No year passes without incident, and that’s especially true for a 12-month period equally blighted with COVID-19 as it was with tech-related mishaps and mix-ups.

From public sector IT blunders to catastrophic cyber security failings, here’s our pick of the most eye-catching and alarming incidents to grace the headlines. 

Government-funded laptops arrive in schools loaded with malware

The UK government welcomed us into 2021 with a major IT blunder that saw it issue malware-infested laptops to vulnerable children. A number of these devices were found to be infected with a “self-propagating network worm”, and also appeared to be communicating with Russian servers. 

The Windows-based laptops were, specifically, infected with Gamarue.1, a worm Microsoft first identified in 2012. At the time, the Department of Education said it was “urgently investigating” the issue that had only affected a “small number of devices.”

Slack kickstarts 2021 with a major outage 

Slack, meanwhile, also started 2021 on the wrong footing, with the now Salesforce-owned business communications platform suffering a major outage on 4 January as employees across the globe began to log back onto their systems to start their working year afresh. 

The outage saw team members unable to reliably send or receive messages, with some users also struggling to log into the service altogether.

Home Office wipes 15,000 police records

Back in February, the Home Office was forced to admit it had inadvertently deleted the records of more than 15,000 people from the Police National Computer (PNC). 

A total of 209,550 offence records that related to 112,697 individuals were wiped from the system, including crucial evidence such as fingerprint scans, DNA and arrest records. This “critical incident” was later blamed on a combination of “human error” and failures at the management level. 

SolarWinds blames intern for weak ‘solarwinds123’ password

The password ‘solarwinds123’ – a critical lapse in password security – was publicly accessible through a private GitHub repository from June 2018, before this was finally addressed in November 2019. 

SolarWinds failed to mention, however, whether the password played a role in the major cyber attack the company sustained. This incident saw up to 18,000 businesses compromised by a version of its Orion security platform loaded with malware. The incident, nevertheless, serves as a reminder for businesses to stay on top of information security as we transition on into a more dangerous than ever 2022.

Australia’s Channel Nine interrupted by cyber attack

In March this year, an unknown assailant took down a live broadcast by Australia’s Channel Nine TV station. This ransomware attack locked staff out of emails, internet access and print production systems.

This incident, which serves as a concise visual metaphor for the disruptive effects of cyber crime, has since been described as the largest cyber attack to hit a media company in Australia’s history. The incident itself affected several shows, including the Weekend Today programme, and forced the Sydney-based organisation to shift to its Melbourne studios.

Cause of the OVH data centre fire won’t be revealed until 2022

March played host to a series of incidents, as we also saw a fire erupt at an OVH data centre in the French city of Strasbourg. The destruction resulted in both the loss of data and service outages across Europe.  The incident was first reported on 10 March and the firefighters, although they responded almost immediately, were unable to stop a blaze inside the SBG2 building. Four rooms inside SBG1 were also destroyed, although two other data centres owned by OVH were not affected. The company, however, did have to switch off every one of its servers.  The official root of the blaze still hasn’t been revealed – and likely won’t until 2022 with OVHCloud’s chairman and founder Octave Klaba apologising for the incident, but remaining tight-lipped on the cause.

Gmail “more secure” than Parliamentary email, claims MP

Train firm slammed over ‘bonus’ phishing test 

West Midlands Railway found itself in hot water in May after it dangled the prospect of a company-wide bonus for workers as part of a lure in a phishing simulation test.

Julian Edwards, the train operator’s managing director, emailed the company’s 2,500 employees with a message saying the firm wanted to thank them for their hard work during the COVID-19 pandemic, promising a one-off payment. Those who clicked the link for the bonus, however, received a message telling them this was merely a “phishing simulation test” designed by the firm’s IT team to entice employees.

The email was described as “crass and reprehensible” by the leader of the Transport Salaried Staffs Association, Manuel Cortes. Others in the cyber security community, meanwhile, struck a more diplomatic tone, suggesting this was exactly the type of lure cyber criminals would deploy.

