In a worrying trend, oil facilities in Germany, Belgium and the Netherlands have all recently been targeted by cyber-attacks.

Germany

The attack on German oil, vehicle fuel and petroleum products company Oiltanking Deutschland GmbH & Co. KG happened just over a week ago. Some reports have suggested that the company’s systems were hit by ransomware, thereby seriously limiting capacity. Also, the German oil company ‘Mabanaft’ was the victim of an attack on its production systems.

Belgium

In Belgium too, the day before the German attack, SEA-Invest terminals including the company’s largest in Antwerp (called SEA-Tank), were hit by a cyber-attack. The attack also affected every European port run by SEA-Invest, as well as ports in Africa.

The Netherlands

In the Netherlands, gas, and oil storage company Evos was also targeted resulting in the IT services at its Terneuzen terminal being disrupted, causing delays in operations.

Disruptive

Attacks on oil companies can be extremely disruptive and costly. For example, American oil pipeline company Colonial Pipeline Co. was hit by a ransomware attack last April that resulted in Colonial paying hackers a $4.4 million ransom. The hackers are believed to have been affiliates of the Russia-linked cybercrime group ‘DarkSide’ who also stole nearly 100 gigabytes of data in the attack.

Investigations revealed that the attackers gained access using the login details of a VPN account that were part of a batch of leaked passwords on the dark web. The account didn’t use multifactor authentication, which meant that the hackers could breach the network using just a compromised username and password!

Costly

It’s estimated that it typically costs between 650,000 and 1.5+ million euros for organisations, such as oil companies, to recover from a big ransomware attack

Linked / Coincidence?

Although it has not yet been conclusively proven who was behind the attacks, or whether they were linked, some commentators have noted that the timing, with Russia threatening to close its oil pipelines to Europe over the crisis in Ukraine, may be more than a coincidence. Some have also noted that with Germany being a major European consumer of Russian fuel, an attack of this kind could act as a way to pressure Germany.

What Does This Mean For Your Business?

The situation between Russia and Ukraine led to warnings last week that US and European businesses needed to prepare themselves for possible Russian-based cyber-attacks. Russia currently supplies around 35 percent of the European Union’s natural gas (with Germany buying the most) and exports most of its crude oil to Europe. It is perhaps not surprising, therefore, that coupled with the threat of shutting off the gas pipeline, Russia could (if they were behind the attacks) apply more pressure and create huge disruption to multiple businesses along many supply chains in many different countries. One important thing about these and similar attacks (e.g., the Colonial Pipeline Co attack) is that it can take something as small one set of stolen login details (and no 2FA) and/or an old account that hasn’t been shut down to cause untold damage to a business of any size. A chain is only as strong as its weakest link and with more attacks likely, now would be a good time for businesses and organisations to tighten-up on basic security measures and remind staff of the threats and best practice (policy) to deal with them e.g., have strong passwords changed regularly, no password sharing and ensuring nobody clicks on unknown links in emails, to name but a few.

According to new research by a Microsoft program manager, it could take as long as 8 hours, connected to the Internet, for devices to fully download Microsoft updates.

The Update Challenge – Time

A blog post in Microsoft’s Tech Community by program manager David Guyer, highlighted how one important challenge for Microsoft is trying to understand why Windows devices are not always fully up to date. Mr Guyer’s research found that the answer may be that devices which aren’t connected for enough time may be very unlikely to successfully update.

Update Connectivity – 8 Hours In Total

According to Mr Guyer’s research, the measurement of “Update Connectivity: the time (in hours) that a device is powered on and also connected to Microsoft services” is vital in ensuring that updates are fully and properly delivered. The research data indicates that “devices need a minimum of two continuous connected hours, and six total connected hours after an update is released to reliably update. ”

Why?

The research showed that the reasons why this amount of ‘Update Connectivity’ is needed is because this will fully allow for a successful download and background installations that are able to restart or resume once a device is active and connected.

