Archive for June 2016 – Page 2

Your Latest IT Newsletter

Prolific Spammer and Malware Distributor Goes Mysteriously Quiet

Internet Security companies have reported the sudden and mysterious disappearance of one of the largest networks of compromised systems on the Internet. The Necurs botnet has been a notorious distributor of large amounts of spam / junk mail and malware over many years but is reported to have gone offline altogether this week.

<More>

European Companies Taking Too Long to Detect Cyber Attacks Says Report

A recent report by Cyber Security Company Mandiant has revealed that EU companies take on average 3 times longer than the rest of the world to detect a compromise by attackers in their systems.

The year long investigation showed that the average detection time for European companies is 469 days compared to 146 days globally.

<More>

Microsoft To Buy LinkedIn

Microsoft has announced that it is about to buy the world’s largest professional social network LinkedIn.

The deal is thought to be valued at just over $26.2 billion / £18 billion cash. As well as being much more than the $8.5 billion that Microsoft paid for Skype in 2011 and more than the $7.2 billion that it paid for Nokia’s mobile business in 2013, this latest acquisition also eclipses the $19 billion that Facebook paid for WhatsApp two years ago.

<More>

Social Media Now Main Source of News For Young People

A Report based on the international findings of The Reuters Institute for the Study of Journalism has shown that more 18 to 24 year olds now choose to social media as their main news source (28%) than television (24%). The report also shows that accessing news via social media is also particularly popular among women.

<More>

Technical Tip – Don’t use Public Networks For Financial Transactions

Using a public network to send sensitive information such as your financial information can mean that you leave yourself open unnecessarily to cyber criminals in the vicinity.

<More>

Technical Tip – Don’t use Public Networks For Financial Transactions

Using a public network to send sensitive information such as your financial information can mean that you leave yourself open unnecessarily to cyber criminals in the vicinity.

If you’re using a public computer for example this could have spyware on it, or there could be other security risks between it and its internet access point. Your details could therefore be intercepted and stolen. It is safer therefore to only send your personal and financial details over a network that you’ve set up yourself.

Social Media Now Main Source of News For Young People

A Report based on the international findings of The Reuters Institute for the Study of Journalism has shown that more 18 to 24 year olds now choose to social media as their main news source (28%) than television (24%). The report also shows that accessing news via social media is also particularly popular among women.

Which Social Media Platforms?

Facebook has emerged as the most popular source for news and is used by 44% of all of the 50,000 people in 26 countries involved in the survey. 19% of those surveyed got their news from YouTube while 10% got their news via Twitter.

Driven and Enabled By Smartphone Use.

It is perhaps not surprising that one of the big drivers and enablers of these trends is the fact that usage of smart phones to access news is on the rise. Young people in particular are now spending longer on mobile devices and it therefore makes sense for them to access the news published through their chosen social network via their smartphone instead of through TV, websites or Apps.

Happy to Let Algorithm Choose.

One particularly interesting finding of the report was that although news stories in Facebook and Twitter (Moments) are edited and overseen by humans, most respondents in this survey were happy to have their news selected via algorithm. Although these respondents liked the idea of receiving news based on their previous choices and the news story choices of their friends, 30% of respondents still recognised that human oversight is necessary in order to avoid getting an unbalanced view of news.

Challenges For Traditional News Channels.

The report reflected many of the challenges that traditional news channels have been facing in recent years. Falling newspaper sales, the rise of online ad blockers, young people not noticing the original source of the news being delivered via their social network, and the social network / smartphone combination now being used as the method for choosing and consumer news stories have all taken their toll on traditional channels and their profit opportunities.

What Does This Mean For Your Business?

Reaching younger demographics with advertising and targeted news stories is therefore more challenging than ever and requires a good understanding of how young people now interact with news and a good understanding of social networks. Newspaper and TV advertising to younger age groups may therefore be less effective than social media advertising.

Getting the online endorsement of  celebrities and / or opinion leaders, as well as recommendations from friends via social media can be important ways to effectively market many products and services to young audiences.

