Canon Business Process Services suffered a security incident, according to a data breach disclosure by General Electric, for which Canon processes current and former employees’ documents and beneficiary-related documents.
GE systems were not impacted by the cyberattack, according to the company’s disclosure, but personally identifiable information for current and former employees as well as their beneficiaries was exposed in the Canon breach. The breach, which was first reported by BleepingComputer, took place between Feb. 3 and Feb. 14 of this year, and GE was notified of the breach on the 28th. According to the disclosure, “an unauthorized party gained access to an email account that contained documents of certain GE employees, former employees and beneficiaries entitled to benefits that were maintained on Canon’s systems.”
Said documents included “direct deposit forms, driver’s licenses, passports, birth certificates, marriage certificates, death certificates, medical child support orders, tax withholding forms, beneficiary designation forms and applications for benefits such as retirement, severance and death benefits with related forms and documents.” Personal information stolen “may have included names, addresses, Social Security numbers, driver’s license numbers, bank account numbers, passport numbers, dates of birth, and other information contained in the relevant forms.”
GE’s disclosure also said Canon retained “a data security expert” to conduct a forensic investigation. At GE’s request, Canon is offering two years of free identity protection and credit monitoring services.
GE shared the following statement with SearchSecurity regarding the Canon breach.
“We are aware of a data security incident experienced by one of GE’s suppliers, Canon Business Process Services, Inc. We understand certain personal information on Canon’s systems may have been accessed by an unauthorized individual. Protection of personal information is a top priority for GE, and we are taking steps to notify the affected employees and former employees,” the statement read.
Canon did not return SearchSecurity’s request for comment. At press time, Canon has not released a public statement.
According to a good few reviews, the best GTX 1070 card money can buy It comes factory overclocked, with a hefty 8Gb of VRAM to handle any AAA game, runs super quiet and cool, and has the bonus of software controllable LEDs onboard which look great in the right case (see pics). Selling very reluctantly to finance an upgrade to a Ray Tracing card. In excellent condition, in original box with manual, cables, etc. £190 inc.
I’m not the original owner. I’ve had for about 13 months. According to Dell website it was made in March 2016. The i7 one mentioned above has less RAM, no SSD and is in much worse condition (cracked case in corner). I think my price is fair given the condition and I even accepted an offer of £225 from vrackdc above but they withdrew.
Data storage vendors received $2.1 billion in private funding in 2019, according to SearchStorage.com analysis of data from websites that track venture funding. Not surprisingly, startups in cloud backup, data management and ultrafast scale-out flash continue to attract the greater interest from private investors.
Six private data storage vendors closed funding rounds over more than $100 million in 2019, all in the backup/cloud sector. It’s a stretch to call most of these startups — all but one of the companies have been selling products for years.
A few vendors with disruptive storage hardware also got decent chunks of money to build out arrays and storage systems, although these rounds were much smaller than the data protection vendors received.
According to a recent report by PwC/ CB Insights MoneyTree, 213 U.S.-based companies closed funding rounds of at least $100 million last year. The report pegged overall funding for U.S. companies at nearly $108 billion, down 9% year on year but well above the $79 billion total from 2017.
Despite talk of a slowing global economy, data growth is expected to accelerate for years to come. And as companies mine new intelligence from older data, data centers need more storage and better management than ever. The funding is flowing more to vendors that manage that data than to systems that store it.
“Investors don’t lead innovation; they follow innovation. They see a hot area that looks like it’s taking off, and that’s when they pour money into it,” said Marc Staimer, president of Dragon Slayer Consulting in Beaverton, Ore.
Here is a glance at the largest funding rounds by storage companies in 2019, starting with software vendors:
Kaseya Limited, $500 million: Investment firm TPG will help Kaseya further diversify the IT services it can offer to manage cloud providers. Kaseya has expanded into backup in recent years, adding web-monitoring software ID Agent last year. That deal followed earlier pickups of Cloud Spanning Apps and Unitrends.
