Connect with us

Tech

Microsoft's Smith: SolarWinds Attack Involved 1,000 Developers – BankInfoSecurity.com

Published

 on


Cyberwarfare / Nation-State Attacks
,
Forensics
,
Fraud Management & Cybercrime

Supply Chain Attack Likely Continues, He Tells ’60 Minutes’

Microsoft's Smith: SolarWinds Attack Involved 1,000 Developers
Microsoft President Brad Smith (Photo: Microsoft)

More than 1,000 developers likely worked on rewriting code for the massive SolarWinds supply chain attack that affected many companies and U.S. government agencies, Microsoft President Brad Smith said in a Sunday interview, pointing out the attack is most likely continuing.

See Also: Behavior Profiling & Fraud

In an interview with CBS News’ “60 Minutes,” Smith said the supply chain attack was “the largest and most sophisticated attack the world has ever seen.”

The U.S. federal agencies investigating the attack, which targeted Microsoft and other technology and cybersecurity companies, say it was likely a cyberespionage campaign waged by Russian hackers (see: SolarWinds Attack: Pointing a Finger at Russia). Some investigators have said that Russia’s SVR foreign intelligence service may have been behind the hacking campaign.

In the interview, Smith noted that Russia had previously developed these types of cyber tactics to target Ukraine in 2017.

The supply chain attack “exposes the secrets potentially of the United States and other governments as well as private companies. I don’t think anyone knows for certain how all of this information will be used. But we do know this: It is in the wrong hands,” Smith said.

The Biden administration recently appointed Anne Neuberger, the deputy national security adviser for cyber and emerging technology, to coordinate the investigation into the supply chain attack following criticism from two senators that the probe, which involves four agencies, has lacked coordination and transparency (see: White House Taps Neuberger to Lead SolarWinds Probe).

Started With a Backdoor

The hackers planted a backdoor known as “Sunburst” within SolarWinds’ Orion network monitoring software, which then spread when about 18,000 of the company’s customers downloaded updates.

Intelligence experts have suggested that about 300 organizations may have been hit with follow-on, more advanced attacks, which could have led to data exfiltration and eavesdropping, including email inbox access. Those attacks were fueled by the installation of second-stage malware called Teardrop.

Smith noted that while it was not as disruptive to daily life as the Russian NotPetya attack that targeted Ukraine in 2017, the SolarWinds supply chain attack illustrates how hackers can persist.

As a result of the NotPetya attack in Ukraine, Smith says, “Ukranian television stations couldn’t produce their shows because they relied on computers. Automated teller machines stopped working. Grocery stores couldn’t take a credit card. Now, what we saw with this [SolarWinds] attack was something that was more targeted. But it just shows how if you engage in this kind of tactic, you can unleash an enormous amount of damage and havoc.”

Saying that the SolarWinds supply chain attack likely continues, Smith said the only way to know, for certain, that malware is completely removed from the infrastructure is for affected organizations to rip and replace nearly all affected computers and network gear, Smith says (see: CISA Warns SolarWinds Incident Response May Be Substantial).

FireEye’s Discovery

The security firm FireEye was the first company to notice the supply chain attack after its penetration testing tools were stolen.

The investigation later revealed that several U.S. federal agencies, including the Justice, Treasury, Homeland Security, Commerce and Energy departments, as well as parts of the Pentagon, were also affected by the hacking campaign. These agencies all apparently used SolarWinds’ Orion as part of their IT infrastructure.

Smith noted in the TV interview that the hackers appear to have rewritten about 4,000 lines of code that were part of the Orion software update, which shows the level of sophistication needed to pull off such as an attack.

Smith also pointed out that the hacking group planted additional backdoors following the initial attack. Security firms have revealed that malware, in addition to Teardrop, included Sunspot and Raindrop (see: ‘Raindrop’ Is Latest Malware Tied to SolarWinds Hack).

What Was Entry Point?

Microsoft’s security team recently said that the Office 365 suite of products did not serve as an initial entry point for the SolarWinds attackers.

SolarWinds CEO Sudhakar Ramakrishna noted that the investigation could not point to a specific vulnerability in Office 365 as part of the attack, but he said that the hackers may have compromised an email account that allowed them to gain the initial access into the network before planting a backdoor into the Orion software.

