Archive for the ‘Security and Compliance’ category

Malicious tech support ads – Windows 10 users beware.

August 13th, 2017

1. On Tuesday, Microsoft’s Malware Protection Center announced that it had learned about new strategies to target those using Windows 10 via links that lead to fraudulent tech support sites.
2. Zdnet reports that the scam involves a series of malicious ads that redirect victims to a fake tech-support page, in which Windows 10 users are presented with a display of fake Blue Screen of Death (BSOD) or other bogus Windows security alerts
3. Once users have clicked on the link that leads to the fraudulent website, they are presented with a host of security-alert popups that aim to drive users to contact the bogus support call center.
To report a scam https://support.microsoft.com/en-us/contactus/

To prevent these kinds of attacks, Microsoft’s Windows 10, Outlook.com, Edge, and Exchange Online Protection include security features to block the fake tech support sites and fraudulent emails.

According to Microsoft, Edge users can prevent dialog loops by blocking a certain page from multiplying.
A new Edge feature gives users the ability to shut down browsers or tabs when facing a suspicious-looking popup message.

According to Microsoft,each month “…at least three million users of various platforms and software encounter tech support scams”.
the scam new techniques introduce a different layer to the mix, and embed links in phish-like emails—and represent a step up from the previous methods used by scammers, potentially leading to a wider pool of victims

Docs.com – New Microsoft documentation portal

August 6th, 2017

Microsoft Corporation has provisioned a new portal for all their application/framework documentation and are also placing the ability to add to that content.

The new docs.microsoft.com rolled out recently for their documentation for each of the following topic groups arranged by product line/focus:
• SQL
• Windows
• Microsoft Azure
• Visual Studio
• Office
• .NET
• ASP.NET
• Dynamics 365
• Enterprise Mobility + Security
• nuget
• Xamarin

So no longer navigate to msdn.microsoft.com. The central portal leads to additional functionality and information sharing not previously offered.

Microsoft 365 – August 2017 – ask Synergy Software Systems, Dubai

July 31st, 2017

At Inspire, earlier this month Satya Nadella unveiled Microsoft 365, which brings together Office 365, Windows 10 and Enterprise Mobility + Security, delivering a complete, intelligent and secure solution to empower employees. It represents a fundamental shift in how we will design, build and go to market to address our customers’ needs for a modern workplace.

Microsoft introduced Enterprise and Business editions. It’s in public preview on 2nd August 2017, and will. generally available in autumn 2017, priced at $20 per user per month.

– Enterprise edition replaces Secure Productive Enterprise and will be available as an E3 or E5 plan from 1st August 2017.

– Business edition is new, and is aimed at organizations with less than 300 users who want Office 365 Business Premium with security/management features from Windows 10 and EMS, as well as some new applications such as Microsoft Connections.

The workplace is transforming—from changing employee expectations, to more diverse and globally distributed teams, to an increasingly complex threat landscape. A new culture of work emerging as companies look to empower their people with innovative technology. Think of Dubai’s ‘smart government” and trends like SMAC and BYOD.

Think also of the challenges for security in this ‘brave new world’ of organised ransomware and phishing attacks. With more than 100 million commercial monthly active users of Office 365, and more than 500 million Windows 10 devices in use, Microsoft 365 helps companies to empower their employees, to unlock business growth and innovation, while keeping the enterprise secure.

1, 2017.

Microsoft 365 Enterprise is built on the foundation of the highly successful Secure Productive Enterprise, which grew seats by triple digits in the last year.

Microsoft 365 Business is designed for small- to medium-sized businesses with up to 300 users and integrates Office 365 Business Premium with tailored security and management features from Windows 10 and Enterprise Mobility + Security. It offers services to empower employees, safeguard the business and simplify IT management.

Microsoft 365 Business:
• Helps companies achieve more together by better connecting employees, customers and suppliers.
• Empowers employees to get work done from anywhere, on any device.
• Protects company data across devices with always-on security.
•Simplifies the set-up and management of employee devices and services with a single

VAT for the U.A.E. some updates – July 2017

July 15th, 2017

Any taxable person must retain VAT invoices issued and received for a minimum of 5 years.

Imports
The place of supply will determine whether a supply is made within the UAE (in which case the UAE VAT law will apply), or outside the UAE for VAT purposes. For a supply of goods, the place of supply should be the location of goods when the supply takes place – with special rules for certain categories of supplies (e.g. water and energy, cross border supplies).

For the supply of services, the place of supply should be where the supplier is established – (with special rules for certain categories of supplies e.g. cross border supplies between businesses).

VAT shall be payable in addition to the custom duties paid by the importer of the goods and cannot be deducted against. VAT shall be computed on the value that includes the customs duties.

Some goods that are imported may be exempt from customs duties but be subject to VAT.

VAT is due on the goods and services purchased from abroad. In case the recipient in the State is a registered person with the Federal Tax Authority for VAT purposes, the VAT would be due on that import using a reverse charge mechanism. In case the recipient in the State is a non-registered person for VAT purposes, VAT would be paid on import of goods from a place outside the GCC. Such VAT will typically be required to be paid before the goods are released to the person.

Exempt and zero rate
- The VAT treatment of real estate will depend on whether it is a commercial or residential property.
Supplies (including sales or leases) of commercial properties will be taxable at the standard VAT rate (i.e 5%).
- Supplies of residential properties will generally be exempt from VAT to ensure that VAT does not constitute an irrecoverable cost to persons who buy their own properties. To ensure that real estate developers can recover VAT on construction of residential properties, the first supply of residential properties within 3 years from their completion will be zero-rated.

There is a difference between exempt goods and zero rate. (for example zero rate might be raised in future).
VAT will be charged at 0% in respect of the following main categories of supplies:
• Exports of goods and services to outside the GCC;
• International transportation, and related supplies;
• Supplies of certain sea, air and land means of transportation (such as aircrafts and ships);
• Certain investment grade precious metals (e.g. gold, silver, of 99% purity);
• Newly constructed residential properties, that are supplied for the first time within 3 years of their construction ;
• Supply of certain education services, and supply of relevant goods and services;
• Supply of certain Healthcare services, and supply of relevant goods and services.

The following categories of supplies will be exempt from VAT:
• The supply of some financial services (clarified in VAT legislation);
• Residential properties;
• Bare land;
• Local passenger transport

Financial Services
It is expected that fee based financial services will be taxed but margin based products are likely to be exempt.
Generally, insurance (vehicle, medical, etc) will be taxable.
Life insurance, we understand will be treated as an exempt financial service

The VAT treatment of standard financial services and Islamic finance products, the treatment of Islamic finance products will be aligned with the treatment of similar standard financial services

Businesses that meet requirements the Legislation (such as being resident in the UAE and being related/associated parties) will be able to register as a VAT group. For some businesses, VAT grouping will be a useful tool to simplify accounting for VAT.

Offsetting VAT.
VAT registered businesses will be able to reduce their output tax liability by the amount of VAT that relates to bad debt which has been written off by the VAT registered business. The legislation will include the conditions and limitations concerning the use of this relief.

A scheme will be introduced to allow a UAE national who is not registered for VAT to reclaim VAT paid on goods and services relating to constructing a new residence which will be privately used by the person and his family. This will allow the recovery of VAT on such expenses as contractor’s services and building materials.

To avoid double taxation (where second hand goods are acquired by a registered person from an unregistered person for the purpose of resale), the VAT-registered person will be able to account for VAT on sales of second hand goods with reference to: the difference between the purchase price of the goods, and the selling price of the goods (that is, the profit margin).

