< Previousfor exploitation in email attacks, including both compromises affecting the platforms themselves, or simply using them to covertly host a phishing site. One benefit for the fraudsters is that domains like wix. com are widely recognised and have a decent reputation. They tend to rank highly in things like the Alexa Top 500 list and have a high level of traffic and engagement. Accordingly, they are usually categorised as trusted by email security gateways and other security systems which have often been tuned to ignore them in order to reduce the number of false positives. Using legitimate platforms gives the fraudsters a number of attack options. Most often this will involve crafting a fake login portal. Victims are directed to the site by phishing emails impersonating the brand, and the attacker can then harvest data. Banks and other financial services are a popular choice as a successful sting may grant attackers direct access to financial information. Such tactics are also often used as the first step in more complex cyber- attacks, gathering login credentials which can then be used in Business Email Compromise attacks, to infiltrate the network, or sold for a profit on the dark web. Example one: Exploiting Wix.com Imitating IT services is a particularly common approach for these attacks. Attackers may assume the guise of the company’s IT support personnel or may impersonate a service platform directly. Microsoft platforms such as SharePoint are the usual choice, given their ubiquitous nature in the workplace. In one example recently examined, the attackers used the Wix website builder to create a fake Microsoft login portal and then sent out phishing emails with the title “Microsoft Urgent Message”. The email warned the recipient that 20 of their incoming messages had been blocked because their inbox needed to be verified, before providing a link to the fake login portal. The message doesn’t quite line up with the way Microsoft handles account details, but the attackers are counting on busy and non-technical staff to respond to the threat of losing their emails and overlook these details. The attackers are playing the odds and the odds are usually in their favour. Clicking on the link and submitting login credentials will enable cybercriminals to access the account and exploit it for any number of damaging cyber attacks. Example two: A multistage attack through Weebly.com While many attacks use these basic but effective tactics, some scammers will use more sophisticated and inventive approaches, creating multistage attacks that combine multiple elements. In another example analysed, the perpetrator sent out emails alerting the victim to a newly shared encrypted document, encouraging them to click a link to view it. Again, the attacker is counting on the victim overlooking any discrepancies to ensure they don’t miss out on a potentially crucial work file. Sharing files via services like SharePoint and Google Docs has also become a standard part of most working days, email gateways have been configured to trust these services and so few staff would question such a message in their inbox. Clicking the link would lead the recipient to a fake SharePoint page hosted on the website builder Zyro. The page displays a message that the visitor has multiple unread files to view and provides a “preview document here” button. Clicking the button leads to a false Office365 login page, this time hosted on Weebly, and prompts the user to confirm their details. Example three: Using a compromised WordPress site Rather than investing the time and resources needed to create a convincing new phishing site, attackers may also hack an existing one by exploiting a vulnerability. New vulnerabilities are discovered on a constant basis, and previously unknown “zero day” exploits are especially effective. However, even when an issue is known and the service host has issued a patch, it can still be exploited if website owners have not applied the fix. WordPress, one of the most popular site hosting platforms, has been particularly prone to exploits, thanks in part to the large number of plugins it supports. For example, the ProfilePress plugin enables admins to create and edit user profile pages, as well as frontend registration forms for users. However, a recent upgrade didn’t include safeguards to prevent users from supplying arbitrary metadata while inputting details. This created the opportunity for threat actors to exploit the system and escalate their privileges to achieve admin access. The issue was patched just a few days after it was reported to the plugin developer but is still exploitable in unpatched sites. Another recent issue enabled attackers to exploit the File Manager plugin to reach the Wp-content folder, which essentially serves as the main directory for the site and its contents. The exploit allowed hackers to upload images containing hidden webshells, enabling them to run commands on the site. From here they could upload more malicious scripts and compromise other areas of the site. Techniques like these can provide fraudsters with a variety of malicious powers, such as harvesting the data of visitors or infecting them with malware. Hackers can also manipulate a compromised site to redirect to their own malicious copy. This means they can deceive victims by sending them a link to a completely legitimate site, thereby bypassing email security tools, only to redirect them to a phishing site afterwards. Similar tactics are used for delayed activation attacks, where a completely legitimate link is included in the email but is redirected at a later date. Knowledge is power – but is it enough? If you know where to look, most deceptive email attacks contain various clues that expose them as fraudulent imposters. For example, spoofing tactics that change the displayed “From:” line in the email can be exposed by simply