All posts by Sabina Weston

Windows 11 rollout begins as industry predicts slow business uptake


Sabina Weston

5 Oct, 2021

Microsoft has officially launched Windows 11, with the operating system’s phased rollout kicking off on 5 October. 

The release has been long anticipated by consumers and tech industry professionals alike, with the update bringing a number of new features such as a redesigned Start menu, Microsoft Teams integration, and the promise of faster future updates. 

Windows chief product officer Panos Panay, who was promoted to executive vice president in August, announced the launch on Windows Blogs and thanked Microsoft’s partners for their support.

“We are grateful to our entire ecosystem of partners who have played important roles in helping us prepare to get Windows 11 into the hands of our customers around the world. From OEM and app partners, to silicon, to retail, to our Windows Insiders, a launch of this global scale could not be achieved without them,” he said.

“On behalf of the entire team, we are pumped to bring you Windows 11, the Windows that brings you closer to what you love. We look forward to seeing the dreams and ideas you bring to life with Windows 11. This is just the beginning,” he added.

The tech industry was quick to share its thoughts on the launch, and many believe Windows 11 will fail to make a significant impact, with business uptake likely to be slow.

Gartner senior research director Ranjit Atwal, for example, told IT Pro that he is not expecting the launch to create “significant change” in the wider PC market. Many businesses will likely wait until next year to upgrade to Windows 11, he added, due to uncertainty towards the availability and compatibility of different apps.

Scott Riley, director of Cloud Nexus, a security provider and gold Microsoft Partner, told IT Pro, also believes that business uptake of the new operating system will be slow. When asked about whether users should upgrade today, he said: “The answer is no, Windows 10 is still fully supported by Microsoft until October 2025 so there is no urgency to make the leap,” he added.

Riley added that the operating system “feels like a facelift rather than a complete change to Windows 10”, and noted that Microsoft’s stringent system requirements could be another factor in users’ reluctance to upgrade immediately. 

“There are a lot of changes under the hood, and the minimum requirements have increased to focus on security for home and business devices,’ he said. “Windows 11 now requires a processor which supports security features which were only introduced into Intel and AMD chips following the Spectre and Meltdown attacks in 2018,” he said.

“As such this means that an awful lot of computers produced in 2018 and earlier will not be supported on Windows 11.”

However, Mahadeva Bisappa, principal architect at the Microsoft Partner and digital transformation consultancy, SPR, told IT Pro that the operating system has clearly been designed for the distributed workforce.

“Windows 11 comes out at a time when distributed remote work has become a norm”, she said, adding that its features are tailored to meeting “those remote working needs”.

“This includes all the new user interface improvements, Microsoft Teams for integrated communication and collaboration via text, audio and video modes across devices, and being able to use Windows 11 from any device or operating system,” he said. 

Bisappa also highlighted Windows 11’s security features, saying that Microsoft has been “doing a tremendous job of updating the Windows operating system regularly to address security issues and help users be more productive and secure”.

If you’re ready to make the team, a guide on how to install Windows 11 is available here.

SolarWinds hackers are targeting Microsoft AD servers


Sabina Weston

29 Sep, 2021

Nobelium, the hacking group responsible for last year’s cyber attack on SolarWinds, is now stealing data from Active Directory Federation Services (AD FS) servers.

That’s according to Microsoft’s Threat Intelligence Center (MSTIC), which has issued a warning about Nobelium’s latest actions on its blog.

The Russian state-backed hacking group was found to be using a post-exploitation backdoor dubbed FoggyWeb in order to remotely exfiltrate sensitive data as well as maintain persistence on victims’ networks, warned MSTIC researcher Ramin Nafisi.

In order to steal the data, Nobelium hackers first gain admin privileges to AD FS servers by employing “multiple tactics to pursue credential theft”. Once they manage to compromise the server, they then deploy FoggyWeb “to remotely exfiltrate the configuration database of compromised AD FS servers, decrypted token-signing certificates and token-decryption certificates”, wrote Nafisi.

