Information Technology

Singapore has again pushed back the deployment of its next-generation electronic road pricing (ERP) system, this time, due to the global chip shortage. The satellite-based network is now expected to be rolled out in the second half of 2023, instead of end-2021. It was originally slated to be implemented from 2020, but this was delayed to early this year with completion set for mid-2023. The government then had pointed to the impact of COVID-19 on global supply chains as the reason for the revised timeline. With the Global Navigation Satellite System (GNSS) ERP network now anticipated to be rolled out only from the second half of 2023, it would mean a delay of almost two years before implementation works–spanning 18 months–would be completed. These will include the installation of a new on-board unit, to replace current in-vehicle units, which are mandatory for all registered vehicles in Singapore, with few exceptions that include vehicles that do not use public roads on the mainland or are subject to usage restrictions such as tractors and construction equipment.  

The on-board unit is described as “central” to the new ERP system, providing various services to motorists such as alerts on electric charging locations and real-time traffic data. The supply of critical microchips needed for these units, however, had been affected by the “worsening” global shortage, which also had impacted other industries, said the Land Transport Authority (LTA) in a statement Wednesday. The industry regulator noted that, amidst accelerated global demand during the pandemic, the suspension of operations in major semiconductor foundries across multiple countries had affected production. This, in turn, severely impacted the production of electronic devices in multiple sectors including consumer electronics, industrial machines, and automotive. According to LTA, parts required for the on-board units had to be sourced from different suppliers, some of which had indicated their inability to meet the required delivery schedules for critical components. This shortage was expected to continue throughout 2022, with chip production projected to ramp up gradually from end-2022 to mid-2023. 

Due to the uncertainty in the supply chain, implementation of the on-board units should only commence when production was “stable and sufficient”, it said. “To ensure a smooth and uninterrupted installation exercise for all motorists, the installation of on-board units is now planned to commence in the second half of 2023, instead of end-2021,” LTA said. It added that it would work with local systems integrator NCS and Mitsubishi Heavy Industries (MHI) Engine System Asia on the production and installation of the on-board units. MHI Machinery Systems’ president Naoaki Ikeda said the company was “working closely” with its supply chain partners to source for the affected components and “safeguard their availability” for the installation.Singapore’s current ERP system, launched in 1998, uses a combination of smart card and RFID (radio frequency identification) technology to collect toll charges as vehicles, including motorbikes, drive through gantries. These typically are located along highways and roads that are frequently congested during peak hours. Smart cards carrying stored cash value, also dubbed CashCards, are inserted into the in-vehicle units and funds are deducted each time the vehicle passes through an ERP gantry that is in operation. According to LTA, the current system is increasingly expensive to maintain and the new GNSS infrastructure will do away with the need for bulky gantries, which will be replaced with slimmer ones.As of October 2021, Singapore has a vehicle population of 987,450 that comprises cars, taxis, buses, and motorcycles.RELATED COVERAGE More

Microsoft has detailed the activities of six Iranian hacker groups that are behind waves of ransomware attacks that have arrived every six to eight weeks since September 2020. Russia is often seen as the home of the biggest cyber-criminal ransomware threats, but state-sponsored attackers from North Korea and Iran have also shown a growing interest in ransomware. 

ZDNet Recommends

Microsoft said Iranian hacking groups are using ransomware to either collect funds or disrupt their targets, and are “patient and persistent” while engaging with their targets – although they will use aggressive brute-force attacks.SEE: A winning strategy for cybersecurity (ZDNet special report)The most consistent of the six Iranian threat groups is one Microsoft tracks as Phosphorus (others call it APT35). Microsoft has been playing cat and mouse with the group for the past two years. While initially known for cyber espionage, Microsoft details the group’s strategies for deploying ransomware on targeted networks, often using Microsoft’s Windows disk-encryption tool BitLocker to encrypt victim files. Other cybersecurity firms last year detected a rise in ransomware from Iranian state-backed hackers using known Microsoft Exchange vulnerabilities to install persistent web shells on email servers and Thanos ransomware.    According to Microsoft, Phosphorus was also targeting unpatched on-premise Exchange servers and Fortinet’s FortiOS SSL VPN in order to deploy ransomware.

