Information Technology

2020 has been a year few of us will forget any time soon, and as businesses clamor to either stay afloat or weather the storm the COVID-19 pandemic has caused — let alone everything else that’s happened over the past 12 months — in the criminal underground, business is booming. 

Of particular interest to cyberattackers over the past few years is cryptocurrency. An alternative to traditional, bank-controlled fiat currency, cryptocurrency has evolved from the Wild West in speculative trading to something more akin to a stable financial structure, projects of which are supported by blockchain technologies, an area now being explored by tech giants including IBM, Google, and Microsoft. 
However, many blockchain and cryptocurrency-related technologies are still experimental and speculative; vulnerabilities can lead to wallets — and the crypto stored within — becoming compromised, and there are still cases of exit scams and fraudulent coin launches, known as Initial Coin Offerings (ICOs). 
Cases of data breaches, theft, and investor losses are still very much in existence. Below are the worst recorded incidents, month by month, over the course of 2020. 
January:
Poloniex: Poloniex disclosed a data breach and forced a mass password reset for users after credentials were leaked across social media. 
February:
Helix: An Ohio man was arrested for running the Helix Bitcoin mixing service. An estimated $300 million was laundered through the mixer.
Microsoft engineer theft: A software engineer was convicted of stealing over $10 million from Microsoft.
IOTA: The IOTA Foundation shut down its entire network due to a hacker exploiting a vulnerability in the IOTA wallet app.
Altsbit: The Italian cryptocurrency exchange closed following an alleged cyberattack in which the majority of user funds were stolen.
March:
Prometei: Researchers found a botnet exploiting the Microsoft Windows SMB protocol to mine for cryptocurrency.
YouTube: YouTube accounts were hacked to promote a Bill Gates-themed Ponzi cryptocurrency scam.
TechRepublic: How remote working poses security risks for your organization | How phishing attacks are exploiting Google’s own tools and services | Linux and open source: The biggest issue in 2020
April:
Lendf.me: $25 million in cryptocurrency was stolen from the Lendf.me platform.
Bisq: Over $250,000 was stolen from Bisq Bitcoin exchange users.
May:
Supercomputers: Supercomputers across Europe were hacked in order to mine for cryptocurrency.
CNET: Russian and North Korean hackers are targeting COVID-19 vaccine researchers | The best outdoor home security cameras for 2020 | Android and iPhones are all about privacy now, but startup OSOM thinks it can do better
June:
BTC-e: New Zealand law enforcement froze $90 million in BTC-e assets as part of a money laundering investigation.
CryptoCore: Researchers said that the CryptoCore hacking group has stolen at least $200 million in cryptocurrency from online exchanges. 
Coincheck: A hacker infiltrated the cryptocurrency exchange’s domain registration service, causing a pause to deposit and withdrawal services. 

July:
Twitter: High-profile Twitter profiles belonging to figures including Joe Biden, Bill Gates, and Elon Musk were compromised to tout a cryptocurrency scam.
Coinbase: Coinbase blocked an attempt by attackers to steal $280,000 in Bitcoin.
VaultAge Solutions: The CEO went into hiding after allegedly scamming investors out of $13 million.
AT&T: AT&T was dragged to court over a $1.9 million SIM hijacking and cryptocurrency theft case.
GPay Ltd: UK regulators shut down GPay for scamming cryptocurrency investors by using fake celebrity endorsements.
August:
FritzFrog: A cryptocurrency-mining botnet was discovered that compromised at least 500 enterprise and government servers. 
Ukraine arrests: Ukraine law enforcement arrested suspected members of a gang that laundered $42 million in crypto for ransomware groups.
2together: €1.2 million in cryptocurrency was stolen from the exchange.
PlusToken: Chinese police arrested over 100 people suspected of being involved in the PlusToken cryptocurrency investment scam.
Lazarus: Researchers discovered a new Lazarus campaign targeting a cryptocurrency firm through LinkedIn job adverts.
September:
KuCoin: Roughly $150 million in cryptocurrency was stolen by a cyberattacker after being stored in hot wallets.
Cryptocurrency phishing: Two Russians were charged for stealing close to $17 million in cryptocurrency-themed phishing campaigns.
Eterbase: The cryptocurrency exchange lost $5.4 million, stolen from hot wallets by unknown attackers. 
October: 
Kik: The US SEC issued Kik a $5 million penalty over an allegedly illegal securities offering. 
Harvest Finance: Hackers stole $24 million, but later returned $2.5 million. A $100,000 reward has been posted for information leading to fund recovery.
November: 
GoDaddy: GoDaddy admitted that its staff had become victim to a social engineering campaign leading to email and DNS record-based attacks against Liquid.com and NiceHash.
Akropolis: Akropolis suffered a flash loan attack and $2 million in cryptocurrency was stolen. The company later offered the hacker a ‘bug bounty payment’ in return for the stolen funds. 
Operation Egypto: US and Brazilian law enforcement seized $24 million in cryptocurrency from individuals allegedly connected to an online investor fraud scam.
Silk Road: The US Justice Department seized $1 billion in Bitcoin, said to be from the now-defunct Silk Road marketplace.

