Tag Archives: campaign

Microsoft faces hurdles in selling Teams to first-line workers

Microsoft has launched a public relations campaign to convince businesses that its Teams collaboration app is suitable for use by so-called first-line workers. At stake is a significant expansion of Teams into the lives of workers ranging from retail associates to housekeepers to factory hands.

Success will depend on how well the tech giant develops more industry-specific features and recruits additional hardware partners. Both are needed to drive  Microsoft Teams into first-line segments of the workforce, industry analysts said.

“We should not be impressed by a press release,” said Michael Finneran, principal at dBrn Associates Inc. “And at this point what they have is a press release.”

The capabilities Microsoft is adding to Teams are nothing new, Finneran said. The same kinds of features are already available to first-line workers today from established technology vendors like Motorola Solutions and Spectralink, as well as from numerous startups with apps for specific industries.

What’s more, Microsoft has so far discussed first-line workers in broad terms. But nurses, field technicians, and workers on the floor of a manufacturing plant have very different technology needs. The company won’t be taken seriously by many potential customers until it demonstrates an understanding of their industry.

Microsoft will also need hardware partners. Retail sales associates and warehouse workers typically use shared mobile devices with unique features and strict access controls. But many of Microsoft’s features for first-line workers seem to require businesses to let employees use personal smartphones at work.

Microsoft has only just begun to build that hardware ecosystem. Samsung announced this month it would launch a smartphone for first-line workers that will come pre-integrated with a new walkie-talkie feature in Teams. The device, the Galaxy XCover Pro, will launch sometime in the first half of 2020.

Similarly, Microsoft is still in the early stages of rolling out many of the features for first-line workers that its marketing department has hyped in blogs and press releases. 

Some of the newest features won’t launch for months or longer — and when they do hit the market, they’ll only be available in preview. Technology released in preview mode is in the early stages of development. Large organizations often have policies against using software before it passes beta testing.

For example, a walkie-talkie feature in Teams that drew headlines earlier this month won’t be available until mid-2020. Even then, it will only ship to select users in a private preview. Several other device-related Teams features will launch in a public showing. Those capabilities include SMS sign-in, shared device sign-out and a portal for managing devices.

Nevertheless, Microsoft could succeed in getting first-line workers to use Teams in the long run, analysts said. The company has billions of dollars to spend and already has a foot in the door with most enterprises in the world.

“Microsoft can get there if they want to, but they ain’t getting there without really putting their nose to the grindstone,” Finneran said.

Microsoft said in a statement that it has already made progress in getting companies with first-line workers to use Teams. The businesses include plumbing supply firm Ferguson and retailers Ikea and Mattress Firm.

“These are just a few of the companies on the leading edge of involving the first-line workforce in digital transformation,” Microsoft said. It did not provide details on how those companies’ employees were using Teams.

Microsoft’s broad software portfolio will give the company a leg up. Beyond Teams, Microsoft can offer customers a productivity suite, a customer relationship management app and platforms for e-commerce and internet of things (IoT) projects.

“Microsoft is just able to bring more of the pieces to the solution than a lot of its competitors,” said Rob Arnold, analyst at Frost & Sullivan.

And Microsoft has a clear financial incentive to follow through on its rhetoric.

So-called knowledge workers — the kind of desk-based employees who use software like Microsoft Office — represent only 15% to 25% of the U.S. workforce. Worldwide, the percentage falls to 10% to 15%, according to calculations by PKE Consulting LLC.

The rest of the workforce comprises service workers, like bank tellers, nurses, UPS drivers, waiters and maids.

Those kinds of workers haven’t used collaboration apps like Teams in the past. But Microsoft could significantly increase its market footprint if it convinces them to use Teams in the future, said Raúl Castañón-Martinez, analyst at 451 Research.

“I think they are definitely very serious about going after that segment,” he said.

Go to Original Article

A deep dive on SamSam ransomware

New insights into the notorious SamSam ransomware revealed just how successful the campaign has been since it first appeared in 2016.

According to new research from cybersecurity vendor Sophos Ltd., the SamSam ransomware has generated nearly $6 million in ransom payments from more than 200 organizations. The Sophos report details how the campaign operates differently than most traditional ransomware efforts, and it argues that a single threat actor is likely behind SamSam rather than a group of cybercriminals.

Why does the SamSam ransomware work so well? Why does the threat actor behind the campaign take a more manual approach to targeting and infecting victims? Will other cybercriminals take a page from SamSam’s increasingly sophisticated and effective playbook? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.

Malvertising campaign tied to legitimate online ad companies

Check Point Research uncovered an extensive malvertising campaign that has ties to legitimate online advertising companies.

