Cloudflare acquires Area 1 Security for $162 million


Sabina Weston

25 Feb, 2022

Cloudflare has announced that it is acquiring US-based email security provider Area 1 for $162 million (£120.8 million) in cash and stocks combined.

The deal is expected to close in the second quarter of 2022, and comes five months after the web infrastructure and website security company announced its foray into the email security market.

Founded in 2013, Area 1 employs 97 staff members and has been credited with blocking over 40 million malicious phishing campaigns in 2021.

Commenting on the news, Area 1 Security CEO and president Patrick Sweeney said that phishing can be attributed as a cause of “more than 90% of cyber security damages”.

“By combining our leading phishing protection and threat intelligence capabilities with Cloudflare’s global network, data capabilities, and Zero Trust platform we truly believe that together we can help companies of any size better secure their entire network infrastructure and better protect against the most destructive cyber risks,” he added.

Cloudflare co-founder and CEO Matthew Prince described email as “the largest cyber attack vector on the Internet”, before adding that the acquisition of Area 1 will allow Cloudflare to become a “clear leader in Zero Trust”.

“To us, the future of Zero Trust includes an integrated, one-click approach to securing all of an organisation’s applications, including its most ubiquitous cloud application, email. Together, we expect we’ll be delivering the fastest, most effective, and most reliable email security on the market,” he said.

The $162 million acquisition, out of which 40-50% is estimated to be paid in class A stocks, is expected to be one of the most expensive deals in Cloudflare company history. The company has made eight acquisitions to-date – financial details of which hadn’t been made publicly available.

The purchase of Area 1’s business comes only two weeks after Cloudflare announced the acquisition of Vectrix for an undisclosed amount, in an effort to bolster its Zero Trust software-as-a-service security offering.

In September 2021, Cloudflare announced two new services, which marked its entrance into the email security industry: custom domain tool Cloudflare Email Routing and the Email Security DNS Wizard, which protects businesses from phishing and spoofing attacks.

Cloud computing market to hit $1.95 trillion by 2032


Praharsha Anand

25 Feb, 2022

The global cloud computing market is projected to reach a valuation of $1.95 trillion by 2032, according to a new report from market intelligence firm Fact.MR.

A compound annual growth rate (CAGR) of 15% is anticipated for the market between 2022 and 2032, owing to the rapid digitization of workplaces and the increasing demand for software as a service (SaaS) applications.

Commenting on the 12% CAGR of cloud-based services from 2015 to 2021, Fact.MR said the COVID-19 pandemic spurred the adoption of cloud computing, as enterprises enforced widespread work from home policies. 

With the proliferation of infrastructure as a service (IaaS), platform as a service (PaaS), and SaaS-based solutions, the market for cloud computing has grown significantly. Adobe, Alibaba Group, and Amazon are among the top market players. 

Accordingly, cloud computing solutions in North America are expected to account for 40% of the global revenue in 2022. The region is dominated by global technology giants like Microsoft, Oracle, and Amazon, who have been early adopters of cloud technology, including big data analytics, Internet of Things (IoT), additive manufacturing, artificial intelligence (AI), virtual reality (VR), augmented reality (AR), and machine learning, all of which have vastly impacted the market.

With a CAGR of 18%, the APAC market is forecast to grow the fastest during the forecast period. Emerging economies such as India and China are likely to contribute to the growth in the region.

For instance, Alibaba Group’s fast-paced expansion and Make in India initiatives have been notable factors facilitating market size growth in the APAC region. A number of cloud computing service providers, including Amazon, Microsoft, and Google LLP, have also initiated plans to strengthen their presence in Thai and Indonesian markets.

Microsoft releases new security controls for multi-cloud customers


Bobby Hellard

25 Feb, 2022

Microsoft has unloaded a range of new security controls for multi-cloud customers that include updates to its Defender for Cloud platform and the first service to come from its CloudKnox acquisition.

The first of the new capabilities is a change to Microsoft Defender for Cloud which is aimed at multi-cloud customers that have Google Cloud services.

