Cyber Security Landscape in 2022

Cyber Security Landscape banner

The past few years have been a rollercoaster of change for the security landscape. The global pandemic caught many companies off guard due to how fast they needed to adapt to a remote work environment. This allowed threat actors to use a variety of attacks, old and new, to exploit vulnerabilities in security during their transition. However, now that we are slowly emerging from the global pandemic and slowly are slowly returning to the office, can we still say the threat landscape is the same or is there a new trend slowly emerging?

Now that we have passed the halfway point of 2022, it would be a good time to reflect and understand the current threat landscape to better prepare for the end of 2022 and the years after. Let’s take a look at the data provided by Trend Micro’s latest cybersecurity report for the midyear of 2022.

MaaS and RaaS on the Rise

Earlier this year, we saw the rise of malware-as-a-service (MaaS) and ransomware-as-a-service (RaaS). MaaS was propagated through the use of the EMOTET infrastructure that made it easier to distribute. This shows that even if EMOTET was dismantled in 2021, threat actors still use it to deploy other ransomware families to EMOTET-compromised systems.

EMOTET Attack Structure

According to Trend Micro data from its Smart Protection Network (SPN) platform, EMOTET detections have soared in the first six months of 2022. The number of detections in 1H 2021 was recorded at 13,811 while in 1H 2022 it has jumped to 148,701.

RaaS on the other hand, has grown due to it’s ease of use. RaaS is available to any would be criminal organization who can either purchase the infrastructure outright or can rent it out. It also does not need any technical knowledge to run a sophisticated attack which makes it even simpler to use. Trend Micro has detected that there are around 57 active RaaS and extortion groups and almost 1,205 victim organizations based on data they have collected throughout the 1H of 2022. They use mostly ransomware such as Lockbit, Conti, and BlackCat which has been detected from Trend’s SPN network.

Cloud Misconfiguration and Cryptocurrency-mining

Cloud-based containers have become integral into the digital transformation strategies of many organizations. However, due to its tendency to be misconfigured, it has become a big target for threat actors. According to a survey from Red Hat in May 2022, out of 300 participants who took the survey, 53% of them have answered that they have detected a misconfiguration in their containers and/or Kubernetes deployment. An independent investigation from Trend into Kubernetes clusters has shown that there are over 243,000 exposed clusters via Shodan that can be seen publicly. Some of these nodes, around 600, came back with a “200 – OK” notification, meaning attackers are free to exploit them and install and run malicious programs on the kubelet API.

Another emerging threat to come recently has been threat actors who steal cyptocurrency mining capabilities from their victims’ resources. There have been five prominent threat actor groups that Trend Micro has been able to identify.

  1. Outlaw – Primarily targets internet-of-things (IoT) devices and Linux cloud servers by exploiting known vulnerabilities or performing brute-force Secure Shell Protocol (SSH) attacks.
  2. TeamTNT – One of the most technically proficient threat actors focused on cryptocurrency mining.
  3. Kinsing – Known for quickly abusing new exploits (including the Log4Shell vulnerability) in a short period.
  4. 8220 – Known for exploiting Oracle WebLogic vulnerabilities.
  5. Kek Security – a relatively new group that uses sophisticated techniques and integrates new exploits in its attacks.

Threats are always evolving and adapting to situations within the cyberspace. This is why businesses should always work closely with security vendors to be able to stay up to date with the latest security trends. Consulting with partners like us from CT Link or even security solution vendors like Trend Micro is one way to keep ahead of the new threats that may come in the latter part of 2022 and beyond.

To learn more about the latest in the security trends or even to find someone to help improve your current security measures, please email us at marketing@ctlink.com.ph.

Exclusive Workshop: Collaborate and Stay Secure with Microsoft 365 for Business!

When the pandemic hit, businesses all over the world had to scramble and adapt. Many small and medium-size businesses really struggled with these changes and did not know if they would be able to make it through. The “new normal” has demonstrated that in order to thrive, businesses need to invest in developing capabilities in key two areas:

  • Real-time collaboration
  • Security

Real-time collaboration was hard to maintain during the start of the pandemic as many did not have the means to work remotely. Those companies that were unable to adapt to the pandemic were not able to recover their business. As you know, Microsoft Office 365 was able to help many businesses collaborate in real time and keep the user performance high even during those uncertain times.