Veeam Software, $500 million: Veeam pioneered backup of virtual machines and serves many Fortune 500 companies. Insight Partners invested half of a billion dollars in Veeam in January 2019, and followed up by buying Veeam outright in January 2020 for a $5 billion valuation. That may lead to an IPO. Veeam headquarters are shifting to the U.S. from Switzerland, and Insight plans to focus on landing more U.S. customers.
Rubrik, $261 million: The converged storage vendor has amassed $553 million since launching in 2014. The latest round of Bain Capital investment reportedly pushed Rubrik’s valuation north of $3 billion. Flush with investment, Rubrik said it’s not for sale — but is shopping to acquire hot technologies, including AI, data analytics and machine learning.
Clumio, $175 million: Sutter Hill Ventures provided $40 million in April, on top of an $11 million 2017 round. It then came back for another $135 million bite in November, joined by Altimeter Capital. Clumio is using the money to add cybersecurity to its backup as a service in Amazon Web Services.
Acronis, $147 million: Acronis was founded in 2003, so it’s halfway into its second decade. But the veteran data storage vendor has a new focus of backup blended with cybersecurity and privacy, similar to Clumio. The Goldman Sachs-led funding helped Acronis acquire 5nine to manage data across hybrid Microsoft clouds.
Druva, $130 million: Viking Global Investors led a six-participant round that brought Druva money to expand its AWS-native backup and disaster recovery beyond North America to international markets. Druva since has added low-cost tiering to Amazon Glacier, and CEO Jaspreet Singh has hinted Druva may pursue an IPO.
Data storage startups in hardware
Innovations in storage hardware underscore the ascendance of flash in enterprise data centers. Although fewer in number, the following storage startups are advancing fabrics-connected devices for high-performance workloads.
Over time, these data storage startups may mature to be able to deliver hardware that blends low latency, high IOPS and manageable cost, emerging as competitors to leading array vendors. For now, these products will have limited market to companies that needs petabytes (PB) (or more) of storage, but the technologies bear watching due to their speed, density and performance potential.
Lightbits Labs, $50 million: The Israel-based startup created the SuperSSD array for NVMe flash. The Lightbits software stack converts generic in-the-box TCP/IP into a switched Ethernet fabric, presenting all storage as a single giant SSD. SuperSSD starts at 64 PB before data reduction. Dell EMC led Lightbits’ funding, with contributions from Cisco and Micron Technology.
Vast Data, $40 million: Vast’s Universal Storage platform is not for everyone. Minimum configuration starts at 1 PB. Storage class memory and low-cost NAND are combined for unified block, file and object storage. Norwest Venture Partners led the round, with participation from Dell Technologies Capital and Goldman Sachs.
Honorable mentions in hardware include Pavilion Data Systems and Liqid. Pavilion is one of the last remaining NVMe all-flash startups, picking up $25 million in a round led by Taiwania Capital and RPS Ventures to flesh out its Hyperparallel Flash Array.
Liqid is trying to break into composable infrastructure, a term coined by Hewlett Packard Enterprise to signify the ability for data centers to temporarily lease capacity and hardware by the rack. Panorama Point Partners provided $28 million to help the startup flesh out its Liqid CI software platform.
The public cloud services arena has turned a corner, introducing new challenges for customers, according to the latest edition of “Technology Radar,” a biannual report by global software consultancy ThoughtWorks. Competition has heated up, so top public cloud vendors are creating new cloud services at a fast clip. But in their rush to market, those vendors can roll out flawed services, which opens the door for resellers to help clients evaluate cloud options.
Public cloud has become a widely deployed technology, overcoming much of the resistance it had seen in the past. “Fears about items like security and sovereignty have been calmed,” noted Scott Shaw, director of technology for Asia Pacific region at ThoughtWorks. “Regulators have become more comfortable with the technology, so cloud interest has been turning into adoption.”
The cloud market shifts
With the sales of public cloud services rising, competition has intensified. Initially, Amazon Web Services dominated the market, but recently Microsoft Azure and Google Cloud Platform have been gaining traction among enterprise customers.
