Connect with us

TECHNOLOGY

Back-to-the-office plan: A cybersecurity checklist from Kaspersky

April 11, 2023, 2:14 p.m.

March 2020 may be remembered as the day the world went on lockdown because of the pandemic.

In Southeast Asia, the rushed transition to work from home and then partially back to the office a year later turned to what people now embrace as the new norm. The hybrid work setup isn’t entirely new, but employees now want to stick to it. At the same time, companies have come to accept it after it proved to have worked fairly well for two years. 

Unfortunately, cybercriminals thought it worked to their advantage, too. With tons of valuable data employees bring with them on their devices, it could have felt like the best time for these cyber thugs who found themselves effortlessly stealing from their easy prey.

In 2020, there was an increase globally in the number of people using remote access tools such as remote desktop protocol or RDP, one of the most popular application-level protocols for accessing Windows workstations or servers. It also allows access to other device resources and RDP clients are available for all the most used modern OS such as iOS, OS X, Linux, Unix, and even Android. 

Originally designed as a remote administration tool, cybercriminals use RDP to penetrate the target computer by exploiting incorrectly configured settings or vulnerabilities such as weak passwords. Hacking an RDP connection is lucrative for cybercriminals.

In the same year, there were about 147,565,037 remote desktop protocol (RDP) attack attempts against users of Kaspersky in Southeast Asia. When the workforce slowly started going hybrid in 2021, the RDP attack attempts went up a bit to 149,003,835. It was in 2022 when the pandemic restrictions were lifted and by that time, the RDP attempts spiraled down to 75,855,129 or a plunge of -49% from the previous year. 

“Among our post-pandemic learnings is that flexibility, agility and openness are important to our sustainability and productivity in business. We are still evolving. Part of this evolution is the resounding desire of the workforce in Southeast Asia to stay within the hybrid setup, which boils down to our need for connection and empowerment as humans and we need to acknowledge that,” said Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky.

“Part of listening to what the workforce is asking of us is providing options and support within the cybersecurity framework for their safe return to office work in any form. For companies, you will still have to use technology to drive productivity and it will remain this way as things get more and more sophisticated in the business space,” Yeo added.  

For the employed, switching to working from home has been difficult enough. After getting used to this setup for two years, returning to the office may just be as tricky. Companies are in the same predicament — rolling back some changes would mean jumping through hoops again like how they did when they deployed these in 2020. 

To help stressed IT security managers prioritize, we put together some cybersecurity action items for businesses:

  1. Keep work-from-home cybersecurity workarounds

Whether your workforce is returning from home to office or requires work-related travel, using virtual private network (VPN) and an advanced endpoint and detection response (EDR) solution will ensure their safe return to on-site work. Kaspersky Extended Detection and Response or XDR is a multi-layered security technology that protects IT infrastructure. Whereas EDR focuses on endpoints, XDR focuses more broadly on multiple security control points to detect threats more quickly, using deep analytics and automation. XDR creates security efficiencies by improving detection and response capabilities through unifying visibility and control across endpoints, network, and cloud. It facilitates advanced investigation and threat hunting capabilities across multiple domains from a single console. 

  1. Restore any security controls you disabled for remote workers

To allow remote employees to connect to the corporate network, especially from personal devices, some organizations weakened or disabled cybersecurity controls such as Network Admission Control (NAC). NAC checks computers for compliance with corporate security requirements, such as up-to-date malware protection before granting access to the corporate network. Upon employees’ return to the office, NAC should be turned on to protect the internal systems in case the machines pose any risks. Organizations need to anticipate such issues and have a plan that includes resources, deadlines, bug fixes, and maybe even help from IT integrators. 

  1. Update internal systems

Don’t forget to check internal critical services. The IT security team needs to know if there are any unpatched servers in the building before letting anyone in. With everyone returning to the office and connecting their laptops to the corporate network at once, just one unpatched domain controller can provide broad access to, for example, employee account data and passwords. 

  1. Get ready to save — and also to pay

Bringing employees back to the office may save employers some money. Companies can reduce the number of subscription-based cloud solutions or licenses, such as for video conferencing or electronic signature to bring some services back as local resources. Consider spending those freed-up budgets on organizing digital workstations so that employees can split their weeks between office and elsewhere. Remote work technologies like virtual desktops are much easier to deploy, manage, fix, and protect than remote computers. 

