Microsoft resolves Microsoft 365 services outage

(Reuters) – Microsoft Corp said on Thursday it has mitigated an issue with its Microsoft 365 services and features, including workplace messaging app Teams and Azure, after many users were unable to access them.

“We have confirmed that the underlying DNS outage has been mitigated. Currently we’re validating the recovery of the downstream Microsoft 365 services,” it said in a tweet here.

Domain Name System (DNS) is effectively an address book of the internet which enables computers to match website addresses with the correct server.

Earlier, outage tracking website Downdetector showed over 8,000 incidents of people reporting issues with its widely used Teams workplace messaging app.

Downdetector only tracks outages by collating status reports from a series of sources, including user-submitted errors on its platform. The outage might be affecting a larger number of users.

Cisco unveils gear to cope with pandemic demand, 5G

STOCKHOLM (Reuters) – Cisco Systems Inc on Tuesday announced new products to help mobile network operators manage increased data traffic generated by homeworking because of the pandemic and as the 5G rollout connects billions more devices to the internet.

Remote healthcare services, streaming video and gaming and homeworking have led to a 25%-45% increase in internet traffic in many regions across the globe since the COVID-19 pandemic, Cisco said.

And 5G will mean billions more internet-connected devices.

Cisco says it expects nearly 30 billion connected devices in 2023, compared with 18.4 billion in 2018.

It is proposing an approach to designing the network, open to all systems, and says its new routing gear will help telecom operators to build up high-capacity networks at reduced cost.

It has signed up clients, including Airtel, Google Cloud, Rakuten Mobile, Telenor and Telia Carrier.

“There’s still 3 billion people on the planet who are under-served, which means they can’t get enough connectivity or they’re completely unconnected,” Jonathan Davidson, senior vice president and general manager at Cisco, told Reuters in an interview.

‘We have your porn collection’: Hackers name and shame company’s IT Manager

Cyber-security companies are warning about the rise of so-called ‘extortionware’ where hackers embarrass victims into paying a ransom.

Experts say the trend towards ransoming sensitive private information could affect companies not just operationally but through reputation damage.

It comes as hackers bragged after discovering an IT Director’s secret porn collection.

The targeted US firm has not publicly acknowledged that it was hacked.

In its darknet blog post about the hack last month, the cyber-criminal gang named the IT director whose work computer allegedly contained the files.

It also posted a screen grab of the computer’s file library which included more than a dozen folders catalogued under the names of porn stars and porn websites.

The infamous hacker group wrote: “Thanks God for [named IT Director]. While he was [masturbating] we downloaded several hundred gigabytes of private information about his company’s customers. God bless his hairy palms, Amen!”

The blog post has been deleted in the last couple of weeks, which experts say usually implies that the extortion attempt worked and the hackers have been paid to restore data, and not publish any more details.

The company did not respond to requests for comment.

The same hacker group is also currently trying to pressure another US utility company into paying a ransom, by posting an employee’s username and password for a members-only porn website.

‘The new norm’

Another ransomware group which also has a darknet website shows the use of similar tactics.

The relatively new gang has published private emails and pictures, and is calling directly for the mayor of a hacked municipality in the US to negotiate its ransom.

In another case, hackers claim to have found an email trail showing evidence of insurance fraud at a Canadian agriculture company.

Brett Callow, a threat analyst at cyber-security company Emsisoft, says the trend points to an evolution of ransomware hacking.

“This is the new norm. Hackers are now actually searching the data for information that can be weaponised. If they find anything that is incriminating or embarrassing, they’ll use it to leverage a larger pay-out. These incidents are no longer simply cyber-attacks about data, they are full-out extortion attempts.”

Another example of this was seen in December 2020, when the cosmetic surgery chain The Hospital Group was held to ransom with the threat of publication of ‘before and after’ images of patients.

Ransomware is evolving

Ransomware has evolved considerably since it first appeared decades ago.

Criminals used to operate alone, or in small teams, targeting individual internet users at random by booby-trapping websites and emails.

In the last few years, they’ve become more sophisticated, organised and ambitious.

Criminal gangs are estimated to be making tens of millions of dollars a year, by spending time and resources targeting and attacking large companies or public bodies for huge pay-outs, sometimes totalling millions of dollars.

Brett Callow has been following ransomware tactics for years, and says he saw another shift in methods in late 2019.

