Sunday, 30 October 2022

Guide Share Europe Annual Conference 2022

If you work on mainframes and you live in the UK or western Europe, you won’t want to miss out on the UK’s premier mainframe conference and exhibition. It is, of course, The Guide Share Europe (GSE) UK Annual Conference. And it is taking place on 1-3 November at its regular home in Whittlebury Hall, Whittlebury, Near Towcester, Northamptonshire NN12 8QH, UK. This conference is going back to face-to-face meetings (plus the opportunity to catch up – and argue – with other mainframers in the bar in the evening). And this year’s strapline is “Mainframes are MAD – Modern, Adaptable, Diverse”.

This year, the Platinum Sponsors are BMC, Broadcom, and Vanguard Integrity Professionals. The Gold Sponsors are Enterprise Performance Strategies, Rocket Software, and Vertali. The Silver Sponsors are Beta Systems, CCA Software, DataKinetics, Ensono, IBA Group, MainTegrity, Micro Focus, SMT Data, Trident Services, and Velocity Software. This year’s exhibitors are Action Software, ColeSoft, Fitz Software, Interskill, Macro4, Planet Mainframe, TSG, and </mooody cow>.

Following a “Conference Opening” speech from GSE’s Mark Wilson in the Bentleys room at 9am on the Tuesday, there’s a keynote session entitled “40 years on – Looking back and looking forwards” from John Siddall, Director of Shared Technology Platforms and Service Delivery at Nationwide Building Society.

For the rest of Tuesday, there are then 16 streams, most with five sessions. The day ends with two keynotes.  Steve Wallin, Director of the CICS Portfolio at IBM UK’s presentation is entitled, “The future is bright – the future is mainframe”. He’ll share where IBM is going with mainframe software and hardware, how security and AI are an inclusive part of your hybrid journey, and introduce new to Z employees to share their experiences. Following that, IBM’s Lewis James’ presentation is entitled “Why at 18 I chose a career on a supposedly legacy platform, and it was the best decision I ever made”.

Wednesday starts with a keynote presentation from Greg Lotko, SVP and General Manager for Broadcom’s Mainframe Software Division. His presentation is entitled, “Plug into the Future of Infrastructure”, and looks at how an open mainframe plugs into REST interfaces to speed development, AI, and machine learning for automated remediation and a Zero Trust environment for protection from threats.

That’s followed by 16 streams with five sessions in each. The day ends with a keynote presentation from Glenn Anderson of GlennAndersonSpeaks. His presentation is entitled, “Energize Your Team’s Performance – Think Like an Improv Actor”. And that’s followed by the conference dinner.

Thursday starts with two keynote sessions. The first is from Mark Nelson, Senior Software Engineer with IBM’s z/OS Security Server Design and Development Team. His presentation is called, “Birds of a Feather – Resiliency is not an Accident”, and examines a very well-known non-IT incident that demonstrates several key factors in ‘being resilient’ and discusses how these can be a part of our systems and our careers.

That’s followed by a keynote from John McKenny, Senior Vice President and General Manager of Intelligent Z Optimization and Transformation (IZOT) for BMC Software. His keynote talk is entitled, “When Change is the Only Constant, Make It Your Advantage”, and, he says that being nimble in the face of change is a business imperative, and so is having a transformation plan that’s modern, adaptable, and diverse.

This is followed by the usual 16 streams with four sessions in each. The day ends with prize draws and the best speaker awards.

If you want to know what the session streams are available across the three days, they are: 101, 102, Application Development, CICS, DB2, IMS, Large Systems Working Group (LSWG), Mainframe Skills & Learning, MQ, Network Management Working Group (NNWG), New Technologies, Security Working Group, Storage, System Management, Women in IT, zP&C, and zVM & Linux on Z. There are currently over 180 sessions.

There are also a variety of lunch and learn sessions across the three days.

You can find out more details about the conference at https://conferences.gse.org.uk/2022/. And, if you’re on social media, the hashtags are #gseconf22 and #gseuk.

And if you’re still debating whether to go, let me recommend it to you. The quality of presentations is always excellent. And the networking opportunities are brilliant. There’s usually 500 or more people there. It would be a shame for you to miss it.

