Category Archives: Technology

VisionTechFest’s TechThon to Spark Industry-Academia Synergy in India

Bangalore, 28 October 2023 – Visionet, a leading technology solutions provider, introduces TechThon, an innovation-focused event that is a part of VisionTechFest 2023. Designed to bring academia and industry closer together, TechThon focuses on fostering the next generation of tech innovators. Forming a key component of the VisionTechFest – TechThon will offer a unique platform tailored for university students to showcase their innovations in an industry-oriented setting.

The event aims to empower and equip students with essential technical skills needed to pursue careers in technology and innovation. Through real-world exposure and opportunities for mentorship, the platform will allow them to nurture their potential and catalyse their journey towards becoming tech leaders of the future.

Among the key highlights of VisionTechFest’s TechThon, is that the platform has attracted an overwhelming response from students across the country. Out of the 662 teams that registered, an impressive 60 teams have been shortlisted to advance to the upcoming rounds of this exciting event.

The majority of the students and teams participating at the TechThon will represent prominent institutions such as The Oxford College of Engineering, Bengaluru, Presidency University, and Vellore Institute of Technology, showcasing the exceptional talent pool present within these institutions.

Sandeep Agarwal, EVP, Visionet expressed enthusiasm for the event, stating, “VisionTechFest’s TechThon offers an unparalleled platform for students to engage with industry leaders, facilitating an enriching exchange of ideas and providing students with invaluable mentorship opportunities that tap into a vast reservoir of knowledge. Through these connections, students not only gain immediate guidance but also the potential for enduring mentorship that can significantly influence their professional journey.”

Dr. Manjunatha, Principal, from New Horizon College of Engineering, Bangalore, adds, “We firmly believe that the synergy between students and the industry extends beyond the mere transmission of knowledge; it represents a dynamic partnership that catalyses the emergence of novel ideas, disruptive technologies, and groundbreaking solutions. These innovations have the potential to reshape the technological landscape of tomorrow. By sowing the seeds for a future where technology not only evolves but thrives on the ingenuity of the youth, we are setting new standards while also opening up exciting new horizons in the tech world.”

Selected students participating in TechThon will receive expert guidance on their projects, helping them refine their ideas and innovations. Additionally, winners will have the unique opportunity to receive Pre-Placement Offers (PPOs) and internships from Visionet, offering them a direct pathway into a promising career in technology.

VisionTechFest’s TechThon is poised to bring about transformative experiences for the students involved, offering them a platform to turn their ideas into reality and gain exposure to the dynamic tech industry.

Newest Ransomware Trend: Attackers Move Faster with Partial Encryption

On Wednesday morning, May 3, 2023, security personnel with the City of Dallas were horrified when their security software alerted them that they had likely become the target of a ransomware attack. Multiple servers across a range of departments were affected: 911 dispatchers, courts, and police services couldn’t use their computers for days.

It later emerged that sensitive data had been stolen—800,000 files containing full names, home addresses, Social Security numbers, dates of birth, and the health and insurance data of at least 30,000 city employees and other individuals. Two weeks later, the Royal ransomware group, which took responsibility for the attack, threatened to release the information. In particular, police officers and others whose data had been stolen feared the data could fall into the hands of violent offenders who might try to retaliate.

The City of Dallas wasn’t the first government to be hit by ransomware—or the first ransomware attack where lives could have been lost. The Royal ransomware group was originally part of the Conti group, which previously took credit for bringing the entire Irish healthcare system to a halt in 2021.

One of the reasons Royal was able to strike so quickly and effectively in Dallas is that they took advantage of today’s fastest-growing ransomware trend: partial encryption.

The term “partial encryption” may sound more benign at first than traditional attack strategies, since theoretically less damage is being done. However, in fact, it’s no less devastating to organizations that find themselves under attack.

In this post, we’ll explore the emergence of partial encryption as a strategy to make cybercrime even more profitable, which industries are at risk, and finally, a few key steps to help you protect your business.