Acting CISA Director Brandon Wales told The Wall Street Journal that the SolarWinds attackers likely gained access to targets using a multitude of methods, including password spraying.

‘Did We Take Our Eyes Off the Ball?’

Anthony Ferrante, former director for cyber incident response at the National Security Council at the White House, notes: “This cyberattack is the exact type of threat I worried about when I was at the White House – a nation-state threat that infects the software supply chain. And now it’s here and it’s affecting not just the U.S. government but some of its most sensitive interests, as well as private sector organizations.”

Ferrante, who is now global head of cybersecurity at FTI Consulting, adds: “We were given so much confidence going into the presidential election that the U.S. government had insight into what nation-states might do. But does this attack suggest that we didn’t actually know everything? Did we take our eyes off the ball?”

Let’s block ads! (Why?)



Source link

Continue Reading

Tech

SpaceX Moon Flight: Follow These Steps To Win a Seat To A Trip to the Moon – MySmartPrice

Published

 on


Japanese billionaire Yusaku Maezawa has announced a competition to pick eight co-passengers for his trip to the moon. The trip will occur in two years when fellow billionaire Elon Musk is expected to kick off his moon mission, in SpaceX’s Starship rocket. Maezawa had created history back in 2018 by becoming the first person to pay for the trip. Of course, the mission may be delayed still, but Maezawa seems bullish on its completion. The announcement was made via a video, in which he says humankind will once again head to the Moon in 2023. The mission will have 10 to 12 people in total, but Maeawa is opening 8 of those seats to anyone in the world.

[embedded content]

How to apply to go to the moon

The steps to apply are easy enough, but one must remember that a moon mission isn’t the easiest thing for just anyone to achieve. Here’s what you need to do.

  • Open the dearMoon website, a site that Maezawa has setup to bring new information for the project.
  • The homepage of the website consists of the registration form, which includes your name, country, email address and a picture. You also need to tell them which social platforms you follow Maezawa on. The website also mentions that those who pre-register will receive an email about the selection process.
  • You will also get a certificate signifying that you were a candidate for the crew.

What is the dearMoon project?

Maezawa named his trip the dearMoon project and hasn’t clarified what the mission is meant to achieve. That’s an important note, since mission goals usually determine who will be picked for the mission. As mentioned before, it will take 10 to 12 people up to the Moon on the SpaceX Starship, which the company has been developing since 2012. It’s meant to be one of the first passenger missions to the moon. Elon Musk has also been planning a similar trip to Mars sometime in future. 

Having private flyers is part of the way SpaceX funds its programs and the 2023 mission is expected to be the first time when man sets foot on the Moon since the Apollo 17 mission back in 1972. Maezawa had originally said he wants to take “artists” with him, but added in this video that anyone doing something “creative” would be called an artist.

The common MySmartPrice staff byline for news, features, comparisons, and reviews written by contributing authors.

Let’s block ads! (Why?)



Source link

Continue Reading

Tech

Screened out by a computer? What job interviews are like without human beings – CBC.ca

Published

 on


As the coronavirus pandemic continues, job-seekers expect to attend employment interviews online. But increasingly, the employers and recruiters looking to hire are sitting those same interviews out.

Instead of asking candidates questions face-to-face, many hiring managers are now relying on asynchronous video interview (AVI) platforms that have candidates record answers to questions under a countdown timer.

  • The Cost of Living ❤s money — how it makes (or breaks) us.
    Catch us Sundays on CBC Radio One at 12:00 p.m. (12:30 p.m. NT).

    We also repeat the following Tuesday at 11:30 a.m. in most provinces.

AVIs, which are also called one-way or on-demand interviews, have been around for years but their use has surged during the pandemic. 

A spokesperson for the American company HireVue, one of the larger companies operating in the market, said the company has seen a 24 per cent increase for its on-demand video interviews during the past year.

VidCruiter’s platform can eliminate the need for logistics such as scheduling interviews, because candidates interview with the automated system at their home on their own timeline. (Submitted by Carlos DaPonte/VidCruiter)

In the same time period, Toronto-based Knockri quadrupled its customers, and Moncton-based VidCruiter doubled its staff.

A representative with VidCruiter told CBC Radio’s The Cost of Living it used to earn 99 per cent of its revenue from clients outside Canada, but that has changed in the past three years. The company said its clients include the CBC, Canadian universities, big corporations — such as Lowe’s — and the federal government. 