December:
As new cybersecurity incidents occur, we will update for the month of December.

Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Cybersecurity may be far from many of our minds this year, and in light of a pandemic and catastrophic economic disruption, remembering to maintain our own personal privacy and security online isn’t necessarily a priority. 

However, cyberattackers certainly haven’t given anyone a break this year. Data breaches, network infiltrations, bulk data theft and sale, identity theft, and ransomware outbreaks have all occurred over 2020 and the underground market shows no signs of stopping.
As a large swathe of the global population shifted to work from home models and businesses rapidly transitioned to remote operations, threat actors also pivoted. Research suggests that remote workers have become the source of up to 20% of cybersecurity incidents, ransomware is on the rise, and we are yet to learn that “123456” is not an adequate password. 
Many companies and organizations, too, have yet to practice reasonable security hygiene, and vulnerabilities pose a constant threat to corporate networks. As a result, we’ve seen a variety of cyberattacks this year, the worst of which we have documented below.
January:
Travelex: Travelex services were pulled offline following a malware infection. The company itself and businesses using the platform to provide currency exchange services were all affected.
IRS tax refunds: A US resident was jailed for using information leaked through data breaches to file fraudulent tax returns worth $12 million. 
Manor Independent School District: The Texas school district lost $2.3 million during a phishing scam.
Wawa: 30 million records containing customers’ details were made available for sale online. 
Microsoft: The Redmond giant disclosed that five servers used to store anonymized user analytics were exposed and open on the Internet without adequate protection.
Medical marijuana: A database backing point-of-sale systems used in medical and recreational marijuana dispensaries was compromised, impacting an estimated 30,000 US users.
February:
Estée Lauder: 440 million internal records were reportedly exposed due to middleware security failures. 
Denmark’s government tax portal: The taxpayer identification numbers of 1.26 million Danish citizens were accidentally exposed.
DOD DISA: The Defense Information Systems Agency (DISA), which handles IT for the White House, admitted to a data breach potentially compromising employee records.
UK Financial Conduct Authority (FCA): The FCA released sensitive information belonging to roughly 1,600 consumers by accident as part of an FOIA request.
Clearview: Clearview AI’s entire client list was stolen due to a software vulnerability.
General Electric: GE warned workers that an unauthorized individual was able to access information belonging to them due to security failures with supplier Canon Business Process Service.
March:
T-Mobile: A hacker gained access to employee email accounts, compromising data belonging to customers and employees. 
Marriott: The hotel chain suffered a cyberattack in which email accounts were infiltrated. 5.2 million hotel guests were impacted. 
Whisper: The anonymous secret-sharing app exposed millions of users’ private profiles and datasets online.
UK Home Office: GDPR was breached 100 times in the handling of the Home Office’s EU Settlement Scheme.
SIM-swap hacking rings: Europol made arrests across Europe, taking out SIM-swap hackers responsible for the theft of over €3 million.
Virgin Media: The company exposed the data of 900,000 users through an open marketing database.
Whisper: Millions of users’ private profiles and datasets were left, exposed and online, for the world to see.
MCA Wizard: 425GB in sensitive documents belonging to financial companies was publicly accessible through a database linked to the MCA Wizard app.
NutriBullet: NutriBullet became a victim of a Magecart attack, with payment card skimming code infecting the firm’s e-commerce store.
Marriott: Marriott disclosed a new data breach impacting 5.2 million hotel guests.