In the second half of 2021, the group started scanning for the four Exchange flaws known as ProxyShell that were initially exploited as zero days by Beijing-backed hackers.Microsoft released patches for CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 in April. ProxyLogon was one of several exploits that made up ProxyShell. An account by security specialist DFIR Report notes Phosphorus used BitLocker on servers and DiskCryptor on PCs. Their activity stood out because it didn’t rely on ransomware-as-a-service offerings that are popular among cyber criminals and didn’t create custom encryptors. “After compromising the initial server (through vulnerable VPN or Exchange Server), the actors moved laterally to a different system on the victim network to gain access to higher value resources,” the Microsoft Threat Intelligence Center (MSTIC) notes in a blogpost. “From there, they deployed a script to encrypt the drives on multiple systems. Victims were instructed to reach out to a specific Telegram page to pay for the decryption key.”The group also tries to steal credentials by sending “interview requests” to targeted individuals through emails that contain tracking links to confirm whether the user has opened the file. Once a response is received from the target user, the attackers send a link to a list of interview questions and then a link to a fake Google Meeting, which would steal login details.SEE: Ransomware: It’s a ‘golden era’ for cyber criminals – and it could get worse before it gets betterOther groups mentioned in Microsoft’s report included an emerging Iranian hacking group that recently targeted Israel and US organizations in the Persian Gulf with password-spraying attacks. Microsoft highlights that the adoption of ransomware aided the Iranian hackers’ efforts in espionage, disruption and destruction, and to support physical operations. Their arsenal of attacks included ransomware, disk wipers, mobile malware, phishing, password-spray attacks, mass exploitation of vulnerabilities, and supply chain attacks.         More

Ransomware is the most significant cybersecurity threat facing the country today, but many businesses still aren’t taking the threat as seriously as they should be, the National Cyber Security Centre (NCSC) has warned. In its newly published annual review, the NCSC – the cybersecurity arm of intelligence agency GCHQ – details the incidents and threats the UK has faced during the past 12 months, including cyberattacks against the health service and vaccine developers during the coronavirus pandemic, state-sponsored cyber-espionage campaigns, phishing scams and more.  

But, because of the likely impact a successful attack could have on essential services or critical national infrastructure, it’s ransomware that is viewed as the most dangerous cyber threat – and one that more leadership teams need to think about.SEE: A winning strategy for cybersecurity (ZDNet special report) “One of the trends that the NCSC has seen over the last year was a worrying growth in criminal groups using ransomware to extort organisations. In my view it is now the most immediate cybersecurity threat to UK businesses and one that I think should be higher on the boardroom agenda,” said Lindy Cameron, CEO of the NCSC.  The number of ransomware attacks has grown significantly during the past year, reaching the same number of incidents in April 2021 as there had been in all of 2020. “In the first four months of 2021, the NCSC handled the same number of ransomware incidents as for the whole of 2020 – which was itself a number more than three times greater than in 2019,” said the NCSC report. 

The severity of some ransomware attacks means organisations can take a long time to recover. The NCSC paper notes that Hackney London Borough Council suffered significant disruption to services when a cyberattack resulted in IT systems being down for months, affecting the availability of local services, and requiring a recovery that cost millions of pounds.  Alongside local governments, universities have been a common victim of ransomware attacks, to the extent the NCSC has issued specific advice on how these institutions can protect themselves against attacks. “In the UK there was an increase in the scale and severity of ransomware attacks, targeting all sectors from businesses to public services. In response, the NCSC has identified and mitigated numerous threats, whether committed by sophisticated state actors, organised criminal groups or lone offenders,” said Sir Jeremy Fleming, director of GCHQ.  In total, including ransomware attacks, the NCSC has helped handle 777 incidents during the past year, up from 723 on the previous year and an average of 643 a year since the NCSC launched in 2016. 