Candidates may find one-way interviews uncomfortable, and some experts pose questions over fairness, privacy, bias and the use of artificial intelligence. Despite these concerns, industrial-organizational psychologists predict the one-way job interview format is not going away.

Why hiring managers like the one-way interview

Using AVIs can eliminate having to navigate complicated and conflicting schedules, because candidates complete them on their own time. They can also cut travel costs if candidates are screened out before having to meet a potential employer in person.

One of the reasons why a lot of companies are turning to this technology is because of efficiency.– Edwin Torres, University of Central Florida

Timed questions also force candidates to be more succinct with their answers than they might be in traditional interviews. 

Edwin Torres, a professor in the Rosen College of Hospitality management at the University of Central Florida, has interviewed hiring managers from hospitality companies using AVIs.

“One of the reasons why a lot of companies are turning to this technology is because of efficiency,” he said.

In addition, video recordings mean employers can re-watch interviews and share them with colleagues.

Job-seekers are not as keen on them

Companies claim AVIs can level the playing field by standardizing job interviews, but some candidates have expressed mixed feelings about the format.

Beatriz Gascon, a student majoring in biochemistry and molecular biology at the University of British Columbia’s Okanagan Campus, struggled during an AVI interview for an internship at genetic sequencing company Illumina, based in the United Kingdom.

Beatriz Gascon was not a fan of her asynchronous interview for an internship. (Submitted by Beatriz Gascon)

Gascon said she appreciated being able to re-record answers on the HireVue platform, but she froze during her second attempt answering a difficult question.

The platform submitted her second attempt, but she did not get the internship.

Gascon said she prefers face-to-face interviews because talking to a person calms her nerves and the format is more forgiving.

“Usually you have time to make small talk or repeat the question back to yourself,” she said but was frustrated that during her timed, one-way interview there was no way to do that, and no time to waste at even going over a question a second time.

Experts find some won’t complete AVIs

According to researchers at the University of Calgary, some candidates are so against one-way interviews in this format, they refuse to complete them.

“There are a number of people who feel very passionately negative,” said Joshua Bourdage, an associate professor of psychology at the University of Calgary.

Companies using AVIs don’t need to bring candidates together like they might have pre-pandemic, as illustrated in this stock photo. (Shutterstock / fizkes)

Bourdage and PhD candidate Eden-Raye Lukacik are researching perceptions of AVIs, including searching and scraping websites for comments about the interview format and then analyzing the emotions conveyed.

Many commenters complained that the AVI process may be more efficient for companies, but the interviews signal an unwillingness to invest time in speaking with applicants.

According to Bourdage, many job-seekers are interpreting this as a signal of what it would be like to work at a company that uses an AVI process.

How are the videos and recordings judged?

Since companies’ algorithms are proprietary and not shared publicly, neither candidates nor academics can fully understand how the recorded videos are evaluated. 

Many companies use AVIs as a screening tool before scheduling face-to-face interviews with short-listed candidates, and some use artificial intelligence to rate what candidates say and how they say it.

Artificial intelligence, or AI, can scan for keywords as well as analyze body language and facial expressions.

AI’s advocates claim it can reduce unconscious bias if trained to ignore things like race and gender but this isn’t universally accepted.

“The problem with that technology is that it has biases built into it,” said Sean Fahey, CEO of VidCruiter.

The company’s own research found speech patterns varied in different regions in the U.S. and Canada. For example, an AI system programmed by someone who lived in one of those regions would automatically have a bias according to Fahey.

VidCruiter decided not to use AI in its product until the technology has been proven not to discriminate.

Researchers agree that artificial intelligence can be biased based on who programs it.

“As long as we train those systems on human ratings, on what the human raters tell us about those interviews, it’s so easy to have biases in this data,” said Markus Langer, a postdoctoral researcher in industrial-organizational psychology at Saarland University in Germany.

Langer, who researches AI and asynchronous interviews, said identifying biases is easier with a large and diverse dataset — something that isn’t always available.

How can candidates prepare?

Though Canadians may be comfortable recording videos in a social context, many are unprepared for AVIs according to Kimberley Black, a researcher who hopes to change that.

