Embracing innovation comes with risk. Exciting product launches don’t always go according to plan – and when that happens, you need to act quickly, learn from it and find new ways of making a difference.That’s certainly been the case for Graeme Hackland, CIO at Williams F1, whose team had to pull a recent plan to launch its new FW43B racing car using virtual reality, when leaked images appeared online before the scheduled reveal.

Innovation

But this episode won’t put Hackland off trying to innovate. As the person responsible for IT risk at Williams, he says he will not be saying to his board to steer clear of emerging technologies.SEE: Guide to Becoming a Digital Transformation Champion (TechRepublic Premium)The firm is already investigating how it might take advantage of artificial intelligence to help improve decision-making processes. There are also plans for more data-led services that will help boost fan engagement. Hackland, in short, is keen to keep on innovating – so long as the risk to the business is kept in check.”When I get the opportunity at the next board meeting, I’ll be encouraging us to stay brave and to keep embracing new technology in this way. The digital transformation journey we’re on now is not just about our internal systems. For us, it was always about fan engagement as well,” he says.Williams is far from alone in embracing tech-led innovation. All companies have had to embrace digital transformation during the past 12 months – whether that’s in terms of establishing remote working, moving to e-commerce or using new technologies to keep socially distanced customers engaged.  

What’s more, that preparedness to try new things isn’t going anywhere soon. Gartner says creative thinking will continue to be crucial in the post-COVID age. Companies that balance embrace innovation effectively will be most likely to gain a competitive edge on their competitors. The key message from Hackland is that, in age of almost-continual digital transformation, CIOs and their organisations must be prepared to try new things. Yes, things can go wrong – but the key to success is being prepared to embrace innovation and to learn lessons when issues arise.”In Formula 1, every time we make a mistake, we learn from it, we do an after-action review: why did that happen and how do we make sure it doesn’t happen again. I think a lot of organisations are starting to do that,” he says.Evidence would suggest that this kind of review process is absolutely critical. As the demand for innovative digital projects quickens, so do the chances of failure. Boston Consulting Group research shows just 30% of digital transformations succeed in achieving their objectives. That kind of failure rate helps to explain why executives in many large corporations are reluctant to advocate for what they perceive to be risky projects. The Harvard Business Review says they quash new ideas in favour of marginal improvements, cost-cutting and safe investments. Hackland: “I’ll be encouraging us to stay brave and to keep embracing new technology.”
Image: Williams F1
Hackland recognises that it can be difficult for CIOs to gain funding for innovative projects, especially in organisations with competing priorities. But when there’s a chance to try something new, the opportunity must be grabbed – not just in terms of the potential benefits it might bring to the company itself but also in terms of professional development.”You’re learning and your people are learning,” says Hackland, referring to the importance of experimentation. “They’re engaged in something new, they’re not just doing lights-on, which I think is really important. They’re getting to play with new technologies.”Which brings us back to Williams’ recent foray into virtual reality, which was one such attempt to try something new. The intention was to allow users of a bespoke VR app to view and manipulate the new car in its livery in 3D. The app, which was created by an external agency, was made available for fans to download on the Apple App Store and Google Play Store.However, when pictures of the FW43B started appearing online, the team couldn’t be sure if only the image data for the new car had been unpacked or whether the app itself had been compromised.”We didn’t know if there had been a compromise – we just didn’t know it the app was safe, and so you just couldn’t deploy it,” says Hackland. “If the app had been compromised, and we’d delivered it to our fans, I couldn’t have lived with that decision. So the decision was made to pull it.”Hackland says the company’s subsequent investigations have shown that the issue was a “data-loss incident” rather than someone hacking the app. Everything connected to the incident took place outside the team’s enterprise network.”This was not about someone getting into our network and taking our data. It’s the first time we’ve done something like this. So yeah, we clearly missed some things that next time – and I hope there is next time – we’ll learn from,” he says.”It was just unfortunate. An error was made that exposed the data. We’re still investigating and looking at it, and we’ve got a couple of cybersecurity partners looking at it, too.”Just as Hackland and has team have learnt some important lessons about embracing innovation, so other business leaders will have to ensure the right policies, processes and partners are in place to embrace new ideas in a carefully controlled manner.And rather than showing the downsides of working with external third-party suppliers, Hackland says the incident shows the importance of IT risk management and the role of trusted partners in trying to help reduce the ongoing cybersecurity threat.”I’ve been responsible for IT risk at two racing teams now for the past 15 years, but I don’t claim to know everything. The risk landscape changes constantly, which is why we partner with these organisations,” he says. More