Security does not fall behind collaboration in terms of importance during the pandemic. The spike in malicious attacks at the start of 2020 caused many businesses to lose important business data. Although some businesses were able to recover, many did not. These attacks also cost businesses significant amount of profit over time as lost business opportunities were hard to recover.

Microsoft Office 365 Business Premium Workshop

Even as we are emerging from the pandemic, remote work setups are now more accepted, and we can expect to see it from businesses. Therefore, we should keep finding ways to improve the business processes with better and innovative ways. This is why we at CT Link are partnering with Crayon Philippines to create an exclusive workshop for some of our customers to learn more about the benefits of Office 365. With better real-time collaboration and security features, this workshop aims to show you how you can keep improving despite the ever-changing IT landscape.

Interested in learning how you can attend our next exclusive workshops? Inquire at marketing@ctlink.com.ph to learn more!

Office 365 Tips for Improving Data Security

Microsoft Office 365 has become one of the most widely used collaboration tools for many businesses around the world. This is due to the familiarity, convenience, and functionality that the platform gives its users. The pandemic made it even more apparent when businesses had to close their offices and remote work was enforced globally. However, cyber criminals are aware of this and are actively looking for ways to exploit user ignorance for their gain.

Below are a few security tips to help you and your company improve your Office 365 security:

Enable Device Protection

Users of Office 365 will agree that one of the best features it has is its mobility. Being able to access your files, collaborate with others, and checking business emails on any device is incredibly convenient. However, this can lead to security risks in the long run if devices are not properly secured.

Microsoft Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). It helps your organization properly manage and secure your users’ devices, whether or not they are using company devices or using their personal devices (BYOD). One example of its capabilities is preventing emails from being sent to people outside your organization. It also allows your corporate data to be secured even if they are on a personal device, keeping it isolated from personal data.

Microsoft Intune Capabilities

  • Option to be purely cloud or co-managed with configuration manager and Intune.
  • Customize rules for both personal and organization-owned devices when accessing corporate data and networks.
  • Protect your company information by controlling the way users access and share information.
  • Ensure security compliance for all devices and apps

Set up Email Security

Attackers usually take the path of least resistance when targeting your network which is usually your users. Phishing attacks have gone up since the pandemic since users are more vulnerable outside your network. Making use of the default Office 365 anti-phishing capabilities can help your company monitor and block known campaigns to lessen the risk of a breach. These functions can be enabled through the Microsoft Defender in the settings window.

If your company would like a complete email security solution for your Office 365 defense, Trend Micro Email Security for Office 365 can help. The Trend Micro solution uses an optimum blend of cross-generational threat techniques, like machine learning, sandbox analysis, data loss prevention (DLP), and other methods to stop all types of email threats.

Trend Micro Email Security Capabilities

  • Stops phishing and spam by examining email senders, analyzing email content and malicious URL
  • Protects against BEC by examining email behavior while allowing you to define priority users for BEC protection
  • Detects and blocks advanced threats using machine learning and sandbox analysis

Turn on Multifactor Authentication (MFA)

Enabling the MFA capabilities of Office 365 adds an additional layer of security to avoid data breaches. By verifying each user that requests for access, lessens the chance that any malicious attacker can get into your network. Office 365 MFA can be enabled for individual accounts or through policies for all users. Individual account option makes users go through authentication on their login while policy-based MFA can be customized based on the user’s role or permission levels. The policy-based option is not available on all licenses.

RSA SecurID is another option if you are looking to improve your MFA capabilities for Office 365. With a native Office 365 integration, you can better secure your network with a variety of different authentication methods. The below authentication methods are also available whether or not the user has internet access:

  • Hardware tokens
  • Soft tokens through the mobile app
  • Biometrics through the mobile app
  • Tokens received through Email or SMS

For further security form the RSA solution has machine learning for its authentication solution. However, it is not included in the basic edition.

Contact us at marketing@ctlink.com.ph to learn more on how you can better secure your Office 365 suite today!

