Tag Archives: Group

The new Washington Privacy Act raises the bar for privacy in the United States – Microsoft on the Issues

This month, a bipartisan group of legislators in Washington state presented new legislation that could soon become the most comprehensive privacy law in the country. The centerpiece of this legislation, the Washington Privacy Act as substituted, goes further than the landmark bill California recently enacted and builds on the law Europeans have enjoyed for the past year and a half.

As Microsoft President Brad Smith shared in his blog post about our priorities for the state of Washington’s current legislative session, we believe it is important to enact strong data privacy protections to demonstrate our state’s leadership on what we believe will be one of the defining issues of our generation. People will only trust technology if they know their data is private and under their control, and new laws like these will help provide that assurance. We’re encouraged that privacy legislation in Washington has been welcomed by privacy advocates such as Consumer Reports and the Future of Privacy Forum.

To date, the U.S. has taken the approach of enacting privacy law in just a few key areas, such as financial services, children and some health data. However, on average, people today produce 25 times the online data they did in 2010, and this data no longer just records our medical checkups or banking activities but just about every aspect of our lives. The Washington Privacy Act addresses these significant gaps by creating comprehensive baseline protections. As the United States Congress continues to work on these safeguards, states such as Washington have the opportunity to move faster and give people the protections they deserve.

Washington came close to passing a good bill last year. As I wrote in April 2019, every year we kick the can down the road is another year we’ll spend searching for the perfect legislation rather than starting to provide people with needed protection, and then building on a strong foundation. And people are overwhelmingly voicing their support for the legislature to take action now. In a Crosscut/Elway poll conducted in December 2019, 84% of Washington respondents supported “strengthening consumer protections for personal data online” and placed privacy above issues such as carbon emissions and rent control.

Why the Washington Privacy Act is strong

The Washington Privacy Act, introduced by Senator Reuven Carlyle, has four core components that we believe are critical in any comprehensive privacy bill.

Corporate responsibility: First, it holds companies responsible for ensuring they only use data for the reason they collect it and with the permission of their customers. If a company collects someone’s phone number for the purpose of two-factor authentication, they shouldn’t then be permitted to use that information for targeted ad or search purposes.

Consumer empowerment: Second, it gives people the ability to control their data by providing rights to access, correct, delete and relocate their data, and to limit a company’s ability to use their data.

Transparency: Third, it requires companies to be clear about their intentions for collecting people’s personal data in a way that is easy to understand.

Strong enforcement: Fourth, it enables the state attorney general to ensure companies comply with the law. The state attorney general can take legal action with penalties up to $7,500 per violation, meaning total penalties for a non-compliant company could – depending on the number of people affected – amount to hundreds of millions of dollars. In addition to attorney general enforcement, the Washington Privacy Act requires companies to be responsive to consumer requests for information about what data of theirs companies have and how that data is used.

This year’s bill has significant improvements over last year’s legislation. For example, it now requires companies to tell people why their data is being collected and to use it only for that purpose, ensures companies only collect the minimum data needed for that purpose, and prohibits companies from using data in new ways that are different and distinct from the reasons they collected the information in the first place.

Prevent a “race to the bottom” with facial recognition

In addition to addressing the four privacy principles, the Washington Privacy Act sets standards for how and when companies can use facial recognition technology. This portion of the bill includes a range of steps to protect people from this largely unregulated technology, and we think four are particularly worth discussing.

Fairness: First, suppliers of facial recognition technology must build their technology so that third-party research organizations can test its accuracy and examine it for bias.  When undisclosed problems with the technology are discovered, suppliers must take action.

Consent: Second, the default rule is that people must give permission for companies to add their image to a facial recognition database and this consent must be meaningful, not just a footnote buried in legal jargon.

Notification: Third, in any public place where facial recognition technology is used, companies must post clear notice.

Human Review: Fourth, results of facial recognition must be verified when critical decisions such as mortgage approvals or employment considerations are being made, and humans have to be involved in the decision-making process.

The Washington Legislature will also consider an important proposal to regulate the use of facial recognition by government. A bill proposed by Senator Joe Nguyen contains many of the safeguards the Washington Privacy Act applies to corporate use as well as new rules to be applied to governmental scenarios. For example, the technology can only be used in public places to address serious crimes when a search warrant has been issued or when there’s a genuine emergency such as a terrorist threat or a kidnapped child. Law enforcement must disclose to defendants when facial recognition is being used in a legal case against them.

As Brad Smith has outlined, if we don’t act, we risk waking up five years from now (or even sooner) to find that facial recognition services have spread in ways that exacerbate societal issues. By setting boundaries before, during and after deployment of facial recognition, we hope that these regulations offer the public more opportunity to be involved in the decisions regarding the acceptable use of the technology by commercial actors as well as state and local authorities. Neither the Washington Privacy Act nor the Nguyen bill provide all the answers to the challenges that will arise with this technology, but both bills provide strong baseline standards that will give people meaningful protections for the first time. Passing these bills in this session will allow the legislature to focus future sessions on building and improving upon them.

Open public dialogue

We believe advocating for laws like these are good for our customers and important for holding the industry to higher standards than the law does today. Microsoft has been engaged along with dozens of entities including companies, privacy experts, advocacy groups and legislators invited to comment on early draft proposals leading up to this session. We are committed to working with lawmakers and stakeholders to ensure the final bill provides comprehensive privacy protection for all Washingtonians. You can learn more about our efforts from last week’s testimony.