The “passive and highly targeted” FoggyWeb backdoor “has been observed in the wild as early as April 2021”, he added.

Microsoft stated that it had notified all customers believed to be targeted by Nobelium. However, it didn’t rule out that some organisations might still be at risk. It recommends that potential victims audit their on-premises and cloud infrastructure, “remove user and app access”, strengthen their passwords, as well as “use a hardware security module (HSM) in securing AD FS servers to prevent the exfiltration of secrets by FoggyWeb”.

The tech giant also advised organisations to “harden and secure AD FS deployments” by taking additional measures, including limiting on-network access via host firewall and requiring all cloud admins to use multi-factor authentication.

The warning comes three months after Nobelium was found to have engaged in “password spray and brute-force attacks” on Microsoft’s customers, with around 10% of the targets being based in the UK.

The hackers implanted “information-stealing malware” on a device belonging to a Microsoft customer support agent, through which they obtained “basic account information for a small number of [Microsoft’s] customers”, according to the tech giant.

Prior to this, Nobelium launched a wave of attacks on more than 150 government agencies, think tanks, consultants, and NGOs from 24 countries, targeting an estimated 3,000 email accounts.

HPE GreenLake takes aim at data protection and analytics


Sabina Weston

28 Sep, 2021

HPE has announced a series of new GreenLake offerings which signal its entrance into the analytics and data protection markets.

HPE GreenLake for analytics is a set of open and unified analytics cloud services that aim to modernise data and applications stored on-premises, at the edge, and in the cloud. It will enable analytics and data science teams to scale up Apache Spark lakehouses and speed up artificial intelligence (AI) and machine learning (ML) workflows, according to HPE. 

HPE GreenLake for data protection offers backup cloud services as well as disaster recovery sourced from HPE’s recent acquisition of Zerto. It provides restore times of as little as minutes, allowing organisations to recover from ransomware attacks without impacting business operations, regardless of the scenario.

HPE has also annunced the Edge-to-Cloud Adoption Framework, which aims to support customers in creating an effective cloud operating model by being able to evaluate it using categories such as Strategy and Governance, People, Operations, Innovation, Applications, DevOps, Data, and Security

Beside its three main new offerings, HPE has also showcased a new addition to its AI Ops for infrastructure, HPE InfoSight. Known as HPE InfoSight App Insights, the tool is capable of detecting application anomalies, providing recommendations, and preventing disruptions in application workloads. Customers looking to make smarter, data-based IT decisions across edge-to-cloud will also benefit from the new HPE CloudPhysics.

Commenting on the announcements, HPE president and CEO Antonio Neri said that “data is at the heart of every modernisation initiative in every industry”.

He adds, however, that many organisations “have been forced to settle for legacy analytics platforms that lack cloud-native capabilities, or force complex migrations to the public cloud that require customers to adapt new processes and risk vendor lock-in.”

According to Neri, the big data and analytics software market, estimated by IDC to be worth $110 billion by 2023, “is ripe for disruption, as customers seek a hybrid solution for enterprise datasets on-premises and at the edge”.

“The new HPE GreenLake cloud services for analytics empower customers to overcome these trade-offs and give them one platform to unify and modernise data everywhere,” he said. Together with the new HPE GreenLake cloud services for data protection, HPE provides customers with an unparalleled platform to protect, secure, and capitalise on the full value of their data, from edge to cloud.” 

Customers can benefit from the HPE Edge-to-Cloud Adoption Framework starting today, while HPE GreenLake for analytics and HPE GreenLake for data protection will become available in the first half of 2022.

Cisco and AMD help modernise defence industry IT infrastructure


Sabina Weston

27 Sep, 2021

Cisco has announced that it is helping defence departments modernise and simplify their IT infrastructure with its AMD-powered rack servers.

The UCS C4200 Series Rack Server Chassis hosts four UCS C125 M5 Rack Server Nodes in two rack units (2RU) with shared power and cooling. The server nodes are powered by AMD EPYC processors, which boast “the highest core density in the industry”.

