Author: Andy Miller

Smart Botnet Detection Needed

For businesses to maintain an effective cyber defence, the ability to prevent, detect and stop smart botnets in real-time is now an important consideration.

What Is A Botnet?

A botnet is a term for multiple malicious mini-programs working together to take over large numbers of computers and digital devices for different purposes e.g. stealing data and / or launching attacks, or in the case of DDoS attacks, shutting down servers (and the websites on them) by bombarding them with requests (a flood).  Botnets also sap electricity and computing power as they work.

How Big Is The Problem?

According to DDoS protection provider Link11, DDoS attacks (launched using botnets) on e-commerce providers showed an increase of more than 70% on Black Friday compared with other days in November this year, and Cyber Monday attacks showed a massive increase of 109% compared with the November average. Botnets have also shown a move towards the Internet of Things (IoT).

Last year saw a huge growth in the use of botnets.  For example, Spamhaus figures showed that the number of command and control (C&C) servers used for managing IoT botnets more than doubled, going from 393 in 2016 to 943 in 2017.

The increase in the use of botnets has been driven by factors such as the availability to cyber criminals of very cheap and easy to operate rent-a-botnet services booter or stresser botnet services, and the proliferation of IoT device with sub-standard security that can be used in attacks. Cyber criminals also use various amplification techniques to increase the impact of their attacks.

Characteristics Of Botnets

The characteristics of botnets and how they are made can provide the key to detecting them and preventing them. For example:

  • Some have a long ‘dwell time’ (the time the malicious program sits on a device before it’s activated), and they need to communicate to work. Communication often involves the use of command and control servers. Disconnecting communications between bots and their botnet command and control servers has, therefore, been a way of stopping them.  New smart bots, which create peer-to-peer networks, can be more difficult to stop.
  • Botnets use processing power.  If suspicious processes that take up a lot of memory are spotted, and / or if devices appear to slow down, this can be an indicator that the device has been compromised and a botnet is awake and active.

Turned To Crypto-Mining

A recent security bulletin from Kaspersky Labs states that botnets are now increasingly being used to distribute illicit crypto-mining software, and that the number of unique users attacked by crypto-miners grew significantly in the first three months of 2018. The malware used for mining is designed to secretly reallocate an infected machine’s processing power to mine cryptocurrencies, with all the proceeds going to the attacker.

What Does This Mean For Your Business?

With cyber-crime, prevention is better than cure, and being able to detect signs of attacks early is vitally important. Security commentators suggest a focus on security measures that prevent initial infection and lock-down unnecessary trust permissions. Businesses may also benefit from using security technologies that can detect, alert or block botnet activity in real-time, and by continually analysing network traffic and local system logs.

Inspecting devices and checking for any suspicious processes that appear to be taking up taking up a lot of memory may also be a way to detect botnets that have already slipped through the net and are active.

Rumours That ‘Microsoft 365’ Package Is On The Way

There have been rumours among some IT commentators that Microsoft may soon be offering a single subscription-based, Windows 10-style service named ‘Microsoft 365’ that offers home ‘power users’ a combo of its popular software including the operating system, MS Office, Skype, and even OneDrive.

Office 365

Currently, home Microsoft users can sign-up to Office 365 that includes everything except Windows 10.  The ‘Microsoft 365’ service would, therefore, offer them a kind of mini enterprise version of Microsoft products for a single payment.

Why?

It is thought that this kind of service could put Microsoft 365 on a par with other big-brand subscription services such as Office 365, Skype, Cortana, Bing, Surface and Microsoft Education.  It is also likely that Microsoft 365 would be a more powerful and attractive replacement for Office 365.  It could also simply bring more people deeper into the Microsoft fold which could, in turn, help feed its other apps and platforms such as Android (which has replaced the Windows Mobile OS).

Also, if people commit to signing-up to one bundle of products / services with one company such as Microsoft, they may be less inclined to switch easily or to be attracted by rival services e.g. by Google or Apple, that do the same thing anyway.

Rumours?

The rumours that Microsoft 365 could become a reality appear to have been fuelled by job listings being posted referring to a Microsoft 365 Consumer Subscription product manager and Microsoft 365 Consumer Subscription senior product manager with roles that relate to developing a customer-focused subscription globally for Microsoft’s consumer services.

