STE WILLIAMS

It appears securing data in the cloud, specifically Amazon Web Services’ (AWS) cloud, is difficult for some companies given the frequency in which cybersecurity researcher Chris Vickery is revealing his discoveries. The latest is Verizon.

Verizon received the call on June 13 informing them that 14m of their customers’ personal identifying information was available for perusing (about 10% of their total customer headcount) via an AWS repository maintained by Verizon’s partner, Nice Systems, an Israeli firm. According to Vickery, the identified AWS storage was secured nine days later, on June 22.

What was compromised?

Nice Systems created a six-month data store of customer service calls and call records which included customers’ name, mobile number, account PIN, home address, email address and their current Verizon account balance. In addition, the Nice Systems analytics associated a subjective customer “frustration level” within each record. Nice Systems (as a partner/third-party vendor) would have had natural access to this information, given their software was being used to provide back-office support to Verizon.

Verizon told CNBC that there was no loss of customer data, the number of subscribers affected was “overstated” and the PINs identified were not associated with accounts. The company added:

We have been able to confirm that the only access to the cloud storage area by a person other than Verizon or its vendor was a researcher who brought this issue to our attention. In other words, there has been no loss or theft of Verizon or Verizon customer information.

How did it happen?

Vickery’s report and associated media follow-up highlight that the dataset might have been the work of a single engineer. We are left to speculate if this is an instance of shadow IT or an individual engineer’s science project to enhance the deliverable to Nice System’s clients.

Event amnesia within the telco industry exists: who can forget the 15m T-Mobile customers who had their data exposed by a third-party vendor, Experian, in 2015? How about the ATT breach of 2014 perpetrated by an insider? These are the canaries within the coal mines.

Whoever created the dataset clearly had not availed themselves to mountain of information from AWS on securing the cloud, nor did they take advantage of  the many AWS security partners who devote themselves to securing such datasets, day in and day out.

What now?

If you are a Verizon customer, change your PIN associated with your account – why take a chance?

If you are a Nice Systems client, you might want to have a chat with your account rep and delve into how your data is being handled (or mishandled).

Follow @NakedSecurity
Follow @burgessct

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/jTK7yqxL5QA/

Your daily round-up of some of the other stories in the news

Bupa breached by employee

Bupa suffered a massive data breach when a rogue employee copied and deleted the information of 108,000 customers, reports to the BBC.

International health insurance plan customers were informed on Wednesday that names, dates of birth, nationalities and certain contact and administration details had been taken. But, the company noted (assured customers) that no medical data or financial details were affected.

In a statement, managing director of Global Bupa Sheldon Kenton explained that the breach was not due to a cyberattack or outside data breach but was a calculated move by an employee.

Offering apologies on behalf of the company, Kenton said that they have contacted the Financial Conduct Authority and Bupa’s other UK regulators, adding that “The employee responsible has been dismissed and we are taking appropriate legal action.”

Luxury smartphone maker Vertu closes shop

Luxury phone maker Vertu has signed off its last call after a scheme to save it from administration failed.

Founded in 1998 by Nokia, Vertu’s top-end phones came encrusted with diamonds, sapphires and 18-carat gold, reports the Financial Times. Each device was hand crafted with “only the most exquisite materials and cutting-edge technology”.

However, with a hefty starting price of £11,100 and the entry of high-powered smartphones into the market, the company fell into financial problems.

New owner Murat Hakan Uzan had planned to pay off £1.9 million ($2.4 million) but the company was running on £128 million debt and 200 people have consequently lost their jobs.

Audi A8 reaches level 3 autonomy

Audi recently unveiled its new flagship A8. With its unveiling, the model also claimed the title of the world’s first production car to come with level 3 autonomy, writes Tech Crunch.

But, what does Level 3 actually mean?

It means that, as long as it stays within the guidelines, the ‘traffic jam pilot’ will take care of the driving, including starting the car, steering, accelerating and braking. T drivers won’t need to pay any attention the road.

The feature handles driving up to speeds of 37.3 mph on highways and freeways so that drivers can take their hands off the wheel, sit back, even watch the built-in TV, and relax. Although, not to the point where they can take a nap. Along with the road, the driver themselves are also monitored so that if they fall asleep the system will wake them up. If that doesn’t work, it stops the car.