Microsoft To Buy LinkedIn

Microsoft has announced that it is about to buy the world’s largest professional social network LinkedIn.

The deal is thought to be valued at just over $26.2 billion / £18 billion cash. As well as being much more than the $8.5 billion that Microsoft paid for Skype in 2011 and more than the $7.2 billion that it paid for Nokia’s mobile business in 2013, this latest acquisition also eclipses the $19 billion that Facebook paid for WhatsApp two years ago.

Access to LinkedIn Members

The purchase will essentially give Microsoft access to the 430 million LinkedIn members worldwide which could mean that Microsoft is able to give a massive sales boost to its business and email software.

Retention and Integration

In the acquisition, which is expected to be completed by the end of 2016, Microsoft has stated that LinkedIn will be able to retain its “distinct brand, culture and independence”. LinkedIn CEO Jeff Weiner will retain his title and position but will report to Microsoft CEO Satya Nadella.

Although LinkedIn will still therefore function like a separate business in the near future, it will soon make up part of Microsoft’s ‘productivity and business processes’ segment. The strategic opportunities created by the integration of the 2 businesses e.g. Micosoft’s cloud and LinkedIn’s network have already got the markets excited. News of the announcement of the deal caused LinkedIn share values in New York to rise.

Premium After Fall

LinkedIn shares had fallen by more than 40% this year to the point where a profit warning was issued in February. The deal with Microsoft has therefore come as a big and welcome relief to shareholders who have seen their shares rise 47% to a premium valuation $192.60.

Synergy

Industry commentators have noted that there is a strong degree of synergy between Microsoft and LinkedIn i.e. LinkedIn’s huge database of professionals who are also Microsoft’s core demographic and Microsoft’s Office Productivity Suite that can be delivered online. Microsoft could therefore use the data from LinkedIn users to hone its products and services to whom it could also sell those products. It is thought that Microsoft could specifically use LinkedIn data to improve its Customer Relationship Management (CRM) software.

Sour Note

The new deal with Microsoft should also go some way to overshadowing the release by hackers a few weeks ago of the stolen LinkedIn details of over 115 million people from a hack in 2012.

What Does This Mean For Your Business?

The chances are that if you’re reading this business focused article you are likely to be a LinkedIn user as well as a user of Microsoft Products. This deal could therefore see you being targeted via LinkedIn with Microsoft brand messages as well as products and services. The likelihood is that you’ll notice more information and marketing messages relating to the Cloud and Office 365.

You may also notice new developments in the LinkedIn network which up until this deal may have been dipping slightly in terms of its appeal and possibly losing out to other online social networking opportunities.

European Companies Taking Too Long to Detect Cyber Attacks Says Report

A recent report by Cyber Security Company Mandiant has revealed that EU companies take on average 3 times longer than the rest of the world to detect a compromise by attackers in their systems.

The year long investigation showed that the average detection time for European companies is 469 days compared to 146 days globally.

The Results

Being able to infiltrate and operate in a network for a longer period of time means that cyber criminals are able to take more time to target specific / the most private and valuable data, achieve multiple attack goals and to steal larger amounts of data.

For example, the Mandiant Report showed that attacks on European companies meant that cyber criminals were able to steal an average of a massive 2.6 GB data.

It is likely that experienced cyber attackers can obtain the vital domain ‘Administrator’ details / credentials within the first few days of the attack, thus giving them ample time and opportunities to progress the attack the longer that they remain undetected.

The large amount of time that attackers can access a system for (i.e. a large ‘dwell time’) in the case of European attacks also means that attackers can use multiple user and administrator accounts to make sure that they achieve their aims.

Spending a long time in a breached system also means that attackers can learn a lot about it. This may help account for Mandiant’s discovery that in breach investigations for the European region in the past year many organisations were found to have been re-compromised within months of an initial breach.