  1. Save the tools and settings that employees used remotely

Thanks to their pandemic experience, employees have mastered new communication and collaboration tools for chats, videoconferencing, planning, CRM, and others. If those tools worked well, employees will want to continue using them. In fact, 74% of Kaspersky’s survey respondents said they want more flexible and comfortable work conditions. Companies should be prepared either to approve new services or to suggest and defend alternatives. Dedicated solutions can help organizations manage access to cloud services and enforce associated security policies. IT security should be a business enabler, not a barrier.  

For SMBs and midrange enterprises, Kaspersky in Southeast Asia also has launched a Buy 1 Free 1 promo. Businesses can now enjoy two years of enterprise-grade endpoint protection for the price of 1 with Kaspersky Endpoint Security for Business or Cloud or Kaspersky Endpoint Detection and Response Optimum, with 24×7 phone support. Interested customers can reach out to sea.sales@kaspersky.com.  

TECHNOLOGY

Kaspersky reports more than 340, 000 attacks with new malicious WhatsApp mod

November 20, 2023 8:52 p.m.

Kaspersky researchers recently uncovered a new malicious WhatsApp spy mod, which is now proliferating within another popular messenger, Telegram.

While the modification serves its intended purpose by extending user experience, it also clandestinely harvests personal information from its victims. With an extensive reach surpassing 340,000 in just one month, this malware predominantly targets users who communicate in Arabic and Azeri, though victims have been identified globally.

Users often turn to third-party mods for popular messaging apps to add extra features. However, some of these mods, while enhancing functionality, also come with hidden malware. Kaspersky has identified a new WhatsApp mod offering not only additions like scheduled messages and customizable options, but it also contains a malicious spyware module.

The modified WhatsApp client’s manifest file includes suspicious components (a service and a broadcast receiver) not present in the original version. The receiver initiates a service, launching the spy module when the phone is powered on or charging. Once activated, the malicious implant sends a request with device information to the attacker’s server. This data covers IMEI, phone number, country and network codes, and more. It also transmits the victim’s contacts and account details every five minutes as well as being able to set up microphone recordings and exfiltrate files from external storage.

The malicious version found its way through popular Telegram channels, predominantly targeting Arabic and Azeri speakers, with some of these channels boasting nearly two million subscribers. Kaspersky researchers alerted Telegram about the issue. Kaspersky’s telemetry identified over 340,000 attacks involving this mod in just October. This threat emerged relatively recently, becoming active in mid-August 2023.


Examples of Telegram channels distributing malicious mods

Azerbaijan, Saudi Arabia, Yemen, Turkey, and Egypt witnessed the highest attack rates. While the preference leans towards Arabic and Azerbaijani-speaking users, it also impacts individuals from the US, Russia, UK, Germany and beyond. 

Kaspersky products detect the Trojan with the following verdict Trojan-Spy.AndroidOS.CanesSpy.

“People naturally trust apps from highly followed sources, but fraudsters exploit this trust. The spread of malicious mods through popular third-party platforms highlights the importance of using official IM clients. However, if you need some extra features not presented in the original client, you should consider employing a reputable security solution before installing third-party software, as it will protect your data from being compromised. For robust personal data protection, always download apps from official app stores or official websites,” comments Dmitry Kalinin, security expert at Kaspersky.

To stay safe, Kaspersky experts recommend: 

  • Use Official Marketplaces: Download apps and software from reputable and official sources. Avoid third-party app stores, as the risk that may host malicious or compromised apps is higher.
  • Use reputable security software: Install and maintain reputable antivirus and anti-malware software on your devices. Regularly scan your devices for potential threats and keep your security software up to date. Kaspersky Premium protects its users from known and unknown threats. 
  • Educate yourself about common scams: Stay informed about the latest cyber threats, techniques, and tactics. Be cautious of unsolicited requests, suspicious offers, or urgent demands for personal or financial information. 
  • Third-party software from popular sources often comes with zero warranty. Keep in mind that such apps can contain malicious implants, e. g. because of supply chain attacks.
Continue Reading

TECHNOLOGY

Globe’s next-gen leaders delve into AI and humanity at International Design Conference

October 27, 2023 3:45 p.m.

Globe’s next generation leaders shared invaluable insights on the blend of Artificial Intelligence (AI) and the human experience at the 7th International Design Conference, an event that marked the 50th anniversary of the Design Center of the Philippines.

Returning with more disruptive design concepts and an immersive environment that encouraged attendees to rethink limits, the two-day conference, held in cooperation with Globe, unveiled the evolving landscape and transformative potential of design.

