IT Pro 20/20: Meet the companies leaving the office for good


Dale Walker

31 Mar, 2021

For this issue of 20/20, we wanted to address a problem that most businesses will face in 2021 – the return to the office.

You’ve likely seen that a handful of companies have taken the bold decision to close their offices for good and extend the remote working policies that have worked so well during lockdown. The jury is still out on whether this will lead to long-term success, but to better understand the thought process behind such a drastic approach, we’ve spoken to those companies taking the plunge.

Elsewhere we look at the best ways to measure success in a cloud-first business, what green cloud might mean for the industry, and the pros and cons of using Slack and Microsoft Teams for inter-company communication.

We hope you enjoy reading this month’s issue. For more insight and advice, head to www.itpro.co.uk.

DOWNLOAD ISSUE 15 OF IT PRO 20/20 HERE

The next IT Pro 20/20 will be available on 30 April – previous issues can be found here. If you would like to receive each issue in your inbox as they release, you can subscribe to our mailing list here.

Amazon is reportedly developing custom networking chips


Sabina Weston

31 Mar, 2021

Amazon is reportedly gearing up to produce its own networking chips in face of the global shortageThe Information has learned. 

The in-house chips would be used for Amazon’s internal IT infrastructure and AWS, speeding up the cloud division’s data centre servers as well as enhancing its artificial intelligence (AI) services, according to the information obtained by the publication. 

The move would diminish the need for the company to outsource production, which has proven increasingly unreliable in the past year. Although Amazon already manufactures its semiconductor switches in-house, their production is reliant on silicon supplied by San Jose, California-based company Broadcom

In April 2020, the chip manufacturer warned customers that they would be required to place their orders at least six months in advance, instead of the normal two to three months. Broadcom’s VP of sales Nilesh Mistry said that this was due to “unreliable” transport options caused by the COVID-19 pandemic.

It isn’t clear whether Amazon’s reported decision to develop custom silicon chips for its hardware network switches was influenced by this issue, but the move will likely make it easier for the tech giant to avoid supply chain disruptions and have more control over its own infrastructure.

Amazon’s in-house chip development will be made possible thanks to its 2015 acquisition of Israeli chip manufacturer Annapurna Labs, which the tech giant purchased for $350 million (£254 million).

Israel is also set to be the base of Google Cloud’s new server chip design division. Last week, the tech giant announced that it had hired Intel’s engineering veteran Uri Frank to lead its increasing investments in custom silicon.

Google Cloud’s VP of Systems Infrastructure Amin Vahdat said that the company is “thrilled to welcome Uri Frank as our VP of Engineering for server chip design”, adding that the tech giant had “long looked to Israel for novel technologies including Waze, Call Screen, flood forecasting, high-impact features in Search, and Velostrata’s cloud migration tools”. 

“We look forward to growing our presence in this global innovation hub,” he added.

Apple has also recently started equipping its MacBooks with its own custom ARM-based processors in order to lessen its reliance on Intel. 

VMware patches critical flaws in vRealize AI platform


Zach Marzouk

31 Mar, 2021

VMware has patched a pair of vulnerabilities that could have given attackers access to admin credentials and file writing access.

The company stated that the first vulnerability, CVE-2021-21975, could allow a malicious actor with network access to the vRealize Operations Manager API to perform a Server Side Request Forgery attack to steal admin credentials

VMware evaluated the danger of the issue and decided it was an “important” severity with a maximum CVSS base score of 8.5. CVSS is an open framework for communicating the characteristics and severity of software vulnerabilities and is marked between 0 and 10, with 10 being critical.

vRealize is the company’s AI-powered platform that delivers “self-driving IT operations management for private, hybrid and multi-cloud environments.”

The second vulnerability, CVE-2021-21983, meant that an authenticated malicious actor with network access to the vRealize Operations Manager API could write files to arbitrary locations on the underlying photon operating system. VMware evaluated the issue to be of an “important” severity as well and gave it a CVSSv3 base score of 7.2.

The company published a security advisory on Tuesday to inform customers of the two vulnerabilities, of which both were reported by Egor Dimitrenko of Positive Technologies. The products impacted are the VMware vRealize Operations, VMware Cloud Foundation and vRealize Suite Lifecycle Manager.

A month ago it emerged that ransomware operators were exploiting VMware ESXi flaws by retooling their strains to exploit vulnerabilities. The flaws, which were patched by the company, included allowing hackers to execute commands on the underlying operating systems that hosts the VCenter Server.

In February, security researchers warned of two ESXi hypervisor flaws that ransomware gangs were using to encrypt virtual hard drives. Hackers reportedly encrypted 1,000 VMs at Brazil’s Superior Tribunal de Justicia, whereas other victims suffered as their VMs were shut down and datastores encrypted and left with a ransom note.

