Connect with us


Malware, the favorite threat for cybercriminals according to a new study by Zscaler

Avatar of Thomas Grimm



informe Zscaler 1000x600 jpg

The annual report submitted by zcaler states that in the period between October 2021 and September 2022, more than 24 billion threats. To reach this conclusion, more than 300 billion daily signals and 270 billion daily transactions were used on the platform. Zscaler Zero Trust Exchangethe largest security cloud that currently exists.

This study shows that the malware it remains the biggest threat to businesses and individuals in key sectors, especially in the case of education, healthcare and manufacturing. Similarly, encrypted attacks continue to be a latent problem in countries around the world, with Japan, India, the United Kingdom, Australia, the United States, and South Africa being the most affected, which has experienced an increase in attacks. TLS/SSL attacks compared to the same period last year.

A revealing fact appears, and it is that the volume of threats grows by 20% every yearwhich demonstrates the need to implement a cloud native zero trust architecture.

Deepen DesaiCISO and Vice President of Security Research and Operations at Zscaler, states that: “Potential threats continue to hide in encrypted traffic, driven by as-a-service models that have reduced the technical barriers to doing so.”

Increases the presence of ransomware

Ransomware attacks have increased 80% annually, being the main threat to the people in charge of cybersecurity. Malicious scripts and payloads used throughout the attack sequence account for the 90% of tactics blocked.

Attackers refine malware variants in the face of CISOs’ defensive enhancement, the most common being ChromeLoader, Gamaredon, AdLoad, SolarMarker, and Manuscrypt encrypted channels.

As we have previously pointed out, the manufacturing industry has increased by 239% the attacks received, replacing the technology sector. The fact that this sector has undergone security improvements in recent years, especially to manage COVID-19, has caused cybercriminals to target it to damage the supply chain.

Another very affected sector has been the educationwhich has increased its year-on-year rate up to 132%which has already seen attacks increase by 50% from 2020 to 2021.

However, attacks on government organizations and the Commerce retail they have seen their influence reduced by 40% and 63%, respectively. The latter especially appreciates it, after the peak experienced in 2021 due to the explosion of e-commerce as a result of the pandemic.

The recommended strategy

We start from the basis that more than 85% of attacks currently use encrypted channels through various stages of the ‘killer chain’which represents a 20% increase compared to 2021. The most common cipher is the SSL either TLSwhich is best executed using a cloud-native proxy architecture, as legacy firewalls are resource constrained.

Companies should implement a series of basic principles such as:

  • Use a proxy-based cloud-native architecture to detect threats in encrypted traffic on a larger scale. This will be possible at the end of each session, thus avoiding ransomware, malware and others.
  • Implement granular policies context-based and checking access requests and rights based on that context.
  • Sandbox AI powered to stop the patient zero malware.
  • inspect all trafficregardless of where the user is, to protect them at all times against encrypted threats.
  • Eliminate the attack surface connecting users directly to applications and resources, but never to networks.

In danger, as is logical, the very integrity of the organizations.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


EIZO ColorEdge CS2400S, new 24.1-inch professional monitor

Avatar of Thomas Grimm



EIZO ColorEdge CS2400S

The EIZO ColorEdge CS2400S is a monitor aimed at professionals that mounts a 24.1-inch panel and has, as you may have imagined, a resolution of 1,920 x 1,200 pixels. Its maximum brightness is 410 cd/m2, it has a contrast of 1,350:1, it reproduces 1,070 million colors and it is capable of covering the 99% of the Adobe RGB color space.

This EIZO model brings a series of clear improvements over the previous generation. Among the most important changes we can highlight the inclusion of a USB Type-C connector, that offers up to 70 watts of charge, and that we can use to charge a laptop while we use it with said monitor (simultaneous data and power).

Another important addition to the EIZO ColorEdge CS2400S is that it comes with an adjustment report that measures the state of the screen at the time of shipment, a feature that previously it was only available on CG series professional monitors.

Maintaining its commitment to the environment, EIZO has eliminated any type of plastic from the packaging and materials that accompany the wiring. This monitor is also more efficient, as it It has a consumption of only 26 watts.

