[Blog] NetUtils’ 3 Top Cyber Security Predictions for 2022

Featured

From tighter regulations for public sector to ransomware and the continued rise of the remote workforce, read all about it from our senior management team as they weigh in on their thoughts for 2022.

Looking at 2022, and it seems clear that there will be tighter regulatory oversight for the public sector. 

Steve Nicholls, Commercial Director

The NHS is already going through Data Security Privacy Toolkit (DSPT) processes and several recent tenders for large public sector organisations have made compliance to Cyber Essentials Plus a mandatory requirement for every supplier. If the NHS is a template, then more public sector organisations will be required to adhere to CE+ within a few years. And I would expect these requirements to spread to anybody that supplies into the public sector. The framework is not onerous, but it is audited which means that organisations need to do more than just a “check box” exercise so it’s wise to start looking at these optional processes now and before they become mandatory. 

Although Ransomware is certainly not new, the last year has seen its meteoric rise in the public consciousness and the coming year will unfortunately be more of the same.

Malcolm Orekoya, Chief Technology Officer

However, the move by AXA, one of Europe’s largest insurers, to stop offering new insurance policies that cover ransom payments to criminals for French policy holders may be the start of a wider trend across the region during 2022. The logic is that ransom payments encourage more ransomware attacks and drive up the cost of cyber security insurance policies. Although UK companies can still gain insurance policies that will pay ransoms – assuming you can prove no liability, it’s likely that AXA’s position might spread. The whole market for insuring against all forms of cyber-attack and outage is an interesting area and I suspect that 2022 will be a year where its starts to get a lot more attention from enterprises.

The ‘great return to the office’ has not materialised as expected by most, with more organisations opting to have more staff working remotely as a permanent option.

David Bundock, Chief Operations Officer

The first of the studies that have looked at issues such as productivity and mental wellbeing are starting to emerge and, in many instances, home working seems to be on parity with office working and, in some cases, proving a benefit. However, organisations must now look at the often-temporary measures rushed out to support home workers that are now becoming standard. Where masses of laptops were hurriedly deployed, and cloud based filesharing systems were utilised to help teams collaborate – these devices and platforms need to be audited for security and compliance to standards such as GDPR. This will inevitably trigger more use of cyber security as a service – especially as the current shortage of skilled IT and Infosec staff grows.

Knowing where to start with your organisations cyber security can be confusing. Have you considered a dedicated cyber security platform to help reduce the risk of a cyber incident?

Password danger is escalating with no ceiling in sight!

A combination of bad employee behaviour and dark web data spells trouble for businesses! From SMBs to giant multinationals, it doesn’t matter how high-flying a company is, unfortunately password problems will still plague them. 

The struggle to get users to make good, strong, unique passwords and keep them secret is real for all organisations and IT professionals. It can be hard to demonstrate to users just how dangerous their bad password can be to the entire company, even though an estimated 60% of data breaches involved the improper use of credentials in 2020. There’s no rhyme or reason to why employees create and handle passwords unsafely, no profile that IT teams can quickly look at to determine that someone might be an accidental credential compromise risk. Employees of every stripe are unfortunately drawn to making awful passwords and playing fast and loose with them – and that weakness doesn’t look like it’s going away anytime soon. 

Everyone is managing too many passwords 

The average adult has an estimated 100 passwords floating around that they’re using. That’s a bewildering tangle of passwords to manage. The global pandemic helped put even more passwords into circulation as people either working from home or on furlough created an abundance of new online accounts. According to the conclusions of a global study conducted by Morning Consult for IBM, people worldwide created an average of 15 new online accounts, per person, during the main thrust of the pandemic.

