c

Importance of DevSecOps across Industries!

How TSAROLABS facilitates industries stay safe and secure?

DevSecOps is essential because it combines development, security, and operations practices into a single integrated approach to build security into the software development lifecycle.

Importance of DevSecOps:

  • Improved security: Security at every stage of the development process for more secure software is less vulnerable to cyber attacks.
  • Faster time to market: DevSecOps helps to identify and address security issues early in the process to reduce the likelihood of security vulnerabilities.
  • Greater collaboration: Promotes collaboration between developers, security teams, and operations teams for improved outcomes.
  • Increased agility: It allows organizations to respond quickly to changing market conditions and customer needs.
  • Cost savings: By building security into the development process, organizations can avoid the cost of fixing security issues later in the development cycle or after deployment.

Additionally, DevSecOps is vital in all industries that rely on software development to support their business operations, such as finance, healthcare, retail, manufacturing, and many others.

Some primary industries are:

Finance: Financial institutions deal with sensitive customer data and financial transactions. Any security breaches can have severe consequences, including loss of customer trust and financial penalties. DevSecOps helps to identify and address security issues early in the development process, reducing the risk of security breaches.
Healthcare institutions: It deals with sensitive patient data and must comply with strict data privacy regulations. DevSecOps helps to ensure that patient data is handled securely and that the software used in healthcare applications is reliable and secure.
Government: Government institutions deal with sensitive data related to national security, public safety, and citizens’ personal information. DevSecOps helps ensure that government software systems are secure and reliable and that citizen data is handled carefully.
Energy: Energy companies operate critical infrastructure essential to society’s functioning. Any security breaches can have severe consequences, including disruption to the energy supply and public safety risks. DevSecOps helps to ensure that energy software systems are secure and reliable.

 

DevSecOps is crucial in any industry that relies on software development to support its business operations. Still, some drives may have a higher risk profile and require greater attention to security.

At TSAROLABS we help and facilitate organizations to build and deliver more secure software more efficiently and effectively with DevSecOps.

Related tags:
Security, Risk management, Compliance, Data Privacy, Customer trust, Time-to-market, Collaboration, Efficiency, Agility, Cost savings, Sensitive data, National security, Public Safety, Critical infrastructure, Reliability.

The healthcare sector and ransomware authors

Medical organizations are the main force behind humanity’s efforts to change the tide in the battle against the infamous sickness as COVID-19 is not loosening its grip on the world. Hospitals and research facilities are more vulnerable to malware invasions than ever before because they are overrun with work that saves lives. However, cybercriminals don’t exhibit the necessary sympathy. Some of them keep focusing on the healthcare industry as if it weren’t the new reality in light of the pandemic.

One of the most repulsive cybercrime trends of 2020 is the increase in phishing campaigns based on the coronavirus panic. Users are being tricked into divulging their account passwords and installing banking Trojans by rogue emails that imitate reputable medical organizations, like the World Health Organization (WHO) and the American Centers for Disease Control and Prevention (CDC). Even though these scams are not only targeted at the healthcare sector, ransomware nevertheless rears its ugly head by specifically attacking hospital computer networks.

A RISK THAT IS RAISING

Hospitals are increasingly being targeted with ransomware attacks, according to the International Criminal Police Organization (Interpol). The aftermath of such an attack is not limited to data effect, as the officials heavily emphasize. It makes it more difficult to respond quickly to medical emergencies, which could have major real-world repercussions and put many patients at danger.

Interpol sent a Purple Notice to law enforcement organizations in each of its 194 member nations due to the rising ransomware activity that is harming this industry. By soliciting information from the public about criminal strategies, techniques, and procedures, the organization hopes to raise general awareness of the issue (TTP).

In addition, Interpol promises member nations that it will make every effort to offer the required technical assistance and threat reduction services. Its Cyber Threat Response (CTR) section is also gathering data on malicious web domains serving as ransomware delivery systems.

In terms of prevention, the organization reaffirms that emails with hazardous attachments or hyperlinks leading to harmful payloads are the main means by which ransomware is spread. That being said, the most important piece of advice is to make sure that staff members can spot a phishing attack and stay out of trouble.

Additionally, healthcare providers should prioritize their data and keep the most crucial documents apart from the rest of their information. Furthermore, it will be much more difficult for intruders to access your system if you regularly update your software, use trustworthy anti-malware solutions, and use strong passwords or two-factor authentication (2FA).

