Author: DTC Marketing

    NHL Partners with AWS (Amazon) for Cloud Infrastructure

    NHL Powered by AWS

    “Do you believe in miracles? Yes!” This was ABC sportscaster Al Michaels’ quote “heard ’round the world” after the U.S. National Team beat the Soviet National Team at the 1980 Lake Placid Winter Olympic Games to advance to the medal round. One of the greatest sports moments ever that lives in infamy among hockey fans is readily available for all of us to enjoy as many times as we want thanks to modern technology. Now the National Hockey League (NHL) is expanding their reach with technology as they announced a partnership with Amazon Web Services (AWS). AWS will become the official cloud storage partner of the league, making sure all historical moments like the Miracle on Ice are never forgotten.

    The NHL will rely on AWS exclusively in the areas of artificial intelligence and machine learning as they look to automate video processing and content delivery in the cloud. AWS will also allow them to control the Puck and Player Tracking (PPT) System to better capture the details of gameplay. Hockey fans everywhere are in for a treat!

    What is the PPT System?

    The NHL has been working on developing the PPT system since 2013. Once it is installed in every team’s arena in the league, the innovative system will require several antennas in the rafters of the arenas, tracking sensors placed on every player in the game, and tracking sensors built into the hockey pucks. The hockey puck sensors can be tracked up to 2,000 times per second to yield a set of coordinates that can then turn into new results and analytics.

    The Puck Stops Here! Learn how the NHL’s L.A. Kings use LTO Tape to build their archive.

    How Will AWS Change the Game?

    AWS’s state-of-the-art technology and services will provide us with capabilities to deliver analytics and insights that highlight the speed and skill of our game to drive deeper fan engagement. For example, a hockey fan in Russia could receive additional stats and camera angles for a major Russian player. For international audiences that could be huge. Eventually, personalized feeds could be possible for viewers who would be able to mix and match various audio and visual elements. 

    The NHL will also build a video platform on AWS to store video, data, and related applications into one central source that will enable easier search and retrieval of archival video footage. Live broadcasts will have instant access to NHL content and analytics for airing and licensing, ultimately enhancing broadcast experiences for every viewer. Also, Virtual Reality experiences, Augmented Reality-powered graphics, and live betting feeds are new services that can be added to video feeds.

    As part of the partnership, Amazon Machine Learning Solutions will cooperate with the league to use its tech for in-game video and official NHL data. The plan is to convert the data into advanced game analytics and metrics to further engage fans. The ability for data to be collected, analyzed, and distributed as fast as possible was a key reason why the NHL has partnered with AWS.

    The NHL plans to use AWS Elemental Media to develop and manage cloud-based HD and 4K video content that will provide a complete view of the game to NHL officials, coaches, players, and fans. When making a crucial game-time decision on a penalty call the referees will have multi-angle 4k video and analytics to help them make the correct call on the ice. According to Amazon Web Services, the system will encode, process, store, and transmit game footage from a series of camera angles to provide continuous video feeds that capture plays and events outside the field of view of traditional cameras.

    The NHL and AWS plan to roll out the new game features slowly throughout the next coming seasons, making adjustments along the way to enhance the fan experience. As one of the oldest and toughest sports around, hockey will start to have a new sleeker look. Will all the data teams will be able to collect, we should expect a faster, stronger, more in-depth game. Do you believe in miracles? Hockey fans sure do!

    Open Source Software

    Open-source Software (OSS)

    Open-source software often referred to as (OSS), is a type of computer software in which source code is released under a license. The copyright holder of the software grants users the rights to use, study, change and distribute the software as they choose. Originating from the context of software development, the term open-source describes something people can modify and share because its design is publicly accessible. Nowadays, “open-source” indicates a wider set of values known as “the open-source way.” Open-source projects or initiatives support and observe standards of open exchange, mutual contribution, transparency, and community-oriented development.

    What is the source code of OSS?

    The source code associated with open-source software is the part of the software that most users don’t ever see. The source code refers to the code that the computer programmers can modify to change how the software works. Programmers who have access to the source code can develop that program by adding features to it or fix bugs that don’t allow the software to work correctly.

    If you’re going to use OSS, you may want to consider also using a VPN. Here are our top picks for VPNs in 2021.

    Examples of Open-source Software

    For the software to be considered open-source, its source code must be freely available to its users. This allows its users the ability to modify it and distribute their versions of the program. The users also have the power to give out as many copies of the original program as they want. Anyone can use the program for any purpose; there are no licensing fees or other restrictions on the software. 

    Linux is a great example of an open-source operating system. Anyone can download Linux, create as many copies as they want, and offer them to friends. Linux can be installed on an infinite number of computers. Users with more knowledge of program development can download the source code for Linux and modify it, creating their customized version of that program. 

    Below is a list of the top 10 open-source software programs available in 2021.

    1. LibreOffice
    2. VLC Media Player
    3. GIMP
    4. Shotcut
    5. Brave
    6. Audacity
    7. KeePass
    8. Thunderbird
    9. FileZilla
    10. Linux

    Setting up Linux on a server? Find the best server for your needs with our top 5.

    Advantages and Disadvantages of Open-source Software

    Similar to any other software on the market, open-source software has its pros and cons. Open-source software is typically easier to get than proprietary software, resulting in increased use. It has also helped to build developer loyalty as developers feel empowered and have a sense of ownership of the end product. 