Tags: , , , , , ,

Go to Original Article
Author: Microsoft News Center

DOJ takes action against Dridex malware group, Evil Corp

The U.S. and the U.K. announced criminal charges and sanctions against alleged members of the Russian threat group Evil Corp, which is responsible for the Dridex malware.

The U.S. Department of Justice indicted Maksim Yakubets, 32, of Russia on counts of computer hacking and bank fraud. The State Department offered up to $5 million for information leading to the arrest and/or conviction of Yakubets, who is the alleged leader of Evil Corp. Additionally, the DOJ indicted Igor Turashev, 38, in relation to the Dridex banking Trojan.

The Department of Treasury announced sanctions against Evil Corp, which has been active since 2009 and has been connected to the Zeus, Bugat and Dridex malware. According to the Treasury Department announcement, “Evil Corp has used the Dridex malware to infect computers and harvest login credentials from hundreds of banks and financial institutions in over 40 countries, causing more than $100 million in theft.”

Assistant Attorney General Brian Benczkowski of the Justice Department’s criminal division noted in the DOJ press release that the U.K. National Crime Agency (NCA) was “crucial” in efforts to identify Yakubets and other members of Evil Corp.

The DOJ unsealed two indictments — one filed on Nov. 12 in the Western District of Pennsylvania and one filed Nov. 14 in the District of Nebraska. The former indictment named both Yakubets and Turashev in multiple fraud attempts using Dridex malware beginning in Nov. 2011, including an attempted transfer of $999,000 from the Sharon City School District and an attempt to transfer nearly $2.2 million from Penneco Oil. In total, the indictment filed in Pennsylvania included 10 charges of conspiracy, fraud and intentional damage to a computer.

The indictment filed in Nebraska only named Yakubets and listed 21 businesses and local government offices targeted across the country, nine of which were financial institutions, and covered incidents dating back to 2009. 

According to the DOJ, Yakubets went by the handle “aqua” online. A case from the District of Nebraska charged a John Doe “also known as ‘aqua'” and resulted in the extradition of two Ukrainian nationals from the U.K. to the U.S. in 2014. Those Ukrainians had previously been convicted in the U.K of laundering money for Evil Corp.

The Treasury Department said that its sanctions target “17 individuals and seven entities to include Evil Corp, its core cyber operators, multiple businesses associated with a group member, and financial facilitators utilized by the group.” The announcement went on to name Denis Gusev as a senior member of Evil Corp, as well as entities owned or controlled by Gusev, six other members of the group and eight known financial facilitators.

Previous attempts

These actions are not the first taken against Dridex malware threat actors. In October 2015, the DOJ indicted Andrey Ghinkul in connection with spreading the malware. Ghinkul was arrested in August 2015 in Cyprus and extradited to the U.S. in February 2016.

At the time, Brad Duncan, security researcher at Rackspace, noted that Dridex incidents had disappeared in September following Ghinkul’s arrest, but new instances of the malware began appearing again before the DOJ announced the indictment.

In October 2015, both the FBI and NCA set up sinkholes in efforts to stop the malware from connecting to command and control servers. But by January 2016, IBM security researchers confirmed a new version of Dridex malware was targeting banks in the U.K.

Earlier this year, Chronicle released the results of a five-year study into crimeware, which included looking at arrests made in connection with Zeus and Dridex malware, and found that law enforcement takedown attempts had only short-lived impacts if the masterminds behind such crimeware were not apprehended.

Go to Original Article
Author:

Vancouver Canucks defend data with Veeam backup

As host of the ice hockey events at the 2010 Winter Olympics, Aquilini Investment Group, owner of Rogers Arena and the Vancouver Canucks, had to rethink its entire IT game plan.

Rogers Arena has a capacity of around 18,000 people, and its IT infrastructure had to ensure all ticket scanners, Wi-Fi and point-of-sale systems would never go down during the heavy influx of attendees. In 2010, Aquilini revamped its legacy systems, moving away from physical servers and tape to virtualization and VM backup. It deployed VMware and Veeam backup.

“We were starting to see the serious benefits of virtualization compared to traditional physical servers,” said Olly Prince, manager of infrastructure at Canucks Sports & Entertainment and Aquilini Group.

The switch dramatically changed how the Canucks handled backup. Prince described the old system as “hit-or-miss.” Backup copies of data were stored on tapes that were then sent to an off-site facility. When a user needed something restored, the correct tape had to be found and then delivered back to the data center for restoration. The whole process took four or five business days, and there was no guarantee that the restoration would succeed.

With Veeam backup, Prince said, he’s now able to restore data in 10 minutes.

Cloud considerations hinge on cost

As part of the IT revamp, Aquilini has been looking at the cloud more closely, but has only dipped a toe in. So far, there is a single test/dev workload deployed on AWS that isn’t being backed up because of how inconsequential it is. Prince had conducted a cost analysis and found that it’s still cheaper to run most workloads in VMs on premises.