Ryuk Ransomware continues to take advantage of hospitals.

Despite the crisis, Ryuk, an enterprise-targeting ransomware operation, is still infecting hospitals. In March 2020, one of these attacks was discovered by security experts. They discovered that the thieves had contaminated the digital infrastructure of an unnamed American health organization using the remote execution application PsExec.

On infected systems, the predatory application encrypted crucial data and generated ransom letters.

SentinelOne, a security company, discovered a coordinated campaign around the same time in which Ryuk operators attempted to attack numerous COVID-19 response facilities all around the United States. Their prominent targets were a network of nine hospitals as well as two independent clinics.

DHARMA RANSOMWARE follows a similar route.

The notorious Dharma ransomware family is still waging damaging attacks against hospitals in the midst of the coronavirus catastrophe. It made its debut in 2016 as a threat aimed at individuals before being modified to target business networks.

The COVID-19 theme is utilized in numerous ways by one of the most recent Dharma variations. It makes use of a binary file called 1covid.exe that appears to be a secure email attachment. When an unwary victim opens this file, the ransomware infects the computer and starts a post-exploitation scenario to try to infect other devices connected to the same network.

The organization’s files are then encrypted using a combination of the RSA and AES cryptographic techniques. It’s interesting that coronavirus@qq.com is provided as the contact email address in the ransom note. The ransom fee can be a few to tens of bitcoins, depending on the size of the hacked network.

Russian criminals stalk European pharmaceutical companies

Pharma firms with headquarters in Germany and Belgium experienced extortion attacks in January 2020, which were coordinated by two hacker organizations. Russian-speaking cyber criminal gangs nicknamed Silence and TA505, according to analysts from security services company Group-IB, were in charge of these incidents. While the former had been active in attacking the healthcare sector, Silence had concentrated on compromising financial institutions and changed its strategy abruptly when the epidemic started.

According to reports, both gangs entered the targets’ networks via privilege escalation flaws identified as CVE-2019-1322 and CVE-2019-1405, respectively. Fortunately, the assaults were discovered and stopped before they could cause any harm.

The attacks were probably ransomware operations disguising themselves as data breaches, according to Group-IB analysts, despite the fact that the hackers were unable to run their code. The white hats underline that the TA505 crew is known to have employed ransom Trojans in the past, including Rapid and Locky, as part of their justification.

FEELINGS FROM SOME THREATENING ACTORS

Several ransomware gangs assert that they are ceasing attacks on hospitals, in contrast to the mischief outlined in the preceding paragraphs. Experts from the BleepingComputer security resource made contact with the perpetrators of widespread cyber-extortion activities in March 2020. Finding out if the bad guys intended to flee the medical scene in light of the coronavirus emergency was the study team’s main objective.

Unbelievably, some of the addressees have responded, according to the analysts. Hospitals and humanitarian organizations were never among the targets of the Clop ransomware, according to its creators, and this won’t change. Even if such an institution unintentionally becomes compromised, the criminals will allegedly send it a decryption tool without any conditions.

However, the villains claimed that they did not view companies in the pharmaceutical industry as deserving of their pity. The explanation is that because these businesses are thriving in the midst of the pandemic, they would be forced to make restitution if attacked.

Another ongoing ransomware strain, DoppelPaymer, was created by people who allegedly followed suit. In their response, they said that if a hospital ended up on their hook, they would immediately decrypt its files. However, the victim is required to submit proof that it is a healthcare professional in order to be qualified for such treatment. Similar to Clop, this syndicate won’t compromise on the ransom demands from pharmaceutical corporations.

The cybercriminal organizations who created the ransomware strains known as NetWalker and Nefilim claimed they had never explicitly targeted hospitals or nonprofits and had no plans to do so. However, there is a catch: If a healthcare institution falls victim to accidental entrapment, NetWalker will demand a ransom.

The creators of Maze, a type of ransomware that exploits data stolen from victims before encryption to put further pressure on victims, said they wouldn’t attack hospital computer networks until the pandemic was ended. They must have had a poker face on when they wrote their response, though. Why? Read on. Soon after making their threat, they released documents taken from Hammersmith Medicines Research, a company testing COVID-19 vaccines, which was attacked. This information includes the personal files of many previous patients.

