Foxtech

Innovative anti-phishing app comes to iPhones

Apple, iOS, iPhone, iPad, security, MetaCert

We’re always told never to click on a link we receive in an email in case doing so takes us to some dodgy phishing site where our account details are violated. But what if our email app warned us before we clicked malicious links?

Can this app protect against phishing attempts?

MetaCert isn’t fully available yet, but it does seem to be a promising solution that provides email users in enterprise and consumer markets an additional line of defense against clicking on malicious links received in email messages.
The solution emerged from the developer’s earlier work building an API to help app developers add a layer of security to WebView.
It relies on two principal databases that are regularly updated:

An extensive collection of known phishing email addresses
A collection of known addresses for the services phishers often like to spoof, places like PayPal, online retailers, banks, and so on

In the future, the company will be implementing blockchain technology across its systems — that’s an essential step that should enable users to verify whether websites and emails that are being alerted as threats actually are threats, rather than items accidentally added to the phishing warning lists.

How MetaCert works

When you receive an email, MetaCert will check the message against its databases.
It will then flag emails inside your email app as follows:

A red shield warns the link goes to a known phishing site.
A grey shield states it is unrecognized.
A green means the link should be safe to use.

If you do accidentally click a recognizably malicious link, you will be taken to a warning page before you reach the bad website.

Privacy concerns

There is a negative side to how the app works, which most users must be certain they understand. This is in order for this to work, the system must analyze your emails, which means messages must pass through MetaCert's servers.
This process means you must give the service permission to handle your messages, and (on iOS devices) you will be required to create an application-specific password that gives this software permission to access and analyze your messages.
The company says it doesn’t store your emails, but permitting third-party access in this way may be a red flag for some potential users, particularly in regulated industries.
There are other solutions that provide anti-phishing protection, such as those from Avira (which costs a few dollars each month). MetaCert is currently available for free, but it is planned will become a paid service.

Other cautions

You can’t be completely reliant on services like these.
Common sense matters; just because your security system tells you something is safe, it doesn’t mean you should abandon your own scrutiny and common sense.
A grey shield alert doesn’t necessarily mean a link is safe; it means you should double check the link before you click.

Final thoughts

Phishing attacks are becoming far more sophisticated, targeted and professional, with approximately 76 percent of enterprises admitting to experiencing them in the past year. Further, the security environment continues to become more complex for both enterprise and consumer users.
Traditional security protection systems such as virus checkers and firewalls are still mandatory, but they are far less effective against the complex attack scenarios prevalent in today's digital economy.
When it comes to enterprise security, network monitoring, location-based protection and cooperative sharing of security-related datasets are becoming key components of switched-on, 24/7, situation-awareness security protection systems. Within this landscape, MetaCert’s system seems a useful adjunct to existing systems.
I imagine we’ll see this kind of alert-based security systems become components of future operating systems in the future, certainly within those from vendors that actually care about customer security, and privacy, come to that.
On iOS, this new solution works with most email services, including Thunderbird and Apple Mail, with Outlook and Gmail support in development. The company is running a public beta test, so you can test this system for yourself.

Microsoft Teams gains ground on Slack

Two years after its launch, Microsoft Teams is outpacing team chat rival Slack – largely thanks to Teams’ free availability as part of Office 365 subscriptions. That’s according to a survey of 900 IT decision makers in North America and Europe conducted by Spiceworks.
The results indicate that Teams is now the second most popular business chat app and is used by 21% of respondents, up from 3% in a similar Spiceworks survey in 2016. That ranks it ahead of third-place Slack, the popular standalone team chat tool in use by 15% of businesses polled. (That represents a slight increase from 13% in 2016.)
The most popular tool is another Microsoft app, Skype for Business. It’s used by 44% of surveyed businesses, up from 36% two years ago. Another rival, Google Hangouts (now Google Hangouts Chat), meanwhile, saw use drop to 11%, from 16% two years ago. Facebook’s Workplace remained at 1%, while stats for Cisco’s Webex Teams (formerly Cisco Spark) were not provided.
Furthermore, the Spiceworks report claims that Teams is set for the fastest growth of all business chat apps over the next two years. The survey indicates that 41% of respondents expect to use Teams by 2020, compared to 18% for Slack.
Credit for Microsoft Teams’ growth lies in its availability within Office 365 subscriptions. The office productivity suite is used by 155 million businesses worldwide, thus putting Teams in the hands of a massive audience.
“The rise in use of Microsoft Teams is likely influenced by the fact that it’s available at no additional cost to Office 365 users,” Spiceworks wrote in a company blog post. “And considering more than half of businesses use Office 365, it’s enticing organizations to give Teams a try.”
Teams was unveiled in 2016 as a rival to Slack, and has since been placed at the core of Microsoft’s communication and collaboration strategy, replacing Skype for Business Online over time. Microsoft has also launched a free version of Teams in a bid to attract a user base outside of Office 365 subscribers.
Teams is now used by 329,000 organizations worldwide, Microsoft said during this year’s Ignite conference, up from 125,000 a year ago. “That is about twice the rate [of growth] that we see from Slack,” said Frank Shaw, Microsoft’s corporate vice president of communications ahead of the conference.
That said, the Spiceworks report and Microsoft’s statistics show only part of the picture; actual usage rates are less solid.
Microsoft has not provided total daily active user figures for Teams, unlike Slack, which touts 8 million daily active users, including 3 million paid users. Slack declined to comment on the Spiceworks report.
According to Spiceworks, Skype for Business and Microsoft Teams are most frequently used by large and mid-sized businesses, while Slack is commonly deployed by smaller organizations.
It also shows that, while email is still the most popular workplace communication tool (used by 99% of respondents), overall demand for business chat apps continues to grow. Adoption is highest among large organizations (70%, compared to 53% in 2016), followed by mid-size firms (61%, up from 38% two years ago) and finally, small businesses (58%, up from 42%).