Design luminaries and game-changers from the design sector and the Philippine creative economy collaborated to captivate audiences with immersive keynote presentations, provocative fireside chats, inspiring case studies, future-focused visioning, and an industry meet-up.

Globe’s Wil Sarmiento, Director and Head of Customer Lifecycle, and Paolo Toledo, Director and Head of Creatives, stood out with their forward-thinking perspectives.  They joined world-renowned personalities such as award-winning design critic and author Alice Rawsthorn, program director of the Danish Design Centre Christina Melander; Sarah ichioka, founding director of Desire Lines; Dr. Anna Whicher, Policy Consultant of the “Making Design Count: The Value and Impact of Design on the Philippine Economy”; and Professor Daniela Bohlinger, Sustainability Design Pioneer.

Sarmiento, delivered a keynote that delved into the future skills in the age of human-machine collaboration, underscoring the potential of a symbiotic relationship that harnesses the strengths of both.

“Remember the value that you bring to the table: creativity, empathy, and the ability to change. AI will open doors that only humanity will be able to walk through,” he pointed out.

In a thought-provoking panel discussion led by Beth MacDonald, Chief People Officer of Biocellion SPC, Toledo, highlighted the intrinsic value of human intuition and design in an AI-driven world.

“Being human is the greatest design of all. While technology provides efficient solutions, it simply answers “what’s right” or “what’s needed”. BUT it’s us humans who trigger innovation and purpose. We hold the power to ask “what’s next?” and more importantly, “what for?” he said.

The International Design Conference, with its rich legacy of championing design innovation, is a thought leadership platform that celebrates the intersection of design, business, technology, and policy while thriving at the edge of disciplines to remain provocative and to use design and creativity to ask difficult questions and to take the audience to new territories.

Globe’s design leaders not only contributed to this dialogue but also illuminated the path forward, emphasizing a future where technology and human ingenuity seamlessly converge.

(Left) Paolo Toledo, Globe Head of Creatives; (Right) Wil Sarmiento, Globe Head of Customer Lifecycle

For more information about the International Design Conference and its key takeaways, please visit  www.facebook.com/DTI.DesignCenterPH.

To learn more about Globe, go to https://www.globe.com.ph/.

Continue Reading

TECHNOLOGY

LG honored with multiple awards for Innovative Product Design at IDEA 2023

September 4, 2023 3:11 p.m.

LG Electronics (LG) has once again been recognized for outstanding product design, earning 13 awards at the International Design Excellence Awards (IDEA) 2023, announced at the International Design Conference in New York, New York.

The LG PuriCare AeroTower, an air purifier that can also be used as a side table and mood lamp, was honored with a Bronze Award at yesterday’s conference. Offering personalized performance and design options, as well as a compact form factor, LG’s air purifier can be tailored to match any home interior and is ideal for smaller spaces. With its latest win, the LG PuriCare AeroTower has now been recognized by all three of the world’s top industrial design award programs: IDEA, the Red Dot Award and iF Design Award.

Another IDEA 2023 honoree, the LG OLED Flex (model LX3) is an innovative TV featuring the world’s first bendable 42-inch OLED screen. The LX3, which made its international debut at IFA last year, offers a new level of screen customizability – its self-lit display able to go from completely flat to spectacularly curved with the push of a button.

“The achievement from this year’s IDEA is the result of the synergy between customer experience-centered technology and aesthetics,” said Hwang Sung-gyul, head of the Design Management Center at LG Electronics. “We will continue to improve the level of perfection by reflecting innovative customer experiences beyond the existing framework in product design by constantly communicating and empathizing with customers.”

Organized annually by the Industrial Designers Society of America (IDSA), IDEA is one of the world’s leading design award programs, recognizing exceptional achievements in the area of industrial design while taking into consideration various factors relating to design strategy, digital interaction, the environment, and social impact, when selecting award recipients.

Life’s about more than having the latest technology, rather, it’s about the experiences technology creates that impact our lives. LG Electronics Philippines delivers consumer electronics through top-of-the-line home entertainment appliances that prepare Filipinos for their greatest moments. LG promises to bring “Innovation for a Better Life” nationwide – from Luzon, to Visayas, and Mindanao. LG products are available via lg.com/ph and through its flagship stores in Lazada and Shopee. For more information, visit and follow their social media channels on FacebookInstagramTiktok and Youtube (@lgphilippines).

Continue Reading