More than a thousand patients of the Montana VA Health Care System, which provides services to veterans, had their private information exposed by Maze in June 2020. The initial assault happened in late April, and the criminals turned their wrath on the victimized group that refused to pay the ransom. What lesson does the tale teach us? For these dishonest scoundrels, ethics is a meaningless concept.

THE CONCLUSION

The globe is seeing unusual conditions that combine online threats and physical dangers into an odd whole. Never before has the reliability of electronic systems been so crucial to people’s lives. Ransomware creators are displaying their true selves during these difficult times. By attacking vital healthcare infrastructure and restricting access to hospital databases, they obstruct timely medical assistance in situations where seconds can make all the difference.

Although some extortion gangs have allegedly stopped attacking hospitals, it is risky to place too much faith in their assurances at this time. Instead, the healthcare sector should concentrate on fortifying its defenses and proactively repelling ransomware raids.

All important data must first and foremost be backed up. Additionally, security awareness training for the staff is crucial to these remedies because most ransomware cases begin with an employee blunder in which they open an alluring email attachment. It’s important to use 2FA or difficult-to-guess passwords for proper account sign-in hygiene. Additionally, a powerful anti-malware programme should be able to recognise all common varieties of ransomware and stop them before they cause damage.

Related Tags: security, awareness, healthcare, ransomeware, antimalware, threats, pharmaceutical, cybercriminal, risk

Identity and access management in the Retail Business

Identity and access management (IAM) in business refers to the processes and technologies used to manage and control access to a company’s systems, resources, and data. This includes managing user identities, authentication, and authorization to ensure that only authorized individuals have access to sensitive information. IAM solutions are used to secure access to systems, networks, and applications, and can include tools such as single sign-on (SSO), multi-factor authentication (MFA), and identity and access management platforms. These solutions help organizations to comply with regulations, protect against cyber threats, and improve overall security and efficiency.

Identity and access management (IAM) in the retail business involves the processes and technologies used to manage and secure the identities of customers, employees, and partners, as well as the access they have to sensitive information and systems. This can include authentication, authorization, and access control systems, as well as security measures such as multi-factor authentication and role-based access control. In the retail industry, IAM is used to protect customer data, prevent unauthorized access to systems, and ensure compliance with industry regulations such as PCI DSS. Additionally, retailers use IAM to manage the access of employees and partners to sensitive information and systems, such as inventory management systems and point-of-sale terminals.

In the retail industry, identity and access management (IAM) is critical for protecting sensitive customer data, preventing unauthorized access to systems, and ensuring compliance with regulations such as the Payment Card Industry Data Security Standard (PCI DSS).

One specific example of IAM in the retail industry is the use of multi-factor authentication (MFA) for customer account access. This can include using a combination of a password and a one-time code sent to a customer’s mobile phone to verify their identity before allowing them to access their account.

Another example is the use of role-based access control (RBAC) to manage employee access to sensitive systems and data. For example, a cashier may only have access to the point-of-sale system and not to the inventory management system. This limits the potential for data breaches and ensures that only authorized individuals have access to sensitive information.

In addition to these technical solutions, retail companies also use IAM policies and procedures to ensure compliance with regulations such as PCI DSS, which requires strict controls over access to payment card data. This can include regular security audits, employee training, and incident response plans.

Overall, IAM is a critical component of the retail industry, helping to protect sensitive data and maintain compliance with industry regulations, while also managing access to systems and data, to ensure that only authorized individuals have access.

In the retail industry, IAM systems may be used to control access to point-of-sale systems and sensitive customer data. This may include implementing regular security training for employees and implementing strict controls on the use of mobile devices.

Businesses also need to be compliant with the regulations and standards that are relevant to their industry, such as SOC 2, ISO 27001, HIPAA, or PCI-DSS. These regulations and standards provide guidelines on how companies should manage and protect sensitive data, and IAM plays a critical role in meeting these requirements.

Overall, IAM is a critical component of information security for businesses. It helps to ensure that only authorized individuals have access to company resources and that sensitive data is protected from unauthorized access.

Overall, regardless of the industry, an effective IAM system should be able to manage user identities, control access to resources, and monitor and report on access attempts.

TSAROLABS helps you to analyze and access your Business resources and data. We assist you to manage and restrict access to a company’s resources, data, and systems.