Google Stack is an AI-powered document scanning app


Bobby Hellard

31 Mar, 2021

Google has built an AI-powered app that lets users scan physical documents and automatically organise them into Google Drive.

“Stacks” can analyse bills, receipts and any paper documents you have laying around the house and uses artificial intelligence (AI) to scan and categorise before turning them into a PDF. 

Users only have to take a photo of their document as the programme can automate the rest. It identifies important information within the document, such as a “due date” or “total amount due”, and these bits of information can then be used to help store and search for the documents, with the app auto-generating names based on its content. 

The idea comes from Christopher Pedregal, whose ed-tech startup Socratic was acquired by Google back in 2018. Socratic used Google’s computer vision and language understanding to make learning tools for high school students. The project was developed by Google’s in-house incubator, Area 120, and pulled in members of the tech giant’s DocAI team – which has AI programmes for analysing documents. 

The app is currently available on Android – free and without in-app purchases – and Google will wait to assess user feedback before launching a version on other platforms, such as iOS. Currently, the Android version can scan a range of different sized documents, such as utility bills, shopping receipts and even identification papers. 

Stacks was not the only new AI-based tool Google is showed off on Wednesday as Google Maps has also added a slew of new features. The first is ‘Live View’, which uses augmented reality to help users navigate indoor spaces such as airports or shopping centres. It uses ‘billions’ of Street View images to provide live information for a user as they walk through a building, and graphics will mark out where toilets are or the path to the check-in desk. 

Maps can also now offer up ‘eco-friendly’ routes for motorists that optimise fuel consumption based on factors like road incline and travel congestion. Currently, the map updates are available in the US only. 

Head of Homeland Security had his email hacked in SolarWinds attack


Danny Bradbury

30 Mar, 2021

According to a new report, suspected Russian hackers accessed email accounts belonging to the Trump administration’s head of the Department of Homeland Security (DHS).

The Associated Press reported that hackers also gained access to emails belonging to members of the department’s cyber security staff that had the job of hunting foreign cyber threats.

The emails belonged to then-acting secretary Chad Wolf, and hackers compromised them during the months-long SolarWinds attack. It’s unknown what information, if any, was stolen.

Senator Rob Portman of Ohio, top Republican on the Senate’s Homeland Security and Governmental Affairs Committee, said the SolarWinds hack “was a victory for our foreign adversaries and a failure for DHS. We are talking about DHS’s crown jewels,” AP reported.

In addition to Wolf’s email, hackers also obtained officials’ schedules at the Energy Department, including then-Secretary Dan Brouillette. But, in this instance, schedules were not confidential.

A DHS spokesperson said in a statement to the media that “a small number of employees’ accounts were targeted.”

“Upon learning about the campaign, the Department took immediate steps to respond to the incident, including leveraging response teams from CISA and private sector partners, to continue executing its mission,” said the spokesperson, reported The Hill.

“The Department no longer sees indicators of compromise on our networks and remains focused on further securing our networks against future attacks, integrating lessons learned from this incident. However, this widespread intrusion campaign has again shown that our strategic adversaries are sophisticated, persistent, and have increasing capabilities.”

In interviews with AP, anonymous officials said the response to the hacking campaign was hampered by its outdated technology and there were struggles to discover how many servers ran the SolarWinds software.

In one example, the Federal Aviation Administration (FAA) said the hack didn’t affect it, only to admit a few days later that it was conducting investigations a few days later.

Other victims of the SolarWinds hack include the Commerce and Treasury Departments, National Finance Centre, the State Department, the National Institutes of Health, the Energy Department, and the National Nuclear Security Administration.

The AP reported the Biden administration isn’t planning to step up government internet surveillance but will instead focus on better private sector partnerships and enhanced information sharing.

Harris Federation disables students’ emails following ransomware attack


Sabina Weston

30 Mar, 2021

Students at London-based Harris Federation schools have been cut off from their email accounts after the trust became the latest educational institution to fall victim to a ransomware attack.

The incident, which took place over the weekend, comes just days after the University of Northampton fell victim to a cyber attack and follows a worrying trend of hackers targeting educational institutions and disrupting student learning, which has already been heavily affected by the coronavirus pandemic.

The Harris Federation has been forced to “temporarily” disable its email systems and devices of all of the 50 primary and secondary academies that it manages, leaving 37,000 students unable to access their correspondence and coursework.

The academy trust said that the steps were necessary to mitigate the impact of a ransomware attack that encrypted the data on the schools’ IT systems.

It also added that it is “using the services of a specialised firm of cyber technology consultants” as well as “working closely with the National Crime Agency and the National Cyber Security Centre”. Details of the ransom are not publicly available and the trust was not immediately available for additional comment.