This has made it possible to cut down on the number of cables used by defence departments, reducing the number from 200 individual cables by 60% to only 80.

Cisco has managed to merge 20 racks of gear down to a single rack, as well as cut down on power consumption and licensing costs, making running the technology more affordable for the defence departments, which are typically funded by taxpayers.

The new offerings make it easier to manage servers: in a case study, Cisco detailed that “one defence agency deployed the Cisco UCS C-Series to simplify infrastructure management and scaling”. 

The unnamed defence department no longer has to manually manage servers on an individual basis, and can now use UCS Manager to orchestrate them “collectively using software-defined service profiles”.

Cisco’s UCS Manager simplifies the deployment of service profiles to both rack and blade servers, with defence departments being able to manage as many as 160 nodes at the same time. 

“As a result, the defence agency has streamlined infrastructure management, established greater consistency of server configuration and security, and simplified scaling without the need for downtime,” said Cisco.

The combination of the UCS C4200 Series Rack Server Chassis and UCS C125 M5 Rack Server Nodes is used to benefit “various defence departments in multiple countries”. However, Cisco didn’t specify which exact states are customers.

One of the benefactors could be the US Department of Defense (DoD), which has strong ties with the American tech giant. In July, Cisco launched Webex for defence, an all-in-one collaboration platform specifically made for the military department. Authorised to work with the DoD’s national security systems, the new tool integrates with Cisco’s full Webex portfolio of devices, allowing users to connect securely from phone, desktop, or video.  

Google’s Grace Hopper subsea cable lands in Cornwall


Sabina Weston

15 Sep, 2021

Google has announced that its undersea cable connecting the US with Europe has arrived in Bude, Cornwall.

The fibre-optic network cable is estimated to be around 6,000km long and is named after the American computer science pioneer Grace Hopper.

First announced in July 2020, the Google-funded cable runs from New York and splits off in the middle of the Atlantic Ocean to arrive in Bilbao, Spain and Cornwall. 

Google Cloud strategic negotiator for Global Infrastructure, Jayne Stowell, described the Grace Hopper cable as an example of Google’s “ongoing investment” in the UK’s tech sector.

“Grace Hopper represents a new generation of transatlantic cable coming to the UK shores and is one of the first new cables to connect the US and the UK since 2003,” she announced in a company statement. Google has recently rolled out other subsea cables known as Curie, Dunant, Equiano, and Firmina.

The cable will use a technology known as “fibre switching,” allowing Google to manoeuvre traffic around outages and increase the reliability of its network. It will power popular Google services such as Meet, Gmail and Google Cloud – which all saw a surge in new customers due to last year’s mass shift to remote working.

“Moreover, with the ongoing pandemic fostering a new digital normal, Google-funded subsea cables allow us to plan and prepare for the future capacity needs of our customers, no matter where they are in the world. Grace Hopper will connect the UK to help meet the rapidly growing demand for high-bandwidth connectivity and services,” added Stowell.

The second European arm of the Grace Hopper cable landed on the Bilbao shoreline on 9 September, as the “first ever Google-funded route to Spain” which will integrate an upcoming Google Cloud region in Madrid. 

The entire cable is set to become operational in 2022. 

Earlier this year, Google announced that its other subsea cable connecting the US and Europe, Dunant, is ready for service. First announced in 2018, the Dunant cable runs 6,400km (3,977 miles) between Virginia Beach, Virginia and Saint-Hilaire-de-Riez in the Pays de la Loire region of France. Google says it has 250Tbps of bandwidth, meaning it can transfer the entire digitised Library of Congress three times every second.

Azure Container Instances users urged to ​​revoke privileged credentials after flaw discovery


Sabina Weston

9 Sep, 2021

Microsoft’s security team has urged Azure Container Instances (ACI) users to revoke any privileged credentials deployed to the platform prior to 31 August.

The advice comes as Palo Alto Networks discovered a vulnerability, which has since been fixed, within ACI which made it possible for hackers to ​​obtain user data.