Scott ShawDirector of technology for Asia Pacific region, ThoughtWorks
One ripple effect is that the major public cloud providers have been trying to rapidly roll out differentiating new services. However, in their haste to keep pace, they can deliver services with rough edges and incomplete feature sets, according to ThoughtWorks.
Customers can get caught in this quicksand. “Corporations adopting public cloud have not had as much success as they had hoped for,” Shaw said.
Businesses try to deploy public cloud services based on the promised functionality but frequently hit roadblocks during implementations. “The emphasis on speed and product proliferation, through either acquisition or hastily created services, often results not merely in bugs but also in poor documentation, difficult automation and incomplete integration with vendors’ own parts,” the report noted.
Testing is required
ThoughtWorks recommended that organizations not assume all public cloud vendors’ services are of equal quality. They need to test out key capabilities and be open to alternatives, such as open source options and multi-cloud strategies.
Resellers can act as advisors to help customers make the right decisions as they consider new public cloud services, pointing out the strengths and flaws in individual cloud options, Shaw said.
To serve as advisors, however, resellers need in-depth, hands-on experience with the cloud services. “Channel partners cannot simply rely on a feature checklist,” Shaw explained. “To be successful, they need to have worked with the service and understand how it operates in practice and not just in theory.”
Insider threats are on the rise and firms are doing more to stop them, according to a new report from Forrester Research. But it warns that insider threat programs can hurt employee engagement and productivity.
One of the ways companies are trying to curtail insider threats is by analyzing employee personal data to better detect suspicious or risky behavior. But IT security may go overboard in its collection process, security may be too stringent, and practices such as social media monitoring might “lead to eroded employee trust,” Forrester warns.
An insider threat program can turn adversarial, impacting employees in negative ways. It’s up to HR to work with IT security to provide the checks and balances, said Joseph Blankenship, vice president and research director of security and risk at Forrester.
Blankenship further discussed project delays in this Q&A. His responses were edited for clarity and length.
Insider threats are increasing. In 2015, malicious insiders accounted for about 26% of internal data breaches. And in 2019, it was 48%, according to Forrester’s survey data. Why this increase?
Joseph Blankenship: I think it’s twofold. You have the ability for users to monetize data and move data in large quantities like they’ve never had before. The ease of moving that data — and the portability of that data — is one factor. The other big factor is we’re looking for [threats] more often. The tools are better. Whenever we see a new capability for threat detection, that’s usually the period when we see this increase [in discovered incidents].
Nonetheless, this must be a stunning finding for a lot of firms. How do they respond to it?
Blankenship: Probably like the stages of grief. We see that pattern quite a bit in security. An event happens, and we realized we are at risk for that event happening again. So now we put effort behind it. We put budget behind it, we buy technology, we build a program and things improve.
Accidental releaseof internal data accounted for 43% of all insider incidents. What does that say about training?
Blankenship: It’s also culture. Do employees actually understand why the [security] policy is there? Some of that is people trying to get around policies. They find that the security policy is restrictive. You see some of that when people decide to work on their own laptop and their laptop gets stolen. It’s usually people that are somewhat well-meaning, but they find that the policy is getting in their way. Those are all mistakes. Those are all policy violations.
Who is responsible in a company for ensuring that the employees understand the rules?
Blankenship: Typically it’s the CISO’s responsibility to do this kind of security education.
Is this primarily the job of the IT security department?
Blankenship: Certainly, it’s in partnership with human resources.
IT manages the internal security program, but many of the risks from an insider threat program are HR-related such as increased turnover or hiring. The HR department’s metrics suffer if the program creates employee friction. Is that the case?
Blankenship: I don’t think that’s necessarily the case. You have to make the employee aware: ‘Hey, we’re doing this kind of monitoring because we have important customer data. We can’t afford a breach of customer trust. We’re doing this monitoring because we have intellectual property.’ Things become a lot less scary, a lot less onerous, when people understand the reasons why. If it’s too heavy-handed, if we’re doing things to either punish employees or make their jobs really difficult, it does create that adversarial relationship.
What is the best practice here? Should HR or IT spell out exactly what they do to protect company security?