In the past five weeks alone, hackers have targeted the University of Northampton as well as Oxford University’s Division of Structural Biology. The recent increase in cyber attacks on educational institutions has prompted the National Cyber Security Centre (NCSC) to issue an alert urging organisations to follow its guidance on ‘Mitigating malware and ransomware.’

NCSC director of operations Paul Chichester labelled the targeting of the education sector by cyber criminals as “completely unacceptable”.

“This is a growing threat and we strongly encourage schools, colleges, and universities to act on our guidance and help ensure their students can continue their education uninterrupted.

“We are committed to ensuring the UK education sector is resilient against cyber threats, and have published practical resources to help establishments improve their cyber security and response to cyber incidents.”

Commenting on the Harris Federation ransomware attack, Ilia Kolochenko, CEO of security company ImmuniWeb said that, “unlike large universities, which can afford spending considerable budgets on cybersecurity, primary schools often struggle to get budgets even for the very foundational security controls, let alone advance cyber defense solutions”.

“Worse, such victims commonly have no choice but to pay the ransom from modest school funds, leaving no money for other activities,” he added.

Kolochenko urged the UK government to “urgently intervene with cyber training, financial and technical support in the UK educational sector”. 

“For example, when buying security software, a volume-discount for all schools in the UK could be huge and make even premium security products affordable. Importantly, cyber police units are also deprived of sufficient funding proportional to surging and sophisticated cybercrime.

“Law enforcement agencies require undelayed financial support to attract new professionals, align forensic capacities with modern cyber threats and perform educational support and awareness among future victims.”

UK gov threatened with legal action over WhatsApp use


Bobby Hellard

30 Mar, 2021

When Boris Johnson uses WhatsApp for official government business, he may be in violation of UK laws due to the platform’s support for “self-destructing” messages. 

That’s according to non-profit groups Foxglove and Citizen, which are threatening legal action over Freedom of Information (FOI) requests that the government is yet to acquiesce.

Citizen said it has sent “several” FOI requests to the government regarding messages on “topics that are in the public interest”, but, so far, these have not been acknowledged. As a result, Foxglove and Citizen have sent a legal letter with the threat of a judicial review if it receives an “unsatisfactory” response from the government. 
 
Ministerial use of WhatsApp and Signal is well documented, with various reports of the prime minister using the app to discuss official business with special advisors and other MPs. Foxglove said the capability to instantly delete messages means that legal analysis can never be fully performed and that for a democratically elected government, it presents a lack of accountability. 

A spokesperson for Citizen said that the government’s use of digital messaging apps could render “one giant black hole” in British history.  

“Government business is being conducted under a cloak of secrecy enabled by the tech platforms,” the spokesperson said. “The only way we can have any hope of holding power to account or even simply maintaining the historic record is through transparency. We desperately need to challenge what we believe is a clear breach of the law on behalf of both Britain’s investigative journalists and its future historians.”
 
In response, a spokesperson for the Cabinet Office told IT Pro that “records of official communications are retained in accordance with the relevant publicly published guidance”. It also pointed out that instant messages are subject to section 3 of the Public Records Act 1958 which requires them to be permanently preserved so they can be made available for appraisal, selection, sensitivity review and transfer to The National Archive at the appropriate time.
 
The director of Foxglove, Cori Crider, said it was “deeply concerned” by the government’s approach to data, suggesting it involved collecting more and more information on the general public while offering less information on itself. 
 
“This turns democracy on its head,” Crider said. “Privacy is for the people – transparency is for the government. And if we have to sue to tip the scales back in favour of the citizen, so be it.” 

Australia’s Channel 9 hit by cyber attack during live broadcast


Bobby Hellard

29 Mar, 2021

A live broadcast by Australia’s Channel Nine TV station was taken offline by a cyber attack on Sunday evening, the station has confirmed.

The incident affected several shows, including the Weekend Today programme, according to the BBC, with staff now working from home until further notice.

In a statement, the organisation said its IT teams were working “around the clock” to fully restore its services and that the attack also affected its corporate business units, its websites, and email systems.

Australia’s shadow treasurer, Jim Chalmers, told reporters: “These are very concerning reports. What we’re hearing about here is a serious, and sophisticated, targeted attack on a media organisation.”

The attack on Channel Nine coincided with “technical disruption” at Australia’s Parliament House where MPs and senators lost email access over the weekend. The issue was related to an unnamed external provider, according to the country’s minister for defence, Andrew Hastie.

As a precaution, the service was cut off from the rest of the government’s systems as soon as it was detected and Australia’s Cyber Security Centre has been brought in to investigate. At this stage, it isn’t clear whether the parliamentary outage and the cyber attack on Channel Nine were connected.