April:
US Small Business Administration (SBA): Up to 8,000 applicants for emergency loans were embroiled in a PII data leak.
Nintendo: 160,000 users were affected by a mass account hijacking campaign.
Email.it: The Italian email provider failed to protect the data of 600,000 users, leading to its sale on the Dark Web.
Nintendo: Nintendo said 160,000 users were impacted by a mass account hijacking account caused by the NNID legacy login system.
US Small Business Administration (SBA): The SBA revealed as many as 8,000 business emergency loan applicants were involved in a data breach.
May:
EasyJet: The budget airline revealed a data breach exposing data belonging to nine million customers, including some financial records.
Blackbaud: The cloud service provider was hit by ransomware operators who hijacked customer systems. The company later paid a ransom to stop client data from being leaked online.
Mitsubishi: A data breach suffered by the company potentially also resulted in confidential missile design data being stolen.
Toll Group: The logistics giant was hit by a second ransomware attack in three months. 
Pakistani mobile users: Data belonging to 44 million Pakistani mobile users was leaked online.
Illinois: The Illinois Department of Employment Security (IDES) leaked records concerning citizens applying for unemployment benefits.
Wishbone: 40 million user records were published online by the ShinyHunters hacking group.
EasyJet: An £18 billion class-action lawsuit was launched to compensate customers impacted by a data breach in the same month.
June:
Amtrak: Customer PII was leaked and some Amtrak Guest Rewards accounts were accessed by hackers.
University of California SF: The university paid a $1.14 million ransom to hackers in order to save COVID-19 research.
AWS: AWS mitigated a massive 2.3 Tbps DDoS attack. 
Postbank: A rogue employee at the South African bank obtained a master key and stole $3.2 million.
NASA: The DopplePaymer ransomware gang claimed to have breached a NASA IT contractor’s networks. 
Claire’s: The accessories company fell prey to a card-skimming Magecart infection.
July:
CouchSurfing: 17 million records belonging to CouchSurfing were found on an underground forum.
University of York: The UK university disclosed a data breach caused by Blackbaud. Staff and student records were stolen.
MyCastingFile: A US casting platform for actors exposed the PII of 260,000 users.
SigRed: Microsoft patched a 17-year-old exploit that could be used to hijack Microsoft Windows Servers.
MGM Resorts: A hacker put the records of 142 million MGM guests online for sale.
V Shred: The PII of 99,000 customers and trainers was exposed online and V Shred only partially resolved the problem.
BlueLeaks: Law enforcement closed down a portal used to host 269 GB in stolen files belonging to US police departments.
EDP: The energy provider confirmed a Ragnar Locker ransomware incident. Over 10TB in business records were apparently stolen.
MongoDB: A hacker attempted to ransom 23,000 MongoDB databases.
CNET: Russian and North Korean hackers are targeting COVID-19 vaccine researchers | The best outdoor home security cameras for 2020 | Android and iPhones are all about privacy now, but startup OSOM thinks it can do better
August:
Cisco: A former engineer pleaded guilty to causing massive amounts of damage to Cisco networks, costing the company $2.4 million to fix.
Canon: The photography giant was struck by ransomware gang Maze.
LG, Xerox: Maze struck again, publishing data belonging to these companies after failing to secure blackmail payments.
Intel: 20GB of sensitive, corporate data belonging to Intel was published online.
The Ritz, London: Fraudsters posed as staff in a clever phishing scam against Ritz clients.
Freepik: The free photos platform disclosed a data breach impacting 8.3 million users. 
University of Utah: The university gave in to cybercriminals and paid a $457,000 ransom to stop the group from publishing student information.
Experian, South Africa: Experian’s South African branch disclosed a data breach impacting 24 million customers. 
Carnival: The cruise operator disclosed a ransomware attack and subsequent data breach.
See also: Black Hat: When penetration testing earns you a felony arrest record
September:
Nevada: A Nevada school, suffering a ransomware attack, refused to pay the cybercriminals — and so student data was published online in retaliation. 
German hospital ransomware: A hospital patient passed away after being redirected away from a hospital suffering an active ransomware infection.
Belarus law enforcement: The private information of 1,000 high-ranking police officers was leaked. 
NS8: The CEO of the cyberfraud startup was accused of defrauding investors out of $123 million.
Satellites: Iranian hackers were charged for compromising US satellites. 
Cerberus: The developers of the Cerberus banking Trojan released the malware’s source code after failing to sell it privately. 
BancoEstado: The Chilean bank was forced to close down branches due to ransomware.
October: 
Barnes & Noble: The bookseller experienced a cyberattack, believed to be the handiwork of the ransomware group Egregor. Stolen records were leaked online as proof. 
UN IMO: The United Nations International Maritime Organization (UN IMO) disclosed a security breach affecting public systems.
Boom! Mobile: The telecom service provider became the victim of a Magecart card-skimming attack.
Google: Google said it mitigated a 2.54 Tbps DDoS attack, one of the largest ever recorded.
Dickey’s: The US barbeque restaurant chain suffered a point-of-sale attack between July 2019 and August 2020. Three million customers had their card details later posted online.  
Ubisoft, Crytek: Sensitive information belonging to the gaming giants was released online by the Egregor ransomware gang.
Amazon insider trading: A former Amazon finance manager and their family were charged for running a $1.4 million insider trading scam.

