Advanced DNS hijacking campaign targeting public and private organizations for last 2 years: Cisco Talos

A new cyber threat campaign called Sea Turtle is manipulating the DNS systems to target public and private entities, including national security organizations, in the Middle East and North Africa.

As per the researchers at Cisco Talos, it is very likely that the cyber threat started in January 2017 and has continued through the first quarter of 2019.

“Our investigation revealed that at least 40 different organizations across 13 different countries were compromised during this campaign. We assess with high confidence that this activity is being carried out by an advanced, state-sponsored actor that seeks to obtain persistent access to sensitive networks and systems,” according to the researchers.

The attackers carried out the attack through DNS hijacking, which means that they modified the DNS name records for directing the users to servers that were controlled by them.

In January this year, the Department of Homeland Security (DHS) had warned about this campaign that cybercriminals were able to redirect user traffic and gain access to valid encryption certificates used by organizations for domain names.

Cisco Talos identified two groups of victims of the Sea Turtle cyberattack.

The first group of victims included national security organizations, ministries of foreign affairs, and leading energy organizations. The cybercriminals targeted the third-party entities that provide services to these organizations in order to gain access. These were the primary victims.

The second group of victims included DNS registrars, telecom companies, and internet service providers.

One of the most notice-worthy facts about the Sea Turtle cyberattack is that the attackers manipulated the primary victims by first attacking the third-party organizations.

“The threat actors behind the Sea Turtle campaign show clear signs of being highly capable and brazen in their endeavours. The actors are responsible for the first publicly confirmed case of a DNS registry compromise, highlighting the attacker’s sophistication. Notably, the threat actors have continued their attacks despite public reports documenting various aspects of their activity, suggesting they are unusually brazen and may be difficult to deter going forward,” mentioned Cisco Talos in the report.

“In most cases, threat actors typically stop or slow down their activities once their campaigns are publicly revealed.”

Also read: Flaw in YellowPencil plugin leaves over 30K WordPress sites open to hacking

While this cyberattack is limited mostly to national security organizations in the Middle East and North Africa, but the success of this operation can result in attacks on the global DNS system. And the DNS is the foundation of the internet. The hijacking of the internet’s foundation can demoralize and break the trust of its users. These users are the key drivers of the global economy.

Cloud Cloud News

Cisco extends intent-based networking to IoT edge with new innovations

Cisco is looking to unlock the potential of internet of things (IoT) with the launch of new IoT Networking platforms, IoT Developer tools, IoT Partner trainings, as well as blueprints for utilities, manufacturing and remote assets.

Enterprises have unique IoT requirements and infrastructure needs that can grow and adapt with their business. Many of them struggle on these fronts. Cisco’s new innovations will provide enterprises scalability, flexibility, and security for their IoT environments, so that they can scale to production.

The new IoT Networking platforms include Cisco Catalyst IE3x00 Rugged Series of Switches and Cisco IR1101 Integrated Services Router Rugged. These platforms can be easily managed using Cisco DNA Center, so that enterprises can control the campus, branch and IoT environments from a single place.

New developer tools have been rolled out to DevNet (Cisco’s developer program), which include learning materials, tools, and support resources. This makes DevNet a complete platform for ecosystem partners to build and manage applications at the IoT edge.

“In IoT, the conversation is about business outcomes. It starts with secure connectivity as the foundation of every IoT deployment. By providing scale, flexibility and security, we’re turning the network into a secret weapon for our IoT customers,” said Liz Centoni, senior vice president and general manager, IoT at Cisco.

“And, with a new DevNet IoT developer center, we’re empowering thousands of partners and developers around the world to build upon our IoT platform.”

Cisco has developed blueprints for utilities, manufacturing, and remote and mobile assets, in order to speed up the process of moving from proofs of concepts to scaled deployments. For this, the company has worked with industry partners, and have successfully tested the blueprints to provide business outcomes.

Further, the company is going to provide trainings to its partners to help them successfully implement IoT projects. Cisco has a wide ecosystem of industry partners that include machine builder, independent software vendors (ISVs), and service providers from distinct industries.

Also read: Cisco and AWS launch Kubernetes-powered hybrid cloud solution

The new IoT networking platforms are now available for order.