Data from Japanese tech giant Fujitsu is being sold on the dark web by a group called Marketo, but the company said the information “appears related to customers” and not their own systems.On August 26, Marketo wrote on its leak site that it had 4 GB of stolen data and was selling it. They provided samples of the data and claimed they had confidential customer information, company data, budget data, reports and other company documents including information on projects.Initially, the group’s leak site said it had 280 bids on the data but now, the leak site shows 70 bids for the data, including one bid today. A screenshot of the leak site.
Etay Maor
A Fujitsu spokesperson downplayed the incident and told ZDNet that there was no indication it was connected to a situation in May when hackers stole data from Japanese government entities through Fujitsu’s ProjectWEB platform.”We are aware that information has been uploaded to dark web auction site ‘Marketo’ that purports to have been obtained from our site. Details of the source of this information, including whether it comes from our systems or environment, are unknown,” a Fujitsu spokesperson told ZDNet.  “Because this includes information that appears related to customers, we will refrain from commenting on the details. I assume that you may recall the last event of Project WEB on May, but there is no indication that this includes information leaked from ProjectWEB, and we believe that this matter is unrelated.”Cybersecurity experts like Cato Networks senior director of security strategy Etay Maor questioned the number of bids on the data, noting that the Marketo group controls the website and could easily change the number as a way to put pressure on buyers.

But Ivan Righi, cyber threat intelligence analyst with Digital Shadows, said Marketo is known to be a reputable source.Righi said the legitimacy of the data stolen cannot be confirmed but noted that previous data leakages by the group have been proven to be genuine. “Therefore, it is likely that the data exposed on their website is legitimate. At the time of writing, Marketo has only exposed a 24.5 MB ‘evidence package,’ which contained some data relating to another Japanese company called Toray Industries. The group also provided three screenshots of spreadsheets allegedly stolen in the attack,” Righi said. He explained that while Marketo is not a ransomware group, it operates similar to ransomware threat actors. “The group infiltrates companies, steals their data, and then threatens to expose that data if a ransom payment is not made. If a company does not respond to the threat actor’s ransom demand, they are eventually posted on the Marketo data leak site,” Righi told ZDNet. “Once a company is posted on the Marketo site, an evidence package is usually provided with some data stolen from the attack. The group will then continue to threaten the companies and expose data periodically, if the ransom is not paid. While the group does have an auction section on their website, not all victims are available in this section, and Fujitsu has not been put up for auction publicly at the time of writing. It is unknown where the 70 bids purportedly came from, but it is possible that these bids may originate from closed auctions.”Digital Shadows wrote a report about the group in July, noting that it was created in April 2021 and often markets its stolen data through a Twitter profile by the name of @Mannus Gott.The account has taunted Fujitsu in recent days, writing on Sunday, “Oh, the sweet, sweet irony. One of the largest IT services provider couldn’t find themselves an adequate protection.”The gang has repeatedly claimed it is not a ransomware group and instead an “informational marketplace.” They contacted multiple news outlets in May to tout their work. “The marketplace itself operates in a similar fashion to other data leak sites with some unique features. Interestingly the group includes an ‘Attacking’ section naming organizations that are in the progress of being attacked. The marketplace allows for user registration and provides a contact section for victim and press inquiries,” Digital Shadows Photon Research Team wrote.”Victims are provided a link to a separate chat to conduct negotiations. Within the individual posts, Marketo provides a summary of the organization, screenshots of seemingly compromised data, and a link to an “evidence pack” otherwise known as a proof. They auction sensitive data in the form of a silent auction through a blind bidding system where users make bids based on what they think the data is worth.” 
Digital Shadows
In the past, the group has gone so far as to send samples of stolen data to a company’s competitors, clients and partners as a way to shame victims into paying for their data back. The group has listed dozens of companies on their leak site, including Puma recently, and generally leaks one each week, mostly selling data from organizations in the US and Europe. At least seven industrial goods and services companies have been hit alongside organizations in the healthcare and technology sectors.  More

Boox Note Max <!–> ZDNET’s key takeaways The Boox Note Max comes bundled with the pen and case for $649. It’s thin and light, has a high-contrast display, and has a long list of features that make it a very versatile device. Theres no backlight, it’s monochromatic, and there’s a bit of a learning curve […] More

