Archive for September 2019

Your Latest IT News Update

Deepfake Ransomware Threat Highlighted

Multinational IT security company ‘Trend Micro’ has highlighted the future threat of cybercriminals making and posting or threatening to post malicious ‘deep fake’ videos online in order to cause damage to reputations and/or to extract ransoms from their target victims.

<More>

Report Says Public Cloud May Double In Just Four Years

The new cloud market report from the Synergy Research Group shows that cloud-associated markets, such as the public cloud, are growing at rates ranging from 10% to over 40% and the annual spending on the cloud may double in four years.

<More>

Penetration Testing Specialists Who Broke Into US Courthouse Claim It Was Part of Security Assessment

Two security specialists who performed a physical break-in on the US courthouse that hired their company for a penetration test have claimed that their break-in was part of their assessment of security.

<More>

IBM To Offer Largest Quantum Computer Available For External Access Via Cloud

IBM has announced that it is opening a Quantum Computation Centre in New York which will bring the world’s largest fleet of quantum computing systems online, including the new 53-Qubit Quantum System for broad use in the cloud.

<More>

Less Than Half of Small Businesses Ready For No-Deal Brexit

Research from techUK shows that less than half of small UK businesses consider themselves to be ready to face a no-deal Brexit on 31 October, whereas 87% of larger businesses think they are prepared.

<More>

Tech Tip – Telegram

Telegram describes itself as the fastest messaging app on the market, and uses a unique, distributed network of data centres around the globe so that’s it’s not only a simple, fast, secure messaging service that’s synced across all your devices, but also has added features and an ease of operation that many prefer to WhatsApp.

<More>

Deepfake Ransomware Threat Highlighted 

Multinational IT security company ‘Trend Micro’ has highlighted the future threat of cybercriminals making and posting or threatening to post malicious ‘deep fake’ videos online in order to cause damage to reputations and/or to extract ransoms from their target victims.

What Are Deepfake Videos?

Deep fake videos use deep learning technology and manipulated images of target individuals (found online), often celebrities, politicians, and other well-known people to create an embarrassing or scandalous video such as pornography or violent behaviour. The AI aspect of the technology means that even the facial expressions of those individuals featured in the video can be eerily accurate, and on first viewing, the videos can be very convincing.

An example of the power of deepfake videos can be seen on the Mojo top 10 (US) deep fake video compilation here: https://www.youtube.com/watch?v=-QvIX3cY4lc

Audio Too

Deepfake ‘ransomware’ can also involve using AI to manipulate audio in order to create a damaging or embarrassing recording of someone, or to mimic someone for fraud or extortion purposes.

A recent example was outlined in March this year, when a group of hackers were able to use AI software to mimic (create a deep fake) of an energy company CEO’s voice in order to successfully steal £201,000.

Little Fact-Checking

Rik Ferguson, VP of security research and Robert McArdle, director of forward-looking threat research at Trend Micro recently told delegates at Cloudsec 2019 that deepfake videos have the potential to be very effective not just because of their apparent accuracy, but also because we live in an age when few people carry out their own fact-checking.  This means that by simply uploading such a video, the damage to reputation and the public opinion of the person is done.

Scalable & Damaging

Two of the main threats of deepfake ransomware videos is that they are very flexible in terms of subject matter i.e. anyone can be targeted, from teenagers for bullying to politicians and celebrities for money, and they are a very scalable way for cybercriminals to launch potentially lucrative attacks.

Positive Use Too

It should be said that deepfakes don’t just have a negative purpose but can also be used to help filmmakers to reduce costs and speed up work, make humorous videos and advertisements, and even help in corporate training.

What Does This Mean For Your Business?

The speed at which AI is advancing has meant that deepfake videos are becoming more convincing, and more people have the resources and skills to make them.  This, coupled with the flexibility and scalability of the medium, and the fact that it is already being used for dishonest purposes means that it may soon become a real threat when used by cybercriminals e.g. to target specific business owners or members of staff.

In the wider environment, deepfake videos targeted at politicians in (state-sponsored) political campaigns could help to influence public opinion when voting which in turn could have an influence on the economic environment that businesses must operate in.

Report Says Public Cloud May Double In Just Four Years

The new cloud market report from the Synergy Research Group shows that cloud-associated markets, such as the public cloud, are growing at rates ranging from 10% to over 40% and the annual spending on the cloud may double in four years.

