Last week, I described an unsophisticated fraud. This week, let's look at some of the reasons that phishing has become a huge profit center for organized crime.
Protective applications have only minimal effect when it comes to stopping a sophisticated phishing attack. Large companies are under near-constant attack from outsiders who send messages that look almost like messages from within the company. Usually there are clear indications that the message is a fraud, but only to a trained observer.
Unfortunately, most people who work for corporations aren't trained observers. If a message appears to be from a co-worker and the request sounds plausible, there's a good chance that the employee will follow instructions.
An annual report by Wombat Security Technologies shows that not only are phishing attacks increasing in number, but they're also becoming harder to spot. They are also astonishingly expensive. Wombat's cost analysis includes the cost of containing malware, additional costs of malware that can't be contained, loss of productivity, the cost to replace compromised credentials, and costs incurred when credentials are lost. The total cost for an "average size business" to recover from a successful phishing incident is more than $3.5 million. The "average business" for the sake of this research is just under 10,000 employees.
Some 85% of those surveyed said that they had seen a phishing attack in 2015 and 60% said that the rate of phishing attacks has increased.
You might be wondering how the value of malware that isn't contained can be calculated. This represents the cost of malware that evaded traditional defenses such as firewalls, anti-malware software, and intrusion prevention systems. The calculations determine a probable maximum loss (PML), which is the value of the largest loss that could result from cyber-attacks assuming the normal functioning of perimeter controls and other commonly deployed security technologies. Insurance companies frequently use PML to determine risk exposures.
The cost of wasted employee time is a significant factor. The survey shows that employees waste an average of 4.16 hours annually due to phishing scams. For that "average" company of 10,000 people, that's more than 41 thousand hours. The range of times reported was as low as 1 hour and as high as 25 hours per year.
Targeted phishing (commonly known as spear phishing) increased in 2015. Nearly 70% of respondents said they had seen this kind of attack. When attackers use a template that mimics the corporate e-mail template, the attack becomes more dangerous because it appears more legitimate. It's even worse when the creator of the bogus e-mail has enough information to address their victims by name.
The survey reported that telecommunications industries had the worst incidents of infection, followed by consulting, law, and accounting firms. Government agencies were also frequent targets of attacks.
Plug-ins used by employees also increased the risk because some are out of date. The most dangerous outdated plug-ins that are used to launch malware are Adobe PDF Reader, Adobe Flash, Microsoft Silverlight, and Java. Nearly all companies say that they train employees to spot phishing messages. Most also use spam filters, outbound proxies, and some form of advanced malware analysis and detection.
Trying to take a refreshing sip from the Adobe water fountain this week was a bit startling. Camera Raw, Lightroom, Photoshop, After Effects, Dreamweaver, Bridge, and Slate all received updates. Possibly the most fun comes from Slate, a free application that runs on desktop computers (via a browser) and on Apple mobile devices. Development for Android devices is pending. Slate allows user to make sophisticated website presentations and share them -- all for free.
Slate has an interface that most users will figure out how to use in less than a minute. You can download images from your computer or use images from Creative Cloud, Lightroom, Dropbox, and Google. Select the images, add some text, and share your presentation. It's really just that easy. Because it's so easy, there are limitations. Text boxes, for example, can be moved from one side of an image to the other, but that's about it. There are several themes to choose from, but chances are that people will want more. And sound. Adding sound would be good, too.
That's probably all coming. For now, though, Slate is a great way to create a presentation that looks like it must have taken hours to do and must have required a substantial knowledge of HTML5, CSS3, and general Web wizardry. In fact, it requires none of that.
Here's what I created in about 10 minutes using some images I had on the computer from December. Click the image and scroll through the presentation ...
Click the image to see the brief Slate presentation. And don't forget to scroll!
The most exciting release this week was the project formerly known as Comet. It's now Adobe Experience Design CC and it's available in a public preview (for Macs only) from the Adobe website. Adobe elected to develop for a single platform so that software iterations would move quickly. At the end of the public preview, developers will start working on a Windows version.
Maybe you're wondering what an "experience design" is. I think of it as a pre-development tool, kind of a sketch pad. Today's websites need to work on desktop computers, tablets, and phones. There are plenty of tools to use in creating the sites and Adobe makes some of them -- Dreamweaver and Muse, for example. Adobe XD is intended to be used ahead of those products to lay out the overall look and feel of the site and to design how components change as screen size changes.
As such, it works in conjunction with other Creative Cloud apps such as Illustrator, Muse, Photoshop, and Dreamweaver. The goal is to reduce planning time and to speed development.
Updates to Lightroom and Camera Raw are relatively modest. Several new camera models are supported, but every new release of these products supports new cameras. Some improvements have been made to Boundary Warp, a feature that was released in the previous version and a few bugs have been fixed.
For Dreamweaver, the enhancements in the new version range from features for new users to features for highly advanced users. At the high end of the scale, the document object model panel has been improved with support for multiple selections, tag editing, class editing, ID editing, and the ability to insert new elements. Page layout on the Web is becoming increasingly complex and this will give power users a bit of help.
At the other end of the spectrum, Adobe has added several new starter templates that new users can call on to create an impressive site that includes responsive design even without knowing much about how to create and manage responsive design.
This is one of the most logical mergers in many years. Western Digital estimates that its merger with SanDisk will generate $500 million in additional profits within a year and a half. That's good news for investors. But it also looks like a winner for those of us who buy disk drives and solid-state storage media.
Shareholders of the two companies approved the merger this week. In a filing with the Securities and Exchange Commission, Western Digital said that the deal values SanDisk at approximately $17 billion. It's not a completely done deal yet, though. Chinese regulatory authorities need to approve combining traditional disk drive manufacturer Western Digital with flash memory maker SanDisk
In 2015, Unisplendour (a Chinese company) tried to buy 15% of Western Digital stock for $3.78 billion, but the Committee on Foreign Investment in the US (CFIUS) opposed the deal. Unisplendour dropped the offer.
