Have we been mis-sold a mobile malware ‘epidemic’?

Posted: April 24, 2015 | Author: | Filed under: Uncategorized | Tags: , , , , , , , | Leave a comment

iphoneJust finished an interesting story from security firm Damballa on mobile malware.

Breaking ranks with most of the rest of the industry, the vendor suggests in its new report that the amount of mobile malware on US networks is actually pretty minimal, and that if most users stick to the official app stores they should steer pretty clear of danger.

Indeed, it found in its analysis of half of the mobile traffic in America, only 0.0064% – or 9,688 devices out of 151 million – contacted a domain on the mobile black list.

This was even down on the 0.015% that did so in 2012.

Now the caveat is that this is just in the US, and only focusing on malicious network traffic rather than installs, but it’s still a pretty interesting piece of research.

It tends to fly in the face of the picture painted by many anti-malware companies, some of which perhaps are talking slightly disingenuously about malware epidemic on Android.

There undoubtedly is an awful lot of malware designed for Android. But how much of it actually makes its way on users’ devices? Especially if those users only stick to the first party app stores.

I’ve a feeling that if you took China and Russia out of the equation, for example, the Android malware problem wouldn’t be even remotely as acute.

“I do not know when if ever mobile malware (as we see it on the PC) will become a problem on mobile devices. I really think the app stores can control distribution of ‘money-making’ malware,” Damballa CTO Brian Foster told me by email.

“The risks and threats of around insecure cloud apps or insecure access to cloud apps are already here. The risk of losing your device and giving a 3rd party inappropriate access to your data is already here.”

It is those latter risks that IT managers would do well to get a handle on, says Foster.

Another part of the research worth mentioning is that only 1.3% of mobile hosts weren’t also in the set of hosts contained by historical non-cellular traffic.

This means that mobile apps are using the same hosting infrastructure as desktop applications and, as such, IT security teams can apply the same network-based security to spot domains with bad reputation scores etc.

F-Secure security advisor, Sean Sullivan, agreed that most Western netizens would be safe sticking to the authorised channels.

He admitted to me too via email that the mobile malware epidemic had been “overstated by *some* in the AV industry”.

However, he felt justified in sharing threat intelligence on new mobile malware, given that F-Secure’s customer-base stretches far and wide globally.

“We don’t just sell mobile AV – we sell mobile security with multiple security features and sell/bundle it with our other services in our cross-platform ‘SAFE’ offering,” he explained. “When you buy our PC software, you also get Android software – it’s all part of the package.”

That’s completely understandable and I think even if Vendor A doesn’t sell into markets where mobile threats are higher risk (like Asia, for example) they still have a responsibility to reveal major new discoveries.

However, unfortunately it doesn’t take much for responsible disclosure of threat intelligence to turn into FUD-y marketing hyperbole.

Firms Fail to Combat the Insider Security Threat

Posted: April 10, 2015 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , | Leave a comment

hackerThe threat of accidental or malicious employees compromising information security has been around ever since there were computer systems. But you would have thought by now that CISOs would have got a handle on it.

Not so, according to a new report from training and research firm the SANS Institute which I’ve just covered for Infosecurity Magazine.

It found that although three-quarters of IT security pros are concerned about the insider threat, a third have no means of defending against it and around a half either don’t know how much they’re spending on it or have no idea what the potential losses would be.

From JPMorgan to Chesapeake, the dangers of failing to properly mitigate internal risks are clear to see, but firms seem to be slow on the uptake.

According to Roy Duckles, EMEA Channel Director at Lieberman Software, it’s a lack of “visibility, accountability and auditability” which is to blame.

“There is an assumption that if a person or group have the ‘keys to the kingdom’ with full admin rights across an enterprise, that this is a viable and effective way to apply security policies,” he told me.

“Where most businesses fail is that due to the fact that this approach not only reduces security, but it makes it almost impossible to see who is changing what, on which systems, at what time, and the effect and risk that it has on a business.”

