Technology

Social Mapper Can Trace Your Face

Posted on by Andy Miller

Trustwave’s SpiderLabs has created a new penetration testing tool that uses facial recognition to trace your face through all your social media profiles, link your name to it, and identify which organisation you work for.

Why?

According to its (ethical) creators, Trustwave’s SpiderLabs, Social Mapper has been designed to help penetration testers (those tasked with conducting simulated attacks on a computer systems to aid security) and red teamers (ethical hackers) to save time and expand target lists in the intelligence gathering phase of creating the social media phishing scenarios that are ultimately used to test an organisation’s cyber defences.

What Does It Do?

Social Mapper is an open source intelligence tool that employs facial recognition to correlate social media profiles across a number of different sites on a large scale. The software automates the process of searching the most popular social media sites for names and pictures of individuals in order to accurately detect and group a person’s presence. The results are then compiled in a report that can be quickly viewed and understood by a human operator.

How Does It Work?

Social Mapper works in 3 phases. Firstly, it is provided with names and pictures of people. e.g. via links in a csv file, images in a folder or via people registered to a company on LinkedIn.

Secondly, in a time-consuming phase, it uses a Firefox browser to log in to social media sites and search for its targets by name. When it finds the top results, it downloads profile pictures and uses facial recognition checks to try and find a match. The social media sites it searches are LinkedIn, Facebook, Twitter, Google+, Instagram, VKontakte, Weibo, and Douban.

Finally, it generates a report of the results.

What’s The Report Used For?

The report is designed to give the user a starting point to target individuals on social media for phishing, link-sharing, and password-snooping attacks.

For example, a user can create fake social media profiles to ‘friend’ targets and send them links to credential capturing landing pages or downloadable malware, trick users into disclosing their emails and phone numbers e.g. using vouchers and offers to tempt them into phishing traps, create custom phishing campaigns for each social media site, or even to physically look at photos of employees to find access card badges or to study aspects of building interiors.

What Does This Mean For Your Business?

In the right hands, Social Mapper sounds as though it could ultimately help businesses to improve their online security because it helps to create much better quality and more realistic testing scenarios on a larger scale that could uncover loopholes and shortcomings that current testing may not be able to fund.

The worry, however, is that in the wrong hands it could be used by cyber-criminals to quickly gather information about a target business and its employees, thereby enabling potentially very effective phishing and password-snooping campaigns to be created. This detailed information could also be shared among and sold to other criminals which could mean that individuals could be subjected to a number of attacks over time through multiple channels.

The obvious hope is, therefore, that enough checks and security measures will be put in place by its creators thereby not allowing the software to fall into the wrong hands in the first place and be used by criminals against the businesses and organisations that it was designed to help.

Microsoft To Launch App-Testing Sandbox ‘InPrivate Desktop’ Feature

Posted on by Andy Miller

It has been reported that Microsoft is to launch InPrivate Desktop for a future version of Windows 10, a kind of throwaway sandbox that gives Admins a secure way to operate one-time tests of any untrusted apps / software.

Like A Virtual Machine

Although the new feature is still a bit hush-hush, and has actually been removed from the Windows 10 Insider programme, it is believed to act like a kind of in-box, speedy VM (virtual machine) that is then refreshed to use again after it has been used on a particular App.

Why?

The reason for the new feature in the broader sense , is that it fits with moves announced by Microsoft last June 2017 to introduce next-generation security features to Windows 10.

ATP & WDAG

Back in June 2017, Microsoft specifically mentioned the integration of Windows Defender Advanced Threat Protection (ATP) as one of the next-generation security measures. ATP, for example, was designed to isolate and contain the threat if a user on a corporate network accidentally downloaded malicious software via their browser.

A security feature that some commentators have likened InPrivate Desktop to, that was also specifically mentioned last June, was Windows Defender Application Guard (WDAG). Interestingly, WDAG isolates potential malware and exploits downloaded via a users’ browser and contains the threat using virtualisation-based security.

Spec Needed For InPrivate Desktop

Although the exact details of InPrivate Desktop are sketchy, we know that it is likely to be aimed at enterprises rather than individual users and that, as such, it is likely to need a reasonable spec to operate. It has been reported that in order to run the new feature / app at least 4GB of RAM, at least 5GB of free disk space, and two CPU cores will be needed.