    Open-source software is usually a more flexible technology, quicker to innovation, and more reliable due to the thousands of independent programmers testing and fixing bugs of the software on a 24/7 basis. It is said to be more flexible because modular systems allow programmers to build custom interfaces or add new abilities to them. The quicker innovation of open-source programs is the result of teamwork among a large number of different programmers. Furthermore, open-source is not reliant on the company or author that originally created it. Even if the company fails, the code continues to exist and be developed by its users. 

    Also, lower costs of marketing and logistical services are needed for open-source software. It is a great tool to boost a company’s image, including its commercial products. The OSS development approach has helped produce reliable, high-quality software quickly and at a bargain price. A 2008 report by the Standish Group stated that the adoption of open-source software models has resulted in savings of about $60 billion per year for consumers. 

    On the flip side, an open-source software development process may lack well-defined stages that are usually needed. These stages include system testing and documentation, both of which may be ignored. Skipping these stages has mainly been true for small projects. Larger projects are known to define and impose at least some of the stages as they are a necessity of teamwork. 

    Not all OSS projects have been successful either. For example, SourceXchange and Eazel both failed miserably. It is also difficult to create a financially strong business model around the open-source concept. Only technical requirements may be satisfied and not the ones needed for market profitability. Regarding security, open-source may allow hackers to know about the weaknesses or gaps of the software more easily than closed source software. 

    Benefits for Users of OSS

    The most obvious benefit of open-source software is that it can be used for free. Let’s use the example of Linux above. Unlike Windows, users can install or distribute as many copies of Linux as they want, with limitations. Installing Linux for free can be especially useful for servers. If a user wants to set up a virtualized cluster of servers, they can easily duplicate a single Linux server. They don’t have to worry about licensing and how many requests of Linux they’re authorized to operate.

    An open-source program is also more flexible, allowing users to modify their own version to an interface that works for them. When a Linux desktop introduces a new desktop interface that some users aren’t supporters of, they can modify it to their liking. Open-source software also allows developers to “be their own creator” and design their software. Did you know that Witness Android and Chrome OS, are operating systems built on Linux and other open-source software? The core of Apple’s OS X was built on open-source code, too. When users can manipulate the source code and develop software tailored to their needs, the possibilities are truly endless.

    Malvertising Simply Explained

    What is Malvertising?

    Malvertising (a combination of the two words “malicious and advertising”) is a type of cyber tactic that attempts to spread malware through online advertisements. This malicious attack typically involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and websites. The code then redirects users to malicious websites, allowing hackers to target the users. In the past, reputable websites such as The New York Times Online, The London Stock Exchange, Spotify, and The Atlantic, have been victims of malvertising. Due to the advertising content being implanted into high-profile and reputable websites, malvertising provides cybercriminals a way to push their attacks to web users who might not otherwise see the ads because of firewalls or malware protection.

    Online advertising can be a pivotal source of income for websites and internet properties. With such high demand, online networks have become extensive in to reach large online audiences. The online advertising network involves publisher sites, ad exchanges, ad servers, retargeting networks, and content delivery networks.  Malvertising takes advantage of these pathways and uses them as a dangerous tool that requires little input from its victims.

    Protect your business’s data by setting up a zero-trust network. Find out how by reading the blog.

    How Does Malvertising Get Online?

    There are several approaches a cybercriminal might use, but the result is to get the user to download malware or direct the user to a malicious server. The most common strategy is to submit malicious ads to third-party online ad vendors. If the vendor approves the ad, the seemingly innocent ad will get served through any number of sites the vendor is working with. Online vendors are aware of malvertising and actively working to prevent it. That is why it’s important to only work with trustworthy, reliable vendors for any online ad services.

    What is the Difference Between Malvertising and Adware?

    As expected, Malvertising can sometimes be confused with adware. Where Malvertising is malicious code intentionally placed in ads, adware is a program that runs on a user’s computer. Adware is usually installed hidden inside a package that also contains legitimate software or lands on the machine without the knowledge of the user. Adware displays unwanted advertising, redirects search requests to advertising websites, and mines data about the user to help target or serve advertisements.

    Some major differences between malvertising and adware include:

    • Malvertising is a form of malicious code deployed on a publisher’s web page, whereas adware is only used to target individual users.
    • Malvertising only affects users viewing an infected webpage, while Adware operates continuously on a user’s computer.

    Solarwinds was the biggest hack of 2020. Learn more about how you may have been affected.

    What Are Some Examples of Malvertising?

    The problem with malvertising is that it is so difficult to spot. Frequently circulated by the ad networks we trust, companies like Spotify and Forbes have both suffered as a result of malvertising campaigns that infected their users and visitors with malware. Some more recent examples of malvertising are RoughTed and KS Clean. A malvertising campaign first reported in 2017, RoughTed was particularly significant because it was able to bypass ad-blockers. It was also able to evade many anti-virus protection programs by dynamically creating new URLs. This made it harder to track and deny access to the malicious domains it was using to spread itself.

    Disguised as malicious adware contained or hidden within a real mobile app, KS Clean targeted victims through malvertising ads that would download malware the moment a user clicked on an ad. The malware would silently download in the background.  The only indication that anything was off was an alert appearing on the user’s mobile device saying they had a security issue, prompting the user to upgrade the app to solve the problem. When the user clicks on ‘OK’, the installation finishes, and the malware is given administrative privileges. These administrative privileges permitted the malware to drive unlimited pop-up ads on the user’s phone, making them almost impossible to disable or uninstall.