Headshot of Olly PrinceOlly Prince

However, Aquilini wants to dive deeper into cloud. Some of the ways the company wants to take advantage of the cloud are disaster recovery (DR), Office 365 backup and to give coaches a way to upload videos or access useful player metadata while they are on the road. Right now, the last option is being achieved by having the team carry a “travel server” with them wherever they go.

“We’re looking at everything as a whole and strategizing what makes sense for our organization to do on cloud or on prem,” said Margaret Pawlak, IT business strategy and project manager at Aquilini Group, Canucks Sports & Entertainment.

Headshot of Margaret PawlakMargaret Pawlak

Aquilini recently finished a proof of concept with Microsoft Azure for DR. Prince said he was able to replicate on-premises applications and run them on the cloud, but the next step is factoring in costs. The company’s current DR plan involves replicating and failing over to an off-site facility about 60 kilometers away from the main data center. That site also houses its own separate production environment, so while it has enough storage to bring enough VMs back online to keep the business running, it won’t include absolutely everything.

Although Pawlak and Prince said they’re actively working on pushing some of these cloud strategies, they’re having difficulty convincing the rest of the organization that changes are necessary.

Horror stories don’t get you a [cloud backup] budget.
Olly PrinceManager of infrastructure, Canucks Sports & Entertainment

In the case of Office 365 backup, there is a pervasive myth that its native long-term retention policy is a suitable replacement for true, point-in-time backup. Prince pointed out that retention doesn’t help when trying to restore a corrupted or deleted file.

In the case of DR, Pawlak said it is hard to put a business case forward for what is essentially insurance. The benefit is not something tangible until a real disaster hits, and there’s a belief that such an event will never actually happen. Prince said it’s a difficult attitude to overcome until it’s too late — no matter how many times he’s shared IT horror stories from his peers in the industry.

“Horror stories don’t get you a budget,” Prince said.

Backup strategies beyond the rink

Prince’s team of four IT personnel, himself included, is responsible not just for the Canucks franchise and Rogers Arena, but for hotels, wineries and other properties owned by Aquilini Group. A total of 180 TB from 60 VMware VMs are being protected by Veeam backup. Aside from the daily business data generated by Rogers Arena, some of the VMs also house audio and visual data, as well as player performance metadata that the Canucks franchise uses for scouting, training and coaching.

Aquilini uses Darktrace for cyberdefense, but Prince focuses much of his attention on user training as well. He said ransomware is more likely to get through unaware staff than through vulnerabilities in devices or workstations they use, so he trains them on how to spot phishing and avoid executing programs they’re unsure of. A good backup system is also an important part of the overall security package.

Aquilini would not comment on other data protection vendors that were considered besides Veeam, but Prince said ease of deployment and use were huge factors in the decision, given how small his IT staff is.

Prince said he wants Veeam to work natively with Azure cold storage, which it currently doesn’t. On top of certain files that need to be retained for compliance reasons, the Canucks franchise has a large amount of audio and visual files that need to be archived for potential future use. Not all the footage is mission-critical, but some clips might be useful for pulling together a promotional video.

“It would be nice to take a backup of that and shove it somewhere cheap,” Prince said.

Go to Original Article
Author:

Global cryptomining attacks use NSA exploits to earn Monero

A new threat group has launched cryptomining attacks around the globe and is using exploits from the National Security Agency to spread its malware.

The threat group, dubbed ‘Panda,’ was revealed this week in a new report from Cisco Talos. Christopher Evans and Dave Liebenberg, threat researcher and head of strategic intelligence, respectively, at Cisco Talos, wrote that although the group is “far from the most sophisticated” it has been very active and willing to “update their infrastructure and exploits on the fly as security researchers publicize indicators of compromises and proof of concepts.”

“Panda’s willingness to persistently exploit vulnerable web applications worldwide, their tools allowing them to traverse throughout networks, and their use of RATs, means that organizations worldwide are at risk of having their system resources misused for mining purposes or worse, such as exfiltration of valuable information,” Evans and Liebenberg wrote in a blog post. “Our threat traps show that Panda uses exploits previously used by Shadow Brokers and Mimikatz, an open-source credential-dumping program.”

The NSA exploits include EternalBlue, which attacks a vulnerability in Microsoft’s Server Message Block (SMB) protocol. The researchers first became aware of Panda’s cryptomining attacks in the summer of 2018 and told SearchSecurity that over the past year they’ve seen daily activity in the organization’s honeypots.

“We see them in several of our honeypots nearly every day, which tells me they’re targeting a large portion of the internet,” Evans said. “Our honeypots are deployed throughout the world, and I’ve never seen a geographic focus of their attacks in the data. The applications they target are widely deployed, and without patching are easy targets.”

Since January, the researchers saw Panda’s cryptomining attacks changing by targeting different vulnerabilities — first a ThinkPHP web framework issue, then an Oracle WebLogic flaw — and using new infrastructure both in March and again over the past month.

“They also frequently update their targeting, using a variety of exploits to target multiple vulnerabilities, and [are] quick to start exploiting known vulnerabilities shortly after public POCs become available, becoming a menace to anyone slow to patch,” the researchers wrote. “And, if a cryptocurrency miner is able to infect your system, that means another actor could use the same infection vector to deliver other malware.”

Liebenberg told SearchSecurity, “It appears that instead of employing good OpSec they focus on volume. That’s one reason why they’ll keep using old, burned infrastructure while still deploying new ones.” 