But while ransomware is a significant and ever-evolving threat, there are measures that organisations can take to help avoid falling victim to an attack, or lessen the impact should the network be compromised by file-encrypting malware. SEE: Ransomware: It’s a ‘golden era’ for cyber criminals – and it could get worse before it gets betterAs detailed by the paper, the most common entry point for ransomware attacks are remote desktop protocol (RDP) attacks, where hackers take advantage of insecure RDP configurations to gain access to the network. Organisations can counter this by encouraging users to use unique, difficult-to-guess passwords – the NCSC recommends using three memorable words for accounts and introducing multi-factor authentication as an extra barrier to attacks. The shift towards remote working has led to a big rise in the use of Virtual Private Networks (VPNs) which, if not managed properly, can provide a gateway for outside attackers to enter the network. The paper also notes how ransomware gangs take advantage of unpatched devices and advises organisations to ensure security updates are rolled out in a timely fashion to help protect the network from cyber criminals exploiting known vulnerabilities. The NCSC regularly publishes advice on threats and now to protect networks from attacks – and one of the key aims of the organisation is to make sure the message gets heard by those who need to hear it. “Ransomware, mostly, doesn’t need a specific response, it needs the things we’ve been telling people to do for a long time. Part of our challenge is helping people do that or understanding what they need to do to apply it as much as possible,” said Cameron.  MORE ON CYBERSECURITY More

An analysis of password habits worldwide has revealed we are still performing poorly when it comes to strong credential management. 

While the idea of using passwords such as QWERTY, 123456, and PASSWORD might seem like a joke these days, they are still commonly found in data dumps of stolen credentials published online. Major online service providers now often enforce strong passwords with lower-case and capital letters, numbers, and special characters and may also encourage and enforce multi-factor authentication (MFA).  However, businesses may not impose the same standards. In addition, ghost and forgotten accounts, hardcoded credentials, and the re-use of username and password combinations are still common problems today.  On Wednesday, Nordpass published its annual study of password use across 50 countries, the “Most Common Passwords” report, an evaluation of a database containing 4TB of leaked passwords, many of which originated from the US, Canada, Russia, Australia, and Europe.  According to the researchers, the most common passwords in 2021, worldwide, were: 123456 (103,170,552 hits)123456789 (46,027,530 hits)12345 (32,955,431 hits)qwerty (22,317,280 hits)password (20,958,297 hits)12345678 (14,745,771 hits)111111 (13,354,149 hits)123123 (10,244,398 hits)1234567890 (9,646,621 hits)1234567 (9,396,813 hits)Among the findings, the researchers also found that a “stunning” number of people like to use their own name as a password (“charlie” appeared as the 9th most popular password in the UK over 2021, as it happens). 

“Onedirection” was a popular music-related password option, and the number of times “Liverpool” appears could indicate how popular the football team is — although, in Canada, “hockey” was unsurprisingly the top sports-related option in active use.  Swear words are also commonly employed, and when it comes to animal themes, “dolphin” was the most popular choice internationally.  Aside from variations of numbers and PC keyboards, in some lists, other local password options made the top 10, including the surname “Chregan” in South Africa; the city “Barcelona” in Spain, and the name “Tiffany” in France.  NordPass’ report can be accessed here.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Over the past months, we’ve published a lot of useful information about VPNs. But this article is unique. In this article, we’re going to do our best to help you save a few bucks. Below are the latest and greatest Black Friday and Cyber Monday VPN deals we’ve been able to scour from around the net, from the VPN vendors themselves, and from the secret whispers of VPN aficionados pumping as much caffeine into their veins as possible to keep up with their need for bits, all day and all night.Keep in mind that VPN vendors are aggressive marketeers even outside of the silly season. But when the floodgates open up, they’re getting even more enthusiastic. So while there are some not-bad Black Friday and Cyber Monday “deals” presented in this article, keep in mind that most VPN vendors are constitutionally incapable of resisting the urge to offer regular deal promotions, and you might just find good deals during other times during the year.Terms and conditionsBe very careful about the terms of the deal. VPN vendors have decided to jump on the bandwagon of one of the most reprehensible tactics used by the web hosting business: listing price by month but charging by year, followed by massive jumps in prices when your service automatically renews. PureVPN, for example, promotes their offering as $2.04 per month, but they actually charge you for 24 months, or $49. Then, when 24 months pass by, they slam you with a $70 bill, bringing your monthly bill from two bucks to nearly six, a three-fold increase. IPVanish’s monthly rate jumps from the $3.80/mo promo price to $7.50 per month — and your card gets hit for $90 all at once.One of the best ways to take advantage of these promo deals but not get slammed later is to make a calendar entry the month before renewal so you know to cancel the service before you get slammed. Since there’s nothing to lock you into a VPN service (they all do basically the same stuff), you can jump onto the next service with a good deal when renewal time comes around.So, I’ve listed these in order of cheapest per month to most expensive but beware of the surge with all those caveats.