For anyone wanting to binge watch their favourite programmes, the car is set to go on sale in 2018.

Catch up with all of today’s stories on Naked Security

Follow @NakedSecurity

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/kGepk3S2yw8/

Healthcare firm Bupa suffered a data breach when an employee of its international health insurance division inappropriately copied and removed some customer information.

People who have taken out international health insurance with the company were notified on Wednesday that the data taken includes “names, dates of birth, nationalities, and some contact and administrative details including Bupa insurance membership numbers”. Medical data, healthcare histories or financial information was not among the compromised information. Phone numbers and email addresses were exposed but not physical addresses.

Around 108,000 international health insurance policies are affected and all policy holders are being notified¹.

In its breach notification statement, Bupa global managing director Sheldon Kenton said the breach was a “not a result of cyber attack or external data breach, but a deliberate act by an employee”. He apologised and promised that Bupa was in the process of introducing additional security controls and customer identity checks. Bupa has informed the Financial Conduct Authority and other UK regulators.

A Bupa spokeswoman told El Reg that the “employee responsible has been dismissed and we are taking appropriate legal action” adding in a follow-up phone call that the matter had become the subject of a police investigation. “An employee who had access to this information as part of their job inappropriately copied and removed some customer information from the company,” she said.

Data privacy watchdogs at the Information Commissioner’s Office confirmed they were looking into the incident. It is all rather unfortunate but Bupa ought to be credited with handling the breach notification and (by the looks of it) incident response process promptly and professionally.

Security measures such as data loss protection are designed to prevent data from being leaked or stolen. If they were in play, and properly configured, they ought to have stopped a rogue staffer from uploading sensitive information to the net or emailing it out. USB ports arguably ought to be disabled at a health insurance provider but that still leaves the possibility of more stealthy data extraction methods. DLP tech is thus far limited to prevent accidental data leaks and unimaginative data thieves only.

Mark James, security specialist at infosec firm ESET, warned that the breach exposes Bupa customers to the risk of more convincing phishing scams that might be crafted using the leaked data.

Marco Cova, senior security researcher at cybersecurity firm Lastline, added: “Unfortunately, the data revealed from this breach is the type that criminals can use to launch additional attacks. They merge data from multiple sources, building dossiers on potential victims, including spear phishing targets. The information that they gather does not have to be highly confidential in order to create successful attacks. Data breaches provide a distribution hub for malware for years to come.” ®

¹Bupa Global has 1.4 million international health insurance customers. The breach does not affect its local (domestic) insurance customers, only international health insurance holders.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/07/13/bupa_data_breach/

Flaws have been found and fixed in Kaspersky Lab’s security software for cash machines and other embedded systems. Hackers can exploit the bugs to circumvent anti-malware defenses in ATMs.

Although Kaspersky responded promptly to the discovery and developed and released a patch, one wonders how long it will take for the updates to be installed in equipment around the world, if ever.

Georgy Zaytsev, a Positive Technologies researcher, uncovered a vulnerability in the Applications Launch Control component of Kaspersky Embedded Systems Security 1.1 and 1.2 during a security audit of cash machines relying on the technology.

Exploitation of the programming blunder involves overloading Kaspersky’s software to the point where it would be unable to process file verification requests. This means malware can circumvent whitelisting controls that may otherwise have blocked infections. Even then, cybercrooks would still have to string together other tricks to actually jackpot targeted ATMs and trick them into dispensing cash. For one thing, miscreants would have to find a way to inject and run malicious executables on the ATM.

“The vulnerabilities that have been reported to us by Positive Technologies do not directly allow the withdrawal of cash from the ATM. It would require several conditions to coincide in order for such an attack to work: for example, before exploiting these vulnerabilities, an attacker would first need to infect the system with malware – bypassing all the protection components of the solution – and launch it within the system,” a Kaspersky Lab spokesman told El Reg.

To overwhelm the antivirus, an attacker would need to add a large amount of arbitrary data to the end of an executable file. When this program is started, the system computes its hash and checks this against a list of approved signatures to decide whether to allow or block the execution. With a large file, the process takes longer than the time allotted for verification. When this time interval runs out, the program is started anyway. This is a one-shot attack because the hashing process is not halted, and the system caches signatures. Therefore, the next time that executable is started, Kaspersky’s software will be able to immediately realize the file is bad and stop it.