Image source: Cisco

Cloud Cloud News

Cisco and AWS launch Kubernetes-powered hybrid cloud solution

Cisco has announced a new hybrid cloud platform that will make it easier for enterprises to run new containerized applications across all environments. The new platform will be powered by Kubernetes, and has been built for Amazon Web Services (AWS).

Called Cisco Hybrid Solution for Kubernetes on AWS, the new solution integrates Cisco’s networking, security, management and monitoring software with AWS’ cloud services.

It configures on-premises Kubernetes environments to be consistent with Amazon Elastic Container Service for Kubernetes (EKS), the companies said. The Amazon EKS is a managed Kubernetes service for managing software containers, which became generally available in June this year.

Today, applications have become the lifeblood for enterprises. Hence, enterprises are looking to develop and deploy applications across public and private clouds, without any obstruction. If they build the applications easily, get them up and run quickly, if can provide huge competitive advantage.

Cisco Hybrid Solution for Kubernetes on AWS aims to allow developers deploy and manage containerized applications more easily across on-premises and the AWS cloud. It will allow them focus on building and using applications, speed up innovation and reduce time to market.

“Today, most customers are forced to choose between developing applications on-premises or in the cloud. This can create a complex mix of environments, technologies, teams and vendors. But they shouldn’t have to make a choice,” said Kip Compton, senior vice president, Cloud Platform and Solutions at Cisco.

“Now, developers can use existing investments to build new cloud-scale applications that fuel business innovation. This makes it easier to deploy and manage hybrid applications, no matter where they run. This allows customers to get the best out of both cloud and their on-premises environments with a single solution.”

The new solution will come with a common set of tools for on-premises and AWS, which will simplify the management of on-premises Kubernetes infrastructure. It will help IT operations team to reduce complexity and costs.

Cisco Hybrid Solution for Kubernetes on AWS will also enable containerized applications to work with existing resources and production environments. This provides another advantage to both developers and IT operation teams.

“More customers run containers on AWS and Kubernetes on AWS than anywhere else,” said Terry Wise, Global Vice President of Channels & Alliances, Amazon Web Services, Inc.

“Our customers want solutions that are designed for the cloud and Cisco’s integration with Amazon EKS will make it easier for them to rapidly deploy and run containerized applications across both Cisco-based on-premises environments and the AWS cloud.”

Also read: Cisco acquires Duo Security for multi- and hybrid-cloud security

The new solution is expected to be available in December 2018. Cisco will provide the solution as a software solution requiring only Cisco Container Platform, or as hardware/software solution with Cisco Container Platform running on Cisco HyperFlex.

Cloud Cloud News Datacenter Newss

Cisco confirms over 80 of its products vulnerable to FragmentSmack DoS bug

Cisco recently updated the list of its products and services which are vulnerable to FragementSmack Denial of Service (DoS) bug. As of 24th September, more than 80 products have been found to be affected by the vulnerability.

FragementSmack vulnerability was disclosed last month by the Vulnerability Coordination team of the National Cyber Security Centre of Finland (NCSC-FI) and CERT Coordination Center (CERT/CC).

The vulnerability was found in the IP stack used by the Linux Kernel. Linux Kernel version 3.9 and above are vulnerable to DoS conditions with low rates of specially modified packet. It can allow attackers to cause a DoS attack on the targeted system.

Identified as CVE-2018-5391, the vulnerability exists because the affected software improperly handles the reassembly of fragmented IPv4 and IPv6 packets. The attackers can exploit this vulnerability by sending fragmented IPv4 or IPv6 packets that submit malicious input to a targeted system.

A successful exploit can trigger time and calculation reassembly algorithms that can consume excessive CPU resources.

Cisco is still investigating more of its products under routing and switching category for the vulnerability. These products are developed for businesses and service providers.

The products under investigation include the Application Policy Infrastructure Controller (APIC) Enterprise Module. It provides software-define networking to the enterprise branch, campus and WAN. The service comes with simple user interface to allow automation of policy-based application profiles.

The products which have been investigated and found not vulnerable to the FramentSmack are Cisco Adaptive Security Alliance (ASA) Software, Cisco Prime Optical, and more.

Also read: New Firefox bug crashing and freezing Linux, Mac and Windows devices

A list of all vulnerable and non-vulnerable Cisco products can be found here.

Acquisition Cloud Cloud News

Cisco acquires Duo Security for multi- and hybrid-cloud security

Cisco is acquiring the leading cloud-based two-factor authentication services provider Duo Security for $2.35 billion in cash and assumed equity awards.

