Author: - Computing_redesign

The angry affiliate says they are underpaid for the work

A disgruntled affiliate of the Conti ransomware service has leaked inside information about the group, including multiple tools and instruction manuals allegedly used by operatives to conduct ransomware attacks.

The details were leaked on a popular Russian-speaking hacking forum after Conti's operatives denied the hacker their expected share of ransomware revenues.

The angry affiliate said in the post that they received only $1,500 for the work, while recruiters divided the money among themselves.

The Conti ransomware group offers ransomware-as-a-service (RaaS), providing back-end infrastructure such as command servers and malware, which are then used by affiliates to launch actual cyber attacks against potential targets.

In April, Conti operatives targeted the Irish Health Service (HSE) network in a major ransomware attack. After the HSE refused to pay the ransom to the group, the hackers started posting patients' medical and personal details online. FBI said in May that the Conti operatives had targeted at least 16 healthcare and first response organisations in the US over the past 12 months.

The group's affiliates usually keep 70 to 80 per cent of a ransom payment, while Conti keeps the remainder.

Last week, an anonymous source shared with Bleeping Computer details of a hacking forum post that was created by a disgruntled Conti affiliate and which contained information about the ransomware operation.

This information included a 113 MB archive containing numerous tools and training material for conducting ransomware attacks and the IP addresses for Cobalt Strike C2 servers.

"I merge you their ip-address of cobalt servers and type of training materials. 1500 $ yes, of course, they recruit suckers and divide the money among themselves, and the boys are fed with what they will let them know when the victim pays," the affiliate stated in the post.

One instruction manual, written in Russian, instructs members how they can identify and hack victims using Cobalt Strike. It tells affiliates to use Google to search for the revenue of the potential target and then find employee accounts with admin privileges.

The guide then explains how that information can be used to deploy ransomware to encrypt the entire network of the company.

In a subsequent post on the forum, the hacker shared another archive containing 111 MB of files.

Advanced Intel's Vitali Kremez, who analysed the archive, told Bleeping Computer that the playbook "matches the active cases for Conti as we see right now".

Another security researcher, who goes by @Pancak3 on Twitter, advised people to block some IP addresses used in attacks from the Conti group.

🤫 go block these 🤫
162.244.80.235
85.93.88.165
185.141.63.120
82.118.21.1

— pancak3 (@pancak3lullz) August 5, 2021

The leak of Conti tools and training material has come amid a recent spate of ransomware attacks against American entities.

In May, US fuel distributor Colonial Pipeline suffered a massive ransomware attack that crippled fuel delivery in southeastern US states.

In June, Brazil-based JBS, the world's largest meat-packer by sales, paid $11 million in ransom after a massive attack targeting its computer systems in the US and Australia. Florida-based IT firm Kaseya also suffered a ransomware attack on 2nd July, suspected to be the work of the Russia-based REvil.

Following the Kaseya attack, White House press secretary Jen Psaki said that President Biden was considering all options for how to respond to ransomware attacks targeting US organisations.

Last month, the US State Department announced a reward of up to $10 million for information that could help identify or locate cyber actors that are working at the direction of a foreign government and targeting critical infrastructure in the US.

Many older medical devices simply need new software to smooth the rough edges and improve connectivity

While developers have always been under pressure to create and deploy increasingly rapidly, the accelerated digital transformation brought about by the pandemic has made speed of delivery even more important, and opened the industry's eyes to the need for efficiency going forward.

For developers working on life-saving medical devices, in particular, fast delivery and a quick time to market is essential.

However, in the medical space, developers don't just have time pressures. They also have to navigate a labyrinth of complex regulatory requirements, with no margin for error.

Life-saving tech

The medical device sector is integral to modern healthcare. In the last decade, it has undergone significant growth in innovative technologies that have dramatically improved services, reduced patient recovery time, and lowered cost of treatments.

