Japan’s Cybercrime Underground: a Ticking Time Bomb?

Posted: October 16, 2015 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , | Leave a comment

japanese toriChina, Russia, Eastern Europe, the Middle East – the list of hacking hotspots on the radar of most threat intelligence operatives is growing all the time. But what about Japan? For such an apparently technologically advanced nation, you might be surprised to learn its cybercrime underground is still in its infancy.

That’s the key takeaway from a new Trend Micro report I covered for Infosecurity and IDG Connect recently.

The security giant claimed that Japanese cybercriminals haven’t yet built up the technical know-how to create malware themselves, preferring to buy from other countries and then share tips on how to use it on many of the local underground bulletin board forums.

These forums also sell the usual suspects of child porn, stolen card data, stolen phone numbers, weapons, and so on.

There were several interesting distinctions Trend Micro uncovered between the Japanese cybercrime underground and elsewhere:

  • Cybercriminals accept gift cards from Amazon and the like in lieu of payment
  • CAPTCHA in Japanese is used to access the forums, keeping their membership mainly to locals
  • URLs for some secret BBSs hosted on Tor and other anonymising platforms can actually be found published in books and magazines
  • Japanese cybercriminals are ultra cautious, even using code words when discussing certain contraband, like the kanji character for “cold” when referring to methamphetamine.

So far, the notorious yakuza organised crime gangs have largely stayed out of the game, and that’s the way it’ll stay for some time to come, report author Akira Urano told me. That’s because of a combination of strict cybersecurity laws and the fact that offline scams still work a treat. But it might not be that way forever.

“If ever organized crime groups like the yakuza ever venture into darknets, all they would need is the aid of tech-savvy individuals to engage in criminal transactions,” Urano argues in the report.

I was curious to hear a second opinion on Japanese cybercrime, so I asked FireEye’s local experts.

They hit me with a few stats from the National Police Agency (NPA) which show that, infancy or not, there’s a pretty healthy cybercrime industry in Japan.

Some 88 people were arrested for cybercrimes in the first half of the year, 58% of whom were Japanese. The country is also a major victim of banking fraud – second only to the US, according to other stats.

The country’s public and private sectors also have to withstand a barrage of likely state-backed cyber attacks, launched from outside the country.

Japan’s strengths in advanced technology and engineering, as well as its hand in territorial disputes, have made it a target for China.

Aerospace and defence, transportation, high-tech, construction and telecoms are some of the highest risk industries.

FireEye told me the following by email.

“FireEye observes similar tactics and techniques on Japanese networks as we see elsewhere in the world. However, the key difference is localization: APT actors tailor their phishing e-mails, CnC infrastructure, and even their exploits to Japanese end users. For instance, we have observed threat activity against Japanese targets exploit the Japanese Ichitaro word processing system; zero days against the program are not uncommon.”

UK Universities Suffer Most APT Attacks in 2015

Posted: October 2, 2015 | Author: | Filed under: Uncategorized | Leave a comment

kings college cambridgeFireEye’s just released its latest stats on APT attacks in the first half of the year, with the UK dropping down one place from fourth to prop up to the top five most attacked countries in EMEA.

However, of particular interest was the stat that education was the most targeted sector in the UK followed by energy/utilities and financial services, as I wrote in this Infosecurity piece.

I get the other two, but education? I asked FireEye threat expert Jens Monrad for more detail.

“If we look into the motive, there are three key types of threat actors who want to target education. Advanced Persistent Threat (APT) groups will likely seek to use a university’s network infrastructure as a staging ground from which to launch cyber operations against targets in other industries, on the assumption that their activity will appear less suspicious if it originates from a reputable university network,” he told me.

“These threat actors may also target educational institutions to gain access to sensitive intellectual property, such as from university research centres for the purpose of economic espionage.”

Aside from APT attackers, there’s also a risk to schools and universities from financially-motivated cybercriminals looking to steal sensitive personal and financial information from students, faculty, and staff, he added.

“And hacktivists could deface and disrupt university websites as a method of protest or way to call attention to a certain cause,” Monrad concluded.

Universities conducting research with a “potentially high economic pay-off” or those supporting sensitive government contracts are most at risk from APT groups, he added.

So what kind of malware have these institutions been facing?

Publicly available remote access tool (RAT), LV /NjRat, for one. This little nasty is capable of keystroke logging, credential harvesting, reverse shell access, file uploads and downloads, and file and registry modifications, Monrad explained.

