Radio Cloud Native - Week of March 2, 2022

Every Thursday, Nick Chase and Eric Gregory from Mirantis go over the week’s cloud native and industry news. This week is the debut of the name of the series, Radio Cloud Native!

You can watch the full replay here. (You’ll just need to register.)

1. The latest news in the world of security
2. The impact of the War in Ukraine on security
3. 5G Edge
4. Miscellaneous topics
5. "Whack-a-Doodle"

Nick Chase: Welcome to Radio Cloud Native! I'm Nick Chase. My usual co-host, Eric Gregory, is out today, but our producer, Nocnica Fee, is standing in. Hi, Nocnica!

So today we've got mostly security news, some edge and 5G news from MWC, and a few other miscellaneous things.

The latest news in the world of security

Starting in the Eternal Security Corner, IBM X-Force is reporting that ransomware vendors have been adapting to businesses moving to the cloud. sdxCentral quotes Charles DeBeck, senior cyber threat intelligence analyst at IBM Security X-Force as saying that “Organizations are continuing to move into cloud environments … threat actors are aware of this shift and are shifting in the same way.” They note a 146% increase in Linux ransomware with new code, and deBeck adds that “We saw a whole host of new Docker-focused malware from botnets, to crypto miners, to other malware strains that are effective at taking advantage of Docker environments.” Suggestions for addressing these threads include penetration testing, a zero-trust architecture, and of course we at Mirantis always recommend ensuring that you have a secure software supply chain that includes a secure container image registry such as Mirantis Secure Registry.

If you're interested in penetration testing, Kali Linux 2022.1 has just been released. This Linux distro includes all of the tools you need for banging on your environment to see what rattles loose and is available for download for either bare metal or VirtualBox environments.

Another component of your security posture is of course your firewall, and if you're using a Cisco Firepower Firewall, you need to get on the stick, because Cisco has issued a field notice that Cisco Talos Security Intelligence Updates Might Fail After March 5, 2022 due to the decommissioning of the existing SSL certificate authority (CA) used to sign certificates for Talos security intelligence updates. To solve this problem you do NOT need to update your device, but you do need to update your software and certificates. Check out the field notice at the URL in the comments for more instructions.

And speaking of devices, security researchers are reporting that Samsung's implementation of Arm's Trust Zone Operating System inadvertently enables the extraction of private keys, meaning that somewhere in the neighborhood of 100 million devices may have been shipped with flawed encryption. Specifically we're talking about Galaxy S8, S9, S10, S20, and S21 phones, which have subsequently been patched.

But it just goes to show how difficult it can be to keep communications secure, as users of the EncroChat encrypted phone can tell you. Apparently the device was widely used by organized crime, unaware that a joint law enforcement task force from France and the Netherlands had figured out how to plant malware on the device. According to The Register, the malware would then pluck desired data out of the phone's RAM after the user hit "send", thereby getting around EU legislation preventing the tapping of data that was actually being transmitted. The result has been hundreds of guilty pleas.

Also in the “you never know who you're talking to" department, the United States Federal Bureau of Investigation is reporting an increase of fraud that takes place in virtual meeting rooms, such as Zoom chats, in which bad actors convince company employees to provide information or, more worryingly, transfer funds by impersonating a higherup such as the CFO or CEO. It works like this: The scammer gains access to the virtual meeting room, be it a Zoom call or Google Meet, or I suppose this would work even in the Metaverse. They have their camera off, but they've got a still of the person they're impersonating. They may also claim to be having audio or connection issues and use the chat to make the target request. Note that even insisting on hearing their voice may not solve the problem, as deepfake audio is now a real thing, and for the right amount of money, even deepfake video might be an option. So as always, if a request seems strange, always, always, ALWAYS check it out before taking action.

Finally, if you're thinking about how to better incorporate security into your everyday work, the Cloud Security Alliance has published a new report called DevSecOps - Pillar 4 Bridging Compliance and Development, which, “provides guidance to ensure the gap between compliance and development is addressed by recognizing compliance objectives, translating them to appropriate security measures, and identifying inflection points within the software development lifecycle where these controls can be embedded, automated, measured, and tested in a transparent and easily understood way.”

The impact of the War in Ukraine on security

And of course we can't talk about security without talking about the biggest security story possibly of our lifetimes, and I'm sure we can all guess what that is. If you're worried that the War in Ukraine means an increased chance that you're going to be hit with some sort of cyberattack, you're right. Cyberattacks attributed to Russia have been on the increase for the last year or so, and there's no reason to think that's going to stop any time soon.

According to The Register, "Britain's National Cyber Security Centre (NCSC) warned of a new malware strain dubbed Cyclops Blink, operated by the Sandworm threat actor," noting that "Sandworm is the industry nickname for the Russian GRU intelligence agency's tech offshoot, its Main Centre for Special Technologies." It's important to note that "Cyclops Blink appears to be a replacement framework for the VPNFilter malware exposed in 2018, which exploited network devices, primarily small office/home office (SOHO) routers, and network attached storage (NAS) devices," warned NCSC.