5 reasons to remain skeptical about 5G in 2019

Have you heard? Some vaguely defined but super-snazzy-sounding thing called 5G is, like, totally coming to knock your socks off any second now. It's gonna speed up your phone, revolutionize your productivity, and probably even lower your cholesterol.
Okay, so maybe some of that is pure poppycock. But you know what? So is the very idea that 5G is anything an average person should get excited about — or consider adopting — in the coming year.
You'd be forgiven for thinking otherwise. After all, the mobile tech marketing machine has been revving up considerably over these past few weeks, pushing out all sorts of spectacular-sounding narratives about how 5G is going to change the way we work, live, and lather. (Again, at least one of those items is my own nonsensical creation, but I'd argue that all of them are equally absurd.)
Lemme tell ya: You can safely ignore all that hype — regardless of who or what is spewing it. The reality is that 5G is going to be a slow-moving progression that's more menace than messiah for the foreseeable future. And as an educated tech observer, you'd be well-advised to watch it from a distance without investing an ounce of your own money or mobile tech energy in the effort.
Let's break down the reasons, shall we?

1. Limited availability of 5G networks

No matter how much the carriers may crow, 5G is going to be extraordinarily limited in real-world application for 2019 — and likely even further down the road than that. Remember when 4G first came along and how long it took for that to mean much of anything outside of a few select areas? By all counts, we'll be looking at an even more extreme version of that reality with the 5G rollout.
The data says it all: AT&T, which is generally seen as leading the 5G charge in these (allegedly) United States of ours, is planning to have just 19 cities up and running with 5G by the end of 2019. Nineteen cities. By the end of 2019. And that doesn't even tell the whole story.
By its very nature, y'see, 5G is a short-range technology. The estimated range of an average 5G tower is a mere third of a mile, as my fellow skeptic Steven J. Vaughan-Nichols pointed out earlier this year. Compare that to a 4G tower, which can spread its connectivity-love as far as 30 miles (and sometimes even more), and you can see the sort of difference we're facing.
What that ultimately means is that 5G, in its current incarnation, will require a lot of towers for just a little bit of reach. The issue is compounded by the fact that the signals also have a tough time making their way through walls, signs, salamanders, and other interfering objects.
If we feed that data into the nearest Carrier Marketing Nonsense Translation Machine, what we get back is this: Setting up 5G in a city is going to be slow and expensive, and when someone says 5G is "coming to a city" in 2019, what they really mean is that it's "coming only to a handful of isolated areas within the city" — not that it'll be widely available throughout the entire place.
Beyond that, it seems quite possible that the speeds themselves won't even be consistent from one area to the next. As the maker of AT&T's first 5G hotspot told The Verge: "It varies market to market — some markets, they may have a couple hundred megabits of bandwidth ... [while] others can go all the way up to 5Gbps."
Oh, and one other factor to keep in mind: The nature of these new 5G towers is raising fresh concerns over cancer risks — to the point that one Bay Area city has actually blocked the installation of such structures until their safety can be further evaluated. Whatever you want to say about the health risk itself, that sort of concern and resulting resistance sure isn't gonna speed things up any when it comes to network deployment.

2. Expensive service

You know what mobile carriers simply adore? Any reason to charge you more money. And you know what the big, bold, ad-ready concept of 5G gives 'em? Yup, you guessed it: a perfect reason to ask you to cough up extra shekels.
And you'd better believe they're gonna be hopping on the opportunity. Already, AT&T is hinting strongly that we should be ready to open up our wallets if we wanna do the 5G dance.
"I don't think you can think about it as we think about pricing today," AT&T's senior vice president of vague foreboding statements — er, sorry, of wireless product marketing — told CNET at a lavish Hawaii media event held by Qualcomm last week. "That paradigm has to shift."
A Verizon exec echoed the sentiment, telling the site: "Verizon believes customers will pay for utility and value. There will be that, definitely, in 5G." ("Verizon also believes most customers will pay whatever we put on their bills without asking questions," he forgot to add with a cackle.)
Getting a bit more specific, AT&T's consumer wireless chief is quoted as saying the company is considering "different tiers of service" for its 5G plans — including, apparently, the possibility of having separate pricing tiers for different types of activities you might perform on a device. Lovely, no?
And Sprint, not to be outdone, explicitly told investors to expect healthy price hikes with its 5G service. Specifically: "We're going to have a lot of room to increase our price of unlimited to get to similar prices as Verizon and AT&T in the future. ... We're looking at 5G as an amazing opportunity for the company not only for the position of the company, but also to charge for the blazing fast speeds."
I somehow suspect that line won't make it into the ads.