Pay now: $50 for three years

How they pitch it: 3-yrs plan for $1.39/mo + 3 months FreeMoney-back guarantee: 30 daysAuto-renew: Yes, the price skyrockets to $47.83 per yearThey say you need the coupon code BLACKFRIDAY, but I just went to their site and hit their big Black Friday banner. The deal here is good on a per-month basis, but put that renewal date in your calendar for three years from now. Otherwise, you’ll be slammed paying three times more when it renews.This is a middle of the road VPN with support for just Windows, Mac, iOS, and Android. But it has one thing going for it: you can use it on all your devices. There’s no 5 device limit, like is the case for many other vendors.

Pay now: $49 for 24 months

How they pitch it: $2.04/mo for 24 monthsMoney-back guarantee: 31 daysAuto-renew: Yes, the price balloons to $70 per yearThese folks are running one of those annoying countdown clocks on their page as if they won’t take your order after the deadline. They’re also trying to virtue signal by offering a 31-day money-back guarantee while everyone else is offering 30. Whether 30 or 31 days, it’s on you to test your purchase to be sure it does what you need.PureVPN allows 10 devices, and it supports a pretty wide range of devices. Beyond that, it offers the usual features, ranging from kill switch to split tunneling and even a fixed IP as an upsell for business buyers. Back in 2018, we ran an article about IP leaks, but all indications are they’ve fixed those problems since then.

Pay now: $59.76 for 27 months

How they pitch it: $2.21/mo for 24 months + 3 free monthsMoney-back guarantee: 30 daysAuto-renew: Yes, the price might bump upThe Surfshark marketing folks are going to town with the large fonts and Black Friday animations. They have a countdown clock, an announcement about a price drop where the word “drop” actually drops, and even a spinning, flashing, 200 point “Ultimate”. So, they really want you to buy.Our review: Surfshark VPN review: It’s cheap, but is it good?It looks like your bill will double once the promo runs out. They say, “59.76 billed now, then annually starting after 27 months.” So keep that in mind and make a note in your calendar if you want to cancel.

Pay now: $38 for 12 months

How they pitch it: $3.20/mo for 12 monthsMoney-back guarantee: 30 daysAuto-renew: Yes, the price explodes to $90/year!!The most important thing is to watch out for that automatic billing hit. $90 a year is a big jump, and it’s among the most expensive we’ve seen for any services that bill for more than one month.Our review: IPVanish review: A VPN with a wealth of optionsThat said, I gave it a pretty positive review. Although some conditions apply, the service offers unlimited connections, and they have quite a lot of clients they support. I was pretty bullish on the features but wasn’t entirely sure I’d want to use the service if I was hiding from a government or otherwise wanted to secure my privacy completely.

Pay now: $79 for 24 months

How they pitch it: $3.29/mo for 24 monthsMoney-back guarantee: 30 daysAuto-renew: Yes, the price might bump upNord is also rocking a countdown clock. The VPN vendors love this kind of involvement device because it helps create a sense of urgency among prospects. It’s kind of Marketing 101, applied to service sales.As you can see, I’ve spent quite a bit of time getting to know the service and the company. The deal they’re offering isn’t the best, but six simultaneous connections are generally pretty workable. Overall, the company’s performance was consistent among the VPNs I’ve tested, and you could do worse than choosing this vendor.Also read:

Pay now: $120 for 24 months

How they pitch it: $4.99/mo for 24 monthsMoney-back guarantee: 30 daysAuto-renew: Yes, the price jumps to $160 for 2 yearsHere’s a note for US-based customers who might be confused. When you click into the company’s promo page for Black Friday, you’re taking to Euros-based pricing. Hit the little USD menu item under the middle deal to get dollar-based pricing. Interestingly, they charge the same digits (5.99) in both Euros and dollars, but €5.99 is about $6.82, so you’re actually saving money if you buy with dollars.As for how many simultaneous connections they allow, I have no idea; I’ve looked all over their site and sent out a query to the company but haven’t heard back. I’ll update this if I find out. Beyond that, the company has been working hard on a speed upgrade, which we reported earlier this year.