Check Point’s report, titled “A Malvertising Campaign of Secrets and Lies,” detailed how a threat actor group used more than 10,000 compromised WordPress sites and multiple exploit kits to spread a variety of malware, including ransomware and banking Trojans. The group, which Check Point refers to as “Master134,” was responsible for a “well-planned” malvertising campaign that involved several online advertisement publishers, resellers and networks, including a company known as AdsTerra that Check Point claims was “powering the whole process.”

The technical aspects the Master134 campaign aren’t novel, according to Check Point. The threat actors used unpatched WordPress sites that were vulnerable to remote code execution attacks and then redirected traffic from those sites to pages run by ad networks, which in turn redirected users to a malicious domain that downloads malware to users’ systems.

Check Point researchers took a closer look at how traffic was directed to the malicious domains and found “an alarming partnership between a threat actor disguised as a publisher and several legitimate resellers.” According to the report, Master134 sells its traffic or “ad space” to the AdsTerra network, which then sells it to advertising resellers such as ExoClick, AdKernel, EvoLeads and AdventureFeeds.

The reseller then sells the Master134 traffic to their clients, but Check Point said its researchers discovered an odd pattern with the sales. “All the clients who bid on the traffic directed via AdsTerra, from Master134, happen to be threat actors, and among them some of the exploit kit land’s biggest players,” the report claimed.

Check Point Research speculated that threat actors operating these malicious domains and exploit kits pay Master134 for traffic or “victims,” which are supplied to them via a seemingly legitimate channel of ad networks. While the vendor didn’t accuse AdsTerra or the resellers of knowingly participating in the malvertising campaign, the report did say the ad networks would need to “turn a blind eye” for this scheme to be successful.

“[A]lthough we would like to believe that the resellers that purchase Master134’s ad space from AdsTerra are acting in good faith, unaware of Master134’s malicious intentions, an examination of the purchases from AdsTerra showed that somehow, space offered by Master134 always ended up in the hands of cyber criminals, and thus enables the infection chain to be completed,” the report stated.

SearchSecurity contacted AdsTerra, ExoClick, EvoLeads, AdventureFeeds and AdKernel for comment on the Check Point report.

AdKernel denied any involvement with the Master134 group or related threat actors. Judy Shapiro, chief strategy advisor, emailed a statement to SearchSecurity claiming the Check Point report is false and that AdKernel is an ad-serving technology provider, not an ad network or reseller. Shapiro also wrote that AdKernel did not own the malicious domains cited in the Check Point report, and that those domains were “owned by ad network clients of AdKernel.” The company, however, did not say who those clients were.

The other four companies had not responded at press time.

The Check Point Research report had strong words for the online advertising industry and its inability or unwillingness to prevent such malvertising campaigns from taking advantage of their networks.

“[W]hen legitimate online advertising companies are found at the heart of a scheme, connecting threat actors and enabling the distribution of malicious content worldwide, we can’t help but wonder — is the online advertising industry responsible for the public’s safety?” the report asked. “Indeed, how can we be certain that the advertisement we encounter while visiting legitimate websites are not meant to harm us?”

Stolen digital certificates used in Plead malware spread

Stolen digital certificates at the center of a new malware campaign made the malicious software appear safe before it stole user passwords.

An espionage group used stolen digital certificates to sign Plead backdoor malware and a password stealer component used in attacks in East Asia, according to Anton Cherepanov, senior malware researcher at ESET. The password stealer targeted Google Chrome, Mozilla Firefox and Internet Explorer browsers, as well as Microsoft Outlook.

Cherepanov determined the certificates were likely stolen because the malware code was signed with the “exact same certificate … used to sign non-malicious D-Link software.”

“Recently, the JPCERT published a thorough analysis of the Plead backdoor, which, according to Trend Micro, is used by the cyberespionage group BlackTech,” Cherepanov wrote in a blog post. “Along with the Plead samples signed with the D-Link certificate, ESET researchers have also identified samples signed using a certificate belonging to a Taiwanese security company named Changing Information Technology Inc. Despite the fact that the Changing Information Technology Inc. certificate was revoked on July ‎4, ‎2017, the BlackTech group is still using it to sign their malicious tools.”

ESET researchers contacted D-Link about the stolen digital certificates, and D-Link revoked the compromised certificate on July 3.

Cherepanov said this case was different from recent issues with compromised SSL certificates because the stolen digital certificates were used to sign malicious files, and “unlike SSL certificates, the code signing certificates can’t be obtained for free.”

“Misusing digital certificates is one of the many ways cybercriminals try to mask their malicious intentions — as the stolen certificates let malware appear like legitimate applications, the malware has a greater chance of sneaking past security measures without raising suspicion,” Cherepanov wrote via email. “This technique also helps attackers to circumvent native/built-in protective measures of the OS based on the validity of these certificates. Also noteworthy, certificates from a Taiwan-based company were stolen and misused by Stuxnet.”

Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, said “there’s no doubt we’re going to see a lot more of these attacks in the future,” where machine identities and stolen digital certificates are being abused by malicious actors.