IaaS & PaaS Biggest Growth

Synergy’s half-yearly report shows that, across the seven key cloud service and infrastructure market segments, revenues for operator and vendors in the first half of 2019 exceeded $150 billion, which is a rise in growth of 24% from the first half of 2018.

The biggest area of growth in the cloud infrastructure sector was in the infrastructure as a service (IaaS) and platform as a service (PaaS) market segments where there was a massive 44% growth rate.  IaaS is online, virtualised computing resources over the internet, and PaaS is where a provider hosts the hardware and software on its own infrastructure with PaaS products enabling developers to build custom applications online without having to worry about data serving, storage, and management.

The Synergy report also showed growth rates of enterprise SaaS at 27%, UCaaS at 23% and hosted private cloud infrastructure services at 20%.  The report also shows that spending on cloud services is now much greater than spending on supporting data centre infrastructure.

Infrastructure Investments

In the first half of 2019, cloud service provides spent $55 billion on the hardware and software used to build cloud infrastructure (evenly split between public and private clouds).  These infrastructure investments helped cloud service providers to generate over $90 billion in revenues from their cloud infrastructure services (IaaS, PaaS, hosted private cloud services) and enterprise SaaS.

Leaders

The Synergy report shows that the leaders in the IaaS and PaaS segments in the first half of 2019 are Microsoft, Amazon/AWS, Dell EMC, Cisco, HPE and Google.  Back in February, Amazon’s Web Services (AWS) reported a massive 45% growth in the revenue of the fourth quarter, mostly fuelled by big profits in its public cloud arm.

Other big names in that market segment include Salesforce, Adobe, VMware, IBM, Digital Realty, Equinix and Rackspace.

All these big players together account for over half of all cloud-related revenues.

What Does This Mean For Your Business?

The public cloud is being embraced by businesses as they seek to outsource and ditch traditional capital investment and maintenance problems and costs while reaping the benefits of having the pay-as-you-go scalability, security, and outsourced expertise that allows them to free up more of their own resources.  Cloud service providers are now investing heavily to win large slices of the cloud market with Amazon and Microsoft as market leaders, and as the Synergy report shows, this investment is delivering big revenues and impressive growth rates, particularly in the IaaS and PaaS market segments.

Penetration Testing Specialists Who Broke Into US Courthouse Claim It Was Part of Security Assessment

Two security specialists who performed a physical break-in on the US courthouse that hired their company for a penetration test have claimed that their break-in was part of their assessment of security.

What Happened?

Dallas’ State Court Administration (SCA) is reported to have hired security company Coalfire Labs to conduct testing of the security of the court’s electronic records at the Dallas County Courthouse in the town of Adel, around 20 miles west of Des Moines.

The police were called to the courthouse just after midnight on the 11 September where two men, who had been seen walking around on the third floor, came to the door to meet the police.  When the two men, named as Justin Wynn and Gary Demercurio came to the door they were allegedly carrying multiple burglary tools, and allegedly claimed that they had been ‘contracted’ to break into the building and to check courthouse alarm system, and how responsive the police were.  The two men were promptly arrested, jailed and released on a $50,000 bond.

No Knowledge

It has been reported that, at the time, Dallas County claimed to have no knowledge of the security company or their plans, but Iowa’s State Court Administration did later release a statement confirming that it hired the company Coalfire Labs to test the security of the court’s electronic records.

The State Court Administration did, however say that, although it has asked the company to attempt unauthorised access to court records through various means to learn of any potential vulnerabilities, it didn’t intend or expect those means to include forced entry to the building, an act that it couldn’t not condone (certainly for cyber testing!).

Would A Physical Break-In Be Part of a Pen Test?

Some tech commentators have speculated that some cybercrimes require the criminal to be physically close to target devices, which would, therefore, require companies and organisations to perhaps consider investing in physical defences as well as cyber defences.

Coalfire

Coalfire Labs, the global company that was hired to carry out pen testing assessment, and is reported to have carried out hundreds of assessments for government agencies in the past, has been unable to comment on this particular case due to the confidential nature of its work, security and privacy laws, and the fact that a legal case is active.

Similar?

One thing that may not be good news for the two penetration testers is that there have been reports that a break-in at the Polk County Historic Courthouse in nearby Polk County on 9 Sept was apparently similar in nature to the Dallas County Courthouse break-in.

What Does This Mean For Your Business?

Physical security is, of course, an important part of protecting the whole business, but under GDPR data security should not involve leaving personal data anywhere that it could easily be accessed by unauthorised persons, whether its in a physical or virtual location.