Dubbed Azurescape, due to the escape method being uncovered in Microsoft’s Azure container as a service (CaaS) platform, said a spokesperson for Palo Alto Networks.

“This type of cross-account takeover represents a new attack vector that hackers can use to target cloud services. We expect that more vulnerabilities will be discovered that enable cross-account takeover,” the spokesperson told IT Pro.

Azurescape was discovered by Unit 42 researcher Yuval Avrahami, who reported it to Microsoft and was awarded “two bug bounties” for an undisclosed amount.

No evidence was found suggesting that the flaw was exploited, according to the Microsoft Security Response Center team.

“There is no indication any customer data was accessed due to this vulnerability. Out of an abundance of caution, notifications were sent to customers potentially affected by the researcher activities, advising they revoke any privileged credential that were deployed to the platform before August 31, 2021,” they stated.

However, lack of evidence doesn’t exclude the chances that a data breach happened. Microsoft didn’t confirm whether it was confident no data had been accessed, according to Reuters.

The tech giant told ACI customers that if they hadn’t been notified, “no action is required”.

“If you are unsure whether your subscription or organisation has received a notification, please contact Azure Support. If you have any concerns, rotating privileged credentials is a good periodic security practice and would be an effective precautionary measure,” it added.

The advisory comes weeks after thousands of its Azure customers had their main databases compromised. Affected customers included some of the world’s largest companies, according to cyber security researcher Wiz, and was dubbed “the worst cloud vulnerability you can imagine”.

Microsoft had since fixed the vulnerability, at the time saying that there was no evidence the flaw had been exploited. The tech giant had reportedly agreed to pay the security researchers $40,000 for finding the flaw and reporting it.

How the cloud is helping Currensea create a more sustainable future


Sabina Weston

7 Sep, 2021

Many startups dream of the day they get their Big Break, but not all of them pause to consider whether they will actually be able to handle the rapid increase in demand for their services. 

For Currensea, their Big Break was delivered by their appearance on Channel Five’s long-running consumer technology series The Gadget Show.

“We didn’t know how this was going to play out,” recounts Craig Goulding, who co-founded Currensea in 2018 with fellow former JPMorgan employee James Lynn.

“When it aired, things went absolutely berzerk, traffic to our website and application went through the roof. We were issuing one card every six seconds – totally, utterly insane,” he tells Cloud Pro.

Sudden influxes of traffic, often prompted by media coverage, are not a daily occurrence for many companies. However, when they do happen, many websites cannot handle the demand and buckle up under pressure. This means that the company can miss out on new orders and – most importantly – profits. 

For Currensea, however, this moment was made possible by the elasticity and scalability of the cloud on which its website is built.

“The platform just handled that surge in volume,” says Goulding. He describes the appearance on the show, as well as the subsequent frenzy, as “an amazing experience” that was fully enabled by technology, allowing Currensea to sit back and reap the rewards. 

“One of the great things about the cloud is that you don’t have to worry about servers,” he tells Cloud Pro. “So you can concentrate on building and running applications and business logic, rather than having to worry about having to manage the infrastructure. Amazon Web Services just takes care of all that for you.”

Goulding adds that this was especially important for the small team of engineers that makes up Currensea, allowing them to focus on “building products and building differentiation, rather than having to worry about the kind of nuts and bolts of the service and goodness knows what”. The experience with The Gadget Show helped Goulding realise the importance of the ability to scale up and scale down on demand, especially when these kinds of peaks in traffic are rare. It also helps the company save money.

“If you’re not using it in the cloud then you’re not paying for it, so it’s a very flexible and adaptable model as well,” he says.

The cloud offers more than just peace of mind, though.

“Another huge benefit is just the number of tools they have in their environments, which you just point and click and configure, then you magically get them, which is incredible. Again, if you’re having to kind of build that up yourself, it would be a hugely conservative resource, so it’s just a massive accelerator for us,” he says. 