The Reasons

The reasons why cyber attacks on European businesses are taking too long to be discovered include:

  • Compared to the U.S. for example there is very little proactive threat hunting by European companies. Many European companies have a ‘defensive architecture’ where they wait to be attacked before acting rather than hunting for threats and attackers.
  • Agencies in the European region lack visibility into what is actually happening and / or have no mandate to notify organisations if they have been compromised because that is often not their purpose.
  • European companies rely too heavily upon local government and law enforcement agencies for a notification of a compromise, rather than adopting the more successful approach of using external sources. Government and law enforcement agencies are often slower than external agencies at keeping up with the fast pace of developments in the evolving cyber threat landscape.

What Does This Mean For Your Business?

The results of the report help to illustrate the need for a far more proactive approach in European companies when it comes to threat detection.

Detecting a cyber attack early on can make a real difference in limiting the losses, and reducing the likelihood of being quickly re-compromised after recovering from the breach. Relying on law enforcement agencies and the government e.g. using the Cyber Essentials Scheme can help with basic protection but may not be enough in today’s environment. Professional help from external sources e.g. professional cyber security services could help your business to set up a more proactive and effective defence against evolving multiple cyber threats.

Prolific Spammer and Malware Distributor Goes Mysteriously Quiet

Internet Security companies have reported the sudden and mysterious disappearance of one of the largest networks of compromised systems on the Internet. The Necurs botnet has been a notorious distributor of large amounts of spam / junk mail and malware over many years but is reported to have gone offline altogether this week.

Signs Earlier This Month

Reports from security companies from the beginning of June showed a decline in the amount of traffic coming from Necurs. Security company Proofpoint noted on their website that prior to this month’s traffic slowdown, the malicious email campaigns that Necurs was sending out had been in volumes reaching hundreds of millions of messages.

How and What?

Necurs has been relying upon a ‘Botnet’, which is a collection of compromised computers to enable it to distribute its spam and malware. The Windows computers (thought to be in excess of 5 million) became compromised and therefore under the control of Necurs when they were infected with malware called ‘rootkit’.

Botnets are typically used to distributed spam and to launch distributed denial of service (DDoS) attacks. Necurs has most recently been distributing the Dridex banking Trojan and Locky ransomware.

Dridex can be used by cyber criminals to steal banking credentials and other personal and financial information from computer systems. Locky uses a Trojan horse in an email to infect your computer and then scrambles and renames all your important files so that they have the extension .locky.

Victims of Locky are then directed to buy the decryption key to unlock the files from cyber criminals on the ‘dark web’.

Why Has It Stopped and Will It Start Again?

The exact reason why the Necurs botnet has stopped working is unknown but security company Proofpoint for example have noted that the core administration systems of the botnet have now disappeared.

Unfortunately, the Necurs botnet is the type that uses a domain generation algorithm (DGA) that allows nodes and workers to find a new Command and Control (C&C) when the active one goes down as it has done in this case. This means that the Necurs botnet could be able to set itself up again, although it is not known how quickly this could happen.

What Does This Mean For Your Business?

Even though having one of the biggest spammers and malware distributors out of action is obviously a good thing, there are plenty more cyber criminals out there looking for ways into vulnerable systems, networks and computers.

Multi-vector (multiple method) and DDoS attacks are at a high and it has never been more important to make sure that all aspects of your cyber security are given some serious attention. The Government’s Cyber Essential’s Scheme for example provides help and guidance to enable your business to implement essential security controls. See: https://www.cyberstreetwise.com/cyberessentials/

If you haven’t already done so you may also wish to seek other professional advice about measures you could take to ensure cyber resilience such as cyber security training for staff, health checks, risk assessments / audits, cyber security policies, Business Continuity and Disaster Recovery Plans.

Your Latest IT Newsletter

Windows 10 Upgrade Tactics, Users Fightback With Petition

Anger and noises of discontent directed at Microsoft’s tactical changes in their campaign to speed the uptake of the Windows 10 free upgrade before the cut-off date have been building over the last month.

Finally, it seems that disgruntled users can take no more, and as reported in ‘the Inquirer’ a petition has been launched to request that the Electronic Freedom Foundation (EFF) wade in to help.