Alternatively, a hacker can start multiple instances of the security application simultaneously, causing the technology to hang and allowing the miscreant to start an unauthorized file. Kaspersky Embedded Systems Security 2.0 is not vulnerable to either of these attacks.

Meanwhile, Kaspersky’s security update addresses another vulnerability discovered by Positive Technologies: this flaw can be exploited to disable the Applications Launch Control functionality by sending a special request to the klif.sys driver.

If your job involves Kaspersky and ATMs, look out for critical fix KB13520. The update was quietly pushed out at the end of June. After waiting around three weeks for ATM owners to update their security, Positive Technologies let us know about the problem on Thursday.

Positive’s researchers have previous form in uncovering problems in ATM security software. For example, last year their security research team detected a dangerous vulnerability in the Solidcore system included in McAfee Application Control. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/07/13/kaspersky_lab_atm_security_vuln/

The healthcare industry has been slow to address the dangers of hacking, and breaches are on the rise. Security pros must be more proactive in keeping people safe.

John Schoew, Managing Director, North America Health Public Service Security Lead for Accenture, contributed to this article. 

Imagine discovering that a local hospital’s IT system has been hacked and the hackers are threatening to publish patients’ names, addresses, and medical records on the Internet. In September 2016, this happened to 6,000 patients in Oklahoma.

As security professionals know, this is just one example of many when it comes to medical data theft. New research from Accenture finds that a startling 26% of U.S. consumers have experienced a healthcare data breach, and 50% of these people subsequently have been victims of medical identity theft.

Most consumers are aware of the risks of online transactions, but far fewer are aware of how susceptible they are to medical identity theft — and the damage it could cause — leaving room for security professionals to help promote stronger anti-theft measures, and allowing hospitals to better manage breaches when and before they occur.

Identity Crisis
Medical data is made up of test results and diagnoses, but it also includes Social Security numbers, dates of birth, contact information, and driver’s license numbers. Together, this information creates an online identity. Security professionals are aware of what a hacker could or might do with this level of detail. Mixing identities by selling personal information or falsely obtaining healthcare could lead to dangerously muddled patient records. Hackers might threaten to “dump the data on the Internet” unless the organization pays a ransom, as in the Oklahoma case, or block the organization from accessing this vital information altogether.

Other industries are stepping up their games in terms of data security, so hackers coveting personal data have had to look elsewhere. And, with most health information held electronically and dating back years, the medical sector is a sitting duck. In 2016, there were 377 data breaches in the healthcare/medical industry — 34.5% of all data attacks. In 2017, there had already been 144 breaches by the middle of February. It appears that this trend is accelerating.

Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada, July 22-27, 2017. Click for information on the conference schedule and to register.

A logical question is likely to be, “Where are these breaches happening and how can they be prevented?” According to Accenture’s research, breaches were most likely to occur in hospitals, followed by urgent-care clinics, pharmacies, physicians’ offices, and health insurers. Often, organizations are late to detecting a problem: half of U.S. consumers who experienced a breach discovered it themselves through an error on their credit card statement or benefits explanation. Only a third were alerted to the breach by the organization where it occurred, and just 15% were alerted by a government agency. Security professionals, aware of the potential opportunities for healthcare information breach, are capable of helping hospital systems, and the industry overall, strengthen defenses to help ensure that consumer data is safe.

What Security Pros Can Do
Healthcare organizations have an obligation — and an inherent interest — to protect medical and financial data in their care. When security practices fall short, resulting in a breach and subsequent data theft, Accenture research indicates that many affected consumers will take action. Affected respondents either changed healthcare providers (25%) or insurance plans (21%), or sought legal counsel (19%). Based on recent trends and incidents, the role of security professionals will only become more important in making the protection a reality.

Many consumers understand firsthand the impact that a breach can have on their finances and potentially their health. The average out-of-pocket cost for victims of medical identity theft is $2,500 per incident — and, unlike the subjects of credit card breaches, victims of medical identity theft often have no automatic right to recover their losses. Interestingly, Accenture’s survey finds that retention rates remain high, despite a breach, when healthcare organizations proactively communicate with consumers. For security professionals, this reiterates the importance of preparing in advance to manage a potential attack so that quick action can be taken to help assuage potential consumer fears during or after an incident.