Many of those logins were compromised from the start thanks to abundant dark web data. An estimated 15 billion unique logins are circulating on the dark web right now. In 2020 alone, security professionals had to contend with a 429% increase in the number of corporate login details with plaintext passwords exposed on the dark web. That dramatic increase in risk per user comes back to haunt businesses. The average organisation is now likely to have about 17 sets of login details available on the dark web for malicious actors to enjoy. That number is only going to continue to grow thanks to events like this year’s giant influx of fresh passwords from the RockYou 2021 leak. 

Employees are dedicated to making bad passwords 

Research by the UK’s National Cyber Security Centre (NCSC) shows that employees will choose memorability over security when making a password every time. Their analysts found that 15% of people have used their pet’s name as their password at some point, 14% have used the name of a family member,13% have used a significant date, such as a birthday or anniversary and another 6% have used information about their favourite sports team as their password. That makes the criminals jobs easy even if they’re trying to directly crack a single password. After all, those users have probably told them everything that they’d need to know to do the job in their social media profiles. 

US companies aren’t any better off. In fact, their bad password problems are just a little bit worse. 59% of Americans use a person’s name or family birthday in their passwords, 33% include a pet’s name and 22% use their own name. We can’t chalk that blizzard of bad passwords up to ignorance of good password habits, because even employees who know better are slacking on password safety. Over 90% of participants in a password habits survey understood the risk of poor password hygiene, but 59% admitted to still engaging in unsafe password behaviours at work anyway.

Password sharing is rampant 

Worse yet, employees are also sharing their passwords with other people at an alarming rate, even if the people they’re sharing a password with don’t work at the same company. Over 30% of respondents in a Microsoft study admitted that their organisation had experienced a cyber security incident as a result of compromised user credentials that had been shared with people outside their companies. 

43% of survey respondents have shared their password with someone in their home22% of employees surveyed have shared their email password for a streaming site17% of employees surveyed have shared their email password for a social media platform17% of employees surveyed have shared their email password for an online shopping account

Based on analysis of the top 250 passwords found through the application of Dark Web ID’s dark web search function that uncovers exposed credentials, these categories of information were used to generate the weakest passwords in 2020 which were: Names, Sports, Food, Places, Animals and Famous People/Characters.

The most common passwords spotted by Dark Web ID by category

Names: maggie
Sports: baseball
Food: cookie
Places: Newyork
Animals: lemonfish
Famous People/Characters: Tigger

Top 20 most common passwords that Dark Web ID found on the dark web in 2020

123456
password
12345678
12341234
1asdasdasdasd
Qwerty123
Password1
123456789
Qwerty1
:12345678secret
Abc123
111111
stratfor
lemonfish
sunshine
123123123
1234567890
Password123
123123
1234567

Every organisation in every industry is in password trouble 

No industry is immune to the powerful lure of terrible password habits, especially that perpetual favourite password recycling and iteration. In a study of password proclivities, researchers determined that some sectors did have a little more trouble with passwords than others though. The telecommunications sector had the highest average number of leaked employee credentials at 552,601 per company. The media industry had the highest password reuse rates at 85%, followed by household products (82%), hotels, restaurants & leisure (80%), and healthcare (79%).

A trove of exposed data about Fortune 1000 companies on the dark web was uncovered by researchers earlier this year, including passwords for 25.9 million Fortune 1000 corporate user accounts. Digging deeper, they also unearthed an estimated 543 million employee credentials from Fortune 1000 companies circulating on commonly used underground hacking forums, a 29% increase from 2020. Altogether, they were able to determine that 25,927,476 passwords that belong to employees at Fortune 1000 companies are hanging out on the dark web. That’s an estimated 25,927 exposed passwords per Fortune 1000 company, marking a 12% increase in password leaks from 2020. 

Busted credentials are plentiful on the dark web 

If data is a currency on the dark web, then credentials are solid gold. Credentials were the top type of information stolen in data breaches worldwide in 2020, (personal information took second place just over financial data in third), and bad actors didn’t hesitate to grab batches of credentials from all over the world. Cyber criminals snatched them up in about 60% of North American breaches, 90% of APAC region breaches and 70% of EMEA breaches. Researchers disclosed that the average company experiences 5.3 credential compromises that originate from a common source like phishing every year, a number that should give every IT professional chills. 