<More>

Innovative New Presentation Software Product From PowerPoint Rival Prezi

The latest presentation software offering from 7 year old start up software company Prezi could provide an exciting and effective alternative to other leading presentation packages such as Microsoft’s PowerPoint. ‘Prezi Business’ is the somewhat practical name for a product that enables users to present their ideas in a way that is more ‘conversational’, more flexible, more visual and storytelling-oriented (and therefore very engaging), more collaborative and data-driven, and far removed from the old bullet point style, linear slideshow of the past.

<More>

Big Increase in DDoS Attacks Recorded in 2016

A State of the Internet Report by researchers from Akamai shows a huge increase in the first quarter of 2016 in so called distributed denial-of-service (DDoS) attacks.

The research from the U.S. content delivery network (CDN) and cloud services provider showed a massive 19 such attacks that exceeded 100 Gbps took place in the first quarter of this year, compared to only 5 on the last quarter of 2015.

<More>

Free Security Scanner For Your IoT Devices Unveiled

Nestled among all of the speculation about the future opportunities and possibilities that the Internet of Things (IoT) has generated has been one very important concern – how can we protect our devices from today’s hackers?

Anti-malware and mobile security company BullGuard believe they have a ‘world first’ answer in the form of an IoT Security Scanner that can tell us which of our connected IoT / smart devices could be vulnerable to hackers.

<More>

Students to Get Free Money to Prepare for Career in Cyber Security

New undergraduate students in the UK will be able to apply this autumn for a brand new Cyber Skills financial assistance package that is designed to help prepare them for a career in cyber security.

The CyberFirst bursary scheme is part of the UK’s National Cyber Security Programme and will be operated via collaboration between the UK government’s intelligence agency ‘GCHQ’, other government departments and private industry.

<More>

Tech Tip – Improve Conversion – Take Your Glasses Off !!?

If more people of all levels of physical ability are able to understand and navigate your website this could lead to more enquiries and / or sales i.e. improving website accessibility and usability can improve conversion.

Your website visitors just want to know what you can do for them – and get the information that they’re looking for as fast as possible. When reviewing your website site with a view to improving it therefore, try taking your glasses off. If you can’t easily see what you’re looking for – the site has failed the ‘glasses off’ test.

<More>

Tech Tip – Improve Conversion – Take Your Glasses Off !!?

If more people of all levels of physical ability are able to understand and navigate your website this could lead to more enquiries and / or sales i.e. Improving website accessibility and usability can improve conversion.

Try the ‘Glasses Off’ Test..

Your website visitors just want to know what you can do for them – and get the information that they’re looking for as fast as possible.

When reviewing your website site with a view to improving it therefore, try taking your glasses off. If you can’t easily see what you’re looking for the site has failed the test.

10 Tips For You

Visual impairment, age, tiredness, or using a small mobile device can all mean that things are harder at a glance to see and understand. Here are 10 quick Tips for making your website easier to read and use:

  1. Make the navigation simple – along the top or left hand side of your website.
  2. Use a sensible sized font throughout. Use black on white.
  3. Have a search box if your website is big – and put the search box at the TOP of the site where it can quickly be found.
  4. Use underlines for links. Or at least make them look like links.
  5. Put your important stuff at the top of the site (above the ‘fold’).
  6. Put your contact details at the top – on every page. Not really usability but a very good idea and it makes a bigger difference than you’d think.
  7. Don’t disable the “Back” button.
  8. Break Long text into short paragraphs and text – like this email!
  9. Use short column widths – again like in this email!
  10. Have a Site Map. (Great for SEO too).

Students to Get Free Money to Prepare for Career in Cyber Security

New undergraduate students in the UK will be able to apply this autumn for a brand new Cyber Skills financial assistance package that is designed to help prepare them for a career in cyber security.

The CyberFirst bursary scheme is part of the UK’s National Cyber Security Programme and will be operated via collaboration between the UK government’s intelligence agency ‘GCHQ’, other government departments and private industry.

What Could Students Receive?