Why Do Attackers Choose Partial Encryption for Ransomware Attacks?

Encryption is a tried and true strategy for malware actors. Malware within the victims’ systems leaves their data in place but completely inaccessible. Attackers then demand a price to unlock the data so victims can resume business as usual. In a second-tier strategy, in the event that victims refuse to pay, attackers can still make money by selling the compromised data.

Based on this model, ransomware has become big business over the last decades. And like all big businesses, attackers are always seeking to optimize their operations and find more efficient, cost-effective ways to achieve the same or better results.

Encryption in particular can be very time-consuming, especially for large amounts of data. This has led attackers to seek more efficient, effective ways to render victims’ data inaccessible unless they pay the ransom.

Partial encryption, also known as intermittent encryption, has emerged as just one example of increasingly sophisticated attack tactics, often in readily available off-the-shelf ransomware products that are openly sold on the darkweb much like traditional software.

Rather than encrypt the entire compromised system, partial encryption does just that: It encrypts a portion of the victim’s files either at random, encrypting a predetermined percentage of the data, as Royal ransomware does, or encrypting only the most important files, as determined by fingerprinting: financial documents, photos, and personal information. Ransomware can also selectively encrypt files related to a particular project or task, bringing it to its knees until payment is made.

For attackers, the advantages of partial encryption over complete encryption are clear:

• Speed– Faster and less resource-intensive than traditional encryption, attackers can finish partial encryption before victims even notice the intrusion.
• Complexity– Because only some data is encrypted, it’s harder for victims to restore data from backups, increasing the odds that they will simply pay the ransom.
• Less detectable- Automated scanners might not notice the smaller-scale modifications made by partial encryption while compromised systems may not behave as erratically as completely encrypted systems, triggering fewer alerts.                            Royal ransomware is particularly insidious because it not only uses partial encryption but also a multithreaded model, another increasingly popular strategy. In a single attack, there is only one ransomware process; a multithreaded attack uses multiple CPU cores to encrypt files simultaneously. This can quickly overwhelm the available processing power and make the attack more difficult to stop; even if one or two child processes can be stopped, the others will continue to encrypt files. This means that multithreaded ransomware attacks can be very destructive.

Even more frightening, today’s attackers have begun using a “triple extortion” strategy. With a double extortion strategy, as previously described, attackers not only hold the encrypted drives for ransom, they threaten to release or sell encrypted data if the organization does not pay. For the victim, this means that even if files can be restored from a backup, they must still pay to avoid data leakage.

However, a triple extortion strategy unfolds, as the name suggests, over three stages:

• Infiltrate and encrypt. Attacker profits when the initial victim pays the ransom.
• Exfiltrate and threaten to sell. Attacker can profit from the sale of data.
• Ransom third parties. Attacker demands ransom from third parties whose data has been stolen, such as patients or employees; they may also threaten the organization or its partners with distributed denial-of-service (DDoS) attacks.

However, whether ransomware attackers use one of these new strategies or a more traditional approach, the goal is always the same: to extort money. And the truth is that even after paying up, few organizations can reconstruct 100% of their compromised data.

Therefore, the best defense against today’s ransomware is thwarting attacks altogether.

Who Are the Attackers?

When combating ransomware, it’s important to understand who you’re up against. Today’s ransomware attackers are far from the stereotypical hooded criminal-in-a-basement, although that may have been who was behind very early ransomware, 10 to 15 years ago. Attackers back then would use broad-scale, fairly obvious, and generally imprecise attacks that succeeded in bringing in small amounts of money.

Today, like all technology industries, ransomware has matured beyond these modest origins. Ransomware gangs have formed larger-scale enterprises and brought talented developers on board to research and implement increasingly sophisticated techniques, methods deployed against wealthier targets to reap the highest rewards.

And these illicit enterprises have found safe havens in places like Russia, Asia, and Eastern Europe. Today, in addition to these large and highly professional enterprises, hostile governments and other nation-state entities are using ransomware for nation-level intelligence-gathering operations. And beyond literal warfare, ransomware has become a powerful digital weapon in corporate warfare as well.