Firms therefore need to remove privileges where possible, introduce 2FA and prevent admins “knowing” which passwords get them into systems, he advised.

Sagie Dulce, security researcher at Imperva, told me by email that organisations lack “budget, training, technology and an incident response plan” for when a breach occurs.

He added:

“Obviously, the first things organizations must do is put some resources into the insider threat. The second thing organizations must do is prioritise: ask themselves what are the most important thing they are trying to protect?

Once they know what they are trying to protect they should consider:

  • Is it Personal Information, emails, code etc?
  • Is the data structured, unstructured?
  • Is it found on databases, file shares?
  • Who has access to this data and how (from special terminals, via VPN, 3rd party partners etc.)?”

Finally I asked David Chismon, security consultant at MWR InfoSecurity, who repeated the notion that employees should be given the minimum access necessary to do their jobs.

Investing in systems to spot insider abuse could also help protect organisations against targeted attacks which spearphish users and abuse their access, he argued.

“For example, organisations are able to detect when an employee’s account is used to try and access data it shouldn’t or if a large amount of data is being exfiltrated,” Chismon explained. “It doesn’t matter at that stage if it is the employee misusing their account or an external attacker who has compromised the network.”

The Future of Google (Spoiler: It’s Pretty Bright)

Posted: March 27, 2015 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , , , | Leave a comment

google logoI’ve just finished a piece on Google’s uncertain future. Bit odd, you might think, given it’s one of the world’s biggest and most profitable companies.

Well, the initial brief was based on the web giant missing analyst expectations for Q4 2014. Which it didn’t do by a long way, but there you go. Although it has since bounced back with a storming start to 2015, there’s still enough latitude to ask where the firm might be headed over the next decade. Where are its core strengths, and how it will cope with the slow down in ad spend, increasing competition from the likes of Facebook and the move of more ad dollars into mobile, etc etc.

Google is in a lot of ways a company of two parts: the shiny, innovative, envelope-pushing start up putting huge amounts of cash into cutting edge technology projects that could transform the world in years to come; and the cash-hungry advertising behemoth. The problem it has is that the former relies on revenue from the latter to continue, although this is declining. The key I think will be Google’s ability to pull in more revenue from new streams going forward.

One of these will be video.

“I think for Google YouTube will remain a key strategic play and over the long term a strong source of revenues. YouTube combines two major digital advertising channels into a single location – search and video,” Ovum analyst James McDavid told me.

“Ovum’s forecast data shows that search is still the single largest segment of digital advertising spending but video is the fastest growing. Google having market leading plays in both sectors bodes pretty well for their future.”

Another key area is likely to be mobile, and Android is well placed with a market leading share. Google has a great opportunity to increase sales of services, ads, licenses and devices as well as peeling off a healthy cut of app sales. Only the huge market of China, where Play is locked out, and the potential fragmentation of the OS, threaten it here.

Quocirca founder Clive Longbottom agreed that Android represents Google’s best opportunity platform wise going forward.

“Chromebooks have been a bit of a disaster: a hell of a lot of work is required to make Chrome into an OS that works effectively and brings all the other Google services together in a way that really works,” he told me.

“Android, however, has been a runaway success – it is probably better for Google to concentrate on Android as the OS with a Chrome layer on top in a looser way than it has tried to date.”

I’ve only just had time to scratch the surface here; there’s also a great opportunity in cloud services, IoT and wearables and more for Google. It’ll just be interesting to see how it gets there – and whether any others can realistically challenge the Mountain View giant over such a wide sweep of product and service areas in the future.

What to Expect from Giants of Console Gaming in 2015

Posted: March 20, 2015 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , | 1 Comment

gamer logoI’ve just finished a feature on the console gaming market which was just about as far out of my comfort zone as you can get.