Related Tags:
Identity and Access, Management, Business, Security, Sensitive, Information, Single Sign-On, Cyber Threat, Authentication, Authorization.

Patch wifi router bugs in the Healthcare Industry

Netgear has constantly a high-severity vulnerability affecting more than one WiFi router fashions and suggested clients to replace their gadgets to the brand new firmware as quickly as possible.

The flaw influences more than one Wireless AC Nighthawk, Wireless AX Nighthawk (WiFi 6), and Wireless AC router fashions.

Although Netgear did now no longer expose any facts about the factor tormented by this worm or its impact, it did say that it’s far from a pre-authorization buffer overflow vulnerability.

To patch wifi router bugs in the healthcare industry, it is important to ensure that the routers are running the most recent firmware version, as this often includes security updates and bug fixes. Additionally, it is important to regularly check for any known vulnerabilities and apply any necessary patches or updates. It is also recommended to use strong, unique passwords for the router’s admin account and to enable WPA2 encryption for wireless networks. Additionally, it is also recommended to use a VPN and Firewall to secure the network and data.

The effect of a successful buffer overflow exploitation can vary from crashes following denial of carrier to arbitrary code execution, if code execution is done at some point of the attack.

Attackers can make the most of this flaw in low-complexity assaults without requiring permissions or consumer interaction.

In a protection advisory posted on Wednesday, Netgear stated it “strongly recommends that you download the cutting-edge firmware as quickly as possible.”

It’s important to note that in the healthcare industry, the security and privacy of patient data is of the utmost importance. It is thus recommended to consult with a cybersecurity expert or a healthcare IT professional to ensure that the router’s security measures are in compliance with industry regulations and standards.

TSAROLABS patch wifi router bugs, you can follow these steps:

Check the router’s firmware version: Log into the router’s admin interface and check the firmware version. If a newer version is available, download and install it.

Check for known vulnerabilities: Visit the router’s manufacturer’s website or the US-CERT website to check if there are any known vulnerabilities associated with your router’s firmware version. If there are, apply any necessary patches or updates.

Change the default password: Many routers come with a default password that is easily guessed by hackers. Change the default password to a strong, unique one.

Enable WPA2 encryption: WPA2 is the most secure encryption method for wireless networks. Make sure that WPA2 is enabled on the router.

Use a VPN or firewall: Use a virtual private network (VPN) or firewall to secure the network and protect the router from external attacks.

Regularly check for updates: Regularly check for updates on the router’s firmware to ensure that the router is protected from the latest known vulnerabilities.

It’s important to note that patching wifi router bugs is an ongoing process, and it’s important to keep the router’s firmware and security settings up-to-date.

Related Tags:
Patch wifi, Router bugs, Healthcare Industry, Netgear, Vulnerability, Firmware, Security, Cyber Crime, WPA2, Encryption.

HealthCare Sector at CyberAttack Risk

Digital technologies are making Patient care easy and efficient and are providing better outcomes. Regardless, the upgrade of digital technologies and the increasing interconnectedness between different healthcare systems come with advancing cybersecurity dangers.

The advantages of healthcare technology advancement are undeniable. For example, electronic health records (EHRs) have evolved critically to enhance Patient outcomes and diagnostics, with 75% of healthcare providers conveying that EHRs help them supply adequate patient supervision.

Providers are rapidly relying on technological advances that have raised healthcare cybersecurity threats. For example, the cybersecurity company Emsisoft reports that the U.S. had over 560 Cyberattacks against healthcare facilities in 2020.
What can healthcare organizations do to manage cyber Attacks? Following are some strategies to follow:

  • Enforcing Technical and technological cybersecurity measures
  • Constructing a group of skilled professionals to ensure cybersecurity in the healthcare department.
  • Designing a healthcare cybersecurity strategy focused on patient privacy protection
  • Addressing vulnerabilities in legacy systems in healthcare
  • Keeping tabs on new consequences to comprehend information technology (IT) challenges

These measures can strengthen an association’sassociation’s cybersecurity protection, underrate security breaches in healthcare, and ensure that critical systems remain active to reduce the impact on patient supervision.