“Code signing certificates are a method to ensure the identity of the code developer. Ideally, they verify that the software has been published by a trusted company. They also double-check the software to ensure that it hasn’t degraded, become corrupted, or been tampered with,” Bocek wrote via email. “Because of the power of these certificates, if they fall into the wrong hands they can be the ultimate ‘keys to the kingdom’. Any attacker or developer with malicious intent can obtain a private key for code signing if they really want to. What deters most of them is that they have to register with the [certificate authority] to obtain one, which makes it much easier to identity them if they distribute malicious code. This is why there is a thriving black market for stolen code-signing certificates.”

Year in review: ‘Digital civility’ takes hold, 2018 to bring increased focus – Microsoft on the Issues

2017 was another significant year in online safety at Microsoft. We launched our campaign for “digital civility,” held our first teen council summit and joined forces with others across the globe to promote safer and healthier online interactions among all people. In 2018, we hope digital civility takes even firmer root, as we expand our research and broaden the impact of our findings.

Topics like online hate speech, extremist content, the proliferation of child sexual abuse imagery, and bullying and harassment continued to dominate the headlines – and we took additional steps to protect customers, advance dialogues and collaborate across interested groups on each of these issues.

Jacqueline Beauchere of Microsoft shakes the hand of Pope Francis at the first World Congress: Child Dignity
Jacqueline Beauchere of Microsoft shakes the hand of Pope Francis at the first World Congress: Child Dignity

We joined the Anti-Defamation League’s new Anti-Cyberhate Technology Solutions Lab; we teamed with Facebook, Twitter and YouTube to form the Global Internet Forum to Counter Terrorism, and we participated in the first World Congress on Child Dignity in the digital age, sponsored by the Centre for Child Protection at the Pontifical Gregorian University at the Vatican. We again took part in the International Bullying Prevention Association’s annual meeting with a new focus on research and algorithmic solutions to online abuse, and we helped to shape an upcoming global campaign to prevent bullying and to inspire courage and compassion in youth as they navigate the 21st century digital world.

Safer Internet Day launches Digital Civility Challenge

This list of online ills and potential pitfalls, among others, spurred us to create our campaign for digital civility: online interactions grounded in empathy, respect and kindness. We launched the campaign on Safer Internet Day 2017, including results of research in 14[1] countries about teens’ and adults’ exposure to 17 online risks. We compiled and announced our first international Digital Civility Index, as well as our Digital Civility Challenge that calls on people around the world to pledge on social media to adopt four basic tenets of online life:

  • Treat others as you would like to be treated
  • Respect differences
  • Pause before replying, and
  • Stand up for yourself and others.

Our hope all along was that a variety of internet stakeholders would value the concept of digital civility and be inspired to create their own projects, programs and initiatives grounded in the challenge principles – and we’re starting to see just that: more groups are referencing digital civility and the need for more respectful online interactions.

Council for Digital Good embraces digital civility

To reach young people on some of these ideas, we formed our inaugural Council for Digital Good made up of 15 teens from across the U.S.  Teen council members spent two days on our Redmond, Washington campus in August at our first council summit. On site, they produced individual written manifestos about acceptable online behavior, and followed with artistic and creative works to bring their written words to life. Here’s one artistic creation from Isabella, a 13-year-old from Washington state. Isabella’s painting was recommended to a competition by her school’s Parent-Teacher Association and could garner national attention. And, to think, it all started as a council project. (Note digital civility is front and center!)

Know the right thing, do the right thing

Looking ahead to 2018

Next year, again timed to Safer Internet Day, on Feb. 6, we’ll release even more research on digital civility. We polled teens and adults in the same 14 countries plus nine others[2], and we’re planning further engagements for our teen council, including another in-person event next summer – this time something more public so others can meet and interact with this impressive group of young people.

As we move into the new year, we realize our focus and work on these issues is still developing and is always evolving. We are making progress individually and collectively as we collaborate with others in industry and other sectors. Still, more stakeholders need to be involved, invested and committed to making internet experiences safer and healthier. A series of recommended smart practices for promoting digital civility was another component of our 2017 release that we hope to build on in 2018. Whether you’re a newer technology company, policymaker, educator, civil society leader or parent, there’s a role for you in making the web a more positive place.

We look forward to sharing more in February and throughout 2018. Until then, visit our website and resources page on the Microsoft YouthSpark Hub. For more regular news and information, “like” us on Facebook and follow us on Twitter. Happy 2018, and remember there’s still time to take the Digital Civility Challenge!

[1] Countries surveyed: Australia, Belgium, Brazil, Chile, China, France, Germany, India, Mexico, Russia, South Africa, Turkey, the United Kingdom and the United States.

[2] Additional countries surveyed in the 2018 research are: Argentina, Colombia, Hungary, Ireland, Italy, Japan, Malaysia, Peru and Vietnam.

Tags: digital civility