November: 
Manchester United: Manchester United football club said it was investigating a security incident impacting internal systems.
Vertafore: 27.7 million Texas drivers’ PII was compromised due to “human error.”
Campari: Campari was knocked offline following a ransomware attack.
$100 million botnet: A Russian hacker was jailed for operating a botnet responsible for draining $100 million from victim bank accounts. 
Mashable: A hacker published a copy of a Mashable database online.
Capcom: Capcom became a victim of the Ragnar Locker ransomware, disrupting internal systems.
Home Depot: The US retailer agreed to a $17.5 million settlement after a PoS malware infection impacted millions of shoppers.
TechRepublic: How remote working poses security risks for your organization | How phishing attacks are exploiting Google’s own tools and services | Linux and open source: The biggest issue in 2020
December:
As new cybersecurity incidents occur, we will update for the month of December.

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Vietnamese government-backed hackers have been recently spotted deploying cryptocurrency-mining malware alongside their regular cyber-espionage toolkits, Microsoft said on Monday.
The report highlights a growing trend in the cyber-security industry where an increasing number of state-backed hacking groups are also dipping their toes into regular cybercrime operations, making it harder to distinguish financially-motivated crime from intelligence gathering operations.
APT32 joins the Monero-mining landscape
Tracked by Microsoft as Bismuth, this Vietnamese group has been active since 2012 and is more widely known under codenames like APT32 and OceanLotus.
For most of its lifetime, the group has spent it orchestrating complex hacking operations, both abroad and inside Vietnam, with the purpose of gathering information to help its government deal with political, economic, and foreign policy decisions.
But in a report published late Monday night, Microsoft says it has recently observed a change in the group’s tactics over the summer.
“In campaigns from July to August 2020, the group deployed Monero coin miners in attacks that targeted both the private sector and government institutions in France and Vietnam,” Microsoft said.
It is unclear why the group made this change, but Microsoft has two theories.

The first is that the group is using the crypto-mining malware, usually associated with cybercrime operations, to disguise some of its attacks from incident responders and trick them into believing their attacks are low-priority random intrusions.
The second is that the group is experimenting with new ways of generating revenue from systems they infected part of their regular cyber-espionage-focused operations.
Other state-sponsored groups also hacking for personal gains
This last theory also fits into a general trend seen in the cyber-security industry, where, in recent years, Chinese, Russian, Iranian, and North Korean state-sponsored hacking groups have also attacked targets for the sole purpose of generating money for personal gains, rather than cyber-espionage.
The reasons for the attacks are simple, and they have to do with impunity. These groups often operate under the direct protection of their local governments, either as contractors or intelligence agents, and they also operate from within countries that don’t have extradition treaties with the US, allowing them to carry out any attack they want and know they stand to face almost none of the consequences.
With Vietnam also lacking an extradition treaty with the US, Bismuth’s expansion into cybercrime is considered a given for a country that’s expected to be “on the edge” to become a future cybercrime hub and a major cyber-espionage player in the next decade. More

Towards the end of 2017, there was a major shift in the malware scene. As cloud-based technologies became more popular, cybercrime gangs also began targeting Docker and Kubernetes systems.

Most of these attacks followed a very simple pattern where threat actors scanned for misconfigured systems that had admin interfaces exposed online in order to take over servers and deploy cryptocurrency-mining malware.
Over the past three years, these attacks have intensified, and new malware strains and threat actors targeting Docker (and Kubernetes) are now being discovered on a regular basis.
But despite the fact that malware attacks on Docker servers are now commonplace, many web developers and infrastructure engineers have not yet learned their lesson and are still misconfiguring Docker servers, leaving them exposed to attacks.
The most common of these mistakes is leaving Docker remote administration API endpoints exposed online without authentication.
Over the past years, malware like Doki, Ngrok, Kinsing (H2miner), XORDDOS, AESDDOS, Team TNT, and others, have scanned for Docker servers that left the Docker management API exposed online and then abused it to deploy malicious OS images to plant backdoors or install cryptocurrency miners.
The latest of these malware strains was discovered last week by Chinese security firm Qihoo 360. Named Blackrota, this is a simple backdoor trojan that is basically a simplified version of the CarbonStrike beacon implemented in the Go programming language.