Evans and Liebenberg said in their research that the Panda group has made approximately 1,215 Monero (a cryptocurrency that emphasizes privacy), which equates to almost $100,000 today. One Monero is currently equal to $78, but the value of Monero has fluctuated — beginning the year around $50 and peaking over $110 in June.

The researchers have confirmed Panda cryptomining attacks against organizations in the banking, healthcare, transportation, telecommunications and IT services industries. Evans and Liebenberg also told SearchSecurity that the best way for organizations to detect if they have been attacked would be to “look for prolonged high system utilization, connections to mining pools using common mining ports (3333, 4444), watching for common malware persistence mechanisms, watching for DNS traffic to known mining pools and enabling the appropriate rules in your IDS.”

Go to Original Article
Author:

Hustle Up! Discover Microsoft Store resources for a better side hustle

While many are interested in starting a side gig, there is one group in particular that’s looking for ways to make extra money and improve business skills this time of year—higher education students.

With the arrival of a new academic year comes a diverse crop of achievement-minded students looking for innovative ways to gain invaluable on-the-go experience while earning much-needed income.

Considering student loans, single parenthood, increased costs of living, and more, the reality for today’s higher education students is that they need to earn money now, while expanding their professional know-how. They understand employers are looking for nontraditional employees with uniquely diversified expertise and specialties, and they don’t have the luxury of depending solely on internships anymore.

These students have found they can leverage their passions to start side hustles to turn a profit and gain hands-on knowledge that aligns with the theories they are learning in class.

In order to pinpoint the most advantageous resources and tips needed for a side hustle, Microsoft Store collaborated with Chris Guillebeau, a New York Times bestselling author and host of the Side Hustle School podcast.

“Side hustles are a great way to create options, which are important in today’s world. They’re a fast track to freedom and job security. Consider the purpose of an internship—experience. Why not get paid for your experience by learning to start an income-generating project?”
—Chris Guillebeau

The challenge for some people who build a side hustle is that they have amazing ideas to generate extra income, but need help managing their business operations. That’s where solutions like Microsoft 365 and other Microsoft Store resources can help.

Start to Hustle Up!

Hustle Up!, a mobile experience, was developed by Microsoft Store to help identify the right resources needed to amplify different kinds of side hustles. By answering a series of questions, Hustle Up! explores your side hustle aptitude, identifies your strengths and interests, and connects you with the best resources to help you on your way.

Each of the four Hustle Up! outcomes—Freelancer, Maker, Reseller, and Expert—were carefully crafted to match you with your top side hustle type and each highlight your professional skills along with top actionable tips from Chris Guillebeau. Tips include prime resources that help you maintain work, school, and life balance, such as:

  • For Freelancers, having the ability to get reviews ASAP is critical. Reviews matter a lot in business, especially when you are trying to stand out in an overly saturated market. Chris recommends that Freelancers gather real-time client feedback by creating surveys and polls using Microsoft 365 offerings.
  • Side hustlers who fall into the Expert category know how to adapt their knowledge to a product or service but can struggle trying to stay on top of all their clients’ various needs. To manage multiple asks and schedules, Chris advises Experts to keep track of their daily, weekly, and monthly tasks while on the go with OneNote.

Eager to learn and achieve more with your side hustle? Even more expert tips await! Try Hustle Up! to discover how to better your side hustle and visit Microsoft Store in person or online to uncover additional resources, fun and free workshops, and solutions that will amplify your entrepreneurial skills.

Go to Original Article
Author: Microsoft News Center

British Airways data breach may be the work of Magecart

The British Airways data breach may have been the handiwork of the threat actor group known as Magecart.

Security researchers at the threat intelligence company RiskIQ Inc., reported that they suspect Magecart was behind the late August British Airways data breach, based on their analysis of the evidence. The Magecart group focuses on online credit card skimming attacks and is believed to be behind the Ticketmaster data breach discovered in June 2018.

British Airways reported it had suffered a breach on Sept. 6 that affected around 380,000 customers. The company said personal and payment information were used in payment transactions made on the website and the mobile app between Aug. 21 and Sept. 5.

In a blog post published a week later, RiskIQ researcher Yonathan Klijnsma said that because the British Airways data breach announcement stated that the breach had affected the website and mobile app but made no mention of breaches of databases or servers, he noticed similarities between this incident and the Ticketmaster breach.

The Ticketmaster breach was caused by a web-based credit card skimming scheme that targeted e-commerce sites worldwide. The RiskIQ team said that the Ticketmaster breach was the work of the hacking group Magecart, and was likely not an isolated incident, but part of a broader campaign run by the group.

The similarities between the Ticketmaster breach and the reports of the British Airways data breach led Klijnsma and the RiskIQ team to look at Magecart’s activity.

“Because these reports only cover customer data stolen directly from payment forms, we immediately suspected one group: Magecart,” Klijnsma wrote. “The same type of attack happened recently when Ticketmaster UK reported a breach, after which RiskIQ found the entire trail of the incident.”

Klijnsma said they were able to expand the timeline of the Ticketmaster activity and discover more websites affected by online credit card skimming.

“Our first step in linking Magecart to the attack on British Airways was simply going through our Magecart detection hits,” Klijnsma explained. “Seeing instances of Magecart is so common for us that we get at least hourly alerts for websites getting compromised with their skimmer-code.”