Over four million victims of ransomware attacks have now avoided paying over £600 million in extortion demands to cyber criminals in the first four years of Europol’s No More Ransom initiative.
First launched in 2016 with four founding members, No More Ransom provides free decryption tools for ransomware and has been growing ever since, now consisting of 163 partners across cybersecurity, law enforcement bodies, financial services and more.
Together, they’ve released free decryption tools for over 140 families of ransomware which have been downloaded a combined total of over 4.2 million times – something which Europol estimates has prevented $632 million from being paid out to cyber criminals.
Among the top contributors to the project are Emisisoft, which has provided 54 decryption tools for 45 ransomware families, founding member Kaspersky, which has provided five tools for 32 ransomware families and Trend Micro, which has provided two decryption tools for 27 ransomware families.
Other cybersecurity firms which have provided multiple tools to No More Ransom include Avast, Bitdefender, Check Point, ESET and founding member McAfee.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)  
No More Ransom is now available in 36 languages and has received visitors from 188 countries around the world. The largest number of visitors come from South Korea, the US, Brazil, Russia and India.
“No More Ransom is everything coming together – key partners and law enforcement agencies from across the world – and everyone is going in the same direction. As everyone contributes what they have in relation to this threat, we are seeing concrete steps to counter ransomware on a preventative level.” Edvardas Šileris, head of Europol’s European Cybercrime Centre (EC3) told ZDNet.
“Ultimately, it doesn’t matter how much money is saved, but rather how many people get their files back for free. It is just as important for a parent to recover the pictures of their loved ones as it is to recover a corporate network,” he added.
While No More Ransom has proved useful to victims of ransomware, Europol itself still recommends that prevention is the best means of staying safe from attacks – especially as the ever-evolving nature of ransomware means there are many forms of the malware out there which don’t have free decryption tools and maybe never will.
Preventative steps recommended by Europol include backing up important files offline, so that in the event of an attack, files can be immediately retrieved, no matter if a decryption tool is available or not. Europol also recommends that users don’t download programs from suspicious sources or open attachments from unknown senders, so as to avoid falling victim to email-based attack.
Despite the best efforts of No More Ransom and other cybersecurity initiatives, ransomware remains a highly effective moneymaking tool for cyber criminals, who in many cases can make hundreds of thousands or even millions from a single attack. However, applying security updates and patches to PCs and networks can go a long way to stopping attacks in the first place.
“No More Ransom is like a car seatbelt: it’s a critical safety net, but it’s best to abide by the rules of the road to lessen the chance of needing to use it. Or, to be put it another way, ransomware is definitely a case in which prevention is better than cure,” says Brett Callow, threat analyst at Emsisoft.
“Ransomware attacks are becoming ever more sophisticated and the big game hunters are successfully hunting ever bigger game. Consequently, companies of all sizes need to ensure their security is up to snuff”.
READ MORE ON CYBERSECURITY More

A Russian cybercriminal has been jailed for eight years for participating in a botnet scheme that caused at least $100 million in financial damage. 

According to the US Department of Justice (DoJ), Aleksandr Brovko was an active member of “several elite, online forums designed for Russian-speaking cybercriminals to gather and exchange their criminal tools and services.”
The 36-year-old, formerly of the Czech Republic, worked with other cybercriminals to scrape information gathered by botnets. 
Brovko wrote scripts able to parse log data from botnet sources and then searched these data dumps to uncover personally identifiable information (PII) and account credentials. 
See also: KashmirBlack botnet behind attacks on CMSs like WordPress, Joomla, Drupal, others
Any account credentials logged by Brovko’s code would then be verified by the Russian national — sometimes manually — to see if it was “worthwhile” using the accounts to conduct fraudulent transactions, prosecutors say. If so, bank accounts would be pillaged by other threat actors and drained of funds. 
“Brovko possessed and trafficked over 200,000 unauthorized access devices during the course of the conspiracy,” the DoJ says. “These access devices consisted of either personally identifying information or financial account details.”

Brovko participated in the scheme from 2007 through 2019. He has pleaded guilty to conspiracy to commit bank and wire fraud and was sentenced to eight years in prison by Senior US District Judge T.S. Ellis III. 
TechRepublic: Hackers have only just wet their whistle. Expect more ransomware and data breaches in 2021
As noted by The Register, Brovko’s indictment (.PDF) reveals he was retained by co-conspirator Alexander Tverdokhlebov, who was jailed for over nine years in 2017 after pleading guilty to running botnets able to control over half a million compromised PCs. 
“Aleksandr Brovko used his programming skills to facilitate the large-scale theft and use of stolen personal and financial information, resulting in over $100 million in intended loss,” said US Attorney Zachary Terwilliger. “Our office is committed to holding these criminals accountable and protecting our communities as cybercrime becomes an ever more prominent threat.”
CNET: Huawei ban timeline: Chinese company may build a chip plant due to US sanctions
Last month, Imperva researchers released an analysis of a sophisticated botnet now making the rounds in order to target websites via their content management system (CMS) platforms. 
Dubbed KashmirBlack, the botnet began operation in late 2019 and is now able to attack thousands of websites on a daily basis for purposes including cryptocurrency mining, spam, and defacement. 
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More