“This RAT also offers threat actors a ‘builder’ feature, allowing them to create new variants based on configurations of command and control servers, specified filenames, options to spread via USB, designated campaign names for internal tracking, and other customisation options,” he added.

“Additionally, this RAT gathers and sends important information about infected machines to its command and control server, possibly using a custom protocol over port 80, to include NetBIOS name, user, date, locale, and Windows OS name.”

FireEye has seen cases where individual students were targeted, with the attacker taking screen captures when they opened specific documents.

Educational institutions have also been targeted with StickyFingers, aka QUICKBALL. This is a DLL backdoor favoured by Chinese APT attackers to gain reverse shell access to targeted systems.

With the caveat that this is only information gleaned from one security vendor’s customers, there still seems to be plenty for infosecurity bosses at the UK’s universities and colleges to mull over.

The Annual Cost of China’s Economic Cyber Espionage: $5 Trillion

Posted: September 15, 2015 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , | Leave a comment

chinese flagHow much do you think Chinese state-sponsored cyber spies steal from the US each year? No, you’re way off. It’s in the region of $5 trillion – 30% of GDP – according to one expert interviewed in a new exposé of Beijing-backed cyber attacks by the Epoch Times.

I covered this one for Infosecurity and IDG Connect because although most of the info for the article came from publicly available sources, it had some interesting insight from various industry experts and tied together the whole shadowy web of guanxi-tinged goings-on in the Middle Kingdom very well.

Particularly illuminating were claims that there are hundreds of state-backed “tech transfer centres” whose mission is to earmark IP they want, send scientists abroad to study in relevant industries and then reverse engineer products from stolen IP. It’s China investing in state-sanctioned theft because it’s quicker, easier and way cheaper than doing R&D the legal way. It’s happening on an industrial scale, to feed the country’s military aspirations and economic growth – many of the products are produced cheaply and sold back to the West at a fraction of the cost of the originals.

It’s thoroughly depressing but fascinating stuff and will make for frustrating reading if you’re a US tech CEO. If you haven’t been breached yet, you will be – or maybe you just haven’t found out about it yet.

China can do this, of course, because there’s a very fine line between government, academia, military, state-owned enterprise and even private business. All organisations must have a CCP committee which some believe sits even higher than the board. And all are expected to pull together for the betterment of Team China. But while the report calls out state-owned enterprises, there is in fact little in the way of evidence that private businesses have capitalised on stolen IP to accelerate R&D and produce cheap kit with which to flood Western markets.

Report author Josh Philipp told me that evidence was hard to find – even the US indictment of five PLA hackers last year referenced only SoEs. IP theft does happen, however, especially by contract manufacturers making products for US firms, although this is slightly different from the cyber espionage/tech transfer cycle mentioned in the report.

“Any private company involved would likely be running a small-scale counterfeit operation, which would be hard to pin down,” Philipp told me.

What is clear is that despite recent exhortations from the top to create an “innovation driven” country – an admission in itself that hitherto China’s economic growth and military might has been built on theft – the Chinese communist regime is unlikely to change things around anytime soon.

Western firms must get better at deflecting these attacks – and in so doing force up the size of investment needed by Beijing into cyber espionage activity, so that attack campaigns are just not worth the return in many cases. If they don’t, we can expect the same old breach headlines to continue ad infinitum.

 

Security Experts Find Fault with Google OnHub

Posted: August 20, 2015 | Author: | Filed under: Uncategorized | Leave a comment

OnHub routerGoogle’s new OnHub Wi-Fi router promises to shake up the staid home and SOHO router market, but experts I spoke to for Infosecurity Magazine were divided over whether it will be more secure.

The radical new coffee cup (or pint glass if you’re me) design crams in 13 antennas and has been praised for offering not only a more svelte appearance but faster wireless speeds in the house.

But the most talked-about features from a usability and security point of view are the fact it is managed entirely from the Google On app, with security updates automatically delivered over the air.

In fact, the device won’t work unless it’s running the latest version.

On the face of it, this is a massive improvement on the traditional router experience, where the user would have to switch it off and on again, and if the colour of the blinking lights on the front still haven’t changed, put in a helpdesk call.

There have also been several research reports already this year pointing to major flaws in popular home routers, which are usually ignored for months by the vendors. And when patches do become available it’s unlikely a home or SOHO/SMB user would have the time, inclination or skill to apply them.