Blankenship: I don’t know if you get into all the specifics of a security program, but make the employees aware. ‘We’re going to be monitoring things like email. We may be monitoring your computer usage.’
What is HR’s role in helping the company implement these policies?
Joseph BlankenshipVice president and research director, Forrester Research
Blankenship: Because HR is the part of the company responsible for employee experience, it is very much incumbent on them to work with the security department and keep it a little bit honest. I’m sure there are a lot of security folks that would love to really turn up the dial on security policies. If you remember some years ago, the big debate was should we allow personal internet usage on company issued devices. There were lots of security reasons why we would say, ‘absolutely not.’ However, the employee experience dictated that we had to allow some of that activity, otherwise we wouldn’t be able to recruit any new employees. We really had to find the balance.
It sounds as if HR’s responsibility here is to provide some checks and balances.
Blankenship: There’s checks and balances as well as helping [IT security] to design the education program. There’s probably not a lot of security technologists that are amazing at building culture, but that is absolutely the job of good HR professionals.
In the last ten years, 2 billion people were affected by disasters according to the World Disasters report 2018. In 2017, 201 million people needed humanitarian assistance and 18 million were displaced due to weather related disasters. Many of these disaster-prone areas are literally “missing” from the map, making it harder for first responders to prepare and deliver relief efforts.
Since the inception of Tasking Manager, the Humanitarian OpenStreetMap Team (HOT) community has mapped at an incredible rate with 11 million square kilometers mapped in Africa alone. However, large parts of Africa with populations prone to disasters still remain unmapped — 60% of the 30 million square kilometers.
Under Microsoft’s AI for Humanitarian Action program, Bing Maps together with Microsoft Philanthropies is partnering with HOT on an initiative to bring AI Assistance as a resource in open map building. The initiative focuses on incorporating design updates, integrating machine learning, and bringing new open building datasets into Tasking Manager.
The Bing Maps team has been harnessing the power of Computer Vision to identify map features at scale. Building upon their work in the United States and Canada, Bing Maps is now releasing country-wide open building footprints datasets in Uganda and Tanzania. This will be one of the first open building datasets in Africa and will be available for use within OpenStreetMap (OSM).
In Tasking Manager specifically, the dataset will be used to help in task creation with the goal of improving task completion rates. Tasking Manager relies on ‘ML enabler’ to connect with building datasets through an API. This API-based integration makes it convenient to access not just Africa building footprints, but all open building footprints datasets from Bing Maps through ML Enabler, and thus the OpenStreetMap ecosystem.
“Machine learning datasets for OSM need to be open. We need to go beyond identifying roads and buildings and open datasets allow us to experiment and uncover new opportunities. Open Building Dataset gives us the ability to not only explore quality and validation aspects, but also advance how ML data assists mapping.” – Tyler Radford (Executive Director, Humanitarian OpenStreetMap Team)
Africa presented several challenges: stark difference in landscape from the United States or Canada, unique settlements such as Tukuls, dense urban areas with connected structures, imagery quality and vintage, and lack of training data in rural areas. The team identified areas with poor recall by leveraging population estimates from CIESIN. Subsequent targeted labeling efforts across Bing Maps and HOT improved model recall especially in rural areas. A two-step process with semantic segmentation followed by polygonization resulted in 18M building footprints — 7M in Uganda and 11M in Tanzania.
Extractions in Musoma, Tanzania
Bing Maps is making this data open for download free of charge and usable for research, analysis and of course, OSM. In OpenStreetMap there are currently 14M building footprints in Uganda and Tanzania (the last time our team counted). We are working to determine overlaps.
We will be making the data available on Github to download. The CNTK toolkit developed by Microsoft is open source and available on GitHub as well. The ResNet3 model is also open source and available on GitHub. The Bing Maps computer vision team will be presenting the work in Africa at the annual International State of the Map conference in Heidelberg, Germany and at the HOT Summit.
Business email compromise has cost a staggering amount of money for enterprises, according to the FBI.