An abundance of records on the dark web has spawned an abundance of passwords for cyber criminals to harvest, and that’s bad news. Giant password dumps on the dark web like the 100GB text file dubbed RockYou2021 have ratcheted up risk too. That giant dump of data is estimated to contain 8.4 billion passwords. Bad actors make use of that bounty quickly and effectively. 

In the aftermath an enormous 2020 hack, ShinyHunters breached the security of ten companies in the Asian region and brought more than 73 million user records to market on the dark web. A group like ShinyHunters will of course try to profit by selling that stolen data at first, but when the data has aged or there are no interested buyers, cyber criminals will just offload it in the vast data dumps of the dark web making it available for anyone to sift through.   

Protect your business from password danger quickly & affordably

With our support we can discover if any of your employee’s reused passwords have been exposed on the dark web so that you can change them right away. 

What next?

By utilising our certified dark web monitoring tool we’ll perform a non-invasive scan of your company’s domain and produce a pdf report that will highlight any compromised credentials.

Request your free live scan today (and get 3 months free on us).  https://netutils.com/dark-web-scan/

[Press] NetUtils strengthen public sector offering with leadership, Crown Commercial Supplier status and managed services investment.

Steve Nicholls joins UK’s most qualified cyber security provider to focus on helping public sector organisations strengthen security and gain better value for money.

Kent, United Kingdom – 6th, July 2021, NetUtils, a leading IT specialist has appointed Steve Nicholls as its new Commercial Director– a move that coincides with its acceptance onto the Crown Commercial Services Technology Services 3 framework and major SoC investment to deliver flexible cyber security services to public sector organisations across the UK.

Over the last 28 years, Nicholls has gained a proven track record working in high pressure, high growth environments at leadership positions within SolarWinds and telent including successful, large scale projects with the MOD, London Ambulance Service, Maritime and Coastguard Agency, Network Rail and DEFRA. 

Steve Nicholls

It is clear that the impact of the recent health crisis has led to a significant increase in our national debt and the public sector is likely to face a period of belt tightening in response.” says Nicholls. “Yet, the ongoing digital transformation across national government, local authorities, health and education shows no signs of slowing down. This makes robust and cost-effective IT and cyber security a major requirement and the perfect focus for a highly-regarded specialist such as NetUtils that is well-known for delivering cost effective services.”

NetUtils has also been accepted across multiple lots of the recently published Crown Commercial Services Technology 3 procurement framework. The seven lots span areas including technology strategy and service design, operational services, major services transformation programmes, integration, and management.

The appointment of Nicholls is part of a multi-million-pound investment by NetUtils to recruit additional staff with enhanced training and expanded data centre capacity to deliver an enhanced IT services portfolio. For public sector, this includes a highly integrated managed cyber security service to help organisations strengthen their security posture and meet growing compliance requirements such as the Cyber Essentials Plus framework that becomes mandatory for all NHS Trusts this year. 

NetUtils has also created special public sector pricing for its 16 cyber security managed services ranging from Endpoint Protection and Email Security all the way up to fully fledged SOC services.  “The public sector has different procurement, operational and contractual requirements than the private sector and our new portfolio reflects these nuances with an offering that is not just technically sound but also commercially compelling,” Nicholls adds.

With a heritage spanning over 27 years, NetUtils is one of the UK’s longest serving specialist integrators of network, security, and data solutions. Today, it serves over 400 public sector, enterprise and service provider clients including many listed within the FTSE 100. NetUtils has built a reputation for technical excellence and is the most certified Juniper Networks partner in Europe and maintains over 420 industry and vendor accreditation within its team including CISSPs and CISMPsFortinet’s NS7, and Juniper JNCIPs. NetUtils is one of only a handful of UK suppliers to maintain  ISO 9001ISO 27001 and Cyber Essential certification. 

