Windows Virtual Desktop Generally Available Now

Posted on by Andy Miller

Microsoft has announced that its Windows Virtual Desktop is now generally available worldwide on Azure and will include Windows 7 free Extended Security Updates for up to three years.

Windows Virtual Desktop

Windows Virtual Desktop from Microsoft, which was announced last September but has just been made generally available worldwide, is a Cloud-based ‘virtual’ version of Windows that can be accessed by employees from any device from anywhere, provides full multi-session, and is always up to date.  The Virtual Desktop has been designed with modern working practice in mind where not all employees sit in an office, use just one device or work from secure locations.

According to Microsoft, Windows Virtual Desktop is the only virtual desktop infrastructure (VDI) that can provide simplified management, multi-session Windows 10, optimizations for Office 365 ProPlus, as well as and support for Remote Desktop Services (RDS) environments.

The Virtual Desktop enables Windows desktops and apps to be deployed and scaled on Microsoft’s Azure portal in minutes, and it includes built-in security and compliance features.

Supported Transition to Windows 10

One key sweetener of the new service for those companies facing the end of support for their old Windows 7 deployments is that it offers free extended security updates for the Windows 7 virtual desktop including more support options for previous app versions while users transition to Windows 10.

Migrate

Microsoft is keen to emphasise that its Virtual Desktop can work with your current Remote Desktop Services (RDS), and can therefore easily be migrated on Azure.

Trust

Microsoft is also keen to emphasise that businesses can trust the new Windows Virtual Desktop not least because Microsoft invests more than USD $1 billion annually on cybersecurity research and development, employs 3,500+ security experts, and Azure has more compliance certifications than any other cloud provider.

What Does This Mean For Your Business?

With Virtual Desktop, Microsoft is hoping to capitalise on the fact that many businesses have workers in multiple locations with multiple devices who need to have convenient and secure access to a constantly updated version of their desktop.  Microsoft also knows that companies are getting more confident about moving more of their infrastructure to the Cloud, and want a secure, scalable ‘as-as-Service’ offering where they don’t need to worry about having the expertise in-house.

The easy migration aspect of the service and the offer of extended Windows 7 support may be of value to businesses looking to make a leveraged move forward to Windows 10 and may help Microsoft retain valuable business customers.

Worldwide Rollout of ‘Personal Vault’ OneDrive Security Features

Posted on by Andy Miller

Microsoft has announced that the ‘Personal Vault’ security features for its OneDrive storage service are now available worldwide on all OneDrive consumer accounts.

What Is Personal Vault?

Personal Vault is a protected area in OneDrive that can only be accessed with a strong authentication method or a second step of identity verification.  These methods include a fingerprint, face, PIN, or a code sent to the OneDrive user via email or SMS.

The idea of Personal Vault is to add another layer of protection to important files, photos, and videos e.g. copies of documents such as a passport, driver’s licence, or insurance information. Even though the new feature means that users must go through a verification process, Microsoft has stressed that it won’t slow users down and that they should still be able to quickly access their files on a PC, OneDrive.com or on their mobile device.

Protection Against Lost, Stolen, or Unauthorised Access

The Personal Vault security measures should mean that files are not being stored unprotected on a PC and have additional protection, even if the Windows 10 PC or mobile device is lost, stolen, or if someone gains access to it or to the user’s account.

Other Security Measures

In addition to the second layer of identity verification, Personal Vault also includes security measures such as :

  • Scan and shoot, which enables documents to be scanned or photos to be shot directly into the secure Personal Vault area rather than leaving them on a camera or unsecured device.
  • Automatic locking of the Personal Vault after a period of inactivity to protect against private files being left open accidentally.
  • BitLocker encryption on Windows 10 PCs, so that all Personal Vault files are synced to a BitLocker-encrypted area of the local hard drive.
  • Restricted sharing so that Personal Vault and shared items moved into Personal Vault can’t be shared.

Some Limitations

Personal Vault does come with some limitations. For example, users with OneDrive’s free or standalone 100GB storage plan can store up to three files in Personal Vault, and Office 365 subscribers can store as many files as they wish as long as this doesn’t exceed their normal storage limits.

What Does This Mean For Your Business?

For Microsoft Personal Vault, this is another step in its competition with its most popular competitor, Dropbox, which recently partnered with BetterCloud to help with it provide cutting-edge data protection and orchestration.