Researchers leak Windows zero-day exploit in fatal misunderstanding

Kaspersky generates passwords that can be ‘cracked in seconds’

In July we learned that Kaspersky Password Manager (KPM) was embedded with several problems that meant the passwords it generated could be cracked using brute force techniques “in seconds”. 

The password generator created passwords from a given policy, with users able to set parameters to change password length and include uppercase letters, lowercase letters, digits and special characters. By default, KPM generated 12-character passwords with an extended chart set. 

The generation process is a complex method but effectively meant letters such as q, z and x were more likely to appear than in the average password manager. Once any given letter was generated, it skewed the probability of other letters appearing in the same string.

‘Fault configuration change’ takes Facebook, and others, offline

This article originally appeared in the March edition of IT Pro 20/20, available here. To sign up to receive each new issue in your inbox, click here.

The COVID pandemic has forced a radical shift in the way we work. Since March 2020, when the government first advised that everyone should “start working from home where they possibly can”, businesses have been forced to ditch traditional workplaces and transition to a remote-first way of working.

While the shift was undoubtedly frantic and stressful for many organisations, particularly those that previously required employees to endure long commutes and overpriced lunches five days a week, it’s becoming increasingly clear that the pandemic has broken through cultural and technological barriers that prevented remote work in the past. As a result, many companies are now figuring out that working remotely is the future of work, public health crisis or not.

While it’s likely that hybrid work – a mix of remote and office-based working – will become the norm for the majority of once-office based employees, some companies are ditching the office for good. Twitter, for example, has told employees that they can continue to work from home indefinitely and Microsoft, though initially wary of home-based working, has also given its staff the option to ditch the commute for good.

Dropbox 

Another big name embracing remote working is Dropbox, which recently announced it’s becoming a “virtual-first” company. Not only will working from home become the norm for employees, but the remote experience will go one step further with “non-linear workdays”, meaning core collaboration hours will be set up with overlap between time zones, with employees encouraged to design their own schedules beyond that.

Andy Wilson, director of new products initiatives at Dropbox, tells IT Pro that the company is already reaping the benefits of a virtual-first approach – and not just because its San Francisco headquarters recently sold for a record-breaking $1.08 billion (£777 million).

“Over the year, we’ve seen the obvious benefits of a virtual first approach. We’ve been able to live out our product truths; being a distributed team, building for distributed teams,” says Wilson. “Our employees have had more control over how they work, and as we move out of lockdown, they’re going to have more flexibility in terms of where they can work.

“While shifting to a virtual-first model, we must provide the right tools to enable our employees to collaborate as effectively as possible. Video calls are key, but other tools are important to get work done. By using our own tools such as Paper and Spaces, the teams were already working together asynchronously across the globe – it quickly became normal for us to collaborate on projects across time zones.

“We’ve also been adopting popular applications, such as Slack, to create a more effective and productive virtual way of working. For example, we recently moved our IT support to work across Slack – this has improved response times and allowed team members to gain instant support wherever they are.

“As we build teams from around the world, our ability to brainstorm in co-authoring tools like Paper means that teams can hand off work, or ideas, to others in different time zones to pick up. It’s something that we’ve seen our customers pioneer as they move projects and content across time zones to speed up delivery.”

Panaseer

It’s not just big name technology companies that are leading the charge. Panaseer, a continuous controls monitoring platform for enterprise cyber security, has also recognised that, after a year of successful remote working, it has become a viable long-term solution.

Sophie Harrison, chief of staff at Panaseer, tells IT Pro: “We closed both our London and New York offices during the lockdown, to test a new remote working model. Our leadership team managed the communications, as we recognised this was a fundamental shift in working practices. We implemented a number of tactics to ensure our team were engaged in both the decision and new working model, including running weekly surveys and developing a cross-functional ‘winning from home’ group to garner feedback.