What Does This Mean For Your Business?

For Microsoft, this type of service could help it to bring users closer to the brand and encourage them to use its other apps and services, while gaining an advantage over big competitors such as Google. For home users, many of whom are actually small businesses or those who work on the business from home, this kind of single subscription bundle of useful and familiar services could represent real value and convenience.

Tech Tip – Find Out When You’re Visiting A Site That’s Been Hacked

If you use Google Chrome and you’d like to make sure that you know when you’re visiting a site that’s been hacked, and you’d like to set up a watch list for sites that you regularly visit, or those that store personal data, here’s a handy browser extension that could help.

The HackNotice extension for Google Chrome could help you to add another layer of security to your browsing.  To use it:

In Chrome, Google ‘hacknotice extension’.

Click on the link.

Click on the ‘Add to Chrome’ button (top right).

Follow the instructions.

Google Chrome’s ‘Incognito’ Mode Not So Incognito

Research by Internet Privacy Company DuckDuckGo is reported to have produced evidence that could show that even in Incognito mode, users of Google Chrome can still be tracked, and searches are still personalised accordingly.

Incognito Mode

Going incognito (private browsing mode) in Google Chrome means launching a separate ‘Incognito’ browser window by going to top right (the 3 stacked vertical dots icon), > New Incognito Window.  According to Google, by using this browser window Chrome won’t save your browsing history, cookies and site data, or information entered in forms, any files you download and bookmarks you create will be kept, but your activity isn’t hidden from websites you visit, your employer or school, or your internet service provider.

The DuckDuckGo Research

In the DuckDuckGo research, several volunteers were given controversial topics, such as gun control, vaccinations and immigration to search for using an Incognito browser window in Google Chrome. The searches were made both logged in to their Google accounts with Incognito Mode activated and logged out.

The Assumption

The assumption that many users may have is that being logged out of Google and using Incognito mode will keep searches totally private.

The Results

The reported results essentially showed that each person got different results.  This could indicate that Google is still able to still personalise searches in Incognito mode, which could mean that Google still has some access to searches which the user may believe are private.

The results may be seen to support the fact that even when signed out, and using Incognito / private browsing mode, websites can use IP addresses and browser fingerprinting to identify people.

Vanderbilt University Research In August

This latest DuckDuckGo research appears to support the findings of previous research from August by Vanderbilt University in Nashville (organised by Digital Content Next). This research found that if users sign into a website while using a private browsing window, the details of that login are still sent to Google, and Google could retroactively identify it from the username and other account data used during the session.  Also, the results of this research suggested that adverts served up by Google’s advertising can be linked to the cookies created both in and out of Incognito mode.

It must be said that Google reportedly described the findings of the Digital Content Next / Vanderbilt University research as misleading.

What Does This Mean For Your Business?

For Google, as a business that wants to sell and maximise revenue from targeted advertising, which is something that could be significantly improved with refined data and targeting technology, it is conceivable that it would want to collect detailed information from many sources, perhaps including that from Incognito searches.  The results of the DuckDuckGo research and previous research could be interpreted as showing that this is happening, and that Incognito mode may not be as secret as many users had imagined.  For advertisers using Google’s services, it is obviously in their interest that Google can offer highly targeted advertising services, but it is up to advertisers to decide whether they think Incognito mode search data should be a legitimate source of targeting data.

It is also worth noting that, in this case, DuckDuckGo is an Internet privacy company that has its own search engine to promote, which it describes as “the search engine that doesn’t track you”.  See https://duckduckgo.com/.

Does Your Business Take Cash?

Cashless businesses that only take contactless card payments, such as cafes and bars may be growing in number in major cities but despite their apparent convenience for their target market, they are also attracting accusations that they are discriminatory.

Cashless Bar

The BBC, for example, recently featured a story about the Crown and Anchor pub in South London which, in October, switched to fully cashless with customers only able to use debit cards, credit cards and contactless payments including Android Pay and Apple Pay.