The Challenges To Update Connectivity Time

Businesses and organisations may, however, be facing a number of challenges when it comes to fully updating their devices and achieving the right amount of ‘Update Connectivity’ time. These challenges include:

– Around half of devices that are not on a serviced build of Windows 10 don’t currently meet the minimum Update Connectivity measurement.

– Around one-quarter of Windows 10 devices on a serviced build but have security updates that are more than 60 days out of date, have less than the minimum Update Connectivity.

– Device-specific issues may affect how thoroughly they are updated.

– The device owner may power their devices off overnight so that updates can’t download and install properly.

– In the light of this research, devices with insufficient Update Connectivity could, therefore, pose a security risk (because they may not be updated properly).

– Some power settings and related policies can stop updates from occurring outside active hours.

What To Do

According to David Guyer, measures businesses could take to tackle these challenges include:

– Encourage device owners to leave their devices plugged in and connected overnight so that updates can download and install properly.

– Read about and consider using the Windows 10 Update Baseline set of tools. These provide recommended power settings that can provide the right balance of power savings while also enabling devices to keep up with the latest security updates – see https://www.microsoft.com/en-us/download/details.aspx?id=101056

– Look at possibly taking action to improve update compliance in devices that don’t have sufficient Update Connectivity.

– Filter out devices that are known not have the minimum Update Connectivity from success metrics, thereby improving the true measure of device deployment success.

What Does This Mean For Your Business?

This research offers the ‘Update Connectivity’ idea as a way to understand why some devices are not updating successfully, as well as a way to better measure deployment success. If Update Connectivity and the figure of 8 hours to deliver Windows updates successfully are to be accepted as accurate, this could mean that many businesses may be unwittingly operating with devices that actually pose a security risk. Businesses may wish to adopt some of the measures suggested by David Guyer to be absolutely sure that updates have the best chance of being successfully installed in full, thereby closing what may now be a known security risk. The research may also prompt businesses to review the quality of devices being used by staff, and how policies can be changed and communicated to ensure that staff allow enough Update Connectivity time e.g., leave devices connected overnight.

In this article, we look at what disposable email addresses are, their benefits and disadvantages, and we look at a few examples of disposable email address services.

What Are Disposable Email Addresses?

Disposable / temporary email addresses (DEA), also known as ‘burner’ email addresses, are (mostly free) services that allow the user to set up and generate email addresses and email aliases and, in some cases, associated domain names. The reason that they are temporary is that, depending on the email service, the email addresses, and the mails received in the inbox (and domains) are deleted within specified brief time period. DEAs allow users to keep their real email address secret.

Types

Technically, there several types of email that could be described a ‘disposable,’ which are:

– Aliases. These alternate forms of a user’s email address can be created within many popular accounts e.g., Gmail.

– Forwarding accounts. These use a separate domain and, as the name suggests, forward emails to a user’s account.

– A non-forwarding, one-time use, temporary email address that becomes unavailable after a period of time. This is the type of DEA that this article will be focusing on because it is truly disposable.

Why? A Way To Reduce Spam

The popularity of DEAs has been driven by the need to reduce the amount of spam that now clogs-up many email boxes. Too much spam wastes time, can be frustrating, and makes it difficult to find important emails. Using disposable email addresses to sign-up and receive something that a person wants (e.g., a download access to information), means that they don’t have to receive countless more follow-up emails and offers from that company.

Benefits

Other important benefits that the use of DEAs bring to the user include:

– Control. Spam emails, and emails from legitimate sign-ups where their marketing emails are frequent and where a user may not have time to go through and unsubscribe can mean inboxes soon fill up. DEAs provide a way to take more control.

– Maintaining Privacy and Security. It is possible that some sites that users sign-up to/register with may be hacked and the email addresses (and other personal data) stolen. Using a DEA means that even if there is a hack, the user’s real email address is not used for other attacks e.g., phishing, or sold to other hackers. Also, using a DEA offers greater privacy.

