How the breach happened: complacency and inaction

According to reports, the hackers were able to register as Dell partners using fake company information, gaining access to the portal within 24-48 hours. Once inside, they deployed automated software to rapid-fire service tag numbers to the portal API, harvesting names, physical addresses, order details, and hardware information for millions of Dell customers. The hacker “sent more than 5,000 requests per minute to this page that contains sensitive information” according to a report by techradar. This action alone should have triggered security systems due to unusual activity – but it didn’t.

Shockingly, the hackers even emailed Dell twice about the gaping security hole but received no response for over two weeks, during which time they compiled records on 49 million people before eventually trying to sell the data on the dark web hacker forum Breach Forums.

Real risks for affected customers: phishing and more

While payment and financial data do not appear to have been accessed, having one’s personal information and Dell service history exposed carries serious risks. Hackers could use it to stage highly convincing phishing attacks, sending fake communications impersonating Dell to trick users into handing over sensitive data like passwords or financial information.

“Hello, I’m calling from [company name], about your laptop with serial number XXX-XXX.” Doesn’t this sound convincing enough?

There are also risks of physical threats through postal mail exploiting the victims’ Dell order history to establish legitimacy. And, of course, the personal data could potentially be used for identity theft, stalking, or other malicious purposes by bad actors.

What could have prevented it: proactive and intelligent security

This entire data breach could have been avoided if proactive security had been deployed in a holistic manner. This means intelligent detection systems across all 7 layers of the OSI model equipped with the ability to detect unusual network activity. The lapse was in the setupof the partner portal, but that does not excuse the lack of systems in place to monitor unusual activity.

The continued reliance on human response and decision-making is another issue. Highlighting the need for autonomous security systems that monitor IT infrastructure around-the-clock.

Our X-PHY ecosystem of solutions have been designed to address these exact issues. Beyond pattern-matching, our patented AI can recognise and detect anomalous data access behaviour to differentiate legitimate use from a data exfiltration attack. Unusual high-volume data scraping would be immediately flagged as suspicious and automatically shut down to protect consumer data.

Our holistic, intelligent cybersecurity approach enables true data security from the fundamental hardware level of IT infrastructure. Greatly strengthening and filling in the gaps of complex overlapping software solutions.

As this Dell debacle clearly demonstrated, size doesn’t matter when it comes to cybercrime. Even tech giants are struggling to lock down their systems against increasingly sophisticated cyber threats. By looking to innovative solutions like ours, companies can get ahead of the curve and ensure their customers’ data remains secure from breach or misuse.

Contact our experts to start your true security journey today: flexxon@flexxon.com.

 Dell hack: Personal info of 49 million customers allegedly breached

https://www.pcworld.com/article/2328519/dell-data-breach-includes-your-id-and-detailed-hardware-info.html

Entrust’s Data Breach: Insights and Implications

A recent incident reported by bleeping computer features the digital security giant Entrust’s corporate data breach by a ransomware gang. Entrust extends authentication and identity-based security software management to a large number of critical and sensitive organizations including US government agencies such as the Department of Homeland Security, the Department of Energy, the Department of the Treasury, the Department of Health & Human Services, the Department of Veterans Affairs, the Department of Agriculture, and many others. The ransomware attack group carried out their attack flow by relying on the credentials stolen from the trusted network access of sellers which led to the breach in the company’s internal systems, exfiltration of files and subsequent encryption. The ransomware attack gang can blackmail Entrust into paying a ransom or risk data breach disclosure which may result in regulatory fines. Data breaches after a ransomware assault come with monetary and reputational costs .The security notice published by the company confirms that data was stolen from Entrust’s internal systems, but doesn’t provide additional information about what data the hackers got access to.

Importance of Cybersecurity Awareness and Infrastructure

The high-momentum cyber attacks can be curbed by focusing on cyber resilience and aligning the cybersecurity awareness of organizations with the progressing cyber threats. The lower awareness and lack of cybersecurity infrastructure can lead to a significant damage because of gaps in security controls and process maturity. The organizations must put contingency plans in place to steer clear of the ransomware attack repercussions.

The broader technological contest between the US and China extends beyond tariffs and trade. Semiconductors, integral to modern innovation, have become a focal point of this rivalry. Our CEO Camellia Chan spoke to Singapore’s Lianhe Zaobao about how Flexxon has undertaken pre-emptive actions to mitigate any fallout from this geopolitical situation and diversify its operations.

She shared, “Our prior groundwork is coincidentally aligned with the CHIPS Act’s objectives, offering potential avenues in the US semiconductor market.”

What is the CHIPS Act?

The U.S. Congress’s recent CHIPS Act is designed to foster domestic chip manufacturing through a $7 billion grant program, signalling a significant policy shift. While the Act aims to reduce dependence on global suppliers, especially from “countries of concern,” its long-term market implications remain a topic of debate.