The two companies have already received regulatory approvals from regulators in the US, Japan, South Korea, and elsewhere. The deal should close before mid year.
Growth has been slowing for both traditional disk makers and flash disk manufacturers, so the merger is aimed mainly at cutting costs.
About one third of knowledge workers say their current jobs probably won't exist in 2021. Office work in general is in a state of rapid change with more contract workers and on-line virtual office workers. If you're feeling more dispensable, you're probably right.
A survey of 9000 office workers in the US, UK, and Germany shows that 35% believe their current roles will not exist in five years. And 65% say their roles will not look the same as they do today.
The work environment is changing fast and change is accelerated by what's being called the "on-demand economy" and a global transformation of digital operations. The "Way We Work" study was commissioned by Unify, a company that provides communications and collaboration software and services.
The survey of 9000 people whose job is to "think for a living" asked about current conditions, attitudes, and expectations in their working lives.
The new reality is virtual. Slightly more than half of knowledge workers now work in virtual teams that are distributed across offices and locations more often than in the past. Many think that this is a good thing with 42% saying virtual teams can be more effective than face-to-face teams. Nearly half (49%) report that their organizations operate through technology and communication rather than through offices and locations.
More than one third of respondents (36%) said that creative thinking is one of the biggest benefits of working with people outside of traditional teams in physical locations. Virtual teams are being created by using cloud technology and 57% of respondents say that they use on-demand tools for teamwork, project management, and collaboration.
Overall, office work is changing. "Work" is no longer a place you travel to. The knowledge workers in the survey overall spend about 20% of their time outside the office and 27% said they would like to spend up to half of their time working outside the office. Nearly 70% say a physical office is less important than it once was. But don't erect a tombstone for the office just yet. Only 7% of knowledge workers say they would prefer to spend all of their time out of the office.
One-in-five of all knowledge workers surveyed currently work as freelancers or contractors and 53% say they would consider changing to a freelance or on-demand model of work over regular employment if it were offered. This might be because it gives workers more control of their time. Work-life balance may be improving. About half of the respondents say that their work-life balance has improved in the last 5 years.
The survey defines "knowledge workers" as employees whose main capital is knowledge, those employees whose job is to "think for a living". For the Way We Work Study, the knowledge workers selected were also those that had engagement with technology in their day-to-day jobs.
There's a back-story to this story, so I'll start with that. I've been reading a series of books about a Los Angeles Police Department homicide detective, Harry Bosch. The series is written by Michael Connelley. As it turns out, Amazon Prime Video has adapted the books and I decided to watch them.
This is despite Connelley's technical errors in the early books. He confused speakers with microphones and strobe lights with continuous source lights. He specified x-ray technology for hand scanners and had Bosch use "simplex rovers" over a range that could never be. But still, the books tell interesting stories, so I thought I'd watch the videos.
The video wouldn't play in Firefox, so I contacted Amazon support and explained what I saw.
Amazon support suggested that Microsoft Silverlight was the problem: "Per your email, I understand that the Bosch season 1 doesn't appear , you are getting error 7135.Please don't worry,I'll certainly help you with this. I'm sorry for the inconvenience caused to you. We really don't our customers to experience this. It sounds like you may need to uninstall and reinstall the Silverlight player."
So I uninstalled Silverlight and re-installed Silverlight. No change. The likely cause was a a Firefox plug-in. It didn't take long to determine that the problem was FasterFox. I explained that to Amazon: "It wasn't Silverlight. The problem was a Firefox add-on. I suspect that you have a list of add-ons that cause problems with Amazon Prime Video. If not, you certainly should have one, then minor issues such as this could be resolved by e-mail. The plug-in that caused a problem for me is FasterFox. I had installed it for testing and I know that it is known as a plug-in that can cause problems. That should be on your list, shouldn't it?"
The response from Amazon was perplexing: "I understand that you've determined the real caused of the issue. We are happy to hear from you and I appreciate you for taking your time to share this with us. I apologize that our service did not meet your expectations and also for the inconvenience caused to you due to this."
So far, so good, but "I see that the issue is not with Silverlight, but with Firefox add-on 'FasterFox'. I'd request you to try uninstalling this Firefox add-on plug-in and try watching the video using Firefox browser. If any issue persists, I'd kindly recommend you to try using our HTML5 video player. The HTML5 video player provides the best playback performance and less buffering."
I had already explained that eliminating FasterFox eliminated the problem, so suggesting that I remove it didn't make a lot of sense. It's clear that Amazon employs people who use English as a second language and that these people are given a series of canned text responses that they use to compose answers.
"Further, to ensure the utmost attention, I've also forwarded your email personally as a feedback to our Amazon video team so that they know where we are lacking and add this to our list as well. We are constantly working hard to improve our video service and we are happy that you wrote to us about this. I'd like to add that customers' feedback like yours really helps us continue to improve our products and provide better service to our customers." That's an example of the routine boilerplate text. Here's more: "The last thing I ask you is to allow us another opportunity to serve you, as we consider this our privilege to provide you top notch AIV service. Your patience and understanding is greatly appreciated in this matter. We look forward to a very warm and fruitful association with you. We'd appreciate your feedback. Please use the links below to tell us about your experience today."
Amazon provided no response to the suggestion that they should have a list of plug-ins that are known to cause problems with their video service.
PS: The videos are well done even though they conflate incidents that occurred in a dozen novels, people who die in the books sometimes live in the videos, one key unarmed criminal in the books turns out to have a gun in the videos, and Harry Bosch's military experience is in Iraq instead of Viet Nam.
