Russia Hit By Ransomware

A new type of ransomware dubbed “Bad Rabbit”, similar to WannaCry and Petya, has been spreading across Russia, Ukraine and into other countries.

What is Ransomware?

Ransomware is a form of malware that typically encrypts important files on the victim’s computer. The victim is then given a ransom demand, the payment of which should mean that the encrypted files can be released. In reality, some types of ransomware delete many important files anyway, and paying the ransom does not guarantee that any files will be released.

How Does It Infect?

The Bad Rabbit ransomware appears to be spread via a bogus Adobe Flash update and, worryingly, is still undetected by the majority of anti-virus programs.

What Does ‘Bad Rabbit’ Do?

Like other ransomware, Bad Rabbit encrypts the contents of the victim’s computer and asks for a payment of 0.05 Bitcoins / £213 to release the locked data. It is common for ransom demands to be made in the crypto-currency Bitcoin because it is out the control of banks and provides anonymity for the perpetrators.

In order to pay the ransom, users are directed to a .onion Tor domain where, where a countdown on the site shows the amount of time before the ransom price goes up.

Some tech / security commentators have noticed references to Game of Thrones characters in the malware.

What Effect Has It Had?

Bad Rabbit is reported to have hit almost 200 victims, most of which are in Russia and Ukraine, although others are in Turkey and Germany.

For companies that have been infected, whole servers have been locked down, thereby rendering the day-to-day IT-based aspects of the business impossible.

High profile victims of Bad Rabbit to date include Russian news agency Interfax where its subscription services were all made unavailable, the St. Petersburg-based Fontanka.ru news website, Ukraine’s Odessa International Airport where its information system stopped functioning, Ukraine’s Ministry of Infrastructure and Kiev’s public transportation system.

What Does This Mean For Your Business?

For UK businesses and other organisations, it’s a case of always being on the lookout for suspicious emails and updates, keeping security software up to date and regularly backing up critical data. The advice with Bad Rabbit (according to The US computer emergency readiness team), as with other ransomware is to not pay the ransom, as is unlikely to guarantee that access will be restored.

In order to provide maximum protection against more prevalent and varied threats this year, businesses should now adopt multi-layered security solutions. Businesses should accept that there is a real likelihood that they will be targeted and therefore prepare for this by implementing the most up to date security solutions, virtual patching and education of employees in order to mitigate risks from as many angles (‘vectors’) as possible.

Having workable and well-communicated Disaster Recovery and Business Continuity Plans in place is now also an important requirement.

4 Out Of 10 UK Businesses Not Ready For GDPR

A study by DMA group, formerly the Direct Marketing Association, has revealed that more than 40% of UK marketers say their business is not ready for changes in the forthcoming General Data Protection Regulation (GDPR).

What Is GDPR?

GDPR will come into force in May 2018. This new Regulation replaces the EU Data Protection Directive of 1995, and the focus of GDPR is on ensuring that businesses are transparent and protect individual privacy rights. The Regulation from the EU, which consists of 99 articles, covers data that is produced by an EU citizen, whether or not the company is located within the EU, and it covers people who have stored data within the EU, whether or not they are EU citizens.

The DMA Group Study Results

The recent DMA Group Study asked 197 (B2B) and consumer-facing companies their thoughts about GDPR and found that while more than half of companies (56%) feel that they are on track with their GDPR plans, 17% feel that they are behind and 15% still have no integrated plan.

16% of respondents themselves in the study were reported as saying that they felt extremely or somewhat unprepared for GDPR, and 31% felt that their whole organisation was extremely or somewhat unprepared.

What’s The Problem?

One of the biggest concerns of the companies surveyed was about the definition of consent (28%). Consent under GDPR, for example will have to be unbundled i.e. consent requests are separate from other terms and conditions, granular (a thorough explanation of options to consent must be given), named (state which organisation and third parties will be relying on consent), and documented (keeping records of how consent was gained).

Consent will also have to be easy to withdraw, and under GDPR implied consent will disappear. These complications around consent and the possible legal consequences of getting things wrong are clearly a concern for UK companies.
Another key concern and top priority highlighted by the study is the changing of a company’s privacy policy (15%) to take account of the new rules.