“Preparation for asynchronous video interviews needs to be a mandatory part of the curriculum now,” said Black, whose recently-defended masters thesis for Ontario Tech University focused on preparing students for asynchronous and one-way interviews.

Ontario Tech University researcher Kimberley Black wants to see asynchronous interview preparation become a mandatory subject for students. (Submitted by Kimberley Black)

Black had college students complete AVIs and critique their peers’ interviews. According to her, the experience led many to realize how much they could improve.

She recommends candidates wear professional clothing, smile, record in front of a neutral background, use hand gestures, and remember to look straight into the camera lens while speaking.

If struggling with that last tip, Black suggests taping a sticky note with a smiley face by the len.

At the University of Calgary, researcher Eden-Raye Lukacik recommends practicing, either by using the interview platform itself where possible or through a practice tool offered by her lab.

Lukacik also said candidates should also present themselves honestly, and pick a time and space that works best for them as they have an edge.

“You kind of get home-court advantage because you’re in your own house.” 


Written and produced by Madeleine Cummings.
Click “listen” at the top of the page to hear this segment, or 
download the Cost of Living podcast.

The Cost of Living airs every week on CBC Radio One, Sundays at 12:00 p.m. (12:30 NT).

Let’s block ads! (Why?)



Source link

Continue Reading

Tech

City to bring back shared-use streets for physical distancing outdoors – CTV Edmonton

Published

 on


EDMONTON —
The City of Edmonton is putting the finishing touches on a plan to turn some of its streets into shared-use spaces like it did in 2020 at the onset of the pandemic.

Edmonton’s lead urban strategist said a “set of locations similar to 2020 will be implemented with some changes based on previous observed activities” beginning in the spring.

According to Charity Dyke, her team is finishing consulting with stakeholders to finalize the list.

In 2020, 28 kilometres of shared space was found through lane and street closures, like on Saskatchewan Drive and Victoria Promenade.

“Feedback received included appreciation of the extra space provided to Edmontonians to get outside for both recreation and essential trips and desire from some groups for space to be provided on a larger number of roadways,” Dyke said.

“I think it’s a great idea, especially in high-traffic areas,” Summit Drive resident Val Guiltner told CTV News Edmonton. “It does make space for people to ride their bikes and have their strollers out and go for runs in groups, go for bike rides in groups.”

But a resident of a neighbouring community, Scott Mather, found only some of the 2020 shared-space accommodations useful.

Of the hill going past the Victoria Golf Course he said, “That gets a ton of human traffic, so that one totally made sense.”

But if the city were to consider turning Summit Drive into a shared-use path, Mather commented, “We use this street a ton and quite honestly, this sidewalk’s probably sufficient. Our goal is just to get into the river valley and there’s no traffic there.”

LOOKING FOR FEEDBACK

Ward 1 Coun. Andrew Knack asked city administration earlier in the week about expanding the 2020 project.

He considers last year’s experiment mostly successful, noting there were challenges on arterial roads where a lane was taken away.

It’s being left to communities to approach the city if they feel there is a need for a shared-use path there.

“If we have a community that says, ‘Hey, here’s a roadway that gets a lot of foot traffic, gets a lot of bike traffic and it’s a local road,'” Knack said, “why not give them the opportunity to say, ‘Hey, we could designate this a shared street?””

He expects consultations and planning to take another month before any announcements are made.

But, he said there may be potential for the idea to become permanent.

“I think it’s a great opportunity for a long-term way to help with getting people active. I actually think they also have the opportunity to help with traffic safety concerns.”

In 2020, the shared-use paths were active from April to the end of October at a cost of about $119,500 to the city.

That price, Dyke noted, related to putting up signs, was another concern the city was looking to address in 2021.

She also said traffic levels had returned to near pre-pandemic volumes by the end of the fall, when they started to decrease as the province introduced more restrictions. Currently, traffic volumes sit about 19 per cent lower than normal.

According to a University of Alberta study of the effectiveness and safety of the expanded path system, there was a 52 per cent reduction in the number of physical-distancing violations for Saskatchewan Drive, and a 25 per cent reduction on Victoria Promenade. 

Also like last year, the city will continue allowing businesses to expand their patio or storefront onto public street or sidewalk space in 2021.

With files from CTV News Edmonton’s Amanda Anderson 

Let’s block ads! (Why?)



Source link

Continue Reading

Trending