AWS kickstarts Re:Invent 2021 with launch of RoboRunner IoT platform


Bobby Hellard

30 Nov, 2021

Amazon Web Services (AWS) has announced a new IoT-based platform that signals an expansion into robotic fleet management.

IoT RoboRunner, which was revealed on the first day of the company’s annual Re:Invent conference, is designed to help enterprises build and deploy applications so that their robotic fleets all operate as one

RoboRunner is an expansion of the RoboMaker cloud-based simulation service launched in 2018. It addressed developer frustrations around the challenge of operating different robot types, such as autonomous guided vehicles (AGV) and robotic manipulators.

“When a new robot is added to an autonomous operation, complex and time-consuming software integration work is required to connect the robot control software to work management systems,” AWS principal developer advocate, Channy Yun said.

“AWS IoT RoboRunner lets you connect your robots and work management systems, thereby enabling you to orchestrate work across your operation through a single system view.”

RoboRunner includes tools to create a programme in the AWS Management Console to build repositories for storing robot and task data. Developers can also integrate codes for connecting robots and systems via RoboRunner’s Fleet Gateway Library and also tools from managed applications services such as AWS Lambda and Greengrass.

Additionally, the cloud giant has also launched the AWS Robotics Startup Accelerator, which will offer mentorship to robotics startups. This accelerator will include a four-week programme with hands-on AWS training and $10,000 in promotional credits for use of AWS services. 

The first day of Re:Invent saw a plethora of new services launched for AI, machine learning, storage and quantum computing.

Amazon Braket Hybrid Jobs, for example, was launched as a new offering to help reduce extensive infrastructure and software management and confidently execute algorithms quickly and predictably, with on-demand priority access to QPUs.

There was also an expansion of CodeGuru Reviewer with an automated tool to help developers detect secrets in source code or configuration files, such as passwords or access tokens. 

Accenture to expand UK tech workforce by 3,000 workers


Zach Marzouk

30 Nov, 2021

Accenture has revealed it will expand its UK workforce with 3,000 new roles over the next three years, as the company’s clients aim to capitalise on growth while the UK is recovering from the pandemic.

Half of the new roles will be based outside of London, expanding the company’s presence in Leeds, Manchester, Newcastle, Edinburgh, and Glasgow and adding to its existing UK workforce of around 11,000 people.

The company said that the new roles are being driven by increased client demand for services in platforms, cloud engineering, cyber security, and data and intelligent operations.

The UK economy is rebounding swiftly following the pandemic and Accenture is seeing strong demand from clients seeking to capitalise on this growth opportunity, said Simon Eaves, market unit lead at Accenture in the UK and Ireland. 

“We are committed to growing our footprint across the UK which is why I am particularly excited about our plans across Scotland and northern England where we see some of the best technology talent in the country,” added Eaves.

Accenture’s initiative to create thousands of new cyber security roles over the next three years has been called “promising” by John Fokker, head of cyber investigations for McAfee Enterprise’s Advanced Threat Research team.

Fokker said this will help raise awareness of the skills needed to succeed in a cyber security role and help the industry take a step towards closing the cyber security skills gap.

“This will be particularly important in bolstering security teams when things get busy, with our research telling us that 75% of organisations struggle to maintain a fully staffed security team during peak periods,” he said.

Accenture’s move to create new jobs has been welcomed by the UK government, with digital secretary Nadine Dorries saying it was fantastic to see Accenture creating thousands of new high-skilled jobs in a number of the UK’s regional tech hubs. 

Dorries added that the investment is testament to the UK’s global reputation for innovation and talent and underlined the government is determined to level up opportunity across the country and is investing in digital skills and infrastructure so businesses can thrive.

Microsoft hit with formal complaint over “monopolistic” software bundling


Connor Jones

29 Nov, 2021

A coalition of EU-based tech firms has filed a formal complaint against Microsoft alleging anticompetitive conduct related to the bundling of its productivity apps with Windows.

German content collaboration platform Nextcloud is leading the complaint and is joined by nearly 30 additional companies in the software and cloud sectors.