Spurred by the rapid evolution of the Internet of Things (IoT), hospitals and doctors' surgeries have been quietly upgrading and connecting devices. The Internet of Medical Things (IoMT), a sub-sector of the IoT, was growing organically, and healthcare looked set to gradually join the ranks of industries undergoing digital transformation. Then, the pandemic struck.

The outbreak of Covid-19 further exposed a lot of medical devices as archaic, poorly designed and in desperate need of an upgrade.

During the pandemic, hospital machinery such as ventilators simply were not fit for purpose when deployed to makeshift treatment facilities. Hospitals stopped admitting non-Covid patients, appointments were conducted virtually, and doctors started monitoring symptoms remotely. Suddenly, connected devices went from being a convenient luxury to an essential cog in the healthcare machine.

The shortcomings of medical devices exposed by the pandemic have accelerated the growth of the IoMT, opening the industry's eyes to the need to create new technologies with more intuitive user experiences (UX) and user interfaces (UI), and better connectivity.

Unfortunately, the process of introducing a new medical device to market can be long-winded as any new products are subject to the rigours of in-country certification and market clearance processes.

These devices, such as the latest iterations of pacemakers, insulin pumps and blood pressure monitors, will eventually come into contact with patients, sensitive information and, in severe cases, life-and-death situations.

As a result, there are regulations and processes to ensure these technologies reach consumers only after passing a demanding battery of clinical trials.

The pandemic and the continued need for new, more intuitive technologies have created more challenges than ever for medical device developers, bringing issues such as cybersecurity and data integrity to the forefront. So, what is the role of developers in helping to revolutionise the medical devices industry?

Putting the dev in devices

When it comes to industry regulation, developers need educating. However, responsibility for and familiarity with various guidelines and specifications in the world's second-most regulated industry is, in the mind of most developers, outside of their remit.

For truly seamless design and manufacturing of new medical devices, an understanding of the regulations would be hugely beneficial. Unfortunately, the likelihood of time-tight developers attaining such comprehension is unlikely given their complexity, and its unreasonable to expect them to do so.

Instead, developers should focus their efforts on producing software for existing devices, that provides users with a UX and UI akin to those that they have come to expect from modern consumer products such as smartphones and tablets.

Just as consumers now expect new devices to run with Apple-like efficiency, the healthcare industry and its patients should expect modern medical devices to be equally intuitive.

Many existing devices have been in circulation for years and some are verging on obsolete. If the benchmark for device UX and UI is the latest software used in Apple or Android smartphones, a number of critical medical devices are operating on something closer to Windows 95.

This is where developers can play a major part in modernising the industry. These old devices are still saving lives every day, and many of the ventilators that kept Covid patients alive during the pandemic are outdated; but they simply require new software that can smooth some of the rougher edges. Connectivity, for example, is something that developers can write into code for existing models so that when new devices are manufactured with touch screens and all the trimmings, they can be linked to hospital infrastructure, connect life-saving data, monitor symptoms and make diagnoses from remote locations.

A new era for medical devices and pandemic proof healthcare

The pandemic has shone a light on what has been understood in the medical devices industry for decades. What has been reconfirmed is that a significant challenge to navigate is the high degree of regulation, guidelines and specifications that govern the manufacturing of new, life-saving products.

The approval and certification of new devices can be a huge bottleneck in a device company's go-to-market planning It is evident that more can be done through the product development and design process to streamline and increase the efficiency of the regulatory approval and certification process to help shorten a medical devices' time to market

Such is the urgency to digitally transform, developers are often subjected to unreasonable and highly pressurised demands to expedite product time to market. In an industry as regulated as healthcare, these expectations can be overwhelming.

The focus for developers should be on creating software with the capacity to deliver smartphone-like UX and UI for users and patients. In doing so, developers can play a critical role in helping to revolutionise the medical devices industry.