3. Limited and expensive device options

Network availability aside, remember that the vast majority of phones aren't even going to support 5G in 2019. Such support will be more the exception than the rule, with a small number of 5G-capable devices popping up — and, naturally, coming with elevated prices of their own.
OnePlus's CEO has estimated that 5G phones could cost you a cool $200 to $300 more than their non-5G counterparts. Other companies are being a bit more coy and seem to be doing a delicate dance around the subject without technically saying they won't charge an arm and a leg for the 5G "privilege."
For example, when asked by CNET about the possibility of having higher prices for a 5G phone, Samsung's SVP of mobile said: "If you generate enough value [in the phone], then consumers will be ready to pay." (He may or may not have followed that remark with an exaggerated wink.)
Qualcomm's president, meanwhile, compared the coming cost increase to the jump we saw when first moving from 3G to 4G phones. He noted that things would "get cheaper with scale," saying: "You have to start somewhere."
Well, they have to start somewhere, anyway. You don't.

4. A lack of cross-carrier compatibility

It took years to get here, but we've finally reached a point where it's possible to buy an unlocked phone and use it on almost any network you want. That freedom is what allows devices like Google's Pixel phones or the various OnePlus products to exist and what allows us as purchasers of said devices to get our gadgets wherever we want and take them wherever we go — without the carrier middleman meddling in our affairs and keeping us chained to their cells, as they did for so long.
Well, with 5G, expect that luxury to fade away. For now, at least, every carrier seems to be adopting its own 5G standard — both within the U.S. and elsewhere in the world — and that means any 5G phone you buy in 2019 will likely be limited to working on one carrier's network and nothing more.
On a broader and even more troubling level, that means unlocked phones — like, y'know, the ones sold by Google and OnePlus — probably won't come with the same level of automatic universal compatibility they now enjoy once 5G is in the equation. And I don't even want to think about what it'll be like to try to travel internationally with a 5G phone, particularly as the networks evolve and the standards continue to shift.

5. Devices with compromises and short shelf-lives

Speaking of device-related downsides, does the name HTC Thunderbolt ring a bell? The Thunderbolt was the first Verizon 4G device, released way back in the ancient era of 2011. It was, to put it nicely, a steaming hot mess.
Now, some of the Thunderbolt's woes were likely the fault of HTC and unrelated to anything about the device's "first!" network bragging right. But when it comes to the phone's legendarily bad battery life and connectivity issues, it's hard not to suspect that early and not-yet-perfected 4G configuration was at least in part to blame.
I'm certainly no psychic — heck, I don't even have a crystal ball — but given recent history and what we generally know about how quickly mobile tech evolves, I'd sure be hesitant to pick up one of the first 5G phones. It doesn't seem like a stretch to say those devices are likely to sport serious compromises in areas like battery life, given the new and unrefined nature of these 5G network connections. And then there's the field of form and design: Already, the fickle nature of 5G connectivity is requiring device-makers to come up with some funky modifications to work around antenna requirements and keep a device's signal from being blocked by a user's hands. (For the love of all things holy, let's hope we don't end up in another "holding it wrong" scenario.)
At best, the early 5G phones are going to become outdated quickly as standards coalesce and the tech surrounding them is adapted to better handle the requirements. At a time when it's becoming increasingly superfluous to buy a new smartphone every year — or even every two years, if you plan wisely — dropping extra dough on a phone that's likely to be dated in a matter of months (and with little resale value, at that, particularly given the limited carrier compatibility) doesn't seem like the most advisable move.
All considered, the smart strategy for now is to treat 5G for what it is: an incredibly early, almost experimental kind of connection that's nowhere near ready for prime time. Watch it from afar and see how things develop — and keep your skepticism guard up high as the hype machine gets ready to kick into high gear.
We'll meet back here at the end of 2019 to see how things are shaping up and reassess from there. Until then, keep your G-level firmly grounded at four and your wallet firmly tucked into your trousers. Despite what certain forces will be working overtime to make you believe, this is one game where hesitation is an asset — and where waiting is the only move to make.

Microsoft's big Windows Defender ATP update: bad macros, fileless malware and faster response

Microsoft has released new feature updates to Windows Defender ATP for the enterprise that aimed at reducing the attack surface and giving security teams faster response capabilities.

The updates, detailed today, beef up Defender ATP feature “attack surface reduction” with two new rules that allow enterprise to prevent Outlook and Adobe Reader from creating child processes, which should wipe out attacks that use malicious macros in Office documents to download malware, as well as exploits for vulnerabilities in both Reader and Office.

