New malware uses Twitter to bypass security

zero-day-new
Social networking sites have already seen their fair share of malware exploits and the most recently discovered ‘Hammertoss’, could potentially be the sneakiest yet.
In the hackers aim to make their software undiscoverable from both users and anti-malware software, Hammertoss mimics the users behaviour and sends all traffic as genuine posts on Twitter,  bypassing the anti-malware protection to “relay commands and extract data from compromised networks”.  The discovery was made by security firm FireEye and is believed to be from a Russian hacker group which FireEye is calling APT 29.
Once the software is on the target’s computer it checks into Twitter and searches for specific Twitter users using an algorithm, where it will receive its instructions.  Hammertoss can receive orders through images placed online which contain hidden, encrypted data waiting to be unpacked and executed.   These instructions are sent over as regular twitter posts, looking ordinary to the eye.  Once received, the software loads the referenced image (again looking perfectly normal but actually containing further instructions within its code). With all this in place, the software then starts to transmit data from the target computer onto a newly setup cloud service which APT29 can retrieve, but leaves no trace of the group’s actions.
What makes Hammertoss unique is it reliance on trusted services such as Twitter and document cloud services which are usually okayed by anti-malware tools.   FireEye suspects the tool is being used sparingly to remain elusive and currently only targets a small number or high-value targets. The suspicion is that other cybercriminals will likely copycat this method for their own uses.
Whether or not this methodology is recreated elsewhere, the demand on organisations to be vigilant in monitoring and defending their systems is obvious whatever systems and platforms are utilised.  Good practice management is to have updated policies on a) who can be an administrator / content editor on any corporate social media platform  b) to review content regularly to ensure what is posted is correct and appropriate and c) to utilise the most robust software available to prevent pernicious zero day vulnerability. However, the cunningness and shadowy nature of this form of cyber threat is clearly going to be very difficult to counter.

Microsoft Rolling Out ‘Advanced Threat Analytics’

Following Microsoft’s acquisition of enterprise security firm Aorato in November 2014, it is using their technology to launch Advanced Threat Analytics (ATA), a new cyber security service to customers available from August 2015.  This on-premise product seeks to ID advanced persistent threats BEFORE they can cause damage.

For Brad Anderson, corporate VP of Enterprise Client & Mobility at Microsoft, the traditional IT security solutions of monitoring and security have become less effective once a breach is discovered and the length of time it takes to identify the intruder too arduous in sifting through the sheer mass of data in an inbox or console. In Anderson’s view:

•         Compromised identity is the No.1 cause of the breaches from organisations worldwide.
•         BYOD is a root cause of many security problems as an employee’s use of their own device is often less couched in the same protective software and governance as corporate devices.
•         Security tools are too cumbersome, with complicated reports and too many false positive results.

ATA uses identity as the fulcrum for spotting potential attack, with machine learning and behavioural analytics to detect security threats fast.  Anderson is proud of the user friendly nature of this on premise new toolset which uses an “easy-to-consume, and simple-to-drill-down, social media-like feed timeline”.

With data security a dominant issue for organisations and increasingly an unavoidable subject for employees with an active CISO, having an accessible toolset is an attractive advance, but one which should be considered hand in hand with educating the workforce to identify and report cyber threats.

Organisations need to be prepared and practice for such an event in order that employees can gain a greater understanding of the commercial fallout  – and ensure that personal responsibility is not abrogated, allowing a cyber attack to happen.

enterprisemobilityaorato

Engaging the teleworker in the digital workplace

Web conferencing and online collaboration specialists PGi have published the results of a recent survey of 3,000 workers globally to get a 2015 insight into teleworking (or ‘telecommuting’) and options in a digital workplace.

Company management needs to understand the pros and cons of this increasingly adopted work approach to ensure their business looks attractive and retains the best talent.

Positives about teleworking:
• 66% reported that telecommuting has become more positively viewed within their organization.
• 79% have the opportunity to work remotely at least one day a week.
• More flexibility in hours and workplace – personal benefit
• Eliminates or reduces commute times – personal benefit
• Better work-life balance – personal benefit
• The proliferation of mobile devices and cloud-based apps – making work less of a place to go vs something you access whenever and wherever you choose – personal and corporate benefit

Challenges with a flexible workforce:
• 54% of non-teleworkers said they remain in the office because telecommuting isn’t an option (resentment can build if communication is poor when requests are turned down without contextual clarification).
• Logistical barriers with new technologies, business processes or reimagined roles can exist – personal and corporate benefit.
• Office alienation, sense of disconnect and loneliness – the majority of remote workers  cannot create the same rapport as their onsite colleagues with F2F engagements, conversations and spontaneous brainstorms – personal benefit.
• Poor communication – despite email, unified communications, online meetings, team workspaces – the perceived benefits will reduce if there is not good 2-way communication.  Personal and corporate benefit.

