Information Technology

The US Treasury Department announced on Tuesday that it was going after Russia-based cryptocurrency exchange Suex for facilitating ransomware payments in some of the first public, concrete action taken against ransomware groups.Last week, the Wall Street Journal reported that the Treasury Department was planning some sort of ransomware-related sanctions but US officials explained its plans in detail on Tuesday. The Department of the Treasury’s Office of Foreign Assets Control’s (OFAC) said Suex was being sanctioned for its role in facilitating “transactions involving illicit proceeds from at least eight ransomware variants.”Data showed that more than 40% of Suex’s transactions involved “illicit actors” according to the Treasury Department, which added that virtual currency exchanges like Suex are “critical to the profitability of ransomware attacks, which help fund additional cybercriminal activity.”US officials said it was the first sanctions designation against a virtual currency exchange and was done in coordination with the FBI. They noted that not all virtual currency exchanges are working with ransomware actors and explained that some are often exploited by malicious actors. But a number of exchanges work directly with ransomware gangs to increase profits. “As a result of today’s designation, all property and interests in property of the designated target that are subject to US jurisdiction are blocked, and US persons are generally prohibited from engaging in transactions with them. Additionally, any entities 50% or more owned by one or more designated persons are also blocked,” the Treasury Department said of Suex. 

“In addition, financial institutions and other persons that engage in certain transactions or activities with the sanctioned entities and individuals may expose themselves to sanctions or be subject to an enforcement action. Today’s action against Suex does not implicate a sanctions nexus to any particular Ransomware-as-a-Service (RaaS) or variant.”Blockchain analysis company Chainalysis — which assisted in the investigation — said that while Suex is registered in the Czech Republic, it does not have a physical office there and has multiple branches in Moscow and St. Petersburg. There are also Suex branches across Russia and in the Middle East.The exchange has become popular among cybercriminals because it claims to be able to convert cryptocurrency holdings into cash at branch locations and even facilitate the exchange of cryptocurrency for physical assets like real estate, cars and yachts, according to Chainalysis. The sanctions are part of a larger effort to disrupt ransomware, which brought in at least $400 million in ransoms in 2020. Treasury Secretary Janet Yellen highlighted that ransomware groups have not stopped their attacks on businesses, schools and hospitals since the White House ramped up efforts to stop the spate of incidents crippling hundreds of organizations. This week a US agriculture company was knocked out of commission due to a ransomware attack. “We will continue to crack down on malicious actors,” Yellen said. “As cyber criminals use increasingly sophisticated methods and technology, we are committed to using the full range of measures, to include sanctions and regulatory tools, to disrupt, deter, and prevent ransomware attacks.”The US is trying to institute an anti-money laundering/countering the financing of terrorism (AML/CFT) framework among virtual currency exchanges and companies as a way to disrupt how ransomware groups manage to get away with their crimes. OFAC also released an updated advisory discouraging companies from paying ransoms and urging organizations to promote more stringent cybersecurity practices. The advisory implores organizations to contact US government agencies in the event of an attack and work with them “to avail themselves of OFAC’s significant mitigation related to OFAC enforcement matters and receive voluntary self-disclosure credit in the event a sanctions nexus is later determined.”The government noted that through its Financial Crimes Enforcement Network, it has been collecting information on ransomware payments. The Treasury Department used the Chainalysis platform and tools from the company to conduct its investigation into Suex.Gurvais Grigg, global public sector CTO at Chainalysis, told ZDNet the company has a long history of supporting government efforts by providing insight into how cryptocurrencies are used, and in some cases, abused by bad actors.”With Suex specifically, we have been following them for a while. We first identified them in 2019 as one of a relatively small group of OTC brokers who were helping bad actors cash out a large amount of ill-gotten gains,” Grigg said. “It’s a common misconception that cryptocurrency is anonymous and untraceable. Chainalysis has a long history of providing technology to government agencies to help them investigate illicit activity using cryptocurrency. Our investigative tools have been used in some of the most high-profile recent cybercrime investigations including ransomware, child sexual abuse, darknet markets, and more.” Grigg added that the company anticipates further actions as governments and agencies grow their proficiency and access to the data and tools necessary to conduct investigations into cryptocurrency.When asked whether the company was working with other law enforcement agencies around the world, Grigg said they work “with many partners around the world and our data and services are leveraged in over 60 countries.”  “These partners are actively working similar cases and leverage our data and tools in a similar manner as did Treasury in the actions taken today,” Grigg said.The company released a blog post explaining some of their role in the investigation, noting that Suex has moved hundreds of millions of dollars worth of cryptocurrency — mostly in Bitcoin, Ether, and Tether — much of which is from illicit and high-risk sources. 
Chainalysis
“In Bitcoin alone, Suex’s deposit addresses hosted at large exchanges have received over $160 million from ransomware actors, scammers, and darknet market operators. Chainalysis’ investigation reveals that the OTC is converting cryptocurrency into cash at physical branches located in Moscow and St. Petersburg, and possibly also at other offices outside of Russia as well,” Chainalysis said. “Suex is also found to have received over $50 million worth of Bitcoin sent from addresses hosted at illicit cryptocurrency exchange BTC-e from 2018 through 2021, well after BTC-e was shut down by U.S. authorities for its own money laundering activity on behalf of cybercriminals.”Chainalysis said it had been tracking money laundering on Suex for a while, finding that multiple addresses associated with the site are included in the group of 273 service deposit addresses they identified as receiving 55% of all funds sent from illicit addresses in 2020 in their recent Crypto Crime Report. Suex addresses also appeared widely in other lists of addresses connected to money laundering. The company said due to Suex’s size, shutting it down would “represent a significant blow to many of the biggest cyber threat actors operating today, including leading ransomware attackers, scammers and darknet market operators.””Suex operates as a nested service, meaning it operates using addresses hosted by larger exchanges in order to tap into those exchanges’ liquidity and trading pairs. While many nested services are legitimate, some exchanges don’t hold nested services to high enough compliance standards, meaning they can be exploited for money laundering,” Chainalysis found. “Blockchain analysis reveals that Suex has received tens of millions worth of cryptocurrency payments from addresses associated with several forms of cybercrime, as well as from addresses associated with the now-shuttered exchange BTC-e.”Chainalysis researchers said there are significant financial ties between SUEX and BTC-e. Despite being shut down in 2017, Suex facilitated transfers on behalf of BTC-e administrators, associates, or former users who were “attempting to liquidate cryptocurrency trapped at the exchange.” Some of the BTC-e transfers took place this year even, despite the platform being shut down years ago. $481 million in Bitcoin has made its way to Suex since it emerged in February 2018, including almost $13 million from ransomware gangs like Ryuk, Conti, Maze and others. Other cybercriminals, like those involved in Finiko, have also spent millions on the site. “A small group of illicit services facilitate the majority of cryptocurrency-based money laundering, and Suex is one of the worst offenders, so today’s action represents a positive step forward in the fight against cybercrime,” Chainalysis said. “We commend OFAC for making this designation and look forward to working with our partners in the public and private sectors to continue the fight against money laundering service providers.” More