“Then you’ve got the resiliency as well. You’re spread across multiple data centers and everything kind of fares over if there’s any issues in one data center. So, you run a 24/7 operation with no downtime.”

Saving the oceans, one card at a time

The cloud has been hailed as a life-saver for many industries, especially during the COVID-19 pandemic. For Currensea, however, it’s allowing the challenger bank to channel all its attention into its environmental efforts.

While many banks are undergoing a digital transformation, offering a brighter and more convenient future, what actually lies ahead might be rather more bleak. Extreme weather, food shortages, and pollution are only the tip of the environmental iceberg, with the gradual melting of ice caps and rising sea levels threatening to submerge coastal cities such as Miami as early as 2050. All of these issues could impact everyone’s long-term plans – but could something as small as a bank card help reverse them?

Whether debit or credit, banking cards are most often made out of polyvinyl chloride, more commonly known by the initials PVC, which is notoriously difficult to recycle, usually ending up sitting in landfills for centuries to come. This has prompted Currensea to opt for biodegradable cards that, when disposed of, will take about a decade to decompose. However, the challenger bank’s environmental drive isn’t limited to cards only: Earlier in 2021, the company launched a new feature that enables customers to contribute to cleansing the oceans of plastic waste every time they spend money abroad, with a pledge to remove 2.5 times the amount of plastic they produce every year.

“For each card that we’re producing, we’re also extracting plastic from the oceans – more plastic than we’re actually introducing to the world,” explains Goulding.

When asked about the problem of greenwashing – companies branding themselves as sustainable for marketing purposes, with limited positive impact for the environment – Goulding says he is “very conscious of that”.

“You either do it properly, or you don’t do it at all,” he says.

NHSX guidance aims to improve NHS digital transformation efforts


Sabina Weston

31 Aug, 2021

NHSX has published a new set of guidelines that aims to help NHS trusts embrace technology to further their digital transformation efforts. 

The move follows a report from earlier this year which found that major technological innovations implemented in the NHS during the COVID-19 pandemic need “further work” before they are locked in.

Known as What Good Looks Like (WGLL), the new framework provides NHS managers with instructions on how to use digital technology in medical services – as well as information about who should be paying for it.

NHSX hopes the WGLL guidelines will set a “common foundation that should be in place across the NHS”, from making it easier for patients to access online services to implementing the correct cyber security measures in order to avoid cyber attacks.

WGLL also calls for NHS trusts to make digital services, such as online access to care plans, test results, and electronic prescribing systems, easily accessible across the whole of the UK, and not just in select locations.

This would help to reduce health inequalities as well as make work easier for frontline workers, whom, according to NHSX chief executive Matthew Gould, were a key part of developing the guidelines.

“They have been produced following extensive consultations with the frontline, and will continue to change as we get more feedback. They are designed to be helpful, empowering and clear. They set out what they should be driving towards, and how they will need to pay for it,” he said.

The NHSX has also published a set of proposals on how to tackle the obstacles in digital technology investments. Known as Who Pays For What, it aims to solve issues such as the uncertainties over funding sources, digital transformation costs, and lack of understanding of the benefits of digital investment.

The NHSX is proposing changes in financial and payments policies in 2021 to 2022 as well as seeking to encourage the uptake of established technologies and promote the adoption of emerging innovations.

It also announced that it’s bringing together multiple existing funding pots into one national application process, in order to simplify the bidding process and make funds more equally distributed.

Commenting on today’s news, NHSX CIO Sonia Patel said that she hopes that “these resources are both empowering and enabling in terms of understanding the destination we commonly want to reach across the nation with digital transformation”.

“Talking to leaders across the NHS, there is a renewed belief and confidence in the digital and data agenda and increasing awareness of the importance it holds in supporting a modern NHS,” she added.

83 million IoT devices at risk of hacking


Sabina Weston

18 Aug, 2021

At least 83 million Internet of Things (IoT) devices around the world could be at risk of hacking, potentially enabling threat actors to listen in on private conversations and watch live video streams from baby monitors and smart cameras.