Worries about GDPR also appear to be growing in businesses as the deadline looms. The study showed for example, that 64% of marketers believed their organisations will be either very or extremely affected by the regulation, compared with 54% in May.

Positive

Some commentators have highlighted a possible positive perspective on GDPR as a catalyst to transform the way organisations speak to customers, and as a way of addressing issues in data protection that they may have had for a long time.

Equifax Reminder

The recent Equifax data breach, where 143 million customer details are thought to have been stolen, and where serious questions have been asked about the company’s conduct in handling the breach, has brought data protection into even sharper focus prior to GDPR and has reminded companies that they have to notify customers of a problem early on.

What Does This Mean For Your Business?

Warnings about the importance of GDPR preparation have been cropping up in the news for more than a year, and successive studies have revealed how businesses have felt unprepared and worried by the complications of the subject, or are simply in denial. One of the key challenges for companies in addition to getting an understanding of consent issues is making sure the technology is in place to help deal with data in compliant way e.g. having the ability to purge or modify data, search and analyze personal data to uncover explicit and implicit references to an individual, or accurately visualize where data is stored because the repositories are not clearly defined. Some technology products are now available to help deal effectively with data, and many tech commentators believe that developments in AI and machine pattern learning / deep learning technologies will be able to be used by companies in the near future to help with GDPR compliant practices.

At this late stage, companies need to press on with and get to grips with GDPR and its implications, perhaps seeking professional advice to highlight which areas are most legally pressing. Taking a positive perspective, not only is compliance with GDPR necessary, but it could actually make sound commercial sense, through providing competitive advantages (because data security is valued by customers), and could have knock-on effects to the cyber resilience of companies.

Companies that have been proactive and moved quickly on this issue could therefore be the ones most likely to minimise the threat of penalties (the law profession is already geared-up to respond to customer complaints), and gain advantages in a marketplace.

eBay And Amazon Sellers VAT Warning

MPs have warned Amazon and eBay that their platforms may not be doing enough to prevent many sellers from not charging VAT on their sales, thereby potentially contributing to £1.5bn lost tax revenue for the government.

Report

The VAT loophole was highlighted in a recent report by MPs in the Public Accounts Committee.

What’s Been Happening?

If items are dispatched from UK soil, sellers have to charge VAT at 20%. Amazon and eBay, however, are believed to be keeping some of their stock in UK warehouses in order to provide next day delivery. Some of this stock is likely to be from overseas sellers, and it is believed, therefore, that goods from foreign sellers have been shipped to customers from UK warehouses without VAT being charged. This has enabled some foreign sellers to undercut genuine UK suppliers, and has meant a loss of potential revenue for the Treasury.

Working With HMRC

MPs have criticised an apparent lack of action to date by the big online selling platforms to address the issue, and some critics have also pointed to the fact that Amazon and eBay may actually be profiting from the fraudulent activity of sellers on their platforms by charging sellers a commission.

Amazon and eBay have told the commission that they are working with HMRC to resolve the situation, and that they are engaged in removing those offending sellers from their platforms.

HMRC Criticised

It is not just eBay and Amazon who have come in for criticism by MPs over this matter. MPs have also criticised HMRC for being over-cautious in pursuing what are regarded by many as being VAT fraudsters.

According to the MPs’ report, HMRC could help to stop VAT fraudsters by setting up an agreement with online marketplaces by March next year, and by acting with more urgency in making use of its existing powers.

HMRC has answered critics by pointing out that it had introduced new rules last year specifically to deal with the issues of liability for unpaid VAT by overseas sellers, and that these rules have brought about a ten-fold rise in the number of sellers registering for VAT.

What Does This Mean For Your Business?

This report from MPs and the publicity generated by it are likely to be good news for UK sellers who may have lost out to overseas sellers through simply complying with UK tax law and having to charge higher prices. Hopefully therefore, the report may put pressure on HMRC and big selling platforms like eBay and Amazon that could lead to a more level playing field, and could, of course, generate more much-needed tax revenue for the UK. It is particularly important for MPs to prioritise the issue now with the extra tax complications of Brexit just around the corner.