Teleworking is certainly worth considering by digitally-enabled companies.  Whilst wholesale remote working will invariably be more challenging and distancing between teams, well managed partial teleworking can also add freshness and increased workflow from lack of interruption.

Companies offering flexible work programmes WILL differentiate themselves in the marketplace in attracting and retaining top talent.  However, whatever sophisticated collaboration technologies are enabled, maintaining contact with the ‘human’ in the human resource must be central, whatever the level of seniority.

Added to this, any offsite worker needs to be well managed, integrated and nurtured like any other, with proper processes, accountability and understanding if the system it is to work and BOTH company and individual to benefit.

11552001_s

Next-gen debugging: Having fun squashing bugs!

_84303145_84295461

As software systems become ever more complex in both their feature set and their scale, the task of debugging them (the process of going through your code and eliminating bugs) multiplies also and costs a lot of money. 

Traditional methods of debugging usually involve software testers to run the in-progress software in every scenario possible and detailing every time a bug pops up. These lists will go back to the development teams and as they work their way through these, slightly newer versions of the software get trialled by the testing teams.  Sometimes fixing one bug will cause another to spring to life – and so this cycle can go on for a long time. Even with these processes, most software released has up to 5 bugs per 1,000 lines of code, with the paying users become the unsuspecting beta testers as their feedback is sent back to the programmers automatically by the application itself.

US Defence Advanced Research Project Agency (DARPA) funded a crowdsourcing project to tackle the issue of bug-riddled software recently.

One of the concepts to come out of this project came from SRI International, a non-profit research institute based in California.  Their idea is to make squashing bugs fun by creating a video game, played by gamers but to help identify if a particular software application is bug free or not.

binaryfissionpng

The game, ‘Binary Fission’ is a puzzle game where players set filters to separate different coloured objects.  These objects represent genuine code not visible to the player and the filtering system represents the different computing tasks. The more people playing the game, the more data is collected, helping find bugs with the related code referenced.

In principle the idea of adding gamification (the process of applying video game-like qualities to other tasks) to debugging code has much merit. A lot of people spend considerable amounts of time playing similar puzzle games on the internet and If it was possible to apply this approach without directly intruding on the players’ entertainment then it’s a win-win for all involved.

It is still very early days but if a standard framework for this type of de-bug game could be applied to all types of applications in software development then we could see ad-riddled internet games replaced with ad-free versions, sponsored by the development houses, with playtime equalling debugging time on their code. 

Microsoft are also in a unique position.  If such a de-bugging software platform does take off, we may see MS Office being de-bugged behind the scenes, not just by preview members, but also the MS Xbox gaming community playing Microsoft published games to help identify the bugs. 

 

Google’s Knowledge Graph – the tool that knows what you want

Google’s massive web search engine is seeking to move towards creating a greater understanding of what the user is looking for in online web searches and reasoning like a person as it learns from the web. With the indexing of the web mainly done, the next task is to understand the content on this massive repository we all use.   So, after building up trillions of words, Google is now trying to connect them in ways similar to the human brain, to help Google work out what we want to know and deliver a device that can handle tasks and subtasks that we will end up using in every day life as it creates a view of the world.

This new tool, called ‘Now on Tap’, will appear on the new version of Android OS when released.  In a bid to understand the context of what you may need to know, Now on Tap is seeking to apply meaning to the collection of words on the web and make them all interconnecting and thus create the ‘Knowledge Graph’ to represent the world in a useful way.

Another, far smaller company, Diffbot nearby in Silicon Valley is doing the same thing, though on a smaller scale.  Founder Mike Tung is a former student of Stanford, having studyied AI.  His company data feeds into several online search engines including Microsoft’s Bing search engine.  Diffbot reads 2,500 web pages per second and categorises their content.  Diffbot’s Knowledge Graph is only 60% size of Google with around 600 million objects, however Mike Tung is not shy about the company’s ambitions:  “Our long term goal is to build a machine that can read one trillion objects.  This would be the leaping point for human level intelligence”.

All of this is some time away from commercial realisation, however whilst again demonstrating exciting advances in technology and innovation, alongside all this good stuff, there remains the nagging issue of security.   Google has a less than strong record in data security, so the development of a new architecture and connectivity through the Internet of Things has to run in conjunction with tighter security measures and data controls if Google and others are to afford assurance to users that the data searches they are seeking and storing remain personal and approved.

Google-Now-on-Tap-inline2

Joined up healthcare technology putting patients at the heart of consultations

With the advent of wearable technology and health trackers, along with social media and the power of Google, many patients are turning to personal investigation to check out their personal health symptons and conditions online using Google, Bing, Yahoo and others.  This marks the evolution of the e-patient.

