Major Service Outage – Broadband Outage

26/09/2018

15:20 Latest

We are pleased to advise the outage is now resolved and the supplier has confirmed full closure. If you are still experiencing any issues with your Broadband service, please contact the Incident Management team on 03333200999.

We apologise for the inconvenience caused.

14:30 Latest

We continue to see more connections come back online with a very small number of customers still impacted. Our Technical teams are now engaging with our customers to assist on these connections still showing offline. We apologise for the inconvenience caused.

Next update to be 16:00

 

13:30 Latest

We can see some Broadband connections are starting to come back online and service to be restored. No official confirmation from our supplier at this stage so we will keep the MSO open till we receive the official confirmation that all services have been restored. Daisy continue to work with supplier engineers. Next update 14:30

 

12:45pm – Latest

Daisy are aware of an outage impacting customers with Broadband in the Greater London area (0203,0207,0208). Customers will see a total loss of service on their Broadband connection. Supplier engineers are currently investigating.

Next update to be 14:00

 

11:30am

Daisy are aware of a major outage on the BT Wholesale network that seems to be affecting broadband connectivity in the south of England. The outage has been reported to BT Wholesale who are currently investigating.

We apologise for the inconvenience caused.

Next update at 12.45

HV.Select – UC Office Mobile and Tablet upgrade requirement

From Monday the 16th July we are updating our UC Office iOS and Android tablet and mobile applications with Call Recording, Battery Life and general app improvements. Please ensure you click the notification to update your app, if you choose not to update the application you may not be able to make and receive calls via the mobile and tablet application.

Vodafone Direct Voice (ISDN30 DASS II, Q931e, Q931, Earth Calling and Local Loop Lines) End of Life – 31/07/2018

Following written notifications sent to customers on the 4th May 2018, the Vodafone Direct Voice service used alongside your telephone system to make and receive calls via DASS II, Q931e, Q931, Earth Calling and Local Loop technology becomes End of Life on the 31st July 2018. If you have a Direct Voice service provided by Daisy, via Vodafone or Cable and Wireless please ensure you contact your account manager or the Daisy support teams to discuss your options as soon as possible to avoid any loss of service.

 

Vodafone In-direct Access (IDA) End Of Life – 06/04/2018

Following written notifications sent to customers on the 26th February 2018, the Vodafone In-Direct Access (IDA) service used to route outgoing calls becomes End Of Life on the 6th April 2018 (previously 31st March 2018). IDA is a service which allows outgoing calls to be prefixed with a 3 or 4 digit code to allow calls to route via an alternative provider to the one providing the lines to a site. This service is also known as Least Cost Routing (LCR) and may have been used to provide DDI billing or for home workers. It is likely, that currently, your telephone system or equipment is programmed to automatically prefix outgoing calls with the IDA Code (e.g 132 or 162) so you can use this service.

If you have a telephone system or other telephony equipment the IDA programming needs to be removed to allow calls to continue automatically. PLEASE NOTE: when the IDA programming is removed the calls will be routed via and billed by your line provider (e.g. BT Retail).

 

 

Name of Threat

‘Spectre’ and ‘Meltdown’

CVE References

CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754

Technical Summary

To improve performance many processor models attempt to predict the data that the system may require and move it to temporary cache memory on the processor. The data in this cache is not fully protected and can potentially be exploited.

Speculative execution allows a processor to predict which instructions will be executed next and fetch these from memory. The instructions are stored on the processor cache ready for use. If the processor incorrectly fetches instructions they should discard them but often do not completely remove them from the cache. Manipulating this feature, it is possible to create a code to deliberately trick the processor to call sensitive information from memory into the cache and potentially access the data.

Risk Analysis

Daisy has categorised the current risk level as MEDIUM based upon the impact and likelihood of impact as depicted in the matrix below. The risk level was calculated by a combination of impact and likelihood of impact. In this case high impact coupled with low likelihood of impact produces a medium risk as per the following matrix:

Direct and persistent access to affected servers required. Daisy perimeter security restricts access to authorised users.Factors contributing to the decision to classify the likelihood of impact as LOW include the following:

  • No known successful unauthorised exploits of these threats.