Only a Linux version was discovered until now, and it is unclear how this malware is being used. Researchers don’t know if a Windows version also exists, if Blackrota is being used for cryptocurrency mining, or if it’s used for running a DDoS botnet on top of powerful cloud servers.
What it is known is that Blackrota relies on developers who have made a mistake and accidentally misconfigured their Docker servers.
The lesson from Blackrota and past attacks, is that Docker is not a fringe technology anymore. Threat actors are now targeting it on purpose with at-scale attacks on a near daily basis.
Companies, web developers, and engineers running Docker systems part of production systems are advised to review the official Docker documentation to make sure they have secured Docker’s remote management capabilities with proper authentication mechanisms, such as certificate-based authentication systems.
Currently, there are plenty of tutorials around to guide even the most inexperienced developers with step-by-step guides.
With Docker gaining a more prominent place in modern-day infrastructure setup, with attacks on the rise, and with the number of malware strains that target Docker systems growing by the month, it’s time that developers took Docker security seriously. More

Salesforce research shows that the customer experience that companies provide is as important as their products. To deliver the best possible customer experience, businesses must shift away from silo-design principles to a model that minimizes process friction and more resembles how living organisms grow and flourish. 

Flow by Design

Living systems are flow-based. They circulate resources throughout the organism and its environment. A small number of pioneer organizations have already proven the effectiveness of this flow by design paradigm, demonstrating that flow-based designs can be better for the customer, better for the company and better for the environment than their silo equivalents and, as a result, represent a new, more sustainable business model for the future. These companies have also shown us that innovation at scale will require the adoption of new business models and flow-based design principles. In a series of articles we’ve been introducing the seven Flow principles and describing how they are emerging as world shapers in the early decades of the new millennium. In this article we are highlighting the principle of Integration. 
So far, we have shown that everything and everyone in the post-COVID world is going to become increasingly connected, increasingly decentralized and increasingly autonomous. Employees are going to continue to work wherever they feel safe and productive, customers are going to continue to shop online and expect speedy home delivery. Students will do more of a mix of online and in-person learning, More and more services will be delivered remotely, cars will become autonomous and robot-taxis and drone delivery services will become the norm. Seniors will want to age in place and telemedicine, connected health devices and concierge services both online and in home will support them.

The future of work in the next norm will a hybrid model that is built upon a digital, highly integrated and distributed model. 
For nearly all companies a big question is beginning to loom: how should they go about managing their resources in such a new world when they’re actually designed for the exact opposite conditions? In this article we will focus on how they should go about managing their distributed employees, suggesting a new model based on the principle of Integration and on related technological advances.

The “structure” of management  
In the Old Normal, management was conventionally a matter of hierarchy, not of expertise. An individual employee was the de facto manager of the employees directly beneath them in the company’s org chart and a de facto subordinate of the employee above them in the same chart. The act or practice of Management was never called out explicitly because it was taken for granted that the primary responsibility of the “owner” of each box on the chart was the management of everyone else in it. Likewise, nowhere on that org chart would we find “Management” as a function, division or department in the same way we would Sales, or Marketing, or Finance for example.

Living systems are flow based. They circulate resources throughout the organization and its environment.In the digital economy, businesses must also be flow based. Today unfortunately, most companies are silo-based. And that’s why they’re dying. https://t.co/FxPqFysEYZ pic.twitter.com/FdLU1rmPYv
— Vala Afshar (@ValaAfshar) March 2, 2020

This hierarchy was supported and reinforced by the physical workplace. A manager, working from a private office, would oversee their direct reports working in the ranks and files of cubicles outside their door, or would figuratively oversee them from a higher floor. In meetings it was implicit but well established practice that, depending on the layout of the room, the managers would sit at the place of greatest visibility, wherever they could see and be seen by their reports most clearly. There were rules to be followed, authorization and approvals to be gained, even etiquette and behavioral norms to be observed. And of course office attire, office hours, company signage, ID badges and security, the canteen, company communications and events, all helped to establish belonging, or at least fit.  In the New Normal, however, where the employees are working from home or indeed from anywhere, and where few of the old ways of establishing, demonstrating and reinforcing hierarchy exist, the traditional command and control, direct supervision model of management that was already creaking at the joints now feels significantly outdated. And while that sounds like a good thing, none of the old ways of establishing identity or belonging exist either, which sounds less good. Meanwhile, our colleague Tiffani Bova, describing a recent Forbes Insight study on employee experience, writes that the study:

Work from home (WFH) should give employees their autonomy​, not extend the company’s authority into their private space. It should also give the company the opportunity to discontinue the use of the word “remote”. Let’s re-brand WFH to “Working From Here”. https://t.co/hpjhW7rEbW pic.twitter.com/ULlbIESqe5
— Vala Afshar (@ValaAfshar) May 26, 2020

…identified a correlation between employee experience (EX), customer experience (CX), and growth. The study found that companies that were hyper focused on enhancing their employee engagement ultimately had higher customer engagement levels and revenue growth. More specifically, these companies amassed 1.8 times more revenue growth (nearly double) than organizations that solely focused on customers. Conversely, the respondents indicated that solely focusing on customers did not correlate to higher EX or revenue.