Still, it’s always good learning about new areas of technology, so here’s what I have surmised over the past few days:

  • Sony and Microsoft rule the roost. Nintendo will never gain parity as long as its selection of third party titles is so poor.
  • Sony’s PS4 won 2014, but Xbox One hit back in the last two months of the year thanks to discounted pricing
  • Both of the big boys have copied each other’s strategy at times; in engaging with the gamer geek and “bedroom coder” community and in trying to tie up exclusive third party title deals.
  • There’s pretty much nothing to separate the two hardware wise, which is why there’ll be some increasingly aggressive deal-making going on with third party developers in the coming years.
  • As IDC Retail Insights head of Europe, Spencer Izard, told me, there are only two things gamers really care about: “how many of your friends are using my console and am I getting the best content.”
  • The future will eventually shift towards online downloads, although not until there’s a critical mass of users. Only then will the console giants feel they can take retailers on and undercut them on price with downloads.
  • In developing regions this shift will take far longer, as broadband infrastructure simply isn’t up to the hefty downloads necessary.
  • However, last year actually saw “a significant increase” in spending on digital transactions for games, according to IHS head of games, Piers Harding-Rolls. “Part of this is to do with the early adopters who are currently very active digitally on the latest consoles, part of this is to do with the day and date release of new releases alongside boxed product in the retail channels and part of it is to do with the ability to use more efficient monetisation models in the digital space,” he told me. “In this context we have seen more open ended spending opportunities emerge on consoles during the last few years driving up monetisation.”
  • The rise of smartphone and tablet-based gaming represents a real challenge to the console players
  • In China, like Korea, Sony and Microsoft have just been too late to make a difference. The market is either swamped with pirated clones or dominated by PC gaming. Regulators will also be hard to please in terms of software content.

And there you have it. All you need to know about console-based gaming in a few media friendly sound bites.

Beware the ‘Glocals’ if you’re Planning a Career in Asian IT

Posted: January 30, 2015 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , | Leave a comment

foxconn workerI’ve just finished a piece for IDG Connect looking ahead to job prospects in Hong Kong and China for ex-pat IT pros in 2015. As usual, it’s a mixed bag.

On the one hand the jobs market is booming and there are plenty of vacancies. The Harvey Nash CIO Survey of 2014, for example found 76% of Hong Kong and China CIOs were concerned about a technology skills shortage. A further 42% said they were planning to increase headcount last year and APAC MD Nick Marsh told me by email that he “expects to see that demand continue” this year.

Skills particularly in demand, he said, are big data, mobile, cloud and digital, although more traditional areas are also important. “Fundamental areas such as project management, enterprise architecture, and business analysis are still the top areas of skill demand,” he said.

Candidates with leadership capabilities and “exceptional communication skills” as well as those who can demonstrate an ability to innovate will be favoured.

However, Marsh also warned that employers in the region are increasingly likely to favour “glocals” – that is, locals who have overseas education and/or experience.

This is bad news for the ex-pat IT job seeker looking to land a plum job in China or Hong Kong.

“Candidates should focus on the strength of their understanding of the local market, customers, and their industry,” Marsh advised. “This understanding is critical, and without it they are likely to lose out to local or ‘glocal’ talent.”

More bad news came in the form of a recent Regus study on office stress in Hong Kong and China.

It found that in Hong Kong, working to deadlines (24%) was rated stressful by a far higher percentage than the global average (14%), while “colleagues” (11%) was more than double the global norm of 5%.

Unreliable or obsolete technology (26%) and a lack of staff (28%) were also major factors.

“When employees don’t have a good work/life balance, they feel overstretched, unhappy and, ultimately they become less productive,” Regus Hong Kong country manager Michael Ormiston told me. “Flexible working can alleviate some of the pressures that create stress, while at the same time reducing a company’s costs.”

Given that most employers in China and Hong Kong are putting ex-pats on local packages these days, a move out East is becoming less and less attractive to Western IT professionals. It might be worth staying put for the time being.

Cameron on a hiding to nothing if he really does want encrypted comms ban

Posted: January 15, 2015 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , , , | Leave a comment

whatsapp logoThis week, prime minister David Cameron seemed to indicate that if he is elected this May he’ll do all he can to ensure strongly encrypted communications are banned in the UK.