This may also be a shot across the bows for all large overseas sellers to warn them to respect the laws of the countries that they operate in and to remind them that they are accountable to governments in many of their lucrative markets.

Changing Faces With AR and AI

The combination of Augmented Reality (AR) and Artificial Intelligence (AI) has led to a cosmetics chain enabling customers to experiment with virtual make-up, and the animation of single still images into photos with moving facial expressions.

Virtual Cosmetics App

Back in March, the new ‘Virtual Artist’ app was first unveiled to the tech world. The app is now being used by French cosmetics / beauty brand Sephora to engage customers and allow them to try out and experiment quickly and easily with the company’s beauty products without needing to physically apply any of the actual products.

Photo Overlaid With AR Make-Up

Sephora’s ‘Virtual Artist’ app, which is used in some of their stores on iPads (available to customers as a smart-phone version) allows customers to try-on virtual make-up. The app, which was developed in partnership with AR company ModiFace, scans a photo of the user’s face, maps where the lips and eyes are, and lets users try on different looks.

The app gives users virtual tutorials that use AI and AR to show users (using a photo of their own face) how to contour, apply highlighter, and create winged eyeliner.

The app currently allows users to experiment with lip colours, eyeshadows, and false lash styles, and to add the products they like to an online shopping basket.

Not The Only One

Sephora’s proprietary ‘Virtual Artist’ app is actually joining the tech beauty gadget market a little late, as it follows in the footsteps of other similar ideas such as the HiMirror Plus, which scan users’ faces and recommends products and skin regimens.

Bringing Still Photos To Life

Another recent innovation to hit the news is a face mapping, AR and AI combined system that has been developed by a joint team from Tel Aviv University and Facebook.

The system enables a single still photo of a person / emoji character / painting of a person’s face to be animated with moving facial expressions.

How It Works

To enable the animation to work, the subjects submit a single still image of their face, plus, they film themselves pulling a variety of faces. Face mapping of the still photo as a guide, and the expressions, combined with a ‘driving video’ of another face, and the software’s ability to fill in the invisible gaps in the picture e.g. the inside of a subject’s mouth, enables moving facial expressions to be overlaid (using AR), thus producing an eerily realistic image with changing facial expressions and emotions.

Why?

Since the system was developed in conjunction with Facebook, tech commentators have speculated the first use of the system will be as part of a fun craze to help engagement with the Facebook platform.

What Does This Mean For Your Business?

It is not difficult to see how, as with the Sephora example, a system that encourages and enables customers to engage with, try out, and willingly widen their knowledge of a product range with minimum risk and hassle could be useful and relevant to many kinds of businesses in different markets e.g. beauty, interior design, furnishings / furniture, and other self / lifestyle / home and garden markets. The ability to enable customers (B2B and domestic) to visually experience and explore products and services like never before offers an exciting opportunity for businesses.

The ability to animate still images in a realistic and engaging way could also feed into multiple industries e.g. marketing / advertising / display / promotions, photography / graphics, greetings and gifts and many more.

The leverage gained from the synergies of combined new technologies could provide exciting business opportunities and areas to develop competitive advantages that are likely to reduce in cost over time.

Southend … The ‘Smart City’

Southend-on-Sea Borough Council is reported to have signed an agreement with tech company Cisco to deploy its ‘Kinetic for Cities’ platform in order to share the benefits of new digital technologies with its businesses and citizens, thereby making it a ‘Smart City’.

What Is ‘Kinetic For Cities’?

According to the Cisco blog, the Cisco Kinetic for Cities platform is a unified IoT platform strategy and a cloud-based platform that helps customers extract, compute and move data from connected things to IoT applications to deliver better outcomes and services. In essence, using sensors, digital management platforms, and analytics programs for all aspects of a city (including solutions for lighting, parking, crowd, environment and others), businesses and citizens can benefit from the effects of urban innovation, sector-specific solutions, city engagement that the technology provides.

Technology Hub

Through the use of the new platform, it is hoped that Southend can become a technology hub, and this can help it to grow and evolve, in line with the rest of the UK and with competition globally. It is also hoped that use of the digital platform could bring smarter, connected experiences for people who live in, work in, or visit the town.