When?

There is also still some speculation as to exactly when the InPrivate Desktop feature will make it to Windows 10. Some commentators have noted that it may not make it into Windows 10 ‘Redstone 5’, and looks likely to be rolled-out in a subsequent Windows 10 update which has been codenamed 19H1.

What Does This Mean For Your Business?

With support stopping for previous versions of Windows, and with all of us being forced into using Windows 10’s SaaS model, it makes sense that Microsoft adds more features to protect users, particularly businesses.

Adding malicious code to apps has been a method increasingly used by cyber-criminals to sneak under the radar, and having a secure space to test and isolate dubious / suspect apps will give Admins an extra tool to protect their organisation from evolving cyber-threats. It is extra-convenient that the testing feature / app sandbox will already be built-in to Windows 10.

IBM Makes Test Version of New Stealth AI Malware ‘DeepLocker’

Posted on by Andy Miller

IBM has announced that it has created its own stealth, ultra-evasive AI malware called ‘DeepLocker’ that can evade all traditional cyber-security protection, hide in normal applications, and only strike when it is sure it has reached its intended target.

Why?

Cyber-criminals are becoming ever-more sophisticated in their methods, and the resources available to them have increased e.g. as hackers have also worked in state-sponsored activities. Also, the world of Artificial Intelligence (AI) has come along leaps and bounds in recent years, and the fear is that cyber criminals could soon be deploying their own AI-powered malware. IBM has, therefore decided to create its own version in order to see how it works and behaves, and thereby gain valuable information which could help it to reduce risks, and find ways counter such attacks.

DeepLocker

One of the things that makes DeepLocker so different to other malware that tends to take a scattergun approach to infection is that it can hide itself and its intent until it reaches a specific target.

This is down to DeepLocker using deep neural network (DNN) AI model, a sophisticated computer system modelled on the human brain and nervous system. This DNN provides a kind of ‘black box’ that totally conceals the “trigger conditions”, and makes attack almost impossible to decipher and reverse engineer. DeepLocker’s AI can, therefore, even convert its own concealed trigger condition (which has been transformed into a deep convolutional network), into a “password” or “key” to unlock its own attack payload when it identifies its victim. In this sense, it contains three layers of attack concealment.

Hides & Identifies

According to IBM, DeepLocker can hide itself completely in normal ‘carrier’ applications such as video conference software. This enables it to fly completely under the radar and avoid detection by most antivirus and malware scanners. It also allows it to be spread widely and without providing any clues that there is a threat.

What Does This Mean For Your Business?

Malware attacks have cost businesses, organisations and whole economies vast amounts of money and untold disruption and problems in recent times. Evasive malware has been evolving for many years now as cyber-criminals try to find their way around better security measures and more sophisticated sandboxes. AI attacks using ultra-evasive, stealth methods of the nature of DeepLocker represent the next frightening wave of attack that organisations and businesses will have to face. It is a good thing, therefore, that IBM has tried to take the initiative and gain a march on cybe- criminals who will undoubtedly seek to weaponise AI, by creating its own version in order to learn lessons in advance that could provide at least some level of protection and recommendations for counter-measures.

Online “Pay-To-Watch” Now In Lead

Posted on by Andy Miller

The latest Office for National Statistics’ annual Internet Access and Use report has revealed that there has been a big rise in the number of people using commercial video streaming services.

Video Streaming Popular

The report shows a big jump from 29% of those watching online video-on-demand from commercial services in 2016 to 46% in 2018. The figures for 2018 refer to data collected in the January, February and April 2018 modules of the Opinions and Lifestyle Survey (OPN) conducted by the ONS.

The popular video-on-demand services referred to in the report include Netflix, Now TV, and Amazon Prime.

More Subscriptions To Online Video Steaming Than ‘Traditional’ TV

This supports Ofcom’s recent Media Nations report, which has replaced the PSB Annual Report and Digital Radio Report (and is based on BARB Establishment Survey data.), which shows that more people now subscribe to Netflix, Amazon and NOW TV than there to ‘traditional’ pay-TV services e.g. Sky, BT and Virgin.