Headquartered in Ann Arbor (Mich), Duo Security’s multi-factor authentication solution verifies the identity of users and health of their devices before providing access to applications. It strengthens the application security and prevents the cybersecurity breaches.

Customers, partners and employees nowadays access the business-critical data and applications from multiple locations and networks using company-issued and personal devices. The cybercriminals can compromise the passwords and devices to access enterprise systems.

By acquiring Duo Security, Cisco will integrate Duo’s zero-trust authentication and access products with its networking, device and cloud security platforms. The integration will help Cisco customers to securely connect users to applications on any networked device.

“In today’s multicloud world, the modern workforce is connecting to critical business applications both on- and off-premise,” said David Goeckeler, executive vice president and general manager of Cisco’s networking and security business.

“IT teams are responsible for protecting hundreds of different perimeters that span anywhere a user makes an access decision. Duo’s zero-trust authentication and access products integrated with our network, device and cloud security platforms will enable our customers to address the complexity and challenges that stem from multi-and hybrid-cloud environments.”

Cisco will further integrate Duo’s software-as-a-service (SaaS) model with Cisco Identity Services Engine (ISE) to extend intent-based networking into multicloud environments. Cisco is also bringing Duo’s trusted identity awareness to Cisco Secure Internet Gateway, Cloud Access Security Broker, Enterprise Mobility Management, and more cloud-delivered products.

Lastly, Cisco will augment endpoint visibility coverage of over 180 million managed devices with Duo’s visibility of mobile and unmanaged devices.

“Our partnership is the product of the rapid evolution of the IT landscape alongside a modernizing workforce, which has completely changed how organizations must think about security,” said Dug Song, Duo Security’s co-founder and chief executive officer.

“Cisco created the modern IT infrastructure, and together we will rapidly accelerate our mission of securing access for all users, with any device, connecting to any application, on any network. By joining forces with the world’s largest networking and enterprise security company, we have a unique opportunity to drive change at a massive scale, and reshape the industry.”

Also read: Arista, Cisco and Juniper lead Gartner’s Magic Quadrant for Data Center Networking

Dug Song will continue to lead Duo Security that will join Cisco’s Networking and Security business. The acquisition will close in Cisco’s first quarter FY19.


Global modular data center market expected to touch $59 billion by 2023: KBV Research

Global modular data center market will reach $59.3 billion by 2023, showing a CAGR of 29% during the forecast period (2017-2023), according to a report by KBV Research.

Modular data center is a portable method to deploy the capacity of data centers. It can be deployed anywhere the capacity is needed. Modular data centers come with purpose-built modules and components, to provide scalability with power and cooling options.

  • By Components:

In 2016, the functional module solutions dominated the global module data center market, and is expected to continue its dominance till 2023.

On the other hand, the services market will grow at a CAGR of 33.9% during the forecast period.

  • By Region:

In 2016, North America held the largest share in global modular data center market, and is expected to be a dominant market till 2023. The North America market will witness a CAGR of 28.2% during the forecast period.

Modular data center market in Europe region will grow at a CAGR of 28.9% during the forecast period.

Whereas, APAC region will grow at a CAGR of 32.3% during the forecast period.

  • By Verticals:

In 2016, the BFSI market held the largest share in global data center market, and is expected to dominate the market till 2023. According to the report, BFSI market will grow at a CAGR of 27.5% during the forecast period.

Healthcare market will grow at a CAGR of 28.3% during the forecast period.

Whereas, the retail market is expected to reach $7800.4 million by 2023.

Also read: Global Remote Infrastructure Management market expected to touch $44 billion by 2023: KBV Research

The main companies outlined in the report included HPE, IBM, Cisco, Dell, Vertiv, Schneider Electric SE, Flexenclosure AB, Bladeroom Group, Eaton, and Huawei.

Cloud Cloud News Datacenter

Cisco unveils cloud-based endpoint security services for MSSPs 

Cisco recently announced a set of new cloud-based services in its endpoint security portfolio, to address the challenges of Managed Security Service Providers (MSSPs) and their customers. The set of new solutions, packaged as Cisco MSSP endpoint security portfolio, provides service providers the security, visibility and control of customers without having to add any separate hardware.