The VAT which must be accounted for by the registered person, will be included in the profit margin. The legislation will include the details of the conditions to be met in order to apply this mechanism.

VAT on expenses
A VAT registered person incurs input tax on its business expenses, and this input tax can be recovered in full when it relates to a taxable supply that was made, or intended to be made, by the registered person. In contrast, where the expense relates to a non-taxable supply (e.g. exempt supplies), then the registered person may not recover the input tax paid.

VAT will not be deductible in respect of expenses incurred for making non-taxable supplies. Furthermore, input tax cannot be deducted when it is incurred in respect of specific expenses such as entertainment expenses e.g. for employee entertainment.

VAT on expenses that were incurred by a business can be deducted in the following circumstances:
• The business must be a taxable person (the end consumer cannot claim any input tax refund).
• VAT should have been charged correctly (i.e. unduly charged VAT is not recoverable).
• The business must hold documentation showing the VAT paid (e.g. valid tax invoice).
• The goods or services acquired are used or intended to be used for making taxable supplies.
• VAT input tax refund can be claimed only on the amount paid or intended to be paid before the expiration of 6 months after the agreed date for the payment of the supply.

In certain situations, an expense may relate to both taxable and non-taxable supplies made by the registered person (such as activities of the banking sector). In these circumstances, the registered person would need to apportion input tax between the taxable and non-taxable (exempt) supplies.

Businesses will be expected to use input tax (ratio of recoverable to total) as a basis for apportionment in the first instance – (there will be the facility to use other methods where those are fair and agreed with the Federal Tax Authority).

Compliance and returns
Penalties will be imposed for non-compliance. Examples of actions and omissions that may give raise to penalties include:
• A person failing to register when required to do so;
• A person failing to submit a tax return or make a payment within the required period;
• A person failing to keep the records required under the issued tax legislation;
• Tax evasion offences where a person performs a deliberate act or omission with the intention of violating the provisions of the issued tax legislation.

No special rules are planned for small or medium sized enterprises. The FTA will provide materials and resources available for these entities to assist them in their enquiries.

A supplier registered or required to be registered for VAT must issue a valid VAT invoice for the supply. To be considered as a valid VAT invoice, the document must follow a specific format as mentioned in the legislation. In certain situations the supplier may be able to issue a simplified VAT invoice.

Government entities
Supplies made by government entities will typically be subject to VAT. This will ensure that government entities are not unfairly advantaged as compared to private businesses. Certain supplies made by government entities will, however, be excluded from the scope of VAT if they are not in competition with the private sector or where the entity is the sole provider of such supplies. It is likely certain government entities will be entitled to VAT refunds – this is designed to avoid budgeting issues and provide a level playing field between outsourced and insourced activities. For the supplies provided for government entities, the treatment of such supplies shall depend on the same supply and not on the recipient of the supply. Therefore, if the supply is subject to the standard tax rate, the treatment would remain the same even if it is provided to a government entity.

Transitional rules
Special rules will be provided to deal with various situations that may arise in respect of supplies that span the introduction of VAT. For example:
• Where a payment is received in respect of a supply of goods before the introduction of VAT, but the goods are actually delivered after the introduction of VAT. This means that VAT will have to be charged on such supplies. Likewise, special rules will apply with regards to supplies of services spanning the introduction of VAT.
• Where a contract is concluded prior to the introduction of VAT in respect of a supply, which is wholly or partly made after the introduction of VAT, and the contract does not contain clauses relating to the VAT treatment of the supply, then consideration for the supply will be treated as inclusive of VAT.

There will, however, be special provisions to allow suppliers to charge VAT in situations where their recipient is able to recover their VAT but where there is no VAT clause.

Payments and claims
Note that VAT will be payable in full not after netting off input tax which will then have to be claimed. This is more of a challenge for cash flow and business risk, especially given the penalties for late payments.
Refunds will be made after the receipt of the application and will be subject to verification checks, with a particular focus to avoid fraud.

The FTA may provide its views on various matters in the law. Taxpayers may choose to challenge these views. However, penalties may be imposed on taxpayers who are found to violate any tax laws and regulations.

Other Emirates
It is expected that businesses will need to complete additional information on their VAT returns to report revenues earned in each Emirate. Guidance will be provided to businesses with regards to this. It is expected that the rules will be relatively straightforward for most businesses and will be based, for example, for B2C transactions, on the location of the transaction (e.g. in a retail environment, the location of the shop).

European Union General Data Protection Regulation (GDPR) – 2018 what should GCC countries consider?

May 30th, 2017

The UAE Ministry of Economy is raising awareness among private sector companies of the need to be ready for new European data protection rules, which comes into force one year from now.

The European Union General Data Protection Regulation (GDPR) is set to become law by May 2018. The new rules govern all companies in Europe, as well as all companies trading with European companies and individuals.

The GDPR was drafted to “harmonise the protection of fundamental rights and freedoms of natural persons in respect of processing activities and to ensure the free flow of personal data between Member States

The law includes strong penalties for either misuse of data, or failure to protect the personal data of customers, with fines of up to 4% of annual turnover, or 20m euros ($22m).

HE Juma Mohammed Al Kait, Assistant Undersecretary for Foreign Trade at the Ministry of Economy, noted that the regulation issued by the EU aims to protect the data of every individual in the EU.

This not only impacts companies operating in European countries, but includes all institutions and companies that conduct business, trade and investment activities within EU countries, including the UAE business sector linked with European trade relations.

Due to this, the Ministry is working on deepening its knowledge about the new legislation, its provisions and requirements, and aims to reconcile its operational procedures with European authorities, in adherence with the framework of the GDPR, before May 2018.

Al Kait emphasized the EU is one of the UAE’s most important trade partners. Trade between the two sides generated $65.8 billion in 2016 alone. The UAE has become one of the top 10 destinations for EU exports, and is home to over 41,000 European companies, in addition to over 121,000 EU citizens.

Penalties will also apply to information controllers and processors, including cloud software companies.

The new legislation also outlines terms of approval for the use of data, to prevent companies from using legally illegitimate terms, and gives both parties the ability to easily withdraw if desired.

The compliance world will change dramatically for a number of GCC organizations on 25 May 2018. In just over one year’s time GCC organizations that:
1.have a branch, subsidiary or single representative in the European Union (“EU”);
2.do not have a physical presence in the EU, but offer goods or services to data subjects in the EU; or
3.neither have a physical presence in the EU nor offer goods or services to people in the EU, but monitor the online behavior of data subjects in the EU, will have to ensure that they are complying with the European Union General Data Protection Regulation (“GDPR”).

Who is likely to be affected?

Based on the test set out in the GDPR, the new regulations will likely apply to a significant number of entities in this region.
Obvious examples include:
– major airlines that fly to and from the EU,
- hotel and tourism operators who promote travel to the region to EU data subjects,
- regional banks and other financial service companies that have branches in the financial centres in the EU and online.

Less obvious examples include:
- e-commerce companies that are able to accept payments in euros and deliver to the EU
- mobile apps that can be downloaded by users in the EU and which have access to a user’s contacts, photos or location data.

All of these businesses may need to comply with the GDPR and to mitigate the risk and cost of failure to do so.
If your organization is affected it has three main options:
1. wait and see i.e. do nothing (not advisable);
2.consider what it needs to do to ensure that it does not fall within the scope of the GDPR;
3. take immediate steps to prepare to comply with the GDPR .