There are numerous hacking groups out there, but a few leading ones deserve a mention.

• Chernovite – A likely nation-state group and the developer of Pipedream, U.S. law enforcement has called this modular industrial control system (ICS) toolset a “Swiss army knife” for attacking utility companies (electricity, water, natural gas) in the U.S. and Europe.
• Bentonite – An opportunistic group affiliated with Iranian hacking groups Phosphorus and Nemesis Kitten, Bentonite leverages known vulnerabilities in maritime oil and gas, government, and manufacturing infrastructure.
• ALPHV/BlackCat– BlackCat is a relatively new ransomware group that popped up in late 2022. It is known for its sophisticated encryption and ability to target a wide range of organizations. It is believed BlackCat is operated by a group of Russian-speaking cybercriminals and is known to use intermittent encryption via customizable byte-skipping patterns.
• Hive– Before being brought down by the U.S. FBI, German law enforcement, and the Dutch National High-Tech Crime Unit, this ransomware group had extorted over $100M by terrorizing healthcare organizations, schools, and public infrastructure worldwide. While the investigation is ongoing, Hive is believed to have ties to the Kremlin.

Attacks 

In just the first half of 2023, 48 ransomware groups including these and others—such as Ryuk, Medusa, Play, LockBit3, and many more—have breached over 2,200 victims, 45% of whom are in the U.S.

These groups use two main vectors to introduce ransomware: through software vulnerabilities, which are unintentional weaknesses or flaws in applications or code libraries that can go unpatched for years, and social engineering techniques, such as phishing. Attacks often combine these two strategies, or use variations such as callback phishing attacks, which are commonly used by the Royal ransomware group, the group behind the Dallas attack.

Regardless of how individual groups operate, and which encryption technologies they’re using, the consequences can be dire, as in an August 2023 ransomware attack on two Danish cloud hosting companies that resulted in the total loss (to encryption) of all customer data. An unidentified attack group demanded 6 bitcoins in ransom (approx $155,000 as of this writing), an amount CloudNordic was unable to pay; the company has since shut down its operations.

What Industries Are Most at Risk?

There are several sectors that find themselves frequently targeted by ransomware attacks.

Healthcare– Medical IT departments are both the most obvious and the most sensitive target since lives are most clearly on the line. When the Rhysida ransomware group, which had gained notoriety for its attack on the Chilean army, attacked Prospect Medical in August of 2023, the company—which operates 16 hospitals and numerous clinics all over the U.S.—was forced to use paper charts until systems could be restored. Healthcare data is both sensitive and valuable; it also features a large threat surface and a wide range of device types, including a mix of old and new technologies. This type of environment is hard to securely administer and update. This is especially true of medical IoT devices, which are often not built securely by design. Finally, healthcare organizations are historically more likely to pay ransoms compared with other industries, specifically so that life-saving operations will not be interrupted. The year 2022 brought an average of 1,426 attempted breaches per week per organization in the healthcare industry, a 78% year-over-year increase. There was also a distinct uptick in mortality following a cyber attack, although attributing deaths directly to ransomware is almost impossible due to the complexity of the events involved. Deaths connected with ransomware attacks can come about due to slowdowns, meaning delays in important surgeries and other care, as well as a lack of electronic health records, leading to a higher chance that patients will be given the wrong medication or an incorrect dose. In a recent Ponemon study of healthcare IT professionals, almost half (45%) said ransomware led to increased complications from medical procedures, up from 36% just a year earlier.

Higher Education– Just as school was starting back in September of 2021, Howard University, one of the U.S.’s five largest historically black colleges and universities, was forced to cancel classes due to a ransomware attack. Attacks against higher education institutions are on the rise, with at least eight reporting ransomware attacks since December 2022. Why are attackers targeting these schools? Colleges and universities are seen as attractive targets because they hold valuable data and their IT departments are often understaffed and outdated, with limited security resources. Educational institutions are also considered slower to recover than other sectors. Despite the fact that 64% of higher education institutions experienced attacks in the past year, many are still unwilling to discuss these incidents due to the negative influence they may have on a school’s reputation. Unfortunately, because of this silence, others in the sector may not realize that they are at risk—further perpetuating the cycle.