Penetration testing is a legitimate and valuable way for companies and organisations to assess where more work needs to be done to ensure the safety of all digital data and information that they hold, but it is unlikely that many UK businesses would consider a physical break-in to be a legitimate part of what is usually and electronic-based assessment.  It remains to be seen what happens in the US court case.

IBM To Offer Largest Quantum Computer Available For External Access Via Cloud

IBM has announced that it is opening a Quantum Computation Centre in New York which will bring the world’s largest fleet of quantum computing systems online, including the new 53-Qubit Quantum System for broad use in the cloud.

Largest Universal Quantum System For External Access

The new 53-quantum bit/qubit model is the 14th system that IBM offers, and IBM says that it is the single largest universal quantum system made available for external access in the industry, to date. This new system will (within one month) give its users the ability to run more complex entanglement and connectivity experiments.

IBM Q

It was back in March 2017 that IBM announced that it was about to offer a service called IBM Q that would be the first time that a universal quantum computer had been commercially available, giving access to (and use of) a powerful, universal quantum computer, via the cloud.

Since then, a fleet composed of five 20-qubit systems, one 14-qubit system, and four 5-qubit systems have been made available, and since 2016 IBM says that a global community of users have run more than 14 million experiments on their quantum computers through the cloud, leading to the publishing of more than 200 scientific papers.

Who?

Although most uses of quantum computers have been for isolated lab experiments, IBM is keen to make quantum computing widely available in the cloud to tens of thousands of users, thereby empowering what it calls “an emerging quantum community of educators, researchers, and software developers that share a passion for revolutionising computing”.

Why?

The hope is that by making quantum computing more widely available, it could lead to greater innovation, more scientific discoveries e.g. new medicines and materials, improvements in the optimisation of supply chains, and even better ways to model financial data leading to better investments which could have an important and positive knock-on effect in businesses and economies.

Partners

Some of the partners and clients that IBM says it has already worked with its quantum computers include:

  • J.P. Morgan Chase for ‘Option Pricing’ – a way to price financial options and portfolios. The method devised using the quantum computer has speeded things up dramatically so that financial analysts can now perform option pricing and risk analysis in near real-time.
  • Mitsubishi Chemical, Keio University and IBM, on a simulation related to reactions in lithium-air batteries which could lead to making more efficient batteries for mobile devices or automotive vehicles.

Quantum Risk?

Back in November 2018, however, security architect for Benelux at IBM, Christiane Peters, warned of the possible threat of commercially available quantum computers being used by criminals to try and crack encrypted business data.

As far back as 2015 in the US, the National Security Agency (NSA) warned that progress in quantum computing was at such a point that organisations should deploy encryption algorithms that can withstand such attacks from quantum computers.

The encryption algorithms that can stand up to attacks from quantum computers are known by several names including post-quantum cryptography / quantum-proof cryptography, and quantum-safe / quantum-resistant cryptographic (usually public-key) algorithms.

What Does This Mean For Your Business?

The ability to use a commercially available quantum computer via the cloud will give businesses and organisations an unprecedented opportunity to solve many of their most complex problems, develop new and innovative potentially industry-leading products and services and perhaps discover new, hitherto unthought-of business opportunities, all without needed to invest in hitherto prohibitively expensive hardware themselves. The 14 hugely powerful systems now available to the wider computing and business community could offer the chance to develop products that could provide a real competitive advantage in a much shorter amount of time and at much less cost than traditional computer architecture and R&D practices previously allowed.

As with AI, just as new technologies and innovative services can be used for good, their availability could also mean that in the wrong hands they could be used to pose a new threat that’s very difficult for most business to defend against. Quantum computing service providers, such as IBM, need to ensure that the relevant checks, monitoring and safeguards are in place to protect the wider business community and economy against a potentially new and powerful threat.

Less Than Half of Small Businesses Ready For No-Deal Brexit

Research from techUK shows that less than half of small UK businesses consider themselves to be ready to face a no-deal Brexit on 31 October, whereas 87% of larger businesses think they are prepared.

Small and Medium

The techUK research shows that only 43% of UK small businesses think they are ready for the prospect of a no-deal Brexit, which is not too different to the mere 50% of medium-sized companies that expressed readiness.

Not Up To Date With Government Guidance

The survey revealed that although most enterprises are aware that the government has given guidance on getting ready for a no-deal Brexit, only 30% of small businesses and 33% of medium-sized businesses regard themselves as being up to date with that guidance.