That’s why automatic updates seem like a good idea, according to MWR InfoSecurity security consultant, Guillermo Lafuente.

“The security of products is often undermined when they rely upon end users to perform actions such as installing updates,” he told me by email.

“Most end users stop caring about the management of their products once they have finished setting them up. When talking about a router the most likely scenario is that they will plug it in, switch it on, and remember that it exists only when their Internet is not working.”

However, the ability to manage the device from an app may also expose it to greater risk, Alert Logic chief security evangelist, Stephen Coty, explained.

“This also gives the potential attacker, who is comprising the mobile device or update server, the ability to gain access into the network through pushed updates or mobile configuration updates,” he told me.

“This will allow them to open up ports or services in which they can gain access to the network. This is a pattern which we see a lot with the conveniences that Internet of Things devices introduce in our day to day lives. It’s convenient to make our lives easier, but if compromised could lead to data leakage.”

For Imperva CTO, Amichai Shulman, automatic updates don’t necessarily make a device any more secure, although they “might be a good thing for home users.”

“I think that most problems with home routers (as well as most vulnerable business routers) has to do with bad configuration, back door accounts and weak passwords,” he argued by email.

To lock down risk, users should choose strong passwords and ensure the management interface is only accessible from the internal network, he added.

“I think that the biggest advantage of this new offering (which I deeply regard as an end user) is simplicity,” Shulman concluded.

“An average home today is becoming a complex networking environment with mobile devices, smart TVs, media streaming and what not. I do believe that vendors who solve the ease-of-deployment and ease-of-maintenance problem for home users are going to rule this market.”

 

Is this the beginning of the end for Twitter?

Posted: July 10, 2015 | Author: | Filed under: Uncategorized | Tags: , , , , , , , | Leave a comment

twitter logoWith the long-time-coming resignation of CEO Dick Costolo, the continued lack of profitability and the reported slowdown in growth of monthly active users (MAUs), there’s been a lot of talk recently about the decline of Twitter. So is the firm just treading water until it’s acquired, or does it still have fight in its belly?

These are some of the questions I’ve been asking a range of social media analysts of late for an upcoming feature for IT Pro in Hong Kong. The answers were surprisingly positive for the firm. And I can summarise them thus:

  • The firm certainly made mistakes in the past, by failing to develop a revenue generating business model early enough. It hasn’t helped that several founders have had fingers in other start-up pies
  • It’s still true that outside of marketers and media types, not many people use or “get” the service
  • It’s been slow too to offer big brands a genuinely rich ad engagement platform to get their teeth into
  • Its failure to tackle the problem of online abuse and trolling on the platform continues to concern many people
  • It’s never managed to come up with an effective plan to challenge rival messaging products like Whatsapp, or photo-based social networks, like Instagram
  • In Asia things are even tougher, given the strong local rivals, the need to localise in so many different flavours and its exclusion from a market of 6-700 million internet users (yes, that one)

“The problems with Twitter right now are around its growth. Today Twitter’s user base isn’t growing as fast as the company would like, and compared to the other major social networks the growth of Twitter’s user base isn’t at all comparable and could be classified as slow,” Gartner research director, Brian Blau, told me.

“It’s clear that Costolo has to take some of the responsibility as he has been at the helm of the company for long enough to leave a lasting imprint. Given that the CEO has resigned at this point it’s clear that there’s some amount of responsibility that he is taking for the situation that the company is in today.”

However, the company can still turn things around, according to Ovum principal analyst, Pamela Clark-Dickson.

For one, it added 50 million MAUs from Q1 2014 to the same time this year – an 18%v increase – and its revenues went up by 74% to $436m, with ad revenues growing 71% to $388m, she told me. Quarterly losses have also been reduced from $511mn in Q4 2013 to $162.4mn in Q1 2015.  

It’s therefore still too early to write off the Silicon Valley poster child, she said.

“I think that Twitter has a solid financial base on which to build, but I think that in 2015 the company does need to focus on growing its user base into new markets/demographics, and it needs to continue to provide its brand partners with the tools and data that they need to increase their engagement with Twitter users,” Dickson-Clark added.

“If Twitter can’t successfully execute on these two key requirements, then user growth will continue to dwindle, and brands will turn elsewhere. And at that point, Twitter may become an acquisition target for another company that has the vision and the resources to revitalize Twitter’s business and bring it back to growth.”

Can Bitcoin Go Mainstream?