Although a new addition on the Crown Commercial supplier framework, NetUtils has worked with over 200 public sector clients during the last 27 years. These include central government agencies, local, district and county councils, numerous NHS trusts and every ‘blue light’ emergency service. 

The extensive list includes the Royal Borough of Kensington & Chelsea, Fife Council, State Hospitals Board for Scotland, London Borough of Hammersmith & Fulham, Police & Crime Commissioner for South Yorkshire and Newcastle Upon Tyne Hospitals NHS Trust.

Ashok Thomas

“Public sector has always been a major area for us and Steve joining the team along with our acceptance within the Crown Commercial Services framework is a new focus that recognises that the public sector needs better value for money from IT – and especially within cyber security,” says Ashok Thomas, CEO for NetUtils. “We are a highly focused and agile supplier that has built our business organically by delivering tangible results for our customers and our ongoing investment will help us to address the needs of a larger public sector client community.”

About NetUtils

NetUtils are a leading UK specialist integrator of network, security and data solutions for enterprise, telco, MSPs and ISPs. With more than 27-years history and over 400 enterprise and service provider clients including household names across finance, education, public sector, manufacturing, and healthcare, NetUtils brings its customers the depth and breadth of people, technologies and services to improve business performance in this ever-changing digital world.

Featured in:

Networks Europe Magazine https://networkseuropemagazine.com/2021/10/08/netutils-appoints-new-commercial-director/

Europe Magazine Magazine https://networkseuropemagazine.com/July-August-2021-Issue/?utm_campaign=NEM%20-%20July-August%202021%20Issue&utm_medium=email&utm_source=mailjet#page=85

NetUtils Media Enquiries:

Kara Jenkinson
Head of Marketing
t: 020 8783 3800 e: kjenkinson@netutils.com

w: www.netutils.com

NetUtils Named a Supplier on Crown Commercial Service’s Framework

Kent, United Kingdom – June 2021, NetUtils have been named as a supplier on Crown Commercial Service’s (CCS) Technology Services 3 (RM6100).

Crown Commercial Service supports the public sector to achieve maximum commercial value when procuring common goods and services. In 2019/20, CCS helped the public sector to achieve commercial benefits worth over £1bn – supporting world-class public services that offer best value for taxpayers.

NetUtils, a leading cyber security and managed services provider have recently announced they are to feature as a supplier on the Crown Commercial Services Technology Services 3 (RM6100) framework. NetUtils are now able to provide their wide and diverse portfolio of cyber security and networking products and services via the platform.

Technology Services 3 (RM6100) is the next iteration of Technology Services 2 framework, which continues to cover traditional Information and Communication Technology (ICT) services, from strategy through to transition and operational deployment. 

The agreement includes new services which have been requested throughout the customer and supplier engagement. This means whether a customer simply needs to buy support for end user devices or a complete long-term transformation of their technology services, Technology Services 3 is the ideal route to market, with services ranging from more ‘off-the-shelf’ services designed to meet a simple set of needs or more bespoke solutions to meet a complex set of customer requirements.

Lot 1 – Technology Strategy & Service Design

What it’s for?

  • If a customer needs to make a change to their technology estate, but doesn’t know what direction to go in and needs expert help, this is the Lot they’d use

 Why would the Customer use it?

  • When a customer requires market expertise to help set their technology strategy and then create the supporting service design
  • To create an output that would then provide an implementation roadmap via the other lots within TS3

Lot 3b – Operational Management

What it’s for?

  • To provide customers with the operational management of the complex technology estate that supports their organisation from infrastructure to security

 Why would the Customer use it?

  • To access the right tools and processes required to manage a complex technology estate effectively
  • To implement effective and robust cyber security across all their technology from physical devices to networks to access management

Lot 3c – Technical Management

What it’s for?