For option (2), if your organization does not have an establishment in the EU and does not need to target or monitor EU data subjects then you ight consider making it very clear that your website or app is not for use by EU users (e.g. including geo-blocking EU data subjects).

for option (3), if you have not started the process of ensuring compliance by now, then there is a lot to do.

1.monitor business to consumer business practices, including:
- conducting a data protection audit,
- examining the legal basis on which it processes personal data and updates its privacy policies;
2.monitor internal business practices, including:
- review and update of agreements with data processors,
- implement processes for adoption of pseudoanonymization and privacy by design
- considering the legal basis on which it transfers personal data between jurisdictions;
3.establish compliant accountability processes, including”
- processes for record keeping,
- appointment of a data protection officer or EU representative and dealing with data subjects;
4.invest in infrastructure, including:
- how to determine the severity, and impact on data subjects of a data breach
- to establish robust security processes and procedures for notifying regulatory authorities and data subjects -

The need for compliance, especially for longer-term projects such as records of processing and compliant contracting, must be addressed as soon as is practicable.

Businesses that either operate, target customers or monitor individuals in the EU should :
• Audit: to identify key remediation areas.
• Record of Processing: This mandatory record will require significant internal resources, but will also help to plan and implement GDPR processes. .
• Consider Contract Renegotiations: The GDPR requires that contracts with data controllers include additional obligations. As companies come to renegotiate contracts, ensure that adequate data protection clauses are added.
• Review and update, where necessary, employee notices to be GDPR compliant. If you currently conduct criminal records checks, then review national laws where you operate to ensure you can continue to do so . There is an emphasis on transparency in the GDPR. Notices must be clear, concise and informative. Employees must be adequately informed of all data processing activities and data transfers and the information set out in Articles 13 to 14 must be provided. Criminal records can no longer be processed unless authorized by member state law.

Consider whether your organization is processing any sensitive personal data and ensure the requirements for
processing such data are satisfied While the grounds for processing are broadly the same as those set out
in the current Data Privacy Directive, the GDPR imposes new requirements to gain valid consent. Consent can be withdrawn at any time and systems must be able to handle withdrawal request.

• Review and update, where necessary, customer notices to be GDPR compliant
• Consider whether your notices have to accommodate “child-friendly requirements”. he GDPR requires parental consent for the processing of data related to information society services offered to a “child” (ranging
from 13 to 16 years old depending on the member state.
• Data privacy rights. The current rights to request access to data or require it to be rectified or deleted have been expanded to include a much broader right to require deletion (“the right to be forgotten”), a right not just to access your data but have it provided to you in a machine readable format (“data portability”). Versions of the existing right to object to any processing undertaken on the basis of legitimate interests or for direct marketing and the right not to be subject to decision based on automated processing are also included and expressly refer a right to object to profiling.
These must be clearly communicated in the notices given to data subjects, e.g. privacy policy
• Privacy by design. Ensure processes are in place to embed privacy by design into projects (e.g. technical and organizational measures are in place to ensure data minimization, purpose limitation and security)

Consider what data you hold in emails, in CRM systems, Social media.
What should be your data access use and retention policies?

Personally I think it will be great if this is a way to prosecute the perpetrators of all the spam nd phishing emails I get or at least to remove data form their lists!

VAT registration nears for the GCC – what should you be doing now – contact Synergy Software Systems

May 29th, 2017

VAT (Value Added TAX), which is also called as ‘tax on consumption’ , is a tax that is payable while purchasing any product. VAT is applied as particular percentage of the cost of goods and services, hence it can not be considered as a charge on companies. It is a general tax amount, which is added by the producer to the inputs before they are sold as new offerings.

All UAE businesses subject to the Value-Added Tax have to submit their tax declaration statements on a quarterly basis after the VAT law goes into effect starting January 2018, according the Ministry of Finance.

The threshold for VAT registration put at Dh375,000 as per the ministry’s announcement this week.
It is optional to register between Dh187,500 and Dh375,000 .

UAE businesses will be able to start VAT registration in Q3 2017 and it is compulsory to be registered by Q4 2017.

Businesses will be able to register online using eServices.

The UAE businesses, subject to the tax, have to keep all files that allow competent authorities to audit their transactions and commercial activities, with the nature of the needed documents to be announced over the coming period. Businesses will be required to keep records which will enable the authorities to identify the details of the business activities and to review transactions. The specifics regarding the documents which will be required and the time period for keeping those will be communicated in due course.

Review your finance systems’ readiness for rapid implementation to meet these requirements. There will be a shortage of skilled consultants, and there are several holidays (EID, Diwali, Christmas, New Year, National Day etc. its also budget time, and preparation for year end audits,to fit in during the last quarter. Allow time for collection of your trading partners VAT registration ids, for report development and update, for testing and for staff training.

All six of the GCC member states: Saudi Arabia, Qatar, Oman, Kuwait, the UAE and Bahrain – have now signed and approved the VAT framework.

Registered businesses will be expected to submit VAT returns on a regular basis. It is expected that the default period for filing VAT returns will be three months for the majority of businesses. Registered businesses will be able to file their returns online using eServices.

Exemptions:
We understand that:
Health, education services, international transportation, import gold for investment purposes, commodities and exports are exempted from VAT in UAE.
Residential buildings for sale or lease during the first three years in which the building is completed, some financial services and empty plots of land are also exempted from VAT.

The GCC Member States will appreciate the VAT on financial provisions. The Banks and Financial House are ineligible for VAT in terms of the services provided, instead, they might be eligible for input tax based on tax recovery rates determined by each Member State.

The Federal Tax Authority has also announced a 100 per cent tax on tobacco, energy drinks and 50 per cent on carbonated beverages. This is separate from VAT.

The General Authority for Zakat and Income Tax (GAZT) in KSA reportedly warned businesses, during an awareness session that took place at the Riyadh Chamber of Commerce on Monday 16 May 2017, that penalties will be applicable in the cases of violation of VAT laws and regulations.

Penalties

The following types of Penalties will apply in each of the following cases:
• Case 1: Businesses required to register for VAT and that fail to register shall be liable to double the net tax due.
• Case 2: Committing an error in filling the tax return shall result in paying an additional 50% of net tax declared.

• Case 3: Exaggerated tax refund claims shall be subject to a penalty 50% of the original amount reported.
• Case 4: Late filing of tax return would result in a penalty of SAR 1,000 and an extra 5 to 20% of the unpaid tax. The percentage varies depending on the number of days of delay.
• Case 5: Non-registered person who issue an invoice with VAT shall pay SAR 1,000 or double the amount of the net tax (whichever is higher).
• Case 6: Not keeping records of the required documents shall result on a penalty of SAR 1,000 or 2% of the monthly average taxable supplies (whichever is higher).
• Case 7: Non-compliance with GAZT inquiries in providing relevant information shall result in a penalty of SRA 1,000 or 2% of the average monthly taxable supplies (SAR 20,000 maximum) or whichever is higher.

Deal with WannaCrypt ransomware

May 15th, 2017

To get the latest protection from Microsoft, upgrade to Windows 10.
Keep your computers up-to-date to get the benefits of the latest features and proactive mitigations built into the latest versions of Windows.