The new additions bring the total number of attack surface reduction rules to 14, which all target common malware techniques and help defenders mitigate ransomware, untrusted executables in email, malware that attempts to steal credentials from lsass.exe — the Windows local security authority subsystem — and unsigned processes running from USB drives.

Another update aims to help defenders during a security crisis, such as a fast moving malware outbreak. The new emergency security intelligence updates can be issued by Microsoft’s Windows Defender ATP research team to all cloud-connected devices in an enterprise.

It’s a fast-track to accessing updates from Microsoft’s Defender ATP cloud, which could take the heat off security admins who might otherwise be waiting hours for updates from their own internal Windows infrastructure.

As an aside, Microsoft notes that it’s added new “dedicated detections” for malicious cryptocurrency miners, which have become a growing menace to enterprise. The Bitcoin price boom appears to be over for now, but criminals are stil looking to free-ride others' hardware for to generate some crypto-currency. A university in Canada earlier this month disabled its entire IT network for four days to halt a cryptocurrency miner that was bleeding its compute and power resources for unauthorized purposes.

Microsoft has also rolled out a new feature called “incidents”, aimed at giving responders the big picture when they’re under attack. Incidents are designed to bring some order to potentially noisy Defender ATP alerts by automatically grouping alerts that likely have been triggered by the same attack.

Incidents also groups affected machines and displays the connections between malware and infections in a graphical interface within the Windows Defender Security Center.

Microsoft claims it can save up to 80 percent of analyst time by cutting out much of the manual work that goes into correlating malicious events.

Other key recent additions include the automation of processes for investigating and remediating ‘fileless’ malware attacks, an increasingly popular method for avoid detection by executing in memory and leaving no trace on disk. This adds automated memory forensics to pinpoint memory regions that may have been used in a fileless malware attack.

Finally, Microsoft is using its acquisition of code-hosting repository GitHub to improve Defender ATP by tapping into the security researcher community who share their queries with others on the site. The queries can be used as customer detection rules, giving customers a shortcut to creating detection rules, which would otherwise require them to come up with an alert title, severity of the issue, a category, description, and recommended actions.

The Christmas phishing flood is coming

The couple weeks leading up to Christmas is always a chaotic and overwhelming time. You are attending Christmas social events, pulling late night work shifts to try and get your work finished before we all leave for that well-deserved break. Then there is the Christmas shopping, fighting those dreadful crowds to get that perfect gift for someone special. I have to say the lead up is not such a great time (No I am not a Grinch, I really enjoy the Christmas and new year break with my family – it’s just that lead up to the break that really gets under my skin).

The stress during this time of year is not just caused by the above but something even worse, as you all know I am a security professional trying to help our customers keep cyber safe in this lead-up, as this is a time of year in which cybercriminals really turn up the heat.

During these weeks you will all see a flood of system attacks and phishing scams like no other time of year. Maybe the cybercriminals have overspent on Christmas gifts this year and need to fill up their coffers with cold hard cash again before the New Year so they can meet their repayments on their mansions or Bentley they just bought and now can’t afford the repayments on (Poor cybercriminals). Okay, jokes aside I feel that the reason criminals choose this time of year to launch a big offensive is it is a really good time for them to scam money out of the unsuspecting victims.

You are all focused on leaving for your break and just want to be helpful to your fellow staff/customers, so they can all do the same. So, when Alfred or Jo from your Product development team asks you to pay a last-minute invoice, so an order can be completed before leaving for the year you just do it (you don’t notice however the email address it is coming from is not an internal address and nothing to do with them at all). What about the accounts team at one of your suppliers reaching out indicating that they have changed the primary account information that they use and to make all future account payments to the new account (you would normally verify the change request with them via phone prior to making a change like this but you just wanted to help them out and get home to get ready for your partners work party – a mistake you will certainly regret in the new year).

Look I know it’s a busy time of year and sometimes mistakes are made when we are under pressure, but have you prepared your team and business for the flood of phishing/scam emails they will certainly receive in the next few weeks? Have you done some user awareness training to help teach your teams how to pick these scams out of the flood of legitimate emails they are certain to receive?

Yes, I can see some of you rolling your eyes at me or throwing your hands in the air saying that it is too late to do anything now but that is just a cop-out. There is plenty you could still do to help protect you and your team. If you don’t have email filtering services to catch the bulk of these scam emails (yes it won’t catch them all but better to have it then not have it – Trust me on that). You can still get this implemented if you move quickly and the benefits will be far reaching as you move into the new year.

It’s a bit late to organise onsite user awareness training probably (you never know though, it would be worth reaching out to a professional to see if it could happen) but it isn’t too late to send around some basic training information to your team that can help them spot a scam email, this is something most providers of user awareness could easily assist you with to help your team be just that little bit safer.

Please do yourself and your business a favour and prepare for the phishing flood why you still can, if you don’t know where to start reaching out to me or a local security professional most will be more than happy to point you in the right direction. Competition aside we are all here in this industry to achieve the same results, make your businesses safer and reduce the risks of a cyber incident especially over the festive season.