Roger Mazzella is senior product manager at The Qt Company

 

A massive supply chain attack rocked Kaseya, and Microsoft announced a new route to virtualisation

It's all about Microsoft this month, with a celebratory earnings release, a wildly popular new product...and the loss of a $10 billion deal. Welcome to this month's Big Picture.

In this series, Delta Site Editor Tom Allen looks back at the technology industry's most important stories in the last month, through five different lenses.

The month began with a supply chain attack on IT services provider Kaseya, with a worldwide fallout including the closure of petrol stations, grocery stores and broadcasters. Days later, news broke about Israeli firm NSO Group's Pegasus product being used to spy on journalists, activists and even the President of France.

The spyware scare made many fear for their digital safety, and Microsoft hopes its new Windows 365 product will set minds at rest; it's certainly got off to a strong start. It wasn't all roses for Microsoft though, as it lost a massive contract with the Department of Defense.

We're also looking at the continued rise of green tech solutions, and shortages in both the chip and labour markets. All this, and more, in this month's Big Picture.

People travelling to the Republic of Ireland will not pay any extra charges

Vodafone has announced that it will reintroduce roaming charges for UK mobile customers who travel in mainland Europe from January next year.

The fees will apply to new customers and those who change their contract from 11 August 2021, and will begin applying from 6 January 2022.

"If you're on a Pay monthly plan that started before 11 August 2021, there will be no change to your plan, or to the way you roam, while you stay on that plan," the company says on its website.

"This European roaming charge won't apply to Xtra Airtime Plans with 4 Xtra benefits."

Moreover, the company is "not making any changes to VOXI, Pay as you go plans, Talkmobile or Vodafone Basics at this time.

"If your plan doesn't include roaming in Europe, there will be a daily charge for using your phone in our European roaming zones," it added.

Affected customers will have the option to either pay £2 a day to use their monthly allowance of calls, data, and text messages in Europe, or pay £1 if they buy access in an eight- or 15-day bundle.

People travelling to the Republic of Ireland will not have to pay any extra charges regardless of their contract.

The move makes Vodafone the second mobile carrier in the UK - after EE - to reintroduce European roaming fees following Brexit.

Since June 2017, British travellers had been able to escape roaming fees in EU thanks to a ban on roaming charges.

But after Brexit, the UK had to negotiate a new trade deal with the bloc, which did not include free mobile roaming in region, allowing UK mobile carriers to reintroduce charges if they wished.

In July last year, the UK government launched a £93m "check and change" advertising splurge to prepare British people for changes to foreign travel after the Brexit deadline ends. It urged people to check whether their network carriers were planning to introduce roaming charges for Europe.

While all major carriers had previously said that they had no plans to introduce roaming charges, EE - which is owned by BT - became the first carrier in the UK to break the promise.

The company announced in June that its customers will have to pay £2 a day in 47 European destinations, starting from January 2022. It firm argued that introducing the fee would "support investment into our UK based customer service and leading UK network".

O2 has said that it will introduce an extra "fair use" charge for customers who use more than 25GB of data in a month when in an EU country.

Three has also reduced its "fair use" data limit from to 12GB a month when in Europe. Customers who cross the limit are required to pay £3 per extra gigabyte of data.

If you can't use a password manager, three random words make a strong password that's easy to remember

The UK's National Cyber Security Centre (NCSC) is advising the public to use three random yet memorable words to create passwords, instead of using passwords containing a series of random characters.

The 'three random words or #thinkrandom' is one of the NCSC's most popular pages on its website, even five years after its first publication. The agency revisited the idea in a recent post, concluding that it was still a good practice to choose three-word passwords, in place of complicated variations.

According to the NCSC, passwords created using three random words are usually longer and difficult to be predicted by hacking algorithms. Another advantage of using three-word passwords is that people can easily remember them and store them in a secure location, such as a password manager.

By contrast, more complicated passwords can often be guessed by using specialist software. The agency said cybercriminals target predictable strategies that are meant to make passwords more complex - like replacing the number one with an exclamation mark or substituting letter 'O' with a zero. Hackers are aware of such patterns and include them into their hacking software, negating any desired security from such passwords.

