T-Systems ICT Academy Alumni

Welcome to the T-Systems ICT Academy and Internship Virtual Graduation.

MC: Eric Zwane

00:00:01 South African National Anthem
00:03:26 Welcome-Shirley Vrnjas
00:06:06 T-Systems Partner Address- Dineo Molefe
00:12:58 Partner Message ICDL- Tari Mangwiro
00:14:34 Partner Message CompTIA- Grace Sikhosana
00:21:25 Technical Support NQF Level 4 Graduates
00:24:44 Technical Support Top Performers
00:25:11 Learner Testimonial- Thando Moselane
00:25:42 Systems Support NQF Level 5 Graduates
00:26:51 Systems Support Top Performer
00:27:11 Partner Address MICT SETA- Ernest Nemugavhini
00:28:51 Systems Development NQF Level 5 Graduates
00:30:02 Systems Development Top Performer
00:30:12 Learner Testimonial- Harold Seroka
00:30:47 Partner Address Cisco- Soso Motloung
00:38:27 Telecommunication NQF Level 4 Graduates
00:40:13 Telecommunication Top Performer
00:40:27 Learner Testimonial- Tinswalo Shobede
00:41:38 Learner Testimonial- Mapaseka Miya
00:42:11 Intern Testimonial- Christiaan Honiball
00:43:11 Alumni Testimonial- Reabestsoe Molete
00:46:09 Internship Graduates
00:48:19 Intern Testimonial- Naledi Mokone
00:49:11 Intern Testimonial- George Shumba
00:51:11 Academy Alumni Testimonial- Refilwe
00:53:30 Functional coach award
00:54:34 Meet the Team
00:55:10 Graduates of 2019/2020
00:55:34 End

Music: www.bensound.com

We care about you and your career progression. Please take 5 minutes of your time to tell us about your career journey.

Please follow the link below:

https://forms.office.com/Pages/ResponsePage.aspx?id=_GL6r0XP7Eaz0bJTRAzJ9GEIdjgLojhNu-yQuLJTZvBUOUVKN0tVSFJNWEpJMDNEUTFOQjFXRVFJUy4u

The orientation today was a success✨

Let learning become accessible to you regardless of physical location. Let learning not be informative only but fun as well. Encourage your family and friends to apply for our free online courses today.

Follow the link below to apply:
https://bit.ly/3bwTTN3

Day 1 at their new jobs. Congratulations guys, proud of how far you've come. Time to put into practice what you've been taught. in action.

We are happy to announce that two of our learners(Lebohang Mkhwanazi and Clayton Frederikcs: (Front row: On the left and on the right respectively) have been on-boarded by Netcare as Knowledge Transfer Engineers. This Netcare initiative is aimed at helping the health care professionals move away from the traditional paper-based systems to a more advanced technological and paperless system.

Our learners will be assisting the healthcare professionals around the handling, use and troubleshooting of various technological devices, like iPad, laptops and desktop computers.

These learners have undergone a very intensive 2-year programme at the T-Systems ICT Academy, wherein in the first year they completed the following International qualifications: International drivers Licence (ICDL), A+(1001 & 1002), Network +(N10-007, Security +(SY0-401) together with the Technical support NQF Level 4 certificate. In the second year they specialized in Microsoft System Development (MCSD) and CISCO CCNA, Cyber security respectively.

Congratulations once again ,we are proud of how far you've come.

Congratulations on your achievements

2 of the many learners getting ready to go for their first interview -Systems this past week. It's been a long journey but a fruitful one.

Reaching our ultimate goal, the reason why we do what we do -systems ICT Academy. Allowing our youth to become active participants in our economy. Proud moment for our team.

RobbinHood ransomware exploit GIGABYTE driver flaw to kill security software
The operators behind the infamous RobbinHood ransomware are exploiting a vulnerable GIGABYTE driver to kill antivirus products.
Cybercriminals behind the RobbinHood Ransomware are exploiting a vulnerable GIGABYTE driver to install a malicious and unsigned driver into Windows with the intent of disabling security products.

Ransomware operators leverage a custom antivirus killing package that is delivered to workstations to disable security solution before starting encryption.

Normally, Windows security software processes could only be killed by Kernel drivers. In order to prevent the abuse of kernel drivers, Microsoft also implements a driver signature verification mechanism, this means that only kernel drivers co-signed by Microsoft could be installed.

Now security researchers from Sophos have detailed a new novel technique implemented by threat actors in attacks ([1, 2]) involving two pieces of RobbinHood ransomware.
robbinhood ransomware
Attackers installed a known vulnerable GIGABYTE driver that has been cosigned by Microsoft and exploited a known vulnerability to disable Microsoft’s driver signature enforcement feature.

“Sophos has been investigating two different ransomware attacks where the adversaries deployed a legitimate, digitally signed hardware driver in order to delete security products from the targeted computers just prior to performing the destructive file encryption portion of the attack.” reads the report published by Sophos. “The signed driver, part of a now-deprecated software package published by Taiwan-based motherboard manufacturer Gigabyte, has a known vulnerability, tracked as CVE-2018-19320.”

The technique used by the operators consists in:

Attackers get a foothold on the target’s network and install legitimate Gigabyte kernel driver GDRV.SYS.
Attackers exploit the CVE-2018-19320 vulnerability in the legitimate driver to gain kernel access.
Attackers use the kernel access to temporarily disable the Windows OS driver signature enforcement and install a malicious kernel driver named RBNL.SYS.
Attackers use this driver to disable security products.
Attackers execute the RobbinHood ransomware and attempt to encrypt the files on the infected host.
“In this attack scenario, the criminals have used the Gigabyte driver as a wedge so they could load a second, unsigned driver into Windows,” continues the Sophos’ report. “This second driver then goes to great lengths to kill processes and files belonging to endpoint security products, bypassing tamper protection, to enable the ransomware to attack without interference.”

In the attacks observed by Sophos, the operators deployed an executable named Steel.exe that exploit the CORE-2018-0007 vulnerability in the GIGABYTE gdrv.sys driver.

Experts pointed out that the Steel.exe program terminates processes whose files are included in a file called PLIST.TXT, unfortunately Sophos had mo access to the file and it is not able to determine what security solutions are being targeted.

Once the Steel.exe has terminated security software, the RobbinHood ransomware will encrypt files on the infected systems.

Technical details about the attacks are reported in the report published by Sophos, including Indicators of Compromise (IoCs).

Article posted by securityaffairs