A new type of ransomware dubbed “Bad Rabbit”, similar to WannaCry and Petya, has been spreading across Russia, Ukraine and into other countries.

What is Ransomware?

Ransomware is a form of malware that typically encrypts important files on the victim’s computer. The victim is then given a ransom demand, the payment of which should mean that the encrypted files can be released. In reality, some types of ransomware delete many important files anyway, and paying the ransom does not guarantee that any files will be released.

How Does It Infect?

The Bad Rabbit ransomware appears to be spread via a bogus Adobe Flash update and, worryingly, is still undetected by the majority of anti-virus programs.

What Does ‘Bad Rabbit’ Do?

Like other ransomware, Bad Rabbit encrypts the contents of the victim’s computer and asks for a payment of 0.05 Bitcoins / £213 to release the locked data. It is common for ransom demands to be made in the crypto-currency Bitcoin because it is out the control of banks and provides anonymity for the perpetrators.

In order to pay the ransom, users are directed to a .onion Tor domain where, where a countdown on the site shows the amount of time before the ransom price goes up.

Some tech / security commentators have noticed references to Game of Thrones characters in the malware.

What Effect Has It Had?

Bad Rabbit is reported to have hit almost 200 victims, most of which are in Russia and Ukraine, although others are in Turkey and Germany.

For companies that have been infected, whole servers have been locked down, thereby rendering the day-to-day IT-based aspects of the business impossible.

High profile victims of Bad Rabbit to date include Russian news agency Interfax where its subscription services were all made unavailable, the St. Petersburg-based Fontanka.ru news website, Ukraine’s Odessa International Airport where its information system stopped functioning, Ukraine’s Ministry of Infrastructure and Kiev’s public transportation system.

What Does This Mean For Your Business?

For UK businesses and other organisations, it’s a case of always being on the lookout for suspicious emails and updates, keeping security software up to date and regularly backing up critical data. The advice with Bad Rabbit (according to The US computer emergency readiness team), as with other ransomware is to not pay the ransom, as is unlikely to guarantee that access will be restored.

In order to provide maximum protection against more prevalent and varied threats this year, businesses should now adopt multi-layered security solutions. Businesses should accept that there is a real likelihood that they will be targeted and therefore prepare for this by implementing the most up to date security solutions, virtual patching and education of employees in order to mitigate risks from as many angles (‘vectors’) as possible.

Having workable and well-communicated Disaster Recovery and Business Continuity Plans in place is now also an important requirement.

MPs have warned Amazon and eBay that their platforms may not be doing enough to prevent many sellers from not charging VAT on their sales, thereby potentially contributing to £1.5bn lost tax revenue for the government.

Report

The VAT loophole was highlighted in a recent report by MPs in the Public Accounts Committee.

What’s Been Happening?

If items are dispatched from UK soil, sellers have to charge VAT at 20%. Amazon and eBay, however, are believed to be keeping some of their stock in UK warehouses in order to provide next day delivery. Some of this stock is likely to be from overseas sellers, and it is believed, therefore, that goods from foreign sellers have been shipped to customers from UK warehouses without VAT being charged. This has enabled some foreign sellers to undercut genuine UK suppliers, and has meant a loss of potential revenue for the Treasury.

Working With HMRC

MPs have criticised an apparent lack of action to date by the big online selling platforms to address the issue, and some critics have also pointed to the fact that Amazon and eBay may actually be profiting from the fraudulent activity of sellers on their platforms by charging sellers a commission.

Amazon and eBay have told the commission that they are working with HMRC to resolve the situation, and that they are engaged in removing those offending sellers from their platforms.

HMRC Criticised

It is not just eBay and Amazon who have come in for criticism by MPs over this matter. MPs have also criticised HMRC for being over-cautious in pursuing what are regarded by many as being VAT fraudsters.

According to the MPs’ report, HMRC could help to stop VAT fraudsters by setting up an agreement with online marketplaces by March next year, and by acting with more urgency in making use of its existing powers.