    How Can Users Prevent Malvertising?

    While organizations should always take a strong position against any instances of unwarranted attacks, malvertising should high on the priority list for advertising channels. Having a network traffic analysis in the firewall can help to identify suspicious activity before malware has a chance to infect the user.  

    Some other tips for preventing malvertising attacks include the following:

    • Employee training is the best way to form a proactive company culture that is aware of cyber threats and the latest best practices for preventing them. 
    • Keep all systems and software updated to include the latest patches and safest version.
    • Only work with trustworthy, reliable online advertising vendors.
    • Use online ad-blockers to help prevent malicious pop-up ads from opening a malware download.

    TOP 5 VPN’S OF 2021

    In today’s working environment, no one knows when remote work will be going away, if at all.  This makes remote VPN access all the more important for protecting your privacy and security online. As the landscape for commercial VPNs continues to grow, it can be a daunting task to sort through the options to find the best VPN to meet your particular needs. That’s exactly what inspired us to write this article. We’ve put together a list of the five best and most reliable VPN options for you.

    What is a VPN and why do you need one?

    A VPN is short for a virtual private network. A VPN is what allows users to enjoy online privacy and obscurity by creating a private network from a public internet connection. A VPN disguises your IP address, so your online actions are virtually untraceable. More importantly, a VPN creates secure and encrypted connections to provide greater privacy than a secured Wi-Fi hotspot can.

    Think about all the times you’ve read emails while sitting at the coffee shop or checking the balance in your bank account while eating a restaurant. Unless you were logged into a private network that required a password, any data transmitted on your device could be exposed. Accessing the web on an unsecured Wi-Fi network means you could be exposing your private information to nearby observers. That’s why a VPN, should be a necessity for anyone worried about their online security and privacy. The encryption and privacy that a VPN offers, protect your online searches, emails, shopping, and even bill paying. 

    Take a look at our top 5 server picks for 2021.

    Our Top 5 List of VPN’s for 2021

    ExpressVPN

    • Number of IP addresses: 30,000
    • Number of servers: 3,000+ in 160 locations
    • Number of simultaneous connections: 5
    • Country/jurisdiction: British Virgin Islands
    • 94-plus countries

    ExpressVPN is powered by TrustedServer technology, which was built to ensure that there are never any logs of online activities. In the privacy world, ExpressVPN has a solid track record, having faced a server removal by authorities which proved their zero-log policy to be true. ExpressVPN offers a useful kill switch feature, which prevents network data from leaking outside of its secure VPN tunnel in the event the VPN connection fails. ExpressVPN also offers support of bitcoin as a payment method, which adds an additional layer of privacy during checkout.

    Protect your data using an airgap with LTO Tape: Read the Blog

    Surfshark

    • Number of servers: 3,200+
    • Number of server locations: 65
    • Jurisdiction: British Virgin Islands

    Surfshark’s network is smaller than some, but the VPN service makes up for it with the features and speeds it offers. The biggest benefit it offers is unlimited device support, meaning users don’t have to worry about how many devices they have on or connected. It also offers antimalware, ad-blocking, and tracker-blocking as part of its software. Surfshark has a solid range of app support, running on Mac, Windows, iOS, Android, Fire TV, and routers. Supplementary devices such as game consoles can be set up for Surfshark through DNS settings. Surfshark also offers three special modes designed for those who want to bypass restrictions and hide their online footprints. Camouflage Mode hides user’s VPN activity so the ISP doesn’t know they’re using a VPN. Multihop jumps the connection through multiple countries to hide any trail. Finally, NoBorders Mode “allows users to successfully use Surfshark in restrictive regions.

    NordVPN

    • Number of IP addresses: 5,000
    • Number of servers: 5,200+ servers
    • Number of server locations: 62
    • Country/jurisdiction: Panama
    • 62 countries

    NordVPN is one of the most established brands in the VPN market. It offers a large concurrent connection count, with six simultaneous connections through its network, where nearly all other providers offer five or fewer. NordVPN also offers a dedicated IP option, for those looking for a different level of VPN connection. They also offer a kill switch feature, which prevents network data from leaking outside of its secure VPN tunnel in the event the VPN connection fails. While NordVPN has had a spotless reputation for a long time, a recent report emerged that one of its rented servers was accessed without authorization back in 2018. Nord’s actions following the discovery included multiple security audits, a bug bounty program, and heavier investments in server security. The fact that the breach was limited in nature and involved no user-identifying information served to further prove that NordVPN keeps no logs of user activity. 

    Looking for even more security? Find out how to set up a Zero Trust Network here.

    IPVanish

    • Number of IP addresses: 40,000+
    • Number of servers: 1,300
    • Number of server locations: 60
    • Number of simultaneous connections: 10
    • Country/jurisdiction: US

    A huge benefit that IPVanish offers its users is an easy-to-use platform, which is ideal for users who are interested in learning how to understand what a VPN does behind the scenes. Its multiplatform flexibility is also perfect for people focused on finding a Netflix-friendly VPN. A special feature of IPVanish is the VPN’s support of Kodi, the open-source media streaming app. The company garners praise for its latest increase from five to ten simultaneous connections. Similar to other VPNs on the list, IPVanish has a kill switch, which is a must for anyone serious about remaining anonymous online. 