I get a lot of questions about VPNs, and I’ve answered many of them in the articles below. They’re definitely worth your time if you’re on the fence about what a VPN can do for you.

zdnet recommends More

The Belarusian government has been accused of at least “partial responsibility” for Ghostwriter attacks in Europe. 

While cybersecurity companies often err on the side of caution when it comes to the attribution of threat groups, Mandiant says that it has “high confidence” that Ghostwriter, also linked to UNC115 activities, is a cybercriminal outfit potentially working on behalf of the country’s government. Sanctions were placed on Belarus earlier this year after the forced diversion of a commercial plane into Belarus airspace to arrest a passenger, a dissident journalist called Roman Protasevich. Now, in retaliation, the country’s President Alexander Lukashenko has been accused of engineering a migrant crisis to destabilize the EU. However, it seems that retribution may go further, with the attribution of Ghostwriter to the ruling government. The European Council has previously accused Russia of Ghostwriter involvement.  According to the cybersecurity researchers, Russian interference cannot be “ruled out,” but other indicators suggest that Belarusian interests are at the heart of the operation, in which government and private sector entities in Ukraine, Lithuania, Latvia, Poland, and Germany are commonly targeted.  In addition, Ghostwriter has also been involved in attacks against Belarusian dissidents, media, and individual journalists. 

UNC1151 — active since 2016 — and Ghostwriter once focused on promoting anti-NATO material through phishing, spoofing, and hijacking vulnerable websites. However, from 2020, the groups expanded their operations in attempts to influence Polish politics and to steal sensitive information via credential theft.  UNC1151 also targeted Belarusian media outlets and opposition members ahead of the 2020 election, a disputed landslide win. No attacks have been recorded against Russian or Belarus state entities.  “Additionally, in several cases, individuals targeted by UNC1151 before the 2020 Belarusian election were later arrested by the Belarusian government,” Mandiant says. Many of Ghostwriter’s campaigns are focused on narratives that are anti-NATO. Since mid-2020, the group has spread content accusing NATO of corruption, the military of spreading COVID-19, and of corruption in Lithuanian and Polish politics. The EU has also been criticized in recent campaigns.  “Ghostwriter narratives, particularly those critical of neighboring governments, have been featured on Belarusian state television as fact,” the researchers added. “We are unable to ascertain whether this is part of a coordinated strategy or if it is simply Belarusian state TV promoting narratives that are consistent with regime interest and being unconcerned with accuracy.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Cyber criminals are becoming more advanced as they continue to find new ways to deliver attacks, and some are now willing to buy zero-day vulnerabilities, something more traditionally associated with nation-states. Knowledge about vulnerabilities and exploits can command a high price on underground forums, because being able to take advantage of them can be very profitable for cyber criminals. That’s especially if this involves a zero-day vulnerability that’s not known about by cybersecurity researchers, because attackers know potential victims won’t have had the chance to apply security updates to protect against it.For example, in the weeks after Microsoft Exchange vulnerabilities were disclosed earlier this year, cyber criminals rushed to take advantage of them as quickly as possible, in order to benefit from the ability to carry out attacks before the security patches were widely applied. Zero-day vulnerabilities are usually deployed by well-resourced, nation-state backed hacking operations – but analysis by cybersecurity researchers at Digital Shadows details how there’s increasingly chatter on dark web message boards about the criminal market for zero-days. “This market is an extremely expensive and competitive one, and it’s usually been a prerogative of state-sponsored threat groups. However, certain high-profile cybercriminal groups (read: ransomware gangs) have amassed incredible fortunes in the past years and can now compete with the traditional buyers of zero-day exploits,” said Digital Shadows.”States can purchase zero-day exploits in a legal way from companies that are solely dedicated to creating these tools,” Stefano De Blasi, threat researcher at Digital Shadows told ZDNet. “However, when these tools are developed by cybercriminals outside of the law, it is likely easier to identify clientele from the cybercriminal world; there is however only a handful of cybercriminal actors who could afford the cost of a zero-day exploit”. 