  • To provide access to the expert support required for the hardware and software that underpins customers technology estates

Why would the Customer use it?

  • When they have a complex network supporting wired, wireless, and mobile connectivity that needs ongoing management and support
  • To ensure they are able to effectively track and maintain all their technology assets from acquisition through to disposal

About NetUtils

NetUtils are a leading UK specialist integrator of network, security and data solutions for enterprise, telco, MSPs and ISPs. With more than 27-years history and over 400 enterprise and service provider clients including household names across finance, education, public sector, manufacturing and healthcare, NetUtils brings its customers the depth and breadth of people, technologies and services to improve business performance in this ever-changing digital world.

NetUtils Media Enquiries

Kara Jenkinson
Head of Marketing

t: 020 8783 3800 e: kjenkinson@netutils.com

NetUtils Talks Security

NUTS Episode 1 (15 minutes)

Tune in to hear from Malcolm Orekoya, our CTO and host of the series and guest JP Kehoe from SKOUT Cyber Security as they introduce NetUtils Talks Security (NUTS) in our very first episode. Created with small to medium sized organisations in mind we’re here to help you make sense of the ever-changing cyber security landscape with real life information and actionable advice on how you can get protected. 

Discover more about:

  • The growing skills gap, the pace of change when it comes to cloud adoption and not to mention COVID
  • The increase in tempo and the complexity of cyber attacks with cyber security becoming more of a priority 
  • The need for partnerships and collaboration within organisations to harness unique skill sets

We’re NUTS About Security

Don’t forget you can register to attend here https://netutils.com/netutils-talks-security/

Robert Harris Joins NetUtils As Director of Global Service Providers

Cyber security and managed service provider announces its plans for their growing service provider team.

Robert Harris, NetUtils, Director of Global Service Providers

Kent, United Kingdom, Monday, 15th March 2021, NetUtils welcomes Robert Harris to the family to provide superior support to their existing customers and with a vision to broaden its global footprint within Tier 1 managed service providers.

“I am delighted to announce the signing of Robert Harris as Director of Global Service Providers to the team.” said Ashok Thomas, CEO for NetUtils. “Robert brings an outstanding wealth of global and partnership experience and the skills required to serve our broad range of Global Tier1 managed service providers.” 

“Joining NetUtils is an exciting prospect and challenge. I look forward to not only exploring and deepening their existing Tier1 managed service customers but also to support in progressing the growing number of prospects and opportunities we have seen develop over the coming months.” said Robert Harris, Director of Global Service Providers for NetUtils.

About NetUtils

NetUtils are a leading UK specialist integrator of network, security and data solutions for enterprise, telco, MSPs and ISPs. With more than 27-years history and over 400 enterprise and service provider clients including household names across finance, education, public sector, manufacturing, and healthcare, NetUtils brings its customers the depth and breadth of people, technologies and services to improve business performance in this ever-changing digital world.

NetUtils Media Enquiries:

Kara Jenkinson
Head of Marketing
t: 020 8783 3800 e: kjenkinson@netutils.com

w: www.netutils.com

NetUtils launches ‘Platinum’ managed cyber security services to help large enterprises rationalise the new normal

Cyber security pioneer launches UK’s most comprehensive managed service offering 16 core features with 24/7 SoC to help larger enterprises strengthen their end-to-end cyber security posture

Kent, United Kingdom – February 2021, NetUtils, a leading IT specialist has launched the UK’s most advanced and highly integrated managed cyber security service aimed at helping larger enterprises to improve cyber security defences while reducing operational cost and complexity. 

The new “Platinum Tier” includes a fully staffed, 24/7 Security Operations Centre (SOC) and is backed by NetUtils continued certification around the ISO 9001 and ISO 27001  standards and as a registered  Crown Commercial Service supplier.