So, let’s put some extra effort in over the next few weeks so we can better equip everyone to withstand the cyber Grinch and have a truly enjoyable Christmas and new year. Till next time…

Google+ leak affects 52 million users and G Suite users

Google has disclosed another privacy leak from Google+, this time affecting millions of users, and now says it will push forward the shutdown forward from August to April.

Today, Google revealed that another bug in its social network that exposed private details of 52.5 million Google+ users, or ten times as many users affected by the leak that Google announced in October when it revealed plans to sunset Google+ for consumers.

The latest leak was only available to developers for about one week in November, and was discovered during a routine security check, Google said in a blogpost today.

The source of the leak was an update in November that affected a Google+ API and gave app developers access to profile information on accounts that were configured by users to be private. In other words, Google shared the information with developers without gaining user consent.

Additionally, if Google+ users had willingly shared profile data with other contacts, apps had access to that data.

Information leaked to developers included a user’s name, email address, occupation, and age.

Google notes the leaked data didn’t include information about users’ financial data, national IDs, and passwords. So users may face additional phishing threats, but likely won’t be impacted by identity theft.

"We’ve recently determined that some users were impacted by a software update introduced in November that contained a bug affecting a Google+ API,” Google said in the blog.

“We discovered this bug as part of our standard and ongoing testing procedures and fixed it within a week of it being introduced. No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way.”

Google delayed disclosing the Google+ leak affecting 500,000 users by eight months, fearing it could attract attention from regulators amid ongoing probes into Facebook’s leak of 87 million users’ data to political consultancy Cambridge Analytica.

The leak happened as Europe was gearing up to roll out out stricter privacy regulations under GDPR, which allow national authorities to impose fines of up to four percent of an organization’s annual global revenue.

A UK ‘fake news’ parliamentary committee last week published internal Facebook emails detailing sensitive internal discussions between 2012 and 2015 that showed select customers, including Netflix and Lyft, were given a free pass to access user data that other developers were blocked from in 2014.

Google says it will shut down all Google+ APIs for developers within the next 90 days, ahead of the accelerated April 2019 timeframe for closing off access to consumers. Google intends to continue supporting Google+ for enterprise customers.

The company confirmed that enterprise customers were impacted by this bug.

“We are in the process of notifying any enterprise customers that were impacted by this bug. A list of impacted users in those domains is being sent to system administrators, and we will reach out again if any additional impacted users or issues are discovered,” Google said.

Marriott Starwood hotel data breach FAQ: What 500 million hacked guests need to know

It’s been a couple of months since a major company unveiled a data breach that affected millions of people, so it’s time for a new one. The Marriot hotel chain has announced a major database breach that could affect anyone who stayed at its 6,700 worldwide Starwood hotel properties since 2014—up to 500 million people in total.

That’s a lot of people an a long stretch of time, so check out our FAQ for all of the information:

What happened?

Marriott says it received an alert from an internal security tool on September 8 warning of an attempt to access the Starwood guest reservation database in the United States. In its investigation of the incident, Marriott learned that an unauthorized party gained access to the company’s customer database and “copied and encrypted information, and took steps toward removing it.”

How did the hackers get in?

Marriott isn’t being totally clear here, but it appears as though this wasn’t the usual exploit of a vulnerability. Rather, someone without the proper credentials was able to access the Marriott reservation database to make a duplicate encrypted copy of customer information, which was then presumably taken outside the system.

How far back does the breach go?

Marriott says the unauthorized access goes back to 2014.

Why wasn’t Marriott alerted sooner?

Also unclear, but perhaps the unauthorized party only recently started accessing the system. Or possibly Marriott recently installed new security software that was able to detect the access.

Why are we just hearing about now?

Marriott says it was only able to decrypt the files on November 19, and is still working to uncover the scope of the breach.

What was stolen?

Marriott is still sorting through the data it was able to recover, but for most customers, the following data may have been stolen: name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, and arrival and departure information, along with reservation dates and communication preferences.

What about credit card information?

For some users, Marriott says payment card numbers and payment card expiration dates were included in the stolen data, but card numbers were encrypted using Advanced Encryption Standard encryption (AES-128).

Possibly not. As Marriott explains: “There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken.”

What about my SPG points?

Marriott says there is no evidence that any loyalty points were obtained, but you should check your account for any suspicious activity.

Has the breach been stopped?

Presumably, but Marriott doesn’t explicitly say whether the unauthorized access has been shut down. However, the chain is working with law enforcement agencies and regulatory authorities, so the likelihood of a continued breach is extremely low.

What is Marriott doing to stop future breaches?

Again, it’s not totally clear if the hacker exploited a vulnerability or merely used an unauthorized password, but Marriott says it is devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network.

How do I know if my data was accessed?

Marriott began sending emails on a rolling basis on November 30 to affected guests, so sure to make check you spam folder if you haven’t received one.

What can I do if I was affected?

Marriott has set up a dedicated call center to answer any questions you may have. U.S. Customers can call 877-273-9481 seven days a week to reach a representative.

Should I change my password?

Marriott hasn’t said whether any accounts were accessed or passwords stolen, but it certainly can’t hurt. But this was a breach of the company’s internal database of hotel guests, not online accounts.