“It used to be the case that the data was just encrypted to disrupt a company, but then we started seeing it downloaded by the hackers themselves.

“It meant they could charge victims even more because the threat of selling the data on to others was strong.”

Tough to defend against 

This latest trend of threatening to publicly damage an organisation or individual has particularly concerned experts because it is hard to defend against.

Keeping good backups of company data helps businesses to recover from crippling ransomware attacks, but that is not enough when the hackers use extortionware tactics.

Cyber-security consultant Lisa Ventura said: “Employees should not be storing anything that could harm a firm reputationally on company servers. Training around this should be provided by organisations to all their staff.

“It’s a troubling shift in angle for the hackers because ransomware attacks are not only getting more frequent, they are also getting more sophisticated.

“By identifying factors such as reputational damage, it offers far more leverage to extort money from victims.”

A lack of victim reporting and a culture of cover-up makes estimating the overall financial cost of ransomware difficult.

Experts at Emsisoft estimate that ransomware incidents in 2020 cost as much as $170bn (£123bn) in ransom payments, downtime and disruption.

By Joe Tidy
Cyber reporter 

Cyber-attack on school: Pupils’ grading system tempered

Pupils’ coursework has been destroyed in a “significant” cyber-attack on a school.

Redborne School
image captionThe school said the attack was likely to cause long-term disruption

Redborne Upper School and Community College in Bedfordshire said the attack took place on Wednesday.

Although no data was taken, the school’s servers were left unreadable resulting in “the loss of a significant amount of data”, it added.

The school said it was working “to ensure that no students will be disadvantaged”.

In a letter sent to parents on Friday, the school, based in Flitwick Road, Ampthill, said it had rebuilt its servers.

It said: “This process has resulted in the loss of a significant amount of data including student user areas.”

The school said no data had left its servers “and no unauthorised persons have access to any information”.

Exam board discussions

Students’ personal data including academic records was kept on a different server, said the school.

The letter said: “It is this data that will form the basis of the grades we will be supplying to exam boards this summer in most cases.”

However, it added coursework, which would play “a significant role” in some subjects, had been lost.

“To mitigate this we have already contacted the exam boards and are in the process of putting in place arrangements to ensure that no students will be disadvantaged by the impact of this,” the letter said.

The school added it still has “sufficient data” to “award accurate grades this summer”.

The incident comes days after the University of Northampton reported it had been hit by a cyber-attack which had interrupted IT and telephone services.

The National Cyber Security Centre said since late February an increased number of ransomware attacks had affected education establishments.

Speaking on the Today programme on Friday, its chief executive Lindy Cameron said the coronavirus pandemic has “highlighted both the scale of our dependence on the digital world and the challenges we face”.

But she added the UK is “one of the safest places to live and work online”.

New wave of ‘hacktivism’ adds twist to cybersecurity woes

At a time when U.S. agencies and thousands of companies are fighting off major hacking campaigns originating in Russia and China, a different kind of cyber threat is re-emerging: activist hackers looking to make a political point.

Three major hacks show the power of this new wave of “hacktivism” – the exposure of AI-driven video surveillance being conducted by the startup Verkada, a collection of Jan. 6 riot videos from the right-wing social network Parler, and disclosure of the Myanmar military junta’s high-tech surveillance apparatus.

And the U.S. government’s response shows that officials regard the return of hacktivism with alarm. An indictment last week accused 21-year-old Tillie Hottmann, a Swiss hacker who took credit for the Verkada breach, of a broad conspiracy.

“Wrapping oneself in an allegedly altruistic motive does not remove the criminal stench from such intrusion, theft and fraud,” Seattle-based Acting U.S. Attorney Tessa Gorman said.

According to a U.S. counter-intelligence strategy released a year ago, “ideologically motivated entities such as hacktivists, leaktivists, and public disclosure organizations,” are now viewed as “significant threats,” alongside five countries, three terrorist groups, and “transnational criminal organizations.”

Earlier waves of hacktivism, notably by the amorphous collective known as Anonymous in the early 2010s, largely faded away under law enforcement pressure. But now a new generation of youthful hackers, many angry about how the cybersecurity world operates and upset about the role of tech companies in spreading propaganda, are joining the fray.

And some former Anonymous members are returning to the field, including Aubrey Cottle, who helped revive the group’s Twitter presence last year in support of the Black Lives Matter protests.