The report showed that pay-TV subscriptions in the UK totalled 15.1 million, while the leading three on-demand video services totalled 15.4 million.

The Ofcom data showed that 39% of UK households (11.1m) have at least one on-demand streaming service subscription, and although Amazon Prime Video has a slightly larger year-on-year growth rate than Netflix, Netflix is the most popular subscription video-on-demand service, with subscriptions nearly doubling that of its closest rival – 9.1 million UK households Q1 2018.

Why?

The huge growth of popular video-on-demand services is the result of a number of factors including the fact that more than 80% of UK homes have a fixed broadband connection (90% of UK homes have some kind internet access), and 58% of these connections are considered to be superfast (30Mbit/s or higher download speeds), and that there has been a big rise in the number of people owning / using smart TVs and streaming dongles / boxes.

YouTube Popular Too

Google’s video social network platform YouTube has also seen a big rise in the number of people using the service – 62% in 2018, up from 47%.

Older People Using The Services

It appears that another reason for the rise in popularity of on-demand video-streaming services is that older people are now signing up. This is reflected, for example, in the fact that services such as Netflix are commissioning original shows pitched at more mature audiences.

What Does This Mean For Your Business?

Products / services that can be distributed via the Internet e.g. films and TV shows have almost inevitably increased in popularity at a time when most households have a broadband connection and when most people have a smartphone.

As consumers who are used to more choice and the ability to access more personalised offerings and experiences from businesses in a growing subscription economy, and who may have become used to ‘traditional’ pay-TV services, it is just a short jump to the greater choice and convenience of on-demand video services such as Netflix and Amazon. Just as more older people are populating social media platforms such as Facebook, older audiences are also now more used to technology and are finding it easier and beneficial to switch to video-on-demand from commercial services.

This increase in the popularity of such services means that the market for them is set to become more crowded (which is often good news for the consumer) as other players try to take advantage of the consumer viewing trends. For example, Sky is reported to be about to make all its content available online; Apple is expected to launch a TV subscription service soon;, and Disney may also soon be expanding the content available via its DisneyLife app.

Apple Wins Trillion Dollar Company Race

Posted on by Andy Miller

The latest figures from Apple appear to show that it has beaten tech giants like Amazon in the race to become the world’s first trillion dollar company.

‘Alarmingly Healthy’ Finances

It has been reported that Apple’s finance chief, Luca Maestri has described Apple’s current financial state as being “alarmingly healthy” after a net profit of a staggering $48.5 billion in was made in 2017, with $285 billion of cash reserves.

Reaching The Trillion Mark

The Trillion dollar valuation was reached thanks to a jump in Apple’s share price last Thursday that was driven by quarterly financial results that were better than Wall Street had expected for the US company that was founded back in 1976.

The Figures

Record sales of $53.3bn, coupled with $11.5bn profits in 3 months boosted confidence and share value in the tech behemoth to the point where the value of Apple jumped from $935bn to $1tn.

To give some context to this figure, Apple’s $1tn market value is larger than the economies of Turkey and Switzerland, and more than a third the size of the UK economy!

Great Products

Apple’s 42 year rise to mega-value has been fuelled by some great, highly differentiated, popular, and profitable products such as the Macintosh, the iPod and the iPhone – although the iPhone hasn’t always met sales expectations.

Not PetroChina Then?

No. Contrary to reports that energy company PetroChina hit the magic $1tn valuation back in 2007, it has since been revealed that only 2% of the company was released for public trading, and the resulting value claim is, therefore, widely regarded as being unreliable.

Delighted…Understandably

Apple’s CEO, Tim Cook, is reported as expressing his delight at the news of the record-breaking value of the company, and attributed the recent good financial results to strong sales of the iPhone, as well as Services and Wearables.

What Does This Mean For Your Company?

While it’s interesting (and perhaps not unexpected) and inspirational to hear of the incredible financial milestone that Apple has reached, and its true that Apple sometimes has a fan-like following for its innovative, differentiated, and aesthetically pleasing personal gadgets, the wealth of another tech giant is a world away from the daily business reality that many face in the UK, particularly with the uncertainty of Brexit on the horizon.