Already Working In Other Cities

Cisco’s Kinetic for Cities platform is already being deployed in other cities such as Manchester (UK) where it is being used to project explore smart transport and CO2 emissions, in Jaipur (India) where it is helping to improve public safety.

How Will It Be Used In Southend?

At the current time, Southend Council looks likely to use the Kinetic for Cities platform for initiatives such as pilots relating to community safety e.g. building an intelligence hub with IP-based public safety systems for use with CCTV and advanced video analytics.

Also, there are plans to use the platform to help with traffic and parking management, easing of congestion, using the IoT to help monitor improve air quality, and to help manage energy better and bring down consumption, thereby reducing costs and helping the environment.

What Does This Mean For Your Business?

It has taken a long time for many of the potential benefits of the IoT to be realised, or for the IoT to be deployed in a more meaningful and beneficial way than in smart household gadgets. Using technology for the benefit of a whole town / city in this way represents a new kind of rapid regeneration which has the potential to benefit many more citizens and businesses than individual physical projects. Improving a whole town, and how efficiently it functions and how effectively it serves those who work and visit it in terms of experiences and opportunities can only be of benefit to locally based businesses, and can create an environment where businesses are better equipped to compete nationally and globally.

Tech Tip: Android: Use Your Phone By Voice Alone

  • Open the latest version of the Google App.
  • Top left, tap Menu, Settings, Voice, then OK Google Detection.
  • Make sure that “From the Google App” and “Always on” are switched on.

Making A Call By Voice

  • Say “OK Google, call (person’s name)”.
  • Google will ask which number you want to associate with the name.
  • If Google doesn’t recognise your voice, open the Google app, tap ‘Menu’ (top left), tap Settings, Voice, OK Google Detection.

Major Wi-Fi Security Risk

Researches have uncovered a major flaw in Wi-Fi connections dubbed as Krack, which could be putting homes and businesses at risk from hackers.

The Flaw

Researchers from Belgian university, KU Leuven, discovered that there is a critical flaw in the authentication system used by secure wireless connections.

All protected Wi-Fi networks use an old, four-way handshake (dialogue) system in order to generate a fresh session. With the handshake, the two devices agree a (session) key to use to keep a secure data connection between them.

According to the researchers, the system of random number generation used in authentication can actually be re-used, thereby allowing someone to enter a network and potentially spy on the data being sent in it.

Exploited

Hackers can exploit the ‘Krack’ vulnerability by tricking victims with a replayed, modified version of the original handshake, thereby making victims reinstall their live session key. This allows the set-up values to be reset which can thereby weaken encryption.

The researchers have found that the flaw means that attackers can potentially hijack a connection, decrypt and inject data, and even forge their own connection.

What / Who Is Affected?

The flaw is in the actual Wi-Fi protected access II (WPA2) security protocol i.e. in the standard itself. This means that there may be millions of routers in customers’ homes and businesses that are vulnerable to attack. Service providers and their customers, therefore, face significant risks because of the flaw.

What About Patching?

The flaw, which has prompted a warning by the US Computer Emergency Readiness Team (Cert), can reportedly be fixed using software patches. Industry body the Wi-Fi Alliance is reported to be working with service providers to help develop a patch, and Google has said that it will be patching any affected devices over the next few weeks.

What Does This Mean For Your Business?

This is reminiscent of the problem encountered back in June, when, after an investigative study by Which?, Virgin Media made the news when its (Netgear) Super Hub 2 and Super Hub 2 AC home routers were found to all have exactly the same private encryption key, thus making them more vulnerable to hacks. This prompted the need for a security patch to be rolled out in order to protect large numbers of customers.

The latest flaw in Wi-Fi connections discovered by the Belgian researchers is another example of how, despite taking their own Internet and data security measures, businesses (and home users) can suddenly find themselves unwittingly being vulnerable to attack because of the equipment and software supplied by service providers who they have to trust. Once again, it is outside security researchers who have discovered the flaw.

Thankfully, patching is generally a fast and effective way to shut down vulnerabilities. Keeping up with patching itself is an important part of any company’s ongoing security processes, and the Fortinet Global Threat Landscape Report (back in August) highlighted the fact that 9 out of 10 businesses are hacked through un-patched vulnerabilities, and that many of these vulnerabilities are 3 or more years old, and have patches already available for them.