    Norton Secure VPN

    • Number of countries: 29
    • Number of servers: 1,500 (1,200 virtual)
    • Number of server locations: 200 in 73 cities
    • Country/jurisdiction: US

    Norton has long been known for its excellence in security products, and now offers a VPN service. However, it is limited in its service offerings as it does not support P2P, Linux, routers, or set-top boxes. It does offer Netflix and streaming compatibility. Norton Secure VPN speeds are comparable to other mid-tier VPNs in the same segment. Norton Secure VPN is available on four platforms: Mac, iOS, Windows, and Android. It is one of the few VPN services to offer live 24/7 customer support and 60-day money- back guarantee.

    How To Set Up A Zero-Trust Network

    How to set up a zero-trust network

    In the past, IT and cybersecurity professionals tackled their work with a strong focus on the network perimeter. It was assumed that everything within the network was trusted, while everything outside the network was a possible threat. Unfortunately, this bold method has not survived the test of time, and organizations now find themselves working in a threat landscape where it is possible that an attacker already has one foot in the door of their network. How did this come to be? Over time cybercriminals have gained entry through a compromised system, vulnerable wireless connection, stolen credentials, or other ways.

    The best way to avoid a cyber-attack in this new sophisticated environment is by implementing a zero-trust network philosophy. In a zero-trust network, the only assumption that can be made is that no user or device is trusted until they have proved otherwise. With this new approach in mind, we can explore more about what a zero-trust network is and how you can implement one in your business.

    Interested in knowing the top 10 ITAD tips for 2021? Read the blog.

    Image courtesy of Cisco

    What is a zero-trust network and why is it important?

    A zero-trust network or sometimes referred to as zero-trust security is an IT security model that involves mandatory identity verification for every person and device trying to access resources on a private network. There is no single specific technology associated with this method, instead, it is an all-inclusive approach to network security that incorporates several different principles and technologies.

    Normally, an IT network is secured with the castle-and-moat methodology; whereas it is hard to gain access from outside the network, but everyone inside the network is trusted. The challenge we currently face with this security model is that once a hacker has access to the network, they have free to do as they please with no roadblocks stopping them.

    The original theory of zero-trust was conceived over a decade ago, however, the unforeseen events of this past year have propelled it to the top of enterprise security plans. Businesses experienced a mass influx of remote working due to the COVID-19 pandemic, meaning that organizations’ customary perimeter-based security models were fractured.  With the increase in remote working, an organization’s network is no longer defined as a single entity in one location. The network now exists everywhere, 24 hours a day. 

    If businesses today decide to pass on the adoption of a zero-trust network, they risk a breach in one part of their network quickly spreading as malware or ransomware. There have been massive increases in the number of ransomware attacks in recent years. From hospitals to local government and major corporations; ransomware has caused large-scale outages across all sectors. Going forward, it appears that implementing a zero-trust network is the way to go. That’s why we put together a list of things you can do to set up a zero-trust network.

    These were the top 5 cybersecurity trends from 2020, and what we have to look forward to this year.

    Image courtesy of Varonis

    Proper Network Segmentation

    Proper network segmentation is the cornerstone of a zero-trust network. Systems and devices must be separated by the types of access they allow and the information that they process. Network segments can act as the trust boundaries that allow other security controls to enforce the zero-trust attitude.

    Improve Identity and Access Management

    A necessity for applying zero-trust security is a strong identity and access management foundation. Using multifactor authentication provides added assurance of identity and protects against theft of individual credentials. Identify who is attempting to connect to the network. Most organizations use one or more types of identity and access management tools to do this. Users or autonomous devices must prove who or what they are by using authentication methods. 

    Least Privilege and Micro Segmentation

    Least privilege applies to both networks and firewalls. After segmenting the network, cybersecurity teams must lock down access between networks to only traffic essential to business needs. If two or more remote offices do not need direct communication with each other, that access should not be granted. Once a zero-trust network positively identifies a user or their device, it must have controls in place to grant application, file, and service access to only what is needed by them. Depending on the software or machines being used, access control can be based on user identity, or incorporate some form of network segmentation in addition to user and device identification. This is known as micro segmentation. Micro segmentation is used to build highly secure subsets within a network where the user or device can connect and access only the resources and services it needs. Micro segmentation is great from a security standpoint because it significantly reduces negative effects on infrastructure if a compromise occurs. 

    Add Application Inspection to the Firewall

    Cybersecurity teams need to add application inspection technology to their existing firewalls, ensuring that traffic passing through a connection carries appropriate content. Contemporary firewalls go far beyond the simple rule-based inspection that they previously have. 

    Record and Investigate Security Incidents

    A great security system involves vision, and vision requires awareness. Cybersecurity teams can only do their job effectively if they have a complete view and awareness of security incidents collected from systems, devices, and applications across the organization. Using a security information and event management program provides analysts with a centralized view of the data they need.

    Image courtesy of Cloudfare

    Top 10 ITAD Tips of 2021

    From a business perspective, one of the biggest takeaways from last year is how companies were forced to become flexible and adapt with the Covid-19 pandemic. From migrating to remote work for the foreseeable future, to more strictly managing budgets and cutting back. Some more experienced organizations took steps to update their information technology asset disposition (ITAD) strategies going forward. There are multiple factors that go into creating a successful ITAD strategy. Successful ITAD management requires a strict and well-defined process. Below are ten expert tips to take with you into a successful 2021.