The CESG website states that the scheme could offer successful undergraduate applicants who are eligible an annual bursary of £4,000 for each year of degree study in a Sciences, Technology, Engineering or Maths (STEM) or a Social Science degree. Other opportunities that the new scheme could provide include:

  1. Paid Summer Work activities with GCHQ or other parts of government or industry involved in national security for each year of study (a mix of training, learning and development and work experience).
  2. A possible 3 years of work in a Cyber Security role after graduation.
  3. Membership of the CyberFirst Student Community. This part of the scheme can provide peer mentoring and advice from cyber security experts.

Who Can Apply?

Applications for this new financial assistance package will however only be open to UK citizens who have 3 A-levels (grades A to C) in at least 2 STEM subjects and who also have an offer to study an undergraduate degree in STEM subjects or social science at a UK university starting autumn 2016. Students can apply for the scheme here.

Other Opportunities and Courses for Girls and Younger Students

The CyberFirst National Cyber Security Programme will also be running girls-only development days through GCHQ from this summer to help encourage 14 and 15 year olds to consider pursuing a career in cyber security.

The Smallpiece Trust will be delivering 4 day residential courses designed by GCHQ and targeted at 16 and 17 year olds. These courses will focus on giving young people the chance to gain some hands-on experience in understanding vulnerabilities and protecting networks.

18 year olds will also be able to benefit from a 3 week ‘CyberFirst Advanced’ residential course where they can learn a variety of new skills in areas ranging from ethics to programming.

What Does This Mean For Your Company?

Levels of cyber crime have risen at an alarming rate in the last few years and although the cyber criminals have become more ‘professional’ and sophisticated, businesses have struggled to recruit people with adequate cyber security knowledge because of a skills gap in this vital area.

The CyberFirst scheme could therefore be one important way of helping to bridge this gap for UK businesses. The fact that this scheme is operating is also a clear acknowledgement by the government of the risks that all UK businesses now face on a daily basis.

Free Security Scanner For Your IoT Devices Unveiled

Nestled among all of the speculation about the future opportunities and possibilities that the Internet of Things (IoT) has generated has been one very important concern – how can we protect our devices from today’s hackers?

Anti-malware and mobile security company BullGuard believe they have a ‘world first’ answer in the form of an IoT Security Scanner that can tell us which of our connected IoT / smart devices could be vulnerable to hackers.

Research Confirmed a Need

Bullguard’s research of over 6,000 consumers revealed real concern about the security of connected devices and a lack of knowledge about how to protect them.

For example, 66% of survey respondents said they are highly concerned about the security of connected devices and yet a massive 72% said they simply didn’t know how to secure them properly. With over 25% of the research respondents saying that despite these concerns they still intended to buy more smart devices over the next year, the need for an effective IoT / smart device security system not only exists but is likely to increase.

What Is It … and What Does It Do?

BullGuard’s IoT Scanner is a web-based application available on any platform and all major browsers.

Visiting http://iotscanner.bullguard.com/ and clicking on the orange button allows you to check if your internet-connected devices at home are accessible to the public on Shodan (a search engine for the Internet of Thing) and therefore whether they are vulnerable to hackers.

If one of your smart devices is flagged as being vulnerable, details about the specific security issues are provided.

An email report of scan results can also be used to help diagnose problems and users can share notifications of successful scans with friends and family to encourage them to protect their own smart devices.

The website also allows you to download a free consumer guide to the IoT and IoT security (as a pdf). See: https://www.bullguard.com/marketingfiles/ext/web/IoT-Consumer_Guide.pdf

What Kind of Smart Devices?

The kinds of smart devices that can be scanned include security cameras, baby monitors, Smart TVs and wearables.

What Does This Mean For Your Business?

So many of us are now buying devices for mobile use or for use in the home and / or workplace that have a smart element to them / are connected to the Internet, that we now have many more possible security vulnerabilities around us that we are not fully aware of.

Combine this fact with the large numbers of us who work from home or use BYOD (Bring Your Own Device) at our workplace and the scale of this growing potential problem becomes apparent. This free and easy to use scanner could therefore be used to plug an often overlooked gap in our business cyber security defences and raise awareness about the issue at the same time.