Manufacturing– In February of 2023, MKS Instruments, a little-known U.S.-based supplier to major players in the semiconductor industry, woke up to every manufacturer’s worst nightmare: a ransomware attack. Hackers compromised production and business systems, leading to predictions of $200M in losses from the attack. But the worst may be yet to come: Employees have filed a class action suit, claiming that the company did not adequately protect their sensitive personal data. Attacks on semiconductor companies have continued: Taiwan Semiconductor Manufacturing Company (TSMC) itself, the world’s largest chip manufacturer, was hit by the LockBit ransomware group in June 2023. The group demanded $70M, adding: “In the case of payment refusal, also will be published points of entry into the network and passwords and logins company.” But the semiconductor sector is not alone; almost every major field of manufacturing is being targeted. In fact, the manufacturing sector has been the industry most heavily hit by ransomware. The primary vector is unpatched vulnerabilities, particularly in industrial control systems. Manufacturers may also be more likely to pay ransoms to avoid production disruptions and financial losses, as well as devastating repercussions up and down the supply chain.

Tips to Protect Your Business From Today’s Sophisticated Ransomware

Although these three industries are among the most frequently targeted, attacks like the one in Dallas, the cloud providers in Denmark, and other victims profiled above reveal the broader truth that any organization storing sensitive data is at risk today, from financial services and insurance to retail and logistics.

That’s especially true now, with partial encryption likely to increase in popularity as ransomware gangs study one another’s techniques. As more and more adopt this hyperefficient technique, they will find it easier and more effective than ever to steal your assets and avoid interception. So regardless of your industry, now is the time to take a few important steps to protect your organization from ransomware.

Inventory Assets– All comprehensive security strategies begin with a comprehensive assessment of what you need to protect, including OT assets that may be the weakest link in your organization.
Stay on Guard 24/7– When it comes to ransomware attacks, hackers usually take advantage of times when people are not as vigilant. In the past year, most breaches have occurred on weekends and holidays.
Patch, Patch, Patch– Keep up to date with a rigorous patching regimen, since known vulnerabilities are a popular attack vector. Also, automate patching wherever possible.
Watch for Pre-Ransomware– Trojan malware infections like Trickbot, Emotet, Dridex, and Cobalt Strike should be dealt with immediately, as these can all be used to let ransomware in the door; similarly, taking steps to prevent phishing and train users can help foster a culture of security.
Get Backed Up– Store multiple copies of data in different locations (cloud, on-premises, and physical locations), and establish a backup testing regimen. Remember, never attach an uninfected backup to an infected computer. This could spread the ransomware to the backup and make it impossible to recover your data.
Minimize the Blast Zone – Reduce the impact of a potential attack with security measures such as strong user authentication and network segmentation to limit the radius of an attack’s spread.
It is important to note that none of these measures can provide complete protection. And particularly in light of the fact that partial encryption is notoriously difficult to detect, your best bet is a comprehensive anti-ransomware solution.
Check Point Harmony: The Industry’s Best Prevention

The best way to keep your organization safe is effective threat prevention with an organization-wide anti-ransomware solution that uses up-to-the-minute threat intelligence data along with advanced algorithms that work automatically in the background, around the clock.

Check Point Harmony is the first unified security solution that protects users, devices, and internet connections from the most sophisticated attacks, including phishing, zero-day ransomware, and more. It also ensures that users only have access to the applications they need, which helps reduce the risk of data breaches.