The formal complaint has been filed to the European Commission’s Directorate-General for Competition and Nextcloud has also reported the coalition’s concerns to German antitrust authorities, the Bundeskartellamt.

The tech firms driving the complaint are against Microsoft’s “monopolistic” practice of bundling the likes of OneDrive, Teams, and other services with Windows 10 and Windows 11.

The companies claim the practice is pushing consumers to register for the services and hand their data over to Microsoft, stifling consumer choice and genuine market competition. 

The coalition said Microsoft has grown its market share to 66% of the EU market in the last few years while smaller vendors have seen their shares shrink by as much as 26%.

“This is quite similar to what Microsoft did when it killed competition in the browser market, stopping nearly all browser innovation for over a decade,” said Frank Karlitschek, CEO and founder of Nextcloud. “Copy an innovators’ product, bundle it with your own dominant product and kill their business, then stop innovating.

“This kind of behaviour is bad for the consumer, for the market and, of course, for local businesses in the EU,” he added. “Together with the other members of the coalition, we are asking the antitrust authorities in Europe to enforce a level playing field, giving customers a free choice and to give competition a fair chance.”

IT Pro contacted Microsoft for comment but it did not reply at the time of publication.

Microsoft is currently the subject of an EU probe into its alleged anti-competitive practices, first brought to the Bloc’s attention more than a year ago by workplace collaboration company Slack.

Slack originally complained of Teams, Microsoft’s own workplace platform, and how it is bundled with the market-dominant Office 365 productivity suite illegally forced its software on users

The complaint and resulting probe into Microsoft’s business is the latest development in a long-running feud between the two companies

Education and government most at risk from email threats


Rene Millman

26 Nov, 2021

Organizations in the education sector and local and state government are most at risk from email threats, according to a new report.

The report, published by IT security firm Cyren, also found that phishing remains the dominant form of attack against all industries.

Based on data gathered from nearly 45,000 incidents, researchers found that the education sector received over five threats per thousand emails received. State and local government bodies received just over two threats per thousand emails received, nearly double the amount received by the next most targeted industry, software.

The report also looked at the number of attacks per 100 users across a wide range of industries. It found that there were nearly 400 per 100 users in education compared to just over 150 in the construction industry.

Researchers said there was a surprisingly low rate for manufacturing, especially when compared to the construction industry, which is closely related.

“We observed 20 confirmed threats per 100 users in the manufacturing vertical. Without solid detection and automated incident response, a manufacturer with 100 Office 365 users would spend at least 16 hours manually investigating and remediating emails,” they added.

In a blog post, security researchers found that the data supported a widely held theory that phishing is a precursor to more damaging attacks such as business email compromise (BEC) and ransomware.

The report looked at phishing compared with malware and BEC attacks across four industries. Phishing remained the dominant threat in healthcare (76%), finance and insurance (76%), manufacturing (85%), and real estate (93%).

In healthcare, BEC attacks made up the remaining 24%. Researchers said that robust malware detection capabilities in the healthcare industry explains the high rate of BEC attempts. 

“Attackers understand that they can’t easily slip malware past automated defenses, so they have shifted to social engineering tactics,” said researchers.

Researchers said that when it comes to solving the email threat problem, user education is an important component, but several organizations have “over-rotated” on the idea that users are responsible for keeping sophisticated email threats at bay.

“The predominant trend is to use an email hygiene technology such as Microsoft Defender for Office 365 to catch 80% of threats, deploy a specialized add-on to catch and contain zero-day phishing and most BEC attempts, enable employees to perform initial analysis on the small percentage of emails that are classified as suspicious (rather than malicious or clean), and automate incident response workflows to save time and reduce exposure,” added researchers.

Hacked Google Cloud Platform instances are riddled with cryptominers


Connor Jones

26 Nov, 2021

Google Cloud has revealed that 86% of hacked Google Cloud Platform (GCP) instances in 2021 led to cryptocurrency miners being dropped into customers’ environments.

Cryptocurrency miners being installed in cloud instances was the leading issue facing GCP customers this year with 58% of compromised instances having cryptominers installed within just 22 seconds of attackers gaining access.