The bureau posted a public service announcement Tuesday that showed business email compromise (BEC) attacks have cost organizations worldwide more than $26 billion between June 2016 and July of this year. The three-year total is based on actual victim complaints reported to the FBI’s Internet Crime Complaint Center (IC3). Earlier this year, the IC3’s 2018 Internet Crime Report highlighted business email compromise as an evolving threat that accounted for a growing number of cybercrime-related losses for enterprises.
“The scam is frequently carried out when a subject compromises legitimate business or personal email accounts through social engineering or computer intrusion to conduct unauthorized transfers of funds,” the FBI wrote in its alert.
The FBI also said it tracked a 100% increase in global losses from business email compromise attacks between May 2018 and July of this year. The bureau said the increase was partially due to a greater awareness of the threat, which the FBI said “encourages reporting to the IC3 and international and financial partners.”
Losses from business email compromise attacks have alarmed some in the cyber insurance market. Jeffrey Smith, managing partner at Cyber Risk Underwriters, said during a Black Hat 2019 session that two most common cyber insurance claims his company saw were for ransomware and wire transfer fraud related to email attacks.
“Ransomware isn’t too surprising, but the wire transfer fraud claims we’re seeing are trending in a bad direction,” Smith said. “If you’re sending a wire [transfer], just pick up the phone and call the person who’s getting it.”
In July, insurance giant American International Group (AIG) Inc. reported that business email compromise attacks had become the leading cause of cyber insurance claims, surpassing ransomware. According to AIG’s report, business email compromise accounted for nearly a quarter of all reported cyber incidents in 2018 for the EMEA region.
The FBI alert recommended that employees enable two-factor authentication to protect against threat actors looking to assume control of email accounts. The alert also recommended employees “ensure the URL in emails is associated with the business it claims to be from,” though this step wouldn’t necessarily prevent business email compromise attacks where attackers have gained control of legitimate email accounts within an organization.
Law enforcement takedowns
Shortly after the FBI alert was issued, the U.S. Department of Justice (DOJ) announced that 281 individuals had been arrested in “Operation reWired,” a global law enforcement effort to take down business email compromise campaigns.
Operation reWired was conducted over a fourth-month period and resulted in seizures of nearly $3.7 million in assets. Arrests were made in the U.S., Nigeria, France, Italy, Japan, Turkey, the U.K. and other countries, with 74 arrests made in the U.S. and 167 arrests in Nigeria; the Justice Department said foreign individuals who conduct business email compromise scams “are often members of transnational criminal organizations, which originated in Nigeria but have spread throughout the world.”
The DOJ didn’t say what the total losses were for the business email compromise scams disrupted by Operation reWired, but it did note that suspects were involved in a range of attacks, including “lottery scams” — where threat actors convince victims to pay phony fees or taxes in order to receive lottery payouts — and “romance scams” — where fake online personas trick victims into making fraudulent transfers or transactions.
“Through Operation reWired, we’re sending a clear message to the criminals who orchestrate these BEC schemes: We’ll keep coming after you, no matter where you are,” said FBI Director Christopher Wray in a statement. “And to the public, we’ll keep doing whatever we can to protect you. Reporting incidents of BEC and other internet-enabled crimes to the IC3 brings us one step closer to the perpetrators.”
More than 800,000 Windows systems worldwide remain vulnerable to BlueKeep, according to new research.
Risk management vendor BitSight Technologies published a report that showed approximately 805,665 systems online — as of July 2 — that remain vulnerable to BlueKeep. That figure represents a decrease of about 17% from BitSight’s previous findings from May 31.
BlueKeep, which was coined by U.K.-based security researcher Kevin Beaumont, is a critical vulnerability that affects the remote desktop protocol (RDP) in older Windows OSes such as Windows 7, Windows XP and Windows Server 2008. The vulnerability could allow unauthorized parties to perform remote code execution on vulnerable systems.
BlueKeep was first disclosed and patched by Microsoft on May 14, but in the days and weeks that followed a number of alerts from Microsoft, as well as the National Security Agency and Department of Homeland Security, warned Windows users that the flaw was “wormable” and urged them to patch immediately. While no BlueKeep attacks have been detected in the wild, several cybersecurity vendors and researchers have demonstrated — but not released — proof-of-concept exploits for the vulnerability.