It’s time for providers to take data theft more seriously, and for security professionals to recognize an opportunity to build greater trust between patients and healthcare entities. To begin, here are a few simple reminders of measures security professionals can continue reinforcing to help protect consumer data:

• Urge consumers to monitor medical records and read all statements. If patient records are inaccurate, their data might have been combined with someone else’s. Urge patients to pay close attention to records and statements from providers, and to ask them for a summary at least once a year.
• Remind consumers to check their credit report. Any discrepancies on credit reports could mean that consumers’ medical data has been compromised.
• Discourage oversharing. Consumers should only give out the minimum personal information required — healthcare providers do not need a patient’s Social Security number, for example. They should also be alert to phony communications: following the 2015 Anthem breach, victims reported receiving phishing phone calls and emails.
• Raise the alarm — promptly. If consumers discover anything unusual, they should be encouraged to immediately let providers or insurers know, and should have access to user-friendly channels through which to do so.

Related Content:

• 8 Most Overlooked Security Threats
• Stolen Health Record Databases Sell for $500,000 in the Deep Web
• Health Savings Account Fraud: The Rapidly Growing Threat

Reza Chapman is responsible for developing and driving Accenture’s security offerings for providers, health insurers, and business associates. A seasoned executive, Reza brings over two decades of experience advising the information security leaders of Fortune Global 500 … View Full Bio

Article source: https://www.darkreading.com/attacks-breaches/how-security-pros-can-help-protect-patients-from-medical-data-theft/a/d-id/1329326?_mc=RSS_DR_EDT

Nearly half of US voters believe Russia is the largest security risk for elections in the nation, according to a survey.

A wide swath of US voters believe Russia “will be back” to influence the outcome of the nation’s elections, according to a Carbon Black survey.

The poll of 5,000 US voters finds 44% of survey participants hold this view, while only 45% believe their states and voting districts have the capability to safeguard their voting information.

The results come amid the backdrop of Congressional testimony by former FBI Director James Comey, who told a Senate committee he has “no doubt” the Russian government was involved in hacking emails of former presidential candidate Hillary Clinton and the Democratic Party.

Some 45% of survey respondents suspect the mid-term elections next year will be influenced by cyberattacks, with 27% of voters considering taking a pass at hitting the voter booths because of cybersecurity concerns.

Read more about the survey results here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/cloud/us-voters-consider-russia-the-largest-security-risk-to-elections/d/d-id/1329349?_mc=RSS_DR_EDT

What’s This?

Internet of Things devices are more critically vulnerable to compromise in DDos attacks than ever before. Here’s how to defend against them.

Justin Shattuck, Manager of Product Development, F5 Silverline, also contributed to this article.

For over a year now, F5 Labs and our data partner, Loryka, have been monitoring the ongoing hunt by attackers to find vulnerable IoT devices they can compromise. In our first report, DDoS’s Newest Minions: IoT Devices, our research proved what many security experts had long suspected: IoT devices were highly vulnerable to exploit, the level of interest in exploiting them was high, and distributed denial-of-service (DDoS) attacks using these devices were already occurring. Our findings and conclusions in Volume 1 rang true, and the new numbers show even steeper growth than we had imagined.

• Networks in China (primarily state-owned telecom companies and ISPs) headlined the threat actor list, accounting for 44% of all attacks in Q3 and 21% in Q4. (That drop likely was due to global interest in Mirai.)
• Behind China, the top threat actors in Q3 were Vietnam and the US, and Russia and the UK in Q4. Surprisingly, the UK jumped from number 15 in Q3 to number 3 in Q4, with most activity coming from an online gaming network.
• In Q3 and Q4, the top four targeted countries were Russia, followed by Spain, then the US, then Turkey. Russia was a top target of all top 50 source countries, at 31% in Q3 and 40% in Q4. These efforts coincided with the high-profile US election and allegations of Russian hacking.
• Most attacks were launched from Linux systems within hosting provider and telecom companies.
• IoT devices are critically vulnerable, and the scope is global. IoT devices have little capacity for securing themselves. An end user can reboot a compromised IoT device to clear its memory of malware, but unless the access issue is fixed (That is, default passwords are changed; security controls are added.), the device will just get compromised again. There are many Mirai botnets now, and they’re constantly scanning for new devices.
• IoT attacks can impact large targets, previously thought to be untouchable. The collective firepower of an IoT botnet can be greater than terabits per second, and we don’t yet know just how big they can get.
• Bot operators aren’t afraid to turn their cyber weapons against some of the largest providers in the world.