Well, that’s the gist of what he said. More correctly, he made it clear that no form of comms should exist where, in extremis, the security services can’t eavesdrop on private conversations – to stop criminals, terrorists etc.

His comments have been widely criticised in the media and by the technology industry, and rightly so.

Although others including the FBI, US attorney general Eric Holder and even Europol have voiced concerns about encrypted communications, none have gone as far as Cameron – who is now apparently off to the US to try and get support for his plans from Barack Obama.

A few thoughts sprung to mind as I reported on this breaking story:

  • If Cameron thinks he can take on the might of Apple, Google et al over this, he’s mistaken.
  •  His comments are at odds with European security agency Enisa which has just released a document praising encryption and calling for MORE privacy enhancing technologies (PETs), not fewer
  • There’s no evidence that the Paris attacks would have been prevented if encrypted comms were banned
  • The UK’s burgeoning tech industry will suffer
  • UK business will react angrily if they can’t use strongly encrypted comms, as will UK entrepreneurs –  it’s sending out a dreadful signal to potential investors in our supposedly liberal democratic country. Also, these are exactly the sort of traditional Tory supporters Cameron needs on side.
  • If encrypted comms were banned, or backdoors were engineered into products so the security services could access them if needed, the bad guys would eventually find a way of exploiting them too.
  • Terrorists and criminals will continue to use encrypted comms, downloaded from regions where they are still legal.

Sophos global head of security research James Lyne summed up the whole farce neatly in comments he sent me by email:

“Even if regulation was brought in to force legitimate companies to use encryption the government (in extremis) could intercept, unless they plan to build a great firewall of China (but even bigger and better – or sinister) to prevent people getting their hands on open source tools available in other countries it isn’t going to stop the darker side of the net from using it,” he told me.

“At the end of the day, terrorists will use any tools at their disposal to communicate, so this is unlikely to solve the real problem. The intention behind the statement was likely a little different to the way in which it has appeared but the suggestion as it stands would do the UK more harm than good and clearly lacks insight into how the internet works or how such controls might be implemented.”

Did North Korea Really Hack Sony?

Posted: January 8, 2015 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , | Leave a comment

kim jong unNot for the first time, official law enforcement is at odds with certain sections of the information security industry on the attribution of a particularly high profile cyber attack.

The case, of course, is the destructive hit on Sony Pictures Entertainment which not only forced the movie giant to close its entire network for over a week, but also led to embarrassing internal documents and communications leaking online.

Oh, and the movie which is said to have started it all – The Interview – was virtually withdrawn from North American cinemas after distributors feared for the safety of movie-goers.

On one side it’s the Feds, who believe North Korea was responsible for the attack. On the other, industry players who believe a disgruntled insider – possibly with help from others – was to blame.

FBI director James Comey this week claimed that the hackers in question got “sloppy” a few times and forgot to use proxy servers to hide their true location, revealing IP addresses used “exclusively” by North Korea.

“They shut it off very quickly once they saw the mistake,” he added, according to Wired. “But not before we saw where it was coming from.”

The agency’s “behavioural analysis unit” has also been studying the Guardians of Peace – the group claiming responsibility – and deduced that it displays many of the psychological characteristics of North Korean operatives, he added.

The Feds have already claimed that some of the code in the malware used in this attack had been previously developed by Pyongyang, and that some of the tools used were also deployed in the DarkSeoul attacks of 2013.

So far so clear? Well, not quite according to security consultant and Europol special advisor, Brian Honan.

“What was interesting is director Comey also stated they have not yet identified the original attack vector. So this makes it even more difficult to attribute who is behind the attack and makes it more important that the FBI and Sony provide assurances regarding their attribution, particularly given that this attack is resulting in diplomatic action impacting international relations,” he told me.

“It would also be useful for many other companies to have sight of the IP addresses that were used in this attack so they can add them to their own defensive measures to prevent attacks from those IP addresses against their networks and systems.”