Popular Concerns

In addition to the impact on the UK economy, some of the popular concerns that many businesses have about a no-deal Brexit include how they stand in terms of regulatory and any extra regulatory barriers that may hinder trade compliance, and difficulty in finding staff after an end to freedom of movement (there is already a tech skills shortage and tech ‘brain drain’).  Also, businesses are clearly worried about post-Brexit relationships with suppliers, whether contracts will need to be updated, and whether they will have enough of the right raw materials and parts to keep production running smoothly and meet their customer demands while keeping their costs and prices down.

Data Protection Guidance For Brexit

As far as being prepared to stay compliant with data protection laws, the ICO has recently stated that if a UK business or organisation already complies with the GDPR and has no contacts or customers in the EEA, that business or organisation doesn’t need to do much more to prepare for data protection compliance after Brexit.

The latest guidance for businesses facing a no-deal Brexit can be found on the website here: https://ico.org.uk/for-organisations/data-protection-and-brexit/data-protection-and-brexit-for-small-organisations/

What Does This Mean For Your Business?

It doesn’t take a study to find out that there is still a great deal of uncertainty about trading post-Brexit, particularly after the impact of a no-deal Brexit. As the businesses in the study indicated, many are aware that there is guidance available from government sources and that SMEs don’t appear to be up to date with that guidance.  It is good, at least, that the ICO has issued clear, easily accessible guidance on its website to help companies prepare to remain GDPR compliant after Brexit. Other Brexit guidance for small businesses can be found on the FSB website here https://www.fsb.org.uk/standing-up-for-you/brexit/resources  and on the main UK government website here https://www.gov.uk/find-eu-exit-guidance-business.

Tech Tip – Telegram

Telegram describes itself as the fastest messaging app on the market, and uses a unique, distributed network of data centres around the globe so that’s it’s not only a simple, fast, secure messaging service that’s synced across all your devices, but also has added features and an ease of operation that many prefer to WhatsApp.

Everything on Telegram (chats, groups, media, etc.) is encrypted using a combination of 256-bit symmetric AES encryption.  Also, the app has a clean interface, there are no adverts, and Telegram offers powerful photo and video editing tools.

Telegram is available on the Google Play Store and Apple’s App Store.

Your Latest IT News Update

Autonomous AI Cyber Weapons Inevitable Says Security Research Expert

Speaking at a recent CloudSec event in London, Trend Micro’s vice-president of security research, Rik Ferguson said that AI cyberattacks operated autonomously are an inevitable threat that security professionals must adapt to tackling.

<More>

AI Destined For McDonald’s Drive-Throughs

The acquisition of AI voice recognition start-up Apprente by the McDonalds franchise gives the restaurant chain its own Silicon Valley technology division and promises an automated ordering system for drive-throughs, self-order interfaces and the mobile app.

<More>

Major Workforce Changes Over The Next Five Years

A new global Forrester Consulting study predicts major changes in their service workforce over the next five years, including replacing call centre and customer service centre staff with automated dispatch notification.

<More>

Joker Malware Found In 24 Apps In Google Play Store

Security researcher Aleksejs Kuprins of CSIS cybersecurity services company has discovered 24 apps which have been available for download in the Google Play Store that contain ‘Joker’ malware.

<More>

France Says ‘Non’ To Facebook’s Libra Cryptocurrency

France’s finance minister, Bruno Le Maire has said that the development of Facebook’s new Libra cryptocurrency will be blocked in Europe unless concerns over risks to consumers and to the monetary systems of countries can be addressed.

<More>

Tech Tip – Canva

If you’d like a free, graphic design app that can help you to improve your business and social media communications then Canva may be the app for you.

<More>

Autonomous AI Cyber Weapons Inevitable Says Security Research Expert

Speaking at a recent CloudSec event in London, Trend Micro’s vice-president of security research, Rik Ferguson said that AI cyberattacks operated autonomously are an inevitable threat that security professionals must adapt to tackling.

If Leveraged By Cybercriminals

Mr Ferguson said that when cybercriminals manage to leverage the power of AI, organisations may find themselves experiencing attacks that happen very quickly, contain malicious code, and can even adapt themselves to target specific people in an organisation e.g. impersonating senior company personnel in order to get payments authorised, pretending to be a penetration testing tool, or finding ways to motivate targeted persons to fall victim to a phishing scam.