Factors contributing to the decision to classify the impact as HIGH include the following:

  • Exploit can be used to obtain critical information.

Mitigation Approach

Daisy will be taking the approach of patching hypervisors initially followed by virtual/physical machine operating systems. As hardware vendors release new firmware versions related to these vulnerabilities, Daisy will review and schedule upgrades accordingly.

For Daisy shared platforms the programme of maintenance to apply these patches at the Hypervisor level will commence this week. This work will take place under change control and will not be service affecting for customers. Customers with dedicated platforms managed by Daisy will be contacted to discuss the required remediation work.

In order to commence with patching the virtual/physical machine operating systems it is necessary to confirm compatibility with the anti-virus software installed on each machine. Anti-virus vendors are currently updating their products in order to ensure compatibility with the Microsoft patches and secondly to update specific registry settings which are required to allow the Microsoft patches to install. Daisy is monitoring this situation and will be confirming anti-virus product compatibility before commencing with virtual/physical machine operating system patching.

There have been reports of potential performance degradation following deployment of these patches, however advice from our vendors suggests that any performance degradation should not be significant and this correlates with testing undertaken by Daisy.

 

Service Disruption

Recent severe weather conditions in parts of the UK have resulted in a spike in faults affecting lines and calls and broadband services. We have been informed by our infrastructure provider Openreach that faults in the following affected areas are subject to extended resolution times.

 

North East Scotland

Exeter

Colchester & Ipswich

Swansea & West Wales

Hampshire

 

We apologise for any inconvenience caused through this period.

WannaCry Cyberattack Update

A huge amount of work is ongoing by our IT and security teams in the wake of the global ‘WannaCry’ ransomware attack which targeted the NHS.

Whilst there is no evidence that any Daisy customers were affected by the attack, we are taking several steps to provide the best possible protection.

A huge server patching operation is now underway, which will update and improve security for all of our customers and end users.

Specific and detailed messaging is being issued to those customers who require it, and our security and IT teams are working closely with our customer service teams to ensure an effective, joined-up approach.

Our Security Practice Director Nick Burrows has written an insightful and informative blog, which can be found here.

The relevant Microsoft Security Bulletin is here:

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

Update on alleged China-based hacking investigation

Further to the recent notification regarding the APT10 hacking group, vendors for the technical security controls protecting the Daisy environment from cyber threats have each confirmed they are aware of the developing situation and their respective platforms and/or threat intelligence feeds have been, and will continue to be, updated to detect and block APT10 indicators.

Furthermore, analysis of our mail and firewall log data has revealed no past breaches relating to APT10 indicators.

We can also reconfirm we are NOT among the service providers the UK National Cyber Security Centre (NCSC) has contacted as having been breached.

ALLEGED CHINA-BASED HACKING INVESTIGATION

A government investigation has this week revealed that China-based criminal hackers have been targeting UK businesses for the past year – in some cases breaching security and accessing data.

The UK National Cyber Security Centre (NCSC) is now working closely with businesses it believes have been targeted.

The investigation’s findings – which have been reported in the media – reveal that the group responsible is called APT10, and that it has used custom malware and spear phishing techniques to target managed outsourced IT service companies as a ‘stepping stone’ into customers’ systems.

It is important to understand that we have robust security measures in place to defend against cyber attack, and that, to date, the NCSC has NOT confirmed that we have suffered a breach.

Our security technical controls each have a respective dynamic threat intelligence subscription, so we’re requesting vendors confirm their feeds have been updated to identify and block APT10 indicators and to make any configuration recommendations. This includes from Cisco, Arbor, Microsoft, McAfee, Palo Alto, Trend & Mimecast.

Further to this, we are today reviewing our internal monitoring processes to determine if any additional mitigation is possible.

Our security audit partner, NCC Group, who have been working with the NCSC on this for a few weeks now alongside PwC and BAE, are qualifying these activities to provide additional assurance that we are covering all bases.

We trust this instils confidence that we are taking the appropriate steps to ensure the protection of our network and our customer environments, however please do not hesitate to get in touch for further information.