Security Advisory: Multiple Microsoft Exchange exploits being used by Threat Actor Hafnium

Microsoft has recently just announced a security update with regards to a set of new exploits found being primarily used by a state-sponsored threat actor based in China which Microsoft has called Hafnium. The previously unknown exploits used by Hafnium targets on-premise exchange server software to gain initial access to the network by disguising themselves as someone with access privilege. They then create what is known as a web shell to gain control over the compromised server remotely, making it easy to steal data.

Affected Servers and the Remediation

The exploits used by Hafnium targets Microsoft Exchange Servers, so users of Microsoft Exchange Online are not affected. Below are the versions that can be targeted by the exploits:

  • Microsoft Exchange Server 2013 
  • Microsoft Exchange Server 2016 
  • Microsoft Exchange Server 2019

Microsoft highly recommends that businesses with the affected Exchange servers immediately update them with the latest security updates to ensure protection against the exploits. If you are unable to immediately do so for all servers, Microsoft has said that you need to first prioritize external facing servers as they are the most vulnerable to these attacks but ultimately you would need to update them all to stay safe. Listed below are the security patches released by Microsoft for each exploit:

Is it possible to check if I have been already affected by these exploits?

Microsoft has released a detailed guide on ways to check you network logs to see if you have been affected, you may refer to this link if you would like to read more on it.

Protect users from browser based-attacks with Citrix Secure Workspace Access

The way we work has changed. The imposed strict social distancing rules due to the global pandemic, combined with the growing representation of the digital-savvy millennials in the workforce were catalysts in moving organizations forward in their digital transformation journey to increase employee mobility.

However, this shift in workplace culture has increased the security risks brought about by the proliferation of BYO devices of employees that access resources via VPN. When not secured properly, these devices serve as additional entry points for cybercriminals to the organization’s network.

Key challenges in traditional security controls

Mishandling of data and misuse of network access have become a growing concern, increasing the demand for more control and visibility over the users’ granular access to permissions to data.

Threats that may come from malicious websites, such as spoofing web conferencing sites, should be isolated from the corporate network to protect corporate data.

Employees may knowingly (or unknowingly) access restricted websites such as pornographic or social media web pages. The organization must block those attempts to protect its assets.


To address these challenges is a big step forward for organizations to improve their digital transformation journey. Although this is easier said than done, Citrix may have the answer to help you address these challenges.

Citrix Secure Workspace Access

The Citrix Secure Workspace Access service provides a unified experience by integrating single sign-on, remote access, and content inspection into a single solution for an end-to-end Secure Workspace Access. It does this by providing your administrators the ability to:

Configure a workspace to securely add, manage and deliver access to apps from any device

Configure web filtering to allow/block websites that can be accessed by the end-user

Isolate web browsing to protect the corporate network from browser-based attacks with no user device configuration needed

With these, administrators can rapidly roll out secure browsers, providing instant time-to-value. By isolating internet browsing, IT administrators can offer end users safe internet access without compromising enterprise security.

This is only the tip of what Citrix Secure Workspace Access can provide to your organization, if you would like to learn more, you may fill out the form below and we will get back to you as soon as we can!

Security Advisory: Zerologon, a level 10 Critical Vulnerability

It was recently discovered that a new Critical vulnerability, named Zerologon, has been found for windows which is so severe that the Common Vulnerability Scoring System (CVSS) has given it a score of 10 out of 10 and Microsoft itself has rated it as a severe vulnerability.

What is Zerologon?

The vulnerability was found in Netlogon which is the protocol used by Windows systems to authenticate against a Windows Server running as a domain controller. The vulnerability in Netlogon allows for attackers to:

  • Impersonate the identity of any of computer on your network during an authentication attempt on a domain controller
  • Disable security features in the Netlogon authentication process
  • Change a computer’s password on the domain controller’s Active Directory

The only limitation for the vulnerability is that the attack can only be done if the threat actors already have gotten into your network.

What can I do?

Firstly, it is highly recommended that you update your Microsoft security to avoid this vulnerability. This is the most important step into making sure that your network is not affected by this critical vulnerability. You can find the Microsoft security advisory CVE-2020-1472 here.

If patching cannot be done immediately, one way to help mitigate an attack is to prevent attackers from getting into the network. As stated above, the limitation of this attack is centered on them getting inside the network, however, once they do, it means that they will be able to take control of your whole network.