Google released the results of its Accelerate State of DevOps report on Tuesday, finding that respondents who use hybrid or multicloud were 1.6 times more likely to exceed their organizational performance targets. Elite performers in the survey deploy 973 times more frequently than low performers, have a 6,570 times faster lead time to deploy, a 3 times lower change failure rate and a 6,570 times faster time-to-recover from incidents when failure does happen. Google has worked on the report for seven years, querying more than 32,000 professionals worldwide over the last few years. Dustin Smith, research lead with Google Cloud’s DevOps Research and Assessment (DORA) team, said the study continues to show that excellence in software delivery and operational performance drives organizational performance in technology transformations. “This year we also investigated the effects of SRE best practices, a secure software supply chain, quality documentation, and multicloud — all while gaining a deeper understanding of how this past year affected team’s culture and burnout,” Smith said. “Based on key findings from previous Accelerate State of DevOps reports, we again used four metrics to classify teams as elite, high, medium or low performers based on their software delivery: deployment frequency, lead time for changes, mean-time-to-restore, and change fail rate. This year we saw that elite performers continue to accelerate their pace of software delivery, increasing their lead time for changes from less than one day to less than one hour.”Smith said they asked respondents to rate their ability to meet or exceed their reliability targets, finding that teams with varying degrees of delivery performance see better outcomes when they also prioritize operational performance.