He noted that in the instance of the British Airways data breach, the research team had no notifications of Magecart’s activity because the hacking group customized their skimmer. However, they examined British Airways’ web and mobile apps specifically and noticed the similarities — and the differences.

The fact they likely had access long before the attack even started is a stark reminder about the vulnerability of web-facing assets.
Yonathan Klijnsmathreat researcher, RiskIQ

“This attack is a simple but highly targeted approach compared to what we’ve seen in the past with the Magecart skimmer which grabbed forms indiscriminately,” Klijnsma wrote. “This particular skimmer is very much attuned to how British Airway’s (sic) payment page is set up, which tells us that the attackers carefully considered how to target this site instead of blindly injecting the regular Magecart skimmer.”

Klijnsma also said it was likely Magecart had access to the British Airways website and mobile app before the attack reportedly started.

“While we can never know how much reach the attackers had on the British Airways servers, the fact that they were able to modify a resource for the site tells us the access was substantial, and the fact they likely had access long before the attack even started is a stark reminder about the vulnerability of web-facing assets,” he wrote.

Magecart, RiskIQ noted, has been active since 2015 and has been growing progressively more threatening as it customizes its skimming schemes for particular brands and companies.

In other news

  • President Donald Trump signed an executive order this week that imposes sanctions on anyone who attempts to interfere with U.S. elections. After Russian interference in the 2016 U.S. presidential election, there are fears that there will be further interference in the upcoming 2018 midterm election. In response to those fears, Trump signed an executive order that sanctions would be placed on foreign companies, organizations or individuals who have interfered with U.S. elections. The order says that government agencies must report any suspicious, malicious activity to the director of national intelligence, who will then investigate the report and determine its validity. If the director of national intelligence finds that the suspect group or individual has interfered, there will be a 45-day review and assessment period during which the Department of Justice and Homeland Security will decide whether sanctions are warranted. If they are, the foreign group or individual could have their U.S. assets frozen or be banned from the country.
  • A vulnerability in Apple’s Safari web browser enables attackers to launch phishing attacks. Security researcher Rafay Baloch discovered the vulnerability and was also able to replicate it in the Microsoft Edge browser. Baloch published the proof of concept for both browser vulnerabilities early this week, and while Microsoft had addressed the issue in its August Patch Tuesday release — citing an issue with properly parsing HTTP content as the cause — Apple has yet to issue any patches for it. The vulnerability in Safari iOS 11.3.1 could thus still be used to spoof address bars and trick users into thinking they are visiting a legitimate site that is actually malicious.
  • The hacker known as “Guccifer” will be extradited to the U.S. to serve a 52-month prison sentence. A Romanian court ruled that the hacker, who is known for exposing the misuse of Hillary Clinton’s private email server before the 2016 U.S. presidential election and whose real name is Marcel Lehel Lazar, will be extradited to America to serve his 52-month sentence after finishing his seven-year sentence in Romania — his home country. Lazar pleaded guilty in May 2016 to charges of unauthorized access to a protected computer and aggravated identity theft. Lazar is believed to have hacked into the accounts of around 100 people between 2012 and 2014, including former Secretary of State Colin Powell, CBS Sports’ Jim Nantz and Sidney Blumenthal, a former political aide to Bill Clinton and adviser to Hillary Clinton.

Lazarus Group hacker charged in Wannacry, Sony attacks

The Department of Justice has officially charged one member of the North Korean Lazarus Group for his role in the Wannacry attacks, the Sony Pictures breach, theft on the SWIFT banking system and more.

Nathan Shields, special agent for the FBI, filed an affidavit of complaint against the Lazarus Group hacker, Park Jin Hyok, on June 8, 2018, but the charges were made public Sept. 6.

Park was charged with conspiring to commit “unauthorized access to computer and obtaining information, with intent to defraud, and causing damage, and extortion related to computer intrusion” and wire fraud.

“The evidence set forth herein was obtained from multiple sources, including from analyzing compromised victim systems, approximately 100 search warrants for approximately 1,000 email and social media accounts accessed internationally by the subjects of the investigation, dozens of orders issued … and approximately 85 formal requests for evidence to foreign countries and additional requests for evidence and information to foreign investigating agencies,” Shields wrote in the affidavit.

Shields wrote that the affidavit was “made in support of a criminal complaint against, and arrest warrant” for Park, but there is no indication the DoJ knows where Park is currently located. The last mention in the affidavit noted Park returned to North Korea in 2014 after spending three years working for North Korean company Chosun Expo in China.

Although Park was the lone Lazarus Group hacker named in the filing, the entire North Korean team was implicated in the 2014 Sony Pictures breach, the 2016 theft of $81 million from Bangladesh Bank via the SWIFT network, the 2017 Wannacry ransomware attack as well as “numerous other attacks or intrusions on the entertainment, financial services, defense, technology and virtual currency industries, as well as academia and electric utilities.”

“In 2016 and 2017, the conspiracy targeted a number of U.S. defense contractors, including Lockheed Martin, with spear-phishing emails. The spear-phishing emails sent to the defense contractors were often sent from email accounts that purported to be from recruiters at competing defense contractors, and some of the malicious messages made reference to the Terminal High Altitude Area Defense (THAAD) missile defense system deployed in South Korea,” the U.S. Attorney’s Office for the Central District of California wrote in its  press release. “The attempts to infiltrate the computer systems of Lockheed Martin, the prime contractor for the THAAD missile system, were not successful.”