Defender for Cloud, which was announced at last year’s Ignite conference, is a security posture management console that identifies configuration weaknesses across other providers’ services. And, with the addition of Google Cloud, Microsoft says it is now the only cloud provider to offer a “native” multi-cloud protection service for the top three platforms (Google Cloud, AWS and Azure).

Support for Google Cloud will come with a simplified onboarding experience, according to Microsoft. This will feature more than 80 “out-of-the-box” recommendations for users to secure their environments. It will include a central “multi-cloud view” that lets users see and compare compliance status against critical benchmarks, such as the Center of Internet Security (CIS).

The next capability comes from last year’s acquisition of cloud infrastructure management firm CloudKnox and deals with permission management. Microsoft is launching a public preview of ‘CloudKnox Permissions Management’, which will give companies “complete visibility” into user and workload identities across the cloud services. This will be largely undertaken by automated features and machine learning-powered monitoring functions.

There are also new functions for Microsoft Sentinel, which is another cloud-native platform that deploys AI to analyse large data sets for security issues. The services will have new basic logs, which will see it sift through high volumes of data and find “low-visibility” threats, according to Microsoft.

This is in addition to new archiving functions that extends data retention to seven years, instead of the current two, and also new search functions for security analysts.

Microsoft is also extending its Azure Active Directory beyond its core capabilities by adding safeguards for workload identities. And, the tech giant has also announced a new secure payment processing function for Azure Payment HSM, which is a public preview.

Kyndryl and AWS partner to create a centre of excellence for cloud customers


Bobby Hellard

23 Feb, 2022

Kyndryl has signed a cloud partnership with Amazon Web Services (AWS) to offer joint consultancy on cloud workloads.

IBM’s former infrastructure unit has also confirmed that it will use AWS as one of its preferred cloud providers for its own internal workloads. 

The partnership will focus on building a global practice for AWS skills, services and expertise to deliver a “best-in-class” customer experience. This will include an AWS Cloud Center of Excellence (CCOE) where customers will be able to access services that support mission-critical infrastructure, new technologies, and applications that work across workflows and industries.

With the Global Center of Excellence, Kyndryl said it will be able to optimise customer migration journey’s with AWS technology.

The partnership will also deal with VMware workloads on AWS, with skilled practitioners from all three companies delivering deep expertise for custom services. AWS already has an extensive partnership with AWS, but the new deal with Kyndryl will help to boost any existing customer investments on VMware. 

“Our ability to freely explore and unleash the combined benefits of AWS cloud services with Kyndryl’s deep industry-specific managed services and expertise will provide an unprecedented level of knowledge and innovation,” said Martin Schroeter, CEO of Kyndryl. “Together, we will invest in enhancing Kyndryl’s expertise in AWS to help companies modernise, innovate, and compete.”

 This is the latest in a string of cloud-based announcements Kyndryl has made since its split from IBM. The company now has deals in place with the three biggest cloud providers – AWS, Microsoft and Google Cloud – which it believes will enable it to tap into an estimated $150 billion from the IT services market by 2025.
 
All of these deals would not have been possible, according to the company, had it still been a part of IBM, with the spilt allowing it to play an active role in the $90 billion cloud services market. 

Nokia debuts new SaaS services in security and analytics


Praharsha Anand

22 Feb, 2022

Nokia has announced two new software as a service (SaaS) offerings for telecom operators and enterprises: iSIM Secure Connect and AVA Network Data Analytics Function.

Centered on security, analytics, and monetization, the new services build upon Nokia’s recent venture into SaaS to help communication service providers (CSPs) and businesses drive greater value from their services by migrating to a subscription-based, agile model that replaces custom, expensive, on-premise software with purely on-demand software.

“As opposed to classic SIMs, embedded SIM (eSIM) and integrated SIM (iSIM) technologies can store and manage multiple subscription profiles remotely for authenticating users and devices on mobile networks,” explained Nokia.

iSIM Secure Connect, a new SaaS solution from Nokia, enables CSPs and enterprises to securely and centrally manage eSIM- and iSIM-enabled devices subscriptions. 