    1 – Do Your Homework

    Multiple certifications are available to help companies identify which ITAD service providers have taken the time to create processes in accordance with local, state and federal laws. Having ITAD processes in a structured guidebook is important, but most would agree that the execution of the procedures is entirely different. A successful ITAD service comes down to the people following the process set in place. When selecting an ITAD partner, make sure you do your homework.

    You can learn more about our ITAD processes here.

    2 – Request a Chain of Custody 

    Every ITAD process should cover several key areas including traceability, software, logistics and verification. Be sure to maintain a clear record of serial numbers on all equipment, physical location, purchase and sale price and the staff managing the equipment. The entire chain of custody should be recorded, as well as multiple verification audits ensuring data sanitization and certificates of data destruction are issued. 

    Read more about how a secure chain of custody works.

    3 – Create a Re-Marketing Strategy

    Creating a re-marketing strategy can help ease the financial burden of managing the ITAD process. Donation, wholesale and business to consumer are the primary channels in the marketplace for IT assets. Re-marketing can greatly help pay the costs of managing ITAD operations.

    4 – Maintain an Accurate List of Assets

    Many organizations use their IT asset management software to create an early list of assets that need to be retired. Sometimes this initial list also becomes the master list used in their ITAD program. However, IT assets that are not on the network are not usually detected by the software. Common asset tracking identifiers used to classify inventory include make, model, serial number and asset tag.

    5 – Choose a GDPR-Compliant Provider

    Some of the biggest benefactors to emerge from the Covid-19 pandemic were cloud providers. However, selecting what cloud provider to use is critical. Find a cloud provider that allows users to access documents from a GDPR-compliant cloud-based server, keeping the documents within GDPR legislation. 

    Learn More About How We Help Businesses Stay Compliant

    6 – Avoid GDPR-Related Fines

    Similar to the previous tip, it is important that data and documents are classified centrally, so employees can make legal and informed decisions as to what documents they can, or cannot, access on personal devices. Ensure GDPR policies are in place and adhered to for all staff, wherever they may be working. 

    7 – Erase Data Off of Personal Assets

    Hopefully in the near future, Covid-19 will no longer be a threat to businesses and regular life and work will resume. When that happens, it is wise to consider whether employees were using their personal devices while working from home. If so, all documents and data stored on personal devices must be erased accordingly. Put a policy in place for staff to sanitize their devices. This will help companies avoid being subjected to laws relating to data mismanagement or the possibility of sensitive corporate information remaining on personal devices.

    Learn more about secure hard drive erasure.

    8 – Ask the Right Questions

    In the past, it was uncommon for organizations to practice strict selection processes and vetting for ITAD providers. Companies didn’t know which questions to ask and most were satisfied with simply hauling away their retired IT equipment. Now, most organizations issue a detailed report evaluating ITAD vendor capabilities and strengths. The reports generally include information regarding compliance, data security, sustainability and value recovery. 

    9 – Use On-Site Data Destruction

    Just one case of compromised data can be overwhelming for a company. Confirming security of all data stored assets is imperative. It is estimated that about 65 percent of businesses require data destruction while their assets are still in their custody. The increase in on-site data destruction services was foreseeable as it is one of the highest levels of security services in the industry. 

    Learn more about our on-site data destruction services here.

    10 – Increase Your Value Recovery

    Even if the costs of partnering with an ITAD vendor weren’t in the budget, there are still ways you can increase your value recovery.

    • Don’t wait to resale. When it comes to value recovery of IT assets, timing is everything. Pay attention to new IT innovations combined with short refresh cycles. These are some reasons why IT assets can depreciate in value so quickly.
    • Take time to understand your ITAD vendor’s resale channels and strategies. A vendor who maintains active and varied resale channels is preferred. 
    • Know the vendor’s chain of custody. Each phase of moving IT equipment from your facility to an ITAD services center, and eventually to secondary market buyers should be considered.

    SolarWinds Orion: The Biggest Hack of the Year

    Federal agencies faced one of their worst nightmares this past week when they were informed of a massive compromise by foreign hackers within their network management software. An emergency directive from the Cybersecurity and Infrastructure Security Agency (CISA) instructed all agencies using SolarWinds products to review their networks and disconnect or power down the company’s Orion software. 

    Orion has been used by the government for years and the software operates at the heart of some crucial federal systems. SolarWinds has been supplying agencies for some-time as well, developing tools to understand how their servers were operating, and later branching into network and infrastructure monitoring. Orion is the structure binding all of those things together. According to a preliminary search of the Federal Procurement Data System – Next Generation (FPDS-NG), at least 32 federal agencies bought SolarWinds Orion software since 2006.

    Listed below are some of the agencies and departments within the government that contracts for SolarWinds Orion products have been awarded to. Even though all them bought SolarWinds Orion products, that doesn’t mean they were using them between March and June, when the vulnerability was introduced during updates. Agencies that have ongoing contracts for SolarWinds Orion products include the Army, DOE, FLETC, ICE, IRS, and VA. SolarWinds estimates that less than 18,000 users installed products with the vulnerability during that time.