Microsoft Malware Detection and Removal Tools

Use the following free Microsoft tools to detect and remove this threat:

• Windows Defender – built-in to Windows 10. There’s nothing to buy and nothing to install. No configuration, no subscriptions, and no nagware
• Microsoft Safety Scanner: https://www.microsoft.com/security/scanner/en-us/default.aspx?wt.mc_id=AID618806_EML_5062822

(The Microsoft Safety Scanner is a free downloadable security tool that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software. Note: The Microsoft Safety Scanner expires 10 days after being downloaded. To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.The Microsoft Safety Scanner is not a replacement for using an antivirus software program that provides ongoing protection.)

Also view :
• Microsoft Security Response Center Blog
• Microsoft Malware Protection Center Blog
• Microsoft Safety and Security Center webpage

We recommend customers that have not yet installed the security update MS17-010 do so as soon as possible. Until you can apply the patch, we recommend two possible workarounds to reduce the attack surface:
• Disable SMBv1 with the steps documented at Microsoft Knowledge Base Article 2696547 (Reboot Required)
• Consider adding a rule on your router or firewall to block incoming SMB traffic on port 445

Windows Defender Antivirus detects this threat as Ransom:Win32/WannaCrypt as of the 1.243.297.0 update.

Enable Windows Defender Antivirus to detect this ransomware.
Windows Defender Antivirus uses cloud-based protection, to help protect you from the latest threats.

Use Office 365 Advanced Threat Protection, which has machine learning capability that blocks dangerous email threats, such as the emails carrying ransomware.

Monitor your network with Windows Defender Advanced Threat Protection, which alerts security operations teams about suspicious activities.

For enterprises, use Device Guard to lock down devices and provide kernel-level virtualization-based security, allowing only trusted applications to run, effectively preventing malware from running.

A ransomware threat does not normally spread so rapidly. Threats like WannaCrypt typically leverage social engineering or emails as primary attack vector, relying on users downloading and executing a malicious payload. However, in this unique case, the ransomware perpetrators incorporated publicly-available exploit code for the patched SMB EternalBlue vulnerability, CVE-2017-0145, which can be triggered by sending a specially crafted packet to a targeted SMBv1 server.
It was fixed in security bulletin MS17-010, released on March 14, 2017.

WannaCrypt’s spreading mechanism is borrowed from well-known public SMB exploits, which armed this regular ransomware with worm-like functionalities, creating an entry vector in machines still unpatched even after the fix had become available.

The exploit code used by WannaCrypt was designed to work only against unpatched Windows 7 and Windows Server 2008 (or earlier OS) systems, so Windows 10 PCs are not affected by this attack.

We haven’t found the exact initial entry vector used by this threat, but there are two scenarios that we believe are highly likely for this ransomware family:
• Arrival through social engineering emails designed to trick users to run the malware and to activate the worm-spreading functionality with the SMB exploit
• Infection through SMB exploit when an unpatched computer can be addressed in other infected machines

The threat arrives as a dropper Trojan that has the following two components:

• Ccomponent that tries to exploit the SMB EternalBlue vulnerability in other computers
• Ransomware known as WannaCrypt

The dropper tries to connect the following domain using the API InternetOpenUrlA():
hxxp://www[.]iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com

When connection is successful, the threat does not infect the system further with ransomware, nor try to exploit other systems to spread; it simply stops execution. However, when the connection fails, the dropper proceeds to drop the ransomware and creates a service on the system.

Blocking the domain with firewall either at ISP or enterprise network level will just cause the ransomware to continue spreading and encrypting files.

The threat creates a service named mssecsvc2.0, whose function is to exploit the SMB vulnerability in other computers accessible from the infected system:

Service Name: mssecsvc2.0
Service Description: (Microsoft Security Center (2.0) Service)
Service Parameters: “-m security”

When run, WannaCrypt creates the following registry keys:

• HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ = “\tasksche.exe”
• HKLM\SOFTWARE\WanaCrypt0r\\wd = “

It changes the wallpaper to a ransom message by modifying the following registry key:
• HKCU\Control Panel\Desktop\Wallpaper: “\@WanaDecryptor@.bmp”

It creates the following files in the malware’s working directory:

• 00000000.eky • 00000000.pky
• 00000000.res

• 274901494632976.bat
• @Please_Read_Me@.txt
• @WanaDecryptor@.bmp
• @WanaDecryptor@.exe
• b.wnry
• c.wnry
• f.wnry
• m.vbs
• msg\m_bulgarian.wnry
• msg\m_chinese (simplified).wnry
• msg\m_chinese (traditional).wnry
• msg\m_croatian.wnry
• msg\m_czech.wnry
• msg\m_danish.wnry
• msg\m_dutch.wnry
• msg\m_english.wnry
• msg\m_filipino.wnry
• msg\m_finnish.wnry
• msg\m_french.wnry
• msg\m_german.wnry
• msg\m_greek.wnry
• msg\m_indonesian.wnry
• msg\m_italian.wnry
• msg\m_japanese.wnry
• msg\m_korean.wnry
• msg\m_latvian.wnry
• msg\m_norwegian.wnry
• msg\m_polish.wnry
• msg\m_portuguese.wnry
• msg\m_romanian.wnry
• msg\m_russian.wnry
• msg\m_slovak.wnry
• msg\m_spanish.wnry
• msg\m_swedish.wnry
• msg\m_turkish.wnry
• msg\m_vietnamese.wnry
• r.wnry
• s.wnry
• t.wnry
• TaskData\Tor\libeay32.dll
• TaskData\Tor\libevent-2-0-5.dll
• TaskData\Tor\libevent_core-2-0-5.dll
• TaskData\Tor\libevent_extra-2-0-5.dll
• TaskData\Tor\libgcc_s_sjlj-1.dll
• TaskData\Tor\libssp-0.dll
• TaskData\Tor\ssleay32.dll
• TaskData\Tor\taskhsvc.exe
• TaskData\Tor\tor.exe
• TaskData\Tor\zlib1.dll
• taskdl.exe
• taskse.exe
• u.wnry

WannaCrypt may also create the following files:

• %SystemRoot%\tasksche.exe
• %SystemDrive%\intel\\tasksche.exe
• %ProgramData%\\tasksche.exe

It may create a randomly named service that has the following associated ImagePath: “cmd.exe /c “\tasksche.exe”"

Then it searches the whole computer for any file with any of the following file name extensions:
.123, .jpeg , .rb , .602 , .jpg , .rtf , .doc , .js , .sch , .3dm , .jsp , .sh , .3ds , .key , .sldm , .3g2 , .lay , .sldm , .3gp , .lay6 , .sldx , .7z , .ldf , .slk , .accdb , .m3u , .sln , .aes , .m4u , .snt , .ai , .max , .sql , .ARC , .mdb , .sqlite3 , .asc , .mdf , .sqlitedb , .asf , .mid , .stc , .asm , .mkv , .std , .asp , .mml , .sti , .avi , .mov , .stw , .backup , .mp3 , .suo , .bak , .mp4 , .svg , .bat , .mpeg , .swf , .bmp , .mpg , .sxc , .brd , .msg , .sxd , .bz2 , .myd , .sxi , .c , .myi , .sxm , .cgm , .nef , .sxw , .class , .odb , .tar , .cmd , .odg , .tbk , .cpp , .odp , .tgz , .crt , .ods , .tif , .cs , .odt , .tiff , .csr , .onetoc2 , .txt , .csv , .ost , .uop , .db , .otg , .uot , .dbf , .otp , .vb , .dch , .ots , .vbs , .der” , .ott , .vcd , .dif , .p12 , .vdi , .dip , .PAQ , .vmdk , .djvu , .pas , .vmx , .docb , .pdf , .vob , .docm , .pem , .vsd , .docx , .pfx , .vsdx , .dot , .php , .wav , .dotm , .pl , .wb2 , .dotx , .png , .wk1 , .dwg , .pot , .wks , .edb , .potm , .wma , .eml , .potx , .wmv , .fla , .ppam , .xlc , .flv , .pps , .xlm , .frm , .ppsm , .xls , .gif , .ppsx , .xlsb , .gpg , .ppt , .xlsm , .gz , .pptm , .xlsx , .h , .pptx , .xlt , .hwp , .ps1 , .xltm , .ibd , .psd , .xltx , .iso , .pst , .xlw , .jar , .rar , .zip , .java , .raw

WannaCrypt encrypts all files it finds and renames them by appending “.WNCRY” to the file name. For example, if a file is named “picture.jpg”, the ransomware encrypts and renames to “picture.jpg.WNCRY”.