Additionally, the iSIM Secure Connect platform automates all aspects of the eSIM/iSIM management process and opens up opportunities to monetize services linked to trustable digital identities.

Nokia’s second offering complements its AI&analytics, virtualization, and automation (AVA) solution. The Nokia AVA Network Data Analytics Function (NWDAF), with its distributed architecture and open APIs, provides analytics at the network edge, implements 3GPP-compliant analytics services, and facilitates software-development collaborations.

Its artificial intelligence (AI) and machine learning (ML)-driven closed-loop automation helps optimize network operations and improve customer experience, in addition to generating new revenue streams.

As for commercial release, Nokia said its AVA NWDAF service will be available later this quarter via a SaaS delivery model. iSIM Secure Connect is scheduled to launch as SaaS later this year. However, other deployment options will continue to be available to customers.

“Adopting Nokia AVA NWDAF and iSIM Secure Connect through the SaaS model will greatly improve the time-to-value that CSPs and enterprises can realize by having on-demand access to services. These latest Nokia SaaS services strengthen our leadership position in helping our customers change the very foundation of how our industry does business,” said Raghav Sahgal, president of cloud and network services at Nokia.

Novel phishing method deceives users with ubiquitous IT support tool


Connor Jones

22 Feb, 2022

A cyber security researcher has documented a novel phishing technique that involves cyber criminals harnessing virtual network computing (VNC) technology on a private server to launch a variety of attacks.

Using the open source noVNC client, the phishing technique allows successful attackers to launch malicious code into a victim’s browser, plant a keylogger, and passively observe all user activity.

The researcher, who goes by the name mr.d0x. claims the method of attack bypasses two-factor authentication (2FA), including Google’s 2FA protocol used for the likes of Gmail and Google accounts, and facilitates the stealing of credentials. 

The phishing method effectively acts as a VNC client for the attacker to remotely monitor and access a user’s environment, creating a man-in-the-middle (MITM) attack.

The technology is common in modern businesses, with employees being familiar with IT support teams accessing their computers remotely to resolve technical issues. 

The initial deception is achieved in a typical phishing format – a strategically crafted email provides a link the user needs to click on. Once clicked, the user is taken to a direct server run by the attacker, rather than a malicious web page.

The attack can be launched against individuals using any browser, theoretically including ones on mobile devices, though the researcher said they had difficulty in executing the attack on smartphones

There are some shortcomings with the method, the researcher said, including the issue whereby the attacker has to provide control of their machine to the victim in order for the attack to work.

It’s also possible that given the nature of VNC software, there may be some noticeable input lag for the victim, offering an indication that the website is not legitimate.

This is currently a proof of concept style of phishing attack with no known actively exploited cases in the wild, though remote access to businesses is reportedly on the rise in a string of burgeoning dark web operations.

“Browsers are more powerful than ever and the usage of browsers as clients for remote access provides new ways for attackers to steal credentials, bypass 2FA, and more,” said the researcher. “I strongly believe that what I’ve demonstrated in this article is only a small portion of what this technique can be used for.”

noVNC attack breakdown

The attacker first needs to deploy a Linux machine via a cloud service provider; any provider or Linux distro is fine. Firefox is good for this, the researcher said, but any browser with a kiosk mode will also work.Once the Linux instance is up and running, the attacker then needs to install VNC software such as TightVNC or TigerVNC before running some custom commands to ensure the environment is correctly configured for the attack. The noVNC javascript library and application can then be downloaded from GitHub and installed too.

A web browser needs to be running in the deployment and displaying the authentication page from which the attacker wants to steal credentials, such as Google’s login page. The attacker can use any browser, Firefox is good here, but it must be running in kiosk mode. 

This technique is effective in spear phishing campaigns but will encounter issues if sent to multiple targets since they will be sharing the same VNC session. 

However, the technique can be modified and automated so different users access different VNC sessions by assigning users to different ports.

Google brings Privacy Sandbox initiative to Android


Danny Bradbury

17 Feb, 2022

Google has announced plans to bring its Privacy Sandbox anti-tracking initiative to the Android operating system.