Confirmation of North Korean involvement

Park is the first Lazarus Group hacker named and officially charged by the U.S. government, but the Lazarus Group and North Korea has been connected to attacks before.

As far back as Dec. 2014, the FBI stated there was enough evidence to conclude that North Korea was behind the attack on Sony Pictures. And, in Dec. 2017 both the U.S. and U.K. governments blamed the Wannacry attacks on North Korea.

The affidavit detailed the use of the Brambul worm, which was malware attributed to the Lazarus Group in a US-CERT security alert issued by the FBI and Department of Homeland Security in May 2018.

However, while the confirmation of North Korean involvement was generally praised by experts, not all were happy that Park was the only Lazarus Group hacker to be named and charged.

Jake Williams, founder and CEO of Rendition Infosec, based in Atlanta, wrote on Twitter that it was a “human rights issue” to charge Park because the Lazarus Group hacker “likely had zero choice in his actions.”

M12 announces $4 million global competition for women entrepreneurs – Stories

Microsoft’s venture fund, M12, partners with EQT Ventures and SVB Financial Group to accelerate funding for women leaders

REDMOND, Wash. — July 26, 2018 M12, Microsoft Corp.’s venture fund, in collaboration with the EQT Ventures fund and SVB Financial Group, on Thursday announced the Female Founders Competition, seeking to accelerate funding for top women-led startups focused on enterprise technology solutions. Two winners will share $4 million in venture funding, as well as access to technology resources, mentoring and more.

Women entrepreneurs receive a disproportionately small amount of venture funding, with only 2.2 percent of the total invested in 2017 going to women-founded startups. Studies have shown that investing in companies founded by women delivers significantly higher returns than the market average. By shining a light on this highly talented, but underfunded group of entrepreneurs, M12 and its partners seek to not only fund innovative female entrepreneurs, but to spotlight the funding gap that exists and the benefits of more equitable distribution of capital.

“We formed M12 to make smart bets on innovative people and their ideas, and the Female Founders Competition is an extension of that mandate,” said Peggy Johnson, executive vice president of Business Development at Microsoft. “This isn’t about checking a box; it’s an opportunity to remind the VC community that investing in women is more than just good values, it’s good business.”

“The EQT Ventures team is all about backing founders with the ambition, drive and vision to build a global success story,” said Alastair Mitchell, partner and investment advisor at EQT Ventures. “This competition reflects this and offers women entrepreneurs a great platform from which to launch their business, providing them with access to capital and mentorship. It also raises awareness of the funding gap between male and female founders, and the EQT Ventures team wants to play an active role in bridging that gap.”

Submissions will be accepted from July 26, 2018, to Sept. 30, 2018, and open across three regions: Europe, Israel, and North America (U.S., Canada and Mexico). Companies will be eligible to apply if they have at least one woman founder, have raised less than $4 million in combined equity funding and/or loans at day of application, and offer or intend to release a product, service or platform that addresses a critical business problem.

“At SVB, we strive to help innovative companies succeed,” said Tracy Isacke, head of Corporate Venture at Silicon Valley Bank. “Research tells us diverse teams are more successful. We believe this is true for our business, our clients’ businesses and the innovation economy at large. Our partnership with Microsoft has created a great opportunity for SVB to engage in this competition and is one of the many ways we are supporting diverse representation in the global innovation ecosystem.”

Up to 10 finalists will pitch in person for the chance to be one of the two startups that earn a $2 million investment as well as access to technology resources, mentoring and additional support. The competition also seeks to drive greater awareness for both finalists and winners, with the potential for future funding from the broader VC community. Full guidelines and contest information can be found on M12’s application page.

About EQT Ventures

EQT Ventures is a European VC fund with commitments of just over €566 million. The fund is based in Luxembourg and has investment advisors stationed in Stockholm, Amsterdam, London, San Francisco and Berlin. Fueled by some of Europe’s most experienced company builders, EQT Ventures helps the next generation of entrepreneurs with capital and hands on support. EQT Ventures is part of EQT, a leading investment firm with approximately EUR 50 billion in raised capital across 27 funds. EQT funds have portfolio companies in Europe, Asia and the US with total sales of more than EUR 19 billion and approximately 110,000 employees.

About SVB Financial Group

For 35 years, SVB Financial Group (NASDAQ: SIVB) and its subsidiaries have helped innovative companies and their investors move bold ideas forward, fast. SVB Financial Group’s businesses, including Silicon Valley Bank, offer commercial and private banking, asset management, private wealth management, brokerage and investment services and funds management services to companies in the technology, life science and healthcare, private equity and venture capital, and premium wine industries. Headquartered in Santa Clara, California, SVB Financial Group operates in centers of innovation around the world. Learn more at svb.com.

About M12

As the corporate venture arm for Microsoft, M12 (formerly Microsoft Ventures) invests in enterprise software companies in the Series A through C funding stage. As part of its value-add to portfolio companies, M12 offers unique access to strategic go-to-market resources and relationships globally. Visit https://m12.vc/ to learn more.