This ransomware also creates the file “@Please_Read_Me@.txt” in every folder where files are encrypted. The file contains the same ransom message shown in the replaced wallpaper image. After completing the encryption process, the malware deletes the volume shadow copies by running the following command:

cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

It then replaces the desktop background image with a message and also runs an executable showing a ransom note which indicates a $300 ransom and a timer. The ransomware also demonstrates the decryption capability by allowing the user to decrypt a few random files, free of charge. It then quickly reminds the user to pay the ransom to decrypt all the remaining files. The worm functionality attempts to infect unpatched Windows machines in the local network. At the same time, it also executes massive scanning on Internet IP addresses to find and infects other vulnerable computers. This activity results in large SMB traffic from the infected host, which normally can be observed by SecOps personnel.

Once a vulnerable machine is found and infected, it becomes the next hop to infect other machines. The vicious infection cycle continues as the scanning routing discovers unpatched computers. When it successfully infects a vulnerable computer, the malware runs kernel-level shellcode which seems to have been copied from the public backdoor known as DOUBLEPULSAR, but with certain adjustments to drop and execute the ransomware dropper payload, both for x86 and x64 systems.

Ransomware strikes again

May 13th, 2017

Ransomware increased 35% last year.
More alarming is the continuing recent rise in both sophistication and the mass distribution of ransomware.

Ransomware can bring your business to a halt and cause significant financial damage.
Unlike the stealthier advanced attacks that can stay undetected on corporate network for months, the impact of ransomware is immediate and intrusive.

Cyber attackers don’t need a lot of money, resources or technical sophistication to use ransomware.

Todays headlines:
Hospitals across the country hit badly by attack
Nearly 100 countries affected
Fears of chaos over weekend
Cyber attack hits German train stations as hackers target Deutsche Bahn

Russian-linked cyber gang Shadow Brokers was blamed. It is claimed the group, which has links to Russia, stole US National Security Agency cyber tools designed to access Microsoft Windows systems, then dumped the technology on a publicly-accessible website where online criminals could access it – possibly in retaliation for America’s attack on Syria. The exploit was leaked last month as part of a trove of NSA spy tools. The ransomware locks down all the files on an infected computer and asks the computer’s administrator to pay in order to regain control of them. The ransomware, called “WannaCry,” spreads by taking advantage of a Windows vulnerability for which Microsoft (MSFT, Tech30) released a security patch for in March. .
Affected machines have six hours to pay up and every few hours the ransom goes up

The global cyber attack crippled services on Friday (yesterday) The U.K. health service faces a weekend of chaos after hackers demanding a ransom infiltrated the health service’s antiquated computer system. Operations and appointments were cancelled and ambulances diverted as up to 40 hospital trusts became infected by a “ransomware” attack demanding payment to regain access to vital medical records.
Doctors warned that the infiltration – the largest cyber attack in NHS history – could cost lives.

Medics described how computer screens were “wiped out one by one” by the attack, spread to companies and institutions worldwide, including international shipper FedEx Corp in the US, and Germany’s rail operator. Spain’s largest telecom operator, Telefónica., was also affected. Spanish authorities confirmed the ransomware is spreading through the vulnerability, called “EternalBlue,” and advised people to patch.

Helsinki based Security software maker Avast said they had observed 57,000 infections in 99 countries with Russia, Ukraine and Taiwan the top targets. Megafon, a Russian telecommunications company, was hit by the attack

The ransomware is automatically scanning for computers it can infect, whenever it loads itself onto a new machine. It can infect other computers on the same wireless network. It has a ‘hunter’ module, which seeks out PCs on internal networks, so, if your laptop is infected and you go to a coffee shop, then it will spread to PCs at the coffee shop and from there, to other companies.

The sad part of the NHS tale is that Microsoft provided free software to protect computers in March, which raises questions about why the NHS was still vulnerable. it seems that many trusts were using obsolete systems, while others failed to apply recent security updates. Indeed This there are estimates that 90 per cent of NHS trusts in the UK are still using Windows XP – a now unsupported, 16-year-old operating system., introduced before 2007 which is particularly vulnerable,

Unknown attackers deployed a virus targeting Microsoft servers running the file sharing protocol Server Message Block (SMB). Only servers that weren’t updated after March 14 with the MS17-010 patch were affected; this patch resolved an exploit known as ExternalBlue, once a closely guarded secret of the National Security Agent, which was leaked last month by ShadowBrokers, a hacker group that first revealed itself last summer. The ransomware, aptly named WannaCry, did not spread because of people clicking on bad links. The only way to prevent this attack was to have already installed the update.

Through the ExternalBlue exploit, the malware installed an NSA backdoor payload called DoublePulsar, and through it went WannaCry, which then spread rapidly and automatically to other computers on the same network.“Whereas ransomware such as Locky normally requires user interaction, such as opening a word document, WannaCry has the capability to spread automatically. Thankfully a weakness in the method of propagation has allowed researchers to take control of a piece of attacker infrastructure and limit new infections— otherwise it could have been even worse.

Microsoft said yesterday that it is pushing out automatic Windows updates to defend clients from WannaCry.

What is ransomware
?Malicious software that locks a device, such as a computer, tablet or smartphone and then demands a ransom to unlock it

Where did ransomware originate?
The first documented case appeared in 2005 in the United States, but quickly spread around the world

How does it affect a computer?

The software is normally contained within an attachment to an email that masquerades as something innocent. Once opened it encrypts the hard drive, making it impossible to access or retrieve anything stored on there – such as photographs, documents or music

How can you protect yourself?
Anti-virus software can protect your machine, although cybercriminals are constantly working on new ways to override such protection

How much are victims expected to pay?
The ransom demanded varies. Victims of a 2014 attack in the UK were charged £500. However, there’s no guarantee that paying will get your data back.
If you think you might be vulnerable to WannaCry, or you don’t remember installing any updates over the past month, then your first step is to address that issue immediately.

This is the most critical Windows patch since [Conficker], which was one the largest similar infections to date.
Despite having been patch nearly a decade ago, the Conficker worm is still in circulation which you find everywhere. WannaCry, too, is going to be on networks for years.

The importance of downloading and installing security updates (as opposed to just clicking “remind me tomorrow” for several weeks in a row) cannot be overstated.

Just ask the patients of the 16 hospitals in England whose delay in care could have been easily avoided

VAT planning- GCC framework is published

May 10th, 2017

The GCC’s unified agreement for value added tax (VAT) has recently been published (in Arabic only) by the
Saudi Ministry of Finance on their website.

This unified agreement sets out the framework under which VAT can be implemented in each of the
GCC member states. The framework includes agreement on certain matters but still allows member
states discretion on how to treat others.