As a final incentive, you may be interested in a session at 2pm on the Tuesday. It’s called “Ransomware, gaps in SMF records, and detection options”, and it will be presented by me in the Melbourne room.

Sunday, 23 October 2022

The Arcati Mainframe Yearbook 2023

If you’ve not come across the Arcati Mainframe Yearbook before, it has been the de facto reference work for IT professionals working with z/OS (and its forerunner) systems since 2005. The Yearbook includes: an annual mainframe user survey; a mainframe strategy section with papers on mainframe trends and directions; an up-to-date directory of mainframe vendors, consultants, and service providers; a guide to useful sources of mainframe-related information; a glossary of terminology; and a mainframe evolution section. Each year, the Yearbook is downloaded by over 21,000 mainframe professionals. The current issue is still available at https://itech-ed.com/arcati/.

So, very shortly, many mainframe professionals will receive an email telling them that we have started work on the 2023 edition of the Arcati Mainframe Yearbook. If you don’t hear from us, then email arcati@itech-ed.com and we will add you to our mailing list.

One of the things that the Yearbook is well-known for is its inciteful user survey. All mainframers are invited to complete the user survey by Friday 25 November. Everyone who does complete the survey will receive a FREE PDF copy of the survey results in January, in advance of the publication of the full Yearbook. This year's annual survey can be found at https://itech-ed.com/AMY23/usersurvey23/. The identity and company information of all respondents is treated in confidence and will never be divulged to third parties. And any comments made by respondents will be anonymized before publication. If you’re in a Zoom or Teams call with mainframers from other sites, or if you attend user group meetings or conferences, or just hang out with mainframers from other sites, please pass on the word about this survey. We’re hoping that this year’s user survey will be the most comprehensive survey ever. The more users who complete the survey, the more accurate a picture of what's happening in the mainframe world we can produce, and therefore the more useful the survey report will be. Current estimates suggest that there are somewhere around 3,000 mainframes in use world-wide.

Anyone reading this who works for a vendor, consultant, or service provider, can ensure their company gets a FREE entry in the vendor directory section by completing the form, which is at https://itech-ed.com/AMY23/vendorentry/. This form can also be used to amend last year’s entry.

Also, as in previous years, there is an opportunity for organizations to sponsor the Yearbook or take out a half-page advertisement. Half-page adverts (5.5in x 8.5in max landscape) costs $990 (that's UK£890 or €985 Euros). To put that cost into perspective: for every dollar you spend on an advert, you reach around 25 mainframe professionals.

Sponsors get a full-page advert (11in x 8.5in) in the Yearbook; inclusion of a corporate paper in the Mainframe Strategy section of the Yearbook; and a logo/link on the Yearbook download page on the iTech-Ed website. All this for just $2590 (that's UK£2200 or €2560 Euros). To put that cost into perspective: for every dollar you spend on sponsorship, you reach around 9 mainframe professionals.

Last year’s sponsors and advertisers were: Broadcom Mainframe Software Division, Model9, Vanguard integrity Professionals, Action Software International, DataKinetics, Enterprise Systems Associates, Inc (ESAi), Fujitsu, Information Technology Company, Key Resources Inc, Tone Software, ZETALY.

Vendors, consultants, and service providers can let me know, either by email or by ticking the appropriate box at the end of the entry form (at itech-ed.com/AMY23/vendorentry/), whether they wish to advertise in or sponsor the Arcati Mainframe Yearbook 2023. All entries need to be with us by Friday 25 November.

Clearly, not an opportunity to be missed. The Arcati Mainframe Yearbook 2023 will be freely available for download in January next year. Let me thank, in advance, everyone who will help to make the new Yearbook such a success.

Find out more about iTech-Ed here.

Sunday, 16 October 2022

Triple extortion and IBM’s X-Force Threat Intelligence Index 2022

IBM Security X-Force, IBM’s in-house team of cybersecurity experts and remediators, produces a report each year looking at the most urgent security statistics and trends.

For the first time in five years, the report found that manufacturing outpaced finance and insurance in the number of cyberattacks levied against these industries, extending global supply chain woes. The report says that manufacturers have a low tolerance for downtime, and ransomware actors are capitalizing on operational stressors exacerbated by the pandemic. About 1 in 4 attacks on this sector were from ransomware.