Posted: June 17, 2015 | Author: | Filed under: Uncategorized | Tags: , , , , , , | Leave a comment

moneyWhat’s the future of Bitcoin? That’s what I’ve been trying to work out in my latest feature for IT Pro in Hong Kong. As always it’s a topic everyone seems to have an opinion on, although not many are prepared to stick their neck out too far.

The main issue is that most countries have adopted a “wait and see” approach to the crypto-currency, which puts it a bit in limbo. Very few have banned it outright – not even China or Thailand, as is commonly reported.

Usually in these cases, it’s merely restrictions rather than total prohibition that have been instituted.

For Frost & Sullivan analyst, Vijay Narayanan, IT leaders in public and private sector organisations could face “new challenges, responsibilities and opportunities” if the cryto-currency can establish itself.

“While corporates are likely to build upon the Bitcoin technology to deliver new products and services, governments may find new methodologies to execute its mission from a view point of a law enforcer and regulator,” he told me.

“Bitcoin, in the future, further could revolutionise the way firms conduct business. As Bitcoin as a form of payment is expected to mature, it is likely to create an ecosystem of firms that will support retailers and end consumers in storing, accepting and exchanging bitcoins as a mode of  barter of goods and services.”

However, he argued that for Bitcoin to go mainstream if must become more stable, and “resolve issues pertaining to trust and security” – only this will give the markets the confidence they need to adopt it more readily.

Quocirca founder Clive Longbottom agreed that the currency’s price volatility has been its undoing in the past, claiming that only those who value anonymity are really keeping it going from an end user perspective.

“Most governments are publicly trying to say that Bitcoin is a passing fad that will not last, while shitting themselves behind closed doors as to what crypto-currencies mean to global trade and how that can be effectively tracked, taxed and manipulated.  It is more than likely that there have been deep discussions between governments and central and global banks to try and find a way to control any spread of crypto-currencies, but obviously, without a completely different thought process behind it all, these will not get anywhere,” he told me by email.

“It is difficult to regulate something where there is no true controlling body as such and all transactions are controlled by an overarching network. It is too easy for people to bypass any controls, so transactional charges and banking charges cannot be easily applied. As such, I think that we will see a few poorly thought out and implemented attempts to put in place some level of control, which will fail – unless Bitcoin itself suffers more problems.”

As to the future – well I suspect that Bitcoin and digital currencies in general will fail in themselves to see the mass adoption predicted for so long, mainly because most people are perfectly happy with existing currency systems. Where it could become more popular is in countries which already have weak and volatile currencies, but I doubt this will give it the momentum it needs.

Whether something bigger and better – and easier for ordinary users to ‘grasp’ – will eventually evolve from these platforms, is the great imponderable.

Will Apple’s China pivot come back to haunt it?

Posted: May 1, 2015 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , , , , | Leave a comment

chinese flagApple had a rip-roaring second quarter, as I’ve just reported here for IDG Connect. But the financials were about more than putting yet more dollars in the bank. In years to come, the quarter may well be seen as a tipping point – the point when the Cupertino giant came to rely way too much on China.

Although sales in China have yet to surpass the Americas, that point is not too far away. But the quarter did see iPhone sales from the Middle Kingdom overtake the US, and it also witnessed total revenue from China leapfrog that of Europe – two pretty significant milestones.

Apple is in a position that its American rivals and counterparts – Google, Microsoft, Amazon, Facebook etc – would dearly love. They’ve all been either banned or investigated for anti-trust dealings – in other words harangued by the authorities. These firms face an uncertain future in the world’s soon-to-be largest technology market. But while Apple is largely loved by consumers still in style-obsessed China, its days too could be numbered.

Certainly the government has been making life difficult for US tech firms over the past year or two. The revelations from NSA whistleblower Edward Snowden has given it the perfect excuse to request stringent security checks on products destined for the public sector market. It’s a de facto ban for many providers. Beijing is trying to do the same with the banking industry. And it will get its way, eventually.

Kowtow time

What does it mean for Apple? Yes the firm is a large investor in the country. But that won’t count for much if or when Beijing wants to apply some pressure. Apple has already been forced to comply with its unpalatable censorship demands, withdrawing apps from its store. It was notably silent when the authorities launched a Man in the Middle attack on iCloud last year. And CEO Tim Cook was forced to make a grovelling apology when a state TV-led witch hunt found issues with its customer service in the country. Cook has reportedly also agreed to give the government access to its source code in a bid to pacify regulators and ensure its devices are approved. This in itself could backfire if Beijing uses that intelligence to create backdoors to spy on Apple users outside the country.