So what can you do? Mostly it's the basics such as making sure you're using multi-factor authentication, keeping your firewalls up to date, and so on, but there are some nuances, such as making sure to watch not just incoming traffic, but also outgoing traffic to make sure applications or devices aren't phoning home for instructions, or sending your sweet, sweet data to somewhere you really don't want it to be. The New Stack has a good list of some of the first things you should think about, and we'll add that link to the comments.

Even before the actual invasion of Ukraine, Ukraine was experiencing cyberattacks, such as the Distributed Denial of Service that hit government websites on February 15. That attack was attributed to the Russian Main Intelligence Directorate, or GRU, but more recently, during the first few days of the attack on the country, hundreds of machines were compromised by malware called HermeticWiper, which uses ransomware as a decoy. TechTarget reports that HermeticWiper is similar to infections targeting the country in January. In that case it was malware known as WhisperGate, which "appears as ransomware before destroying user data regardless of whether the victim attempts to pay or not."

And in fact there is an additional wiper that was just discovered on February 24, so this is apparently not going to stop.

Unsurprisingly, parts of Ukraine have been suffering from internet outages, so–and I am not making this up–the Vice Prime Minister and Minister of Digital Transformation of Ukraine, Mykhailo Federovl, tweeted at Elon Musk, the founder and CEO and SpaceX founder, asking him to “provide Ukraine with Starlink stations and to address sane Russians to stand.” Musk responded several hours later that the satellite internet service was “now active in Ukraine. More terminals en route.”

And in yet another sign that this is not your grandfather's potential world war, Reuters reports that "the government of Ukraine is asking for volunteers from the country's hacker underground to help protect critical infrastructure and conduct cyber spying missions against Russian troops, according to two people involved in the project." According to the news agency, hundreds of volunteers have presented themselves for the job and were being vetted to ensure that none were Russian agents.

Meanwhile, the Russian government is telling operators inside the country to treat disruptions as an attack, and while that's probably accurate, that attack might not be coming from Ukraine, or from any other government, for that matter.

On February 27 the hacker group Anonymous claimed that it had taken down more than 300 Russian government, state media, and bank websites, and while that sounds relatively harmless, the group also claimed to have hacked into a gas control system in Nogir, North Ossetia, changing data and almost causing a major explosion. According to Homeland Security Today, the group said that “We changed the dates and almost make its gas pressure become so high to turn into fireworks! Luckily we didn’t because of a fast-acting human controller.”

So despite the fact that we often take a lighthearted approach to the news on this show, this is no joke. None of it.

So if you're out of harm's way for now, take a moment to go to the US Government's Cybersecurity and Infrastructure Security Agency's list of free cybersecurity services and tools and make sure your systems, at least, are not vulnerable.

And if you're not out of harm's way, please know that we're with you.

5G Edge

Actually, if you're not out of harm's way, why in G-d's name are you watching this show? Go ... go take care of yourself, we'll be here when you come back. In the meantime, the rest of us are going to talk about Edge computing and 5G. We'll have a more complete look at Mobile World Congress next week, but we do have some news today.

OK, let's start with the new forecast from STL Partners, a London based Telecoms Consultancy, which estimates that 55 of the leading telco operators will build approximately 1,500 network edge sites by 2025. They estimate that while most telecoms operators have been deploying 2-3 edge data centers in their first year, with some exceptions such as Cox and Verizon, who already have over 10 sites in the US, there will be an inflection point in 2023 when more telcos will have deployed 5G (standalone core) and the early majority starts to launch their edges. In addition, they believe that while most network edge data centers in 2021 are in North America, there will be a shift in focus to Asia, which will contribute 53% of total edge capacity.

Ericsson has announced the launch of Edge Exposure Server, which makes network capabilities, such as quality of service and location, available. According to IT-Online, the idea is to let developers create services "quickly and with limited system integration efforts. The APIs will initially include device information and location and quality of services functions." It also includes edge application discovery, so devices can connect to the proper edge location, as well as addressing monetisation. Monica Zethzon, head of solution area packet core at Ericsson, is quoted as saying: “With the launch of the Edge Exposure Server, we will further support CSPs to be part in delivering new enterprise and consumer services like drones, AR/VR and gaming while maximizing the quality of experience.”

Meanwhile, AT&T has announced the launch of AT&T Private 5G Edge, which provides the "ability to roam beyond the geographical boundaries of the AT&T private network and still stay connected through the AT&T public network." The service is under development with Microsoft, and uses Azure private MEC to "help deploy these private wireless networks rapidly across radio spectrums, including CBRS."

Hewlett Packard Enterprise has also announced a Private 5G service, available under its Greenlake pricing model, which is based on consumption. According to The Register, the service is an evolution of the HPE 5G Core Stack which HPE introduced in 2020, with the addition of the ability to integrate with Wi-Fi networks and pre-integration with 5G radio access network (RAN) equipment from vendors, enabling a full 5G core to be deployed on a customer site.