Three-word passwords can be easily modified as per different websites' requirements, as opposed to using random strings of letters, numbers and symbols.

The NCSC, however, acknowledges that using three random words to create passwords is not 100 per cent safe system, and algorithms can still be trained to crack it. Sometimes people could use predictable combinations of words that are easy to guess. More words will make a stronger password, but one that is harder to remember.

As a preferred option, the NCSC advises people and organisations to use password managers to generate unique strong passwords, but notes that uptake of these is still low.

The advice from the NCSC comes amid a dramatic rise in cybercrime during the pandemic.

In 2019, a survey of more than 1,000 British consumers by GMX showed that two-thirds of British internet users reused their passwords across their most important online accounts.

Only one-fifth of the survey respondents said they used a different password for each account they have had, while more than two-fifths admitted that they found the sheer number of different passwords required for managing various online accounts "overwhelming". And nine per cent had never changed their email account password - often using 'front door' as password for many online accounts.

Commenting on the NCSC's blog, Adam Philpott, EMEA president at McAfee Enterprise said: "With each new service comes a new password, or at least it should. However, the reality is that many of us are guilty of re-using the same passwords across multiple accounts.

"Businesses should use the advice provided by the NCSC as standard and make sure it's embedded into general best practices. Failing to understand the importance of password security will provide cybercriminals with unlimited opportunities, especially as we continue to shift to a hybrid working model."

Investigations into allowing network operators to run cables through the electricity, gas, water and sewer networks, and alongside roads and railways

The government has launched a £4 million scheme to support running fibre-optic cables through water pipes, in order to connect homes to fast broadband that would otherwise be hard to reach without disruptive excavations or expensive construction work.

In a press release, digital infrastructure minister Matt Warman said he is consulting on options to change the regulations, potentially allowing broadband network operators to run broadband cables through the electricity, gas, water and sewer networks, and alongside roads and railways.

"These measures could significantly reduce the time and cost it takes to roll out gigabit-capable broadband to every home and business in the UK, giving people future-proof internet connections capable of reaching download speeds of up to 1 gigabit (1,000 megabits) per second," the press release says.

Installing new ducts and poles for broadband cables accounts for almost four-fifths of the cost of new broadband infrastructure, according to the government.

The £4 million fund will be used to investigate how existing passive infrastructure can be used to speed the rollout of high-speed broadband, as part of an ongoing review of the Access to Infrastructure (ATI) Regulations 2016. Those regulations govern access to physical infrastructure across the utility, transport and communications sectors, but the government says that to date they have not been widely used to share infrastructure.

The government is behind on a key election promise of delivering gigabit-speed broadband to every home by 2025, last November downgrading its commitment to "a minimum of 85 per cent coverage". This move was derided by campaigners who feared rural communities would be left behind.

The initiative could also be used to place leak sensors in water pipes, according to The Guardian, to reduce continuing problems with wasted water that suppliers have been slow to fix.

ProxyShell is a set of three security flaws that have already been addressed by Microsoft, but not all instances are patched

Attackers are currently scanning the internet for Microsoft Exchange Server instances that have not been patched for the ProxyShell vulnerability,  researchers have warned.

The technical details of the bug were disclosed last week by Devcore security researcher Orange Tsai at the Black Hat 2021 conference.

Tsai and his teammates are credited for discovering this bug during the Pwn2Own 2021 hacking contest held in April.

Microsoft Exchange Server, an email solution, is a long-time target of state-backed threat actors as corporate mail servers store the confidential secrets of government agencies and enterprises.

ProxyShell is a set of three security flaws (CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207) which, when used together, could enable a threat actor to perform unauthenticated, remote code execution (RCE) on unpatched Microsoft Exchange servers.