Google Cloud’s Threat Analysis Group (TAG) said this led it to believe the process was script-driven without requiring human intervention.

GCP customers were targeted heavily with attackers attempting to leverage the high levels of compute available to them, without having to foot the bill.

Google Cloud also revealed cloud instances have been compromised in as little as 30 minutes, with the majority taking just eight hours.

The TAG at Google’s cloud arm noticed attackers are monitoring the public IP address space for signs of unsecured GCP instances, knowing how quickly they can compromise each one. 

“Given that most instances were used for cryptocurrency mining rather than exfiltration of data, Google analysts concluded the Google Cloud IP address range was scanned rather than particular Google Cloud customers being targeted,” the report read.

“The amount of time from the launch of a vulnerable Google Cloud instance until compromise varied with the shortest amount of time being under 30 minutes.”

TAG researchers also noted that threat actors gained access to GCP instances through exploiting poor customer security practices in almost 75% of all cases.

Half of these cases were compromised because of attackers exploiting instances with weak or in some cases no passwords for user accounts or API connections.

This meant unsecured GCP instances could quite easily be scanned by attackers and brute-forced with minimal difficulty.

Google Cloud customers were also at fault in 26% of cases for installing third-party software in their instance which was then exploited to gain access.

Google Cloud’s basic recommended mitigations to the flaws allowing attackers into GCP instances include ensuring accounts always have strong passwords, updating third-party software before a cloud instance being exposed to the web, and not publishing credentials in GitHub projects

Container Analysis is also available to GCP customers to perform vulnerability scanning and metadata storage for containers, while the Web Security Scanner in the Security Command Center can identify security vulnerabilities in their App Engine, Google Kubernetes Engine, and Compute Engine web applications.

IBM unveils world-first machine learning training method for GDPR-compliance


Connor Jones

25 Nov, 2021

IBM researchers have unveiled a novel method of training machine learning (ML) models that minimises the amount of personal data required and preserves high levels of accuracy.

The research is thought to be a boon to businesses that need to stay compliant with data protection and data privacy laws such as the General Data Protection Regulation (GDPR) and the California Privacy Rights Act (CPRA).

In both GDPR and CPRA, ‘data minimisation’ is a core component of the legislation but it’s been difficult for companies to determine what the minimal amount of personal data should be when training ML models.

It’s especially difficult when the goal of training ML models is usually to achieve the highest degree of accuracy in predictions or classifications, regardless of the amount of data used.

The findings from the study, thought to be a world-first development in the field of machine learning, showed that fewer data could be used in training datasets by undergoing a process of generalisation while preserving the same level of accuracy compared to larger ones.

At no point did researchers see a drop in prediction accuracy below 33% even when the entire dataset was generalised, preserving none of the original data. In some cases, the researchers were able to achieve 100% accuracy even with some generalisation.

In addition to adhering to the data minimisation principle of major data protection laws, researchers suggest that smaller data requirements could also lead to reduced costs in areas like data storage and management fees.

Data generalisation process

Businesses can become more compliant with data laws by removing or generalising some of the input features of runtime data, IBM researchers showed.

Generalisation involves taking a feature value and breaking it down into specific values and generalised values. For a numerical feature ‘age’, the specific values of which could be 37 or 39, a possible generalised value range could be 36-40.

A categorical feature of ‘marital status’ could have the specific values ‘married, ‘never married’, and ‘divorced’. A generalisation of these could be ‘never married’ and ‘divorced’ which eliminates one value, decreasing specificity, but still provides a degree of accuracy as ‘divorced’ implies that an individual has, at one point, been married.

The numerical features are less specific, adding three additional values, while the categorical feature is less detailed. The quality of these generalisations is then analysed using a metric. IBM chose to use the NCP metric over others in consideration as it lent itself best to the purposes of data privacy.

Credit
IBM

Researchers then selected a dataset and trained one or more target models on it to create a baseline. Generalisation was then applied, the accuracy was calculated and re-calculated (see diagram above) until the final generalisation was ready to be compared to the baseline.