Trend Micro Solution

For our Trend Micro customers, Deep Security or Apex One can be used to do virtual patching to help mitigate the attacks to help ensure that your network is safe. Below are the IPS rules that may help you strengthen your defense if patching cannot be done immediately:

IPS Rules

Deep Security and Cloud One – Workload Security, Vulnerability Protection and Apex One Vulnerability Protection (iVP)

  • Rule 1010519 – Microsoft Windows Netlogon Elevation of Privilege Vulnerability (CVE-2020-1472)
  • Rule 1010521 – Microsoft Windows Netlogon Elevation of Privilege Vulnerability Over SMB (CVE-2020-1472)

Please note that both rules are already set to Prevent.


Other Inspection / Detection Rules

Deep Discovery Inspector

  • Rule 4453: CVE-2020-1472_DCE_RPC_ZEROLOGON_EXPLOIT_REQUEST
  • Rule 4455: CVE-2020-1472_SMB2_ZEROLOGON_EXPLOIT_REQUEST

For those interested in learning more about the attacks, Trend Micro is also hosting a webinar this coming September 29, 2020 to talk more in detail about the vulnerability. You can register for the free webinar here.

If you have any questions with regards to either Zerologon or the Trend Micro solution to help prevent the attacks, please just contact us via email (rcruz@ctlink.com.ph) or through our landline 88939515 and we would be happy to answer your inquiries!


Texture vector created by macrovector

Liberty Mutual: An Insurance Case Study for Office 365

In the insurance industry, business is all about protecting valuable items of people.  This is why insurance industries need to make sure that they are using tools and technology that serve to bring their clientele sufficient protection.  This is to help make sure that their products and services stay innovative.  A good example of a company doing this in practice is Liberty Mutual.  With more than 50,000 employees and 900 global locations, Liberty Mutual is one of the few in the industry that experience business on a large scale.

This is why they have a few unique problems that they run into as a bigger insurance business.  They are forced to compete with many internet startups who have the advantage of mobility through the use of cloud-based technologies.  They also need to take care from their other competitors as well who try to disrupt their value chain and build stronger relationships with their client base.

To overcome these challenges, Liberty Mutual had to make a change, a digital transformation.  Microsoft office 365 and power BI were just the products to help them start this journey.  Office 365 improved the collaborations of their worldwide team.  They are able to share insights more conveniently, helping them with the product development process and shorten the time for breakthroughs for products the import and export globally.

Analytics is also a very important ability to have in the industry.  Office 365 has helped Liberty Mutual through faster response to market changes.  They are now moving to a more agile development process in which smaller groups from multi-disciplinary employee groups are able to collaborate on new products with more efficiency.  Chat-based real-time collaboration has increased their proportion of people across their company who normally could not collaborate with each other through regular means.  Analytic tools as well is the other way in which helped them increase their efficiency, this is where Power Bi comes in.  With just the right amount of user friendliness and high-level insights, even departments like Claims, Legal, Reinsurance and HR are able to quickly pick out information from just the dashboards and KPIs.

With new tech savvy recruits, they are now accustomed to wanting mobility compared to on-premise workstations.  They need to be able to have access to what is normally on-premise on the go, this is not only a storage concern but also security one.  Office 365 helped them as they are able to access their documents and emails on the go while still maintaining a high level of security for their employees.


To learn more about Office 365 and other Microsoft products, you may contact us at 8893-9515 and we would be happy to answer your inquiries!

Five Data Protection Requirements in Healthcare that Unitrends can Help you Solve

When it comes to business continuity, the healthcare industry faces many unique requirements and challenges.  With the need of 24 hours, 7 days a week and 365 days availability, and the need to safeguard the content of their electronic health records (EHRs), it can be a hard task to fulfill while still keeping within a reasonable budget.

This is where Unitrends can help.  Below are a few unique requirements that the healthcare industry faces and how the Unitrends solution meets to solve them.

  1. Uptime Requirements

When it comes to recovery time objectives (RTO), most industries have them in hours as they have more time to work with.  This doesn’t follow for the healthcare industry as they need their RTOs in a matter of seconds or minutes.

Unitrends Instant Recovery can failover applications in literally seconds. Unitrends Recovery Assurance delivers automated recovery testing, site and application failover, ransomware detection, and disaster recovery compliance, both locally and in the Unitrends Cloud.