For businesses using OneDrive, these new security features should prove attractive, particularly when most businesses need safe, fast Cloud storage for mobile devices and work PCs, and need an easy, reliable and convenient way to store sensitive and personal files and data.

Police Auction Hacker’s £240,000 of Cryptocurrency

Posted on by Andy Miller

The £240,000 of cryptocurrency confiscated from a teenager who was jailed for hacking ISP TalkTalk has been auctioned by police with the proceeds going towards fighting crime.

TalkTalk Hack

Elliott Gunton, (now 19) was jailed for 20 months in August this year for hacking offences, money laundering and for the breach of a Sexual Harm Prevention Order that was issued to him in 2016 for another offence.  The hack on ISP TalkTalk took place when Gunton was 16 years old, and he is reported to have sold the stolen customer data on the dark web to other cybercriminals for £2,469 in bitcoin.

The total amount that police were able to trace that was raised by sales of the stolen data was around £275,000 worth of cryptocurrency, including Bitcoin Ripple and Ethereum.

Hidden

Mr Gunton is reported to have used sophisticated methods to hide the large amount of cryptocurrency under his control but left several key clues which led to his arrest.  These included describing himself on a Twitter account as a “full-time crypto trader”, tweeting about how he had lots of money without people knowing, and telling a police officer that he was dealing in shares and would soon be a millionaire.

Parents

Mr Gunton’s parents were also charged (at a later date) with helping their son to move some of his cryptocurrency, earned from dark web sales, out of a seized police-bitcoin wallet.

Auction First

The auction of the cryptocurrency, via Wilson’s Auctions, by the Eastern Region Special Operations Unit of the police was the first auction of its kind.  Chief Inspector Martin Peters, of the ERSOU Cyber Crime Unit, is reported as saying that the sale would be a way to instil public confidence in the police force’s method of recouping the proceeds of crime in a way that was secure, innovative and transparent.

What Does This Mean For Your Business?

We often hear reports about hacks and dark web sales of data but we rarely hear about convictions or about what happens to the proceeds of crime for those hackers who have been successfully convicted. For many businesses and individuals who have fallen victim to cybercriminals, a report of this kind may offer some kind of reassurance that something is being done, and in a productive way that puts more money into fighting crime.

For those victims of the TalkTalk hack, who may well have been targeted by cybercriminals after having their details stolen and sold by Gunton, they may well have wished for tighter security by TalkTalk in the first place and may hope that ISPs are investing enough of their own money in keeping their cyber defences up to date.

Tech Tip – How To Sign a PDF Without Printing It

Posted on by Andy Miller

If you need to sign PDFs and return them (e.g. as part of your sales or buying processes) there is a way to do it without having to go to the time and trouble of printing out the PDFs, signing them, scanning them, and then emailing the scans back.

To sign the PDF’s electronically using Adobe:

– Open Adobe Reader.

– Open the PDF file you want to sign.

– Select ‘Fill & Sign’ and use the tools to create your signature – ‘Add Text’, ‘Add Checkmark’, ‘Place Initials’, and ‘Place Signature’. Other tools there include ‘Send or Collect Signatures’ and ‘Work with Certificates’.

– Select ‘Place Signature’ and use the pop-up window to select how e.g. Select ‘Type my signature’.

– Type your signature.

– Under the Review Your Signature, choose a signature style.

– Click Accept.

This signature can now be placed anywhere you want on a PDF.

Deepfake Ransomware Threat Highlighted 

Posted on by Andy Miller

Multinational IT security company ‘Trend Micro’ has highlighted the future threat of cybercriminals making and posting or threatening to post malicious ‘deep fake’ videos online in order to cause damage to reputations and/or to extract ransoms from their target victims.

What Are Deepfake Videos?

Deep fake videos use deep learning technology and manipulated images of target individuals (found online), often celebrities, politicians, and other well-known people to create an embarrassing or scandalous video such as pornography or violent behaviour. The AI aspect of the technology means that even the facial expressions of those individuals featured in the video can be eerily accurate, and on first viewing, the videos can be very convincing.

An example of the power of deepfake videos can be seen on the Mojo top 10 (US) deep fake video compilation here: https://www.youtube.com/watch?v=-QvIX3cY4lc

Audio Too

Deepfake ‘ransomware’ can also involve using AI to manipulate audio in order to create a damaging or embarrassing recording of someone, or to mimic someone for fraud or extortion purposes.