A Sector in Flux

The semiconductor industry, while showcasing robust growth, is not immune to market uncertainties. Economic considerations, from inflation to energy costs, have direct repercussions on consumer demand patterns. Nonetheless, emerging trends suggest potential growth vectors. The automotive industry’s pivot towards electric vehicles, and the rise of IoT and AI applications, hint at untapped market potential.

In sum, the semiconductor domain, characterized by its interplay with geopolitical dynamics and economic fluctuations, continues to evolve.

Read the full article here: https://www.zaobao.com.sg/finance/world/story20220808-1300829

With great pleasure, we have invited him to an interview to share his professional view on X-PHY SSD.

Here are the highlights of the interview:

What do you think of our X-PHY SSD solution before you’ve tested it?

When I first heard about the X-PHY, I wasn’t too sure as I have seen many different products that say it can protect the system but doesn’t. When I got X-PHY I felt that the quality of the build was good, and it is built to last. However, I was rather concerned as there weren’t many materials included in the package. But I realized that there isn’t any concern as the setup was straight forward and the application guide supports you through the setup.

What do you think of our X-PHY SSD solution after you’ve tested it?

After testing X-PHY on a system that was unprotected, I noticed that X-PHY acted on all the threats I could throw at it. I was very surprised at how quickly it detects a threat and stops it from doing any damage. One of the threats we tested is called WannaCry which was stopped within seconds and it notified me. The application is very simple to use and anyone could use it.

What features benefit you?

The features that are valuable to me are the locking of SSD once any threat is detected and the email notification that is sent to the user. This means that anything that runs without the user knowing will be stopped preventing any harm to the computer and the email will tell the user what type of threat was found. Also, the SSD does not rely on a database of known threats as it looks at patterns and acts on the threat. Hence, it will always detect even the unknown threats that come to the market.

Now that you have this product, what’s the #1 thing you’re able to do that you weren’t before using existing solution?

Security software relies on the user’s control to prevent any threat through. The X-PHY does not give the user the option. It prevents the threat and only allowing them the option to unlock the drive. The other things that we cannot do without are physical protection, cloning, and wiping data functions. This allows us to prevent data from falling into the wrong hands as once the X-PHY SSD is removed from the computer, the data will be erased whilst alerting the user through email. These features are good when the user has to leave the computer in a location while they go somewhere else.

As someone who is taking care of IT Cybersecurity infrastructure for businesses, what would be the real-life use cases that you can deploy our X-PHY solution?

The industrial embedded ssd would be good for a lot of sectors. But I would say the Accountancy industry would benefit from having the X-PHY to protect their system. Accountants normally have several other customers that they manage. This means that they have information that the ransomer could use to attack several different companies. This makes them one of the main targets. After testing the X-PHY, I know that they would benefit from having the X-PHY solution.

The final verdict.

Overall, the X-PHY SSD worked and help data loss prevention cybersecurity from any threats that I throw at it. Nothing got through the X-PHY SSD. The setup was easy with no special drivers for the SSD to be detected. So, installing the OS on the SSD was quick. Once the application was installed, it guided you through setting up passwords and MFA. I also like the wipe data feature because if the SSD got wiped, it still keeps the setting and event logs. I also like the fact that you can turn on and off features depending on your needs. I would be happy to run this on my own laptop and would recommend this SSD as it truly does what it says it does as the last line of defense.

• The partnership will yield the world’s first series of laptops that provide security at the firmware level, based on Flexxon’s X-PHY^® Cyber Secure Solid-State Drive.
• Effectively addresses the complex cyber threat landscape of today, by protecting users against known and unknown threats through round-the-clock monitoring and detection.
• The partnership is Flexxon’s next step in its current mission of empowering digital citizens with greater cybersecurity protection, offering three series of products cater to users of different usage preferences.

Singapore, 4 August 2021 – Singapore-based Flexxon Pte Ltd (“Flexxon”) today announced its partnership with Lenovo Group Ltd (“Lenovo”), one of the world’s leading personal technology companies, to produce the world’s first line of artificial intelligence (“AI”) embedded cybersecurity laptops.

Incorporating Flexxon’s market-leading innovation – the X-PHY^® Cyber Secure Solid-State Drive (“SSD”) – into Lenovo’s world-class laptop solutions, the partnership’s upcoming product ranges will deliver an integrated, standalone, and holistic cybersecurity system that effectively defends against present-day and future threats in this fast-evolving cyber landscape.

Three series of laptops will be launched in September to cater to differing user preferences, namely the X-PHY^® Ace, X-PHY^® CyberPad, and X-PHY^® Zepto. These series of laptops bring to market a combination of Lenovo’s high-quality, time-tested hardware and interface, and Flexxon’s real-time AI cybersecurity defence technology, effectively extinguishing the limitations of traditional silo architecture of software protection by enhancing security at the SSD’s firmware level.