In short, it may be more difficult than ever for management to focus on the employee experience but it’s also demonstrably more important than ever.
Orchestration – the integration of distributed, autonomous resources

So what can companies and their leadership do? Because the New Normal is still so, well, new there are no tried and true examples of distributed employee management. There are, however, analogs and precursors that might be productive. We asked ourselves if there are any other types of resources that are already Flow-based, meaning distributed, autonomous, connected and mobile, and the most compelling example we came up with was autonomous vehicles (which we have already discussed as an example of flow here and here). We then saw that for all the autonomous vehicles that are privately and individually owned there are also emerging models, like Mobility as a Service (MaaS), where they are managed as fleets. And when we looked at the way these fleets of autonomous vehicles are being managed, what we found was the world of Orchestration.

 Resource orchestration and service orchestration are already established practices in the world of software, where “the goal of orchestration is to streamline and optimize frequent, repeatable processes. Companies know that the shorter the time-to-market, the more likely they’ll achieve success. Anytime a process is repeatable, and its tasks can be automated, orchestration can be used to optimize the process in order to eliminate redundancies.”
Mulesoft, the world’s leading software integration platform, further defines the goals and the benefits of application orchestration as follows: “Application or service orchestration is the process of integrating two or more applications and/or services together to automate a process, or synchronize data in real-time. Application orchestration provides a) an approach to integration that decouples applications from each other, b) capabilities for message routing, security, transformation and reliability and c) most importantly, a way to manage and monitor your integrations centrally”.  So when we’re talking about the management of digital resources in contemporary enterprises, where we want to maintain individual resource autonomy and yet still coordinate a great many of them towards a common goal, orchestration is already a key principle. Orchestration is Integration, but critically it is not point to point or hard-wired integration which creates dependencies and inflexibility. Orchestration is dynamic integration which creates almost endless opportunities for reuse and reconfiguration.

 Fleet orchestration is a logical extension of this principle, still applying it to software but this time to software that controls physical resources, like cars, buses, and other vehicles, whose primary function is mobility — travel and transportation — rather than information processing. These vehicles are called “autonomous” because they no longer rely upon a human operator or driver and instead are controlled by this embodied software, being mostly sensor or AI based. In some ways fleet orchestration is not so new. Taxi schedulers and distribution companies have been faced with the challenges of resource allocation and journey optimization for years or even decades. In the world of MaaS, however, fleet managers will need to handle far higher volumes with mixed demand types, mixed resources types, and with far more complex requirements for integration with external entities like automotive manufacturers, mapping companies, regulatory entities, payment infrastructures as well as both individual and business customers in both on demand and scheduled settings. For example, Bestmile, a transportation software startup, has developed a Fleet Orchestration Platform which, according to the company’s website, “can manage autonomous and human-driven vehicles, supports on-demand and fixed-route systems, integrates with multiple transport modes, and provides flexible applications for travelers, drivers, and operators. Its AI-powered algorithms orchestrate fleets with ultra-efficient ride matching, dispatching and routing proven to move more people with fewer vehicles with predictable operator and passenger KPIs.”  The benefits of fleet orchestration can be enormous: “Our [Bestmile] study found that 400 shared vehicles could do the work of 2700 Chicago taxis with predictable ride times and wait times. An MIT study found that a fleet of 3,000 taxis could meet 98 percent of demand served by New York City’s 13,000 vehicles with an average wait time of 2.7 minutes. UT found that one shared autonomous vehicle could replace 10 personal autos with wait times between a few seconds and five minutes.” The question is, can this orchestration model extend to companies and the management of their own resources, human as well as digital?
Applying orchestration to human resources
John Kao, Chairman of the Institute for Large Scale Innovation, has come to a similar conclusion as we have about the need for change in organization and management paradigms:

Unfortunately, our leadership playbooks often remain largely frozen in time, originally designed for the authority and control needed to keep industrial bureaucracies functioning efficiently. But we are in the midst of a fourth industrial revolution that requires agility, rapid innovation and fluid, networked organizational designs. The commandant must give way to the orchestrator, the machine to the network. 

Corporate IT departments are already beginning to reflect this shift. In the world of Agile DevOps practices, teams are self organizing and autonomous and they apply orchestration principles to their release activities. According to Digital.ai:

With Release Orchestration, DevOps teams are able to model software delivery pipelines, coordinate automated tasks with manual work, integrate a variety of tools for building, testing, and deploying software, and use data to identify bottlenecks and areas for potential areas for improvement. 