Smith added that this year, 1,200 working professionals from a variety of industries around the globe shared their experiences with the researchers. More than half of all respondents said they used a public cloud, a 5% bump compared to 2019, and 21% additionally said they deploy multiple public clouds. About 21% said they used data centers or on-premises solutions instead of the cloud and 34% said they used hybrid clouds. The study found that those using hybrid and multi-cloud were 1.6 times more likely to exceed their organizational performance targets than those who did not and 1.4 times more likely to excel in terms of deployment frequency, lead time for changes, time to recover, change failure rate and reliability.One in every four respondents said they used multiple cloud providers because of the unique benefits offered by each one, with the second most common reason being availability. Nearly 75% of respondents use on-demand self-service, a 16% increase from 2019, and 74% used broad network access, a 14% increase from 2019. How teams implement their cloud services was also a major focus of the report, with the researchers finding that elite performers were 3.5 times more likely to have met all essential NIST cloud characteristics.”Only 32% of respondents who said they were using cloud infrastructure agreed or strongly agreed that they met all five of the essential characteristics of cloud computing defined by NIST, an increase of 3% from 2019. Overall, usage of NIST’s characteristics of cloud computing have increased by 14-19%, with rapid elasticity showing the largest increase,” the study found. “73% of respondents used resource pooling, a 15% increase from 2019, 77% of respondents used rapid elasticity, a 18% increase from 2019, 78% of respondents used measured service, a 16% increase from 2019. In analyzing the results, we found evidence that teams who excel at these modern operational practices are 1.4 times more likely to report greater SDO performance, and 1.8 times more likely to report better business outcomes.” More than half of all respondents said they use SRE practices to some extent. The Google study found that regardless of performance, teams saw benefits from the increased use of SRE practices.Quality documentation is also important, and the report found that teams with higher quality documentation are 2.4 times more likely to see better software delivery and operational performance. Teams with good documentation also are 3.8 times more likely to implement security practices, 2.4 times more likely to meet or exceed their reliability targets, 3.5 times more likely to implement Site Reliability Engineering practices and 2.5 times more likely to fully leverage the cloud. Continuous testing and continuous integration are also both indicators of success, according to the report. Trunk-based development is key as well, with elite performers who meet their reliability targets being 2.3 times more likely to use it. Maintaining databases is very important, Google researchers found, with elite performers being 3.4 times more likely to exercise database change management compared to their low-performing counterparts.Observability was cited as another metric that separated elite performers from the rest. Teams who successfully meet their reliability targets are 4.1 times more likely to have solutions that incorporate observability into overall system health.The study takes time to note that the COVID-19 pandemic forced significant changes on how teams worked. Nearly 90% of respondents worked from home and just 20% said they had ever worked from home before the pandemic started. “Respondents who worked from home because of the pandemic experienced more burnout than those who stayed in the office (a small portion of our sample). Inclusive teams with a generative culture were half as likely to experience burnout during the COVID-19 pandemic,” Smith said, adding that security was also an important part of the survey.”Security can no longer be an afterthought—it must be integrated throughout every stage of the software development lifecycle to build a secure software supply chain. Elite performers who met or exceeded their reliability targets were twice as likely to have shifted their security practices left, i.e., implemented security practices earlier on in the software development lifecycle, and deliver reliable software quickly, and safely.” More

A new survey from Ping Identity has found that more internet users are willing to stop using sites altogether if they find the experience cumbersome or invasive. The Ping Identity Consumer Survey queried more than 3,400 consumers across the US, UK, Germany, France and Australia about their experiences with signing up for websites and their attitudes toward online privacy.The survey found that 77% of respondents have already abandoned or stopped creating an online account for any number of reasons, which included demands for too much personal information (40%) and too many security steps (29%).More than half of respondents have outright abandoned an online service if they found logging in too frustrating and 63% said they were likely to jump ship for a competitor if they made it easier to authenticate their identity.Richard Bird, chief customer information officer for Ping Identity, said businesses need to integrate their security, privacy and user experience strategies to keep up with modern consumer expectations. “Individuals have no hesitations about finding better experiences elsewhere, so companies that prioritize customer experience now will earn loyalty in the long run,” Bird explained. Nearly 60% of respondents are OK with the idea of storing their personal information in a digital ID on their smartphone but 46% said they would prefer to use a service or site that offers an alternative to passwords.

