Month: March 2019

E-mail messages are frequently sent over untrusted networks that are outside the organization’s security boundary. When these messages lack any appropriate security safeguards, they can be read, copied, and modified at any point. In India alone email marketing has been extensively utilized in the media, IT and telecom, retail/ e-commerce, travel and leisure, and the BFSI industries as the primary source of marketing for business expansion purposes and customer retention and satisfaction. As per the study, in 2016, the worldwide market for email marketing stood at US$4.51 billion. Expanding at a healthy CAGR of 19.60% between 2017 and 2025, this market is likely to touch US$22.16 billion by the end of 2025. E-mail security relies on principles of good planning and management that provide for the security of both the e-mail system and the IT infrastructure. If there is no proper security system the attackers can exploit the email to gain control over organization and access confidential information. According to a research, a file-hosting service registered within the last week is being used to spread information and stealing malware in another FormBook campaign, currently attacking retail and hospitality businesses both within and outside of the US. Recently, in a blog researchers wrote, “As with many information stealing and credential harvesting malware, FormBook’s infection chain starts with a phishing E-mail containing a malicious attachment, which is generally an office document or a PDF file.” The vulnerability was first discovered and patched by Microsoft in July 2017 now is being exploited again by ThreadKit (an exploit kit popular among low-skilled attackers) via the Formbook malware (a data stealer and form grabber). This serves as a timely reminder about how important it is to install update patches when they’re released. The origins of the vulnerability can be found all the way back in July 2017 when Microsoft published CVE-2017- 8570, a high-severity code execution vulnerability in Office. Although Microsoft released a patch the same month, the vulnerability was still exploited in the wild. The first reported exploit came one month later, with a subsequent instance from ThreadKit following in March 2018. And now a third exploit has been spotted, one and a half years after the vulnerability was first published. How does the exploit by formbook work? The exploit works by emailing a Word document to the user. The email address and the subject appear to be authentic – they contain details that look real and often mimic the addresses and the verbiage of genuine companies. This social engineering method helps establish trust with the user, leaving them with few reservations about opening the attached file. If the user is fooled by the email and then clicks the attachment, the RTF file opens and closes almost immediately. While this looks like Word has simply collapsed, what’s actually happening is that it’s downloading and extracting a ZIP file. Another fake Word document, containing the source code for a phishing HTML page and the malware payload, is stashed within this ZIP file. The user is unaware that this is happening. All they see is the original Word document appearing on their screen. For all intents and purposes, they believe that Word crashed and then rebooted. They have little idea that they’re now harbouring a malicious stowaway that’s ingesting their confidential data. How to protect yourself against the formbook malware? Thankfully, the effects of this exploit, and others like it, can be avoided by installing patches when they’re released. But for many operations teams, a patch from summer 2017 – for a non-critical vulnerability – doesn’t just jump to the front of the to-do list. In organizations where threat intelligence isn’t regularly incorporated in patch prioritization, this vulnerability will likely remain unpatched. Skybox first alerted customers to the exploitability of the vulnerability in August 2017, raising the remediation priority to ‘urgent,’ and further, how threat-centric vulnerability management approach prioritizes vulnerabilities by exploitability and exposure in the e-book.