A recent example was outlined in March this year, when a group of hackers were able to use AI software to mimic (create a deep fake) of an energy company CEO’s voice in order to successfully steal £201,000.

Little Fact-Checking

Rik Ferguson, VP of security research and Robert McArdle, director of forward-looking threat research at Trend Micro recently told delegates at Cloudsec 2019 that deepfake videos have the potential to be very effective not just because of their apparent accuracy, but also because we live in an age when few people carry out their own fact-checking.  This means that by simply uploading such a video, the damage to reputation and the public opinion of the person is done.

Scalable & Damaging

Two of the main threats of deepfake ransomware videos is that they are very flexible in terms of subject matter i.e. anyone can be targeted, from teenagers for bullying to politicians and celebrities for money, and they are a very scalable way for cybercriminals to launch potentially lucrative attacks.

Positive Use Too

It should be said that deepfakes don’t just have a negative purpose but can also be used to help filmmakers to reduce costs and speed up work, make humorous videos and advertisements, and even help in corporate training.

What Does This Mean For Your Business?

The speed at which AI is advancing has meant that deepfake videos are becoming more convincing, and more people have the resources and skills to make them.  This, coupled with the flexibility and scalability of the medium, and the fact that it is already being used for dishonest purposes means that it may soon become a real threat when used by cybercriminals e.g. to target specific business owners or members of staff.

In the wider environment, deepfake videos targeted at politicians in (state-sponsored) political campaigns could help to influence public opinion when voting which in turn could have an influence on the economic environment that businesses must operate in.

Report Says Public Cloud May Double In Just Four Years

Posted on by Andy Miller

The new cloud market report from the Synergy Research Group shows that cloud-associated markets, such as the public cloud, are growing at rates ranging from 10% to over 40% and the annual spending on the cloud may double in four years.

IaaS & PaaS Biggest Growth

Synergy’s half-yearly report shows that, across the seven key cloud service and infrastructure market segments, revenues for operator and vendors in the first half of 2019 exceeded $150 billion, which is a rise in growth of 24% from the first half of 2018.

The biggest area of growth in the cloud infrastructure sector was in the infrastructure as a service (IaaS) and platform as a service (PaaS) market segments where there was a massive 44% growth rate.  IaaS is online, virtualised computing resources over the internet, and PaaS is where a provider hosts the hardware and software on its own infrastructure with PaaS products enabling developers to build custom applications online without having to worry about data serving, storage, and management.

The Synergy report also showed growth rates of enterprise SaaS at 27%, UCaaS at 23% and hosted private cloud infrastructure services at 20%.  The report also shows that spending on cloud services is now much greater than spending on supporting data centre infrastructure.

Infrastructure Investments

In the first half of 2019, cloud service provides spent $55 billion on the hardware and software used to build cloud infrastructure (evenly split between public and private clouds).  These infrastructure investments helped cloud service providers to generate over $90 billion in revenues from their cloud infrastructure services (IaaS, PaaS, hosted private cloud services) and enterprise SaaS.

Leaders

The Synergy report shows that the leaders in the IaaS and PaaS segments in the first half of 2019 are Microsoft, Amazon/AWS, Dell EMC, Cisco, HPE and Google.  Back in February, Amazon’s Web Services (AWS) reported a massive 45% growth in the revenue of the fourth quarter, mostly fuelled by big profits in its public cloud arm.

Other big names in that market segment include Salesforce, Adobe, VMware, IBM, Digital Realty, Equinix and Rackspace.

All these big players together account for over half of all cloud-related revenues.

What Does This Mean For Your Business?

The public cloud is being embraced by businesses as they seek to outsource and ditch traditional capital investment and maintenance problems and costs while reaping the benefits of having the pay-as-you-go scalability, security, and outsourced expertise that allows them to free up more of their own resources.  Cloud service providers are now investing heavily to win large slices of the cloud market with Amazon and Microsoft as market leaders, and as the Synergy report shows, this investment is delivering big revenues and impressive growth rates, particularly in the IaaS and PaaS market segments.

Penetration Testing Specialists Who Broke Into US Courthouse Claim It Was Part of Security Assessment

Posted on by Andy Miller

Two security specialists who performed a physical break-in on the US courthouse that hired their company for a penetration test have claimed that their break-in was part of their assessment of security.

What Happened?