Two weeks after Microsoft patched BlueKeep, Robert Graham, owner of Errata Security in Portland, Ore., reported that he found “roughly 950,000” vulnerable systems on the public internet using a customized scanning tool. BitSight used Graham’s tool in its own scanning platform and found 972,829 vulnerable Windows systems as of May 31.
The company’s latest research showed that since its initial scans, 167,000 fewer vulnerable systems were found online. Of the total number, BitSight’s report said around 92,000 have “since been observed to be patched;” the remaining systems could have turned off RDP or are frequently changing their IP addresses.
Dan Dahlberg, head of security research at BitSight and author of the report, said the progress is a positive sign but that more work is obviously needed to address the remaining vulnerable systems. “It’s good that we observed some amount of progress rather than having the number remain relatively consistent over that time period,” he said.
The challenge, Dahlberg said, is that organizations that typically use the older Windows OSes “are less likely to be patching this on a much more urgent basis because they probably don’t have the sophistication and technology in terms of patch management or software controls.”
BitSight performed periodic internet scans for BlueKeep-vulnerable systems, but Dahlberg said it’s difficult to associate the activity with discrete points in time regarding the alerts and warnings. “That doesn’t necessarily mean those announcements didn’t have any influence,” he said. “I think they had a significant amount of influence in terms of motivating at least some companies [to patch].”
BlueKeep patching trends
According to the BitSight report, several countries “demonstrated notable reductions” in the number of systems exposed to BlueKeep. For example, China reduced the number of vulnerable systems by 109,670 (a nearly 24% decrease from BitSight’s previous report), while the U.S. saw its number of vulnerable systems drop by 26,787 or approximately 20.3%.
BitSight also broke down patching trends by industry vertical. According to the report, the industries that saw the biggest reductions in vulnerable systems since May 31 were legal (32.9%), nonprofit/NGO (27.1%) and aerospace/defense (24.1%). The industries that saw the smallest drops in vulnerable systems were consumer goods (5.3%), utilities (9.5%), and technology (9.5%).
In addition, BitSight measured the overall exposure of each industry to BlueKeep going forward. Legal, insurance and finance were the least exposed to the vulnerability, while telecommunications and education were the most exposed, followed by technology, utilities and government/politics.
New variants of the Mirai and Gafgyt botnets are targeting unpatched enterprise devices, according to new research.
Palo Alto Networks’ Unit 42 found the variants affect vulnerabilities in Apache Struts and in SonicWall’s Global Management System (GSM). The Mirai variant exploits the same vulnerability in Apache Struts that was behind the 2018 Equifax data breach, while the Gafgyt variant exploits a newly uncovered vulnerability in unsupported, older versions of SonicWall’s GSM.
The research also found the domain that hosts the Mirai samples had resolved to a different IP address in August, which also hosted Gafgyt samples at that time. Those samples exploited the SonicWall GSM vulnerability, which is tracked as CVE-2018-9866. Unit 42’s research did not say whether the two botnets were the work of a single threat group or actor, but it did say the activity could spell trouble for enterprises.
“The incorporation of exploits targeting Apache Struts and SonicWall by these IoT/Linux botnets could indicate a larger movement from consumer device targets to enterprise targets,” the Palo Alto researchers wrote.
The Apache Struts vulnerability exploited by the new Mirai variant was patched last year before it was used in the Equifax breach. But systems that have not been updated are still susceptible to these types of exploits.
The Mirai botnet first emerged in the fall of 2016, and it has since affected hundreds of thousands of IoT and connected devices. The botnet’s malware had primarily targeted consumer devices, and it was responsible for massive distributed denial-of-service attacks on the German teleco Deutsche Telekom and on the domain name server provider Dyn, which took down websites such as Airbnb, Twitter, PayPal, GitHub, Reddit, Netflix and others.
The Unit 42 researchers discovered the Gafgyt and Mirai variant on Aug. 5, and they alerted SonicWall about its GMS vulnerability. The public disclosure was posted by Palo Alto on Sept. 9.