Vodafone Direct Voice (ISDN30 DASS II, Q931e, Q931, Earth Calling and Local Loop Lines) End of Life – 31/07/2018
Following written notifications sent to customers on the 4th May 2018, the Vodafone Direct Voice service used alongside your telephone system to make and receive calls via DASS II, Q931e, Q931, Earth Calling and Local Loop technology becomes End of Life on the 31st July 2018. If you have a Direct Voice service provided by Daisy, via Vodafone or Cable and Wireless please ensure you contact your account manager or the Daisy support teams to discuss your options as soon as possible to avoid any loss of service.
Vodafone In-direct Access (IDA) End Of Life – 06/04/2018
Following written notifications sent to customers on the 26th February 2018, the Vodafone In-Direct Access (IDA) service used to route outgoing calls becomes End Of Life on the 6th April 2018 (previously 31st March 2018). IDA is a service which allows outgoing calls to be prefixed with a 3 or 4 digit code to allow calls to route via an alternative provider to the one providing the lines to a site. This service is also known as Least Cost Routing (LCR) and may have been used to provide DDI billing or for home workers. It is likely, that currently, your telephone system or equipment is programmed to automatically prefix outgoing calls with the IDA Code (e.g 132 or 162) so you can use this service.
If you have a telephone system or other telephony equipment the IDA programming needs to be removed to allow calls to continue automatically. PLEASE NOTE: when the IDA programming is removed the calls will be routed via and billed by your line provider (e.g. BT Retail).
Name of Threat
‘Spectre’ and ‘Meltdown’
CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754
To improve performance many processor models attempt to predict the data that the system may require and move it to temporary cache memory on the processor. The data in this cache is not fully protected and can potentially be exploited.
Speculative execution allows a processor to predict which instructions will be executed next and fetch these from memory. The instructions are stored on the processor cache ready for use. If the processor incorrectly fetches instructions they should discard them but often do not completely remove them from the cache. Manipulating this feature, it is possible to create a code to deliberately trick the processor to call sensitive information from memory into the cache and potentially access the data.
Daisy has categorised the current risk level as MEDIUM based upon the impact and likelihood of impact as depicted in the matrix below. The risk level was calculated by a combination of impact and likelihood of impact. In this case high impact coupled with low likelihood of impact produces a medium risk as per the following matrix:
Direct and persistent access to affected servers required. Daisy perimeter security restricts access to authorised users.Factors contributing to the decision to classify the likelihood of impact as LOW include the following:
- No known successful unauthorised exploits of these threats.
Factors contributing to the decision to classify the impact as HIGH include the following:
- Exploit can be used to obtain critical information.
Daisy will be taking the approach of patching hypervisors initially followed by virtual/physical machine operating systems. As hardware vendors release new firmware versions related to these vulnerabilities, Daisy will review and schedule upgrades accordingly.
For Daisy shared platforms the programme of maintenance to apply these patches at the Hypervisor level will commence this week. This work will take place under change control and will not be service affecting for customers. Customers with dedicated platforms managed by Daisy will be contacted to discuss the required remediation work.
In order to commence with patching the virtual/physical machine operating systems it is necessary to confirm compatibility with the anti-virus software installed on each machine. Anti-virus vendors are currently updating their products in order to ensure compatibility with the Microsoft patches and secondly to update specific registry settings which are required to allow the Microsoft patches to install. Daisy is monitoring this situation and will be confirming anti-virus product compatibility before commencing with virtual/physical machine operating system patching.
There have been reports of potential performance degradation following deployment of these patches, however advice from our vendors suggests that any performance degradation should not be significant and this correlates with testing undertaken by Daisy.
Recent severe weather conditions in parts of the UK have resulted in a spike in faults affecting lines and calls and broadband services. We have been informed by our infrastructure provider Openreach that faults in the following affected areas are subject to extended resolution times.
North East Scotland
Colchester & Ipswich
Swansea & West Wales
We apologise for any inconvenience caused through this period.
WannaCry Cyberattack Update
A huge amount of work is ongoing by our IT and security teams in the wake of the global ‘WannaCry’ ransomware attack which targeted the NHS.
Whilst there is no evidence that any Daisy customers were affected by the attack, we are taking several steps to provide the best possible protection.
A huge server patching operation is now underway, which will update and improve security for all of our customers and end users.
Specific and detailed messaging is being issued to those customers who require it, and our security and IT teams are working closely with our customer service teams to ensure an effective, joined-up approach.
Our Security Practice Director Nick Burrows has written an insightful and informative blog, which can be found here.
The relevant Microsoft Security Bulletin is here:
Update on alleged China-based hacking investigation
Further to the recent notification regarding the APT10 hacking group, vendors for the technical security controls protecting the Daisy environment from cyber threats have each confirmed they are aware of the developing situation and their respective platforms and/or threat intelligence feeds have been, and will continue to be, updated to detect and block APT10 indicators.
Furthermore, analysis of our mail and firewall log data has revealed no past breaches relating to APT10 indicators.
We can also reconfirm we are NOT among the service providers the UK National Cyber Security Centre (NCSC) has contacted as having been breached.
ALLEGED CHINA-BASED HACKING INVESTIGATION
A government investigation has this week revealed that China-based criminal hackers have been targeting UK businesses for the past year – in some cases breaching security and accessing data.
The UK National Cyber Security Centre (NCSC) is now working closely with businesses it believes have been targeted.
The investigation’s findings – which have been reported in the media – reveal that the group responsible is called APT10, and that it has used custom malware and spear phishing techniques to target managed outsourced IT service companies as a ‘stepping stone’ into customers’ systems.
It is important to understand that we have robust security measures in place to defend against cyber attack, and that, to date, the NCSC has NOT confirmed that we have suffered a breach.
Our security technical controls each have a respective dynamic threat intelligence subscription, so we’re requesting vendors confirm their feeds have been updated to identify and block APT10 indicators and to make any configuration recommendations. This includes from Cisco, Arbor, Microsoft, McAfee, Palo Alto, Trend & Mimecast.
Further to this, we are today reviewing our internal monitoring processes to determine if any additional mitigation is possible.
Our security audit partner, NCC Group, who have been working with the NCSC on this for a few weeks now alongside PwC and BAE, are qualifying these activities to provide additional assurance that we are covering all bases.
We trust this instils confidence that we are taking the appropriate steps to ensure the protection of our network and our customer environments, however please do not hesitate to get in touch for further information.