Beyond just “getting used to it,” here are some steps security professionals can take, both personally and professionally:

Have a DDoS strategy
If you don’t already have a DDoS strategy in place, now is the time for one, and there are three good options:

1. On-premises equipment is great for customers who are routinely targeted with DDoS attacks (below their network capacity) and have trained resources to effectively mitigate them on their own.
2. Hybrid on-premises and cloud scrubbing for customers that receive frequent DDoS attacks they mitigate with their on-premises equipment and resources (because it’s not cost effective to outsource), but who are also at risk of large attacks that exceed their capabilities and therefore need backup DDoS scrubbing services.
3. Cloud scrubbing for companies that don’t deal with DDoS on a regular basis and do not have in-house expertise or equipment. This includes any company at risk of large scale attacks that exceed their network capabilities (that’s essentially every business on the Internet outside of service providers and DDoS scrubbing services!).

Ensure Critical Services Have Redundancy
Consider that you are not always going to be the target, but the services you use could be, in which case you are a potential downstream casualty. Have a business continuity plan that includes disaster recovery for your critical services so you don’t find yourself in the same boat as Twitter, Github, and Spotify when Dyn DNS suffered a DDoS attack—or any other company that solely leveraged OVH for hosting and was down when their network was attacked. Have a dual strategy in place (or even a multi strategy, in the case of DNS) to protect yourself. Remember that DNS can be your friend, too; Anycast your global data centers for replicated content to diffuse DDoS attacks when they happen.

Don’t Buy IoT Products Known To Be Insecure or Compromised
Money talks! Choosing not to spend money on the products built by irresponsible manufacturers is a quick way to drive change, at both a grassroots level personally with consumer products that become weapons against your business, and professionally if you are an IoT implementer.

If you are a company that deploys but does not manufacture IoT devices, test and verify the safety of a vendor’s products before you buy them.

If you are a security professional, the general public needs help knowing which devices are vulnerable or compromised, so share your knowledge with your family and friends and encourage them to share, as well. Social media is a powerful tool. So is security awareness training for your employees.

Share Your Knowledge.
Security professionals around the world can chip away at this global problem by communicating more with each other and sharing knowledge. Attackers are known for sharing information with each other; they even shared the most powerful botnet to date! Security professionals—even among competitors—need to take a page from attackers’ playbooks by sharing more key information about vulnerable devices, attacks and threat actors, mitigation efforts that are working, and potential solutions, no matter how wild the ideas might seem.

Get the latest application threat intelligence from F5 Labs.

Sara Boddy currently leads F5 Labs, F5 Networks’ threat intelligence reporting division. She came to F5 from Demand Media where she was the Vice President of Information Security and Business Intelligence. Sara ran the security team at Demand Media for 6 years, covering all … View Full Bio

Article source: https://www.darkreading.com/partner-perspectives/f5/the-hunt-for-networks-building-death-star-sized-botnets/a/d-id/1329351?_mc=RSS_DR_EDT

Ah, Windows Phone. I’ve never personally owned a Windows Phone device, but it was nice knowing you. As of July 11, Microsoft has ceased supporting Windows Phone 8.1. With only about 20% of Windows Phone devices running Windows Phone 10 – and Windows Phone in total having less than 1% of the overall mobile market – observers predict that support for the platform will soon stop completely. Now is the time to consider the history of Windows Phone, and what the cybersecurity world may have lost.

It all started with Windows CE, otherwise known as Windows Embedded or Windows Embedded CE. Development began in 1992. The first version of Windows CE launched in November 1996, appearing in some PDA devices of the era – and Windows CE also appeared in the Sega Dreamcast, Sega’s last attempt in the video game console market, which was released in Japan in 1998, and worldwide in 1999.