Credit
IBM

The accuracy of the target model is calculated using decision trees (see above) which are gradually trimmed from the bottom upwards, taking note of any significant decreases in accuracy.

If accuracy is maintained or meets the acceptable threshold after generalised data is applied, the researchers then work to improve the generalisation by gradually trimming the decision tree from the bottom upwards, increasing the generalised range of a given feature, until the final optimised generalisation is made.

SMBs urged to update software ahead of Black Friday


Sabina Weston

25 Nov, 2021

Small and medium-sized businesses (SMBs) are being urged to update their software ahead of Black Friday and Cyber Monday to avoid financial and reputational damage.

The warning comes after the National Cyber Security Centre (NCSC) identified 4,151 online shops that had been compromised using a vulnerability within the e-commerce platform Magento. With 250,000 clients, the Adobe subsidiary is the third-largest e-commerce system globally, after WooCommerce and Shopify.

NCSC alerted the affected retailers of the vulnerability in late September, with Magento issuing a security patch on 12 October

All online businesses are being urged to update their software, as the mass shift to e-commerce since the start of the pandemic has caused more customers to shop online than ever before, increasing their risk of falling victim to online scams.

Hence, the NCSC has issued guidance on running a secure website and avoiding threats including skimming, which has been described as “a threat to all retailers” by British Retail Consortium assistant director Graham Wynn.

The trade association has urged “all retailers to follow the NCSC’s advice and check their preparedness for any cyber issues that could arise during the busy end of year period”.

NCSC deputy director for Economy and Society, Sarah Lyons, said that the agency wants “small and medium-sized online retailers to know how to prevent their sites being exploited by opportunistic cyber criminals over the peak shopping period”.

“Falling victim to cyber crime could leave you and your customers out of pocket and cause reputational damage. It’s important to keep websites as secure as possible and I would urge all business owners to follow our guidance and make sure their software is up to date,” she added.

Last year, Check Point’s security researchers observed a sharp increase in the number of phishing exploits in the run-up to Black Friday and Cyber Monday, with phishing emails having increased by over 13 times in early November 2020. In December 2020, RiskIQ security researchers discovered around 37,000 fake retail websites set up to scam holiday shoppers, with 208 domain infringement events containing only “Black Friday,” “Cyber Monday,” “Boxing Day,” or “Christmas”.

Mozilla to end support for Firefox Lockwise password manager


Bobby Hellard

24 Nov, 2021

Mozilla has announced that its Firefox Lockwise password manager will reach end-of-life on 13 December.

The final versions of the plug-in will be 1.8.1 for iOS and 4.0.3 for Android, after that it will no longer be available for download or reinstallment

Lockwise joins several defunct projects Mozilla has taken down to try and streamline its business and become more profitable. Over the last few years, the company has shut down the team building the operating system for the failed Firefox phone, as well as binning off a file transfer tool and the Thunderbird email platform. There is, however, an Android replacement for the password manager – Firefox 93 for Android – that was released last month. 

Firefox Lockwise was launched in 2018, originally as a small experimental mobile app (named Lockbox at that point) that ended up bringing a way to access saved passwords and perform autofills on iOS, Android, and even desktops. It was later adapted as a Firefox extension, but with only a four-year lifespan.  

In a support article posted by Mozilla, users are advised to continue accessing passwords via the native Firefox browser on desktop and mobile. There is also a note on the support site suggesting that the Firefox iOS app will gain the ability to manage Firefox passwords system-wide later in December. This might mean that Mozilla adopts the features of Lockwise and eventually integrates them into the Firefox browser apps for all platforms. 

Mozilla laid off around 250 people – roughly a quarter of its workforce – in 2020 to refocus its business on projects that make money. CEO Mitchell Baker wrote in a blog post, at the time, that the company’s plans leading up to the outbreak of COVID have become “no longer workable” after it became a pandemic. 

As part of the layoffs, Baker laid out a series of new focuses for Mozilla to set a stronger course for the company, such as building new products that “mitigate harms” and “that people love and want” to use, and also to build out new revenue streams.