Anonymous followers drew attention for disrupting an app that the Dallas police department was using to field complaints about protesters by flooding it with nonsense traffic. They also wrested control of Twitter hashtags promoted by police supporters.

“What’s interesting about the current wave of the Parler archive and Gab hack and leak is that the hacktivism is supporting antiracist politics or antifascism politics,” said Gabriella Coleman, an anthropologist at McGill University, Montreal, who wrote a book on Anonymous.

Gab, a social network favored by white nationalists and other right-wing extremists, has also been hurt by the hacktivist campaign and had to shut down for brief periods after breaches.

DISRUPTING QANON

Most recently, Cottle has been focused on QAnon and hate groups.

“QAnon trying to adopt Anonymous and merge itself into Anonymous proper, that was the straw that broke the camel’s back,” said Cottle, who has held a number of web development and engineering jobs, including a stint at Ericsson.

He found email data showing that people in charge of the 8kun image board, where the persona known as Q posted, were in steady contact with major promoters of QAnon conspiracies here.

The new-wave hacktivists also have a preferred place for putting materials they want to make public – Distributed Denial of Secrets, a transparency site that took up the mantle of WikiLeaks with less geopolitical bias. The site’s collective is led by Emma Best, an American known for filing prolific freedom of information requests.

Best’s two-year-old site coordinating access by researchers and media to a hoard of posts taken from Gab by unidentified hackers. In an essay this week, Best praised Hottmann and said leaks would keep coming, not just from hacktivists but insiders and the ransomware operators who publish files when companies don’t pay them off.

“Indictments like Tillie’s show just how scared the government is, and just how many corporations consider embarrassment a greater threat than insecurity,” Best wrote here.

The events covered by the Hottmann indictment here took place from November 2019 through January 2021. The core allegation is that the Lucerne software developer and associates broke into a number of companies, removed computer code and published it. The indictment also said Hottmann spoke to the media about poor security practices by the victims and stood to profit, if only by selling shirts saying things like “venture anticapitalist” and “catgirl hacker.”

But it was only after Hottmann publicly took credit for breaching Verkada and posted alarming videos from inside big companies, medical facilities and a jail that Swiss authorities raided their home at the behest of the U.S. government. Hottmann uses non-binary pronouns.

“This move by the U.S. government is clearly not only an attempt to disrupt the freedom of information, but also primarily to intimidate and silence this newly emerging wave of hacktivists and leaktivists,” Hottmann said in an interview with Reuters.

Hottmann and their lawyer declined to discuss the U.S. charges of wire fraud for some of Hottmann’s online statements, aggravated identity theft for using employee credentials, and conspiracy, which together are enough for a lengthy prison sentence.

The FBI declined an interview request. If it seeks extradition, the Swiss would determine whether Hottmann’s purported actions would have violated that country’s laws.

DISDAIN

Hottmann was open about their disdain for the law and corporate powers-that-be. “Like many people, I’ve always been opposed to intellectual property as a concept and specifically how it’s used to limit our understanding of the systems that run our daily lives,” Hottmann said.

A European friend of Hottmann’s known as “donk_enby,” a reference to being non-binary in gender, is another major figure in the hacktivism revival. Donk grew angry about conspiracy theories spread by QAnon followers on the social media app Parler that drove protests against COVID-19 health measures.

Following a Cottle post about a leak from Parler in November, Donk dissected the iOS version of Parler’s app and found a poor design choice. Each post bore an assigned number, and she could use a program to keep adding 1 to that number and download every single post in sequence.

After the Jan. 6 U.S. Capitol riots, Donk shared links to the web addresses of a million Parler video posts and asked her Twitter followers to download them before rioters who recorded themselves inside the building deleted the evidence. The trove included not just footage but exact locations and timestamps, allowing members of Congress to catalogue the violence and the FBI to identify more suspects.

Popular with far-right figures, Parler has struggled to stay online after being dropped by Google and Amazon. Donk’s actions alarmed users who thought some videos would remain private, hindering the its attempt at a comeback.

In the meantime, protesters in Myanmar asked Donk for help, leading to file dumps that prompted Google to pull its blogging platform and email accounts here from leaders of the Feb. 1 coup. Donk’s identification of numerous other military contractors helped fuel sanctions that continue to pile up.

One big change from the earlier era of hacktivisim is that hackers can now make money legally by reporting the security weaknesses they find to the companies involved, or taking jobs with cybersecurity firms.