Dallas’ State Court Administration (SCA) is reported to have hired security company Coalfire Labs to conduct testing of the security of the court’s electronic records at the Dallas County Courthouse in the town of Adel, around 20 miles west of Des Moines.

The police were called to the courthouse just after midnight on the 11 September where two men, who had been seen walking around on the third floor, came to the door to meet the police.  When the two men, named as Justin Wynn and Gary Demercurio came to the door they were allegedly carrying multiple burglary tools, and allegedly claimed that they had been ‘contracted’ to break into the building and to check courthouse alarm system, and how responsive the police were.  The two men were promptly arrested, jailed and released on a $50,000 bond.

No Knowledge

It has been reported that, at the time, Dallas County claimed to have no knowledge of the security company or their plans, but Iowa’s State Court Administration did later release a statement confirming that it hired the company Coalfire Labs to test the security of the court’s electronic records.

The State Court Administration did, however say that, although it has asked the company to attempt unauthorised access to court records through various means to learn of any potential vulnerabilities, it didn’t intend or expect those means to include forced entry to the building, an act that it couldn’t not condone (certainly for cyber testing!).

Would A Physical Break-In Be Part of a Pen Test?

Some tech commentators have speculated that some cybercrimes require the criminal to be physically close to target devices, which would, therefore, require companies and organisations to perhaps consider investing in physical defences as well as cyber defences.

Coalfire

Coalfire Labs, the global company that was hired to carry out pen testing assessment, and is reported to have carried out hundreds of assessments for government agencies in the past, has been unable to comment on this particular case due to the confidential nature of its work, security and privacy laws, and the fact that a legal case is active.

Similar?

One thing that may not be good news for the two penetration testers is that there have been reports that a break-in at the Polk County Historic Courthouse in nearby Polk County on 9 Sept was apparently similar in nature to the Dallas County Courthouse break-in.

What Does This Mean For Your Business?

Physical security is, of course, an important part of protecting the whole business, but under GDPR data security should not involve leaving personal data anywhere that it could easily be accessed by unauthorised persons, whether its in a physical or virtual location.

Penetration testing is a legitimate and valuable way for companies and organisations to assess where more work needs to be done to ensure the safety of all digital data and information that they hold, but it is unlikely that many UK businesses would consider a physical break-in to be a legitimate part of what is usually and electronic-based assessment.  It remains to be seen what happens in the US court case.

IBM To Offer Largest Quantum Computer Available For External Access Via Cloud

Posted on by Andy Miller

IBM has announced that it is opening a Quantum Computation Centre in New York which will bring the world’s largest fleet of quantum computing systems online, including the new 53-Qubit Quantum System for broad use in the cloud.

Largest Universal Quantum System For External Access

The new 53-quantum bit/qubit model is the 14th system that IBM offers, and IBM says that it is the single largest universal quantum system made available for external access in the industry, to date. This new system will (within one month) give its users the ability to run more complex entanglement and connectivity experiments.

IBM Q

It was back in March 2017 that IBM announced that it was about to offer a service called IBM Q that would be the first time that a universal quantum computer had been commercially available, giving access to (and use of) a powerful, universal quantum computer, via the cloud.

Since then, a fleet composed of five 20-qubit systems, one 14-qubit system, and four 5-qubit systems have been made available, and since 2016 IBM says that a global community of users have run more than 14 million experiments on their quantum computers through the cloud, leading to the publishing of more than 200 scientific papers.

Who?

Although most uses of quantum computers have been for isolated lab experiments, IBM is keen to make quantum computing widely available in the cloud to tens of thousands of users, thereby empowering what it calls “an emerging quantum community of educators, researchers, and software developers that share a passion for revolutionising computing”.

Why?

The hope is that by making quantum computing more widely available, it could lead to greater innovation, more scientific discoveries e.g. new medicines and materials, improvements in the optimisation of supply chains, and even better ways to model financial data leading to better investments which could have an important and positive knock-on effect in businesses and economies.

Partners

Some of the partners and clients that IBM says it has already worked with its quantum computers include:

  • J.P. Morgan Chase for ‘Option Pricing’ – a way to price financial options and portfolios. The method devised using the quantum computer has speeded things up dramatically so that financial analysts can now perform option pricing and risk analysis in near real-time.
  • Mitsubishi Chemical, Keio University and IBM, on a simulation related to reactions in lithium-air batteries which could lead to making more efficient batteries for mobile devices or automotive vehicles.

Quantum Risk?