hovering the cursor over the name to reveal its real identity. Likewise, if a page claims to be a SharePoint login portal but the URL contains Weebly.com, clearly something is not right. There will also likely be multiple clues when a fraudster is impersonating a known contact, such as a different font, lack of email signature, and odd tone. However, while all malicious emails have flaws, attackers are counting on their targets being too busy, apathetic, or uninformed to notice the discrepancies that will expose the message as a scam. Deceptive email attacks count on end users being the weak link in the security chain. To combat this, organisations malicious emails www.networkseuropemagazine.com 70need to focus on improving the ability of their staff to identify and report malicious emails in their inboxes. As email security solutions have improved, attackers have switched to more subtle social engineering techniques that are harder to filter out from legitimate emails. As a result, many organisations have turned to security awareness training (SAT) to counter the threat. But as the costs keep mounting, it is clear businesses need to implement more effective solutions to stem the tide. Security Awareness Training (SAT) is a common solution to this problem, with the aim of improving the workforce’s ability to spot the tell-tale signs of a malicious message. These courses usually cover the most common attack tactics, as well as best practice for activities like sharing data or credentials which could expose the company to cyber risk. SAT sessions are often accompanied by phishing tests that send fake emails around to test awareness and response levels. While this knowledge is important for fighting email attacks, training is ineffective in isolation. Most employees will tend to forget their learnings over time as they don’t have the chance to internalise them. Even if an individual is tricked by a simulated phishing email, this is a fairly isolated incident and will likely not change their habits. For many, such training sessions are more of a bother than anything – a distraction that is keeping them from their actual role. Even for those individuals who take the lessons to heart, few people can spare the time to play detective and scrutinise every email in their inbox for signs of a fake. Creating a crowdsourced approach Instead of corralling them into annual training sessions, organisations need to make their employees an active part of the fight against email attacks. Alongside gaining the knowledge to identify phishing and BEC emails, individuals need to be armed with the tools to quickly and easily verify and report their suspicions. Providing all personnel with the ability to scan their inboxes for malicious emails as and when they need to will help them to verify their suspicions without having to pause their busy workday to go through each message with a fine-toothed comb. Once the tool looks behind the scenes to identify signs of a malicious email, potentially dangerous messages are then reported to the IT security team for further investigation. This creates a crowdsourced approach to email security. Not only will each worker be solving the email problem in their own inbox, but data from reported messages can also be used to detect and automatically eliminate similar messages across the organisation before they are even opened. Not only is the process very quick and unobtrusive for busy personnel, but it also demonstrates that they are providing tangible value in helping keep the entire company safe from attack. Unlike exercises using fake emails, this is no mere test – every action is making a real difference. The crowdsourced data also provides valuable intelligence to aid in threat hunting activities by the security team. The more threat data end users report, the more information there is to train machine learning tools that can be used to quickly analyse large volumes of emails for similar attacks. This allows security practitioners to automate more of the investigation process, enabling them to be more efficient and focus on more high-value activity. As cybercriminals continue to refine their email attacks and exploit legitimate resources such as website builders to aid in their deception, organisations need to build a new line of defence. Equipping personnel with the means to quickly and easily scan potentially malicious messages will help them to transform from being a weak link to an active part of the defence against email attacks. n malicious emails www.networkseuropemagazine.com 71During this process, the main challenges experienced revolved around security and network performance, in that countless numbers of devices were connected to business networks, triggering an increase in security risks and overloaded the system. Understandably, it takes time for individuals to acclimatise to new set ups. Unfortunately, the urgency of the pandemic took away this luxury and so many businesses faced complaints about unreliable connectivity and a lack of real-time IT support. The shift to remote working saw a rise in platforms to facilitate virtual operations. However, it was these video conferencing and collaboration apps that posed the greatest challenges in terms of consistent performance and reliability, according to 36% of respondents. In response, businesses began adopting various technology solutions to Michael Wood CMO Versa Networks Knowledge gaps around SASE may hinder business progress Businesses across the world have been forced into an accelerated digital transformation journey by the effects of the Covid-19 pandemic. Transitions that would normally have taken months, or even years, took only a matter of days, often resulting in the transition to fully remote workforces for the first time. Our latest research report based on a survey of IT and security professionals revealed that 84% of companies have accelerated their move into the cloud and their adoption of digital transformation projects. knowledge gap www.networkseuropemagazine.com 72around der rogress knowledge gap www.networkseuropemagazine.com 73Despite good adoption, currently only 31% of teams know the accurate definition of SASE: ‘the convergence of networking and security services like CASB, FWaaS and Zero Trust into a single, cloud-native service model.’ knowledge gap www.networkseuropemagazine.com 74strengthen their cybersecurity stance and improve network performance. One of these solutions was Secure Access Service Edge (SASE). The shift towards SASE SASE is the integration of networking and security solutions, such as Zero Trust and firewall-as-a-service (FWaaS), into a single service that can be delivered entirely through the cloud. As a significant proportion of companies anticipate their employees will continue to work remotely, either fully or part-time, once pandemic restrictions are completely lifted, companies will be looking to future-proof this side of their business. Security is a fundamental part of ensuring business continuity beyond the events of the past year, and whilst most companies prioritise security at the top of their lists, 49% would still like to see more focus on it. This is where SASE comes in. SASE’s capabilities of strengthened security and reliable connectivity made it a popular choice for those looking to upgrade their systems. In fact, 87% have already adopted VPNs or SASE, or are thinking of adopting SASE within the next year. VPNs have been a popular choice for companies in previous years, however, there is a notable shift towards SASE as an alternative. Our survey revealed that when compared against each other, 23% of companies adopted VPNs, whereas 34% chose SASE. The knowledge gap It is promising to see the increased adoption of SASE, given the benefits on offer to organisations. Currently, one of the main reasons that companies opted for this implementation is for improved security of devices and applications used by the remote workforce. Unfortunately, in a lot of cases where SASE has been deployed, the solution may not be operating at its most effective, simply because the teams using it do not fully understand it. Despite good adoption, currently, only 31% of teams know the accurate definition of SASE: ‘the convergence of networking and security services like CASB, FWaaS and Zero Trust into a single, cloud-native service model.’ As a result, it’s likely that some companies who have already implemented SASE will not be getting the most out of it. In fact, 13% of those not planning on deploying SASE admitted to not truly understanding the benefits. However, whilst there is a need for greater education around SASE, it’s important to acknowledge that IT and security teams are already recognising SASE’s advantages over legacy VPN systems, which contain a whole host of security flaws. It’s promising that a third of companies have already adopted SASE, and another 30% will adopt in the next six to 12 months. Interestingly, the main two reasons for why companies are choosing not to invest in SASE at the moment is because they have other priorities within the business, or that they have a lack of budget for investing in new technology. Raising awareness about the benefits of SASE will allow companies to make informed decisions about their technology when they’re able to do so. The future of security and networking Moving forwards, the main concerns amongst businesses are being able to maintain expected levels of service across the business, as well as the need to securely support more remote workers and devices. SASE is perfectly suited to helping support businesses in both these areas. Not only does it assist with the strengthening of the network architecture, but it can also be deployed through the cloud, delivering greater flexibility across the business. Given that most applications used are now based in the cloud, smooth and secure transitions to and from the cloud are imperative. Cybersecurity is, and will continue to be, a fundamental part of every business as we navigate the digital era. Regardless of what industry you’re in, security contributes to your business continuity, as demonstrated by the fact that 32% of companies are worried about being able to protect the company network from security threats. Solutions such as SASE that provide a single point of control will help strengthen their network, as well as embed security into every element of the architecture. It is therefore crucial that companies carry out sufficient research into the solutions available ahead of implementation in order to secure the highest return on investment (ROI). n Not only does it assist with the strengthening of the network architecture, but it can also be deployed through the cloud, delivering greater flexibility across the business. knowledge gap www.networkseuropemagazine.com 75The initial non-standalone 5G framework was a necessary first step for increasing adoption of 5G as relying on a 4G core required fewer changes. But now the time has come to upgrade to a fully standalone 5G scheme. Doing so will enable operators to make the most of 5G’s edge computing and cloud-native capabilities. For example, standalone 5G’s network edge enables much faster response times, which allows enterprises to make the most of new, lucrative, applications. The cloud 5G is revolutionary because it combines cloud computing and wireless technology in a way that has never been seen before. Cloud computing has long been championed by enterprise IT for its flexibility and ability to support agile service deploym3ents, but it is new for the telecoms industry. The integration of wireless access infrastructure and cloud technology in 5G makes it possible for a whole new generation of applications to be deployed at the edge. This has