In the case of the Crown and Anchor pub, it was reported that the decision by the parent company, London Village Inns, to make the switch to cashless was motivated by too many break-ins where the burglars were looking for cash. A positive reaction, and other cost and time-saving benefits to the change from not having to deal with (and transport) cash have meant that four of the firm’s pubs are now cashless with two more set to follow in the New Year.

Just Being Realistic?

Is it just a case of being realistic and acknowledging that we now live in a digital age where cash use is naturally in decline?

Other businesses in the UK and other countries seem to think so.  Back in September, The Boot pub in Freston near Ipswich, Suffolk switched to only accepting card or phone payments, and many bars and cafes in UK cities such as Manchester are reported to be cashless.

Travel in other countries such as Sweden and Australia can also be near cashless experiences as contactless and phone payments take over. Also, many of the ‘trendy’ New York eateries have switched to cashless, and no longer have cash registers.

Research & Stats

Research by Ikea, for example, showed that in its stores in Sweden, only 1.2 in every 1,000 people insisted on paying in cash, thereby leading to the decision that it was financially justifiable to offer them free food in the shop cafeteria instead.

The broader statistics certainly show a decline in the use of cash.  For example, UK Finance projects that in Britain cash will be used in just one fifth of all sales by 2026, and Paymentsense has reported the removal of 4,735 cash machines in the last year.

Criticism

Although there are clearly benefits for some businesses going cashless e.g. saved time, cost and hassle in dealing with cash (no cash registers and back trips), less temptation for thieves (and resulting damage to premises),  more counter space (no tills), faster transactions and turnover, plus credit card companies getting a commission for handling the payments, there are some critical voices.

What if the card payment systems suffered an outage / and or technical problems prevent payments from being taken?  Particularly in cities, this could cause considerable chaos.

Also, in New York, cashless businesses may soon face a ban with the introduction of legislation designed to protect the poor and prevent a “gentrification of the marketplace”.  It appears that cashless businesses in New York could prove to be discriminatory and exclusionary for the impoverished, homeless, under-banked, undocumented, in a city where studies have shown that nearly 12% of citizens don’t have bank accounts.

What Does This Mean For Your Business?

There’s no doubt that cashless and particularly contactless can be very convenient, fast, and beneficial for customers, business, and bank alike, when it comes to purchases of £30 and under and hence it can favour supermarkets, shops, bars and other retail and convenience outlets.

There is also a clear decline in cash itself (and ATM numbers), and an increase in the amount of debit card and contactless payments, and the use of smartphones for payments in developed economies.  We are still, however, at a point where there remains quite a lot of cash in use, and where poorer and more disadvantaged and challenged members of society, of which there are many, need to use cash and may simply not have a bank account and a card with contactless / cashless payments enabled, and therefore, may find themselves being discriminated against. Some businesses and events that deal in cash may also find it challenging and costly to convert to a cashless situation.

Cashless transactions look likely to increase in the UK, and many retail businesses may soon find themselves seriously considering whether a switch to cashless could be workable and beneficial.

02 Outage – What Happened

After last week’s major O2 4G mobile network outage which left millions of customers with no network data access has been blamed on an expired software certificate that 3rd party supplier Ericsson had installed for some customers at business-critical part of the network.

What Happened?

On Thursday last week, O2 smartphone users were unable to use their mobile phone data for 24 hours.  O2, which is owned Spanish communications company Telefonica, has the UK’s second-largest mobile network, which is part of BT, and as well as having 25 million users, it provides services for the Sky, Tesco, Giffgaff and Lycamobile networks (whose networks were also affected).  It is estimated, therefore, that the outage affected around 35 million users in the UK and other parts of Europe (and even Japan’s SoftBank).

As well as the considerable disruption and inconvenience caused to individual customers, there were knock-on disruptive effects for organisations that run connectivity services on O2’s network, including Transport for London (TfL), Shropshire Council and a number of NHS trusts. In the case of TfL, bus information display boards, part of the Countdown Systems network, stopped working at approximately 5 am. Shropshire Council reported problems with its car park payment machines, which use O2 data connections.

£Millions In Damages + Compensation Expected

The scope, severity and duration of O2’s data network outage, and the impact on the company’s reputation as well as on its users have led to reports that 02 looks likely to seek up to £100 million in damages from Ericsson.