These security solutions include Cisco AMP for Endpoints, Cisco Umbrella, and Meraki Systems Manager. They offer protection against advanced malware and threats.

“At a time when customers are moving to the cloud and struggling with requirements to improve operational efficiency, we’re partnering with MSSPs to ensure they can deliver comprehensive solutions with security, visibility and end point control,” said Gee Rittenhouse, SVP of Engineering, Security Business Group, Cisco. “Through flexible licensing models and an expanding portfolio, we address customer needs and the needs of our MSSPs to differentiate and grow their businesses.”

Cisco’s AMP for Endpoints will enable advanced malware protection at the point of entry, and further it will continuously monitor and record file activity, allowing no breaches and malware in the system.

Cisco Umbrella, on the other hand, will enable visibility to protect internet access on all networks, office locations, as well as mobile users. It blocks requests to malicious destinations even before a connection is established.

Whereas, Meraki Systems Manager enables MSSPs to manage, diagnose and monitor all mobile devices, such as iPads, Android phones, Macs, and PCs from a single place.

Additionally, the Cisco MSSP Endpoint portfolio includes a scalable business model which will help MSSPs to drive monetization of new services.

Also read: Cisco unveils its own container platform for multicloud environments

Cisco had expanded its multi-cloud product portfolio last year in November and had added a range of security solutions, enabling customers to see and control SaaS applications, secure cloud email, detect threats in public cloud, and stay safe while connecting to cloud.

Cloud Cloud News Datacenter

95% of total datacenter traffic to come from cloud by 2021: Cisco report 

Global cloud traffic will nearly triple over the next five years, accounting for 95% of total datacenter traffic by 2021, as per Cisco GCI report.

Cisco Global Cloud Index (2016-2021), company’s seventh annual report, focuses on data center virtualization and cloud computing. The report reveals that both consumer and business applications are driving the cloud adoption.

The datacenter traffic is rapidly growing, and it global cloud IP traffic will touch 19.5 ZB (zettabytes) per year by 2021, up from just 6 ZB a year in 2016. On the other hand, Big data will reach 403 EB (exabytes) by 2021, growing 8-times from 25 EB in 2016. It alone will represent 30% of the overall datacenter traffic.

With rapid rise in demands for datacenter and cloud resources, the large-scale public cloud datacenters called hyperscale datacenters have been developed. Hyperscale datacenter count in 2016 was 338, which will grow to 628 by 2021, representing 53% of all installed datacenter servers.  

“Data center application growth is clearly exploding in this new multicloud world. This projected growth will require new innovations especially in the areas of public, private and hybrid clouds,” said Kip Compton, Vice President of Cisco’s Cloud Platform and Solutions Group.

According to the study, 94% of workloads and compute instances will be on cloud data center, while only 6% by traditional datacenters by 2021.

Of the total cloud workloads and compute instances, SaaS will comprise 75%, followed by IaaS (16%) and PaaS (9%) in 2021.  

The improvements in data control and datacenter governance have reduced the security issues, which are major barriers to cloud adoption. Additionally, the advanced technologies like internet of things (IoT) and artificial intelligence (AI) will also increase datacenter demands.

The IoT applications like smart cars, smart cities, connected health and digital utilities need storage solutions and scalable computing. The IoT connections are expected to reach 13.7 billion by 2021, up from 5.8 billion in 2016. The data created by IoT devices will grow from 218 ZB per year in 2016, to 847 ZB per year in 2021.

Also read: Cisco unveils its own container platform for multicloud environments

Cisco GCI 2016–2021 report concludes that along with the growth in datacenter traffic, the datacenters are also streamlining with architectural innovations like NFV and SDN. The cloud traffic will more than triple over the forecast period, where the major traffic will be enabled by rapid extension of datacenter virtualization.

Cloud Cloud News

Cisco unveils its own container platform for multicloud environments 

Cisco recently announced a Kubernetes-based container platform called Cisco Container Platform (CCP), which will enable customers to run applications seamlessly same way, both on premises and in the public clouds, helping protect their existing investment on infrastructure.

Launched at Cisco Live conference, the CCP enables a multicloud environment, with accelerated and consistent configuration, deployment, and management on different deployments platforms, including Cisco HyperFlex, bare metal and virtual machines (VMs), on premises and in the cloud.