Silo design Flow design————— —————Extraction ConnectionAccumulation DistributionIsolation IntegrationDependency AutonomyImmobility MobilityBatching ContinuityFlow based systems optimize holistic success. https://t.co/FxPqFysEYZ pic.twitter.com/WIifqDNkmA
— Vala Afshar (@ValaAfshar) March 3, 2020

And a small but increasing number of companies are applying the Agile philosophy to business functions outside of IT, including Marketing, HR, Legal and beyond, leading towards what has been called Enterprise Agility. McKinsey has described the benefits of this approach, showing that Employee Engagement, Customer Satisfaction and Operational Performance can all be improved by it in its March 2020 paper Enterprise Agility: Buzz or Business Impact?  A key feature of Agile enterprises, according to the article, is that they “can quickly redirect their people and priorities toward value-creating opportunities. A common misconception is that stability and scale must be sacrificed for speed and flexibility. Truly agile organizations combine both: a strong backbone or center provides the stability for developing and scaling dynamic capabilities.” Orchestration is the connector between the backbone and the dynamic capabilities, between the strategy and shared purpose of the organization as a whole, its customer-focused missions and its autonomous resources. Putting this into practice will not be simple, and should itself follow an agile process, starting with a very small subset of customers journeys.  A critical thing to note here is that the orchestration function is not supervisory in the traditional sense. Orchestrators are not hierarchically more senior than the teams executing the missions. They neither “own” the resources, nor the missions, nor the customers. They are flow-based, rather than silo-based, in the sense that their performance metrics are based on customer success, speed and throughput, not on the size of their budget or on the number of employees they manage  As companies become more and more data-driven, as AI takes an increasingly central role in the operations of a company, so orchestration and other related functions will become increasingly evident and important. As in the fleet orchestration example, we can expect to see Planning and Forecasting, Performance Tracking and Business intelligence become more central components of the organization’s decision making tool set along with Orchestration itself. Conclusion We have already suggested that the organization of the future may be like an autonomous car, or even a spaceship, but perhaps really it is more like a fleet of them. In this model, the future company is relatively flat, comprising a number of distributed, autonomous resources, human, digital and hybrid, that are guided by an explicit orchestration function. The job of this orchestration function will be to create “missions”, using multiple, symbiotic intelligences, that anticipate and respond to customer needs, match them with the right resource or team of resources, and then entrust the successful and timely execution of the mission to that team. 
This article was co-authored by Henry King, a business innovation and transformation strategy leader at Salesforce. Henry King is an innovation and transformation leader at Salesforce and author of Flow Design, a new design paradigm for organizations and experiences based on the principles of movement and connections. King is a former CIO with 30 years of consulting and executive experience, both in the US and internationally, with expertise in innovation, design thinking, and information technology. King also teaches innovation and design topics at the School of the Art Institute of Chicago and the Institute of Design.  More

A newly discovered form of malware is targeting Apple MacOS users in a campaign which researchers say is tied to a nation-state backed hacking operation.
The campaign has been detailed by cybersecurity analysts at Trend Micro who’ve linked it to OceanLotus – also known as APT32 – a hacking group which is thought to have links to the Vietnamese government.
OceanLotus is known to target foreign organisations working in Vietnam including media, research and construction and while the motivation for this isn’t fully understood, the aim is thought to be to using espionage to aid Vietnamese-owned companies.
The MacOS backdoor provides the attackers with a window into the compromised machine, enabling them to snoop on and steal confidential information and sensitive business documents.
The security company’s researchers have linked it to OceanLotus because of the similarities in code and behaviour of the malware, compared with samples used in previous campaigns by the group.
The attacks begin with phishing emails which attempt to encourage victims to run a Zip file disguised as a Word document. It evades detection by anti-virus scanners by using special characters deep inside a series of Zip folders.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic) 

The attack could potentially give itself away if users are paying attention because when the malicious file is run, a Microsoft Word document doesn’t appear. 
However, at this stage an initial payload is already working on the machine and it changes access permissions in order to load a second-stage payload which then prompts the installation of a third-stage payload – which downloads the backdoor onto the system. By installing the malware across different stages like this OceanLotus aims to evade detection.
Like older versions of the malware, this attack aims to collect system information and creates a backdoor allowing the hackers to snoop on and download files, as well as upload additional malicious software to the system if required. It’s thought that the malware is still actively being developed.
“Threat groups such as OceanLotus are actively updating malware variants in attempts to evade detection and improve persistence,” wrote researchers.
To help avoid falling victim to this and other malware campaigns, Trend Micro urges users to be cautious about clicking links or downloading attachments from emails coming from suspicious or unknown sources.
It’s also recommended that organisations apply security patches and other updates to software and operating systems so malware isn’t able to take advantage of known vulnerabilities which can be protected against.
READ MORE ON CYBERSECURITY More