Should I cancel my credit card?

Also not a bad idea. If you know the credit card or cards that are on file with Marriott or Starwood hotels, cancelling them now is the best way prevent any future malfeasance.

What else can I do?

Marriott is providing all guests in the U.S., Canada, the UK with the opportunity to enroll in Kroll’s Web Watcher Monitoring Service, which tracks sites where personal information is shared and alerts you if evidence of your personal information is found.

Unisys embraces Invictus Games spirit to deliver Cybersecurity

As 500 Invictus Games competitors from 18 nations were preparing to descend on Sydney for eight days of intense competition, the team at Unisys were also getting Games-ready – locking in the final details for the project of a lifetime.

Created by HRH The Duke of Sussex, the Invictus Games sees wounded, injured or ill veterans and serving personnel contest medals in 11 adaptive sports including wheelchair basketball, sitting volleyball, cycling and indoor rowing.

Unisys has a proud history of working with the Defence community so we jumped at the opportunity to provide information technology and cybersecurity support to the Invictus Games Sydney 2018.

The sensitive nature of the data about competitors required a robust approach to security and was critical to the successful execution of the Games. Here we discuss how Unisys provided an appropriate level of security within a short timeframe for the Invictus Games Sydney 2018.

The Brief

When Unisys came on board as a partner of the Invictus Games Sydney 2018, one of the key areas of concern raised by the Head of Technology was cybersecurity. The brief was simple; implement an appropriate level of security, but with minimal cost. Unisys was ready for the challenge!

The first two points to address were:

What is an ‘appropriate level’ of security?
What are the gaps that need to be addressed from a security perspective?

To address the above, Unisys performed a comprehensive security risk analysis. This helped pinpoint expectations and the appropriate level of security for the data to be protected.

The security risk analysis identified seven high priority areas:

Network security, including wireless,
Security detection and response,
End-point security,
User education and training,
Email filtering,
Anti-phishing training, and
The security of third party suppliers to the Games.

Let’s look at each one in tur

View all images

Unisys has a proud history of working with the Defence community so we jumped at the opportunity to provide information technology and cybersecurity support to the Invictus Games Sydney 2018.

The Brief

The first two points to address were:

What is an ‘appropriate level’ of security?
What are the gaps that need to be addressed from a security perspective?

To address the above, Unisys performed a comprehensive security risk analysis. This helped pinpoint expectations and the appropriate level of security for the data to be protected.

The security risk analysis identified seven high priority areas:

Network security, including wireless,
Security detection and response,
End-point security,
User education and training,
Email filtering,
Anti-phishing training, and
The security of third party suppliers to the Games.

Let’s look at each one in turn.

Network security, including wireless

As the Invictus Games relied on public networks at multiple sporting venues, keeping IT equipment and wireless devices secure was a top priority.

Unisys Stealth^®with microsegmentation enable segmentation of the Invictus Games’ IT equipment into their own security zones, allowing Unisys to implement the required security policies to keep the data secure. This provided a virtual secure network across a shared public WiFi provided by each venue.

With critical applications running in the cloud, Unisys enabled secure connectivity to unsecured cloud applications via a proxy secured by Stealth, including the communications to, and from, the cloud provider.

Stealth provided additional benefits:

You can’t hack what you can’t see – all Stealth enabled devices were cloaked, making them ‘invisible’ to devices without access to these segments by policy. Using Stealth meant any device that was not allowed to communicate to the relevant segment could not even ping a device on that segment
Identity-based security – Stealth enforces security policies based on identities. A simple Public Key Infrastructure was put in place to validate the identity of a user or a device, and then enforce granular access control policies based on these identities. This led to two key outcomes

1. The level of security policy enforcement was more granular and controlled than traditional network based security; and

2. When the user or device moved from one micro-segment to another, the security went with them.

Equivalent security in the Data Centre and the Cloud – Stealth enabled the security policies in the local environment to be replicated in the cloud. The Stealth Enterprise Manager pushed security policies to any workload in the cloud running the Stealth agent.
Ease of deployment – using Stealth as software, it was deployed easily and quickly, and managed just as easily as well. This was important for this case in particular, as the security needed to be stood-up quickly and brought-down just as quickly after the conclusion of the Invictus Games. This would have been a lot more challenging with physical firewall infrastructure.

“A critical part for us was to make sure people had confidence in our ability to manage information with the respect and the confidence that is necessary for something like this, and Unisys effectively removed that problem from us. When they came on-board as a partner we no longer worried about that.” - Patrick Kidd, CEO, Invictus Games Sydney 2018

The entire Stealth deployment protecting the Invictus Games Sydney 2018 infrastructure was monitored by 24x7 detection and response through Unisys Security Operations. Any security-related issues would be quickly detected and managed providing the Games team peace-of-mind.

End-point security and encryption

With Stealth, Unisys was able to achieve security segregation based on identities and encryption ‘on the wire’. However, to protect data in storage, BitLocker was deployed on all Unisys-provided endpoints, providing Games organisers the assurance that if a device was lost, data could not be accessed easily.