That’s according to new findings from Mandiant, a cyber security company and subsidiary of FireEye.

Mandiant security researchers Jake Valletta, Erik Barzdukas, and Dillon Franke discovered a vulnerability that affects IoT devices that use the Kalay network platform manufactured by Taiwanese IoT and M2M (machine-to-machine) solutions provider ThroughTek.

Tracked as CVE-2021-28372, the vulnerability affects a core component of the Kalay platform, allowing hackers to “listen to live audio, watch real-time video data, and compromise device credentials for further attacks based on exposed device functionality”, according to the researchers.

Although Mandiant was not able to pinpoint the affected devices, its researchers noted that ThroughTek has at least 83 million active devices as well as an estimated 1.1 billion monthly connections on its Kalay platform, with all of them potentially being exposed to hackers.

Mandiant disclosed the vulnerability to the US’ Cybersecurity and Infrastructure Security Agency (CISA), which has published an advisory report on the issue that recommends that users disconnect their ThroughTek devices from the internet, isolate them from the business networks, and to only connect to devices through virtual private networks (VPN).

A spokesperson for the UK’s National Cyber Security Centre (NCSC) told IT Pro that it is “aware of this vulnerability”, adding that ThroughTek “has released an update to fix the issue”.

“Simply using the platform does not automatically make you vulnerable to real-world impact, as additional information that is hard to guess is needed to exploit the vulnerability in an individual device successfully. To maximise protection, the NCSC recommends individuals keep their software up to date by installing the latest vendor updates as soon as practicable,” said the NCSC spokesperson.

The discovery of CVE-2021-28372 by Mandiant comes two months after Nozomi Networks researchers discovered a similar flaw affecting ThroughTek’s P2P SDK, which is used to provide remote access to audio or video streams over the internet.

The UK government is working on a new law that will force IoT device manufacturers to meet minimum security requirements and banning them from setting easy-to-hack passwords such as ‘admin’ or ‘password’. In April, it was announced that the legislation would also include smartphones.

NCSC simplifies Outlook scam-reporting tool


Sabina Weston

12 Aug, 2021

The National Cyber Security Centre (NCSC) has simplified its cyber scam-reporting with a new add-in for Outlook on Microsoft 365 which makes it even easier to flag phishing emails to its Suspicious Email Reporting Service (SERS).

Launched in April of last year, SERS allows users to report email scams by forwarding them to report@phishing.gov.uk. Within the last 16 months, it has received over 6.5 million reports from the public resulting in the removal of 97,000 online scams, the NCSC said.

However, the organisation has said that this isn’t enough, with NCSC technical director Dr Ian Levy saying that the new tool will make it easier for businesses to “further help combat cyber crime”.

Designed as a simple button, it allows staff to report a suspicious-looking email with just one click, saving the time that it takes to find the SERS email address and forward the message. The more automated approach aims to make reporting easier and faster, allowing users to protect the security of the business without compromising on time and productivity

“As more people report more dodgy stuff to us, the safer everyone gets,” said Levy. “The pandemic has shown the cyber criminals will stop at nothing to attack and defraud citizens and businesses. But our Suspicious Email Reporting Service has also shown that the British public can help us fight back against this scourge.”

SMBs have been especially vulnerable to hackers, with almost a third of cyber attacks now involving a small business. According to Federation of Small Businesses national chair Mike Cherry, innovations such as the simplified reporting tool “are crucial to calling time on business crime”. 

“Small achievable steps will go a long way to protect thousands of small firms from cyber attacks. Every year, there are almost four million cases of cyber attacks against small businesses in the UK, and more than 50 per cent of these come from phishing,” he said, adding that “these systems not only help prevent disruption to small firms today but will become increasingly important to help safeguard small businesses for the future”.

Organisations interested in equipping their staff with the Microsoft 365 tool can go to the Microsoft AppSource portal and search for the Report Phishing add-in, click the “Get it now” button, and follow the instructions to complete the installation.