AI Vs AI

Mr Ferguson suggested that the inevitability of cybercriminals developing autonomous AI-driven attack weapons means that it may be time to be thinking in a world of AI versus AI.

Example of Attack

One close example given by Ferguson is the Emojet Trojan.  This malware, which obtains financial information by injecting computer code into the networking stack of an infected Microsoft Windows computer, was introduced 5 years ago but has managed to adapt and cover its tracks even though it is not even AI-driven.

AI Launching Own Attacks Without Human Intervention

Theresa Payton, who was the first women to be a White House CIO (under president George W Bush) and is now CEO of security consultancy Fortalice, has been reported as saying that the advent of genuine AI has posed serious questions, that the cybersecurity industry is falling behind, and that we may even be facing a situation where AI will be able to launch its own attacks without human intervention.

Challenge

One challenge to responding effectively to AI cyber-attacks is likely to be that cybersecurity and law enforcement agencies must move at the speed of law, particularly where procedures must be followed to request help from and arrange coordination between foreign agencies.  The speed of the law, unfortunately, is likely to be much slower than the speed of an AI-powered attack.

What Does This Mean For Your Business?

It is a good thing for all businesses that the cybersecurity industry recognises the inevitability of AI-powered attacks, and although it fears that it risks falling behind, it is talking about the issue, taking it seriously, and looking at ways in which it needs to change in order to respond.

Adopting AI Vs AI thinking now may be a sensible way to help security professionals, and those in charge of national security to focus thinking and resources on finding ways to innovate and create their own AI-based detection and defensive systems and tools, and the necessary strategies and alliances in readiness for a new kind of attack.

AI Destined For McDonald’s Drive-Throughs

The acquisition of AI voice recognition start-up Apprente by the McDonalds franchise gives the restaurant chain its own Silicon Valley technology division and promises an automated ordering system for drive-throughs, self-order interfaces and the mobile app.

Apprente

Apprente is a Silicon Valley-based start-up (founded 2017, Mountain View, California) that specialises in making customer service chatbots.  Its acquisition by McDonald’s gives the restaurant chain its own AI-powered voice-based conversational system that can handle human-level interactions, thereby helping improve the speed and accuracy of orders.

It is thought that the Apprente system will not completely replace the traditional front of house staff, but may be used in mobile ordering or kiosks i.e. added to drive-through kiosks or sited nearby (and added to the mobile app) so that that food can be ordered by the customer’s voice, and transcripts of the order can be given to staff to ensure that the order is correct.  The transcript may also be presented or read to the customer when they pick the order up minutes later.  The technology may, therefore, provide time-saving, accuracy, and convenience benefits to both customers and staff.

Why?

There are a few key reasons why McDonald’s has gone down the tech route with its order taking.  These include:

  1. Competition from home delivery companies.
  2. 70 per cent of the company’s orders come through its drive-throughs but some reports show that McDonald’s may be relatively slow in getting its drive-through food orders out.  For example, a recent report (Oches’ 2019) shows that while the average wait in a Burger King drive-through is over 193 seconds, the waiting time in McDonald’s is considerably longer at 273 seconds.  McDonald’s ranked the tenth and slowest fast-food company in that report, but the addition of the voice-based conversational system could help speed things up.
  3. To give McDonald’s a technology development centre, the McD Tech Labs in Silicon Valley so that the restaurant chain can keep adding value through new technology and stay ahead in the market.

Other Acquisitions

McDonald’s has also recently acquired customer services personalisation company and AI start-up ‘Dynamic Yield’. With this deal, worth more than £240 million, McDonald’s can use the decision-logic technology to create drive-through menus tailored to its customers based on the time of the day, trends, previous choices and other factors.

What Does This Mean For Your Business?

For customers, the deployment of the new voice-recognition technology in addition to the Dynamic Yield (already deployed in 8,000 US drive-throughs) should make ordering food a faster and better experience.

For McDonald’s, the addition of the new technology and of a tech base in Silicon Valley to develop more of the same should help it to compete in a market that’s getting busier with companies that are using technology to reach customers and satisfy the same need for fast gratification.  The value-adding technology (combined with the fact that McDonald’s have a restaurant in most towns with a standardised and trusted product and brand) means that McDonald’s is taking steps to ensure that it stays ahead in a future where technology is an important competitive advantage in fast food delivery.   The new technology may also help McDonald’s address its current need to get orders ready more quickly and accurately while adding a novelty factor, talking point, and perceived advantage among customers.