“We have developed collaborative initiatives to ensure our employees feel supported and still part of a team. This includes a monthly productivity allowance for all employees to assist with running home office costs, an Amazon voucher to ‘pimp’ the home office and passes to use co-working  spaces. Our social team has run games nights, group activities and weekly HIIT classes.”

These initiatives have received an overwhelmingly positive response from Panaseer’s employees, Harrison says, which is why the company now plans to implement remote working on a permanent basis.

“We are committed to maintaining our culture and values virtually, and we are constantly measuring our team’s satisfaction. Our leadership team has set an example by communicating more appropriate flexible working guidelines and offering better remote meeting and internal comms practices.”

HomeHero

HomeHero, an AI-powered digital home manager that helps users to run all of their services from one platform, also has no plans to return to the office.

Internal employee research at the start of the pandemic found that a significant majority of HomeHero’s team supported a permanent shift to remote working. While flexible and remote working has always been a part of the culture at HomeHero, the business is now a remote first organisation, with no plans to return to the office.

Kenny Alegbe, founder and CEO, HomeHero, said: “We’ve had nothing but positivity from our team about the move to being a remote first business. I hold weekly company wide updates to keep the team informed and connected and we have a ‘bunker’ in Central London, that the team can use for workshops and brainstorms whenever they want (and restrictions allow).

“We have found that not only has remote working boosted morale and productivity, it has also facilitated a fantastic work life balance for our colleagues.”

The business uses Slack, Notion and Google Hangouts as part of its day to day business tools and also supports team members in funding remote office spaces near to their home, as well as kitting out personal offices too. The team is also keen to keep that Friday feeling with a variety of social events being hosted on Google Hangout, including sunset drinks in Mykonos, wine tasting in Provence, film club and a cocktail masterclass.

“The people at HomeHero are driving this business to be a success and I want to give them whatever they need to continue on this trajectory,” Alegbe added. “I have listened to the team and we are now a remote first organisation and we will continue to evolve our ways of working to ensure they work best for the team.”

34SP 

Similarly, Manchester-based WordPress web hosting company 34SP has been so impressed by the results it saw from staff working remotely, it has decided to shift to this way of working on a full-time basis.

Stuart Melling, business development director at 34SP, tells IT Pro: “Before COVID-19 hit, we routinely offered WFH as a staff perk. This meant that one day every week, an employee could choose to work from their home, or indeed any remote location.  This meant we were particularly prepared from a tech stand point (Slack, Zoom, VoIP, VPNs etc), and with the start of the pandemic we naturally sent everyone to work from home, and indeed, they remain there today.

“Everyone was a little apprehensive about what the change would mean in terms of productivity but what we found really surprised us. In all areas of the company, things have materially changed for the better. In our customer service department we’ve set a series of records in terms of quality – as rated by our own clients.

“As 2020 started to come to an end, we were so impressed by the results, we announced the change would become permanent in 2021. Some of our staff have decided to relocate around the country, and indeed, internationally given the flexibility afforded. Everyone’s fairly thrilled about the change, and as business owners, we are too.

“I can’t imagine why we’d force people to return just for the sake of it.  I keep reading that some have struggled with knowledge sharing, mentorship, creativity etc, but for us, we’ve just re-imagined new ways to undertake all those tasks and improve on them.”

Google and Microsoft reported surging profits on Tuesday as the two tech giants continued to capitalise on the COVID pandemic. 

Alphabet, Google’s parent company, posted first-quarter revenues of $55.31 billion, an increase of 34% year-on-year, and profits more than doubled to $17.93 billion, marking the third consecutive quarter of record profit for the company.

Similarly, Microsoft reported that its revenues increased by 19% to $41.7 billion for the fiscal third quarter, its biggest quarterly increase since 2018, while profits soared by 44% to $15.5 billion. 

Google’s first-quarter growth was largely fuelled by its advertising business, which brought in $44.68 billion during the three-month period – a 32% increase compared to Q1 2020. 