The new top tier service offers every element a large enterprise should deploy based on best practice methodology and includes Advanced Endpoint Protection, Vulnerability & Patch Management,

Managed Firewalls, Email Security Gateway, Privileged Access Management and Cloud Access Security Broker capabilities. The built-in SOC services provides full-time security monitoring across devices and applications including Office 365 along with structured Security Awareness Training sessions and ongoing helpdesk service. The Platinum tier is available at under £45 per user per month with significant discounts for larger organisations.

“Larger enterprises are faced with the dual challenges of managing more remote staff while still trying to deliver the core IT projects that are critical to the business. Our Platinum Tier Managed Cyber Security services are based on feedback from several enterprise customers around what they need – and is effectively a formalisation of a number of disparate services that we have been delivering successfully for many years.,” says Ashok Thomas, CEO for NetUtils. “When you look at the overall cost and especially when you factor in our 24/7 SOC capability, our Platinum service will typically save enterprises with a 1000 staff or more, hundreds of thousands of pounds each year in operational cyber security costs – with the assurance of transparent SLA’s and round the clock expertise.”

The new Platinum tier managed security services also aim to address several challenges that have accelerated due to the ongoing pandemic including critical digitisation projects, reduction in IT budgets and ongoing cyber security skills shortage. According to recent research by PWC, a consultancy, that questions over 3000 senior executives at larger organisations; 96% of executives have shifted their cybersecurity strategy due to COVID-19 while 55% of respondents lack confidence when their cyber spending is allocated towards the most significant risks.

NetUtils has built a reputation for technical excellence and is the most certified Juniper Networks partner in Europe and maintains over 420 industry and vendor accreditations within its team including CISSPs and CISMPsFortinet’s NS7, and Juniper JNCIPs. As part of the managed cyber security services launch, NetUtils has invested over £1.2 million adding more staff, enhanced training, and additional data centre capacity to meet growing demand. 

As David Bundock, COO for NetUtils explains, “Our top tier managed security service helps to address the operational challenges and skills retention issues that larger organisations are facing at a time when external factors such as COVID and Brexit are impacting core business processes. Our technical expertise and ISO compliant processes can help large enterprises improve cyber security though a trusted partnership that allows them to focus on their core business without compromising on active cyber security controls and monitoring.”

More information on the new managed cyber security services including the new Platinum tier is available via https://netutils.com/managed-service-bundles/

https://netutils.com/managed-service-bundles/

About NetUtils

NetUtils are a leading UK specialist integrator of network, security and data solutions for enterprise, telco, MSPs and ISPs. With more than 27-years history and over 400 enterprise and service provider clients including household names across finance, education, public sector, manufacturing, and healthcare, NetUtils brings its customers the depth and breadth of people, technologies and services to improve business performance in this ever-changing digital world.

NetUtils Media Enquiries:

Kara Jenkinson
Head of Marketing
t: 020 8783 3800 e: kjenkinson@netutils.com

w: www.netutils.com

3 Facts About Cyber Security to Factor into Your Strategy Now

Last week I read this blog titled 3 Big Facts About Cybersecurity In 2020 To Remember For 2021 which talks about phishing, ransomware and The Dark Web. Whilst I agree with these 3 threats, it’s important to remember that a layered security approach for any organisation is key to the sustainability of growth and development. Yes, last year saw a rise of the distributed workforce, the fast adoption to the cloud and a massive increase in COVID related scams, which are still being executed by cyber criminals, thus making your company and all your employees more susceptible and an easy target especially when security most certainly was not and is not top of mind. 

For many the need for business continuity and getting up and running as soon as possible those few days before lockdown announcement number 1 massively outweighed concerns over networking and security. And why wouldn’t it! However now we face being in lockdown number 3, with no real idea of when we will be normal again or what normal might look like and still you’ve not addressed those ‘pesky’ security concerns.

So, following on from the blog mentioned above here are 3 key takeaways so you can start to take your cyber security back into your own hands. Remember cyber security is companywide and not just and IT issue.