The move, floated in a blog post on Wednesday, will be part of a multi-year effort, which will see Google build measures into the OS that will limit the ability of applications to share user data with third parties.

The privacy sandbox will also force apps to operate without cross-app identifiers, making it harder for developers to track individuals across different applications.

In Android 13, it plans to introduce a separate runtime environment for the advertising software development kits (SDKs) that serve up ads to app users. Currently, these SDKs run inside the host app’s sandbox, which Google says risks covert data collection and sharing.

Google has published its initial design proposals for the Android version of its Privacy Sandbox. It will release developer previews in the coming months and will have a beta release by the end of the year.

The company is inviting developer feedback on proposed solutions including FLEDGE for Android, which Google says uses audience segmentation information stored on the user’s device to deliver relevant ads via an API.

Launched in 2019, the Privacy Sandbox initiative is Google’s attempt to reduce unauthorized third-party tracking while still supporting advertisers. It hopes to eliminate cookies and fingerprinting.

As part of the initiative, Google replaced third-party cookies with its Federated Learning of Cohorts (FLoC) technology, which tracked people in aggregate, classifying them by their interests. This generated controversy in the industry, drawing an antitrust complaint from several states and causing several other browsers and online services to decline support for it.

Google abandoned FLoC last month in favour of its Topics API for interest-based advertising. It has also used the Android Privacy Sandbox initial proposals page to solicit feedback from developers on this approach.

AWS brings Local Zones data centres to 32 new cities


Sabina Weston

17 Feb, 2022

Amazon Web Services (AWS) has announced 32 new locations for its AWS Regions extensions, known formally as Local Zones.

AWS Local Zones are used to minimise latency by placing compute, storage, database, and other AWS services at the edge of the cloud near larger metropolitan areas, enabling customers to use AWS’ core services locally, while staying connected to AWS Regions.

Following the launch of the first 16 Local Zones in the US, AWS announced an additional 32 Local Zones in 26 countries that are expected to be completed over the next two years.

The 32 new Local Zones will be based in: Amsterdam, Athens, Auckland, Bangkok, Bengaluru, Berlin, Bogotá, Brisbane, Brussels, Buenos Aires, Chennai, Copenhagen, Delhi, Hanoi, Helsinki, Johannesburg, Kolkata, Lima, Lisbon, Manila, Munich, Nairobi, Oslo, Perth, Prague, Querétaro, Rio de Janeiro, Santiago, Toronto, Vancouver, Vienna, and Warsaw.

Despite London being home to the AWS Region Zone known as eu-west-2, none of the new locations are situated in the UK. AWS wasn’t immediately available to comment on the decision.

Commenting on the news, AWS Infrastructure Services VP Prasad Kalyanaraman said that the expansion is due to customers requesting “capabilities to push the edge of cloud services to new places”.

“The edge of the cloud is expanding and is now becoming available virtually everywhere. Thousands of AWS customers using US-based AWS Local Zones are able to optimise low-latency applications designed specifically for their industries and the use cases of their customers,” he added.

These customers include content streaming platform Netflix, cloud gaming technology provider Ubitus, as well as entertainment, sports, and news network provider The FOX Corporation.

Netflix director of Digital Production Infrastructure Engineering, Stephen Kowalski, said that AWS Local Zones allowed the company to migrate a share of its content creation process to AWS, while “ensuring an even better experience for artists”.

“AWS Local Zones bring cloud resources closer to our artists and have been a game changer for these applications. We are excited about the expansion of AWS Local Zones globally, which brings cloud resources closer to creators, allowing artists to get to work anywhere in the world and create without boundaries,” he added.

Google doubles bug bounty rewards for Linux, Kubernetes exploits


Connor Jones

16 Feb, 2022

Google has announced it will be doubling the rewards it offers to bug hunters who can demonstrate working exploits for a range of zero-day and one-day vulnerabilities across a variety of platforms. 

The reward increases will be applied to exploits discovered in the Linux Kernel, Kubernetes, Google Kubernetes Engine (GKE), or kCTF (Kubernetes-based infrastructure for capture the flag exercises), with the next review coming at the start of 2023.