Once the agreement is ratified, each member state can issue its own local law and implement VAT.

The UAE intends to implement VAT with effect from 1 January 2018 but other states may take another 6 months or so.

The framework paves the way for implementation, for a basic rate of VAT of five percent with certain supplies of goods and services zero rated or VAT exempt. We understand that the Ministry of Finance (MoF) will release the UAE’s law on VAT towards the end of June. This will detail how the UAE will interpret the GCC framework and how it will deal with those matters where it has discretion. These will include whether to treat certain supplies as zero rated or VAT exempt.

The local law will detail conditions for:
VAT deductions,
VAT grouping
Rules for recovering VAT in respect of financial services
Reporting formats

There is no indication of how VAT will apply to free zones.

The MoF has recently been holding a series of public awareness sessions, outlining how they
propose to apply VAT to those areas where the GCC framework allows discretion. The UAE has also
taken steps to set up its own Federal Tax Authority (FTA), which will be responsible for all VAT
matters in the UAE.

The framework provides information to start planning for VAT.

VAT will impact all businesses in the UAE, either directly or indirectly.

So carefully review your systems and review their processes to understand the impact of VAT and to determine what needs to be done to be fully compliant with the new laws.

Do you need to recruit? Train?

Budget for auditors, or consulting support, or system modifications or upgrades?

What contracts are in place beyond 1 January 2018 -how will those be impacted by VAT?

All businesses will be required to maintain extensive and proper books of account because complete, verifiable
documentation will be essential to support a VAT refund claim and avoid penalties for non-compliance.

Accounting systems should be able to identify and record VAT – payable and receivable, – across the entire supply chain. Ensure that your systems will enable you to:
- hold VAT registration ids by trading partner
- hold VAT codes by item fro the relevant tax rate or exemption.
- identify and record rebates,
- exemptions,
– or other special VAT treatments on particular transactions.
- generate commercial documents like invoices or till receipts with VAT shown
- deal with rebate and returns
- create timely, accurate statutory returns
- work with current interfaces.
- product auditable accounts.

We have already received several dozen inquires to assist with this transition, if you need assistance with your business systems to comply with VAT then please contact us in good time – year end is a holiday season and also a busy time for new system go live, and for financial audit preparation.

Mobile security- Microsoft’s Secure Productive Enterprise

May 7th, 2017

As more information, devices and users travel beyond the traditional network restraints, every organisation needs to place security at the forefront of a modern workforce strategy. It’s now over 6 months (October 2016) since Microsoft released its Secure Productive Enterprise package,
• What is SPE all about?
• Is SPE just ECS under a new name?
• Is SPE just a licensing bundle?

1. What is Secure Productive Enterprise?

SPE is a licensing option from Microsoft that e bundles together: Windows 10 Enterprise, Office 365 and Enterprise Mobility + Security technologies into a single offering.

It comes in two variants: SPE E3 and SPE E5.
It can be purchased per user, with a significant cost saving compared buying the products individually.

There are several other variations nuances, of how you can buy SPE (which licensing program) and how much it will cost you. This will largely depend on your organisation’s requirements and your current licensing position with Microsoft.

2. Is SPE just ECS under a different name?

The Microsoft Enterprise Cloud Suite (ECS) has effectively become SPE E3 and includes the following core products and services:
• Windows 10 Enterprise (E3)
• Office 365 (E3)
• Enterprise Mobility + Security (E3)

3. What is Enterprise Mobility + Security?

Enterprise Mobility + Security (EMS) is what was the Enterprise Mobility Suite. The name change reflects the significant number of security products and services that were added to this solution since the launch of EMS.

4. So, is SPE just a licensing bundle?

SPE can just be a licensing bundle, if that’s all you want it to be. But it is also much more…
There is so much new technology in SPE (and Microsoft is adding to it all the time) that it can be hard to keep up. Even as a licensing option, Microsoft has included some firsts.

SPE includes brand new cloud and on-premises licensing entitlements to help organisations who plan to transition to the cloud over time, and it allows Software Assurance customers to install Office Professional Plus and Office 365 Professional Plus on up to five devices per user for the length of the subscription.

You also get the on-premises server rights for SharePoint, Exchange and Skype for Business thrown in.

More than forty thousand customers that Enterprise Mobility + Security (EMS) today.

For industries that require advanced identity governance such a:s government, military, pharma, financial services, etc SailPoint integration will extend Azure Active Directory Premium to provide full, fine-grained provisioning and lifecycle governance across enterprise systems on-premises and in the cloud. A direct connector automatically aggregates user accounts, group permissions, and Microsoft Access Panel tiles and maps each of these to the SailPoint Identity Cube. It also provides the basis for SailPoint to send change events back to Azure AD when access is modified during a governance mitigation process.

In addition to this, SailPoint will connect to applications managed outside of Azure AD, including on-premises applications like EPIC, which is widely used in healthcare. This creates a 360-degree view of all access in the organization and creates a strong foundation for comprehensive control

https://blogs.technet.microsoft.com/enterprisemobility/2017/02/10/azure-ad-and-sailpoint-advanced-identity-governance-across-your-on-premises-and-cloud-resources/

Contact us to request a copy of Microsoft’s fact sheet “Secure-Productive-Enterprise-at-a-Glance-October-2016.pdf”

0097143365589

3 new Microsoft tools to help you to move to the cloud.

April 18th, 2017

Here’s a breakdown of the three new Microsoft tools to help you move to the cloud faster and what they can offer businesses.

1. Free cloud migration assessment

This assessment will help customers to more easily find and to better understand their current server setups, to help them to determine the cost and the value of moving to the cloud. Once the servers are discovered, the tool can analyze their configurations, and give the user a report of the potential cost drop of moving to Azure.

Data center administrators can export the results of the assessment into a customized report. The report could provide some valuable data and statistics for a CIO conversation with the CFO.

2. Azure Hybrid Use Benefit

This tool should save users money on their cloud deployments. Customers can activate the Azure Hybrid Use Benefit in the Azure Management Portal,It is available on Windows Server virtual machines in Azure, to all customers. “Use your on-premises Windows Server licenses that include Software Assurance to save big on Windows Server VMs in Azure. By using your existing licenses, you pay the base compute rate and save up to 40 percent.” the tool’s web page said,

3. Azure Site Recovery

Azure Site Recovery is meant to ease the process of migrating virtual machines to Azure. Applications running on AWS, VMware, Hyper-V, or physical servers can be moved. Additionally, a new feature in Azure Site Recovery will “allow you to tag virtual machines within the Azure portal itself, This capability will make it easier than ever to migrate your Windows Server virtual machines.”

Other features include automated protection and replication of virtual machines, remote monitoring, custom recovery plans, recovery plan testing, and more

Office malware patch due out today.

April 11th, 2017

A new exploit, reported by McAfee, uses trick Microsoft office files to install malware on a user’s machine and can bypass existing protection methods. According to the report, the attacks started in January and leverage a vulnerability that hadn’t yet been disclosed. The hack affects all versions of Office, the report noted, including the latest version of Office 2016 on Windows 10.

This exploit uses fake versions of Office files—like Word documents—to install malware on a victim’s computer.
The problem starts when a user is sent a fake Word document from the attacker. Once the user tries to open the file, a malicious HTML application is downloaded from the attacker’s server and is then executed as an .hta file (disguised as an RTF document), giving the hacker full code execution on the victim’s computer, the report noted.”… this is a logical bug, and gives the attackers the power to bypass any memory-based mitigations developed by Microsoft,” the McAfee report said.