Back in November 2018, however, security architect for Benelux at IBM, Christiane Peters, warned of the possible threat of commercially available quantum computers being used by criminals to try and crack encrypted business data.

As far back as 2015 in the US, the National Security Agency (NSA) warned that progress in quantum computing was at such a point that organisations should deploy encryption algorithms that can withstand such attacks from quantum computers.

The encryption algorithms that can stand up to attacks from quantum computers are known by several names including post-quantum cryptography / quantum-proof cryptography, and quantum-safe / quantum-resistant cryptographic (usually public-key) algorithms.

What Does This Mean For Your Business?

The ability to use a commercially available quantum computer via the cloud will give businesses and organisations an unprecedented opportunity to solve many of their most complex problems, develop new and innovative potentially industry-leading products and services and perhaps discover new, hitherto unthought-of business opportunities, all without needed to invest in hitherto prohibitively expensive hardware themselves. The 14 hugely powerful systems now available to the wider computing and business community could offer the chance to develop products that could provide a real competitive advantage in a much shorter amount of time and at much less cost than traditional computer architecture and R&D practices previously allowed.

As with AI, just as new technologies and innovative services can be used for good, their availability could also mean that in the wrong hands they could be used to pose a new threat that’s very difficult for most business to defend against. Quantum computing service providers, such as IBM, need to ensure that the relevant checks, monitoring and safeguards are in place to protect the wider business community and economy against a potentially new and powerful threat.

Less Than Half of Small Businesses Ready For No-Deal Brexit

Posted on by Andy Miller

Research from techUK shows that less than half of small UK businesses consider themselves to be ready to face a no-deal Brexit on 31 October, whereas 87% of larger businesses think they are prepared.

Small and Medium

The techUK research shows that only 43% of UK small businesses think they are ready for the prospect of a no-deal Brexit, which is not too different to the mere 50% of medium-sized companies that expressed readiness.

Not Up To Date With Government Guidance

The survey revealed that although most enterprises are aware that the government has given guidance on getting ready for a no-deal Brexit, only 30% of small businesses and 33% of medium-sized businesses regard themselves as being up to date with that guidance.

Popular Concerns

In addition to the impact on the UK economy, some of the popular concerns that many businesses have about a no-deal Brexit include how they stand in terms of regulatory and any extra regulatory barriers that may hinder trade compliance, and difficulty in finding staff after an end to freedom of movement (there is already a tech skills shortage and tech ‘brain drain’).  Also, businesses are clearly worried about post-Brexit relationships with suppliers, whether contracts will need to be updated, and whether they will have enough of the right raw materials and parts to keep production running smoothly and meet their customer demands while keeping their costs and prices down.

Data Protection Guidance For Brexit

As far as being prepared to stay compliant with data protection laws, the ICO has recently stated that if a UK business or organisation already complies with the GDPR and has no contacts or customers in the EEA, that business or organisation doesn’t need to do much more to prepare for data protection compliance after Brexit.

The latest guidance for businesses facing a no-deal Brexit can be found on the website here: https://ico.org.uk/for-organisations/data-protection-and-brexit/data-protection-and-brexit-for-small-organisations/

What Does This Mean For Your Business?

It doesn’t take a study to find out that there is still a great deal of uncertainty about trading post-Brexit, particularly after the impact of a no-deal Brexit. As the businesses in the study indicated, many are aware that there is guidance available from government sources and that SMEs don’t appear to be up to date with that guidance.  It is good, at least, that the ICO has issued clear, easily accessible guidance on its website to help companies prepare to remain GDPR compliant after Brexit. Other Brexit guidance for small businesses can be found on the FSB website here https://www.fsb.org.uk/standing-up-for-you/brexit/resources  and on the main UK government website here https://www.gov.uk/find-eu-exit-guidance-business.

Tech Tip – Telegram

Posted on by Andy Miller

Telegram describes itself as the fastest messaging app on the market, and uses a unique, distributed network of data centres around the globe so that’s it’s not only a simple, fast, secure messaging service that’s synced across all your devices, but also has added features and an ease of operation that many prefer to WhatsApp.

Everything on Telegram (chats, groups, media, etc.) is encrypted using a combination of 256-bit symmetric AES encryption.  Also, the app has a clean interface, there are no adverts, and Telegram offers powerful photo and video editing tools.

Telegram is available on the Google Play Store and Apple’s App Store.