Verizon announced that asset investment firm BlackRock will be its first customer for, you guessed it, Private 5G. The deal brings secure 5G Ultra Wideband connectivity to areas of BlackRock’s brand new Hudson Yards facility where high speed and low latency can be put to optimal use, such as its trading floor, client-facing conference center, cutting edge auditorium, and meeting rooms.

I'm joking about it, but Verizon's actually been pretty busy on the 5G front. They also announced a partnership in which model year 2024 US Audis will come pre-equipped with 5G-Ultra-Wideband, which will “enable advanced driving features, connected services, and blazing-fast in-car Wi-Fi and infotainment.” So I can't get Ultra-Wideband in my house, but there will be drivers who will be able to bring it with them driving by. [[[Sigh.]]]

And of course all of this 5G requires special hardware, and we're starting to see some of the teamups necessary. HPE announced that they were partnering with Qualcomm, saying that "this collaboration aims to address the demands of next-generation networks, simplify deployments and lower total cost of ownership (TCO) by delivering high-performance, O-RAN-compliant, energy-efficient, virtualized, cloud-native 5G solutions. Together, the companies aim to transform how networks are designed and next-generation services are delivered."

Dell also announced a teamup with Marvell. The Dell Open RAN Accelerator Card is a new in-line 5G Layer 1 processing card for vRAN and Open RAN solutions designed for Dell PowerEdge and other x86-based servers.

However, all is not rosy in 5G land. Apparently after all of the hubbub about whether 5G was going to interfere with airplane instrumentation, it appears that yes, in fact 5G does interfere with altimeters, which I think we can all agree is a Bad Thing, so maybe those 5G exclusion zones we talked about a couple of weeks ago weren't such a bad idea after all.

Miscellaneous topics

In other cloud news, Google is expanding its cloud presence in Latin America. The company began targeting verticals in the region last year, starting with retail, health, telecommunications, media and financial services, and has now created specific business units in Latin America for the utilities, agribusiness, manufacturing and logistics industries. Google has two regions in Latin America, one in Santiago, Chile and one in São Paulo, Brazil, and BNamericas reports that Google may be considering a new cloud region in Uruguay. The company has two undersea cables linking the US to South America.

Fierce Telecom reports that the United States Federal Communications Commission is looking for a way to shore up the security of the Border Gateway Protocol, or BGP, which is how the Internet directs traffic. Specifically, the Notice of Inquiry is looking for different ways in which traffic is vulnerable, as well as solutions for those issues. Obviously the situation is more critical at the moment, but this is not a new problem. According to the Mutually Agreed Norms for Routing Security (MANRS) initiative, which aims to improve the security of routing infrastructure, there were more than 700 traffic hijackings last year alone.

Finally, we got a surprise cloud-related guest for President Biden's State of the Union last night, as Intel CEO Pat Gelsinger was there to represent for the Chips Act, which will provide $52 billion in subsidies to promote semiconductor manufacturing in the US. Intel had previously said it would spend $20 billion to build a chip manufacturing plant in New Albany, outside Columbus, OH, but has said that they would up the investment to $100 billion. The bill provides about $3 billion in subsidies toward a $10 billion plant, and Gelsinger has said that the speed of investment was going to depend on when those subsidies arrive. The bill has been passed by both houses of Congress, but in slightly different forms, and the differences have yet to have been hashed out.

Of course if you listen to this show, or, in fact, if you pay attention to technology news at all, I probably don't have to tell you how important it's considered to resolve the fact that only 10% of chips consumed in the US are made here. Most of the rest are made in Taiwan and South Korea, and supply chains have been a serious issue–and it's an issue that once again, the invasion of Ukraine is not going to help, as the disruption of Noble gas supplies will add to chip manufacturing woes.

Intel has also announced that it will be manufacturing a more blockchain friendly chip called Bonanza Mine, a 7nm-node ASIC designed to maintain processing power while using a minimum amount of electric power. In announcing the chip, Gelsinger noted that a single Bitcoin ledger entry uses as much power as the average family does in a day.

Finally, Intel has also announced that it will be producing new Xeon chips specifically focused on Edge computing. According to The Register, the new Xeon D-1700 and D-2700 processors, codenamed Ice Lake D, are aimed at edge and 5G deployments, and feature a built-in 100Gbit Ethernet controller, plus support for Time Coordinated Computing (TCC) and Time Sensitive Networking (TSN).

Whack-a-Doodle

That's it for the news for today. Whack-a-doodle isn't much fun without Eric to torment, so I'll just leave you with just one positive item.

Today if you go to the website of Kind, the company that sells snack bars and such, you will find that the company doesn't want you to buy...snack bars. In fact, they want you to buy fresh fruit, vegetables, nuts, and such and to make the point, yesterday and today you can't buy their product on their website.

Russell Stokes, CEO of Kind North America, said, “We’re encouraging people to prioritize eating whole, fresh fruits, vegetables and nuts over all packaged products, including our own,” And to make the point, if you go to their website today you can buy a limited-edition box filled with fruit, nuts and seeds. Yummy. And I mean that seriously. Obviously they don't want you to NEVER buy their products, noting that they're a close second for when the real thing isn't an option but good for them.