Healthcare Cyber Security: Critical Issue

It is an area of information technology that focuses on safeguarding healthcare systems. These systems contain EHRs, health tracking devices, medical equipment, and healthcare delivery and management software. Healthcare cybersecurity concentrates on controlling attacks by protecting systems from unauthorized credentials and exposing patient information. The primary purpose is to assure the confidentiality, availability, and integrity of crucial patient data, which, if compromised, could put patient lives at stake.

Hospitals board hundreds and even thousands of patients, and as a result, they become excellent targets for hackers and make healthcare cybersecurity a critical consideration for hospital administrators.

Hancock Regional Hospital in Greenfield, Indiana, experienced an attack in 2018 and revealed how a ransomware attack could affect cybersecurity in hospitals. Cyberpunks accessed backup system data and eternally corrupted files, including EHRs.

Yet, the hospital stayed functional even after the IT team closed down the network.
However, the attack did affect the hospital financially, and it had to settle for a ransom of Four Bitcoins, i.e., $55,000, in exchange for its leaked data.

Cyberattacks come in numerous constitutions, from ransomware to theft of personal information. However, four issues are common throughout healthcare:

  • Patient privacy protection
  • The vulnerabilities of legacy systems
  • The challenges of IT in healthcare
  • Security breaches in healthcare

Patient privacy protection

As the healthcare industry is becoming more technologically associated, the risk of cyber theft also increases. The two types of robbery are outside theft and insider misuse.

External theft: Hackers outside a healthcare organization infiltrate Healthcare System and steal the Patient’sPatient’s Data for financial gains. For example, they use patients’ information to submit fraudulent claims to health insurers. External theft can also retain cyberpunks pushing healthcare organizations to settle a ransom amount in recovery for restoring patient data systems.

Insider misuse: Insider misuse often comes from stealing patients’ information for financial benefits or malicious intent. Other types of insider mishandling include curiosity (unwarranted access to data unrelated to care delivery) and comfort (overriding security protocols to make a job more accessible). Involuntary activities, such as human mistakes, mistyping, opening, or clicking phishing emails, make up the rest of insider misuse cases.

Vulnerabilities of legacy systems in healthcare

Despite various benefits, digitization offers many healthcare systems that keep outdated legacy systems for the following reasons:

Strict Budget: Shifting to a further system includes the expenses of purchasing the latest technology and paying technicians. It may also mean downtime, which facilitates possibilities for a healthcare structure to generate revenue.

Compliance guarantee: New equipment and technology can be tedious, therefore, organizations already gone through the process once, may surely prefer to avoid undertaking it again.

Upskilling costs: Training staff on new methods is time-consuming and expensive but essential to underrate mistakes. Jointly with training from technology agents, can aid supervisors in incorporating teamwork principles into contemporary healthcare strategies.

Complacency: Healthcare associations may restore an issue only after a system collapse. A bold strategy for substituting legacy systems can help avoid future problems.

Challenges of IT in healthcare

The advanced use of IT in healthcare has delivered advantages such as finer communication between doctors and patients, mechanization of manual duties, and improved contact between physicians caring for the same patients. In addition, IT and digitization have entrusted patients to make sounder judgments about their supervision, as patients have greater access to data about their fitness.

Benefits of IT and digitization in healthcare:

  • Easing inefficiencies
  • Enhancing healthcare access
  • Reducing healthcare expenses
  • Improving maintenance grade
  • Delivering personalized treatment for patients

To accomplish the advantages, related technologies are essential, although they are also prey for cyberattacks and data breaches. Despite external violations exceeding inner misuse as the predominant source of security risk, internal abuse is typical in the healthcare industry compared with other sectors, according to Verizon.

Security breaches in healthcare

In 2020, the healthcare industry witnessed hackers seizing the benefit of COVID-19 apprehensions. One example concerned an email about a presumed “coronavirus map” to track COVID-19 cases, and on clicking the link, it triggered information stealer malware that stole passwords and credit card information.
Some of the most significant data violations of 2020 came from vulnerabilities in healthcare vendor systems, phishing attacks, and fraud schemes.

Related Tag- phishing attack, cyberrisk, cyberattack, healthcare risk, breaches, security, patient privacy protection, healthsector cyberrisk, cybersecurity

Online Charging System

OCS is a specialized transmission function that permits an assistance provider to charge a user for services in real-time. The OCS handles the subscriber’s account balance, assigning transaction control, correlation, and rating. In addition, OCS assists a telecom operator in ensuring that credit limits are enforced and resources are authorized based on transactions.