Image: Kashaf et al.
In 2016, Dyn, a provider of managed DNS servers, was the victim of a massive DDoS attack that crippled the company’s operations and took down domain-name-resolving operations for more than 175,000 websites.
While some sites managed to stay up by activating a redundancy and switching DNS resolving to secondary servers, many websites were not prepared and remained down for almost a day as Dyn dealt with the attack.
Also: Best web hosting services 2020: Wix, WordPress, and more 
Four years later, a team of academics from Carnegie Mellon University have conducted a large-scale study of the top 100,000 websites on the internet to see how website operators reacted to this attack and how many are still operating with one single DNS provider and no other backup.
Their findings, published at the Internet Measurement Conference last month, show that, currently, in 2020, 89.2% of all websites use a third-party DNS provider rather than managing their own DNS server.
But even worse is the fact that 84.8% of all analyzed websites relied on one single DNS provider, without having a backup redundancy to which they could switch in case of a failure or attack.

Image: Kashaf et al.
The CMU team says the number of sites with a critical DNS dependency (no redundancy) has gone up by 4.7% since 2016, showing that the lessons site operators were supposed to learn following the Dyn DDoS attack lessons have been largely, and almost immediately, forgotten.

Researchers point out that while two websites (2%) in the Top 100 added backup DNS servers since 2016, smaller websites continued to use one single DNS service provider without a backup, and in most cases, many site operators chose to go with a known provider, contributing to a long-observed tendency of consolidation among internet service providers.
Currently, CMU researchers say that the Top-3 DNS providers —Cloudflare (24%), AWS (12%), and GoDaddy (4%)— are the single DNS providers of around 38% of the Top 100,000 sites in the Alexa ranking.
In addition, four DNS providers are the lone critical providers for more than half of the Alexa Top 100 website list.
Any intentional attack or accidental hardware or software failure at one of these three providers can bring down a large chunk of the internet with them, something that appears to happen once in a while [1, 2], still.
Furthermore, researchers point out that even if there are more than 10,000 DNS providers serving the Alexa Top 100k sites, most have indirect dependencies back to a handful of providers, such as Cloudflare, AWS, GoDaddy, Namecheap, Oracle (formerly Dyn), and others.
The researchers also not that of the website operators who chose to add a redundancy, most were customers of Dyn, NS1, UltraDNS, and DNSMadeEasy.
“This may be because these providers encourage the use of secondary DNS provider by giving specific guidelines to seamlessly incorporate a secondary DNS provider,” the research team noted.
“High redundancy for Dyn and NS1 customers could alsobe a result of large-scale attacks on Dyn and NS1.”
But the study took similar looks at the state third-party services and critical dependencies (no redundancies) for websites using CDNs (content delivery networks) and CAs (certificate authorities).
The results were similar to the team’s research on DNS, with many websites operating with either their CDN or CA OCSP stapling provider as a point of failure in their operations, without any backup redundancy.

Image: Kashaf et al.
Additional details about the team’s research are available in an academic paper titled “Analyzing Third Party Service Dependencies in Modern WebServices: Have We Learned from the Mirai-Dyn Incident?,” also available as a PDF document.
A video of the research team presenting its findings is available below.
[embedded content] More

IBM Cloud said it will offer cryptography technology that will be futureproofed for quantum computing deployments.
Big Blue, which is among the key players in the quantum computing race, launched Quantum Safe Cryptography for Key Management and Application Transactions.
Quantum computing promises to solve new problems, leap past supercomputers and possibly used to easily break encryption algorithms and data security measures.
IBM’s bet is that it can combine its security and hybrid cloud knowhow with its quantum computing research.
The new tools under the quantum-safe effort from IBM include:
Quantum Safe Crypto Support, a service to secure data transmissions between hardware externally and internally via a quantum-safe algorithm.
Extended IBM Cloud Hyper Protect Crypto Service, a design to protect transactional data within applications. The protection covers encryption schemes in databases and digital signature validation.
These services will support the following:
IBM Key Protect and for Red Hat OpenShift on IBM Cloud;
IBM Cloud Kubernetes Service;
IBM Cloud Hyper Protect Crypto Services.
The quantum security efforts add to IBM’s existing portfolio including confidential computing, IBM Cloud Data Shield, research and IBM Cloud Security and Compliance Center.

More: More