US cancer sufferer and blogger Dave de Bronkart whose moniker is ‘e-patient Dave’, originally rose to prominence in 2009 and recently spoke at the Intersystems joined-up healthcare event in the US to advocate greater openness in the worldwide healthcare community between patient and the doctor as the patient seeks to know more.

Patients are able to access their digital health records (though relatively few do – 0.4% of GP patients thus far in the UK) and by doing so are best placed to identify any errors in separately held records across service providers and regions.  With access to online services, cost savings for booking appointments online, obtaining referrals, and even doctors using wifi to track patient flow through a hospital, this creates massive savings for primary care providers and hospital trusts.

The mainly holistic but equally powerful change however comes through the doctor being open to suggestion from the patient during consultations, as a result of today’s vast wealth of data available online. This offers patients access to research resources which can supplement practioner’s knowledge as well as reinforce or challenge, which should not be written off.  As e-patient Dave argues, this should bring doctor and patient closer together but could be seen by some GPs as a threat. The patient should be welcomed in bringing their own healthcare research and knowledge to the table.  By being open to this he argues, it increases interaction and creates a more educated dialogue, involving better informed questions and greater degree of insight whether a good or bad prognosis. This ultimately provides the opportunity for perceived delivery of a greater level of personal care through proper and open consultation.

These are concepts advocated by UK health minister Jeremy Hunt, who as the NHS seeks to go paperless by 2018, has tasked Martha Lane Fox with putting together a proposal on increasing the uptake of digital innovation in the NHS.  This will no doubt include proposals to involve greater use of social media or webex consultations, other than the existing social media use of just inviting views or questions by the healthcare organisations which a number have already undertaken.  With the higher motive of saving billions of pounds, there is nonetheless an argument that greater empowerment and enablement will assist trusts as they seek to save money bluntly through technology on the one hand and enable the patient to be more involved in their own care and outcomes.  Just keep a weather eye on the critical issue of the handling of patient data and privacy as this direction evolves.

ePatient-Strategien_1900x800    Dave-deBronkart

Windows 10 countdown to July’s treasure chest download

With the launch of Windows 10 releasing globally to 190 countries on 29th July 2015, organisations with enterprise licences will delay the upgrade to the new Microsoft OS with its bells and whistles advances in applications, training and innovation.  All other versions of Windows 7 and 8 will have the upgrade actively pushed to them.  Windows 10 Enterprise will be available for bulk order from 1st August. Enterprise organisations will also be able to manage company-wide rollouts for the new update.  However, the impact on non-enterprise licensed companies may be more bluntly felt as they will have less time to prepare for the changes.

Companies with Windows 7 and Windows 8/8.1 are able to take up the free upgrade for the first 12 months (after which it will cost from £100 to circa £150 unofficially for Windows 10 Pro) to run on PCs, smartphones and other devices.  Home/device users may notice a new windows icon at the bottom of the screen readying the 1.5 billion computers and other devices for the upgrade.  Microsoft attests it has addressed compatibility issues to ensure the new tools will fully integrate with existing management software such as Enterprise Mobility Suite.

Key features of Windows 10
• Offering Azure Active Directory joining with single sign on through Office 365 which should help users manage multiple log on credentials
• Android and iOS apps will run on the new OS.
• Personal assistant Cortana will run synchronously across devices as a socially intelligent tool, keeping track of things of interest to the user, making suggestions or giving reminders about appointments. Her intelligence comes from Bing, accessing Tellme’s natural language processing and MS’ enormous cloud processing power.
• Edge browser will take over from the retiring default Windows browser Internet Explorer after 10 years
• Continuum will deliver the ability to seamlessly move between desktop use and hybrid device undocking to tablet mode and touch.
• Windows Hello facial recognition will appear: an Intel RealSense biometric authentication system which does not use a password, but has enterprise grade security.
• Added to this are the Universal Apps creating a single platform for developers and multiple platform use for the consumer once purchased including automatic updates as delivery is through the Cloud.
• Microsoft Passport secure sign-in for websites and services, supporting Active Directory services including Exchange Online, Salesforce, Citrix and Box
• Plus the traditional Mail, Calendar, Photos and Maps and the well publicised return of the popular Start menu.

With regular, incremental updates vs periodic changes, Windows 10 will make the management of updates on different devices and systems less of a headache for IT departments and MSPs, who will be able to tailor when updates roll out and target off peak periods to avoid impact during critical periods of business.

For MSPs, now is the time to review your customers profiles and ready each organisation for a big change in 2015 and with Microsoft’s latest announcements at MWP, a new series of commercial opportunities looks set to follow.

 

Windows-10-logo