Cortana Integrated With Skype

Microsoft has added its talking digital assistant ‘Cortana’ to Skype to provide ‘contextual assistance’, which could help Skype users in their online chats.

What Kind of Assistance?

The idea is that the digital assistant can use its AI to pick up on what is being said in a Skype chat and then help to provide relevant information on that subject. This could be anything from (depending on the content of the chat) relevant restaurant option suggestions, movie reviews, and suggestions of smart replies and responses. According to Microsoft, Cortana will enable users to respond to messages in Skype without needing to type.

Your Digital Secretary

The addition of Cortana to Skype means that it will also be able to pick up on conversations about scheduling events, and will then be able to set up a reminder that can be sent to all of your devices. This will see Cortana acting like a kind of virtual secretary, able to ‘listen’ to and take note of all of your plans. This could have obvious benefits in making sure you don’t miss important appointments / events, and that you are able to improve business planning and organisation.

Cortana As Your Contact

The Cortana / Skype bundle will also mean that the digital assistant can be added as a contact in Skype. This means that you will be able to chat with it as you would other contacts, and use it to answer questions, suggest restaurants, check flights, give the weather outlook, and other information.

Setting It Up

Users will be able to easily set up Cortana in Skype on mobile devices by tapping Cortana on their chat screen, and by agreeing to allow Cortana to use the user’s location and IM conversations in Skype.

The Rollout

According to the Microsoft blog, Cortana in Skype will be ‘gradually’ rolled out, starting from 9th October, to Microsoft’s Android and iOS customers in the United States first.

What Does This Mean For Your Business?

This alliance of Cortana with Skype is another important competitive step in the battle for leadership in the voice-controlled / ‘Voice First’ market and will help Microsoft to achieve its aim of making Cortana available for its customers everywhere and across any device.

In September, Microsoft also announced that it was working in partnership with Amazon in a bid to put a lot of pressure on competitors, gain distribution and overlap, and to enable their respective AI digital assistants to work together in a move to create an open way to communicate and interconnect with AI platforms.

As consumers, figures show that over a one-third of us (in the US and the UK) use digital assistants weekly (the equivalent to Netflix’s adoption level). This is a trend that is set to continue. For example, Ovum forecasts the native digital assistant installed base to grow from 3.6 billion (from last year) to 7.5 billion active devices by 2021. As long as digital assistants are able to add and provide real value, and tangible benefits, more people will be willing to try them, and to integrate them willingly into their business operations e.g. Skype calls. The market is still in the early stages though, and with Google currently predicted to dominate, we are likely to see many more announcements for many more applications and integrations of digital assistants into devices and platforms in the near future.

Alexa Now Recognises Multiple Voices

Amazon’s Alexa AI digital assistant is now able to tell the difference between the voices of different users in the same household, thus enabling the Amazon Echo to handle multiple-user profiles in a convenient way.

Following Google

This latest development from Amazon follows Google Home’s rollout of multi-user support in the UK back in June. Google Home can, therefore, already deal with 6 different user accounts and voices in a single unit. Each individual user-account responds to each individual user’s voice, and delivers tailored calendars, playlists and preferences to whichever user is speaking to that unit.

Don’t Need The App

Although Alexa could already handle multiple user accounts before, it required the use of an app and a confirmation code to do so. Now that everything can be operated by Alexa being able to successfully recognise multiple voices and deliver tailored services accordingly, it puts the Amazon Echo back in competition (in terms of features) with Google Home.

Compatible

It has been reported that the new feature is compatible with Flash Briefings, shopping, Amazon Music’s family plan and Alexa to Alexa calling.

Teaching Alexa

Just as with Google Home, the AI element of Amazon’s Alexa needs to be taught the difference between the voices of its different users in order to operate successfully for multiple users based on voice alone. This involves each user selecting “Your Voice” in the mobile app, and repeating a series of demo commands to Alexa.

Teens Use, Parents Pay

The Alex multi-voice recognition announcement follows hot on the heels of Amazon’s announcement that an expansion of its Household subscription means that 13-17 year-olds can shop on its site through the app, and using their parents’ payment methods (provided that their parents have set a spending limit or approved each purchase). There is speculation among technical commentators that this is an area where Alexa (and its multi-voice recognition) may be employed in the near future.