Unisys further hardened existing images to ensure all endpoints were protected. The endpoints were centrally managed (including security) using Microsoft Intune, to ensure the images remained secure and patch levels were up-to-date. Additionally, anti-malware software was deployed on the endpoints to provide protection against these types of issues. The combination of these controls ensured that the endpoints remained secure throughout the Games.

User education and training

Top-of-mind for the Head of Technology was ensuring that the users applied the right level of IT security hygiene to keep the environment secure.

This was particularly challenging as many of the users were volunteers from different backgrounds – some were security savvy and others not. Unisys worked with users to educate them about basic security hygiene practices including phishing, password security and so on to ensure that everyone had at least a base level of IT security understanding.

“Unisys helped us with these wider stakeholder groups by providing training and familiarisation in cybersecurity threats … [Unisys] did a full assessment of our security and risk profile, and that included looking at our people, looking at our processes, as well as the technology.” - James Smith, Head of Technology, Invictus Games Sydney 2018

Unisys helped improved the Information Security Policy so that all users had guidelines to refer to in terms of IT Security. This gave Games organisers the confidence that all layers of the IT environment were covered and, with the right knowledge, users had been turned into effective ‘human firewalls’!

Email filtering

Unisys deployed email filtering across the Invictus Games Sydney 2018 user base. With the increase in attacks on organisations via this channel this control ensured that the entry of malware through emails into the Games environment was heavily reduced.

Anti-phishing training

Unisys worked with CoFense, to provide simulated phishing campaigns and anti-phishing training to the Games user base. With users increasingly targeted as an entry point for intruders, ensuring users were trained to spot and reject phishing emails was a critical control to implement.

Third party security assessments including penetration testing

Invictus Games Sydney 2018 used a number of cloud providers to address various aspects of games management such as competition management (such as results and scoring), workforce management, accreditation, etc. Unisys worked with Games organisers and third party providers to assess how they measured up against the Games’ security policies and made recommendations where there were gaps in compliance.

In some cases the providers had the controls available but had not implemented them because they weren’t aware it was needed. This is a common issue found with many organisations using cloud providers.

To provide an additional level of assurance, Unisys repeated the penetration testing after the recommended controls were implemented to ensure the cloud providers could withstand a typical attack.

By taking a simple approach to a complex environment, Unisys was able to secure the Invictus Games Sydney 2018 from cyber threats and achieved this on a tight budget. Unisys takes a Zero Trust approach to security spanning people, policies and technology. And by aligning security investments with risk profiles the desired business outcomes can be achieved by implementing the appropriate level of security. Everyone can achieve an appropriate level of security. It’s just a matter of understanding what that level is and managing the risks to the business.

Stop treating internal and external threats like they’re different things

Survey shows strong focus on business risk, but technological controls are also needed to stop external attackers who use internal credentials with impunity

Security professionals need to stop thinking about cybersecurity threats as being internally or externally focused and understand that the two forms of attack are intrinsically related, a cybersecurity expert has advised in the wake of survey findings suggesting Australian executives see internal threats as the biggest perceived threat to information security.A

recent straw poll, conducted by security consultancy Content Security amongst attendees at AISA’s recent Australian Cyber Conference 2018, found that 29 percent of respondents believe internal threats will be the biggest attack threat through the end of 2019.

That was well ahead of those concerned about privileged account exploitation (20 percent), ransomware (18 percent), and zero-day threats (17 percent) – but CEO and co-founder Louis Abdilla warned that categorising the threats risks glossing over the interconnectedness of those threats.

“In today’s security landscape, the distinction between inside and outside cyber threat no longer matters,” he explained.

“This is because attackers are actively seeking to pose as legitimate insiders. They do this by stealing and exploiting privileged accounts – the same credentials used to manage and run an organisation’s IT infrastructure.”

The survey also queried attendees on their proposed plans for security investments, with 52 percent of businesses saying they would spend at least $500,000 on cybersecurity and breach prevention next year.

Fully 28 percent named SIEM and security operations centres (SOCs) as the most critical technology investment over the next 12 months, with multi-factor authentication (23 percent) and vulnerability management (21 percent) also showing strongly.

And while this level of investment confirmed that businesses are investing in cybersecurity protections as a business priority, fully 45 percent said they were aligning their compliance efforts to either ISO 27001 or NIST risk-management frameworks; by contrast, just 1 in 10 said they were following the guidelines of the Australian Signals Directorate’s Essential Eightstrategies, which are more technically prescriptive.

The increasing prevalence of business-focused strategy frameworks has been reflected in a push to deliver more, and more comprehensive, privacy frameworks that position data management and privacy as a business risk rather than an esoteric IT issue.

The new notifiable data breach (NDB) scheme and EU general data protection regulation (GDPR) have this year tightened reporting requirements around data breaches, no doubt influencing the investment in risk-focused security platforms.

The coming year will lend further weight to growing privacy obligations, with tighter new privacy regulations in California adding to the chorus of pro-privacy voices.

New obligations, such as the Australian Prudential Regulation Authority (APRA) push to make boards responsible for an organisation’s information security, will add further pressure to this trend.