The Windows CE 3.0 kernel was used in the first version of Windows Mobile, originally named Pocket PC 2000, appearing in more advanced PDA devices and smartphones. The platform ran from the first version of Pocket PC 2000 in April 2000, through to Windows Mobile 6.5 in May 2009.

Windows Mobile 6.5 was going to be followed by Windows Mobile 7, but with the massive success of Apple’s iPhone, which launched in 2007, and smartphones running Android (the first Android phone was T-Mobile’s G1, which launched in October 2008), Microsoft changed direction.

During Mobile World Congress in February 2010, Microsoft announced Windows Phone 7. This new version of the OS was designed to be optimized for touchscreen smartphones, featuring Microsoft’s Metro design language. In my opinion, smartphones and tablets are the devices that the Metro UI is appropriate for. I never personally liked it on the desktop in Windows 8 and 10, Windows Server 2012 and 2016, or on the Xbox 360 and Xbox One, but to each their own.

Although Windows Phone 7, 8, and 10 were actually pretty good operating systems, Microsoft may have released the platform too late to acquire major mobile marketshare, even with their historic Nokia partnership in 2011. What interests me is that some cybersecurity experts believe that Windows Phone is the most secure mobile operating system.

Penetration tester Steve Lord of Mandalorian Security Services analyzed Windows Phone for himself, telling WhatMobile.net:

All have benefits and drawbacks. Currently Windows Phone seems to be the hardest nut to crack. Blackberry has a long history of being very security-focused. If I have physical access to the device, I find Android’s usually the easiest target. Then comes iPhone, then older versions of BlackBerry. If it’s over a network or I have to attack via email or message, Android’s usually the softest target.

Older smartphones tend be considered less secure as they’re usually affected by known weaknesses. If you’re using an older phone you’re better off with a classic dumb phone. If you have to have an older smartphone, use an older BB10-based Blackberry, or a Windows Phone running Windows Phone 8 or newer.”

Simon Reed, Sophos’s own security guru, says:

History shows that Windows Phones  were low-risk devices to use. How much of this was due to the inherent security of the device vs the cybercriminals focusing on the high-volume platforms, we will never know.

With the death of the Windows Phone platform, this leaves mobile users exposed in two ways. Firstly, those people who continue to use an out-of-date product need to think about what this means to their security posture going forward. Up to now, cybercriminals typically ignored the WP due to low market adoption.

Secondly, in the rush to move to an alternative platform (iPhone or Android) users need to consider the impact of migrating from a platform that mostly cybercriminals ignored, to ones they are focused on.

So now those of us in the cybersecurity world can reminisce about what we may be losing in a world with no more Windows Phone. Windows Phone, it was nice knowing you.

Follow @NakedSecurity
Follow @kim_crawley

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/zzL72bZyYEY/

Thanks to Chen Yu, Rowland Yu, Ferenc László Nagy, and Jagadeesh Chandraiah of SophosLabs for their behind-the-scenes work on this article.

When choosing an app, it’s common for users to check the rankings and reviews to ensure they’re making the best choice. Unfortunately, researchers have discovered that some apps aren’t as good as they appear.

That’s because app developers are using a variety of tactics and services to artificially boost download numbers and create fake positive reviews. The practice does no harm to the user’s device, and the apps themselves are not malicious. But those who download them are being tricked into doing so under false pretenses.

Cheat to win

With millions of apps available on Google Play, a big challenge for developers is to increase the visibility of an app so it stands out in a sea of competitors.  Searching by keyword is the first step people take to find an app, and so improving the ranking of an app is a good way to draw more visibility. The higher the ranking, the higher up it appears in response to a keyword search.

There are tools and services that monitor and track app performance in search rankings, and tips for how to increase the ranking in legitimate ways. Then there are the trumped-up techniques used to cheat the system.

What caught the attention of our researchers was a group of apps in Google Play with similar functionality, UI, code structure and the same packer. Most of the developers’ emails are with mail.ru. The apps in question are for drawing:

Their certificates have the dodgy owner name of “Unknown”:

More interesting is the number of apps – more than 100. They are spreading out to 36 different developer ids. Examples include:

• https://play.google.com/store/apps/developer?id=Design+Factory
• https://play.google.com/store/apps/developer?id=Lessons+To+Draw+Soft

Many of the apps have more than 10,000 installs, with a total reach of between 2.7m and 11.7m. But did these drawing tutorial apps really gain such popularity by themselves? It doesn’t appear so.

