Tag Archive for: Providers

Ooredoo Q P S C : Enhances Managed Security Portfolio with Additional New Services in Collaboration with Leading Providers

/in



Updated Portfolio Positions Ooredoo as Regional Leader in Managed Security Services

Doha, Qatar

Ooredoo has announced it has recently enhanced its Managed Security Services (MSS) portfolio for its enterprise customers, combining threat detection, incident response, localisation of secured data and compliance management to protect business customers from emerging cyber threats.

Ooredoo’s updated MSS portfolio adopts a three-pronged approach across people, process and technology to stay ahead of ever-evolving cyber threats. The updated MSS product range comprises a localised 24×7 Security Operation Centre, DDoS Mitigation Services, Cloud Internet Security, WAF as a Service, Data Loss Prevention, Endpoint Detection and Response, Managed Firewall and Vulnerability Management, among others.
Ooredoo’s suite of security products and consulting services under the MSS umbrella – powered by a combination of security experts, next-generation technology and world-class partners – is entirely flexible, ensuring business customers can prepare and adapt their security to the threat landscape.
The ICT leader’s business customers can gain access to this fully managed, end-to-end suite of security services driven by Big Data Analytics, Artificial Intelligence and Machine Learning, enabling them to protect their public, hybrid and private clouds by monitoring, proactively hunting, containing and responding to threats 24/7.
Sheikh Nasser Bin Hamad Bin Nasser Al Thani, Chief Commercial Officer at Ooredoo, said: “Security is a core component of IT-led transformation, which will play a key role in the delivery of the ambitious Qatar National Vision 2030 and the successful hosting of FIFA World Cup Qatar 2022™. It is extremely critical to have a multi-layered security framework for the success of the major IT-led Initiatives, referred to ‘Defence in Depth’, which rely on security controls throughout ICT including operational technology and critical infrastructure.”
“Given the local requirements for compliance in Qatar alongside the global challenge for managing security, Ooredoo offers end-to-end managed security services…

Source…

Strengthening Cybersecurity of SATCOM Network Providers and Customers

/in


Actions to Take Today:
• Use secure methods for authentication.
• Enforce principle of least privilege.
• Review trust relationships.
• Implement encryption.
• Ensure robust patching and system configuration audits.
• Monitor logs for suspicious activity.
• Ensure incident response, resilience, and continuity of operations plans are in place.

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are aware of possible threats to U.S. and international satellite communication (SATCOM) networks. Successful intrusions into SATCOM networks could create risk in SATCOM network providers’ customer environments.

Given the current geopolitical situation, CISA’s Shields Up initiative requests that all organizations significantly lower their threshold for reporting and sharing indications of malicious cyber activity. To that end, CISA and FBI will update this joint Cybersecurity Advisory (CSA) as new information becomes available so that SATCOM providers and their customers can take additional mitigation steps pertinent to their environments.

CISA and FBI strongly encourages critical infrastructure organizations and other organizations that are either SATCOM network providers or customers to review and implement the mitigations outlined in this CSA to strengthen SATCOM network cybersecurity.

Click here for a PDF version of this report.

CISA and FBI strongly encourages critical infrastructure organizations and other organizations that are either SATCOM network providers or customers to review and implement the following mitigations:

Mitigations for SATCOM Network Providers

  • Put in place additional monitoring at ingress and egress points to SATCOM equipment to look for anomalous traffic, such as:
    • The presence of insecure remote access tools—such as Teletype Network Protocol (Telnet), File Transfer Protocol (FTP), Secure Shell Protocol (SSH), Secure Copy Protocol (SCP), and Virtual Network Computing (VNC)—facilitating communications to and from SATCOM terminals.
    • Network traffic from SATCOM networks to other unexpected network segments.
    • Unauthorized use of local or backup accounts within SATCOM networks.
    • Unexpected SATCOM terminal to SATCOM terminal traffic.
    • Network traffic from the internet to closed group SATCOM networks.
    • Brute force login attempts over SATCOM network segments.
  • See the Office of the Director of National Intelligence (ODNI) Annual Threat Assessment of the U.S. Intelligence Community, February 2022 for specific state-sponsored cyber threat activity relating to SATCOM networks.