“Cisco is focused on enabling customers’ multicloud ambitions. Cisco Container Platform helps customers realize the potential of Kubernetes and containers, simplifying the deployment and management of Kubernetes clusters in a multicloud environment with enterprise-class security and compliance,” said Kip Compton, VP, Cloud Platform and Solutions Group, Cisco. 

Cisco collaborated with Google Cloud to leverage the power of Google Kubernetes Engine (GKE), and optimize Kubernetes platform for production-grade on premises environments. This will enable customers to run enterprise-ready containers on any infrastructure.

“As the adoption of Kubernetes has exploded, container orchestration and management have become of paramount importance to customers because they enable application portability and consistency across on premises and cloud-based environments,” said Eyal Manor, Vice President, Engineering, Google. “Cisco Container Platform is optimized in collaboration with Google Cloud to deliver a next-generation open hybrid cloud architecture, and represents an important milestone for our integrated Google and Cisco hybrid cloud solution coming later this year.”

The Cisco Container Platform automates the repetitive tasks, increases operational efficiencies, and eliminates the need to source, configure, and support multiple disparate solutions.

It is a turnkey solution for production-grade environments, which is open and extensible to other emerging open-source components, like Istio. It is delivered with advisory and support services by Cisco and its partners.

Cisco is expanding its growing portfolio with own container platform. Recently, it acquired Skyport Systems, a leading secure hyperconverged infrastructure (HCI) provider, for hybrid cloud security.

Also read: Microsoft to use Cisco Solution Support for better network connectivity with Azure ExpressRoute

The Cisco Container Platform will initially be released on Cisco HyperFlex 3.0 in April 2018. Customers can license it separately or as an integrated solution.

A second edition of CCP, which will be supported on VMs, bare metal, and public cloud, will be available in summer 2018. Its pricing will be subscription-basis, based on number of cluster nodes deployed, with volume-based discounts.

Cloud Cloud News

Microsoft to use Cisco Solution Support for better network connectivity with Azure ExpressRoute

Microsoft has teamed up with Cisco to provide customers more secure network connectivity to Microsoft Azure cloud platform with Azure ExpressRoute.

Azure ExpressRoute helps the users to establish a private and direct connection to Microsoft cloud services, like Microsoft Azure, Office 365, and Dynamics 365. It also enables them to extend their on-premises networks into Microsoft cloud, which helps in managing and running the business-critical applications and services.

The enterprises that move to cloud from a traditional IT model face a number of cloud challenges, like increased complexity, loss of speed and data integrity, limited connectivity and management hassles, among others.

To overcome these challenges, Cisco will now provide its Solution Support for Azure ExpressRoute, to build a new network practice which provides fast, reliable, and predictable private connectivity.

“To help address on-premises issues, which often require deep technical networking expertise, we continue to partner closely with Cisco to provide a better customer networking experience. Working together, we can solve the most challenging networking issues encountered by enterprise customers using Azure ExpressRoute,” wrote Yousef Khalidi CVP, Azure Networking, in a blog post.

The Cisco Solution Support offers additional support and guidance options for Azure ExpressRoute, helping the customers on premises end of the network. The customers will also have support from Cisco solution experts to quickly resolve their issues and connect to Microsoft Cloud Platform.

“With our customers in mind, Cisco is extending our Solution Support portfolio with a new network practice and offer for Azure ExpressRoute. This new offer for networking targeting the customers on premises network, allows us to leverage our world class networking expertise to assist customers using Cisco networking products and Microsoft Azure ExpressRoute to connect to the Microsoft Azure Cloud Platform,” wrote Joe Pinto, Senior VP, Cisco’s Technical Services Group, in a separate blog post.

Furthermore, Microsoft has integrated Network Performance Monitor (NPM) into ExpressRoute, which will enable customers to monitor connectivity to PaaS services (Azure Storage), as well as SaaS services (Office 365). This will provide more deep visibility into ExpressRoute network traffic. It will be generally available in mid-February in six regions.

Also read: Microsoft adds new monitoring and troubleshooting services to Azure Site Recovery

Additionally, Microsoft has merged public and Microsoft peering for simplified management and configuration of ExpressRoute. The ExpressRoute configuration needed customers to have ExpressRoute circuits in two different cities. Microsoft is planning to provide the second ExpressRoute site in the cities which already have an ExpressRoute site. As of now, the second peering location is available in Singapore only.

Page 1 of 3
1 2 3