These apps have another common feature. They all contact brutix1[.]info and send the IP address and contents of the phone’s build.prop to it:

Enter KeyApp.top

So who is brutix1[.]info? They call themselves KeyApp.top.

According to their website, they sell the “service” of boosting app keyword rankings and reviews:

They also offer terms of purchase, warn users of deletion of ratings and reviews, and suggest how to avoid removal. You can see two examples of good and bad rates and reviews:

The researchers tried to contact the keyapp.top chat service to understand their working. This is the chat transcript where they offer 5,000 installs with five-star reviews for $0.12:

Using a service that operates this way violates Google Play policy, which is quite specific about what’s not OK:

Developers must not attempt to manipulate the placement of any apps in Google Play. This includes, but is not limited to, inflating product ratings, reviews, or install counts by illegitimate means, such as fraudulent or incentivized installs, reviews and ratings.

Moreover, the demo on the website clearly shows the connection between these apps with this service.

Google plays Whack-a-Mole

Google has been working to wipe out fake reviews and fraudulent install numbers. But it’s an uphill battle, given how easy it is for developers to work around the systems in place.

SophosLabs has reported its latest findings to Google.

Follow @NakedSecurity
Follow @BillBrenner70

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/pZKBkLY96tw/

Ransomware helped backup and security firm Barracuda to a solid first fiscal 2018 quarter, with revenues and subscribers both growing.

Barracuda grew revenues 8.7 per cent year-on-year to $94.2m although profits were almost flat at $2.7m compared to $2.8m a year ago. Revenue growth rate stepped up a bit from the prior quarter’s $89.3m as the chart shows, comfortably beating its own estimate of $91m for the quarter.

Barracuda’s profitability (GAAP net income), although regular, is fairly low at 3 per cent, with the prior quarter at 3.5 per cent and the one before that 2 percent, and 2.7 per cent before that. Business life in a backup and security market moving to the cloud and shifting subscriptions away from perpetual licences and appliances is not a bed of roses.

Subscription revenue grew to $73.9m, up 13 per cent from $65.3m a year ago, representing 78 per cent of total revenue, while appliance revenue shrank to $20.3m; it was $21.3m in the same quarter last year.

The number of active subscribers grew approximately 17 per cent to over 335,000 by the end of the quarter. The renewal rate was 93 per cent on an annualised basis.

Barracuda subscriber trends

William Blair Analyst Jason Ader writes: “On the public cloud side, Barracuda now has over 1,000 customers and saw bookings more than double year-over-year (an acceleration from last quarter), driven by new customer additions in both the mid-market and enterprise segments. In email, Essentials added 1,000 new customers, more than 50 per cent of which were net new to Barracuda.

“Barracuda delivered a sixth consecutive quarter of billings and revenue outperformance, with core product billings up 20 per cent year-over-year driven by continued adoption of cloud-based solutions for email security and management (specifically Barracuda Essentials for Office 365), healthy demand for next-generation firewalls and web application firewalls, and solid organic billings growth in data protection.”

We note that, geographically, Barracuda is US-centric, with 70 per cent of its revenues coming from Trump country. The EMEA counts for 18 per cent, with Asia-Pacific being a small 6 per cent and the rest of the Americas being 6 per cent also. That looks like a huge opportunity to grow sales, with Canada and South America being in its US backyard so to speak, and, together with Asia-Pac, looking like untapped markets.

The outlook for next quarter is revenues of $92.86m, a 6 per cent rise annually.

Ader noted an unexpected drop in gross margin, which was attributed to “a mix shift to lower end appliances and investment in cloud infrastructure. Management expects this pressure to persist for the next couple of quarters.”

Ransomware attacks are creating demand for Barracuda’s security products and it’s also riding the Office 365 growth curve with protection offerings. Despite this, Ader says: “We still see too many variables in Barracuda’s business (the latest being gross margin) to recommend the stock.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/07/13/barracuda_q1_2018_results/