Some critics may also say that its relatively small tax contributions in some overseas markets e.g. Ireland (where it was ordered to pay €13bn in back taxes) have contributed to its profitability. Also, another blot on Apple’s copy-book in the name of cost-cutting has been the revelations over poor working conditions in Chinese factories where Apple iPhones are manufactured dating back as far as 2009.

Amazon has been seen by many commentators as being locked in battle with Apple to reach the $1tn mark, and will no doubt be disappointed at missing-out on being the first to cross this lucrative finishing line.

Amazon Pays Less Tax In UK While Profits Rise

Posted on by Andy Miller

The latest figures show that even though Amazon’s profits trebled last year, their UK tax bill has significantly reduced.

How Much?

Amazon’s reported pre-tax profits have jumped from £24.3m to £72.3m with the company making £1.98bn in sales revenue. Where their tax bill and contributions are concerned however, the bill is down from £7.4m a year ago to just £4.6m, and their warehouse “fulfilment centres” division (Amazon UK Services) has been able to defer £2.9m, meaning that £1.7m in tax is the contribution being paid for now.

Also, Amazon Web Services UK has paid £155,000, down from £404,000 last year, even though profits there have nearly doubled from £2.7m to £5m.

Why?

Share-based payments for staff is the main reason offered by Amazon for its low tax bill during a profits boom. For example, Amazon employs more than two-thirds of its 27,000-strong UK workforce, and it has been reported that full-time warehouse staff have, on average, received shares worth more than £1,000 a year. AWS is reported to have given its staff share awards worth £11.8m (compared to shares worth £5.8m two years ago).

A rising Amazon share price has resulted in the selling of many of these shares on the open stock market. Since the tax bill is based on the sale price for company and individual, this has contributed to a lower tax bill.

Some commentators have also pointed out that Amazon basing its European operations in Luxembourg has also offered some significant tax-haven opportunities.

Based On Profits Not Revenues

Despite some anger in the UK over what looks like a relatively small tax liability for a company that appears to be doing so well here, Amazon has reportedly defended itself by saying that tax is based on profits, not revenues, and profits have remained low due to a competitive retail market, Amazon’s low-margin business, and its continued heavy investment.

Reform Calls – Public Contracts

Some commentators have also been critical and called for reform over Amazon’s payments for public contracts. For example, it has been reported that Amazon was paid more for online storage services by the Government over the first 3 months of this year than its biggest UK arm was taxed last year, despite Amazon not being made to reveal the details of their tax arrangements.

What Does This Mean For Your Business?

It is a source of great annoyance to many UK businesses that receive and pay significant tax bills, that an overseas tech giant company can appear to make big profits in the UK and yet only be required to pay what appears to be a relatively small amount of tax. It has echoes of Facebook’s UK operations last year paying only £5.1m in corporation tax, despite a profits jump and a quadrupling of revenue, thanks to advertising sales.

Whilst some are calling for reform, and some anger has been publicly expressed, some commentators have pointed to a fear of losing big companies this close to Brexit as a reason why we may not expect HM government to come down too hard on Amazon and other tech giants for the time being.

Adults To Get Same Online Protection As Kids Says Government

Posted on by Andy Miller

The UK government has announced that, in a move to reinforce digital safety for everyone across the country, it will be expanding the scope of the UK Council for Child Internet Safety (UKCCIS) to cover the adult population too.

What Is The UKCCIS?

Formed in 2008, the UKCCIS is now made up of more than 200 organisations drawn from across government, industry, law, academia and charity sectors that have been working in partnership to help keep children safe online. It has been doing this by running an array of campaigns and forwarding policy proposals that aim to improve the online safety and welfare for children in UK schools and colleges.

Some of the help it gives includes providing advice for dealing with ‘sexting’, proposals for the default filtering of online pornography (2012), tackling race and faith targeted bullying, as well as creating a guide for providers of social media and interactive services with examples of good practice, and creating a guide for parents and carers whose children are using social media.

Scope Widened – Same Protection For All

The plans to expand the UKCCIS were announced in the government’s Internet Safety Strategy green paper in October 2017.