Forty four percent said they admittedly use weak passwords, with another 29% saying they only make a small change to an old password. Fifteen percent said they simply reuse an old password. Surprisingly, 40% of respondents said they are not able to answer their security questions at least half the time.Consumers are also increasingly showing an interest in understanding how websites and online services share their information, with 85% saying they wanted to know how their personal information is shared and 72% noting that it was difficult to find this information. For German consumers, the numbers were even higher, with 90% reporting an interest in finding out how companies share their personal information. Nearly 70% of respondents in the US said they have stopped using an online service over privacy concerns. More than 70% of respondents have changed their profiles to address privacy issues, and the issue is even more prominent for Gen Z, 89% of whom adjusted their profile settings to control their privacy. Sixty percent of consumers cancelled an account due to privacy concerns and nearly half of respondents have done this more than once. Consumers are also increasingly willing to call customer service about locked accounts, with 77% of US consumers admitting to having done so compared to 62% in Germany and 66% in France.  French consumers were the most diligent about resetting their passwords with stronger ones. More than half of French respondents changed their passwords to something stronger compared to about a third of consumers in other countries. Passwords are also becoming a red line for many US consumers, with one in five saying they are more likely to use an online service that does not require one. More than 75% of respondents said they expect to spend less than five minutes creating a new account, but almost 40% said they would not spend two minutes.  More

Hybrid multi-cloud computing giant Nutanix made several big announcements on Tuesday, unveiling new features within the Nutanix Cloud Platform designed to help organizations build out software-defined data centers and make it easier for enterprises to simplify data management. 

ZDNet Recommends

The best cloud storage services

Free and cheap personal and small business cloud storage services are everywhere. But, which one is best for you? Let’s look at the top cloud storage options.

Read More

Rajiv Mirani, chief technology officer at Nutanix, told ZDNet that their customers are looking for cloud solutions that can adapt to their needs, with a focus on simplicity, flexibility and freedom to choose the right technology for each situation. “The Nutanix Cloud Platform continues to break down common silos within IT teams with the goals of simplifying operations so customers can focus on business needs. With these new features, we focused on addressing the common challenges many enterprises face in hybrid multi-cloud environments, including security, DR and virtual networking,” Mirani said. “Customers require a variety of ways to store data — both structured and unstructured — and are looking for ways to simplify management without needing to rely on different vendors to do so. The new features in the Nutanix Cloud Platform extend our data-centric innovation to high-performance applications to deliver a unified platform with comprehensive data services for all workloads and all variety of data.”Nutanix is launching AOS version 6, software that provides enterprises with built-in virtual networking, enhanced disaster recovery and simplified zero-trust security that otherwise would require additional specialized hardware and software.All of the platform’s functions are managed through a single interface, making it easier for IT teams to handle. 

Nutanix AOS 6 comes with a Network Virtualization offering called Flow Networking that allows organizations to create Virtual Private Clouds and offers VPN capabilities.

AOS 6 users also get access to new Business Continuity and Disaster Recovery capabilities as well as “the ability to leverage the public cloud as a secondary site, native metro clustering support for the built-in AHV hypervisor enabling automatic failover in the event of a disaster” and end-to-end encryption capabilities for DR traffic.Nutanix added that it would offer customers integration with Qualys’ vulnerability management detection and response solution. The company’s AOS, AHV, and Files products were also approved by the Department of Defense and will now be placed on the Information Network Approved Products List after going through a rigorous set of cybersecurity tests. Eric Sheppard, research vice president of IDC Infrastructure Platforms and Technologies Group, said AOS 6, along with virtual networking and security innovations in the Nutanix Cloud Platforms, “deliver an enterprise-ready, end-to-end platform to run any application, including the most critical ones, on-premises and in public cloud.” “The new features address many of the demands of enterprise customers looking to gain efficiency and reliability across clouds, to support their needs now and in the future.” The virtual networking and enterprise-grade DR features are now available to customers, but the security features are under development.Nutanix also announced that the Nutanix Cloud Platform would be able to offer unstructured data tiering from on-premises to cloud, up to a 2x storage performance increase for database workloads and 3x for big data workloads without requiring complex reconfiguration, as well as unstructured data governance service Nutanix Data Lens.The company is also offering a new one-click storage scaling and rich role-based access control called Nutanix Era. Nutanix is adding a slate of new features to make it easier to run data analytics workloads and process data faster at a reduced cost. “Nutanix Objects, the company’s S3 compatible object storage solution, supports high-performance petabyte-scale storage for building data lakes. Customers working with modern analytics applications, such as Apache Spark, will benefit from a dramatically increased query and large batch processing performance with S3 Select and optimized S3A support,” Nutanix explained. “Simplified Storage Scaling and Governance for Databases Nutanix’s database service, Era, manages the most popular database engines like PostgreSQL, MySQL, Microsoft SQL Server, and Oracle Database across hybrid multi-cloud environments. With Era, customers will be able to easily and quickly scale database storage online, turning days or weeks of work into a one-click operation.” Era will also be able to support multi-region failover capabilities. The Nutanix Data Lens — a new cloud service for unstructured data growth — was included in the raft of announcements. More