Ms Camellia Chan, Founder and CEO of Flexxon said, “We are pleased to announce our partnership with Lenovo today. Partnering with a personal computing powerhouse like Lenovo will allow us to provide the very best performance, safety and security for our customers around the world. We share a common vision of building a digital world that users can navigate with a peace of mind, while allowing them to experience the very best performance through their personal computing devices. Through this partnership, we will unlock the full potential of today and tomorrow’ digital landscape, while securing the vital data of our customers along this journey.”  

Preparing for the great unknown

Cybercrime has multiplied exponentially in the last year alone. As remote working becomes a more permanent fixture around the world, most enterprises have shifted their traditional infrastructures to digital platforms. In turn, this has widened the attack surface of organisations, as WiFi networks at home and in public spaces are often not set up to with privacy and security as the priority.

Consequently, the cost of cybercrimes on the world’s economy is projected to exceed US$10.5 trillion^[1] by 2025. As organisations digitise their business operations, widened gaps in cybersecurity systems have given cybercriminals increased opportunities to exploit and make their advances, leaving many ill-equipped to keep pace with the onslaught of cyber-attacks. In addition, the COVID-19 pandemic has also hastened the growth of cybercrimes by 600%^[2].

As cyber-attacks continue to grow in scale, sophistication and consequence, traditional software-based defences are no longer comprehensive enough. With the need for constant updates to recognize attacks, software-based defences are unable to detect new cyber threats that emerge on a daily basis.

Recognising these challenges, Flexxon launched the world’s first AI-embedded data security solution, the X-PHY^® Cyber Secure SSD, in April 2021. The X-PHY^® Cyber Secure SSD is an innovation that acts as the last line of defence, delivering an all-in-one solution, that features real-time protection against known and unknown cyber threats around the clock[3].

Next-generation cybersecurity laptops

The X-PHY^® AI Cybersecurity laptops exemplify the “Zero Trust” security framework, a necessary cybersecurity infrastructure requirement for today’s complex cybercrime landscape. Based on the principle of “Never Trust, Always Verify”, this framework moves beyond traditional perimeter security to one where access requests to one’s critical data are constantly monitored and verification is sought.

The laptops adopt this framework by effectively monitoring for threats around the clock and in real-time, triggering an immediate lockdown upon the detection of any foul play. This thwart any attempts of phishing, ransomware, data theft, and other forms of cyber-attacks. Once activated, only authenticated users can unlock their computers with dynamic authentication security via the user-friendly X-PHY^® Bluetooth mobile application.

In addition, security bypasses in existing models of SSDs, such as physical removal, side-channel attacks using power surges, or sudden temperature fluctuations, will trigger the X-PHY^® Cyber Secure SSD to lock down the system immediately to safeguard the user’s data.

Delivering a powerhouse combination of performance and security, Flexxon and Lenovo’s upcoming suite of laptops will revolutionise the future of cybersecurity – so that individuals, professionals, and business owners can operate with a greater peace of mind anytime, anywhere.

Enabling greater security for the future

Flexxon’s partnership with Lenovo promises many exciting and collaborative technology innovations in the global cybersecurity space moving forward. As Flexxon builds on its strong track record in developing effective, efficient, and economical storage and cybersecurity systems, the company looks forward to working alongside Lenovo to provide sustainable solutions that protect against ever-evolving cyber threats from the core.

For more information about X-PHY^® AI Cybersecurity laptops, visit https://x–phy.com/laptop

About Flexxon Pte Ltd

Founded in 2007, Flexxon Pte Ltd is a leading industrial NAND flash storage solutions provider that is headquartered in Singapore. The company delivers a range of versatile advanced memory storage solutions to serve a wide spectrum of industries with a key focus on Cybersecurity, Industrial, Medical, and Automotive (CIMA) applications. Flexxon remains committed to innovating market leading technologies that ensures utmost data confidentiality and integrity. The company has worked with more than a hundred clients across the world, including multinational corporations such as HP Enterprise, Xerox and Medtronic, to deliver high performance and reliability products that serve as a custodian to their critical data.

With a vision to revolutionise technologies for good, Flexxon remains at the forefront of innovation and is dedicated to delivering robust data security solutions to individuals and organisations around the world.

About Lenovo Group Ltd

Lenovo (HKSE: 992) (ADR: LNVGY) is a US$60 billion revenue Fortune Global 500 company serving customers in 180 markets around the world. Focused on a bold vision to deliver smarter technology for all, Lenovo is developing world-changing technologies that power (through devices and infrastructure) and empower (through solutions and software) millions of customers every day and together create a more inclusive, trustworthy and sustainable digital society for everyone, everywhere.

[1] Cybercrime To Cost The World $10.5 Trillion Annually By 2025. Retrieved from: https://www.prnewswire.com/newsreleases/cybercrime-to-cost-the-world-10-5-trillion-annually-by-2025–301172786.html

[2] Cybercrime Up 600% Due To COVID-19 Pandemic. Retrieved from: https://purplesec.us/resources/cyber-security-statistics/

[3] Please refer to attached press release from the X-PHY’s official launch in April 2021 for more information on the X-PHY^® Cyber Secure SSD.