The newly proposed widening of the scope of the activities of the UKCCIS with a view to protecting adults as well as children will enable it to focus on tackling issue like cyber-bullying and sexual exploitation, the spread of radicalism and extremism across the internet, mitigating violence against girls and women, hate crime and hate speech, and any online discrimination that contravenes the Equality Act 2010.

Collaborative Approach

It is thought that a collaborative approach among the expanded number of organisations in UKCCIS and the bringing together key stakeholders, from the tech giants to the third sector, coupled with the wider scope of the population should help to bring about a safer online environment for all.

Board Member Applications Invited

The UKCCIS website is currently inviting applications for its Executive Board, a new collaborative forum through which government, the tech community, and the third sector plan to work together to ensure the UK is the safest place in the world to be online. The deadline for applications is 3rd September, and the information and links to the application forms can be found here: https://www.gov.uk/government/groups/uk-council-for-child-internet-safety-ukccis

What Does This Mean For Your Business?

All parents, whether they are business owners or not, would undoubtedly prefer to see the Internet as we know it in the UK, made a much safer place for young people to explore and use. This means that someone / something needs to take responsibility for helping to tackle the risks, and a government-led collaboration of hundreds of organisations seems to be as good a way forward as any at the current time.

With the evolving nature of cyber threats and the fact that all age groups are affected by a variety of unpleasant and criminal activity online, it makes sense that the scope of the UKCIS should be expanded to help adults too.

The Internet is a place to trade as well as to learn, communicate and interact, and a safer Internet for all can only be good news for businesses.

Departing CEOs Steal Intellectual Property Says Report

Posted on by Andy Miller

A new report by Code42 that surveyed 1,634 senior company employees in the UK, US and Germany, has found that most CEOs take what they regard to be their Intellectual property (IP) with them when they leave a company.

It Belongs To Me

The Code42’s 2018 Data Exposure Report appears to show what amounts to an admission of theft on a large scale by departing CEOs, with 72% admitting to taking IP with them from previous employers upon joining a new organisation.

The figures from the survey show that the justification for taking the IP with them is a belief that the ideas are their property. For example, 79% of those CEOs surveyed said that they believe their work and ideas simply belonged to them.

My Time Went Into It

Far from thinking that they were on the company’s time (and pay), the report appears to show that most CEOs believe that their reason for their belief in their ownership of IP comes from a belief that the IP was developed on their time. For example, 59% agreed that their time, not the company’s, went into the end product, and just under half said that they actually felt that they had imparted a bit of themselves into their ideas.

Emotional Threat

The kinds of responses given by the CEOs in the survey appear to indicate, therefore, that emotionally-driven decisions at the highest level can pose a threat to a company’s overall security.

Stored On Personal Device

Even though many employees may be subject to a policy of not storing company information on personal devices, memory sticks etc because of the potential security risk it poses to the company, it seems that most CEOs don’t see themselves as a risk in this way. For example, 93% of CEOs have admitted to keeping copies of their work beyond the remit of their company’s security network e.g. on a personal device or personal cloud storage. 68% of them even agreed that there was a risk to the company in doing so, which indicates that they saw themselves as an exception to a known risk.

Disconnect From Reality

The survey and report highlighted another apparent disconnect from reality as 82% of business leaders appear to believe that IT can protect information it cannot see.

What Does This Mean For Your Business?

The worrying irony of this report is that while most businesses see threats to their IT and data security as most likely to come from hackers, viruses, employee error and even the actions of disgruntled former employees when, in fact, one of the biggest threats to a company may come from the top.

CEOs are likely to be those who hold all the secrets to a company’s competitive advantage, as well as its financial situation, future strategies, skeletons in closets, and most valuable business relationships, and yet they may see themselves as being above the normal security policies and rules. For all the money, time and effort that a company puts into increasing its cyber resilience, one weak link could be the mistaken attitudes and beliefs of the CEO.

Unfortunately, the authority of CEOs can’t generally be challenged from those further down the company hierarchy, and their behaviour and IT practices may not be monitored and controlled in the same way, thereby meaning that they risky behaviour goes unchallenged, and allows them to steal IP in the way they have admitted in the survey.