SEE: A winning strategy for cybersecurity (ZDNet special report) Vulnerabilities like this can cost even millions of dollars, but that’s a price that could be affordable for a successful ransomware group which makes millions from every successful ransomware attack – and they could easily make what they spend back if the vulnerability works as intended by providing a reliable means of infiltrating networks. But there’s another method of making money from vulnerabilities being explored, and it’s one which could place them into the hands of less-sophisticated cyber criminals – something known as “exploit-as-a-service”. Instead of selling the vulnerability outright, the cyber criminal who discovered it can lease this out to others. It potentially starts making them money quicker than it would if they went through the complex process to sell it, and they could continue to make money from it for a long time. They also have the option of eventually selling the zero-day if they tire of leasing it. “This model enables zero-day developers to generate substantial earnings by renting the zero-day out while waiting for a definitive buyer. Additionally, with this model, renting parties could test the proposed zero-day and later decide whether to purchase the exploit on an exclusive or non-exclusive basis,” said the report. Selling to government-backed hacking groups is still the preferred option for some zero-day developers for now, but a growing interest in exploits like this on underground forums indicates how some cyber criminal groups are approaching the level of state-backed operations. “The rise of the exploit-as-a-service business model confirms that the cyber criminal environment is consistently growing both in terms of sophistication and professionalization. Some high-profile criminal groups can now compete in terms of technical skills with state-sponsored actors; many prominent ransomware groups in particular have now amassed enough financial resources to purchase zero-days advertised in illicit environments,” De Blasi explained. The nature of zero-day vulnerabilities means defending networks against them is a difficult task but cybersecurity practices like applying critical security updates as soon as they’re released can stop cyber criminals having a lengthy window to take advantage of vulnerabilities. Organisations should also have a plan for what to do if they discover they’ve been breached. “Well drilled and documented incident response strategies can provide crucial in responding to any attacker that may have gained access to a target’s environment,” said De Blasi.MORE ON CYBERSECURITY More

Embracing the concept of DevSecOps, Palo Alto Networks on Tuesday rolled out Prisma Cloud 3.0, bringing a number of updates to the platform focused on the security of the entire application development lifecycle. That includes infrastructure as code (IaC) security and agentless security.  Palo Alto launched Prisma Cloud in 2019 as a comprehensive cloud security suite designed to govern access, protect data and secure applications consistently. Offering a comprehensive, integrated security platform has become all the more important in the wake of the COVID-19 pandemic when workforces are increasingly dispersed, Palo Alto’s chief product officer Lee Klarich told reporters. Prisma Cloud attempts to offer consistent network security across campuses, branches, remote offices and anywhere else. People are not just working from home but “increasingly working from anywhere,” Klarich said. “How do we safely enable that construct that is increasingly becoming the norm?”Comprehensive cloud security starts in the app development phase, Palo Alto contends. With Cloud Code Security, the company is adding IaC scanning and code fixes directly into developer tools across the development lifecycle. This will help catch misconfigurations in code templates that can lead to thousands of alerts in runtime. Meanwhile, Prisma Cloud is unique in offering both agentless and agent-based security built into the same platform, with rules and results managed from a single UI. Agentless Security provides visibility into an organization’s cloud workload and application risks — it’s meant to complement existing agent-based protection. Prisma Cloud 3.0 also expands Cloud Infrastructure Entitlement Management (CIEM) to Microsoft Azure. This builds on already existing functionality available for Amazon Web Services (AWS).Palo Alto on Tuesday also unveiled its next-generation CASB (Cloud Access Security Broker) to help organizations safely adopt new SaaS applications. It automatically secures new applications, including collaboration tools. It protects sensitive data in real-time using machine learning, natural language processing and optical character recognition. 

Palo Alto also announced the first specialization for its NextWave Managed Service Program. The new specialization focuses on  Cortex XDR, Palo Alto Network’s extended detection and response service that natively integrates network, endpoint and cloud data.The NextWave Managed Service Program (MSP) includes close to 300 partners worldwide that help Palo Alto customers get the most out of their investments. The program provides partners with the tools, training, incentives and resources to promote the adoption of Palo Alto Networks-based managed services. With the Cortex eXtended Managed Detection and Response (XMDR) specialization, customers should get help streamlining security operations center (SOC) operations and mitigating cyber threats. To achieve the new specialization status, partners must have Cortex XDR-certified SOC analysts/threat hunters on staff and be available around the clock.  More