Rewards offered for valid one-day security exploits increase by more than double to a maximum of $71,337, up from $31,337 previously. Sometimes known as ‘n-days’, one-days are publicly known vulnerabilities that have patches for them, but Google will offer rewards for novel exploits in this case.

Bug hunters seeking rewards for valid one-day exploits will have to provide a link to the existing patch in their report. Google also said it will be limiting the number of rewards for one-day vulnerabilities to only one version or build.

“There are 12-18 GKE releases per year on each channel, and we have two clusters on different channels, so we will pay the $31,337 base rewards up to 36 times (no limit for the bonuses),” said Eduardo Vela, Product Security Response TL/M at Google. “While we don’t expect every upgrade to have a valid 1day submission, we would love to learn otherwise.”

Valid exploits for previously unknown zero-day vulnerabilities will nearly double to a maximum reward of $91,337, up from $50,337 previously. Zero-day vulnerabilities typically attract greater rewards because any given vendor would always want to secure the weakness before news of it ever reached cyber criminals.

“We launched an expansion of kCTF VRP on 1 November 2021 in which we paid $31,337 to $50,337 to those that are able to compromise our kCTF cluster and obtain a flag,” said Vela. “We increased our rewards because we recognised that in order to attract the attention of the community we needed to match our rewards to their expectations. We consider the expansion to have been a success, and because of that, we would like to extend it even further to at least until the end of the year (2022).”

An increasing amount of recent research has highlighted cyber criminals’ shift in focus towards Linux environments, both in and outside of the cloud. 

Qualys published findings earlier this year regarding a Linux root privilege flaw that went unnoticed for 12 years while “hiding in plain sight“, while VMware observed an increasing number of ransomware attacks targeting Linux-based multi-cloud environments last week.

Full details on the reporting process can be found in the Google blog post.

Reward structure

Google will offer a base reward of $31,337 for the first valid exploit for a given vulnerability, zero-day or one-day. This will only be paid once per vulnerability and once per cluster version or build. Duplicate exploits will not be awarded unless it presents a novel exploit chain, Google said.

From there, a total of three bonuses of $20,000 are available depending on the nature of the exploit disclosed. 

  • $20,000 will be awarded if the exploit is a zero-day
  • A further $20,000 will be awarded for exploits that do not require unprivileged user namespaces
  • Another $20,000 is on offer to those who can demonstrate novel exploit techniques. This also applies to duplicate exploits and Google requires a full write-up to qualify as a valid submission

Chrome OS Flex turns old PCs and Macs into Chromebooks


Bobby Hellard

16 Feb, 2022

Google has announced “early access” to a new version of its Chrome operating system that works on older PCs and Macs. 

Chrome OS Flex is designed for businesses and educational institutions that want to deploy a universal operating system without having to splash out on new hardware. 

The new OS can be installed on any PC and Mac within minutes, according to Google, which adds that it should look and feel identical to the traditional Chrome OS one would find on a Chromebook as it’s built from the same codebase. However, it notes that some features may be dependent on the age of the hardware, though didn’t specify which. 

The technology behind Chrome OS Flex appears to have come from a recent Google acquisition. Neverware, which the tech giant bought at the end of 2020, previously sold the CloudReady service which let users convert old PCs into Chrome OS. Google said that it has been integrating “the benefits of CloudReady into a new version of Chrome OS”. 

Google says Chrome OS Flex will allow IT departments to manage all their machines just like any other Chrome OS hardware. All devices can be managed through Google’s Admin Console, with IT departments able to deploy specific software installs. 

The operating system also comes with built-in security tools, such as sandboxing technology to eliminate the need for antivirus software and IT controls to prevent data loss on lost or stolen devices. 

How to install Chrome OS Flex

To try Chrome OS Flex, users will need to go to the Chrome Enterprise website and register. A USB drive is all they you need and it should only take a few minutes to set up on a PC or Mac device. 

From there, users need to follow three steps: create a bootable Chrome OS Flex USB drive to test it out prior to installation. Form there, users can install the OS and fully replace the existing operating system, and the USB drive can also be also used to deploy the OS to more devices on your organisation’s network.