RiskRecon, a Mastercard company, and the Cyentia Institute released a study on Tuesday showing that some multi-party data breaches cause 26-times the financial damage of the worst single-party breach.The organizations used Advisen’s Cyber Loss Database to examine incidents since 2008. Almost 900 multi-party breach incidents have been observed since 2008, and 147 newly uncovered ripples were observed across the entire data set, with 108 occurring in the last three years. 

ZDNet Recommends

The best cyber insurance

The cyber insurance industry is likely to go mainstream and is a simple cost of doing business. Here are a few options to consider.

Read More

The Advisen Cyber Loss Database has over 103,000 cyber events collected from publicly verifiable sources and was used extensively for the report. Since 2008, more than 2,726 incidents in the Advisen database involve more than one organization. Still, only a subset of those are what the researchers called “ripple events” — which involve some form of B2B relationships between multiple parties. Using that as a filter, the incident base totaled 897 incidents from 2008 to 2020. More than half of the newly identified ripples were in 2019 and 2020, and the report postulated that there is a two-year delay between when an incident takes place and when the ripple effects fully unfold, with some taking as long as five years. A median multi-party breach causes 10 times the financial damage of a traditional single-party breach. In comparison, the worst of the multi-party breach events causes 26 times the financial damage of the worst single-party breach. It typically takes 379 days for a ripple event to impact 75% of its downstream victims, and the median number of organizations impacted by ripple events across the data set was 4.”While a stable number for multi-party breaches in 2020 is not likely, our analysis has already dug up 37 ripple events that swept up victims across a range of industries and scenarios last year,” the report said. “The triggering events are often different, the business relationships vary, the scope of impact can vary wildly, and the depth of downstream reach is changeable. The one unifying factor is the technical integration or data sharing — direct and indirect — that spiderwebs across the generating organization and the recipients of downstream loss events.”

The report lists a number of notable multi-party breaches, including incidents involving SolarWinds, Accellion — which affected the Washington State Auditor’s Office, New Zealand’s central bank, and the high-profile law firm Jones Day — Advanced Computer Software, which exposed hundreds of law firms, the cloud computing provider Blackbaud and more. In each incident, the personal data of millions was exposed, and the researchers found that financial and business support organizations dominate the top two slots in terms of ripple-generating victims and recipients of downstream loss events. The professional and financial sectors together are the source of over 47% of all ripples.

“Many companies are, at some point, both the generator of one ripple event and the downstream recipient of others generated by different organizations. This is a testament to the tight technical ties that bind suppliers, customers, and partners in today’s digitally dominated business environment,” the report explained. “Among those ripple events for which we have cost information, 80% involve some sort of direct financial damage. One out of five of the ripples involved ends up incurring fines and penalties, and one in 10 of them incurs response costs. While only a small fraction of ripples cause a loss of business income, such losses are particularly devastating. In those cases, the loss of income makes up 78% of costs.” The researchers found that when a ripple event triggers a loss of income, it leads to a loss of $36 million per event. Parsing through a subset of 154 ripples, the report found that most costs are borne by the initial victims of a multi-party breach. “From the data presented in this report, one thing should be crystal clear — no organization is safe from a multi-party ripple event. As firms of all shapes and sizes continue to allow companies to access their data, client information, employee details, etc., they also open up more paths for security incidents that can harm their business,” the report’s authors explained. “The reality is while you can’t protect yourself from every third-party threat, you can take control over the risks that will impact your business the most. The interconnectivity of different third- and fourth-party relationships is often hard to visualize and address.”There was a significant drop in the amount of time for ripples to disperse through third-party networks in 2012 and 2013 to less than 200 days, while the number dropped to 50 days in 2018.The report also looked at the duration of ripples from another angle, examining the intervals of time it took for some, half, and most of the downstream recipients to feel the impact of a multi-party incident.”Overall, 25% of firms are involved within 32 days after the initial event, 50% by 151 days, and 75% by just over a year at 379 days. This shows that the fastest impacts rippled out from incidents within healthcare, likely due to the strong reporting requirements in that space. Meantime, the hospitality and information industries take approximately a year before most downstream victims fully feel a ripple,” the report found.  More