Check Point Harmony delivers peace of mind with a total, holistic defense against malware:

• Constantly monitors for ransomware-specific behavior
• Detects threats fast so teams can act quickly to minimize harm
• Identifies illegitimate file encryption; signature-less to detect new attack types
• Uses forensic analysis to detect and quarantine all elements of a ransomware attack
• Automatically restores encrypted files from snapshots to ensure business continuity

Check Point Harmony is prevention-focused, stopping attacks before they become a threat to your organization. Powered by

real-time threat intelligence through Check Point’s ThreatCloud AI and backed by the industry-leading Check Point Research

team, Check Point Harmony gives you today’s best security, hands down.

Fintech’s Cloud Computing Frontier: Scaling, Securing, and Innovating

Financial services organizations can now access, store, and analyze data more securely and effectively than ever due to cloud computing. This has provided an ideal foundation for fintech companies to create game-changing products, services, and technology that have altered the financial environment.

By 2025’s end, the total value of the worldwide fintech market is forecast to reach $124.3 billion, expanding at a CAGR of 23.84% throughout that period. The financial technology industry increasingly relies on cloud computing services to meet the needs of its customers in the commercial and consumer sectors.

Why, therefore, do FinTech companies need to use cloud computing? Let’s see the impact of cloud computing on organizations and consumers in the fintech sector.

Role of Cloud Computing in Fintech

The advent of cloud computing in financial technology has dramatically expanded the industry’s potential and altered the financial sector’s requirements. LogicMonitor Research shows that by 2025, 87% of businesses will have accelerated cloud migration.

Cloud computing has made fintech more widely available, safer, and adaptable to different users’ specific requirements. Fintech cloud computing is expanding steadily, although cloud applications are still in their early days. Furthermore, 22% of fintech apps are currently cloud-based. However, this creates ample space for development and innovation.

Importance of Cloud Computing in Fintech

Financial data is increasing at an exponential rate. With the help of cloud computing, FinTech companies can safely and reliably handle and retain customer data. In addition, it lets companies use cutting-edge approaches to banking, money transfers, and fraud detection.

According to Statista’s global data report, in 2021 alone, more than 79 zettabytes of data were created, but only 10% was original, with the remaining 90% being replicated. Cloud-based solutions are essential because of the massive amount of data in a fintech business. By 2025, we will have created more than twice as much data, according to Statista’s forecasts (181 zettabytes).

The complexity of data, the volume of data being handled, and end users’ expectations have all made data integration an absolute must. The only way to keep up with the expanding computing demands of a dynamic business while guaranteeing unrivalled dependability and giving it a competitive edge is to use the cloud.

The Role of Cloud Computing in Modern Lending

In the current commercial lending sector, cloud-based solutions replace manual procedures with cloud automation predicated on speed, scalability, and ease of use for loan origination and administration needs.

With banks showing a greater willingness to lend to consumers, now is the time to accelerate digital transformation and meet the needs of the next generation of enterprises on the cloud. Let’s examine the benefits of cloud computing for lenders and companies alike.

Scalability and agility

The capacity to expand operations as needed is a driving force behind the lending industry’s growth. In addition, with cloud computing, there is no longer any need for backups, updates, or repairs to the underlying infrastructure. It enhances customer experience, innovation, and productivity, making learning outcomes scalable.

Enhanced Security Measures

Maintaining data integrity by blocking unauthorized access is crucial to cloud storage. Many cloud systems alert administrators of discrepancies by comparing the data to the previous excellent condition. Banks can reduce security threats via thorough audits, multi-factor authentication, and restricted IP address lists by working with a reliable cloud service provider.

Cost Optimization

By using cloud computing services, organizations can reduce the need for expensive software installations, such as on-site dedicated chat servers. Businesses can cut their IT expenses by paying for just the services they need at the right time using software-as-a-service (SaaS) solutions like ATS tracking systems and customer relationship management tools.

Regulatory Compliance

The cloud creates the perfect environment for compliance by anticipating and resolving regulatory demands and identifying and managing risk gaps. Lenders may rest assured knowing that any data they submit is error-free and can be retrieved quickly and easily whenever needed. In addition, businesses will not face any compliance-related fines.