Then there’s the issue of growth. China is not necessarily the license to print money many think it is for Apple.

IDC analyst Xiaohan Tay told me smartphone growth will begin to slow in the country over the coming years.

“Most of the growth in the smartphone market will come from the lower end segment of the market. As Apple is a high-end product in the China market, most of its growth will come from replacement users which are the Apple fans, as well as those who may be using the higher end Android phones at the moment,” she added.

“The new iPhones were a hit in the Chinese market as consumers were awaiting the release of the larger screen sized phones from Apple for the longest time, and this helped to drive growth in the past two quarters since the new iPhones were launched in China.”

Growth will continue, but at a slower rate, although the Apple Watch represents a great opportunity to arrest that slide, she added.

“The die-hard Apple fans as well as the middle and upper-middle class consumers in the cities will help to sustain the growth,” said Tay. “I believe that Apple’s high prices actually makes its phones more desirable for the consumers. Owning an iPhone represents a status symbol that the average consumer wants to work towards.”

Plenty of positives for the future for Apple in China, then. But what the Middle Kingdom giveth it can also taketh away. In my opinion, Cupertino had better disperse its eggs into other BRIC baskets if it wants to avoid a nasty surprise down the road.

Have we been mis-sold a mobile malware ‘epidemic’?

Posted: April 24, 2015 | Author: | Filed under: Uncategorized | Tags: , , , , , , , | Leave a comment

iphoneJust finished an interesting story from security firm Damballa on mobile malware.

Breaking ranks with most of the rest of the industry, the vendor suggests in its new report that the amount of mobile malware on US networks is actually pretty minimal, and that if most users stick to the official app stores they should steer pretty clear of danger.

Indeed, it found in its analysis of half of the mobile traffic in America, only 0.0064% – or 9,688 devices out of 151 million – contacted a domain on the mobile black list.

This was even down on the 0.015% that did so in 2012.

Now the caveat is that this is just in the US, and only focusing on malicious network traffic rather than installs, but it’s still a pretty interesting piece of research.

It tends to fly in the face of the picture painted by many anti-malware companies, some of which perhaps are talking slightly disingenuously about malware epidemic on Android.

There undoubtedly is an awful lot of malware designed for Android. But how much of it actually makes its way on users’ devices? Especially if those users only stick to the first party app stores.

I’ve a feeling that if you took China and Russia out of the equation, for example, the Android malware problem wouldn’t be even remotely as acute.

“I do not know when if ever mobile malware (as we see it on the PC) will become a problem on mobile devices. I really think the app stores can control distribution of ‘money-making’ malware,” Damballa CTO Brian Foster told me by email.

“The risks and threats of around insecure cloud apps or insecure access to cloud apps are already here. The risk of losing your device and giving a 3rd party inappropriate access to your data is already here.”

It is those latter risks that IT managers would do well to get a handle on, says Foster.

Another part of the research worth mentioning is that only 1.3% of mobile hosts weren’t also in the set of hosts contained by historical non-cellular traffic.

This means that mobile apps are using the same hosting infrastructure as desktop applications and, as such, IT security teams can apply the same network-based security to spot domains with bad reputation scores etc.

F-Secure security advisor, Sean Sullivan, agreed that most Western netizens would be safe sticking to the authorised channels.

He admitted to me too via email that the mobile malware epidemic had been “overstated by *some* in the AV industry”.

However, he felt justified in sharing threat intelligence on new mobile malware, given that F-Secure’s customer-base stretches far and wide globally.

“We don’t just sell mobile AV – we sell mobile security with multiple security features and sell/bundle it with our other services in our cross-platform ‘SAFE’ offering,” he explained. “When you buy our PC software, you also get Android software – it’s all part of the package.”

That’s completely understandable and I think even if Vendor A doesn’t sell into markets where mobile threats are higher risk (like Asia, for example) they still have a responsibility to reveal major new discoveries.

However, unfortunately it doesn’t take much for responsible disclosure of threat intelligence to turn into FUD-y marketing hyperbole.

Firms Fail to Combat the Insider Security Threat

Posted: April 10, 2015 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , | Leave a comment

hackerThe threat of accidental or malicious employees compromising information security has been around ever since there were computer systems. But you would have thought by now that CISOs would have got a handle on it.