Bosch Limited, a leading supplier of technology and services, posted total revenue from operations of INR 3,096 crores in Quarter 3 of FY 2018-19, registering 0.8 percent increase over the same period of the previous year on a comparable basis. The Profit before Tax (PBT) stood at INR 490 crores, registering a growth of 15.8 percent over the same period of previous year on account of improved operational efficiency, favorable product mix and higher investment income which was partially offset by negative exchange rate on material cost. The Net Profit after Tax (PAT) stood at INR 335 crores, an increase of 19.3 percent over the same period of previous year. For the period from April to December, 2018, Bosch Limited posted a total revenue from operations of INR 9,509 crores, an increase of 11.4 percent over the same period of previous year. PBT stood at INR 1,780 crores and PAT stood at INR 1,186 crores, an increase of 26.6 percent over same period previous year. “The result of this quarter has to be viewed in the context of particularly weak market conditions in the overall automotive sector. Bosch Limited has always been committed to deliver best-in-class automotive solutions. We are helping our customers to meet the challenge of manufacturing only vehicles compliant with BS VI emission standards from April 2020 as per the ruling of the Supreme Court. Bosch has recently also showcased its business beyond mobility offerings that are fast embracing digital platforms and IoT Services. Having said that, the focus on strategic topics and operational efficiencies will continue,” said Soumitra Bhattacharya, Managing Director, Bosch Limited. Snapshot of business divisions’ performance in Quarter 3 Bosch Limited’s Mobility Solutions turnover marginally decreased by 0.6 percent in Quarter 3 of FY 2018- 19. Mobility division exports have increased by 6.5 percent and it is offset by lower domestic mobility sales of 1.1 percent. Within the mobility solutions business, the Powertrain solutions division declined by 2.7 percent mainly due to weak automotive market and Automotive Aftermarket division grew by 5.8 percent. Bosch’s business beyond Mobility divisions registered a growth of 6.9 percent. The growth in this segment is mainly driven by security systems which grew by 16.9 percent and solar energy division which also showed a double digit growth, partly offset by reduction in thermal technology division. For the period from April to December, 2018, total turnover showed a growth of 11.9 percent. Sales of the mobility solutions sector increased by 10.5 percent on the buoyant automotive market during first half of 2018-19 whereas business beyond mobility solutions witnessed a strong double-digit growth of 20.5 percent. Pursuant to the approval of the Shareholders for buyback of equity shares of the Company, the letter of offer for buyback of up to 10,27,100 equity shares of the face value of Rs. 10 each of the Company on a proportionate basis by way of a tender offer through the Stock Exchange mechanism for cash at a price of Rs. 21,000 per equity share for an aggregate amount of up to Rs. 2,156 crores was sent to the eligible shareholders. The buyback period opened on February 06, 2019 and shall close on February 20, 2019.  

Ozone Enterprise Group, an Everstone Capital funded company forayed into the fast growing security and surveillance industry in India last year by acquiring Wallcam, a company engaged in the manufacturing and sale of security and surveillance equipment including CCTV solutions. The security, surveillance and IoT industry are very dynamic, and are going through a rapid technology transformation. Both the industries are inter-connected in many ways, CCTV solution is just another connected device in the overall IoT mesh. The differentiating factor for any player in the industry will be the solution or the software. Taking this thought process forward, we have been actively exploring options for either acquiring or investing in an IT development company, and we finally narrowed down on TrulySafe. Going by the credentials of TrulySafe, and the work they have done in the domain, we are excited about this investment, and we are all geared up to make the most of the market opportunity. We will soon be seen as one of the prominent players in the market – Alok Aggarwal Founder & Managing Director, Ozone Enterprise Group Continuing with its plans to provide high-tech security and surveillance and IoT solutions to its customers, the group made a strategic investment in ‘TrulySafe,’ a company engaged in providing security solutions including software and hardware to leading OEMs in Europe and USA. Owing to its expertise in the field of security and surveillance, R&D and IT team, TrulySafe has successfully pioneered many industry first solutions. Leveraging on this strategic investment in TrulySafe, Ozone intents to : Build a robust CCTV platform which will be 100% based in India and curb the security threat of our data going to other countries that we keep hearing about. Provide new, innovative, predictive, preventive and user friendly interface backed with state-of-the-art video analytics engine to our users making safety and security a walk of life. Integrate security and IoT (Internet of Things) on a single platform and offer one-stop-shop solution to the users including smart homes, smart offices, smart buildings, smart schools, smart cities etc. Sumanyu Vashistha, CEO & Founder, TrulySafe commented, “Electronic security industry is majorly driven by one or two technology providers globally and we saw this as a potential opportunity to build end-to-end platforms ourselves four years back. Based on the genesis of IoT we have developed a robust product ecosystem of software, video analytics, cloud services and hardware which not only provide advance security solutions and integration capability to our systems installers partners but gives air tight security to the user who today is compromising with an ordinary CCTV camera recording. We are extremely thrilled with the investment we have got from Ozone, it will help us grow our R&D and sales operations. We see this as a strategic partnership as Ozone brings expertise to setup global operations efficiently and achieve potential growth.” Ozone is a young dynamic organisation having a diversified presence in architectural hardware, safes and vaults, locks, fire & safety doors and urban furniture. The brand’s solution centric approach has enabled them to grow from a start-up to becoming India’s most popular architectural hardware solution provider, which has been able to prove its worth in international markets. The company has a global presence across 15 countries, 4 R&D centres in Israel, Korea, China & India and 4 state-of-theart factories in India & China. Ozone offers internationally certified products and solutions through its product portfolio of more than 3000 SKUs across various product categories. Ozone today ranks amongst the top 3 players in India in architectural hardware, and amongst the leading players in safes and vaults and fire and safety doors. Ozone has strong presence internationally with offices in India, Canada, Australia, Dubai and distributor’s network in Poland & Saudi Arabia.