But some view so-called bug bounty programs, and the hiring of hackers to break into systems to find weaknesses, as mechanisms for protecting companies who should be exposed.

“We’re not going to hack and help secure anyone we think is doing something extremely unethical,” said John Jackson, an American researcher who works with Cottle on above-ground projects. “We’re not going to hack surveillance companies and help them secure their infrastructure.”

Source: Reuters

Microsoft addresses software access issues with Teams

(Reuters) – Microsoft Corp said on Monday it was rolling back a recent change to its authentication system after the update caused an access issue that affected thousands of users of its services, including workplace messaging app Teams.

Outage tracking website Downdetector.com showed that more than 9,100 people had reported issues with Teams, while over 1,100 users posted about problems with Office 365.

The Redmond, Washington-based company said in a tweet that the process of rolling back the update was taking longer than expected. (bit.ly/3tmR3mr)

Microsoft said initial reports indicated that the primary impact was to Teams, but other services, including its Exchange Online email hosting platform, were also impacted.

More than 2,300 people also reported problems with Microsoft’s Azure cloud computing services, according to Downdetector.

Downdetector only tracks outages by collating status reports from a series of sources, including user-submitted errors on its platform. The outage might be affecting a larger number of users.

AT&T raises subscriber adds forecast on HBO Max as streaming booms

AT&T Inc said on Friday it expects global subscribers of between 120 million and 150 million for HBO Max and HBO by the end of 2025, raising its forecast as more people turn to streaming services for entertainment on the go.

In October 2019, the company had said it expected to add 75 million to 90 million subscribers for the same period.

The forecast raise comes as HBO Max, which includes 10,000 hours of content from WarnerMedia brands and libraries such as Warner Bros, New Line Cinema and Cartoon Network, competes in a crowded streaming landscape dominated by Netflix Inc, Walt Disney Co-owned Disney+ and Amazon.com Inc’s Prime Video.

The company also expects to launch an advertising-supported (AVOD) version of HBO Max in the United States in June.

AT&T expects its HBO business unit revenues to more than double over the next 5 years.

The company’s shares were up nearly 1% before the bell.

At least 10 hacking groups using Microsoft software flaw: Researchers

The breadth of the exploitation adds to the urgency of the warnings being issued by authorities in the United States and Europe about the weaknesses found in Microsoft’s Exchange software.

The security holes in the widely used mail and calendaring solution leave the door open to industrial-scale cyber espionage, allowing malicious actors to steal emails virtually at will. Tens of thousands of organizations have already been compromised, Reuters reported last week.

While Microsoft has issued fixes, the sluggish pace of many customers’ updates – which experts attribute in part to the complexity of Exchange’s architecture – means the field remains at least partially open to hackers of all stripes. Experts are particularly concerned about the prospect of ransom-seeking cybercriminals taking advantage of the flaws because it could lead to widespread disruption.

Slovakia-based ESET said in a blog post issued on Wednesday there were already signs of cybercriminal exploitation, with one group that specializes in stealing computer resources to mine cryptocurrency breaking in to vulnerable Exchange servers to spread its malicious software.

ESET named nine other espionage-focused groups it said were taking advantage of the flaws to break in to targeted networks – several of which other researchers have tied to China. Intriguingly, several of the groups appeared to know about the vulnerability before it was announced by Microsoft on March 2.

ESET researcher Matthieu Faou said in an email it was “very uncommon” for so many different cyber espionage groups to have access to the same information before it is made public.

He speculated that either the information “somehow leaked” ahead of the Microsoft announcement or it was found by a third party that supplies vulnerability information to cyber spies.

By: Raphael Satter, Christopher

UK businesses caught buying five-star Google reviews

Google is failing to do enough to combat fake reviews within its business listings, and must be held to account by a UK watchdog, according to Which?

The consumer group set up a fake company and bought bogus five-star reviews as part of an investigation.

In doing so, it was able to tie its sham “customers” to dozens of other highly-rated British firms, including a dentist and a stockbroker.

Google says it has “significantly” invested in tech to tackle the issue.

But it and other review sites are in the sightlines of the Competitions and Markets Authority, which began examining the sector last year. It has threatened enforcement action against platforms which have fallen short of their responsibilities.

Previous research from Which? suggests that nearly half of people who check online reviews of local businesses read them on Google.