1. Phishing Rules the Roost

Most of today’s nastiest threats have a common denominator: phishing. More than 80% of all cyber attacks are phishing based. That means that an essential part of keeping your business safe from cyber crime is keeping your business safe from phishing. Phishing attacks skyrocketed by over 600% in 2020, and that’s not going to go away. 

How to mitigate the risk?

People are a critical layer within your cyber security posture and with greater reliance on email communication, the dangers of phishing are even more apparent for businesses, especially in the form of ransomware. 

By committing your company to Security Awareness Training in this ever changing world will help protect against the growing and varying threats organisations face today. Don’t let those criminals leap to the golden opportunity that increased email usage creates for them to launch phishing attacks – and they’re branching out with more attempts through voice, text, messaging, and SMS.

2. Ransomware is Here to Stay

Ransomware was the most devastating and disruptive single threat type in 2020, and that looks set to keep going through 2021. More than 50% of businesses were impacted by ransomware in 2020. It’s become a favoured tool of hackers from sophisticated nation-state groups to cyber criminal gangs on The Dark Web. Experts estimate that a ransomware attack will take place every 11 seconds in 2021.

Cyber criminals aren’t just using ransomware to steal data anymore. In 2020 there’s been a trend towards ransomware being used to disrupt operations at businesses, manufacturers, essential services, infrastructure targets, and hospitals plus many organisations in other sectors worldwide. Just before the COVID-19 vaccine news started rolling in, cyber criminals were deploying ransomware against hospitals, pharmaceutical developers, laboratories, even cold storage trucking companies. They weren’t trying to steal data, they were trying to disrupt operations at critically needed organisations in order to score a big, quick payday, and they were successful in many cases.

How to mitigate the risk?

  • Don’t click links in emails
  • Scan emails for malware
  • Firewall and endpoint protection
  • Keep data backups, regular
  • Protect your information

3. Dark Web Danger is Real and Growing

The Dark Web is a complicated place, and just like everything else in the world, the chaotic nature of events in 2020 impacted the way it operates too. It hasn’t stopped growing – Dark Web activity has increased by more than 300% in the last 3 years. While it hasn’t been as much of a newsmaker as flashier things like nation-state hacking, make no mistake – it’s still an enormous threat to all businesses, and that threat is only growing larger with time.

The proliferation of information gathered in data breaches, especially in last year’s record-breaking year, provides ample fuel for cyber crime like credential stuffing and spear phishing. An article published on the 3rd February 2021 states more than 3 billion unique pairs of cleartext emails and passwords were leaked online from previous data leaks.

The growth of the cybercrime-as-a-service sector of the Dark Web economy also puts companies squarely in the crosshairs of bad actors. Plus, in a challenging economy, even cyber criminals are feeling the pinch and looking for new ways to rake in cash.

How to mitigate the risk?

Dark Web monitoring solutions are a security essential because it provides your company with something incredibly precious: time. By having your business credentials monitored 24/7/365 with our expert human and machine-powered analysis, you’re making it possible for you to find out if you’ve been a victim of credential compromise fast. Which gives your IT team time to address vulnerabilities before the bad guys even find them.  

No Company Can Afford A Cyber Security Nightmare.

Let NetUtils help you add strong cyber security protection at a price that won’t keep you up at night. To get you started we’d like to offer you a complimentary Dark Web scan and we’ll show you how our solutions can help you secure yours and your clients’ systems and data against today’s (and tomorrow’s) biggest threats fast.

Sources:

SonicWall NetExtender VPN Client and SMA 100 Zero-Day

Cyber Security Threat Advisory
25th January 2021

*Update 1/25: From SonicWall, “While we previously communicated NetExtender 10.X as potentially having a zero-day, that has now been ruled out. It may be used with all SonicWall products. No action is required from customers or partners. Current SMA 100 Series customers may continue to use NetExtender for remote access with the SMA 100 series. We have determined that this use case is not susceptible to exploitation.”