Google Cloud also reported impressive gains during the three-month period, although it continues to make a loss for the company. The division reported $4.02 billion in revenue and had an operating loss of $974 million in Q1, compared to $3.83 billion in revenue and $1.24 billion in operating losses during Q4 2020, the first time Google broke out its cloud business’ performance separately.

Meanwhile, Alphabet’s “other bets,” which include Verily and Waymo, reported revenue of $198 million and an operating loss $1.15 billion

“Over the last year, people have turned to Google Search and many online services to stay informed, connected and entertained. We’ve continued our focus on delivering trusted services to help people around the world. Our Cloud services are helping businesses, big and small, accelerate their digital transformations,” said Sundar Pichai, CEO of Google and Alphabet. 

Cloud remained Microsoft’s biggest driver during its fiscal third quarter. Sales of commercial cloud products generated $17.7 billion in revenue, up 33% from a year earlier, and Azure revenues soared 50% during the three-month period. Commercial Office 365 products also grew 22% during Q3 as corporate customers continued to embrace cloud-based tools as a result of the shift to mass remote working.

“Over a year into the pandemic, digital adoption curves aren’t slowing down. They’re accelerating, and it’s just the beginning,” said Microsoft CEO Satya Nadella. “We are building the cloud for the next decade, expanding our addressable market and innovating across every layer of the tech stack to help our customers be resilient and transform.”

Microsoft’s Personal Computing business also saw recorded growth of 19% year-on-year, thanks to a 10% increase in Windows OEM revenue, a 10% year-over-year increase in Windows commercial products and cloud services revenue, and a 35% jump in Xbox and gaming revenue.

IBM has announced plans to acquire 7Summits, a consultancy firm that specialises in projects based on software as a service (SaaS) applications from Salesforce.

IBM said the deal, the financial terms of which have not yet been disclosed, “is part of a broader IBM investment strategy in services and ecosystem partnerships to enable our clients’ digital transformations through hybrid cloud and artificial intelligence (AI).”

Milwaukee-based 7Summits was founded in 2009 and designs and develops digital experiences with Salesforce solutions in order to help business improve customer relationship management (CRM), sales, and cost reduction.

The company, which has 66 employees across Milwaukee, Indianapolis, Austin and San Francisco, will join IBM’s Global Business Services’ Salesforce division, which IBM says is facing “rising client demand”. This is no doubt as a result of the global COVID-19 pandemic, which has seen organisations accelerate digital transformation projects in order to facilitate mass remote working.

“7Summits is part of a broader IBM investment strategy in services and ecosystem partnerships to enable our clients’ digital transformations through hybrid cloud and AI,” said Mark Foster, Senior Vice President, IBM Services.

“Salesforce plays a critical role in transforming customer, employee and partner lifecycle processes into intelligent workflows that deliver accelerated business outcomes.”

IBM added that, following the deal, its Global Business Services arm will significantly expand hiring, training and certifications to support key growth areas for Salesforce, including Tableau, Mulesoft, and Vlocity, while continuing to build out new Salesforce specific offerings that leverage IBM complementary capabilities and deep industry expertise.

Tyler Prince, executive vice president of Worldwide Alliances and Channels at Salesforce, commented: “Our partner ecosystem is a driving force of our growth, and the addition of 7Summits to IBM’s fast-growing Salesforce business will provide even more value for our customers’ digital transformations.

“The combination of both companies’ Salesforce consulting and design capabilities will help businesses in any industry keep pace with rapidly changing customer expectations, helping them thrive in an increasingly digital world.”

Dell has launched a new lineup of monitors that puts Microsoft Teams at the forefront as the company looks to capitalise on businesses’ continued reliance on video conferencing.

With the Dell 24, 27, and 34 Video Conferencing Monitors, the company claims it has created the “world’s first video conferencing monitors certified for Microsoft Teams”.

​

This comes after Microsoft started certifying displays, webcams, and headsets last year in a bid to ensure a range of devices could be offered to both consumers and business that required no additional configuration to interact with Microsoft Teams and Skype for Business.

