Operators’ measurements found that, in general terms up to 12 March, traffic through IP networks had seen increases of nearly 40% while mobile use has increased by about 50% in voice and 25% in data. Traffic from instant messaging tools such as WhatsApp had increased fivefold in recent days. In a tell-tale sign of the increased use of teleworking, network traffic related to remote work tools such as Skype and Webex has increased fourfold. There is nothing to suggest that the same scenario will be played out in all the European countries that enter lockdown, if they do. And therein lies an issue: who knows what is actually going on and when and what are networking firms doing to ensure that the lights stay lit? The UK’s second-largest broadband provider, Virgin Media, said it realises how important its network is to everyone right now. The company said it wants to reassure users that it is working as hard as it can to keep it in “great shape”. In particular, Virgin stressed that as more people work from home, it is important for users to know that its network can withstand any increased usage, including peaks throughout the day, in the evenings and at weekends.
“What this tells us is that employees inside the office might be checking their nanny cam over the corporate network. Or using their Apple Watch to look at email. Or working from home, connected to the enterprise network, and periodically checking the home security system or accessing media devices,” the company said in its report. Which is typical, to be honest, and let (s)he who is without sin cast the first stone in that regard. What’s troubling is that roughly 83% of IoT-based transactions are happening over plaintext channels, while only 17% are using SSL. The use of plaintext is risky, opening traffic to packet sniffing, eavesdropping, man-in-the-middle attacks and other exploits. And there are a lot of exploits. Zscaler said it detects about 14,000 IoT-based malware exploits per month, a seven-fold increase over the previous year. “Folks can keep their smart watches, smart closets, and whatever else they think is making them smart. Banning devices is not going to be the answer here. The answer is changing up the narrative on how we think about IoT devices from a security and risk standpoint, and what expectations we put on manufacturers to increase the security posture of these devices,” wrote Deepen Desai, Zscaler’s vice president of security research in a blog post.
The SQL Server tools team at Microsoft introduced Notebooks to Azure Data Studio (ADS) around March 2019. Since then, data professionals from the SQL Server community have been posting and sharing knowledge on how to make the most of this awesome new feature. It was probably May of 2019 when I decided to give ADS Notebooks a try. I started simply just creating some simplified versions of T-SQL notebooks. Then, I decided to move a step forward experimenting with the code cells that support markdown. I felt this step very natural for me, because of my familiarity with the markup language. However, I was looking for something else. Then, I discovered that ADS notebooks also support Python as one of the built-in kernels. That's when notebooks got my attention! I'm a big fan of Python, therefore I started to experiment around immediately. Python is a very modular language with many libraries and SDK's at our disposal, being the Docker SDK one of the most popular and personal favorites.
In an email, Kirkendall said his company has already been working with authorities to "proactively prevent, and take down any fraudulent or abusive domains or websites related to COVID19 or the Coronavirus." "These actions also include banning such terms from our available domain name search tool to prevent them from being registered going forward," Kirkendall told us. But only Namecheap appears to have taken proactive steps to block customers from registering coronavirus scammy-looking domains. On the other hand, GoDaddy and Endurance said they'd continue to rely on their abuse reporting mechanisms that are currently in place. "We have processes and procedures currently in place to investigate and respond promptly to notices of illicit customer activity, including alleged illegal activity or other violations of our terms of service," a spokesperson for the Endurance International Group told ZDNet in an email. GoDaddy provided a similar reply via email, but also in a tweet addressed to Attorney General James.
According to Red Canary detection engineer Jason Killam, process injection is a technique used by cyberattackers to mix malicious activity with operating system processes that are fairly routine. "Its most useful function may be that arbitrary code, once injected into a legitimate process, can inherit the privileges of that process or, similarly, access parts of the operating system that shouldn't be otherwise available," Killam wrote. Scheduled tasks are similarly designed to take advantage of normal functions by allowing cybercriminals to take certain actions at prespecified times, enabling execution, persistence, and privilege escalation. Red Canary director of advanced threat detection and research Michael Haag said that Scheduled Tasks are a functionally necessary component of the Windows operating system, adding that they execute routinely, and malicious tasks readily blend in with benign ones. "Scheduled Tasks represent a versatile tool for adversaries. With the requisite privileges, an attacker can schedule tasks remotely. The technique is also useful for execution and persistence in conjunction with a variety of widely used scripting languages, such as PowerShell," Haag said.
According to Reuters, WHO has seen a marked increase in attempted cyberattacks – with one of the most recent reportedly perpetrated by a hacker group called DarkHotel. The unsuccessful attack spoofed a webpage to look like a login portal for agency employees in an attempt to steal passwords. As healthcare organizations battle the COVID-19 pandemic, they’re also facing heightened cybersecurity threats from malicious actors looking to take advantage of the crisis caused by the outbreak. The U.S. Department of Health and Human Services also fended off an attack recently as it was simultaneously focused on coronavirus response. Now, a UK-based medical facility that has plans to test coronavirus vaccines, Hammersmith Medicines Research, has been hit by an attack from one of the ransomware groups that recently pledged not to target medical organizations during the COVID-19 pandemic. The criminals behind the Maze ransomware attacks apparently managed to exfiltrate a slew of patient records, and have subsequently published some of the files on the dark web, demanding ransom payment.
Radoslaw Gnat, a veteran information security professional, has a very personal motivation for being involved: two of his children were recently diagnosed with virus unrelated pneumonia, and healthcare practitioners are helping them. Radoslaw sees this as an opportunity to contribute back. "We are just a group of people that is using our skills and contacts to help people that are the first line of defense against COVID-19," Gnat says. Those skills cover incident response, research, risk management and training services, among other things. Daniel Card, a self-proclaimed "Cyber Ninja Warrior" and founder of the PwnDefend capture the flag games, has issued a call for more people to help CV19 with its work. Alongside the enormous amount of work that is going into enabling technology solution providers and infosec professional volunteers, Card says that CV19 "must ensure that the work we do is conducted in line with our mission to help, not hinder." To facilitate this, CV19 has published a code of conduct that provides a shared understanding of how everyone should work together during this time of crisis.
For IT departments this shift is creating an entirely new set of challenges. The primary challenge is connecting a distributed, remote workforce to business-enabling applications and services residing in the data center and the cloud. Some users require access to VoIP systems, virtual desktops, and video conferencing that require fast and highly reliable network connections. A company that had 50 branch offices yesterday must now grapple with the idea that every user, and their home network, is a new branch they have to support, representing an exponential increase in the number of sites overnight. Over the past few weeks, as this shift has moved from possibility to reality, we’ve had a series of discussions with customers about how to best meet these changing organizational goals. We’ve taken these requirements into account and have compiled a reference architecture that allows for non-SD-WAN and SD-WAN users alike to connect to applications and services remotely. In this blog we’ll dig into this architecture in more depth.
CEO Tom Kilroy, who has posted a series of notices on the company's website, on Monday noted that Finastra was still working to "restore full IT operations. As mentioned previously, our solutions each have their own nuanced processes to move from being available to operationally live, and we are working closely with impacted customers to move through these essential steps securely." The ransomware attack. which started on Friday, forced Finastra to take its servers offline to prevent the malware from spreading further within its network, according to the online update. Kilroy did not offer details about the type of ransomware used in the attack on the company's infrastructure, but he noted that no customer or employee data apparently was inappropriately accessed or exfiltrated. Kilroy also noted that any clients running their own software on Finastra's network were not affected. The company is working with U.K. law enforcement officials as well as security firms to investigate the incident.
Quote for the day:
"Leaders begin with a different question than others. Replacing who can I blame with how am I responsible?" -- Orrin Woodward