HackerOne has expanded the Internet Bug Bounty project to bolster overall open source security. 

Open source projects, ran by individuals and teams of developers worldwide, are relied upon by everything from enterprise players to SMBs.  Open source components are stored and shared publicly, and can range from full operating systems to libraries, educational tools, and server software, among many other functions.  In a recent survey, the Linux Foundation and edX found that the demand for open source programmers and experts continues to climb, but 92% of managers are facing challenges when it comes to finding the talent required to fill current job postings. With a shortage already in place, and many open source projects fuelled by developers who are not being paid for their efforts, sometimes, security issues can slip through the net. In 2020, GitHub research suggested that on average, it can take up to four years to discover open source vulnerabilties — 83% of which are caused by mistakes and human error.  As a result, the code repository said there are “clear opportunities to improve vulnerability detection” in the open source space.  It’s not just about detection, however; vulnerability fixes need to be developed and safely applied, too. 

This is where the Internet Bug Bounty (IBB) project comes in. Now managed by HackerOne, IBB is described as a project to “pool funding and incentivize security researchers to report vulnerabilities within open source software.” A new funding model has now been introduced, with participating patterns including Elastic, TikTok, Shopify, and Facebook.  There are three major changes: HackerOne clients will now be given the option to pool between 1% and 10% of their existing spend to the open source project — of which they may be using components in scope — and bounties will now be divided between hackers and maintainers with an 80/20 split.  “Since open source software maintainers volunteer to help remediate vulnerabilities that are discovered, the bounty split ensures payment for every stakeholder that contributes to vulnerability management,” HackerOne says. The third change is a streamlined procedure for vulnerability report submission.  Since its launch in 2013, over 1,000 vulnerabilities have been reported, with close to 300 bug bounty hunters earning financial awards totaling approximately $900,000. Projects currently in scope include Ruby, Node.js, Python, Django, and Curl, with more options set to be opened in the future.  “Recent cyberattacks against software supply chains demonstrate the urgency of securing these organizational blind spots. And open source software represents a growing portion of the world’s critical supply chain attack surfaces,” said Alex Rice, CTO and co-founder of HackerOne. “The new IBB empowers organizations that are beneficiaries of open source to play an active role in collectively building a more secure digital infrastructure for everyone.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Consumers are spending more than ever on subscription services, according to a new report from West Monroe.West Monroe polled 2,500 consumers about how much they spend each month on a variety of subscription services, finding that people are spending 15% more than they did in 2018. The types of subscriptions have also expanded as more companies create digital platforms and offerings to lure in consistent customers. The average consumer surveyed said they spend $273 per month on subscription services, up from $237 in 2018. This extra 15% equals an additional $430 spent each year. The researchers behind the study were also very interested in people’s perception of how much they spend each month on subscriptions, finding that most people underestimate how much they dole out monthly before sitting down to calculate it. All of the respondents to the survey were unaware of how much they actually spent on subscription services off the top of their heads and most needed more than two tries to get close.In 2021, 89% underestimated what they spend each month, and in 2018, 84% underestimated what they spent each month. Nearly half of those who underestimated were off by between $100-$300.About 70% of respondents subscribed to mobile phone services and a home WiFi service as well as TV and movie providers. Half of all respondents had Amazon Prime accounts. 