Once the damage is done, a fake Word document is shown to the user, but at that point it is too late—malware is already installed on the machine. The vulnerability lies in the Windows Object Linking and Embedding (OLE) feature in office.

Microsoft is planning a patch for the vulnerability today – Tuesday, April 11.

it is important that users protect themselves.
1.”Do not open any Office files obtained from untrusted locations.”
2.”According to our tests, this active attack cannot bypass the Office Protected View, so we suggest everyone ensure that the Office Protected View is enabled.”

Malware continues to grow as a major security threat in the enterprise. Apple recently patched a mysterious malware known as proton, and other “invisible” forms of malware have recently been found in Windows Powershell and other testing tools.

Your internet history is now for sale.
Smartphone malware rises 400% in 2016, Nokia reports

Security – Verizon Data Breach insights

February 18th, 2017

The 2017 Verizon Data Breach Digest, published Tuesday, found that the effects of a breach are spreading to even more parts of an enterprise, increasingly causing problems outside of IT.

They examined 16 different scenarios examined in the 2017 Digest drawn from Verizon’s Research, Investigations, Solutions and Knowledge (RISK) Team’s investigation of 1,400 breach cases over the past three years. The scenarios were broken up into the following four breach types:

1. The human element.
Those breaches in which humans:
- had been compromised,
- or simply made a mistake,
- or intentionally acted maliciously.

Two of the scenarios—hactivist attack and partner misuse—were labeled as “lethal.”

The hacktivist attack occurs when a hacker targets a company in response to a perceived injustice committed by the firm.
Partner misuse refers to an attack when an indignant stakeholder attacks the firm from the inside. Another example of this kind of breach is a disgruntled ex-employee.

2. Conduit devices

Conduit devices are points of entry by which an attacker gains access to an organization’s network. Mobile assault and IoT calamity were the names given to the lethal scenarios of this breach type.

- A mobile assault occurred refers to a business traveler who uses an unsecure Wi-Fi connection, which leads to his phone being compromised.

- An example of an IoT calamity is a major university that was breached through its connected vending machines and smart light bulbs.

3. Configuration exploitation

“From a system standpoint, misconfigured devices are the vectors of compromise; from a network standpoint, misconfigurations allow for easy lateral movement and avenues for data exfiltration.”

Lethal scenarios of this type are a DDoS Attack. and an ICS onslaught.

- An One example of a major DDoS attack is the Mirai botnet that took down the DNS provider Dyn, and almost took down an entire country.
- An ICS onslaught occurs when an industrial control system is compromised, and may lead toboth massive physical damage and data leaks.

4. Malicious software

In the Verizon report, none were labeled as lethal. Examples are traditional malware, RAM scraping, spyware, and keylogger software. The Digest lists the three primary purposes of malware as meant to “establish a beachhead, collect data, and exfiltrate data.”

To respond to a breach, the Verizon Data Breach Digest recommends taking the following five actions:
1.”Preserve evidence; consider consequences of every action taken.”
2.”Be flexible; adapt to evolving situations.”
3.”Establish consistent methods for communication.”
4.”Know your limitations; collaborate with other key stakeholders.”
5.”Document actions and findings; be prepared to explain them
.”

Digital revolution – does it apply to me? ask Synergy Software Systems

January 19th, 2017

Digital transformation has been a hot topic for at least he last 5 years and is increasingly become reality. for those of us who lived through the re-engineering of the early 90s this seems to be another twist of a familiar tale. However there are major differences.Digital is no longer the shiny front end of the organization – it’s integrated into every aspect of today’s companies. As digital technologies continue to transform the economy, many leaders are struggling to set a digital strategy, shift organizational structures, and remove the barriers that are keeping them from maximizing the potential impact of new digital technologies.

A workable definition is that Digital disruption is the change that occurs when new digital technologies and business models affect the value proposition of existing goods and services.

A current aphorism is that you either have to be smarter than a robot or cheaper.

Recent developments in robotics, artificial intelligence, IoT, digital printing, virtual reality, and machine learning have put us on the cusp of a new automation age. Robots and computers can perform a range of routine physical work activities better and cheaper than humans, and are now capable of using cognitive capabilities once considered too difficult to automate successfully, such as making tacit judgments, sensing emotion, or even driving. Automation is already changing the daily work activities of everyone, from retailers, miners and landscapers to commercial bankers, fashion designers, welders, DBAs and CEOs.

What will the impact be on productivity? previous technical revolutions such as the introduction of the steam engine, or personal computing, delivered annual productivity increases of less than 1%. The speculation now is that new changes will increase productivity by 1 to 1.5 % an unprecedented rate of change, with many economic, social and political implications.

Fifty-two percent of the Fortune 500 since 2000 have merged, been acquired, or gone bankrupt since 2000.
A study by Richard Foster from Yale, shows that in the the SMP 500, the average age of a company in 1959 was about 58 years. It’s now down to 15, and it’s going to be 12 by 2020. There’s no time to wait. Digital Darwinism is unkind to those who wait.

“We’re talking about a three to four-times compression in terms of age of a company since the 50s and 60s. So, if you’re not making the shift, if you’re not even moving in that direction, you’re probably going to be merged or acquired, or go bankrupt.”

According to the new MIT Sloan Management Review and Deloitte University Press report, “Aligning the Organization for Its Digital Focus”, nearly 90% of more than 3,700 business executives, managers and analysts from around the globe say that they anticipate that their industries will be moderately, or greatly disrupted by digital trends. Yet less than half (44%) currently believe their organization is adequately preparing for this digital disruption. Ray Wang

Also see this HBR post for similar survey results

The most disrupted industries typically suffer from a perfect storm of two forces. First, low barriers to entry into these sectors lead to more agile competition. Secondly, they have large legacy business models which often generate the majority of their revenue. These organizations, therefore, have embedded cultural and organizational challenges when it comes to changing at the pace required. Digital companies can reach new customers immediately and at virtually zero marginal cost. They can compete in new sectors by collaborating with peers and competitors.

In the first wave of the commercial Internet, the dot-com era, falling transaction costs altered the traditional trade-off between richness and reach> Rich information was suddenly communicated broadly and cheaply, and changed how products are made and sold. Strategists made hard choices about which pieces of their businesses to protect and which to abandon. The learned to repurpose some assets to attack previously unrelated businesses. Virtual companies relied on outsourcing and offshore and owned little and made nothing. Incumbent value chains were “deconstructed” by competitors focused on narrow slivers of added value. Traditional notions of who competes against whom were upended—Microsoft gave away Encarta on CDs to promote sales of PCs and incidentally destroyed the business model of the venerable Encyclopædia Britannica.

With Web 2.0, the economies of mass scale evaporated for many activities nd small became beautiful. It was the era of the “long tail” and of collaborative production on a massive scale. Minuscule enterprises and self-organizing communities of autonomous individuals surprised us by performing certain tasks better and more cheaply than large corporations. Hence Linux, hence Wikipedia and Open source. Those communities grow and collaborate without geographic constraint, and major work is done at significantly lower cost – and oftenat zero price.

Many strategists adopted and adapted to these new business architectures. IBM embraced Open Source to challenge Microsoft’s position in server software; Apple and Google curated communities of app developers so that they could compete in mobile; SAP recruited thousands of app developers from among its users; Facebook transformed marketing by turning a billion “friends” into advertisers, merchandisers, and customers.