“This is a timely reminder that Australians cannot be complacent about their cyber security,” Hastie told News.com.au on Sunday. “Cyber security is a team effort and a shared responsibility. It is vital that Australian businesses and organisations are alert to this threat and take the necessary steps to ensure our digital sovereignty.”

Hastie added that Australia saw around 60,000 reports of cyber security and cyber crime incidents last year, roughly one every ten minutes, he said.

Despite the issues, Channel Nine’s broadcast was back up on Monday.

Android spyware disguised as ‘system update’ app discovered


Keumars Afifi-Sabet

29 Mar, 2021

A sophisticated strain of malware capable of stealing user data from infected Android devices is masquerading as the System Update application.

The malicious mobile app, which functions as a Remote Access Trojan (RAT), is part of a sophisticated spyware campaign that has the ability to record audio from devices, take photos, and access WhatsApp messages, according to Zimperium researchers.

Once installed, it registers with its own Firebase command and control (C&C) server, normally used by legitimate Android developers, as well as a second independent C&C server, to send across an initial cache of information. This includes information about whether WhatsApp is installed or not, battery percentage, storage stats, and other information. It can only be installed from a third party store and not the Google Play store.

The malware then receives commands to initiate various actions such as the recording of audio from the microphone or data exfiltration. Researchers have also discovered the malware is capable of inspecting web browsing data, stealing images and videos, monitoring GPS locations, stealing phone contacts and call logs, and exfiltrating device information.

The device also asks permission to enable accessibility services, and abuses this to collect conversations and message details from WhatsApp by scraping the content on the screen after detecting whether the user is accessing the messaging service.

It hides by concealing the icon from the device’s main menu or app drawer, while also posing as the legitimate System Update app to avoid suspicion. When the device’s screen is turned off, the spyware creates a ‘searching for updates’ notification using the Firebase messaging service which allows it to generate push notifications.

The spyware’s functionality is triggered under various conditions, including when a new contact is added, a new text message is received or a new application installed. It does so by exploiting Android’s receivers including ‘contentObserver’ and ‘Broadcast’, which allows communication between the device and the server.

The Firebase messaging service is only used to initiate malicious functions, such as audio recording or data exfiltration, by sending commands to infected devices. The data itself is then collected by the second dedicated C&C server.

The spyware also only collects up-to-date information, with a refresh rate of roughly five minutes for location and networking data. The same applies to photos taken using the device’s camera, but the value is instead set to 40 minutes.

Researchers have so far been unable to determine who is behind the campaign, or whether the hackers are trying to target specific users. Given this spyware can only be downloaded outside of the Google Play store, users are strongly advised not to download applications to their phones from unsafe third-party sources.

Ikea-owner invests £12m in London-based startup what3words


Zach Marzouk

25 Mar, 2021

Ingka Investments, owner and operator of 389 Ikea stores and e-commerce across 32 countries, has invested close to £12 million in London-based tech startup what3words.

What3words technology divides the world into a grid of 3-metre squares, with each square being assigned a unique combination of 3 words that can be used to pinpoint the area to a high degree of accuracy. This has a number of use cases, including helping emergency services locate 999 callers in locations that are difficult to describe, such as a remote hillside.

Ingka said that the technology would prove useful with efforts to reduce CO2 emissions and reduce the number of vehicles on the roads by ensuring more first-time deliveries are successful.

“As we look to a future of drone deliveries and autonomous vehicles, the system, also designed for voice entry, will provide the accuracy needed,” it added.

The investment is set to launch the startup into new international markets while continuing to develop partners within the e-commerce and logistics sector.

Krister Mattsson, managing director of Ingka Investments, said: “We are delighted with this new investment in what3words as they are an innovative company and we are confident of their continued growth. With an increasing demand for home deliveries, scalable and sustainable solutions are becoming increasingly important.

“We see value in helping to support the build-up of a universal addressing system that can lead to better customer experience, while the precise locations will allow for a reduction in overall miles travelled, reducing the carbon footprint of home deliveries.”

The Ingka Group has already made a number of investments to help support the core Ikea retail business, including in areas such as digitalisation, customer fulfilment, fintech, and sustainability.

“What3word’s ambition is to become a global standard for communicating location,” said Chris Sheldrick, CEO and co-founder of what3words. “We envisage a world where on every platform, in every checkout field, you can give your what3words address, with retailers able to deliver to that precise 3-metre square. The investment from Ingka Investments will help us unlock new markets while accelerating our position as a ‘must-have’ in the logistics industry.”

In November 2019, Capita integrated the what3words app into its “Vision” control systems to help emergency services locate 999 callers in difficult to pinpoint areas.