For more information, press only:

Microsoft Media Relations, WE Communications for Microsoft, (425) 638-7777, [email protected]

Lucy Wimmer, PR for EQT Ventures, +44(0) (755) 128-9177, [email protected]

Julia Thompson, PR for Silicon Valley Bank, (415) 764-4707, [email protected]

Note to editors: For more information, news and perspectives from Microsoft, please visit the Microsoft News Center at http://news.microsoft.com. Web links, telephone numbers and titles were correct at time of publication but may have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://news.microsoft.com/microsoft-public-relations-contacts.

Evergreen Services Group: New deal to up MSP revenue to $40M

Evergreen Services Group, a holding company focused on purchasing managed service providers, is on the cusp of its fifth acquisition, a move that will bring the investor’s MSP revenue to more than $40 million.

The company, based in San Francisco, launched in 2017 as a spinoff of Alpine Investors, a private equity firm. Evergreen has received a $100 million equity commitment from Alpine to launch its acquisition campaign, which got underway seven months ago, according to Ramsey Sahyoun, head of M&A at Evergreen.

Evergreen’s investments include Executech, an MSP in the Salt Lake City area; Wolf Consulting and Jenlor, MSPs in greater Pittsburgh; and Interlaced LLC, an MSP in San Diego specializing in Apple environments.

Next up is an acquisition of an Austin, Texas, MSP that Evergreen Services Group expects to announce next week.

M&A in the MSP market

Evergreen’s acquisitions are in line with the general consolidation trend ongoing in the MSP market. A number of investment groups, including Fusion Agiletech, Converge Technology Partners and Great Hill Partners in conjunction with Reliam Inc., for example, are in the process of building IT services company platforms.

Sahyoun said Evergreen offers a different opportunity for MSPs in the M&A landscape. He said Evergreen purchases 100% of a company and generally pays in cash upfront, noting that other investors strike deals based on earn-outs or seller notes.

In addition, Evergreen takes a long-term view as it acquires companies, Sahyoun said.

“We are not going to smash a few MSPs together and sell in three or four years,” he said. “We are fortunate … to have a long-term financial backer behind this vision of ‘Let’s do this over many years and not just try to make a quick buck.'”

The long-range view enables Evergreen to invest in its acquired companies. Sahyoun said investments in sales and marketing, as well as in service delivery, sets up the acquired companies to have sustainable growth.

The companies Evergreen has acquired thus far will operate as stand-alone, independent platforms, he explained. Evergreen’s approach is to treat companies above the $1 million EBITDA threshold as platforms and those below that mark as add-on acquisitions that would be tucked into one of Evergreen’s platforms.

While Evergreen Services Group doesn’t plan to integrate the platform companies, there will be coordination among its holdings. Sahyoun said Evergreen recently started to bring executives from the companies together in a peer-group format in which they can share best practices and discuss business challenges. In addition, Evergreen provides a subject-matter expert directory and playbook on its website to help companies through such tasks as selecting an IaaS provider or collecting accounts receivable.

Chart showing recent transactions in the IT services industry
Evergreen Services Group is among the investment organizations looking to do deals in the MSP market.

Looking for SMB focus, MRR

Evergreen’s acquisition approach is to look for MSPs serving the small and medium-sized business market that have more than half of their business coming from monthly recurring revenue (MRR).

We look for companies that have a good, predictable stream of revenue.
Ramsey Sahyounhead of M&A, Evergreen Services Group

“That is what we value and what gets us excited about this industry,” Sahyoun said of MRR. “We look for companies that have a good, predictable stream of revenue.”

Customer satisfaction and high retention rates are also important factors in assessing acquisition candidates. To determine customer satisfaction, Evergreen Services Group goes through a process of talking to a subset of an acquisition candidate’s customers as part of its post-letter-of-intent due diligence.

Sahyoun said the company uses a third-party vendor to conduct the customer surveys, which yield such information as net promoter scores.

In general, Sahyoun suggested the recent uptick in acquisition activity in the MSP market signals a greater confidence in the companies following the MSP business model.

“The business has gotten fundamentally better over time,” he said, noting the shift from break-fix to MMR revenue. “That is a big part of what is driving investor interest.”