The rest of the list varied widely, with respondents reporting a hodgepodge of subscriptions ranging from music streaming sites, gaming services, cloud storage sites, home security systems, newspapers, fitness apps, dating apps and meal services.There was also an increase in the number of people using subscription boxes, which now cover a range of industries like beauty, pets, toys and wellness. Services like Ipsy and Dollar Shave Club were referenced by respondents. Other subscriptions named included book services like Kindle and Audible as well as cloud storage tools like Dropbox, iCloud and OneDrive.Tinder, Match, eHarmony and other dating sites featured prominently alongside fitness apps like MyFitnessPal, Lose It! and Fitbit.Respondents also had a number of newspaper or magazine subscriptions as well as gaming services like PlayStation Now and Xbox Game Pass.ADT, Nest and Ring dominated the home security system subscriptions while identity protection services like LifeLock and Identity Guard were popular as well. Verizon, Sprint and Boost Mobile were the most popular mobile phone services and streaming sites like Spotify, Pandora and XM Radio led the way.Netflix, Hulu, cable services and premium packages were cited as well, alongside WiFi services like Comcast, AT&T and CenturyLink.
West Monroe
Dhaval Moogimane, a partner at West Monroe, said it was not surprising to see that subscription spend grew over the past three years. “It is reflective of the growth of products and services available to us as subscriptions, and the buying behavior that has changed, driven by COVID. What was most surprising to see was the perception gap between how much respondents thought they spent on subscriptions per month versus what they actually spent,” Moogimane said.”The percentage of respondents who were off by more than $200 grew to 66%, from 24% in 2018.  This increase in perception gap is indicative of how some of the subscriptions are now viewed as utilities, particularly cell phones, Wi-Fi, ID protection services, cloud storage services, and more.”Moogimane added that to capture estimates, they asked respondents to think generally about “recurring monthly expenses associated with digital services, devices, and subscription boxes” — including prompts of specific examples and service categories. Respondents were given 10 seconds to guess how much they spend each month. After recording this initial answer, they immediately asked participants to repeat the exercise with 30 seconds to think about the question more carefully. “This is how we calculated what their initial perceptions were for their monthly subscriptions. Then we took them through their subscriptions one by one and tallied up their spend per each individual subscription to determine their actual total spend,” Moogimane said.”The idea is that consumers may think they know what they are spending each month, but when they are asked what they actually pay for each subscription service and the total is added up, it reflects a different story.” More

Some systems at the Alaska Department of Health and Social Services (DHSS) are still offline after being hit by a nation-state backed cyberattack in May. As a result of the incident, an unknown number of people have potentially had their personal information stolen. This information could include full names, dates of birth, social security numbers, telephone numbers, health information, financial information and other data which cyber attackers could exploit. 

Because of the sensitive nature of the information and the potential for it to be abused, DHSS has urged all Alaskans who provided data to or had their data stored by DHSS to take action to protect themselves from identity theft. A free credit monitoring service is being made available to public members concerned that they may be caught up in the breach. See also: A winning strategy for cybersecurity (ZDNet special report).The potential breach of personal information has only just been revealed, despite the incident being first detected in May and previous updates about the attack in June and August — according to a DHSS statement, this was delayed until now to avoid interference with a criminal investigation. And four months from the initial attack, some DHSS online services still haven’t been restored, and there’s no timeline for when they’ll be back. “All affected systems remain offline as we diligently and meticulously move through the three phases of our response. Work is continuing to restore online services in a manner that will better shield DHSS and Alaskans from future cyberattacks,” said Scott McCutcheon, technology officer at DHSS. 

The attack started with the use of an unspecified exploit against a vulnerable website and spread from there. The state isn’t providing additional information at this time because “providing any further specific details could give our attackers information that would help them, and others, be more successful in future cyberattacks.” Cybersecurity company FireEye was brought into investigating the attack and have identified those behind it as “a highly sophisticated group known to conduct complex cyberattacks against organizations that include state governments and health care entities” — but no additional information is currently being revealed. However, DHSS does state this wasn’t a ransomware attack.See also: Ransomware: This new free tool lets you test if your cybersecurity is strong enough to stop an attack.While the exact motives behind the attack aren’t currently clear, healthcare is a frequent target for cyberattacks by both nation-state groups and cyber-criminal gangs. The amount of sensitive personal information involved in healthcare provides attackers with a lot of information about individuals, potentially useful for foreign intelligence services.As a result of the attack, DHSS says it is taking action to boost the cybersecurity of networks to prevent additional incidents in future. “As systems are being brought back online, steps are being taken to build them back to be as resilient as possible to be protected from future cyberattacks. Additional steps are being planned for post-incident hardening of our IT infrastructure,” the department said in a statement. More on cybersecurity: More