Microsoft to continue to invest over $1 billion a year on cyber security

Microsoft

By Tova Cohen

TEL AVIV (Reuters) – U.S. software firm Microsoft Corp <MSFT.O> will continue to invest over $1 billion annually on cyber security research and development in the coming years, a senior executive said.

This amount does not include acquisitions Microsoft may make in the sector, Bharat Shah, Microsoft vice president of security, told Reuters on the sidelines of the firm’s BlueHat cyber security conference in Tel Aviv.

“As more and more people use cloud, that spending has to go up,” Shah said.

While the number of attempted cyber attacks was 20,000 a week two or three years ago, that figure had now risen to 600,000-700,000, according to Microsoft data.

Long known for its Windows software, Microsoft has shifted focus to the cloud where it is dueling with larger rival Amazon.com <AMZN.O> to control the still fledgling market.

In October it said quarterly sales from its flagship cloud product Azure, which businesses can use to host their websites, apps or data, rose 116 percent.

In addition to its internal security investments, Microsoft has bought three security firms, all in Israel, in a little over two years: enterprise security startup Aorato, cloud security firm Adallom, and Secure Islands, whose data and file protection technology has been integrated into cloud service Azure Information Protection.

Financial details of these deals were not disclosed.

“If you are talking about an ecosystem with more than 400 start-ups it’s not really a coincidence. Israel is huge in security,” said Secure Islands founder Yuval Eldar.

Microsoft’s venture arm has also made three cyber security investments in Israel, including this week an undisclosed amount in Illusive Networks, which uses deception technology to detect attacks and has been installed at banks and retailers.

Earlier this month Microsoft said it invested in Israel’s Team8, which created Illusive Networks.

Though Microsoft does not have any near-term plans to implement deception technology, “we look at lots of different technologies that might be of use in the future,” Shah said.

Shah believes that in the next year or so progress should be made in moving toward broader implementation of user authentication without need for a password.

Microsoft’s Windows 10 operating system includes Windows Hello, which allows users to scan their face, iris or fingerprints to verify their identity and sign in.

(Reporting by Tova Cohen; Editing by Steven Scheer and Adrian Croft)

EU-U.S. commercial data transfer pact enters into force

Servers in Iceland

By Julia Fioretti

BRUSSELS (Reuters) – A new commercial data pact between the European Union and the United States entered into force on Tuesday, ending months of uncertainty over cross-border data flows, and companies such as Google <GOOGL.O>, Facebook <FB.O> and Microsoft <MSFT.O> can sign up from Aug. 1.

The EU-U.S. Privacy Shield will give businesses moving personal data across the Atlantic – from human resources information to people’s browsing histories to hotel bookings – an easy way to do so without falling foul of tough EU data transferral rules.

The previous such framework, Safe Harbour, was struck down by the EU’s top court in October on the grounds that it allowed U.S. agents too much access to Europeans’ data.

Revelations three years ago from former U.S. intelligence contractor Edward Snowden of mass U.S. surveillance practices caused political outrage in Europe and stoked mistrust of big U.S. tech companies.

In the months that followed the EU ruling companies have had to rely on other more cumbersome mechanisms for legally transferring data to the United States.

The Privacy Shield will underpin over $250 billion dollars of transatlantic trade in digital services annually.

Google and Microsoft said they would sign up to the Privacy Shield and would work with European data protection authorities in case of inquiries.

A person familiar with social network Facebook’s thinking said the company had not yet decided whether to sign up.

“It’s too early to say as we haven’t seen the full text yet but like other companies we will be evaluating the text in the coming weeks,” the person said.

The Privacy Shield seeks to strengthen the protection of Europeans whose data is moved to U.S. servers by giving EU citizens greater means to seek redress in case of disputes, including through a new privacy ombudsman within the State Department who will deal with complaints from EU citizens about U.S. spying.

However the framework also faces criticism from privacy advocates for not going far enough in protecting Europeans’ data and is widely expected to be challenged in court.

Max Schrems, the Austrian law student who successfully challenged Safe Harbour, said the Privacy Shield was “little more than a little upgrade to Safe Harbour”. However he added that he did not have plans to challenge it himself for the time being.

“We are confident the framework will withstand further scrutiny,” Penny Pritzker, U.S. Secretary of Commerce, told a news conference.

EU data protection authorities, who had demanded improvements to the Privacy Shield in April, said they were analyzing the framework and would finalize a position by July 25.

(Editing by Alexandra Hudson and Louise Heavens)

Pakistan, Indonesia lead in malware attacks

An illustration picture shows a projection of text on the face of a woman in Berlin

SAN FRANCISCO (Reuters) – Pakistan, Indonesia, the Palestinian territories, Bangladesh, and Nepal attract the highest rates of attempted malware attacks, according to Microsoft Corp.

Countries that attracted the fewest include Japan, Finland, Norway and Sweden, Microsoft said in a new study, based on sensors in systems running Microsoft anti-malware software.

“We look at north of 10 million attacks on identities every day,” said Microsoft manager Alex Weinert, although attacks do not always succeed.

About half of all attacks originate in Asia and one-fifth in Latin America.