Other news

  • Microsoft made several announcements ahead of its annual partner conference, Microsoft Inspire. Among the disclosures is a free version of Microsoft Teams; a Whiteboard app for Windows 10 that is also slated for iOS; an expanded Azure Data Box offering; and new programs and resources that aim to help partners take advantage of Microsoft’s global customer and partner ecosystems. Microsoft also unveiled an Azure Expert MSP program, two Cloud Practice Playbooks and four Digital Transformation eBooks. Microsoft Inspire will run July 15 to 19 in Las Vegas.
  • Accenture has acquired Kogentix, a Schaumburg, Ill., company that focuses on big data and AI services. Kogentix employs about 220 big data engineers, data scientists, machine learning engineers and software developers, according to Accenture.
  • IT management software company SolarWinds has acquired Trusted Metrics, a threat monitoring and management vendor. SolarWinds said it will launch SolarWinds Threat Monitor, a tool for MSPs and managed security services providers, as a result of the buyout. In related news, private equity investment firm and SolarWinds backer Thoma Bravo revealed plans to purchase a majority interest in identity and access management player Centrify.
  • More than half of North American channel partners expect to see an increase in IT spending in 2018 compared with last year, according to a mid-year survey of 363 partner companies undertaken by OneAffiniti, a channel marketing solutions provider.
  • Dataguise, a data privacy protection and compliance vendor, unwrapped the DgSecure Partner Program for selling the company’s data governance enablement software. The program provides training and certification; incentives; demo software; sales leads and sales enablement tools; and market development funds (MDF). Partners can also access deal registration and marketing materials through the Dataguise partner portal, the vendor said.
  • Networking vendor Ruckus Networks unveiled a program for enabling partners to sell Ruckus Cloud Wi-Fi. The Cloud-Ready Specialization Program offers tools, training, technical support and incentives and is open to Select- and Elite-level Ruckus Ready partners, the vendor said. Ruckus also provides Smart Cities, Large Public Venue and Education specializations.
  • Yamaha Unified Communications, an audio and video conferencing vendor, introduced a global partner program. The program features three tiers — Basic, Emerging and Prime — with incremental benefits and incentives. At the Basic level, partners can access deal registration, a demo program, special discounts, product training and post-sales technical support. Emerging and Prime partners can tap volume incentive rebates and marketing support such as MDF, according to Yamaha UC.
  • WhiteHat Security, an application security provider, and RiskIQ, a digital threat management firm, are integrating their platforms. The integration gives joint customers “a detailed inventory of web-facing properties, which we can onboard into WhiteHat Sentinel for continuous scanning,” according to John Atkinson, vice president of strategic alliances at WhiteHat Security. As a result, channel partners can provide a “comprehensive solution for dynamic application security testing.”
  • Cybersecurity vendor Bitdefender expanded its security offerings for MSPs. New products include Patch Management, Advanced Threat Security, and Endpoint Detection and Response, available within the Bitdefender Cloud Security for MSP endpoint security suite. The three new offerings can be purchased via monthly usage-based licensing, Bitdefender said.
  • LogiGear, a software-testing vendor, said Royal Cyber, a solution provider based in Naperville, Ill., has joined its roster of value-added resellers. Royal Cyber will provide automation testing using LogiGear’s TestArchitect technology, LogiGear said.

Market Share is a news roundup published every Friday.

Digital transformation process: Align business and IT, shake legacy

At the Strongbow Consulting Group, founder and managing partner Cathy Horst Forsyth and her team help large enterprises digitally transform — specifically around network and infrastructure. From her experience with Fortune 500 companies, legacy applications and systems and misalignment of technology and business strategies can cause significant setbacks in the digital transformation process.

In this SearchCIO interview from the MIT Sloan CIO Symposium, Horst Forsyth details the trends and challenges that she’s seeing in enterprises that are going through the digital transformation process and what’s needed to be successful.

Editor’s note: This transcript has been edited for clarity and length.

What parts of the enterprise are leading the charge in the digital transformation process?

Cathy Horst Forsyth: You see it all on the edges of the business where we have lines of business working directly with their customers, with their individual goals. I think where we see digital transformation being most progressive and most successful is when those lines of business — at the front end of the business — are working closely with their technology partners. What doesn’t seem to work well, or at least what can fall back and have negative consequences is when the lines of business are transforming and driving digital transformation that does not align with a corporate strategy and isn’t compliant with [an organization’s] technology strategy. So, where we see the most success, whether it’s marketing, sales or any particular functional area within the firm, is really that alignment with the business executive and the technology team to make sure the execution is both successful and compliant with the overall goals of the organization.

What parts of the enterprise are less far along in the digital transformation process?

You really can’t underestimate the [extent to which] legacy infrastructure systems and applications tether large companies down.
Cathy Horst Forsythfounder and managing partner, Strongbow Consulting Group

Horst Forsyth: Again, it’s kind of hard to generalize from my perspective. I can’t say one department or function is necessarily behind. But I would say that with organizations that are tethered to legacy applications, legacy infrastructure or legacy systems, it’s very difficult to dig themselves out of that. It’s probably not for lack of wanting to transform digitally, but you really can’t underestimate the [extent to which] legacy infrastructure systems and applications tether large companies down. Again, that’s one of the reasons [Strongbow] focuses specifically on the largest of enterprises. It is a lot easier to start ‘greenfield’ and to drive innovation when you haven’t been a classic Fortune 500 company for the past 50 or 100 years. Even though it’s about culture, leadership and many other things, the legacy infrastructure really can be an impediment. Where there are sunk costs or where it’s difficult to even understand where that infrastructure resides — which is an issue at times — we really see those organizations being hindered.

What kinds of strategies are effective in getting the entire enterprise to the same level of digital prowess?

Horst Forsyth: Once again, I go back to the top executives and the executive committee and [having the ability to] really understand and articulate business strategies. So, what are we trying to accomplish? Why are we trying to accomplish it? Anything can be framed in terms of opportunity or threat. Having everyone understand that simplistic business strategy is definitely a forerunner to then understanding how to leverage technology and achieving [digital transformation]. I think that, to some extent, technology strategy should be driven across the business — including on the front lines — but it needs to be monitored so that it’s consistent and compliant with corporate standards. And I think that the executives need to monitor and keep track of what’s going on, but allow it to go on and grow in a flexible fashion.