This scepticism has been echoed throughout sections of the information security sector – with experts claiming that attribution is tricky at the best of times and that the Feds would be wise to hold fire until a detailed forensic examination has been undertaken.

US security vendor Norse, for example, claimed last week that any evidence linking North Korea to the attacks was purely circumstantial and that an investigation it undertook pointed to the involvement of a former employee.

Part of its reasoning is that the names of corporate servers and passwords were programmed into the malware fired at Sony, which would indicate an insider’s involvement.

Another sticking point is the motivation of North Korea. If it did carry out the attack in retaliation for The Interview, which lampoons the Kim Jong-un regime, the Guardians of Peace online missives didn’t even mention the movie until the media began pegging it as the cause.

It certainly wasn’t mentioned when the group were trying to extort a ransom for the stolen data online.

In the end, we’ll have to assume the Feds have more up their sleeves than they’ve admitted to right now if we’re to be convinced about the link to Pyongyang.

“Such information need not be shared with others as it would expose valuable intelligence sources, however knowing that is what is reinforcing the FBI’s claims would help those of us in the industry to accept those claims,” said Honan.

“The FBI do have very skilled technical individuals on the case which are no doubt supplemented by Sony’s own staff and any of the private computer security companies engaged by Sony. However, analysing log data and forensics takes a very long time so I would not be surprised to see additional details come out at a later stage.”

2015: the Year of the Mobile Messaging Wars

Posted: December 15, 2014 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , , | Leave a comment

whatsapp logoI’ve just finished another piece for IT Pro in Hong Kong covering the intensifying battle between WhatsApp and the slew of Asian mobile messaging firms in the chasing pack.

It’s shaping up to be an exciting 2015 for those in the space as these platform players look to differentiate in an increasingly crowded market, while the telecoms operators struggle to recoup the cash they’re losing from decreased SMS and voice call revenue.

Canalys analyst Jessica Kwee was quick to point out the pressure these traditional telecoms players are under.

“SMS/texting in the traditional sense has been impacted greatly, especially as people see more value in messaging apps – as in many cases they are considered ‘free’ as they are part of the data plans,” she told me via email.

“Plus, messaging apps are also more flexible and can handle more than traditional texting – no character limits, and on opposite spectrum, you don’t feel obliged to try to use up the character limit either, so it’s easier to text something very short and quick. Also, there’s the ability to communicate in groups, send pictures, videos, voice notes, emoticons, etc.”

However, there are some opportunities for operators.

“People will increasingly rely on an always-on connection and not be able to just rely on wi-fi at home or at work, as they will want to be connected all the time,” Kwee explained. “So even though it is much more difficult to get people to spend a lot of money on expensive data plans, especially in price-conscious markets, it could be a compelling alternative where telecoms provide cheaper data plans to exclusively use such apps.”

Frost&Sullivan principal analyst, Naveen Mishra, added that adoption of mobile messaging apps has soared over the past 12-18 months thanks to their added functionality and free price tag.

“Increasing smartphone penetration and growing internet adoption is driving this usage. Emerging markets like India, are growing extremely fast, both in terms of adoption and usage,” he told me.

“Between May 2014 and Oct 2014, WhatsApp’s monthly active users grew from 50 million to 70 million, which is 10% of the total user base. The next 3-5 years are also looking very promising, as key emerging markets have large opportunities of growth. In India alone, there are over 930 million mobile subscriptions out of which only 70 million are current WhatsApp users.”

As for the various market players, success will come down largely to innovating with new features.

“All the OTT application companies are constantly trying to innovate, however the success of the application largely depends on the value a new feature brings in,” he said.

“Line has tied up with LG Electronics, where through its chat session, LG appliances can be activated and controlled. On the other hand, WhatsApp is working on a voice calling service, which is expected to be launched in early 2015.”

Censor much? What to expect from the Great Firewall in 2015

Posted: November 21, 2014 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , , , , | Leave a comment

chinese flagI’ve been speaking to anti-censorship organisation Greafire.org about online freedoms in China and what we’re likely to see in 2015. It makes for pretty depressing reading.