Cyberbit Ltd., the market leading provider of cyber-range training and simulation platforms, and of integrated detection and response products across IT and OT Networks has appointed Rakesh Kharwal as the Managing Director, India/ South Asia and ASEAN. Mr. Kharwal, the former Country Manager for IBM Security Software, India/ South Asia, will take the helm of Cyberbit’s rapidly expanding operations in the region. Cyberbit has proven technology that perfectly addresses several leading cybersecurity issues like bridging the cyber skill gap through the industry leading simulated learning platforms, monitoring threats across both IT & OT networks, or helping organizations improve their detection and response with better security orchestration and automation. This product/ market fit and the stellar reputation of Cyberbit represent great potential for fast growth. – Rakesh Kharwal Managing Director, India/ South Asia and ASEAN at Cyberbit Rakesh has a track record spanning over 25 years in the IT industry with over 15 years in the cybersecurity space with stints at Microsoft, McAfee, and most recently at IBM Security Software where he was instrumental in helping governments and corporates improve their cyber security posture with better orchestration and automation of their security detection and response capabilities. Mr. Kharwal will take the reigns of already established sales, marketing and support teams serving customers across India and Southeast Asia. “We extend a warm welcome to Rakesh and are excited to have such an excellent leader to drive strategic engagements to improve the cyber security posture of all sectors in this important region,” said Adi Dar, CEO, Cyberbit, “India is a key focus market for Cyberbit and our commitment to the Indian market motivated the decision to establish APAC headquarters in Delhi-NCR.” India is deeply affected by the huge global cyber skill shortage and predicted to have a shortfall of 1M skilled cybersecurity professionals by 2025, according to a DSCI report. As the global leader in simulated cyber learning platforms, Cyberbit will contribute to the ‘Skill India’ campaign by aiding enterprises in training thousands of cybersecurity professionals.