    • Bureaus of Land Management, Ocean Energy Management, and Safety and Environmental Enforcement, as well as the National Park Service and Office of Policy, Budget, and Administration within the Department of the Interior
    • Air Force, Army, Defense Logistics Agency, Defense Threat Reduction Agency, and Navy within the Department of Defense
    • Department of Energy
    • Departmental Administration and Farm Service Agency within the U.S. Department of Agriculture
    • Federal Acquisition Service within the General Services Administration
    • FBI within the Department of Justice
    • Federal Highway Administration and Immediate Office of the Secretary within the Department of Transportation
    • Federal Law Enforcement Training Center, Transportation Security Administration, Immigration and Customs Enforcement, and Office of Procurement Operations within the Department of Homeland Security
    • Food and Drug Administration, National Institutes of Health, and Office of the Assistant Secretary for Administration within the Department of Health and Human Services
    • IRS and Office of the Comptroller of the Currency within the Department of the Treasury
    • NASA
    • National Oceanic and Atmospheric Administration within the Department of Commerce
    • National Science Foundation
    • Peace Corps
    • State Department
    • Department of Veterans Affairs

    YOU CAN READ THE JOINT STATEMENT BY THE FEDERAL BUREAU OF INVESTIGATION (FBI), THE CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY (CISA), AND THE OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE (ODNI) HERE.

    How the Attack was Discovered

    When Cyber security firm FireEye Inc. discovered that it was the victim of a malicious cyber-attack, the company’s investigators began trying to figure out exactly how attackers got past its secured defenses. They quickly found out,  they were not the only victims of the attack. Investigators uncovered a weakness in a product made by one of its software providers, SolarWinds Corp. After looking through 50,000 lines of source code, they were able to conclude there was a backdoor within SolarWinds. FireEye contacted SolarWinds and law enforcement immediately after the backdoor vulnerability was found.

    Hackers, believed to be part of an elite Russian group, took advantage of the vulnerability to insert malware, which found its way into the systems of SolarWinds customers with software updates. So far, as many as 18,000 entities may have downloaded the malware. The hackers who attacked FireEye stole sensitive tools that the company uses to find vulnerabilities in clients’ computer networks. The investigation by FireEye discovered that the hack on itself was part of a global campaign by a highly complex attacker that also targeted government, consulting, technology, telecom and extractive entities in North America, Europe, Asia, and the Middle East.

    The hackers that implemented the attack were sophisticated unlike any seen before. They took innovative steps to conceal their actions, operating from servers based in the same city as an employee they were pretending to be. The hackers were able to breach U.S. government entities by first attacking the SolarWinds IT provider. By compromising the software used by government entities and corporations to monitor their network, hackers were able to gain a position into their network and dig deeper all while appearing as legitimate traffic.

    Read how Microsoft and US Cyber Command joined forces to stop a vicious malware attack earlier this year.

    How Can the Attack Be Stopped?

    Technology firms are stopping some of the hackers’ key infrastructure as the U.S. government works to control a hacking campaign that relies on software in technology from SolarWinds. FireEye is working with Microsoft and the domain registrar GoDaddy to take over one of the domains that attackers had used to send malicious code to its victims. The move is not a cure-all for stopping the cyber-attack, but it should help stem the surge of victims, which includes the departments of Treasury and Homeland Security.

     

    According to FireEye, the seized domain, known as a “killswitch,” will affect new and previous infections of the malicious code coming from that particular domain. Depending on the IP address returned under certain conditions, the malware would terminate itself and prevent further execution. The “killswitch” will make it harder for the attackers to use the malware that they have already deployed. Although, FireEye warned that hackers still have other ways of keeping access to networks. With the sample of invasions FireEye has seen, the hacker moved quickly to establish additional persistent mechanisms to access to victim networks.

     

    The FBI is investigating the compromise of SolarWinds’ software updates, which was linked with a Russian intelligence service. SolarWinds’ software is used throughout Fortune 500 companies, and in critical sectors such as electricity. The “killswitch” action highlights the power that major technology companies have to throw up roadblocks to well-resourced hackers. This is very similar to Microsoft teaming up with the US Cyber Command to disrupt a powerful Trickbot botnet in October.

    5 Cyber Security Trends from 2020 and What We Can Look Forward to Next Year

    Today’s cybersecurity landscape is changing a faster rate than we’ve ever experienced before. Hackers are inventing new ways to attack businesses and cybersecurity experts are relentlessly trying to find new ways to protect them. Cost businesses approximately $45 billion, cyber-attacks can be disastrous for businesses, causing adverse financial and non-financial effects. Cyber-attacks can also result in loss of sensitive data, never-ending lawsuits, and a smeared reputation. 

     

    With cyber-attack rates on the rise, companies need to up their defenses. Businesses should take the time to brush up on cybersecurity trends for the upcoming year, as this information could help them prepare and avoid becoming another victim of a malicious attack. Given the importance of cyber security in the current world, we’ve gathered a list of the top trends seen in cybersecurity this year and what you can expect in 2021.

    INCREASE IN SPENDING

     

    It’s no secret that cybersecurity spending is on the rise. It has to be in order to keep up with rapidly changing technology landscape we live in. For example, in 2019 alone, the global cyber security spending was estimated to be around $103 billion, a 9.4% increase from 2018. This year the US government spent $17.4 billion on cybersecurity, a 5% increase from 2019. Even more alarming is the fact that cybercrime is projected to exceed $6 trillion annually by 2021 up from $3 trillion in 2015. The most significant factor driving this increase is the improved efficiency of cybercriminals. The dark web has become a booming black market where criminals can launch complex cyberattacks.  With lower barriers to entry and massive financial payoffs, we can expect cybercrime to grow well into the future.

     

    Learn more about how Microsoft is teaming up with US National Security to defeat threatening malware bot.