However, Abdilla warns, the blurring distinction between internal and external compromises means the right balance is not to focus exclusively on business risk or technological controls, but a bit of both as appropriate for the environment.

With more Australian organisations looking to increase their maturity, security frameworks and standards provide a foundation to develop a strong cyber security strategy,” Abdilla said. “Ultimately, we should always encourage good security habits and train employees on best practices and how to spot common attacks.”

To help fix service issues before they happen

Internal training, technical work is harnessing AI/ML and web-scale data lakes to manage over 20TB of new data every day

Legacy data warehouse architectures may have been designed for large amounts of data – but even massive warehouses would struggle to manage, much less analyse, the 20 to 30 terabytes of operational data that nbn™ Australia collects on a daily basis.

That data – including network performance data, performance alerts, usage information, network alarms, and more – is vital to understanding how the company’s Australian wholesale broadband access network is performing.

But as network and systems became more complex and its data requirements more sophisticated, nbn has had to explore different approaches – which it did with the establishment of the Foresight Lab over a year ago.

Amongst their many tasks, the technical and data-analytic experts within Foresight scale have been charged with transitioning nbn from legacy data-warehousing technologies to a less well-defined, unstructured virtual ‘data lake’ – an evolution of big-data technologies that sidesteps past architectural constraints through the integration of web-scale technologies.

The virtual data lake is built and managed internally within nbn as a private cloud, offering tight control over data while providing the scalability benefits of web-scale companies that “have changed the way we look at data,” explains Arun Kohli, executive general manager for IT architecture and Foresight Lab with nbn.

“There were always metrics, KPIs, and data used to make the decisions, but the scale that we now call ‘big data’ was very difficult and very expensive. With cloud computing and storage, the technology of the storage has changed – which has helped us exploit the data at scale.”

A foundation for change

Coping better with scale has proved critical in fuelling two other key data paradigms that are driving R&D work.

The second, performance and capacity management, is gaining accuracy and relevance thanks to the detailed analyses it provides about the operation of the wholesale network that nbnoperates across several transmission modes spanning across Australia.

Ongoing analysis of usage patterns and congestion spots helps the company prioritise target areas for its ongoing rollout, while correlations with factors such as time of day have revealed important patterns in consumer demand for services over the nbn™ access network and retail service provider (RSP) demand for nbn™ wholesale products and services.

The third area where nbn’s data collection is helping to drive a service revolution lies in the ability of such massive data stores to feed increasingly common artificial intelligence (AI)/machine learning (ML) algorithms.

By training AI tools with ML algorithms designed to better understand baseline performance and configuration specifications, it becomes much easier for the systems to automatically spot issues that may be causing performance problems or service interruptions.

Whatever the transmission medium, patterns of behaviour are built up over time – providing unprecedented predictive power that can help the company anticipate a performance problem before end users even notice it.

This might be an issue with a setting in an end-user router, or an issue with the way that a hybrid fibre modem is bonding multiple transmission channels. Under today’s models, such problems would only be identified when an end-user complains about their service and the RSP escalates the call – but in the AI/ML world, nbncan help to proactively identify looming issues and resolve them well before they become a problem.

Finding the right skills

Intelligent analysis techniques may be providing new insights into ever-larger quantities of nbn™ data, but they’re also creating new challenges as the company works to build out its base of skilled data specialists.

While establishing the Foresight unit over a year ago, the team faced a challenge to find people with the necessary domain expertise and data-analytics credentials. Instead, they identified internal data engineers for training and separately hired pure data-science specialists to help them transition into the more proactive, AI/ML-led environment.

This was not always straightforward. “Our domain experts are coming from an educational background and industry training,” Kohli explains, “where things are defined by engineering and mathematical formulas. They like to use supervised machine learning because it’s very close to the way they were always taught – but when we talk about unsupervised machine learning, it becomes difficult. It’s a conceptually different way of thinking.”

To resolve these differences, data-focused specialists were paired with internal domain specialists – who understand core nbntechnologies including fixed wireless, satellite networks, hybrid fibre-coax (HFC), fibre-to-the-curb (FTTC), and dense wavelength division multiplexing (DWDM) backhaul – and tasked with training them in the disciplined application of data analysis techniques to their existing knowledge.

This collaboration between three disciplines spawned a process by which the company has been able to upskill its internal network specialists, technical architects, operational support system (OSS) and business support system (BSS) architects, and other specialists – bringing them together on a common purpose to transition nbn into a more data-focused organisation than ever.

In August, nbn revealed their updated corporate plan that highlighted their focus to improve the experience end-users and improve the time to resolve issues as quickly as possible.

“We are very much a metric-driven organisation,” Kohli explains. “Once we understand these issues, we can talk about leading indicators – and not just lagging indicators, which most of the industry does. The end user may still have a service, but we can now spot issues that may impact them in the future.”

Bringing this all together has been influential in helping nbn to spot those issues before they impact an end-user or business. Advances in data uses further enhance nbn’s ability to improve the experience of internet access when customers need it most.