HMRC has answered critics by pointing out that it had introduced new rules last year specifically to deal with the issues of liability for unpaid VAT by overseas sellers, and that these rules have brought about a ten-fold rise in the number of sellers registering for VAT.

What Does This Mean For Your Business?

This report from MPs and the publicity generated by it are likely to be good news for UK sellers who may have lost out to overseas sellers through simply complying with UK tax law and having to charge higher prices. Hopefully therefore, the report may put pressure on HMRC and big selling platforms like eBay and Amazon that could lead to a more level playing field, and could, of course, generate more much-needed tax revenue for the UK. It is particularly important for MPs to prioritise the issue now with the extra tax complications of Brexit just around the corner.

This may also be a shot across the bows for all large overseas sellers to warn them to respect the laws of the countries that they operate in and to remind them that they are accountable to governments in many of their lucrative markets.

Southend-on-Sea Borough Council is reported to have signed an agreement with tech company Cisco to deploy its ‘Kinetic for Cities’ platform in order to share the benefits of new digital technologies with its businesses and citizens, thereby making it a ‘Smart City’.

What Is ‘Kinetic For Cities’?

According to the Cisco blog, the Cisco Kinetic for Cities platform is a unified IoT platform strategy and a cloud-based platform that helps customers extract, compute and move data from connected things to IoT applications to deliver better outcomes and services. In essence, using sensors, digital management platforms, and analytics programs for all aspects of a city (including solutions for lighting, parking, crowd, environment and others), businesses and citizens can benefit from the effects of urban innovation, sector-specific solutions, city engagement that the technology provides.

Technology Hub

Through the use of the new platform, it is hoped that Southend can become a technology hub, and this can help it to grow and evolve, in line with the rest of the UK and with competition globally. It is also hoped that use of the digital platform could bring smarter, connected experiences for people who live in, work in, or visit the town.

Already Working In Other Cities

Cisco’s Kinetic for Cities platform is already being deployed in other cities such as Manchester (UK) where it is being used to project explore smart transport and CO2 emissions, in Jaipur (India) where it is helping to improve public safety.

How Will It Be Used In Southend?

At the current time, Southend Council looks likely to use the Kinetic for Cities platform for initiatives such as pilots relating to community safety e.g. building an intelligence hub with IP-based public safety systems for use with CCTV and advanced video analytics.

Also, there are plans to use the platform to help with traffic and parking management, easing of congestion, using the IoT to help monitor improve air quality, and to help manage energy better and bring down consumption, thereby reducing costs and helping the environment.

What Does This Mean For Your Business?

It has taken a long time for many of the potential benefits of the IoT to be realised, or for the IoT to be deployed in a more meaningful and beneficial way than in smart household gadgets. Using technology for the benefit of a whole town / city in this way represents a new kind of rapid regeneration which has the potential to benefit many more citizens and businesses than individual physical projects. Improving a whole town, and how efficiently it functions and how effectively it serves those who work and visit it in terms of experiences and opportunities can only be of benefit to locally based businesses, and can create an environment where businesses are better equipped to compete nationally and globally.

Researches have uncovered a major flaw in Wi-Fi connections dubbed as Krack, which could be putting homes and businesses at risk from hackers.

The Flaw

Researchers from Belgian university, KU Leuven, discovered that there is a critical flaw in the authentication system used by secure wireless connections.

All protected Wi-Fi networks use an old, four-way handshake (dialogue) system in order to generate a fresh session. With the handshake, the two devices agree a (session) key to use to keep a secure data connection between them.

According to the researchers, the system of random number generation used in authentication can actually be re-used, thereby allowing someone to enter a network and potentially spy on the data being sent in it.

Exploited

Hackers can exploit the ‘Krack’ vulnerability by tricking victims with a replayed, modified version of the original handshake, thereby making victims reinstall their live session key. This allows the set-up values to be reset which can thereby weaken encryption.

The researchers have found that the flaw means that attackers can potentially hijack a connection, decrypt and inject data, and even forge their own connection.

What / Who Is Affected?