According to Orange Tsai, these vulnerabilities can be remotely exploited through Microsoft Exchange's Client Access Service (CAS) running on port 443 in IIS.

Microsoft quietly patched CVE-2021-34473 and CVE-2021-34523 in April with its KB5001779 cumulative update, while CVE-2021-31207 was patched about a month later.

CVE-2021-34473 is a pre-authentication path confusion bug that could result in ACL bypass, while CVE-2021-34523 results in elevation of privilege on Exchange PowerShell Backend, according to BleepingComputer.

The third flaw, CVE-2021-34473, is a post-authentication arbitrary-file-write bug that enables attackers to remotely execute arbitrary code on a machine.

Tsai explained in his talk last week that one of the components of the ProxyShell attack chain targets the Microsoft Exchange Autodiscover service that was introduced by Microsoft to provide an easy way for mail client software to auto-configure itself with minimal input from the user.

After watching Tsai's talk, security researchers PeterJson and Jang published a blog post detailing how they were able to successfully reproduce the ProxyShell exploit.

IT security researcher Kevin Beaumont also said last week that a threat actor had probed his Microsoft Exchange server, which he had set up as a honeypot.

Interesting thing I noticed in MailPot with Exchange servers - somebody has started targeting them using autodiscover.json, a detection avoidance and relatively undocumented feature it appears. pic.twitter.com/MOuTaoOQL2

— Kevin Beaumont (@GossiTheDog) August 2, 2021

Honeypots are sacrificial computer systems with known security vulnerabilities that are exposed on the Internet to attract cyber attacks. They can help cyber security experts to monitor activities of cyber groups.

Beaumont said that while initial attacks were unsuccessful, he later observed entries in the log against the server's Autodiscover service, suggesting that the attackers had managed to conduct successful attacks.

These findings also indicate that threat actors are watching presentations at security conferences and quickly adapting their automatic tests.

Experts advise Exchange server admins to install the latest cumulative updates from Microsoft as soon as possible.

There are currently 400,000 Microsoft Exchange servers exposed on the Internet, so successful attacks are expected to come very soon, Tsai warned.

SAP's sustainability executives on the company's approach to helping customers reach their goals

The need to reconcile the activities of the humans currently occupying our planet with our longer- term survival has become increasingly pressing of late. Few people, despite considerable efforts in some cases, are still managing to reject the evidence of their own eyes and ears. Climate change can no longer be filed under ‘future problems'.

Anita Varshney, Global Vice President of Strategy for Sustainability for SAP S/4HANA spoke with Computing to explain how SAP is acting as both an exemplar and enabler of greater sustainability and equality and of how they are working to change the perception that sustainability and profitability are mutually exclusive.

"Our goal is to make sustainability profitable and profitability sustainable," explains Varshney.

"To achieve this, enterprises must integrate sustainability into the heart of their strategy. This is the rationale behind the collaboration between SAP and Accenture on a series of guides with United Nations Global Compact which provide business leaders and their technology partners with a methodology to integrate and mainstream ambitious sustainability goals across business units by pioneering a performance integration approach that utilises enabling technologies."

The aim is to help SAP customers on their Sustainable Development Goals (SDG) Ambition transformation. This encourages organisations to set themselves more ambitious targets where their business can have the most impact.

At present, many businesses who signed up to the principle of SDGs are not on target to meet these goals by 2030. A lack of ambition and urgency has stymied progress. What SAP is trying to do is to elevate ambitions and then translate those ambitions into tangible actions and outcomes.

Promoting sustainability

SAP has set out to exemplify the approach that they encourage others to take, and a big part of its own approach is accountability for change. A big part is having representation at the highest level, said Varshney.

"We believe that our overall corporate strategy must itself be sustainable, and we therefore strive to promote sustainability across our entire business.

"Led by our chief sustainability officer, a dedicated team works to embed sustainability into our corporate strategy and drives new sustainability initiatives across the organisation.