  1. Highly Targeted by Ransomware

Due to the nature of healthcare, data of patients are critical for the business to function.  Ransomware criminals are aware of this and that is why the industry is a prime target.

Unitrends products can do security scans against your production applications – but using your backup data instead. It can spin up your applications in a specific order, isolate them from production, execute security tests, and automate reports and alerts immediately upon detection of ransomware

  1. Highly Regulated

For companies that need to work with the Protected Health Information (PHI) must ensure that all the required physical, network, and process security measures are in place, well documented and strictly followed.  This is required by HIPAA.

Unitrends offers a portfolio of 15 all-in-one enterprise physical appliances that are pre-loaded and pre-tuned with powerful software that not only covers on-premises backup but also long-term retention and disaster recovery in the HIPAA compliant Unitrends Cloud.

  1. Must Control Highly Proprietary Data

Healthcare IT must know where their physical data is located at all times of the lifecycle as well as control who can access it.

Unitrends Recovery Series and Unitrends Backup software can replicate data locally, to a remote site or to the HIPAA-compliant Unitrends Cloud. From any of those locations data can be stored for long term retention and / or used for disaster recovery purposes.

  1. Support Large Numbers of Non-computer Savvy Users

Usually, the general staff of healthcare are considered to be beginners or illiterate when it comes to new IT related technologies that have come out in the recent years.  This makes them very prone to mistakes which in turn can keep their IT counterparts quite busy.

With a common and intuitive user interface across all products, even untrained IT staff can easily find individual files in backups. A few clicks and the entire recovery process, from login to file restoration usually takes less than 5 minutes.


To learn more about Unitrends, you may contact us at 8893-9515 and we would be happy to help you!

Cisco Meraki: Your First Year is on Us

Are you thinking of switching or experiencing the simplicity of the Meraki Dashboard? Or are you a current Meraki user looking to expand your Meraki lineup?  You’re in luck! For a limited time only, Meraki will be running a “First Year on Us” promo.

For a limited time only, any customer that purchases a new Cisco Meraki cloud management license for 3 years or more will get an additional year added at no extra cost! The extra 365 days are added automatically in the dashboard. No further steps required.

First Year On Us is available globally. License renewals do not qualify for this promotion.

Why Cloud Networking and the Meraki Dashboard

Cloud networking helps IT departments ensure greater reliability, easier day-to-day management, and lower running costs. The Meraki dashboard gives administrators unparalleled visibility into the network users, devices, and applications.

Administrators can view in depth analytics at the tip of their fingers. They can also quickly create access control and application usage policies to enhance both the end-user experience and network security.


For more information about this promo, you may reply to this email or directly call us at 893-9515 and we would be happy to help!

*Terms and conditions will apply.

A Closer look at Processor Vulnerabilities

The past few years has been rough on processor security, this especially for Intel as one of the biggest processor vulnerabilities Meltdown and Spectre was for nearly all their modern CPUs.  Although patches came out almost immediately to solve these issues, this was just the start to the security vulnerabilities as other attacks such as MDS (Microarchitectural Data Sampling) have been popping up.  So why are these vulnerabilities and security flaws only now coming to light?  These issues actually are quite complex and would need a further understanding of the advances of CPU technology such as the following below:

  • L1/L2/L3 caches
  • Speculative execution
  • Pipelines and buffers
  • Hyper-Threading

If you are unfamiliar with the above technologies, they basically function as ways to help improve the speed of the CPU.  In theory, without these components, we could have a much more secure processor at the cost of performance.  Vendors are caught in a predicament of wanting to increase performance but also have to consider the security implications of newer technology.  This shows in the patches for recent vulnerability fixes which brought performance down of the CPU by 5-30%.  The latter number can be alarming but does not usually affect home users as the 30% is more frequent for servers.

Although vendors are still working on improving their security to prevent future vulnerabilities from happening, there are still ways to make sure that your data is protected like adding an additional layer of security.  With the help of 3rd party security vendors such as Trend Micro can help with products such as Deep Security through virtual patching.

To get a more in depth understanding of the processor vulnerabilities, you can refer to this article here.  To learn more about Trend Miro Deep Security, you can visit our page here or contact us directly at 893-9515 and we will be more than happy to answer your inquiries!

Exit mobile version