– Identification and traceability. Setting up one disposable email address per service that a user signs-up to can help to identify the source of any spam by identifying the service that sells email addresses or leaks them. The associated DEA can then be deleted to stop the flow of spam.

– Ease of management and convenience. DEAs are easy and fast to set up, can be completely outsourced, are operated from easy-to-use dashboards, don’t require extra software or hardware, and don’t interfere with a user’s existing email infrastructure.

– The ability to ‘cherry pick.’ Using DEAs, users can sign up for the good parts of offers e.g., rewards or special offers, and avoid the bad parts i.e., the marketing follow-ups that are not relevant.

– The ability to test the nature of a service. Signing up to a new, untried service with a DEA can allow the user to assess the nature of that service e.g., whether they immediately send out lots of junk emails.

– Anonymity. There may be some occasions where users want to make a point, comment, or send a message of importance but, for whatever reason, remain anonymous.

– Flexibility, scope, and scalability. DEA services can offer generous or no limits on the number of disposable email addresses per account and the size of incoming and outgoing messages, and the user can set up and delete email addresses for multiple services as and when required.

Disadvantages

There are, of course, some drawbacks of DEAs. These include:

– They are great for end-users but can be damaging and create work and costs for marketers. Those businesses receiving sign-ups using DEAs have problems such as difficulties converting trial customers, skewed churn-rate figures and analytics, and possible backlisting from the bounced emails sent back to DEAs that don’t exist anymore. DEAs also enable a marketer’s offers (and trust) to be abused and can mean extra wasted costs in trying to identify and verify addresses and clean lists.

– There may be a security risk for DEA users e.g., emails passing through free services may be readable to others, and/or users may have access to a pool of addresses that others can see the inbox for.

– Emails from a DEA service may be blacklisted so that users can’t sign up to services with email addresses using their domain.

Examples of Disposable Email Address Services

Examples of DEA services include:

GuerrillaMail – An open source, basic looking service that allows the creation of email addresses with nine domain names. There’s no registration, and email addresses last an hour. https://www.guerrillamail.com/ .

Mailinator – This offers a offers a 100 per cent free, public disposable email system where users can choose any address @mailinator.com (scroll down the home page to find the link). https://www.mailinator.com/.

Air Mail –  Auto generated email address which gets changed every 10 seconds. Mailboxes are not deleted and can be used for as long as the domain is active so users can read their inbox via a browser at a later time using a unique URL. http://getairmail.com/.

10 Minute Mail – Just like the name suggests. Users can set up a temporary e-mail address and any e-mails sent to that address show up automatically on the web page. They can be read, clicked-on, and replied to, but the-mail address expires after 10 minutes. http://10minutemail.com/ .

YOPmail – This free service allows users to use ‘any-name-of-your-choice’@YOPmail.com, sign up anywhere, and there’s a disposable inbox where messages are kept for 8 days. Users can also manually remove them. http://www.yopmail.com/.

EmailOnDeck – Free service where temporary email addresses normally expire after more than an hour, but within a day. https://www.emailondeck.com/

What Does This Mean For Your Business?

For DEA users, these email addresses can represent a practical, low cost (often free), way to tackle spam and a clogged inbox as well as offering security and privacy benefits. For businesses operating their own marketing, however, sign-ups and offer take-ups with disposable email can create real challenges, skew analytics and figures, create more work, and even lead to problems like being blacklisted. DEAs, therefore, are more beneficial to end users than businesses/marketers. That said, it is possible to see why they have now become popular, and are one of many valued spam tackling tools and services.

In this tech insight, we look at what Chrome extensions are and how to access them, then we look at 10 examples of popular and useful Chrome extensions.

What Are Chrome Extensions?

Extensions for Google’s Chrome browser are software programs, built using technologies like HTML, CSS, and JavaScript that give Chrome more functionality and enable the user to customise their Chrome browsing experience.