"Our CFO is the sponsor for sustainability on the Executive Board, and we also have at least one dedicated senior executive in charge of sustainability in each Board area. These individuals form our Sustainability Council and are responsible for embedding sustainability in their business practices, such as by setting and reviewing relevant targets and implementing related programmes.

"Our external sustainability advisory panel consists of expert representatives from our customers, investors, partners, NGOs and academia. We have been leading the Dow Jones Sustainability World Index but we have to find ways to continuously improve and set higher standards."

Varshney is keen to communicate other ways that SAP is trying to exemplify the changes they want more enterprises to make. She mentions the use of an Environmental Management Systems (EMS) at more than 50 sites across 30 countries which is certified to ISO14001:2015 standards. As well as corporate offices, data centres are a significant source of carbon emissions.

"In 2014, SAP strengthened the integration of our environmental strategy into our business strategy by creating a ‘green cloud' powered by 100 per cent renewable electricity - one major step towards achieving carbon neutrality and upholding our commitment towards the RE100 initiative," Varshney said.

"We realise our green cloud with a dual approach. Firstly, we invest in very high-quality, EKOenergy-certified renewable energy certificates (RECs) to foster renewable energy generation; secondly, we produce renewable electricity in selective SAP locations worldwide through solar panels. This allows us to compensate all our facility and data centre emissions. Therefore, customers can significantly reduce their carbon emissions (Scope 3) by using our green cloud solutions and services."

This leads us nicely into the enablement aspect of SAP's program. Sustainability has moved up the corporate agenda, including those of SAP customers and prospects. A virtual sustainability summit held earlier this year was expected to attract around 500 registrations but attracted in excess of 4,000.

Customers can't wait, they want it now, Anita Varshney, SAP

"There is a huge demand from our customers on having sustainability embedded into their end-to-end business processes. They look to SAP because we understand how complex business processes can get, they look to us to help them with these challenges, not only within their enterprise, but also expanding towards the entire business network," explained Varshney.

"Customers can't wait, they want it now. They see EU regulations, potential mandatory disclosure on ESG, etcetera. They need to prepare right away because they can't change overnight. They want to do better and they're extremely motivated. We are proud that we are already delivering on our customers' asks, with a robust SAP S/4HANA product roadmap, embedded with sustainability innovations, beginning with SAP Product Footprint Management to be released in August."

Four dimensions of sustainable transformation

It was at this summit that SAP launched its four dimensions of sustainable transformation. The first of these centres on carbon and aims to enable SAP customers both to reduce carbon emissions, but also to share carbon data with their customers, supplier and partners, increasing transparency across Scope 1, 2 and 3 emissions. The second dimension is the circular economy, with the goal of plastic free oceans by 2030. The third involves ESG reporting with SAP enabling more transparency and granularity of reporting, and the fourth the building of socially responsible value networks.

Of course, in a year when very few business flights took place, and car journeys were drastically reduced, SAP, like most enterprises, experienced a significant drop in its own carbon emissions in 2020 and by the time their data was published, the firm was well ahead of both its original and revised targets. Rather than banking the rise, SAP has chosen to increase the scope of its ambitions and bring forward its target of being carbon neutral in its own operations by two years to 2023.

This willingness to take the stance of a role model and be more ambitious in their sustainability goals is an excellent way to convince others to do likewise and speed the pace of progress towards hitting SDGs across multiple industries.

 

The feature could be exploited by threat actors in the long run, experts warn

More than 5,000 individual and organisations have signed an open letter urging Apple to rethink roll out of its new photo scanning feature that has been designed to identify child sexual abuse material (CSAM) on iPhones and iPads.

Apple announced the feature last week, saying that its upcoming versions of iOS and iPadOS will be equipped with 'new applications of cryptography' - enabling the company to identify CSAM images as they are uploaded to iCloud Photos, Apple's online storage.

However, the open letter from industry experts and privacy advocates cautions that upcoming changes have the potential to bypass any end-to-end encryption that would otherwise safeguard the user's privacy.