What Does This Mean For Your Business?

This is another example of the fierce competition that is currently taking place in the new and rapidly evolving ‘Voice First’ market, which is currently being led by Google, but there is some competition from Microsoft with Cortana and now Amazon. Both Microsoft and Amazon, for example, managed to miss the smart-phone revolution but are concentrating efforts now on becoming serious competitors in ‘Voice First’ revolution.

This story is also an example of how technologies are being merged / combined, copied, collaborated on (Microsoft and Amazon), to enhance / augment, add value to, and better monetize existing services e.g. Skype incorporating Cortana, and the possible addition of Alexa to other Amazon services.

The widespread use of mobile devices and apps, the introduction of (and heavy investment in) AI and robotics into many aspects of products and services by market-leading companies now means that businesses have extra threats and opportunities. As workers, automation led by AI is also likely to alter the nature of jobs, and may mean that more people will need to seek more education / lifelong learning, and be more accepting of the need for change and frequent adaptation in their working lives.

Drone Hits Passenger Aircraft

A remotely piloted drone struck a Skyjet turboprop passenger plane as it made its approach to land at Jean Lesage Airport in Quebec, Canada last Thursday.

What Happened?

The drone craft, which was being operated by a person as-yet unknown, was reported to have been flying at a height of about 450 metres / 1,500 feet and at an estimated 3,000 metres from the runway at the airport. As the Skyjet passenger aircraft came in to land, it was struck by the drone causing minor damage to the aircraft. Fortunately, the aircraft, which was carrying 8 passengers, was able to land safely.

Interim Rules In Place

Interim ‘Transport Canada’ regulations (to be approved next year), first introduced in March and amended in June, make it a violation for recreational drone to be flown within 5.5 kilometres from an airport, and 1.8 kilometres from a heliport without having special permission. Drone operators must also not fly their drones above 90 metres in height. Violation of the current regulations can warrant a $25,000 fine.

Accident Waiting To Happen

According to Canada’s Federal Transport Minister Marc Garneau’s office, 1,596 drone incidents were reported to Transport Canada in 2017, 131 of which were deemed aviation safety concerns.

This was, however, the first time that a drone had actually struck a passenger aircraft in Canada, and Mr Garneau is reported as saying that it could have been “catastrophic” if the drone had collided with the engine or cockpit.

Worldwide Problem

Drones flying too close to airports have now become a problem worldwide. Back in July, for example, a drone being flown dangerously close to Gatwick airport in the UK meant that four Easyjet and one British Airways flights had to be diverted.

Drone Photographer Punished

In another incident in Essex back in August, a 28-year-old man from Kirby Cross was apprehended by police, after flying his drone too close to a railway station. The man was reportedly trying to use the drone to get photos of a Tornado steam engine, and was reported for a breach of his Air Navigation Order. According to the Police, the man had flown the drone within 50 metres of other people and property out of their control. Legally, a drone should not be flown within 150m of crowds or built-up areas.

The man was punished by way of an agreement contract with Essex Police, and was given a community resolution.

New Rules in the UK

In the UK, new government rules mean that drones weighing 250 grams and above now need to be registered online. Owners of these drones will also have to take safety awareness tests to determine their knowledge of UK safety, security, and privacy regulations. The government hopes that these new rules will help to develop accountability among drone owners and encourage them to act responsibly.

What Does This Mean For Your Business?

Drones are part of a new industry where the technology and products have been developing before the law has had an opportunity to catch up. Drones clearly have many productive, value-adding, and innovative business uses, and they have been tested and tipped for wider use in the future by brands such as Amazon for parcel deliveries. A move towards autonomous vehicles and new transport technologies means that drones currently have a bright future when used responsibly and professionally. The fact that drones are widely and easily available (with minimal restrictions) to individuals as well as companies, as shown by the many aircraft near misses, indicates that most people would welcome the introduction of regulations that contribute to public safety. It is important, however, that any new rules take account of the rights of the majority of responsible drone users, and don’t restrict the commercial potential of drones.