Google faces mandatory vaccination resistance ahead of office return


Bobby Hellard

24 Nov, 2021

Google is facing an internal backlash over its plans to enforce employees to provide vaccination statuses by December. 

“Several hundred” Googlers have signed and circulated a manifesto opposing the plans, according to CNBC, potentially delaying the tech giant’s office return, again

Google is following the Biden administration’s orders that all US companies with 100 or more workers have to ensure that all employees are fully vaccinated or regularly tested for Covid-19 by 4 January. According to internal documents, seen by CNBC, the tech giant has asked its 150,000 plus workforce to upload vaccination status to its internal system by 3 December, whether they plan to come into the office or not. This also appears to be the case for employees that work directly or indirectly with US government contracts – also whether they work remotely or not.

“Vaccines are key to our ability to enable a safe return to the office for everyone and minimise the spread of Covid-19 in our communities,” wrote Chris Rackow, Google VP of security, in an email sent near the end of October, CNBC reports.

The manifesto spreading around Google has been signed by at least 600 employees, according to reports. It asks the company’s leaders to retract the vaccine mandate and create a new one that is “inclusive of all Googlers“. It also calls on employees to “oppose the mandate as a matter of principle”, informing staff to not let the policy alter their decision if they’ve already opted not to get a vaccine.

“As we’ve stated to all our employees and the author of this document, our vaccination requirements are one of the most important ways we can keep our workforce safe and keep our services running,” a spokesperson for Google said. “We firmly stand behind our vaccination policy.”

Hackers use SquirrelWaffle malware to hack Exchange servers in new campaign


Rene Millman

23 Nov, 2021

Hackers are using ProxyShell and ProxyLogon exploits to break into Microsoft Exchange servers in a new campaign to infect systems with malware, bypassing security measures by replying to pre-existing email chains.

Security researchers at Trend Micro said investigations into several intrusions related to Squirrelwaffle led to a deeper examination into the initial access of these attacks, according to a blog post.

Researchers said that Squirrelwaffle first emerged as a new loader spreading through spam campaigns in September. The malware is known for sending its malicious emails as replies to pre-existing email chains.

The intrusions observed by researchers originated from on-premise Microsoft Exchange Servers that appeared to be vulnerable to ProxyLogon and ProxyShell. According to researchers, there was evidence of the exploits on the vulnerabilities CVE-2021-26855CVE-2021-34473, and CVE-2021-34523 in the IIS Logs on three of the Exchange servers that were compromised in different intrusions.

“The same CVEs were used in ProxyLogon (CVE-2021-26855) and ProxyShell (CVE-2021-34473 and CVE-2021-34523) intrusions. Microsoft released a patch for ProxyLogon in March; those who have applied the May or July updates are protected from ProxyShell vulnerabilities,” said researchers.

In one case, all the internal users in the affected network received spam emails sent as legitimate replies to existing email threads.

“All of the observed emails were written in English for this spam campaign in the Middle East. While other languages were used in different regions, most were written in English. More notably, true account names from the victim’s domain were used as sender and recipient, which raises the chance that a recipient will click the link and open the malicious Microsoft Excel spreadsheets,” they said.

In the same intrusion, researchers analyzed the email headers for the received malicious emails and found that the mail path was internal, indicating that the emails did not originate from an external sender, open mail relay, or any message transfer agent (MTA).

“Delivering the malicious spam using this technique to reach all the internal domain users will decrease the possibility of detecting or stopping the attack, as the mail getaways will not be able to filter or quarantine any of these internal emails,” they added.

Researchers said that the hackers also did not drop or use tools for lateral movement after gaining access to the vulnerable Exchange servers in order to avoid detection. Additionally, no malware was executed on the Exchange servers to avoid triggering alerts before the malicious email could be spread across the environment.

According to researchers, the recent Squirrelwaffle campaigns should make users wary of the different tactics used to mask malicious emails and files.

“Emails that come from trusted contacts may not be enough of an indicator that whatever link or file included in the email is safe,” they warned.