The monitors’ dedicated Microsoft Teams button will let users quickly launch the app to make and receive video calls, while the onboard 5MP infrared camera, noise-cancelling microphone and dual 5-watt integrated speakers promise to deliver high-quality video calls.

The Dell 24, 37, and 34 Video Conferencing Monitors, with the numbers reflecting the size of each monitor in inches, will launch in the US on 16 February, priced at $519.99, £719.99 and $1,149.99. UK availability details have not yet been announced.

Dell has also updated its business laptop lineup ahead of next week’s all-digital CES conference. The new Dell Latitude 9420 and 9520 add Intel’s 11th Gen vPro chips, optional 5G support, and a new automated webcam shutter to physically shut off the camera when not in use.

The “SafeShutter”, which Dell claims is an “industry-first”, can open and close automatically when the webcam is in use, but the laptops also feature dedicated “mute” keys to manually disable the microphone or camera as needed.

The 14-inch Dell Latitude 9420 will be available this month, while availability details for the 15.6-inch Latitude 9520 have not yet been announced.

Dell has also unveiled the Latitude 7520 with a 15-inch 4K UHD display and an optional full high-definition camera, and has updated its Latitude 5000 series and Precision 3560 PCs with new bioplastic designs that the company claims will help it to achieve its moonshot goal to have half of its products’ content be made of recycled materials by 2030.

​

IBM is planning to cut around 10,000 jobs in Europe as it prepares to spin off its legacy IT unit. 

Bloomberg reports that the losses will affect about 20% of IBM staff in the region. The majority of the cuts will be made in the UK and Germany, people familiar with the matter told the publication, with IBM also planning cuts in Poland, Slovakia, Italy and Belgium.

Google has announced that its extending Chrome support for enterprises using Windows 7 until at least 15 January 2020. 

Back in January, Google announced that it would stop supporting the browser on Windows 7 from 15 July 2021. However, in a post on the Google Cloud blog, the company has revealed that its extending support for an additional six months, with support now set to end in January 2022. 

The company said it’s decided to extend support due to the difficulties businesses have faced due to the remote working arrangements necessitated by the COVID-19 pandemic. 

“This year has presented a lot of challenges for organisations of all sizes,” said Max Christoff, engineering director of Google Chrome. “Facing difficult business and technology decisions, supporting a changing work environment, and navigating uncertainty are among just a few of the issues IT leaders have faced over the course of 2020.”

The decision has also been spurred by the fact that a significant proportion of businesses are still using the decade-old operating system. Although Microsoft stopped providing security updates for Windows 7 in January this year, Google’s figures show that 21% of organisations using Chrome on Windows 7 are still working to migrate over to Windows 10. 

“While the past few months served as a catalyst for technology investments and digital transformation initiatives for many organizations, for others, some planned IT projects may have had to take a back seat.

“Our hope is that this extension gives our enterprise customers the flexibility they need to continue supporting their workforce, while moving off of Windows 7 as their situation allows.”

News of this six-month extension comes just days after Google debuted Chrome 87, which it claims “represents the largest gain in Chrome performance in years”. The company claims the update has the potential to reduce CPU usage by up to five times and to extend battery life by up to 1.25 hours. 

Zoom has started rolling out end-to-end encryption (E2EE) to both free and paying users. 

E2EE is now available in technical preview on the Zoom desktop client version for macOS and Windows, the Zoom Android app and Zoom Rooms, with the Zoom iOS app currently pending App Store approval. 

Zoom’s E2EE uses the same 256-bit AES-GCM encryption that secures Zoom meetings by default. Account administrators can enable the feature in the web dashboard at an account, group, and user level, and participants must also enable the feature to join a meeting with end-to-end encryption.

When E2EE is enabled, nobody except each participant – not even Zoom’s meeting servers – has access to the encryption keys that are used to secure the meeting.