Where are we now? Hyperscaling and connectivity. Big—really big—is now beautiful. The cloud, new databases, new processing power, new BI tools, predictive analytics, data from IoT correlated with contextual search, delivered anytime anywhere on any device. Social media and smart phones are ubiquitous and real time news and peer opinion is replacing traditional news channels, and marketing and government communications. At the extreme—where competitive mass is beyond the reach of the individual business unit or company—hyperscaling demands a bold, new architecture for businesses.

We are only at the beginning of what the World Economic Forum calls the “Fourth Industrial Revolution,” characterized not only by mass adoption of digital technologies but by innovations in everything from energy to biosciences. The digital consumer, who enjoys more interactive and personalized experiences thanks to SMAC (social, mobile, analytics and cloud) technologies; the digital enterprise, which leverages SMAC technologies to optimize the cost of corporate functions and to transform enterprise collaboration for greater productivity; and the emerging digital operations wave, where companies are revolutionizing business with the use of artificial intelligence, robotics, cognitive computing and the Industrial Internet of Things.

Speculation about the effects of technologies often suffer from extreme optimism or pessimism. In the 1930s, several countries were enthusiastically experimenting with using new rocket technology to deliver mail, and in 1959, the United States trialed mail delivery via cruise missile, a proposition that could now be regarded as comical yet it ahs surfaced again with drone deliveries.

Jo Caudron and Dado Van Peteghem in their book Digital Transformation highlight 10 business models behind digital disruption. Professor Michael Wade, co-director of the IMD Leading Digital Business Transformation course has highlighted 7 strategies to respond to disruptors.

10 Hyper-Disruptive Business Models
1.The Subscription Model (Netflix, Dollar Shave Club, Apple Music) Disrupts through “lock-in” by taking a product or service that is traditionally purchased on an ad hoc basis, and locking-in repeat custom by charging a subscription fee for continued access to the product/service
2.The Freemium Model (Spotify, LinkedIn, Dropbox) Disrupts through digital sampling, where users pay for a basic service or product with their data or ‘eyeballs’, rather than money, and then charging to upgrade to the full offer. Works where marginal cost for extra units and distribution are lower than advertising revenue or the sale of personal data
3.The Free Model (Google, Facebook) Disrupts with an ‘if-you’re-not-paying-for-the-product-you-are-the-product’ model that involves selling personal data or ‘advertising eyeballs’ harvested by offering consumers a ‘free’ product or service that captures their data/attention
4.The Marketplace Model (eBay, iTunes, App Store, Uber, AirBnB) Disrupts with the provision of a digital marketplace that brings together buyers and sellers directly, in return for a transaction or placement fee or commission
5.The Access-over-Ownership Model (Zipcar, Peerbuy, AirBnB) Disrupts by providing temporary access to goods and services traditionally only available through purchase. Includes ‘Sharing Economy’ disruptors, which takes a commission from people monetising their assets (home, car, capital) by lending them to ‘borrowers’
6.The Hypermarket Model (Amazon, Apple) Disrupts by ‘brand bombing’ using sheer market power and scale to crush competition, often by selling below cost price
7.The Experience Model (Tesla, Apple) Disrupts by providing a superior experience, for which people are prepared to pay
8.The Pyramid Model (Amazon, Microsoft, Dropbox) Disrupts by recruiting an army of resellers and affiliates who are often paid on a commission-only model
9.The On-Demand Model (Uber, Operator, Taskrabbit) Disrupts by monetising time and selling instant-access at a premium. Includes taking a commission from people with money but no time who pay for goods and services delivered or fulfilled by people with time but no money
10.The Ecosystem Model (Apple, Google) Disrupts by selling an interlocking and interdependent suite of products and services that increase in value as more are purchased. Creates consumer dependency.

Business leaders are now more intent on disrupting before they are disrupted. How can you drive value from data in new ways? How can you shorten product development cycles? How can you tap into predictive analytics and social media to determine the right strategy?. Success is not just changing strategies, increasingly the need is for agility to execute multiple strategies concurrently. Such success requires CEOs to develop new leadership capabilities, new workforce skills and new corporate cultures and processes to support digital transformation. Mobile, ‘work from home’, BYOD, self-service, collaboration tools like Yammer and Team and Skype Business, e-payments, digital signatures, are tools that offer new ways of working.

For society, the implications of the Fourth Industrial Revolution are profound – from saving lives to creating jobs to better stewardship of the environment. For example our Healthcare solution built on Dynamics CRM, is providing guided pathways to the optimal route for treatment and is delivering huge cost savings and more effective care delivery by better targeting and use of resources.

Strategies to Respond to Digital Disruption
1.The Block Strategy. Using all means available to inhibit the disruptor. These means can include claiming patent or copyright infringement, erecting regulatory hurdles, and using other legal barriers.
2.The Milk Strategy. Extracting the most value possible from vulnerable businesses while preparing for the inevitable disruption
3.The Invest in Disruption Model. Actively investing in the disruptive threat, including disruptive technologies, human capabilities, digitized processes, or perhaps acquiring companies with these attributes
4.The Disrupt the Current Business Strategy. Launching a new product or service that competes directly with the disruptor, and leveraging inherent strengths such as size, market knowledge, brand, access to capital, and relationships to build the new business
5.The Retreat into a Strategic Niche Strategy. Focusing on a profitable niche segment of the core market where disruption is less likely to occur (e.g. travel agents focusing on corporate travel, and complex itineraries, book sellers and publishers focusing on academia niche)
6.The Redefine the Core Strategy. Building an entirely new business model, often in an adjacent industry where it is possible to leverage existing knowledge and capabilities (e.g. IBM to consulting, Fujifilm to cosmetics)
7.The Exit Strategy. Exiting the business entirely and returning capital to investors, ideally through a sale of the business while value still exists (e.g. MySpace selling itself to Newscorp)

As the world moves to amore digital future so the threats change. There is more data so there is more to steal and to corrupt. Security threats- phishing Trojans, malware, hacking of politicians email or government or company files or credit card details are now major challenges for all. As data grows-(how many hours of you tube video get uploaded each second) topics like high speed internet, and edge computing become more important.

Last Microsoft Security Bulletins – ends after January 2017

January 11th, 2017

Microsoft has a long tradition of publishing Security Bulletins to share information about patches and security fixes that it releases. But starting next year this is going to change. As of February 2017, Microsoft will make use of the newly launched Security Updates Guide database.

it was a little afterthought tacked on the end of a short blog post: “Security update information will be published as bulletins and on the Security Updates Guide until January 2017. After the January 2017 Update Tuesday release, we will only publish update information to the Security Updates Guide”.

The main point of the blog point was to point out the existence of the new database, of which Microsoft says:
“This month we released a preview of our new single destination for security vulnerability information, the Security Updates Guide. Instead of publishing bulletins to describe related vulnerabilities, the new portal lets our customers view and search security vulnerability information in a single online database.”

Meanwhile Microsoft’s January 2017 Patch Tuesday Comes with 4 Security Updates and two of the four Microsoft security bulletins are rated as critical, the highest severity rating a bulletin can receive. Because of this, users should make sure they install this month’s updates as soon as possible.

The Patch Tuesday update fixes 15 unique vulnerabilities, among which 12 are inherited from Adobe Flash, and only three affect Microsoft native products. In fact, this month’s security updates are one of the smallest security bulletin Microsoft has released to date. Besides the security updates, Microsoft also released new Windows 10 cumulative updates KB3213986, KB3210720, and KB3210721, for which there are no changelogs available at the time of writing