Millions occur each year when the attacker has valid credentials, Microsoft said, meaning the attacker knows a user’s login and password. A technology known as machine learning can often detect those attacks by looking for data points such as whether the location of the user is familiar.

On average, 240 days elapse between a security breach in a computer system and detection of that breach, said Tim Rains, director of security at Microsoft. The study, Microsoft Security Intelligence report, comes out Thursday.

(This story corrects headline to Indonesia, not India)

(Reporting by Sarah McBride; Editing by David Gregorio)

Wall St. flat as earnings fail to excite investors

Wall Street

By Abhiram Nandakumar

(Reuters) – U.S. stock indexes were flat on Friday after poor quarterly reports from technology bellwethers Microsoft and Alphabet outweighed gains from steadying oil prices.

Microsoft was the biggest drag on all three major indexes.

Crude rose about 1 percent on signs of strong gasoline consumption in the United States. [O/R]

With recent economic data indicating a sluggish pace of economic growth globally and crude prices hovering near five-month highs, earnings have become a swing factor for stocks.

The S&P 500 has staged a sharp recovery from a steep selloff earlier this year and is inching toward its all-time high, helped by a recent rebound in oil, a cautious Federal Reserve and companies beating tempered expectations.

The index is up half a percent for the week, having posted gains on the first three days.

“We’re back to the every other day theory, bouncing around a little, but I don’t see too strong a sentiment either way,” said Scott Brown, chief economist at Raymond James in St. Petersburg, Florida.

“It’s still a very cautious environment,” Brown said, adding that the negative tone from the quarterly reports were expected.

At 9:42 a.m. ET, the Dow Jones industrial average was up 11.91 points, or 0.07 percent, at 17,994.43, the S&P 500 was down 1.52 points, or 0.07 percent, at 2,089.96 and the Nasdaq Composite was down 35.84 points, or 0.72 percent, at 4,910.05.

Eight of the 10 major S&P sectors were higher, but the index was under pressure by a 1.4 percent decline in the technology sector

Alphabet and Microsoft were down 3.7 and 6.5 percent respectively after both missed profit and revenue estimates.

S&P 500 companies are seen posting a 7.2 percent fall in first-quarter profit, according to Thomson Reuters I/B/E/S, and shares of companies failing to beat the already lowered expectations are getting hammered.

McDonald’s rose 0.7 percent to $126.63 after the company’s profit beat estimates.

General Electric was off 1.1 percent at $30.63 after it reported lower organic revenue.

Caterpillar shares were down 0.6 percent at $78.16 after its results.

Starbucks slipped 3 percent after missing sales expectations, while Visa was down 2.3 percent after it cut full-year revenue forecast.

Advancing issues outnumbered decliners on the NYSE by 1,885 to 761. On the Nasdaq, 1,460 issues rose and 740 fell.

The S&P 500 index showed six new 52-week highs and no new lows, while the Nasdaq recorded 19 new highs and six lows.

(Reporting by Abhiram Nandakumar in Bengaluru; Editing by Don Sebastian)

Syrian Electronic Army Makes Thanksgiving Cyber Attack

The Syrian Electronic Army decided to take American Thanksgiving and use it to remind the world they are still watching.

A number of major websites, including major media organizations, were targeted by the SEA.   Their websites were met with an error message that read “you’ve been hacked by the Syrian Electronic Army (SEA).”

Other websites featured nothing but the SEA logo.

Dell, Microsoft, Ferrari and even UNICEF were hit by the group.

“It is PR move to show they have the skills, but what they are doing is not dramatically sophisticated,” Ernest Hilbert, managing director of cybercrime at investigations firm Kroll, and former FBI agent, told CNBC, who had been a victim of the group.

“This is a defacement of a website and they redirected traffic from the real site to a site with their stuff on it instead.”

The SEA are a group of hackers that support the government of Bashir al-Assad and claim that western media outlets are backing the terrorist groups that have been fighting against the Syrian regime.

NSA Special Unit Targets “Tough” Hacks

The German news magazine Der Spiegel has released another story based on documents from fugitive NSA leaker Edward Snowden claiming the National Security Agency has a unit dedicated to hacking “tough” systems.

Systems like the Microsoft automatic software reporting system installed on every Windows based computer in the world.

The division is called Tailored Access Operations or TAO.  The team is described as “an elite team of hackers” that specialize in stealing data from targets that the NSA defines as the toughest to crack.

The TAO’s mission was “Getting the Ungettable.”

The group reportedly had “James Bond-like” equipment to complete missions such as computer monitor cables that would record anything typed on a screen, USB sticks with micro radio transmitters and fake base stations that would intercept mobile phone signals.

Microsoft said they do not supply information to intelligence sources and did not comment on the leaked document’s claim the NSA hacked the company’s reporting system.

Cybercriminals Target PC Computers Before They Leave The Factory

A study funded by Microsoft has discovered many new computers with malware that was installed at the factory allowing cybercriminals the opportunity to steal information from a computer from its first use.

The information comes in a release about the company’s investigation into the Nitol virus network. The virus allows criminals to steal personal information allowing them to access online bank accounts and transfer the available funds to untraceable accounts in offshore banks. Continue reading