The cloud-based solution is a game-changer for the finance sector. Fintech companies can swiftly roll out new services and keep up with the competition through improvements in scalability, security, user experience, time to market, and data analytics.

Showcasing Parametric Designs In Shaping a Sustainable Future

Kolkata, 16th October 2023: In an endeavour to push the boundaries of design innovation, ABID (Association of Architects, Builders, Interior Designer and Allied Trade) launched its dynamic programme on Parametric Designs, aimed at discussing the application of Artificial Intelligence (AI) in architecture and interior designing.

Eminent architects Mr. Sushant Verma, Co-founder & Design Head, rat[LAB], Mr. Monish Siripurapu, Founder, Ant Studio, Mr. Shridhar Mamidalaa, Founded, Sri Design Lab, shared their knowledge and expertise on the principles and application of Parametric designs in Architecture and interiors.

The event included a panel discussion on ‘Parametrics for Sustainable Future’, addressed by eminent architects from the city – Mr. JP Agrawal, Director, Agrawal & Agrawal Architects, Mr. Kamal Periwal, Founder, Maheshwari & Associates, Mr. Vivek Singh Rathore, Director, Salient Design Studio.

The program will also include felicitations and the presentation of student awards, recognizing outstanding achievements in the field of design.

“ABID, the driving force behind this seminar, stands at the forefront of architectural advancement, with a mission to foster creativity and innovation in the architectural community. The organization is committed to empowering architects and designers with the knowledge and tools to shape a sustainable future,” Mr Kamlesh Agarwal, President of ABID said.

An exhibition showcasing the practical applications of Artificial Intelligence in conjunction with Parametric Design was also showcased during the event for the participants of the event. This exhibition offered attendees a first-hand experience of the cutting-edge technology driving innovation in the field of design.

Convenor of the event Ms. Deepa Agarwal, who is also an accomplished architect with a passion for pushing the boundaries of design has been instrumental in curating the programme.

HCLTech recognized as a Leader in Everest Group’s ACES Automotive Engineering Services PEAK Matrix Assessment 2023

NOIDA, India, Oct 16, 2023 — HCLTech, a leading global technology company, has been recognized as a Leader in Everest Group’s ACES (Autonomous, Connected, Electric and Shared) Automotive Engineering Services PEAK Matrix® Assessment 2023.

According to Everest Group, HCLTech has an extensive portfolio of IP around telematics platform, battery management systems and LiDAR (Light Detection and Ranging), supported by a strong and growing ecosystem of partners.

“HCLTech has a multitude of offerings around Advanced Driver Assistance System (ADAS), crash assistance systems, battery management systems, infotainment, telematics and charging solutions,” said Nishant Udupa, Practice Director at Everest Group. “These offerings are further backed by investments in developing solutions, establishing labs and CoEs and a robust partnership network in the aforementioned areas. Clients have appreciated HCLTech’s flexibility to adapt to project requirements, commercials, their access to wider talent pool and strong domain knowledge in the ACES space. The acquisition of ASAP has further helped HCLTech to strengthen its capabilities in areas such as e-mobility and autonomous driving. All these factors have helped HCLTech emerge as a Leader in Everest Group’s ACES Automotive Engineering Services PEAK Matrix® Assessment 2023.”

“In the rapidly evolving automotive engineering services sector, HCLTech has emerged as a global Leader, distinguished by our multi-vertical expertise and extensive experience in traditional and digital engineering. With the addition of ASAP Group, a leading German automotive engineering service provider, we have further strengthened our position and influence in the market, reaffirming our diverse portfolio and our commitment to deliver exceptional value to our clients. With the ACES segment all set to transform the future of mobility, we are proud to be associated with the leading automotive companies in their transformation journey to make transportation safer, more efficient and sustainable,” said Hari Sadarahalli, Corporate Vice President, Engineering and R&D Services, HCLTech.

HCLTech is uniquely positioned to partner with enterprises seeking to leverage digital technologies to transform their business. As the automotive industry undergoes a radical transformation, HCLTech remains at the forefront, driving innovation and shaping the future of mobility.