First of all, the app market will see an ever-tightening regulatory regime following new regulations passed in October, according to co-founder Percy Alpha.

“I fear that in the future, apps will be like websites, i.e you have to get a license before publishing any,” he told me by email.

Then there’s the current trend for Man in the Middle attacks as a way to monitor and block access to various online services and sites.

The Great Firewall has already tried this tactic on Google, Yahoo and iCloud to name but three. It’s the only way the authorities can see what people are up to once a site switches to HTTPS.

The smart money is apparently on more of these attacks in 2015, but increasingly focused on smaller sites so as to not arouse much media attention.

The Chinese authorities have also been going after Greatfire itself of late, proof the anti-censorship group must be doing something right.

Their mirrored sites, which allow users behind the Great Firewall view blocked content, have been a minor irritant to the authorities until now. But since last week Beijing upped the ante in two astonishing moves against the content delivery networks (CDNs) Greatfire uses.

The first resulted in EdgeCast losing all service in China – which could mean tens of thousands of sites affected. Then another swipe took out an Akamai subdomain also used by HSBC. The result? Its corporate banking services became unavailable. It just shows the lengths the Party is prepared to go to control the flow of information.

The last word goes to co-founder Charlie Smith:

“I think we will continue to see the kinds of crackdown we have seen this past year. I think that for a long time, many optimists have said, give the authorities some time, restrictions will loosen up and information will flow more freely. If anything, the exact opposite is happening – I’m not sure why people seem to make comments otherwise.

 If anything, I think the authorities will take censorship too far in 2015. They will push the Chinese over the limit of what they are willing to tolerate.”

China’s state-backed hacking plans for 2015

Posted: November 7, 2014 | Author: | Filed under: Uncategorized | Tags: , , , , , , , | Leave a comment

chinese flagI’ve just been putting together a piece for IDG Connect on tech predictions for China and Hong Kong in 2015. It’s always difficult to fit in all the comment I manage to get on these pieces, so here’s a bit more on the cyber security side of things, from FireEye threat intelligence manager Jen Weedon.

The long and the short of it is “expect more of the same” from China. The US strategy of naming and shaming PLA operatives ain’t really doing much at all.

“In the next six to twelve months, targeted data theft by China-based actors is likely to remain consistent with patterns we have observed in the past,” Weedon told me by email.

“We expect Chinese threat groups to conduct espionage campaigns that are in line with the Chinese central government’s political and development goals.”

So what exactly will these goals be in 2015? Well, according to Weedon we can expect data theft to focus on climate change and the tech sector.

“China’s ongoing pollution challenges provide strong incentive for threat actors to steal data related to technologies that can help China stem the environmental impact of its heavy reliance on coal,” she said. “We also expect cyber espionage activity against governments and policy influencers in the run-up to the 2015 UN Climate Summit as China seeks intelligence to enhance its negotiating position on global climate policy issues.”

As for the tech sector, China is stepping up its efforts to develop homegrown computing and semiconductor policies – ostensibly for reasons of national security, ie to close down the risk of NSA backdoors in US kit.

“As the country pursues these goals, we anticipate Chinese actors will leverage data theft to supplement knowledge acquired through legitimate channels such as joint ventures with experience foreign partners,” Weedon told me.

“We regularly observe China-based threat actors target firms engaged in joint ventures with Chinese enterprises.”

Territorial disputes in the South and East China Seas will also continue to drive cyber espionage activity, she said.

As for beyond that, we’ll just have to wait until after the National Development and Reform Commission (NDRC) outlines development priorities for the 13th Five Year Plan.

“As the central government solidifies its goals for the 2016 to 2020 timeframe, we expect further clues to emerge about which topics are likely to enter threat groups’ cross hairs in 2015 and beyond,” said Weedon.

It’s very much a question, therefore, not of whether China will continue its blatant state-backed cyber espionage campaigns, but where it will focus its considerable resources.

← Older Entries
Newer Entries →