Fortinet has recently announced extensive capabilities for securing the path to 5G with its expansive breadth and depth of solutions for mobile core networks and cloud infrastructures including its virtual SPU technology and advanced security and high-performance systems. With the promise for faster connection speeds, massive connectivity scale, and new revenue opportunities, 5G will have a profound impact on mobility and digital transformation. Fortinet is uniquely positioned to offer its customers advanced security and high-performance systems that deliver carrier class functionality, rapid scalability, deep visibility, and granular control to secure mobile core, edge clouds and IoT infrastructures. 5G brings both opportunity and risk The advent of 5G will extend a digital connection to almost every facet of lives. In many of the somewhat futuristic sounding new use cases such as autonomous vehicles, AR/ VR immersive experiences, smart cities, ultralow latency, bandwidth and speed, delivery has been the missing puzzle piece. For years now, the mobile interconnection of all these things seemed inevitable, yet the massive density of connections, all with adequate speed, latency and related services, had so far remained unachievable in all but limited proof-of-concept testing. “With 5G, mobile infrastructure’s end-to-end innovation will continue to transform into a platform and catalyst for value creation and service innovation. Throughout this transformation, Fortinet’s proven security architecture and solutions provide advanced security for multiple LTE, LTE-A, and 5G use cases to help secure mobile infrastructures from radio access network (RAN) to the telco cloud, and offers customers carrier-grade performance and capacity with cloud-grade scalability, visibility and control” – Rajesh Maurya Regional Vice President, India & SAARC, Fortinet With 5G and the impending orders-of-magnitude advances in bandwidth, connection and use case possibilities, there is opportunity for end-to-end innovation as the mobile infrastructure is transformed into a platform and a catalyst for value creation and service innovation. More than ever, mobile network providers will become secure business enablers. For example, service providers will have new revenue generating opportunities in IoT such as manufacturing automation, industrial telemetry, emergency response systems, robotic surgery, 4K UHD video streaming, and more. However, these innovations will also bring a corresponding increase in the potential havoc wrought by denial of service, advanced threats and other forms of cyberattack on the core network infrastructure itself. Security is an imperative to protect and operate evolving 4G and new 5G mobile networks. These new service use cases need capabilities beyond a stateful firewall, with capacity and reliability to meet service level agreement (SLA) goals for uptime and quality of experience. Fortinet 5G breadth and depth capabilities Fortinet offers strategic security solutions specifically designed to address the unique challenges facing operators as they migrate their core networks to deliver 4.5G and 5G mobile services. It offers the ability to build a security framework that helps optimize cost of launching and operating new services and revenue opportunities, mitigate advanced threats, and achieve service level goals. Service providers can realize this by utilizing Fortinet advanced security and high-performance systems that also give mobile carriers improved visibility through comprehensive and correlated analytics, the ability to thwart complex external and internal security threats impacting network infrastructure and services at massive scale. The Fortinet security platform offers 5G service providers: Advanced protection for mobile core network and telco cloud: Powered by Fortinet’s virtual SPU technology, FortiGate virtual network functions (VNFs) deliver significant increase in application security performance through innovative security processing optimizations and the latest packet processing acceleration technologies. The VNFs also have a small footprint, boot within seconds, and require less storage, enabling service providers to protect their virtual networks and cloud platform cost effectively. Further, the 5G-ready FortiGate 7000 next-generation firewall series with SPU acceleration provides carrier security features and functions with industry-leading SSL inspection and application security performance for total inline protection. Together, these Fortinet solutions deliver industry’s best scale and capacity to protect 5G infrastructures from sophisticated application layer attacks and massive volumes of DoS attacks originating from outside or inside the mobile core or telco network. Agility with security: Fortinet offers broad ecosystem integrations with leading NFV and SDN vendors for virtual infrastructure. To ensure end-to-end security with innovative 5G services such as network slicing and multi-access edge computing (MEC), VNFs must be delivered dynamically, instantiated quickly and available wherever needed on the network. For efficient and agile deployment and utilization of these security resources, Fortinet delivers integrations with NFV platform providers like Lenovo, NFV orchestration (MANO) systems from Amdocs, Ericsson, Ciena, UBiqube, NoviFlow, and SDN controllers like VMware NSX, Nokia Nuage, and Cisco ACI, and NoviFlow. Deep visibility and control for IoT services on edge clouds: Massive scale IoT devices are generally based on lightweight operating systems, which offer minimal security features, therefore they are vulnerable to hijacking and botnet attacks. To remove business risks, the data from these endpoints and the devices themselves require complete protection. Further, service providers offering IoT services via a cloud platform need to ensure multi-tenant isolation, VM and/ or container security and web application protection. Fortinet FortiGate NGFW VNF and FortiWeb WAF VNF protect the edge cloud platform. FortiSIEM provides complete visibility through correlated security analytics and complete visibility to track IoT devices while FortiGate has the ability to learn and profile all connected devices, and apply granular control on different classes of IoT.