded its partner ecosystem, and added new customers. 
The first Tanzu-branded offering was Mission Control, which allows customers to have a single point of control to manage all of their conformant Kubernetes clusters regardless of where they are running — vSphere, public clouds, managed services, packaged distributions, or DIY Kubernetes.
A year on, VMware Tanzu products include those gained with Bitnami, Heptio, Pivotal, and Wavefront acquisitions. VMware earlier this month announced the packaging of these products into four Tanzu editions: Tanzu Basic, Tanzu Standard, Tanzu Advanced, and Tanzu Enterprise.
Image: VMware
The company has also embedded Kubernetes in the vSphere control plane, as vSphere with Tanzu, which it said was providing customers with a single platform for all applications.
Must read: Why VMware’s Kubernetes investment will shape your multi-cloud strategy
With more than 75 independent software vendors now part of the VMware Tanzu community, vice president of VMware’s advanced technology group Chris Wolf told ZDNet there has been a lot of interest in Tanzu over the last 12 months.
“It’s been a fantastic journey for us because since the announcement a year ago, we’ve been able to ship vSphere 7 with Tanzu and this means that your Kubernetes APIs are baked into our core platform —  for both our customers as well as our partners,” he said.
VMware is extending the Virtual Cloud Network to connect and protect environments through VMware Tanzu Service Mesh powered by NSX and support for Project Antrea, which is an open source networking and security project for Kubernetes clusters.
Tanzu Service Mesh includes new capabilities focused on improving application continuity, resiliency, and security, the company said.
The new VMware Container Networking with Antrea is a commercial offering consisting of signed images and binaries and full support for Project Antrea. VMware Container Networking with Antrea will be included in VMware NSX-T, vSphere 7 with Tanzu, and Tanzu Kubernetes Grid.
Now, Tanzu will also be supported across VMware Cloud on AWS, with preview support for Oracle Cloud VMware Solution and Google Cloud VMware Engine.
“From a customer perspective, they now have native Kubernetes on a VMware stack, they can run Kubernetes pods and VMs side by side, software developers can interact with the infrastructure … on top of all that, if you think about it from a partner perspective, the fact that we’re exposing upstream Kubernetes above our stack means any third party can create an integration with VMware and much of that engineering work to build that innovation onto our platform, they can even repurpose with our competitors — its actually very friendly for our partners,” Wolf added.
VMware and Microsoft are also working closely to make the preview available soon to early adopters.
VMware also announced a partnership with GitLab that will see the DevOps platform delivered as a single application.
“I’m really excited about the growth of Kubernetes and where our Tanzu portfolio is continuing to evolve,” Wolf told ZDNet. “We have a lot more innovation happening there.”
MORE FROM VMWORLD 2020 More

Realising the future of work has shifted due to the COVID-19 pandemic, VMware is looking to centralise the security controls its customers now need, saying legacy networking and security approaches lack the automation, cloud scale, and intrinsic security needed to connect and protect apps, data, and users that are globally distributed.

More VMworld

This idea, vice president of VMware’s advanced technology group Chris Wolf said, is key to the company’s new VMware Future-Ready Workforce solutions. He labelled them as providing “exceptional workforce experiences”, end-to-end zero trust security controls, and simplified management.
“The Future-Ready Workforce solutions combine industry-leading Secure Access Service Edge (SASE), Digital Workspace, and endpoint security capabilities to help IT manage and optimise secure access to any app, on any cloud, from any device while providing a simple, high performant, and a safer user experience for the distributed workforce,” he told ZDNet.
The VMware SASE platform, the company explains, is a cloud-first offering that “delivers application quality assurance, intrinsic security, and operational simplicity, and is ideal for organisations that are supporting a work from anywhere workforce”.
As Wolf explained, legacy networking and security approaches lack the cloud scale and intrinsic security required to connect and protect apps, data, and users across a global business fabric. He said this leads to the accelerated adoption of SD-WAN and the emergence of Secure Access Services Edge (SASE).
The VMware SASE platform combines SD-WAN with cloud-delivered security. VMware is adding Secure Web Gateway, Cloud Access Service Broker, and expanded zero trust network access capabilities to the VMware SASE platform.
Under the SASE offering, VMware has expanded its global network to over 2,700 cloud service nodes across 130 points of presence.
VMware is also announcing VMware Edge Network Intelligence, which is based on technology acquired from Nyansa that uses machine learning-based predictive analysis, actionable intelligence, and proactive remediation. Meanwhile, VMware vRealize Network Insight 6.0 improves VMware SD-WAN visibility.
See also: Remote working: Security tips for working from home
The Dell EMC SD-WAN solution powered by VMware has also been expanded to include built-in LTE to support mobile clinics or temporary sites, as well as higher reliability for work from home.
Meanwhile, VMware Secure Access, a zero trust network access service that combines VMware Workspace ONE and VMware SD-WAN into the one cloud-hosted offering, is touted by the company as enabling more secure, optimised, and high-performance access for remote and mobile users.
The new VMware Cloud Web Security service will integrate Menlo Security’s secure web gateway, cloud access service broker, and remote browser isolation capabilities natively into the VMware SASE solution.
While the company’s VMware NSX firewall will be integrated into the VMware SASE platform for “cloud-delivered firewall as a service” in both single-tenanted and multi-tenanted deployment options.
“When you look at SASE, that’s solving real world work 2.0 problems that our customers have, we see that as a fantastic opportunity for VMware and our customers,” Wolf added.
Building on its Workspace ONE and Workspace Security offerings, VMware has also announced VMware Workspace Security Remote and VMware Workspace Security VDI.
Workspace Security Remote, Wolf said, combines unified endpoint management (UEM), endpoint security, and remote IT support into an integrated solution for protecting Mac and Windows 10 devices.
Workspace Security VDI, meanwhile, integrates VMware Horizon and VMware Carbon Black Cloud with the goal of helping deliver highly secure virtual desktops and applications.
See also: VMware goes shopping with $2.7B Pivotal purchase, $2.1B Carbon Black acquisition
“The distributed workforce introduces a number of challenges ranging from employee on-boarding, visibility and compliance, security, employee safety, and more,” VMware said. “In order to address these challenges and successfully embrace the future of work, organisations need to re-think how they approach security, experience and operational complexity associated with the IT environment.”
Adding to the company’s “new innovations to deliver intrinsic security to the world’s digital infrastructure” play, is the VMware Carbon Black Cloud Workload.
“The solution combines Carbon Black’s security expertise with VMware’s deep knowledge of the data centres to build security into workloads,” the company said.
“Tightly integrated with vSphere, VMware Carbon Black Cloud Workload provides agentless security that alleviates installation and management overhead and consolidates the collection of telemetry for multiple workload security use cases.”
VMware Workspace Security Remote and VMware Workspace Security VDI are already available; VMware Edge Network Intelligence is expected to be available by the end of October; BYOD capabilities for VMware Secure Access are expected to be available by the end of January 2021; VMware Cloud Web Security is expected to be available from around February, and NSX Firewall as a Service for the VMware SASE Platform is expected to be available some time next year.
VMware Carbon Black Cloud Workload is expected to be available in November 2020 and a month later, the Carbon Black Cloud module for hardening and securing Kubernetes workloads will be available. VMware expects the Carbon Black Cloud Workload will expand later this year to include a new Carbon Black Cloud module for hardening and securing Kubernetes workloads.
MORE FROM VMWORLD 2020 More