    COMPANIES CONTINUE TO LEARN

     

    Demand for cybersecurity experts continued to surpass the supply in 2020. We don’t see this changing anytime soon either. Amidst this trend, security experts contend with considerably more threats than ever before. Currently, more than 4 million professionals in the cybersecurity field are being tasked with closing the skills gap. Since the cybersecurity learning curve won’t be slowing anytime soon, companies must come to grips with strategies that help stop the shortage of talent. Options include cross-training existing IT staff, recruiting professionals from other areas, or even setting the job qualifications at appropriate levels in order to attract more candidates. 

     

    Most organizations are starting to realize that cybersecurity intelligence is a critical piece to growth Understanding the behavior of their attackers and their tendencies can help in anticipating and reacting quickly after an attack happens. A significant problem that also exists is the volume of data available from multiple sources. Add to this the fact that security and planning technologies typically do not mix well. In the future, expect continued emphasis on developing the next generation of cyber security professionals.

    THE INFLUENCE OF MACHINE INTELLIGENCE DEVELOPS

     

    Artificial Intelligence (AI) and Machine Learning (ML) are progressively becoming necessary for cybersecurity. Integrating AI with cybersecurity solutions can have positive outcomes, such as improving threat and malicious activity detection and supporting fast responses to cyber-attacks. The market for AI in cybersecurity is growing at a drastic pace. In 2019, the demand for AI in cybersecurity surpassed $8.8 billion, with the market is projected to grow to 38.2 billion by 2026. 

     

    Find out how the US military is integrating AI and ML into keeping our country safe.

    MORE SMALL BUSINESSES INVEST IN CYBER PROTECTION

     

    When we think of a cyber-attack occurring, we tend to envision a multibillion-dollar conglomerate that easily has the funds to pay the ransom for data retrieval and boost its security the next time around. Surprisingly, 43% of cyber-attacks happen to small businesses, costing them an average of $200,000. Sadly, when small businesses fall victim to these attacks, 60% of them go out of business within six months.

     

    Hackers go after small businesses because they know that they have poor or even no preventative measures in place. A large number of small businesses even think that they’re too small to be victims of cyber-attacks. Tech savvy small businesses are increasingly taking a preventative approach to cybersecurity. Understanding that like big organizations, they are targets for cybercrimes, and therefore adapting effective cybersecurity strategies. As a result, a number of small businesses are planning on increasing their spending on cybersecurity and investing in information security training.

     

    We have the ultimate cure to the ransomware epidemic plaguing small business.

    CYBER-ATTACKS INCREASE ON CRITICAL INFRASTRUCTURES

     

    Utility companies and government agencies are extremely critical the economy because they offer support to millions of people across the nation. Critical infrastructure includes public transportation systems, power grids, and large-scale constructions. These government entities store massive amounts of personal data about their citizens. such as health records, residency, and even bank details. If this personal data is not well protected, it could fall in the wrong hands resulting in breaches that could be disastrous. This is also what makes them an excellent target for a cyber-attack. 

     

    Unfortunately, the trend is anticipated to continue into 2021 and beyond because most public organizations are not adequately prepared to handle an attack. While governments may be ill prepared for cyber-attacks, hackers are busy preparing for them. 

     

    Curious About the Future of all Internet Connected Devices? Read Our Blog here

    WHAT CAN WE LOOK FORWARD TO IN 2021?

    Going forward into a new year, it’s obvious that many elements are coming together to increase cyber risk for businesses. Industry and economic growth continue to push organizations to rapid digital transformation, accelerating the use of technologies and increasing exposure to many inherent security issues. The combination of fewer cyber security experts and an increase of cyber-crime are trends that will continue for some time to come. Businesses that investment in technologies, security, and cybersecurity talent can greatly reduce their risk of a cyber-attack and  increase the likelihood that cybercriminals will look elsewhere to manipulate a less prepared target.

    4G on the Moon – NASA awards Nokia $14 Million

    Cellular Service That’s Out of This World

    As soon as 2024, we may be seeing humans revisit the moon. Except this time, we should be able to communicate with them in real time from a cellular device. Down here on Earth, the competition between telecom providers is as intense as ever. However, Nokia may have just taken one giant leap over its competitors, with the announcement of expanding into a new market, winning a $14.1 million contract from Nasa to put a 4G network on the moon.

    Why put a communications network on the moon?

    Now, you may be wondering, “why would we need a telecommunications network on the mood?” According to Nokia Labs researchers, installing a 4G network on the surface of Earth’s natural satellite will help show whether it’s possible to have human habitation on the moon. By adopting a super-compact, low-power, space-hardened, wireless 4G network, it will greatly increase the US space agency’s plan to establish a long-term human presence on the moon by 2030. Astronauts will begin carrying out detailed experiments and explorations which the agency hopes will help it develop its first human mission to Mars.

    Nokia’s 4G LTE network, the predecessor to 5G, will deliver key communication capabilities for many different data transmission applications, including vital command and control functions, remote control of lunar rovers, real-time navigation and streaming of high definition video. These communication applications are all vital to long-term human presence on the lunar surface. The network is perfectly capable of supplying wireless connectivity for any activity that space travelers may need to carry out, enabling voice and video communications capabilities, telemetry and biometric data exchange, and deployment and control of robotic and sensor payloads.

    Learn more about “radiation-hardened” IT equipment used by NASA in our blog.

    How can Nokia pull this off?