The rest of its specifications are completed with a response time of 19ms, it has DisplayPort and HDMI outputs, it has a USB Type-C connector, as we have already said, it has two USB 3.0 and it has two other USB 2.0 ports. we can use it both horizontally and verticallysomething that the most creative professionals will undoubtedly like.

This monitor is mainly aimed at content creators, designers, video and photo editors, illustrators and cartoonists. It is height, swivel and tilt adjustable, which translates into good ergonomics and great versatility when it comes to integrating into different work spaces.

The EIZO ColorEdge CS2400S comes with a 5-year warranty covering each and every component, and is also subject to the zero bad pixel policy, which is covered for six months from the launch date. Taking into account the investment that we have to make to buy this monitor, it is totally normal, since its price in Spain will be around 800 euro.

Continue Reading


Microsoft Extends ESU Support for Windows Server 2008 and R2

Avatar of Thomas Grimm



Windows Server 2008

When an operating system ends its life cycle, Microsoft usually considers the possibility of offering extended support, which usually ends up being paid, or may be subject to some type of special condition. The latter is what has happened with Windows Server 2008 and 2008 R2, two operating systems that have ended their life cycle and are no longer supported in 2020.

The thing is that Windows Server 2008 and 2008 R2 still have a significant user baseand for this reason Microsoft has decided an additional year of support of the ESU type, acronym for “extended security updates”. This is good news for companies that still use the operating system, but it has one important condition, and that is that it will only be available to those who are Microsoft Azure customers.

This extended period of security updates will be active until January 9, 2024. If you are wondering if this will be a free program, I can tell you that it is not, and that Microsoft will bill it as it normally does with extended support programs.

In case you are wondering why so many professionals are still using Windows Server 2008 and 2008 R2 the answer is very simple, because in more than one case upgrading to a new operating system requires significant expenses that can derive from a hardware renewal, from a prolonged period of inactivity, from updating and developing new applications if necessary or from a little of everything that we have just said.

Microsoft has confirmed all the versions of Windows Server 2008 that will be able to benefit from this year of extended support, and we have listed them as is:

  • Windows Server 2008 R2 Service Pack 1 (SP1) and 2008 Service Pack 2 (SP2).
  • Windows Embedded POSReady 7.
  • Windows Embedded Standard 7.
  • All Azure virtual machines (VMs) running Windows Server 2008 and 2008 R2 operating systems on Azure, Azure Stack, Azure VMWare Solutions, or Azure Nutanix Solution.

It does not seem that they are going to give more extensions once this is finished, so if your company is using any of those operating systems you should be clear that time is running out, and that in a matter of a year you will be tied to an operating system without support that could become a time bomb in terms of security.

Continue Reading


Apple will abolish the position of Head of Product Design

Avatar of Thomas Grimm



Apple suprimira el puesto de Jefe de Diseno de Producto

The departure of Jonathan Ive from Apple was one of the most shocking news of 2019, not in vain are we talking about what was Head of Product Design in that company, responsible for some of its most successful products, and a professional who was part of the bitten apple company for more than 30 years.

It is true that at first there was no complete break between Ive and Applesince both continued to work together through an independent agency founded by the former executive, but in the end both parties decided to put an end to their adventure, and a final separation was confirmed last July.

The position that Ive left was filled by Evans Hankey, but we know that this executive also plans to leave the company in the coming months. What will happen then with the position of Head of Product Design? The normal thing would be to look for a new professional that lives up to that position, but according to a new report presented by Bloomberg it won’t be like that.

The apple company will abolish the position of Head of Product Design, and the product design team will report to and report directly to Apple’s COO, Jeff Williams. To avoid internal problems, Apple will give more important roles to the designers of key products for the apple company, but it seems that this has not been liked by everyone, and that some employees are upset with Apple’s decision.

The truth is that, if we analyze the situation that existed previously, it is not as important a change as it might seem at first glance. Evans Hankey acts as the liaison for the design team, but in the end it depended on Jeff Williams and had to answer to himso with this move Apple would be eliminating an intermediate position that in the end would not be “essential”, and would simplify the hierarchical structure of the product design team.

It is also important to note that this change reinforces the position of Jeff Williams, a high-profile executive at Apple who many see as Tim Cook’s possible successor. We’ll see how the situation evolves, and if Apple is really able to get on without a Head of Product Design.

Continue Reading