Threat Update

SonicWall has released a statement regarding their investigation into a “coordinated” attack against their internal network that they believe made use of zero-day vulnerabilities in their remote access point products.

Technical Detail & Additional Information

What Is The Threat?

The statement released by SonicWall does not offer a detailed account of the breach or the vulnerability, however they do state that they believe the attackers utilized zero-day vulnerabilities for their NetExtender VPN Client and Secure Mobile Access platforms. These platforms are used by enterprise environments to secure access to their internal networks, so any unreported and unpremeditated vulnerabilities represent a significant security risk for any enterprise that utilizes their products. They also do not reveal any information about the nature of the breach and how their network was affected.

In their coverage of the incident, ZDnet reports that, “Multiple sources in the threat intel community told ZDNet after the publication of this article that SonicWall might have fallen victim to a ransomware attack”. This has not been substantiated by SonicWall at this time.

What Is The Exposure Or Risk?

Affected Devices:

  • NetExtender VPN client version 10.x (released in 2020) utilized to connect to SMA 100 series appliances and SonicWall firewalls.
  • Secure Mobile Access (SMA) version 10.x running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances, and the SMA 500v virtual appliance.

According to SonicWall, the SMA 1000 series is NOT susceptible to this vulnerability.

What Are The Recomendations?

At the time of writing this advisory, SonicWall has not released any patch fix for the suspected zero-day vulnerability, however, they do recommend enabling MFA across all their devices. They have also provided the following remediations for each affected platform version:
SMA 100 Series: This product remains under investigation for a vulnerability, however we can issue the following guidance on deployment use cases: 

  • Current SMA 100 Series customers may continue to use NetExtender for remote access with the SMA 100 series. We have determined that this use case is not susceptible to exploitation.
  • We advise SMA 100 series administrators to create specific access rules or disable Virtual Office and HTTPS administrative access from the Internet while we continue to investigate the vulnerability.

References:

For more in-depth information about the recommendations, please visit the following links:

Advisory Source: https://getskout.com/cybersecurity-threat-advisory-0003-21-sonicwall-netextender-vpn-client-and-sma-100-zero-day/

NetUtils Named A Supplier on Crown Commercial Service’s Framework

Kent, United Kingdom – November 2020, NetUtils have been named as a supplier on Crown Commercial Service’s (CCS) Technology Products Catalogue framework.

NetUtils, a leading cyber security and managed services provider have recently announced they are to feature as a supplier on the Crown Commercial Services Technology Online Purchasing Content Framework. NetUtils are now able to provide their wide and diverse portfolio of cyber security and networking products and services via the platform.

The Technology Online Purchasing platform gives buyers a flexible, cost effective and efficient route to buy a range of technology products through an online catalogue. It is available to the UK public sector and their associated bodies and agencies.

Ashok Thomas, Chief Executive Officer, NetUtils said: “With continuously shrinking budgets and the growing IT skills gap the need to be on frameworks supports our vision in helping public sector procurement and gives them a trusted commercially aware partner to work with now and in the future.”

About Crown Commercial Service

Crown Commercial Service supports the public sector to achieve maximum commercial value when procuring common goods and services. In 2019/20, CCS helped the public sector to achieve commercial benefits worth over £1bn – supporting world-class public services that offer best value for taxpayers.

About NetUtils

NetUtils are a leading UK specialist integrator of network, security and data solutions for enterprise, telco, MSPs and ISPs. With more than 27-years history and over 400 enterprise and service provider clients including household names across finance, education, public sector, manufacturing and healthcare, NetUtils brings its customers the depth and breadth of people, technologies and services to improve business performance in this ever-changing digital world.

NetUtils Media Enquiries

Kara Jenkinson
Head of Marketing

t: 020 8783 3800 e: kjenkinson@netutils.com

w: www.netutils.com