There’s been a surge in Distributed Denial of Service (DDoS) attacks throughout the course of this year, and the attacks are getting more powerful and more disruptive.
DDoS attacks are launched against websites or web services with the aim of disrupting them to the extent that they are taken offline. Attackers direct the traffic from a botnet army of hundreds of thousands of PCs, servers and other internet-connected devices they’ve gained control of via malware towards the target, with the aim of overwhelming it.

More on privacy

An attack can last for just seconds, or hours or days and prevent legitimate users from accessing the online service for that time.
SEE: Security Awareness and Training policy (TechRepublic Premium)    
And while DDoS attacks have been a nuisance for years, the prospect of corporate, e-commerce, healthcare, educational and other services being disrupted at a time when the ongoing global pandemic means more people are reliant on online services than ever could create huge problems.
But a new threat intelligence report by cybersecurity company Netscout suggests that’s exactly what’s happening, as cyber criminals have launched more DDoS attacks than ever before. The company said it observed 4.83 million DDoS attacks in the first half of 2020, up 15% compared with 2019.
“When looking at cyber threats historically, as the footprint of available attack surface increases, so do attacks against them. This is also true in the DDoS world,” Richard Hummel, threat intelligence lead at Netscout, told ZDNet.
And while there are sometimes political or financial motivations behind conducting DDoS attacks, in many cases those controlling the campaigns just launch them because they can.
“The motivation behind these attacks are varied from ‘because they can’ to ‘showboating’ or even just to cause havoc and disruption,” Hummel added.
The bad news is that DDoS attacks are also growing in size, with the potency of the strongest attacks up 2,851% since 2017 – providing attackers with the ability to knock out networks much faster than ever before.
The reason DDoS attacks are getting more powerful is because they’re getting more complex, using many different types of devices and targeting different parts of the victim’s network. Indeed, attackers are learning that the most basic DDoS attacks are becoming less effective, so are dropping them in favour of more powerful campaigns.
“Attacks leveraging only one vector decreased year over year by 43%. Combine that with attacks across the board being faster, with more packets per second and shorter duration. It means that the attacks happen in short bursts that overwhelm a target quickly, making mitigation more difficult,” Hummel explained.
SEE: Network security policy (TechRepublic Premium)
One element that helps the cyberattacks behind botnets for DDoS attacks is that much of the source code for these is available for free. The most notorious case of this is the Mirai botnet, which took out vast swathes of online services in late 2016. The source code for Mirai was published online and it has served as a popular backbone for building botnets since.
The growing number of connected devices also serves to increase the potential power of botnets; not only can attackers take control of insecure PCs and servers as part of attacks, but the rise in Internet of Things (IoT) devices – which are connected to the internet and often have the bare minimum or no security protocols – can be used to power attacks.
Some botnets like Gafgyt are powered by IoT devices alone ,as cyber criminals increasingly look to exploit their lack of protections.
“No matter the target, adversary, or tactic used, it remains imperative that defenders and security professionals remain vigilant in these challenging days to protect the critical infrastructure that connects and enables the modern world,” said Hummel.
MORE ON CYBERSECURITY More