Traditional online charging systems charge the Customer after a service is generated, whereas the OCS charges as services are developed. Therefore, OCS is more flexible than Intelligent Network (IN) prepaid solutions.

 1. Architecture

   1.1 Event-Based Charging

  1.2 Session-Based Charging

    1.2.1 Account and Balance Management

Online charging system overview (Source- researchgate.net)

Event Based Charging

An Event-Based Charging Function (EBCF) is employed to seize events based on their happening, preferably than their course or volume used in the event. Typical events include SMS, MMS, and content purchase (application, game, music, on-demand video, etc.).

The event-based charging operation is employed when the CC-Request-Type AVP = 4, i.e., for event proposal ex: diameter-SMS or diameter.

Let us assume a sample of Event-based Charging. 

  1. Cost of one apple is Rupees 25/- You pay the amount, take the apple and go. Likewise, sending a text message may cost you Rupee 1/- and that’s it. But, on the other hand, you subscribe to Caller Ring Back Tone (CRBT), which costs you Rs.30/- a month, irrespective of the number of calls you receive in a month. Therefore, we can term event-based Charging as a one-time or one-time occurrence cost.

 

Session Based Charging

The session-based charging function (SBCF) is responsible for the online Charging of network/user sessions, e.g., voice calls, IP CAN bearers, IP CAN offer sessions or IMS sessions.

Let us consider an example of session-based Charging. Utility services like electricity or water are charged based on overall usage for a specific time duration. For instance, you consume ‘x’ power units in a month and pay for units engulfed in that month. However, the use may vary monthly and hence the charges, similarly for drinking water, etc. Therefore, charging based on how much one consumes is metered or session-based.

 

Account and Balance Management

The account balance management function (ABMF) is the subscriber’s account balance location within the OCS.

LTE OCS-Online Charging System | OCF-Online Charging Function

Online charging architecture (source- rfwireless-world)

In OCS, charging events are received by the “Online Charging Function (OCF). ”
The OCF decides about the usage of resources based on the Rating Function (RF) and Account Balance Management Function (ABMF).
CTF stands for Charging Trigger Function.

Offline Charging System

Offline Charging authorizes Subscribers to consume the benefit without an upfront balance check or reservation. Post Service consumption and usage logs in the state of files & batches are processed for charging the Customers. These service usage files are called Charging Data Records (CDRs) or Event Data Records (EDRs).

As it’s not practical to send this large no. of files (different formats) through other Network nodes directly to the billing system, they are first adjudicated through a technique known as Mediation. It models between the Network layer and the BSS layer.

Mediation in offline charging (Source- RajarshiPathak)

Mediation system performs operations like: –

  • Raw CDRs Collections via PUSH or PULL method. CDRs file format can be ASCII, CSV, Binary, TAP, XML, etc.
  • Validating, Filtering & Parsing the CDR’s.
  • Processing/Enriching the records as per the Northbound systems (like Rating Engine, Interconnect System, Roaming Clearinghouse, RA, FMS, Reporting, etc.) requirements.
  • Distributing the processed CDRs to Northbound systems.

Offline Charging mechanism works for Service usage: –

  • Customer initiates service usage.
  • Raw CDRs get generated about this usage. Usage can be Session-based (e.g. Video call) or Event-based (e.g. File transfer/SMS).
  • Accounting-Request (ACR) and Accounting Answer (ACA) Diameter Messages are used to construct CDRs for service usage.
  • Raw CDRs are collected and processed by the Mediation system.
  • Processed CDRs from Mediation are guided to the Rating Engine.
  • CDRs are rated by Rating Engine as per the rate plans by measuring the events.
  • Rated Event data gets generated and stored in the Billing system.
  • Billing process picks up these rated events during the bill run for calculating the Usage charges to be applied on the Bill.
  • Bill gets generated for initiating Customer payments.


Source- netmanias.com

Offline Charging supports Session-based (like Voice calls or YouTube browsing) and Event-based (like SMS, File transfer over Instant Messaging) services. In addition, operators use the Customers’ credit limit for the service allowance. Therefore, revenue leakage will be minimal when the CDRs are rated as soon as they are generated during service usage.