However, the company has warned that at least in the first stage of the four-phase rollout, E2EE will block certain Zoom functions, including cloud recording, streaming, live transcription, Breakout Rooms, polling, 1:1 private chat, and meeting reactions.

“End-to-end encryption is another stride toward making Zoom the most secure communications platform in the world,” said Zoom CEO Eric S. Yuan.

“This phase of our E2EE offering provides the same security as existing end-to-end-encrypted messaging platforms, but with the video quality and scale that has made Zoom the communications solution of choice for hundreds of millions of people and the world’s largest enterprises.”

Phase 2 of the E2EE rollout is “tentatively roadmapped” for 2021, according to Zoom. 

The rollout of end-to-end encryption comes five months after Zoom initially announced plans to add support for the security standard. However, at the time it said it would only be available for businesses and institutions that pay for a premium Zoom subscription. Following backlash from users and privacy activists, Zoom backtracked two week’s later and announced that it would make E2EE available to both free and paying users. 

Twilio is rumoured to be planning an acquisition of customer relationship management (CRM) startup Segment in a deal worth $3.2 billion (£2.45 billion). 

Twilio, which currently has a market cap of $43.83 billion, has agreed to buy Segment in a deal that could be officially announced as soon as this week, according to Forbes. The acquisition would be Twilio’s largest to date, following its $2 billion takeover of SendGrid in 2018.

Twilio’s technology allows developers to build software that can make and receive phone calls, send and receive text messages, and perform other communication functions using its web service APIs. The company, which counts Twitter, Uber, and Amazon’s Twitch among its customers, has seen its stock price triple since the beginning of the year as companies rushed to modernise their apps and services during the COVID-19 pandemic.

Segment, which boasts big-name customers including VMware, Trivago and IBM, provides a set of APIs to pull together customer data from a variety of sources, including CRM tools, customer service applications, and websites. However, the company hasn’t fared so well during the pandemic, with Segment laying off 10% of its 550 staff in May in anticipation of a “tougher IT spending environment”.

However, the company said in September that it now has over 20,000 customers, up from 19,000 at the time of the layoffs.

It’s believed Twilio will use the acquisition to expand beyond its core communications capabilities to create customised ads or emails using data gathered using Segment’s technology.

A Twilio spokesperson told Forbes that it does not comment “on any rumors or speculation”, and Segment also declined to comment on the rumour.

Microsoft 365 is back online after suffering a major global service outage on Monday. 

The outage, which lasted for more than five hours, affected Microsoft services including Azure, Outlook.com, Office.com, Power Platform, Dynamics365, and Microsoft Teams.

The downtime affected “millions” of users of Microsoft’s cloud-based services, according to reports, but Microsoft said people who were logged into an existing 365 session were still able to keep using the service.

“Affected users are encouraged to keep existing sessions going and to avoid re-authenticating to Microsoft 365 services,” the company said. “Any Microsoft 365 service that leverages Azure Active Directory (AAD) authentication may be impacted by this issue.”

Microsoft initially said the problem was linked to a recent update and restored the software to an earlier version. However, that fix failed to restore services.

“Rolling back the previously described change did not resolve the incident as expected,” Microsoft said on its Office.com status page. “We’re evaluating additional options to remediate the problem.”

About two hours later the company said it was seeing improvements after putting in place alternative mitigation steps. 

“After extended monitoring of our service, we have confirmed that the issue has been fully mitigated and is running within optimal service levels,” it said. 

The Microsoft 365 outage, which comes just months after Microsoft Teams went down across Europe, comes in the midst of the COVID-19 pandemic, which has seen employees rely on cloud-based productivity tools like Microsoft Teams as they carry out their roles remotely. In April, Microsoft reported 75 million daily active users of Teams as a result of more people working from home.

Several Twitter users also complained that the outage meant they could miss their job interviews and deadlines for school assignments.

Microsoft said it will be reviewing its code to understand what prevented users from being able to access multiple Microsoft 365 services.