Yesterday, I had a dozen — count ’em a dozen — spam calls. My carrier, Verizon, does a good job of marking most of them as spam, but it’s not perfect. Some calls get through. Now, if I were like most of you, I’d just ignore any call from an unknown number. Alas, I’m not. I’m a journalist, so I sometimes get calls that I must take from numbers I’ve never seen before. Sometimes you must do that too. But, now the Federal Communications Commission (FCC) is finally putting a stop to many spammers. 

The FCC is doing this by forbidding legitimate telecom companies from taking calls originating from voice service providers whose certification doesn’t appear in the FCC’s Robocall Mitigation Database. This means “voice service providers will be prohibited from directly accepting that provider’s traffic.” Technically that works because telecoms must now block traffic from “voice service providers that have neither certified to implementation of STIR/SHAKEN caller ID authentication standards nor filed a detailed robocall mitigation plan with the FCC.” Secure Telephone Identity Revisited (STIR)/ Signature-based Handling of Asserted Information Using toKENs (SHAKEN) is Caller-ID on steroids — it’s a protocol for authenticating phone calls with the help of cryptographic certificates. It’s meant to make certain that when someone calls you, the name showing up on Caller ID really is the person calling. It also lets your phone company know, in theory, who’s responsible for a specific call. STIR/SHAKEN works with both landline and cellular networks.  Acting FCC Chairperson Jessica Rosenworcel said, “The FCC is using every tool we can to combat malicious robocalls and spoofing – from substantial fines on bad actors to policy changes to technical innovations like STIR/SHAKEN. Today’s deadline establishes a very powerful tool for blocking unlawful robocalls. We will continue to do everything in our power to protect consumers against scammers who flood our homes and businesses with spoofed robocalls.” Much as I’d like to think that this would drop my spam call count to zero, I know better. For example, while digital telecoms must now be using STIR/SHAKEN, old-school.   Older time-division multiplexing (TDM)/public switched telephone network (PTSN) based networks are still grandfathered in. The FCC requires that “providers using older forms of network technology [must] either upgrade their networks to IP or actively work to develop a caller ID authentication solution.” Still, no date has been set for this changeover. In addition, as Brad Reaves, North Carolina State University professor of computer science, warned in a Marketplace interview, “There are just too many loopholes and ways to bypass this system.” These include smaller voice providers that still aren’t required to implement STIR/SHAKEN. Besides that, some providers provide US phone service to people living outside the country. They’re not required to participate in STIR/SHAKEN either.

Still, this new FCC move is a step forward. Will it end up substantially reducing spam calls? We’ll soon know if our phones finally stop ringing non-stop with junk calls. We live in hope. Related Stories: More

Image: SolarWinds, ZDNet
IT software provider SolarWinds downplayed a recent security breach in documents filed with the US Securities and Exchange Commission on Monday.

Special feature

Cyberwar and the Future of Cybersecurity
Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.
Read More

SolarWinds disclosed on Sunday that a nation-state hacker group breached its network and inserted malware in updates for Orion, a software application for IT inventory management and monitoring.
Orion app versions 2019.4 through 2020.2.1, released between March 2020 and June 2020, were tainted with malware, SolarWinds said in a security advisory.
The trojanized Orion update allowed attackers to deploy additional and highly stealthy malware on the networks of SolarWinds customers.
Also: Best VPN services of 2020: Safe and fast don’t come for free   
Only 18,000 of 300,000 customers affected
But while initial news reports on Sunday suggested that all of SolarWinds’ customers were impacted, in SEC documents filed today, SolarWinds said that of its 300,000 total customers, only 33,000 were using Orion, a software platform for IT inventory management and monitoring, and that fewer than 18,000 are believed to have installed the malware-laced update.
The company said it notified all its 33,000 Orion customers on Sunday, even if they didn’t install the trojanized Orion update, with information about the hack and mitigation steps they could take.