Adding Extensions

Chrome users can add extensions by visiting the Chrome Web Store, finding and selecting the extension they want, and clicking on ‘Add to Chrome.’ It is worth noting that even though they are in the Chrome Store, there may still be a security risk from extensions and users should only approve extensions that they trust.

10 Top Chrome Extensions

Here are 10 examples of popular Chrome extensions and what they do:

1. Sidebar

The ‘Sidebar’ apps and bookmark manager extension puts a user’s bookmarks on the side of the screen. This convenient arrangement means that users can much more easily and quickly organise the websites they want to save without having to open a new tab. It can also help users to cut down on the bookmarks that they probably no longer need, thereby saving time in accessing the important ones.

2. Grammarly

Grammarly, as the name suggests, is a writing assistant that offers more than the usual spellcheck. Grammarly helps users to improve the quality of their writing and content by helping to spot and eliminate writing errors and find better words to express what users are trying to say. This extension also gives real-time feedback on Gmail, Google Docs, Twitter, LinkedIn and other programs and platforms, making it a very flexible tool.

3. Email Finder

The Email Finder extension offers a fast and convenient way to build leads and gather business contact information. Email Finder allows the user to find and instantly check and verify all email addresses associated with a domain.

4. GMass

The ‘GMass’ extension is an easy mass email and mail merge system for Gmail. It allows personalisation, scheduling, and tracks opens and clicks. This means that it could be a valuable, easy to access email marketing tool.

5. MozBar

MozBar is a handy SEO toolbar extension that provides users with instant metrics while viewing any page or SERP. The value is that users can quickly assess the SEO aspects of their own and competitors’ web pages (SEO, Page Authority and Domain Authority), as well as being able to quickly compare link metrics across pages in the SERPs, which can all give SEO pointers that could improve the user’s own search engine rankings.

6. vidIQ Vision for YouTube

The ‘vidIQ Vision for YouTube’ extension gives users fast insights and real-time analytics for the performance of their YouTube channel. This enables users to optimise and stay on top of the management of a YouTube channel, something which is often forgotten and left in the background by many businesses.

7. WhatFont

WhatFont is a handy and helpful extension for web designers, marketers, and developers because it identifies the font on a web page, html font size, colour, and font family.

8. Awesome Screenshot & Screen Recorder

The ‘Awesome Screenshot & Screen Recorder’ extension is a screen recorder and screen capture and annotation tool that’s good for remote work. It is ad-free, easy to use, and can help with all kinds of situations such as the need to develop teaching materials/tutorials, or even reporting technical issues.

9. Lastpass

LastPass is an award-winning password manager which the saves the user’s passwords and gives the user secure access from every computer and mobile device. LastPass is a very convenient and time-saving extension because it saves all passwords, addresses, credit cards and more in a secure vault, and automatically fills in the information when it is needed.

10. HTTPS Everywhere

HTTPS Everywhere protects users from issues such as surveillance and account hijacking while browsing by automatically switching thousands of sites from insecure “http” to secure “https”. The extension was created by EFF and the Tor Project, both of which are associated with anonymity and privacy technologies.

What Does This Mean For Your Business?

Chrome is by far the most popular web browser and it makes sense to use the many already existing extensions available to help tackle business challenges more quickly and efficiently and improve productivity. Some caution is needed to minimise the chances of compromising security when choosing extension(s i.e., by only downloading ones that are/look as though they must be trustworthy). Extensions are handy, can add value, and can save costs when compared to buying programs that provide similar functions where all the features would not be used anyway.

Enterprise security company, Proofpoint, has warned that cyber criminals have found a way to beat multi-factor authentication by using phish kits. The kits leverage transparent reverse proxy, enabling them to man-in-the-middle (MitM) a browser session, steal the multi-factor authentication tokens, and bypass this trusted layer of security.