The flaw is in the actual Wi-Fi protected access II (WPA2) security protocol i.e. in the standard itself. This means that there may be millions of routers in customers’ homes and businesses that are vulnerable to attack. Service providers and their customers, therefore, face significant risks because of the flaw.

What About Patching?

The flaw, which has prompted a warning by the US Computer Emergency Readiness Team (Cert), can reportedly be fixed using software patches. Industry body the Wi-Fi Alliance is reported to be working with service providers to help develop a patch, and Google has said that it will be patching any affected devices over the next few weeks.

What Does This Mean For Your Business?

This is reminiscent of the problem encountered back in June, when, after an investigative study by Which?, Virgin Media made the news when its (Netgear) Super Hub 2 and Super Hub 2 AC home routers were found to all have exactly the same private encryption key, thus making them more vulnerable to hacks. This prompted the need for a security patch to be rolled out in order to protect large numbers of customers.

The latest flaw in Wi-Fi connections discovered by the Belgian researchers is another example of how, despite taking their own Internet and data security measures, businesses (and home users) can suddenly find themselves unwittingly being vulnerable to attack because of the equipment and software supplied by service providers who they have to trust. Once again, it is outside security researchers who have discovered the flaw.

Thankfully, patching is generally a fast and effective way to shut down vulnerabilities. Keeping up with patching itself is an important part of any company’s ongoing security processes, and the Fortinet Global Threat Landscape Report (back in August) highlighted the fact that 9 out of 10 businesses are hacked through un-patched vulnerabilities, and that many of these vulnerabilities are 3 or more years old, and have patches already available for them.

Amazon’s Alexa AI digital assistant is now able to tell the difference between the voices of different users in the same household, thus enabling the Amazon Echo to handle multiple-user profiles in a convenient way.

Following Google

This latest development from Amazon follows Google Home’s rollout of multi-user support in the UK back in June. Google Home can, therefore, already deal with 6 different user accounts and voices in a single unit. Each individual user-account responds to each individual user’s voice, and delivers tailored calendars, playlists and preferences to whichever user is speaking to that unit.

Don’t Need The App

Although Alexa could already handle multiple user accounts before, it required the use of an app and a confirmation code to do so. Now that everything can be operated by Alexa being able to successfully recognise multiple voices and deliver tailored services accordingly, it puts the Amazon Echo back in competition (in terms of features) with Google Home.

Compatible

It has been reported that the new feature is compatible with Flash Briefings, shopping, Amazon Music’s family plan and Alexa to Alexa calling.

Teaching Alexa

Just as with Google Home, the AI element of Amazon’s Alexa needs to be taught the difference between the voices of its different users in order to operate successfully for multiple users based on voice alone. This involves each user selecting “Your Voice” in the mobile app, and repeating a series of demo commands to Alexa.

Teens Use, Parents Pay

The Alex multi-voice recognition announcement follows hot on the heels of Amazon’s announcement that an expansion of its Household subscription means that 13-17 year-olds can shop on its site through the app, and using their parents’ payment methods (provided that their parents have set a spending limit or approved each purchase). There is speculation among technical commentators that this is an area where Alexa (and its multi-voice recognition) may be employed in the near future.

What Does This Mean For Your Business?

This is another example of the fierce competition that is currently taking place in the new and rapidly evolving ‘Voice First’ market, which is currently being led by Google, but there is some competition from Microsoft with Cortana and now Amazon. Both Microsoft and Amazon, for example, managed to miss the smart-phone revolution but are concentrating efforts now on becoming serious competitors in ‘Voice First’ revolution.

This story is also an example of how technologies are being merged / combined, copied, collaborated on (Microsoft and Amazon), to enhance / augment, add value to, and better monetize existing services e.g. Skype incorporating Cortana, and the possible addition of Alexa to other Amazon services.

The widespread use of mobile devices and apps, the introduction of (and heavy investment in) AI and robotics into many aspects of products and services by market-leading companies now means that businesses have extra threats and opportunities. As workers, automation led by AI is also likely to alter the nature of jobs, and may mean that more people will need to seek more education / lifelong learning, and be more accepting of the need for change and frequent adaptation in their working lives.