In a security advisory on Sunday and SEC filings today, SolarWinds said it plans to release an Orion update on Tuesday that will contain code to remove any traces of the malware from customer systems.
If customers can’t wait until Tuesday, Microsoft, FireEye, and the US Cybersecurity and Infrastructure Agency (CISA) have also published technical reports on Sunday with instructions on how to identify traces of the SolarWinds Orion-delivered malware (named SUNBURST by FireEye and Solarigate by Microsoft), remove it from systems, and detect if hackers pivoted with a second-stage attack to internal networks.
SolarWinds Office 365 email account was also compromised
But while details about how hackers pivoted from SolarWinds to customer networks via the tainted Orion malware have now come to light, SolarWinds has not yet said how hackers breached its own network.
Nonetheless, in the same SEC documents, SolarWinds said that it also learned from Microsoft about a compromise of its Office 365 email and office productivity accounts.
The company said it’s currently investigating if the attackers used access to the email accounts to steal customer data.
SolarWinds did not specifically say that this email account compromise led to hackers gaining access to the server infrastructure supporting the Orion app’s update mechanism.
One of the most consequential hacks in recent years
The SolarWinds Orion platform hack is slowly turning out to be one of the most significant hacks in recent years.
Currently, the SolarWinds security breach has been linked to hacks at US security firm FireEye, the US Treasury Department, and the US Department of Commerce’s National Telecommunications and Information Administration (NTIA).
The hack is, however, expected to be much, much worse. Forbes reported today that SolarWinds is a major contractor for the US government, with regular customers including the likes of CISA, US Cyber Command, the Department of Defense, the Federal Bureau of Investigation, the Department of Homeland Security, Veterans Affairs, and many others.
In addition, FireEye, which is investigating the incident as part of its own security breach, said the attackers also compromised targets all over the world, and not just in the US, including governments and private sector companies across several verticals.
Citing industry sources, Reuters reported today that despite a broad install base for the Orion platform, the attackers appear to have focused only on a small number of high-value targets, leaving most Orion customers unaffected.
Several IT administrators reported today that they found signs of the malware-laced Orion update on their systems, but they did not find signs of second-stage payloads, typically used by the attackers to escalate access to other systems and internal customer networks.

That is consistent with what I’m seeing with customers. SW Orion with no IOC
— Nicholas Zurfluh (@zurfluhn) December 14, 2020

SolarWinds said in SEC documents today that in the first three quarters of 2020, revenue from the Orion product line brought in approximately $343 million, representing about 45% of the company’s total revenue.
If customers end up abandoning the app, the fallout from this security breach will end up having a major impact on SolarWinds’ bottom line as well. More

Image: Getty The international police organization Interpol has arrested 2,000 people in a crackdown on social-engineering rackets and intercepted $50 million in illicit funds.  Interpol announced it had conducted raids at 1,700 locations over two months, seizing $50 million in fraudulently gained proceeds and arresting 2,000 people, which it described as “operators, fraudsters and money […] More

Network security and content delivery network provider Cloudflare this afternoon reported Q4 revenue that topped expectations and profit that narrowly beat Wall Street’s forecast. Revenue in Q4 rose 54%, year over year, to $193.6 million, yielding an EPS of $0.00. Analysts had been modeling $184.7 million and and a loss per share of -$0.01.

The report sent Cloudflare shares up nearly 7% in late trading. For the full year, the company saw a revenue of $656.4 million, a 52% year-over-year increase, and a non-GAAP net loss of $15.1 million.”The full year represented a 52% year-over-year increase in revenue growth and a 71% year-over-year increase in large customer growth. It was also the fifth straight year we achieved 50%, or greater, compounded growth,” said Matthew Prince, co-founder and CEO of Cloudflare. “Our continued success is fueled by a culture of relentless innovation on top of a highly scalable platform. That’s why we’re uniquely positioned to extend our network, introduce new Zero Trust capabilities, and grow our total addressable market. We’ve never been more motivated to take on this huge opportunity as corporate networks transition to the cloud, and developers line-up to build on our edge.”

In Q1, Cloudflare expects a revenue between $205 million and $206 million as well as a non-GAAP net income per share of $0.00 to $0.01. In fiscal 2022, the company is aiming for a revenue between $927 million and $931 million. They predicted a non-GAAP net income per share between $0.03 and $0.04. The company also announced on Thursday that it is acquiring security company Vectrix for an undisclosed sum. 

Tech Earnings More

NicoElNino, Getty Images/iStockphoto Android devices are everywhere. Google’s mobile OS has a massive hold on the global market share and that’s not going to change anytime soon. Partly because of this, Android devices are the target of attacks by hackers and other ne’er-do-wells just like PCs.  And even if you keep your Android phone with […] More