"While child exploitation is a serious problem, and while efforts to combat it are almost unquestionably well-intentioned, Apple's proposal introduces a backdoor that threatens to undermine fundamental privacy protections for all users of Apple products," reads the letter that was posted on Friday and has already been signed by over 5,000 tech executives, privacy supporters, legal experts, researchers, professors and more.

The letter cautions that the photo-scanning feature amounts to creating backdoors in Apple's software, which could be exploited by threat actors in the long run.

It requests that Apple halts implementation of the photo-scanning feature and also issues a statement "reaffirming their commitment to end-to-end encryption and to user privacy".

On Thursday, the Electronic Frontier Foundation (EEF) published a blog post, warning that Apple was "opening the door to broader abuses".

"Apple's compromise on end-to-end encryption may appease government agencies in the US and abroad, but it is a shocking about-face for users who have relied on the firm's leadership in privacy and security," the EEF said.

It argued that it was impossible to create a client-side scanning system that "can only be used for sexually explicit images sent or received by children".

"That's not a slippery slope; that's a fully built system just waiting for external pressure to make the slightest change," it added.

The Center for Democracy and Technology said it was "deeply concerned that Apple's changes in fact create new risks to children and all users, and mark a significant departure from long-held privacy and security protocols".

In a series of tweets, Will Cathcart, CEO of WhatsApp, said that WhatsApp will never use such image-scanning systems, although they do intend to combat CSAM content itself.

While announcing the new feature on Thursday, Apple said it system ensures that nobody cannot learn about images stored on a device if they are not sexually explicit.

Before an image is stored in iCloud Photos, an on-device matching process will be performed for that image against the database of known CSAM images, compiled by the US National Center for Missing and Exploited Children (NCMEC).

The image being checked will be converted into a hash key or unique set of numbers, and then the system will try to match the key against NCMEC's database using cryptography.

If the system flags an image, a human reviewer will review the image, to confirm a match. If it is found that the image contains child abuse material, the user's account will be disabled, and the findings reported to the NCMEC.

Obviously, Apple cannot check images for users who have iCloud Photos disabled on their devices. Similarly, images that are stored in iCloud backups will not be scanned.

The only time Apple will run CSAM image-scanning tools it when the image it being uploaded to iCloud Photos.

Apple claims that its system has an error rate of 'less than one in 1 trillion' per year, and that it does not breach users' privacy.

The world is in trouble, lives are at stake and supply lines are under threat. Wondering how you can help? Register for Tech Impact and find out.

The word 'sustainability' is appearing with increasing frequency. As it becomes the focus of governments and organisations of all sizes, you can expect to see and hear it more and more often. But while the word is becoming more prevalent, what it means to the tech and IT community remains as vague and elusive as ever, leaving many asking questions.

IT leaders today wonder how they can - or if they should - marry sustainability with IT; what they can do to make their own organisation more sustainable; and what impact that will have on performance. There are difficult questions to ask and answer around eco-friendly supply chains, and how to contribute to the wider fight against climate change on a regional, national or global scale.

These are important topics, and every IT professional - from the help desk to the CIO - must consider them. Green credentials are no longer just nice to have, but critical for the planet's survival.

Computing's inaugural Tech Impact conference will answer these questions and many more, by unpacking and exploring the diverse approaches organisations can take to set and meet sustainability targets.

Join us and your peers virtually from 10am-3pm on the 14th October, for this eclectic range of sessions by industry leaders and experts with a wealth of experience and knowledge. We'll look at important subjects like how to approach a net zero strategy, climate transparency, and supply chains, and hear from the IT leaders who've already been there and done that successfully.

Register now

If you're still unsure as to what your organisation's first or next step should be, and what it will take to comply with - or even exceed - international carbon neutral and net-zero targets, then join us at Computing's CIPD-accredited Tech Impact for a clear view of the path forward.

It's time to step up.