Also, O2 has already made announcements about how it plans to compensate customers.  For example, Pay As You Go customers look set to get 10% extra when they top up their phone in the new year or 10% off when they buy data for mobile broadband devices.

Both O2 and Ericsson have apologised.  It has been reported that Telefonica’s UK chief executive Mark Evans has promised a full audit of the problem across both organisations, and Marielle Lindgren, chief executive of Ericsson UK and Ireland has said that the software that caused the issues will be decommissioned.

What Does This Mean For Your Business?

Modern businesses now rely heavily on stable and reliable broadband connections and data network services.  Any disruption to these can be very disruptive and costly to businesses with potentially disastrous consequences.  In this case, a whole day was lost, and the true cost to UK businesses  (and their customers) may be difficult to calculate. For O2 and Ericsson, the incident appears to have caused some damage to their reputations.

As several tech commentators have since pointed out, the incident has illustrated how complex IT infrastructure has become and how, despite this complexity, organisations must stay on top of matters relating to software certificates, particularly those in business-critical systems. This incident also illustrates how problems with machine identities at critical nodes can have a wide-reaching impact on business and the economy.

Some commentators have also highlighted how operators picking up more IoT traffic and the introduction of 5G could mean that businesses are likely to experience more outages of this nature in the future.  The incident with O2 may also make some businesses take another look at their mobile strategies, feel less comfortable putting all their communications through a mobile operator, and take steps to reduce their dependence on any single external point of failure.

5G Explained

Whereas most carriers use low-band spectrum or LTE, which offers great coverage area and penetration, it is getting very crowded, and peak data speeds only top out at around 100Mbps.

5G, on the other hand, offers 3 different Spectrum bands, which are:

  • Low-band spectrum or LTE.
  • Mid-band spectrum.  This gives faster coverage and better latency than low-band but isn’t as good at penetrating buildings. Mid-band spectrum will offer peak speeds up to 1Gbps.
  • High-band spectrum /  mmWave .  This spectrum can offer peak speeds up to 10 Gbps and has very low latency, although it has a low coverage area and building penetration is poor.
  • In the UK, it is likely that there will be 2 different, location-based frequencies. Sub-6GHz (gigahertz) is likely to be the first offered to users, and the (expensive) high-band spectrum / mmWave for use in densely populated areas. This could mean limitations on where an owner can use their 5G phone (when they eventually get one).

What Can We Expect From 5G?

More frequencies, faster speeds and less latency should mean big improvements in broadband (particularly commercial) and an end to slowdowns during busy times of day that have been experienced due to the overcrowding of the current limited LTE.

Also, the frequency spectrum needed for 5G is finite, and even with additional spectrum that has been auctioned to the UK’s mobile networks, more will be needed. This may mean some crowded traffic in the first wave, with things not improving until more auctions have taken place.

It is also likely that other technologies will need to be developed and trialled in order to help 5G live up to its promise. Lessons learned about 5G in other countries (e.g. China) will take time to be noted and incorporated in the UK network to help it deliver maximum benefits.

Real-Life Business / Life Applications

Anticipated ways that 5G could improve things in our lives and for businesses include:

  • Improvements to health care.  Communications and sensor networks in health care are likely to be improved, therefore, benefiting patients, doctors and other staff.
  • Improvements in the IoT as devices require fewer resources, and huge numbers of devices can connect to a single base station, making them much more efficient. IoT improvements could help with all kinds of services e.g. public services such as smart bins and smart lighting, remote healthcare services, and CCTV / surveillance services.
  • A boost to virtual and augmented reality.
  • Benefits for the growing autonomous vehicle market as 5G provides the constant, guaranteed connection that they need.
  • Advantages for companies operating delivery drone / robot services e.g. Amazon may also get a boost from reliable and powerful 5G connections.
  • The low latency of 5G offering allowing more remote device control e.g. reducing risk in hazardous environments and allowing technicians with specialized skills to control machinery from anywhere in the world.

What About 5G Phones?