Not so, according to a new report from training and research firm the SANS Institute which I’ve just covered for Infosecurity Magazine.

It found that although three-quarters of IT security pros are concerned about the insider threat, a third have no means of defending against it and around a half either don’t know how much they’re spending on it or have no idea what the potential losses would be.

From JPMorgan to Chesapeake, the dangers of failing to properly mitigate internal risks are clear to see, but firms seem to be slow on the uptake.

According to Roy Duckles, EMEA Channel Director at Lieberman Software, it’s a lack of “visibility, accountability and auditability” which is to blame.

“There is an assumption that if a person or group have the ‘keys to the kingdom’ with full admin rights across an enterprise, that this is a viable and effective way to apply security policies,” he told me.

“Where most businesses fail is that due to the fact that this approach not only reduces security, but it makes it almost impossible to see who is changing what, on which systems, at what time, and the effect and risk that it has on a business.”

Firms therefore need to remove privileges where possible, introduce 2FA and prevent admins “knowing” which passwords get them into systems, he advised.

Sagie Dulce, security researcher at Imperva, told me by email that organisations lack “budget, training, technology and an incident response plan” for when a breach occurs.

He added:

“Obviously, the first things organizations must do is put some resources into the insider threat. The second thing organizations must do is prioritise: ask themselves what are the most important thing they are trying to protect?

Once they know what they are trying to protect they should consider:

  • Is it Personal Information, emails, code etc?
  • Is the data structured, unstructured?
  • Is it found on databases, file shares?
  • Who has access to this data and how (from special terminals, via VPN, 3rd party partners etc.)?”

Finally I asked David Chismon, security consultant at MWR InfoSecurity, who repeated the notion that employees should be given the minimum access necessary to do their jobs.

Investing in systems to spot insider abuse could also help protect organisations against targeted attacks which spearphish users and abuse their access, he argued.

“For example, organisations are able to detect when an employee’s account is used to try and access data it shouldn’t or if a large amount of data is being exfiltrated,” Chismon explained. “It doesn’t matter at that stage if it is the employee misusing their account or an external attacker who has compromised the network.”

The Future of Google (Spoiler: It’s Pretty Bright)

Posted: March 27, 2015 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , , , | Leave a comment

google logoI’ve just finished a piece on Google’s uncertain future. Bit odd, you might think, given it’s one of the world’s biggest and most profitable companies.

Well, the initial brief was based on the web giant missing analyst expectations for Q4 2014. Which it didn’t do by a long way, but there you go. Although it has since bounced back with a storming start to 2015, there’s still enough latitude to ask where the firm might be headed over the next decade. Where are its core strengths, and how it will cope with the slow down in ad spend, increasing competition from the likes of Facebook and the move of more ad dollars into mobile, etc etc.

Google is in a lot of ways a company of two parts: the shiny, innovative, envelope-pushing start up putting huge amounts of cash into cutting edge technology projects that could transform the world in years to come; and the cash-hungry advertising behemoth. The problem it has is that the former relies on revenue from the latter to continue, although this is declining. The key I think will be Google’s ability to pull in more revenue from new streams going forward.

One of these will be video.

“I think for Google YouTube will remain a key strategic play and over the long term a strong source of revenues. YouTube combines two major digital advertising channels into a single location – search and video,” Ovum analyst James McDavid told me.

“Ovum’s forecast data shows that search is still the single largest segment of digital advertising spending but video is the fastest growing. Google having market leading plays in both sectors bodes pretty well for their future.”

Another key area is likely to be mobile, and Android is well placed with a market leading share. Google has a great opportunity to increase sales of services, ads, licenses and devices as well as peeling off a healthy cut of app sales. Only the huge market of China, where Play is locked out, and the potential fragmentation of the OS, threaten it here.

Quocirca founder Clive Longbottom agreed that Android represents Google’s best opportunity platform wise going forward.

“Chromebooks have been a bit of a disaster: a hell of a lot of work is required to make Chrome into an OS that works effectively and brings all the other Google services together in a way that really works,” he told me.

“Android, however, has been a runaway success – it is probably better for Google to concentrate on Android as the OS with a Chrome layer on top in a looser way than it has tried to date.”

I’ve only just had time to scratch the surface here; there’s also a great opportunity in cloud services, IoT and wearables and more for Google. It’ll just be interesting to see how it gets there – and whether any others can realistically challenge the Mountain View giant over such a wide sweep of product and service areas in the future.

← Older Entries
Newer Entries →