Offline Charging mechanism as per 3GPP standard: –


Source- netmanias.com

CTF (Charging Trigger Function): The network node generates charging triggers whenever a customer uses services. Examples are GGSN, PGW, SMSC, etc. In addition, it sends Diameter Accounting-Request (ACR) messages to CDF to generate Raw CDRs.

CDF (Charging Data Function): This network node renders Raw CDRs by processing ACR/ACA messages established on service consumption. On obtaining ACRs, CDF processes the offline charging information and induces the CDRs. Using Accounting Answer (ACAs) messages, inform the CTFs that the Charging record has been developed.

CGF (Charging Gateway Function): The Mediation system processes the Raw CDRs and transmits the processed CDRs to the BSS systems. More details of Mediation are mentioned above.

Billing System

Use documents obtained from CGF (or Mediation) are placed by the Rating Engine. Rated Event data gets generated and stored. The billing process consumes the rated events held in the database and counts the Usage charges against the Customer’s Bill. During Bill Run, expenses like monthly recurring, one-time, cancellation, etc., are also processed along with usage charges. In addition, actions like billing term deals, adjustments, compensations, taxes, etc., are also assessed during the Bill Run. Once the Bill is concluded, it accepts the Payments against the Invoice.

Related Tags: payment, online charging, offline charging, billing, security, taxes, charging data, charging gateway, data management.

Shoulder Surfing at cafes and offices – An underestimated threat

Are you safe working at cafes, offices, and co-working spaces?

Well, the answer is No. It’s laughably low-tech, but shoulder surfing, or snooping over people’s shoulders to pry at the information displayed, is increasing – and there’s a good chance it’s happening to you.

Shoulder surfing is one of the most undervalued threats that is rapidly advancing. It is a type of social engineering that is aimed at obtaining personal information through interpersonal connection. There are two types of shoulder surfing.

The first type of attack is when direct observation is used to obtain access to data. For example, a person looks directly over the victim’s shoulder to observe when they enter data, such as their PIN, at a checkout terminal.

In the second type, the victim’s actions are first recorded on video. Criminals can then analyze these videos in detail and obtain the desired information later. Nowadays, it is possible to use video recordings to determine the PIN for unlocking mobile devices, even if the display cannot be seen in the video. The movements of a user’s fingers are enough to determine the access code.

Shoulder surfing can happen anywhere at any given point in time. So one must be aware of their surroundings while working on mobiles/desktops/laptops/ATMs/Filling necessary forms at banks, offices, etc.

The person can be a little far away, e.g., sitting some rows behind you on a train and using their mobile phone to video or take pictures of what they can see on your screen. Which they later use to retrieve information or access your account.

While using an ATM, someone positioned themselves in such a way that allowed them to watch you enter your PIN. In a rush, you leave the ATM with your card and money without ensuring it exited entirely out of your account. If the ATM doesn’t require the card to be inserted for the entire transaction, other transactions are permitted if you don’t confirm that you have any other trades to make as long as the attacker knows the PIN.

Crowded public transit makes it easy for attackers to see the device screens of others or hear the conversations of others. In these cases, they’re looking over the victim’s shoulder.

The victim accidentally leaves their device unattended in a public place. Having watched the victim enter his password into their computer moments before, the attacker can unlock the device with this information, putting any sensitive data on the computer at risk.

Some quick tips to avoid shoulder surfing

  • Eliminate passwords: The ONLY way to prevent password-based attacks is by eliminating passwords. Learn more about passwordless authentication today and keep your most critical applications secure.
  • Add a privacy screen to your devices: Using attached privacy screens dramatically lessens the risk of data disclosure. Some glass protector manufacturers have versions with a privacy screen, which protects your phone’s glass and the information on your phone, too.
  • Always be aware of your surroundings: Don’t let your guard down in public places. Attackers gravitate to those that they see as the easiest. If you’re distracted, you may not notice someone is watching you and what you’re entering into the device or the ATM.
  • Use biometric authentication instead: Biometric authentication, either using your fingerprint or face, can offer additional security that a PIN cannot. Since the attacker never sees you enter a physical PIN, they can’t log into the device.

 

Related Tags: cyberattack, hacking, security, cyberrisk, financesecurity, data, authentication, cybersecurity

Get a Consultation

Discover the many ways to enhance your organization security posture with TSARO Labs
Select service*