For phone manufacturers, manufacturing 5G phones will be a slightly different and more complex proposition. For example:

  • 5G phones are more complex e.g. they need a more complex antenna. These mean extra production costs which are likely to be passed on (with first-wave prices) to customers. It is thought that 5G compatible phones will be priced between £450-£540, with higher prices for leading brand models e.g. Samsung, Apple and Huawei.
  • Miniaturisation of a more complex 5G phone presents challenges. The first generation of 5G phones may, therefore, be a little larger than a normal smart-phone.
  • Launching new handsets before the new network has been rolled out could simply annoy buyers and damage brand reputation, and many customers may simply delay buying a 5G anyway until they are confident that 5G is performing well and will offer them all the benefits.
  • The first 5G smart-phones will need two modems, one standalone 5G modem, and one that still works on 4G and older networks (for when 4G isn’t available).

When?

5G has taken nearly10 years to develop and although some companies may already be rolling out fixed 5G to some cities in the developed world, mobile 5G won’t start making appearances in cities around the world until later in 2019.

What Does This Mean For Your Business?

The same increased speed and lower latency of 5G that allows downloading films and games in seconds and watching them without any buffering, is also likely to provide many new and innovative opportunities, and could help provide a boost to new industries

Many different types of businesses could benefit from improved connectivity with remote workers or with salespeople in remote areas.

Also, the news from an O2 forecast is that 5G could deliver time savings that could bring £6 billion a year in productivity savings in the UK, and that 5G-enabled tools and smart items could save UK householders £450 a year in food, council and fuel bills.

We will, however, have to wait for 5G networks and services to be operating and offering all the predicted benefits, and as well as being somewhat expensive, purchasing a 5G phone may be something that many people will hold-off doing until they’re confident they’ll get the promised value from it.

Automatic Broadband Compensation Is Nigh

After Ofcom announced back in November 2017 that broadband and landline customers will automatically be able to get compensation from their providers when things go wrong without the need for a claim, it appears that an £8-per-day deal agreement has finally been reached between Openreach and five of the UK’s internet service providers.

Agreement

The voluntary agreement, which will only apply only if a fault takes longer than two days to fix, is between BT, Sky, TalkTalk, Virgin Media, and Zen. Plusnet and EE had indicated previously that they would be prepared to sign up.

This should now mean that the new automatic compensation system will, from early 2019, bring automatic compensation to consumers (home, small and medium business customers) for a total loss of fixed broadband and phone connectivity.

Although Openreach, which looks after the infrastructure, is keen to point out that it has been offering compensation for broadband failures since 2008 and would pay compensation even when others prevented it from accessing its network, it has said that it is not prepared to pay-out for measures beyond reasonable control / force majeure events e.g. flooding. Openreach also has another exclusion under its Service Level Guarantee (SLG) arrangements.

The new agreement, which was reached after more than 6 months negotiations, and is subject to a 12-month review of Cancelled Provisions, will mean £8 compensation per-day, £25 compensation if an engineer does not arrive on schedule, or cancels within 24 hours, and an offer of £5-per-day for new services not starting on.

What Happened?

The voluntary, automatic compensation agreement only came about because of a review and intervention in the broadband market by regulator Ofcom, which introduced a voluntary Code of Practice.

It was found that compensation was only paid in approximately one in seven cases (15%) where landline or broadband customers suffered slow repairs, delayed installations or missed engineer appointments. The actual amount of compensation paid in these cases was also widely recognised to be small.

Considering that BT, Sky, TalkTalk, Virgin Media and Zen Internet, collectively serve around 90% of landline and broadband customers in the UK, it was thought that an automatic compensation agreement that reflects the harm consumers suffer when things go wrong would help consumers and the industry alike as well as satisfying Ofcom.

Openreach

Openreach has been set its own set of tough Quality of Service (QoS) standards by Ofcom, but Openreach’s position of not paying out for force majeure-type events, and Ofcom expecting retail ISPs to cover those costs themselves has led to ISPs perhaps feeling that they will end up paying for Openreach’s failures.

What Does This Mean For Your Business?

For retail ISPs, although the agreement may go some way to making them improve their quality standards (which is good for customers), the regulator estimated in 2017 that such an agreement could mean that 2.6 million UK customers could receive up to £142 million per year in automated compensation payments.  This could represent a significant extra service cost to the ISPs, and hopefully one that won’t end up being passed on to customers in raised prices.