Mitigations for SATCOM Network Providers and Customers

  • Use secure methods for authentication, including multifactor authentication where possible, for all accounts used to access, manage, and/or administer SATCOM networks. 
    • Use and enforce strong, complex passwords: Review password policies to ensure they align with the latest NIST guidelines
    • Do not use default credentials or weak passwords.
    • Audit accounts and credentials: remove terminated or unnecessary accounts; change expired credentials.
  • Enforce principle of least privilege through authorization policies. Minimize unnecessary privileges for identities. Consider privileges assigned to individual personnel accounts, as well as those assigned to non-personnel accounts (e.g., those assigned to software or systems). Account privileges should be clearly defined, narrowly scoped, and regularly audited against usage patterns.
  • Review trust relationships. Review existing trust relationships with IT service providers. Threat actors are known to exploit trust relationships between providers and their customers to gain access to customer networks and data.  
    • Remove unnecessary trust relationships. 
    • Review contractual relationships with all service providers. Ensure contracts include appropriate provisions addressing security, such as those listed below, and that these provisions are appropriately leveraged: 
      • Security controls the customer deems appropriate. 
      • Provider should have in place appropriate monitoring and logging of provider-managed customer systems.
      • Customer should have in place appropriate monitoring of the service provider’s presence, activities, and connections to the customer network.
      • Notification of confirmed or suspected security events and incidents occurring on the provider’s infrastructure and administrative networks.
  • Implement independent encryption across all communications links leased from, or provided by, your SATCOM provider. See National Security Agency (NSA) Cybersecurity Advisory: Protecting VSAT Communications for guidance.
  • Strengthen the security of operating systems, software, and firmware.
    • Ensure robust vulnerability management and patching practices are in place and, after testing, immediately patch known exploited vulnerabilities included in CISA’s living catalog of known exploited vulnerabilities. These vulnerabilities carry significant risk to federal agencies as well as public and private sectors entities. 
    • Implement rigorous configuration management programs. Ensure the programs can track and mitigate emerging threats. Regularly audit system configurations for misconfigurations and security weaknesses.
  • Monitor network logs for suspicious activity and unauthorized or unusual login attempts.
    • Integrate SATCOM traffic into existing network security monitoring tools.
    • Review logs of systems behind SATCOM terminals for suspicious activity.
    • Ingest system and network generated logs into your enterprise security information and event management (SIEM) tool. 
    • Implement endpoint detection and response (EDR) tools where possible on devices behind SATCOM terminals, and ingest into the SIEM.
    • Expand and enhance monitoring of network segments and assets that use SATCOM.
    • Expand monitoring to include ingress and egress traffic transiting SATCOM links and monitor for suspicious or anomalous network activity. 
    • Baseline SATCOM network traffic to determine what is normal and investigate deviations, such as large spikes in traffic.
  • Create, maintain, and exercise a cyber incident response plan, resilience plan, and continuity of operations plan so that critical functions and operations can be kept running if technology systems—including SATCOM networks—are disrupted or need to be taken offline.

Source…

How digital loan providers breach data privacy, violate rights of Nigerians

/in


In July, Piye Garuba needed N10,000 for an important task. So when he saw 9Credit, an online platform, offering short-term loans, he grabbed the offer.

The 31-year-old Abuja-based lawyer was elated when the approval of his loan request arrived shortly after filling, on the app, the Know Your Customer (KYC) form with necessary details such as his Bank Verification Number (BVN).

Little did Mr Piye know that it was the beginning of a relationship that would turn sour.

After repaying the initial N10,000 with an additional 20 per cent, being the interest for seven days, Mr Garba turned to 9credit for another loan. He repeated the cycle until the eleventh time when he defaulted.

“When I defaulted, that was sometimes at the end of August, I began to receive multiple text messages from different sources saying they are Recovery Agents from 9Credit. The agents kept sending threatening messages to all my contact lists including my wife, colleagues, mother-in-law and uncles,” said Mr Garba.

“The harassment went further with several threats and curses. Also, using all manners of offensive adjectives like “Chronic and Unremorseful Debtor” some of the text messages stated that I had been declared ‘wanted.”

Mr Garuba said despite the insults and embarrassment to him and members of his family, he was not bitter because he understood that he had breached an agreement by not paying up when due.

A Defamatory text message sent to Mr Garuba's wife from 9Credit
A Defamatory text message sent to Mr Garuba’s wife from 9Credit

“It was my fault because I defaulted and it was for a reason because I was going through a tough time. And not that I wasn’t going to pay, or that I had ulterior motives to run away with their money.”

The legal practitioner eventually sometime early in September made attempts to repay the loan on the app but was unsuccessful. He then decided to make a direct bank transfer to the money-lending platform’s bank account.

Screenshot of another threatening message sent to Mr. Garuba
Screenshot of another threatening message sent to Mr. Garuba

“I began to experience trouble with the app so I wasn’t able to pay up at the initial time. After trying several times without success, and whereas there was this particular agent who had been calling me for…

Source…

Computer-Security Incident Rule Creates New Notification Requirements for Banking Organizations and Bank Service Providers | Steptoe & Johnson PLLC

/in


On November 18, 2021, the Federal Deposit Insurance Corporation (FDIC), the Board of Governors of the Federal Reserve System (FRB), and the Office of the Comptroller of the Currency (OCC) issued a joint final rule (the “Computer-Security Incident Rule” or the “Final Rule”) establishing computer-security notification requirements for banking organizations and their bank service providers. The Final Rule, which has an effective date of April 22, 2022, and mandatory compliance date of May 1, 2022, contains two major components.

 

First, a “banking organization” must notify its primary federal regulator of any “computer-security incident” that rises to the level of a “notification incident” no later than 36 hours after the banking organization determines the notification incident has occurred. Second, a “bank service provider” must notify each affected banking organization customer as soon as possible of a “computer-security incident” that has caused, or is reasonably likely to cause, a material service disruption or degradation for four or more hours. The purpose of the Computer-Security Incident Rule’s notification requirements is to provide earlier awareness of emerging threats to banking organizations and the broader financial system.

 

The Final Rule defines a “computer-security incident” as an occurrence that, “(i) results in actual or potential harm to the confidentiality, integrity, or availability of an information system or the information that the system processes, stores, or transmits; or (ii) constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.”

 

A “computer-security incident” that would rise to the level of a “notification incident” triggering the Final Rule’s notification requirements includes, but is not limited to:

  • A ransomware or malware attack that encrypts a core banking system or backup data;
  • A large scale distributed denial of service attack that disrupts customer account access for an extended period of time;
  • A failed system upgrade or change that results in widespread user outages for customers and banking organization…

Source…