benefits for businesses with low-latency Industry 4.0 applications and for customers with cloud gaming, all now possible. It is no surprise then that many carriers are embracing the potential of a cloud-native edge environment and either partnering with public cloud vendors or building out private cloud platforms. However, as with any change, there are challenges. One of these challenges is that containers are a key component for making 5G networks agile and efficient, but fully transitioning to a containerised network is expensive. Instead, most operators will continue to operate in a combination of the physical, virtualised, and containerised network as a result. Virtualisation Without virtualisation, 5G is not possible. The good news is that network functions virtualisation (NFV) and software-defined networks (SDN) have helped the telecoms industry begin to embrace virtualisation, so they are already part It is no secret that 5G has huge potential, offering a greater range of applications, speed and efficiency for businesses and customers alike than anything before. But for the network operators tasked with implementing, monitoring, and securing this ground- breaking technology, it also comes with challenges. As they transition to a fully 5G standalone scheme, network operators are faced with the question of how to construct a 5G strategy that maximises the benefits while minimising the challenges and risks. 5G networks www.networkseuropemagazine.com 76way there. Virtualisation makes 5G affordable which is certainly important to the enterprises looking to implement it. It also enables the vital flexibility required for 5G and the ability to spin capacity up and down depending on the time of day or slicing requirements. As discussed above, the problem is that virtualisation itself can be expensive, but this is where NFV and SDN come in. Indeed, according to estimates by McKinsey, operators could reduce their capital expenditures by up to 40% by using the latest NFV and SDN technologies. The challenge is that, while leading service providers have started to embrace the concept of virtualisation, many are still only using virtual infrastructure for low volumes of their total network traffic. There is a bit of a chicken and egg issue with this because, without virtualisation, 5G will be impossible to run to its full vision, but virtualisation technologies are reliant on high uptake by 5G providers to really get off the ground. Securing 5G The biggest challenge with 5G is security. There are a lot of new elements to it – new technologies, new practices, new partners, new customers – that all come with risks, so network operators must learn to manage the threat of cyberattacks alongside the potential for network disruption due to software update bugs and resource competition among network elements. Indeed, as service providers update their systems to accommodate 5G, they must also upgrade their security. This is particularly important because 5G is vital for the functioning of mission-critical services, where a drop-in service or breach of security could have far-reaching and potentially business ending consequences. The problem is that securing 5G cannot be approached in the same way as securing traditional internet services, so there is quite a bit of training and reframing of the issue to be done. Traditionally, when a compromise is detected, traffic is immediately dropped. This concept does not generally protect or defend from malicious but ‘valid’ use of a service that might impact other users, the service itself or the underlying infrastructure. Examples of such attacks include DDoS attacks from registered mobile devices, device compromise, IoT data theft or modification and so on. Operators must also look to network automation and Open Radio Access Network (RAN) platforms. These platforms enable operators to monitor and control the network in real-time, flagging quality control issues as they occur. Open RAN is based on open standards which give network operators the ability to select the best elements from multiple vendors and tailor their approach for their specific needs. Implementing 5G will not happen overnight and there are certainly challenges to overcome. However, there are also lots of solutions and tools to help ease the process. With these tools in hand, network operators will be able to enjoy the benefits of 5G. n Rick Fulwiler Chief Solutions Architect NETSCOUT The challenges of monitoring 5G networks 5G networks www.networkseuropemagazine.com 77Innovative technology drives rapid deployment 5G deployment www.networkseuropemagazine.com 78The wireless future is about developing the most compelling products using a combination of advanced technologies to maximise system performance while optimising both cost and power. Doing so will unlock the deployment of new 5G products and services for mobile operators and the whole 5G ecosystem, from businesses to consumers to the economy. With 5G offering so much potential, how can the industry overcome the challenges associated with cost, power and performance to ensure the second wave of 5G is a success? Any savvy business person knows to protect their investments, the same holds true for operators and their 4G investments. Existing 4G networks are made of infrastructure such as cell towers and premises that host different parts of the radio access network, so operators are now exploring how they can build upon these investments by upgrading them to 5G. As an example, high-density locations, such Brendan Farley VP Wireless Engineering & MD EMEA Xilinx nnovative technology es rapid deployment of new 5G products, services and business models With 5G offering so much potential, how can the industry overcome the challenges associated with cost, power and performance to ensure the second wave of 5G is a success? 5G deployment www.networkseuropemagazine.com 79Next >