How did they find them?

Which? conducted its research by essentially setting up a “sting” operation to catch unscrupulous operators in the act.

It created a fake business listing which it called “five-star reviews”, and searched online for companies advertising paid-for Google reviews. It then spent $150 (£108) on their services.

Which? told each company it wanted five-star reviews only, and between three and five of them a day – and the consumer group’s researchers wrote the reviews themselves, “praising how good the made-up business and its fake owner Catherine are”.

The fake reviews appeared over the following week, a few at a time. 

But in investigating the “reviewers” behind them, the Which? team found, among others:

  • 15 reviewers who had rated both an Edinburgh search engine optimisation business and a London psychic as five stars, which it called “an unlikely coincidence”
  • A stockbroker in Canary Wharf who, having had several bad reviews in mid-2020, received 30 five-star ones “in quick succession” a few months later
  • A reviewer who claimed to have lived in Surrey for years while praising a local car company, and a Glasgow electric gate firm 412 miles (663 km) away for work on his home
  • The same reviewer also praised a dentist in Manchester, a paving firm in Bournemouth, and a Cambridgeshire locksmith, who allegedly saved his toddler from a locked car

Which? said it linked some 45 businesses scattered across the country to three suspicious “reviewers”. That suggested they had each paid the same review seller to post their reviews, it said.

Why does it matter?

Which? said that some fake reviews could have serious real-world consequences. For example, one claimed that a Liverpool solicitor had helped them recover tens of thousands of pounds. If false, it could scam people in a vulnerable financial position, the group argued.

In another, the positive reviews outweighed several presumably genuine negative reviews which warned customers away from allegedly unscrupulous or “scam” companies.

“Businesses exploiting flaws in Google’s review system to rise up the ranks are putting honest businesses on the back foot and leaving consumers at risk of being misled,” said Natalie Hitchins from Which?.

It called on regulators and Google to take action.

When it presented Google with the findings, the fake sting company was immediately deleted, Which? said.

Google said that its policies ban fake reviews, and that it monitors the system for fraud around the clock, “using a combination of people and technology”.

“When we find scammers trying to mislead people, we take swift action ranging from content removal to account suspension and even litigation,” the company said.

Which? did find that one of the fake reviews was removed by Google during the course of its investigation – but the firm it bought from said it would “slow down” the rate of fake review posting so future ones would “stick”.

The consumer group also offered the review-selling companies which it had researched the opportunity to say something. 

Only two replied: one to argue that its services help new businesses to get started and that it was not breaking any Google terms and conditions; and another to deny that it had ever sold any fake reviews and that Which? was mistaken.

Hacking group targets organizations via Microsoft server software – Researcher

An unknown hacking group recently broke into organizations using a newly discovered flaw in Microsoft mail server software, a researcher said on Tuesday, in an example of how commonly used programs can be exploited to cast a wide net online.

Microsoft’s near-ubiquitous suite of products has been under scrutiny since the hack of SolarWinds, the Texas-based software firm that served as a springboard for several intrusions across government and the private sector. In other cases, hackers took advantage of the way customers had set up their Microsoft services to compromise their targets or dive further into affected networks.

Hackers who went after SolarWinds also breached Microsoft itself, accessing and downloading source code – including elements of Exchange, the company’s email and calendaring product.

Mike McLellan, director of intelligence for Dell Technologies Inc’s Secureworks, said he noticed the recent issue after a sudden spike in activity touching Exchange servers overnight on Sunday, with around 10 customers affected at his firm.

“It appears to be someone scanning and exploiting Microsoft Exchange servers in some way. We don’t know how,” he told Reuters.

Microsoft said in a statement that it would be “releasing an update and additional guidance to customers as soon as possible.” The statement said there was no relationship between the recent activity and the SolarWinds-tied hacking campaign.

McLellan said that for now, the hackers appeared focused on seeding malicious software and setting the stage for a potentially deeper intrusion rather than aggressively moving into networks right away.

“We haven’t seen any follow-on activity yet,” he said. “We’re going to find a lot of companies affected but a smaller number of companies actually exploited.”

McLellan said he had no solid indication of who might be responsible. The hackers in this case were using a strain of malware called “China Chopper,” which – despite the name – is used by a variety of digital spies.

The profile of the targets did not match any particular online threat, McLellan said. “It looks like a bit of a random mix.”