    When it comes to space travel and moon landings in the past, you always hear about how so much can go wrong. Look at Apollo 13 for instance. Granted, technology has vastly improved in the past half century, but it still seems like a large feat to install a network on the moon. The network Nokia plans to implement will be designed for the moon’s distinctive climate, with the ability to withstand extreme temperatures, radiation, and even vibrations created by rocket landings and launches. The moon’s 4G network will also use much smaller cells than those on Earth, having a smaller range and require less power.

    Nokia is partnering with Intuitive Machines for this mission to integrate the network into their lunar lander and deliver it to the lunar surface. The network will self-configure upon deployment and establish the first LTE communications system on the Moon. Nokia’s network equipment will be installed remotely on the moon’s surface using a lunar hopper built by Intuitive Machines in late 2022.

    According to Nokia, the lunar network involves an LTE Base Station with integrated Evolved Packet Core (EPC) functionalities, LTE User Equipment, RF antennas and high-reliability operations and maintenance (O&M) control software. The same LTE technologies that have met the world’s mobile data and voice demands for the last decade are fully capable of providing mission critical and state-of-the-art connectivity and communications capabilities for the future of space exploration. Nokia plans to supply commercial LTE products and provide technology to expand the commercialization of LTE, and to pursue space applications of LTE’s successor technology, 5G.

    Why did Nokia win the contract to put a network on the moon?

    An industry leader in end-to-end communication technologies for service provider and enterprise customers all over the world, Nokia develops and provides networks for airports, factories, industrial, first-responders, and the harshest mining operations on Earth. Their series of networks have far proven themselves reliable for automation, data collection and dependable communications. By installing its technologies in the most extreme environment known to man, Nokia will corroborate the solution’s performance and technology readiness, enhancing it for future space missions and human inhabiting.

    Introducing the Apple M1 Chip

    Over 35 years ago in 1984, Apple transformed personal technology with the introduction of the Macintosh personal computer. Today, Apple is a world leader in innovation with phones, tablets, computers, watches and even TV. Now it seems Apple has dived headfirst into another technological innovation that may change computing as we know it. Introducing the Apple M1 chip. Recently, Apple announced the most powerful chip it has ever created, and the first chip designed specifically for its Mac product line. Boasting industry-leading performance, powerful features, and incredible efficiency, the M1 chip is optimized for Mac systems in which small size and power efficiency are critically important.

    The First System on a Chip

    If you haven’t heard of this before, you’re not alone. System on a chip (SoC) is fairly new. Traditionally, Macs and PCs have used numerous chips for the CPU, I/O, security, and more. However, SoC combines all of these technologies into a single chip, resulting in greater performance and power efficiency. M1 is the first personal computer chip built using cutting-edge 5-nanometer process technology and is packed with an eyebrow raising 16 billion transistors. M1 also features a unified memory architecture that brings together high-bandwidth and low-latency memory into a custom package. This allows all of the technologies in the SoC to access the same data without copying it between multiple pools of memory, further improving performance and efficiency.

    M1 Offers the World’s Best CPU Performance

    Apple’s M1 chip includes an 8-core CPU consisting of four high-performance cores and four high-efficiency cores. They are the world’s fastest CPU cores in low-power silicon, giving photographers the ability to edit high-resolution photos with rapid speed and developers to build apps almost 3x faster than before. The four high-efficiency cores provide exceptional performance at a tenth of the power. Single handedly, these four cores can deliver a similar output as the current-generation, dual-core MacBook Air, but at much lower power. They are the most efficient way to run lightweight, everyday tasks like checking email and surfing the web, simultaneously maintaining battery life better than ever. When all eight of the cores work together, they can deliver the world’s best CPU performance per watt.

    Wondering how to sell your inventory of used CPUs and processors? Let us help.

    The World’s Sharpest Unified Graphics

    M1 incorporates Apple’s most advanced GPU, benefiting from years of evaluating Mac applications, from ordinary apps to demanding workloads. The M1 is truly in a league of its own with industry-leading performance and incredible efficiency. Highlighting up to eight powerful cores, the GPU can easily handle very demanding tasks, from effortless playback of multiple 4K video streams to building intricate 3D scenes. Having 2.6 teraflops of throughput, M1 has the world’s fastest integrated graphics in a personal computer.

    Bringing the Apple Neural Engine to the Mac

    Significantly increasing the speed of machine learning (ML) tasks, the M1 chip brings the Apple Neural Engine to the Mac. Featuring Apple’s most advanced 16-core architecture capable of 11 trillion operations per second, the Neural Engine in M1 enables up to 15x faster machine learning performance. With ML accelerators in the CPU and a powerful GPU, the M1 chip is intended to excel at machine learning. Common tasks like video analysis, voice recognition, and image processing will have a level of performance never seen before on the Mac.

    Upgrading your inventory of Macs or laptops? We buy those too.

    M1 is Loaded with Innovative Technologies

    The M1 chip is packed with several powerful custom technologies:

    • Apple’s most recent image signal processor (ISP) for higher quality video with better noise reduction, greater dynamic range, and improved auto white balance.
    • The modern Secure Enclave for best-in-class security.
    • A high-performance storage controller with AES encryption hardware for quicker and more secure SSD performance.
    • Low-power, highly efficient media encode and decode engines for great performance and prolonged battery life.
    • An Apple-designed Thunderbolt controller with support for USB 4, transfer speeds up to 40Gbps, and compatibility with more peripherals than ever.
    Scroll to top