In terms of statistics, 47% of attacks were vulnerability exploitation, 40% phishing, 7% removable media, and brute force and stolen credentials were both at 3%.

The report goes on to suggest that as defences grow stronger, malware gets more innovative. Attackers are increasingly using cloud-based messaging and storage services to blend into legitimate traffic. And some groups are experimenting with new techniques in encryption and code obfuscation to go unnoticed.

The report advises that maintaining properly hardened systems, enacting effective password policies, and ensuring policy compliance is critical to maintaining a robust cloud security posture.

The report goes on to say that triple extortion is an increasingly popular tactic for encrypting and stealing data, while also threatening to expose the data publicly and engage in a distributed denial of service (DDoS) attack against the affected organization unless a ransom is paid.

Ransomware gangs are also looking to their primary victim’s business partners to pressure them into paying a ransom to prevent their own data leakages or business disruptions caused by a ransomware attack.

Multi-factor authentication (MFA) can decrease the risk of several different types of attack, including ransomware, data theft, business email compromise (BEC), and server access. But BEC is rising in geographical regions where MFA is seemingly less common, like Latin America.

X-Force research confirms that zero trust principles can decrease organizations’ susceptibility to BEC. The good news is that identity and access management technologies are making MFA implementation easier.

Phishing was 2021’s top infection vector, and the brands that were most imitated in phishing kits are among the largest and most trusted companies, eg Microsoft, Apple, and Google.

Four out of 10 attacks start with phishing, however, the report found that adding vishing (or voice phishing) to a targeted phishing campaign makes the effort three times as effective as a classic phishing campaign.

Particularly noticeable, the report says, is the huge growth in Internet of Things (IoT) malware activity in the past year. The number of vulnerabilities related to IoT devices increased by 16% year on year, compared to a growth rate of only 0.4% for vulnerabilities overall. For industrial control systems, the rise was even more dramatic at 50%. This highlights the vulnerability of the manufacturing and energy sectors.

Malware targeting Linux environments rose dramatically in 2021, which is possibly correlated to more organizations moving into cloud-based environments, many of which rely on Linux for their operations.

The report found that ransomware remains the leading type of attack, although it decreased as a share of overall attacks. The REvil operation accounted for a whopping 37% of ransomware attacks that X-Force remediated last year before the gang shut down in October 2021. Members of the gang were arrested, but many ransomware groups that disband later re-emerge under new names. The frequency of ransomware attacks tends to shift throughout the year, often increasing in May and June. Ransomware attacks appear to decrease in late summer or early autumn, with January having the lowest amount of activity.

Looking at ransomware, it's clear that hackers are adding new features to their code all the time, not only to make more money from their victims, but also to overcome countermeasures employed by defending organizations.

To start with, hackers would simply encrypt the data at their victim organization and demand a ransom to decrypt it. Since 2019, various ransomware software variants have exfiltrated the data and encrypted it. The target organization then had to pay a ransom to get the decryption key and pay a ransom, to prevent the bad actors publishing their data online. This is double extortion. In the past couple of years, attacks have moved on to triple extortion attacks.

With a triple extortion attack, the hackers have realized that organizations don't work in isolation, they are connected to other companies that supply them with goods or are their customers. That means ransom demands can now be directed at those suppliers or customers. The hackers can also threaten distributed denial-of-service (DDoS) attacks, or they might threaten to leak to the media information about the attack and the information they have obtained (as mentioned above).

A DDoS attack overwhelm a targeted server, service, or network by flooding it with Internet traffic. It does this using compromised computers as sources of attack traffic. Normal traffic can't get through because of the 'traffic jam' blocking the target.

The first documented example of triple extortion occurred in 2020, when Vastaamo, a Finnish physiotherapy provider, was hacked. Ransom demands were sent to Vastaamo’s clients, whose details had been exfiltrated.

The main takeaway from the X-Force report is that any organization using a computer can be vulnerable to cyber-attacks, including ransomware, which was the top attack type in 2021. Security teams need to recognize that the supply chain can be vulnerable to attack. And staff need to be trained regularly to watch out for phishing attacks using well-known brands. In addition, the cloud is not that safe because hackers are familiar with vulnerabilities associated with Linux, which is often used for cloud computing.