Ofcom’s research shows that nine in ten adults report going online every day and three-quarters of internet users say it is important to their daily lives. For businesses, a fast and reliable broadband connection is now vital for them to operate and compete effectively in today’s marketplace. Problems with broadband services can be very costly and frustrating for businesses, and many businesses feel that they shouldn’t have to fight for compensation on top of the problems caused by poor broadband services, and that current levels of compensation are too low, and don’t come close to reflecting the harm caused. Automatic compensation at higher levels is, therefore, good news, and it is good news that an agreement has finally reached and the (voluntary) scheme can start operating as soon as early 2019 (we hope).

The new automatic compensation scheme is particularly good news for small businesses because one-third of small and medium-sized enterprises (SMEs) choose residential landline and broadband services, and around half (49%) of SMEs don’t know if they’re entitled to compensation when service falls short (Ofcom figures).

Tech Tip – Create A Travel Itinerary in Bing

If you’re planning a trip to an exciting destination you can now create your own travel itinerary in the Bing search engine. Here’s how:

Sign up to (Microsoft Outlook) and into Bing Maps – see https://www.bing.com/maps

Click on ‘My Places’.

Select the ‘Itineraries’ tab.

Open ‘New Itinerary’.

Select the places you want to go, add the times you had in mind, and click ‘Get Started’.

You can then go through your route and add key sites and attractions with a click, get suggestions, move additions between days, get directions, and add descriptions to the attractions.

SIM Swap Scam Warning

A recent investigation by BBC TV’s Watchdog Live revealed evidence that some mobile phone shop staff are not conducting proper ID checks for replacement SIM requests, thereby enabling some customers to become victims of SIM swap scams.

What is a SIM Swap Scam?

SIM swap scams are believed to have been in existence for the last four years in one form or another.  In its current form, the SIM swap scan happens when a fraudster goes into a mobile operator’s shop and claims a false identity i.e. the identity of one of that operator’s customers.  The fraudster knows that the person they are claiming to be is a customer of that operator because of personal details that have been stolen in previous malware or cyber-attacks, and those details have been posted or sold on the dark web.

In the shop, while pretending to be that customer, the fraudster claims that their phone has been lost or stolen and asks to be issued with a replacement SIM. Once the fraudster has the replacement SIM, the victim’s SIM no longer works, and the fraudster can then access any online service that requires security codes to be sent to the phone, as well as being able to access any other of the victim’s personal details that are stored on the SIM.

In the past (London 2016), a similar version of the scam worked when fraudsters used an intercepted bank statement from the victim (or information found on social media) to call the person’s mobile operator, pass security checks, and get a blank SIM card.  The fraudsters were then able to access the unique codes sent by the victim’s bank to log into their account and transfer funds.

What Should Happen When Someone Requests a Replacement SIM?

At the moment, mobile operators should conduct i.d. checks for replacement SIMs, but it is not compulsory.  Also, the Watchdog Live investigation revealed that checks for contract customers and Pay As You Go customers may differ.  For example, O2 said that it only asks for photo ID when replacing SIMs on monthly contracts, and that Pay As You Go customers will be sent an authorisation code if someone is trying to access the number.

What Happened in Reality?

In the investigation, which involved the secret filming of Watchdog Live’s own ‘King Con’ former fraudster in multiple EE, O2, Three and Vodafone stores, EE and Three staff conducted all the necessary checks, but Vodafone blamed rogue employees for not doing so.  Also, replacement SIMs were obtained from O2 stores and the authorisation codes that the company says it sends out were not received.

What Does This Mean For Your Business?

It appears that this relatively old fraud is still very much alive and is a reminder of how valuable our personal details can be to criminals. Bearing in mind how serious this fraud can be to the victims, it is shocking that photo ID checks for replacement SIMs are not made to be compulsory for all operators in all situations.  Mobile operators could help themselves and customers by introducing compulsory measures and by making sure through training and in-built systems that all staff conduct satisfactory checks.

It is also worrying that the investigation appears to have revealed a two-tiered security system, with Pay As You Go customers afforded less protection.

In the meantime, one way that we can help ourselves is to regularly check both our phone and bank statements, and if you have a contract with e.g. O2, contact them to confirm that no replacement SIMs have been issued in your name.