Part of the value of this kind of survey to businesses is, therefore, to help show emotional forces can drive risky behaviour, and in helping to expose possible ‘disconnects’ within an organisation that can create data security vulnerabilities.

AI, ML & ‘Robot’ Business Spending Will Hit $232bn by 2025 Says Report

Posted on by Andy Miller

A recent KPMG reports claims that whereas business spending on artificial intelligence (AI), machine learning(ML) and robotic process automation (RPA) technologies is $12.4bn this year, it will increase to $232bn in 2025.

Ready, Set, Fail?

The report, entitled “Ready, set, fail? Avoiding setbacks in the intelligent automation race” highlights how the potential of AI technology is already being examined by 37% of enterprises, and how its uptake is expected to accelerate over the next three years, with all enterprises using the technology to some extent, 49% of enterprises using it at scale, and 29% using it selectively. Currently, 13% of enterprises are missing out altogether on the opportunity of using AI to add value to their business.

Can’t All Be Like Leading ‘Digital First’ Companies

The report accepts that while most businesses can’t realistically expect to be leading ‘digital first’ companies, such as Amazon with its one-click experience linked to a complex back-end and digital supply chain, they can make good ground from now on by acting quickly, understanding the need for urgency, and defining and executing a comprehensive AI strategy.

What Is Digital First?

A ‘digital first’ / digital by default approach involves giving priority to new media channels and technologies to improve the business by bringing it into line with the needs and behaviours of today’s consumers. It involves adopting a whole new way of looking at the business in order to add the skills, and to change to culture and mindset in order to make it more effective.

What Is Robotic Process Automation (RPA)?

While many of us are now familiar with the terms artificial intelligence (AI), and machine learning (ML), the report also focuses on ‘robotic process automation’ (RPA). This refers to an emerging form of business process automation technology that uses software robots or artificial intelligence (AI) workers.

Instead of software developers producing a list of actions to automate a task and interface to the back-end system using internal application programming interfaces (APIs) or dedicated scripting language, RPA systems develop the action list by watching the user perform that task in the application’s graphical user interface (GUI), and then they perform the automation by repeating those tasks directly in the GUI.

Expectations High But Readiness Low

The KMPG report shows that even though managers’ expectations are high for AI use in their company in the coming years, the readiness to implement AI is low. The reasons for this include the fact that two-thirds of enterprises lack the in-house talent, and half of businesses are still struggling to define goals and objectives for AI.

Also, the 33% of respondents in KPMG’s study said that management are lacking readiness to implement AI because of a concern over AI’s impact on employees.

Investment Available

According to the report, even though readiness is low, the investment needed for intelligent automation is available, and is expected to increase over the next 3 years, with 32% of organisations having approved more funding for robotic process automation, and 40% saying that they will increase spending on artificial intelligence by at least 20% over the next three years.

What Does This Mean For Your Business?

Artificial Intelligence holds many opportunities for businesses, and those businesses that have moved successfully to a digital first approach appear to be reaping the benefits in terms of competitive advantage and profitability in the modern marketplace.

There are many ways in which businesses can meet high marketplace expectations for AI. These include:

– Long-term planning with a sequence of steps, beginning with prioritised projects that can realise scale in one or two years, with the help of C-level buy-in and sponsorship. This can lead to a successful transformation built on new blueprints and architectures for operating models and business models.
– Taking a comprehensive and holistic approach to automating the service delivery model.
– Taking another look at the whole operating model and how AI can be best adopted and applied to the core business. This involves looking at the operational and technology infrastructure, organisational structure and governance, and people culture. This can be supported by measurement and incentive systems, and implemented in a way that causes minimum disruption to existing business processes.

Tech Tip – Bypass Your Recycle Bin

Posted on by Andy Miller

If, in Windows, you want to stop your Recycle Bin from taking up storage on your drive, or stop anyone from recovering your erased data, there is a fast and easy way to bypass your Recycle Bin and go straight to permanent delete with unwanted files / folders. Here’s how:

– Click on the file / folder you want to delete.
– Hold down Shift before you hit the Delete key.
– Hit Delete.
– You will still get the confirmation question.