Year 2017 will not have any turn towards better data security. The internet is rife with such well-known than the unknown threats. The company’s systems are supposed to be protected.Hackers are going to continue to look for new ways to extort and steal information from businesses and organizations, which unfortunately means those businesses and organizations will have to continue to look for new ways to protect themselves.
Critical infrastructure cames under attack in 2017. Critical infrastructures must be better protected from criminals and terrorists who take advantage of modern technologies that are essential for the functioning of society and the economy. IT security functions of industrial control systems (ICS), energy grids and IoT networks needs to be improved in 2017.
There is push for better web security in 2017. Starting New Year’s Day, Google’s Chrome will begin labeling as “insecure” all websites that transmit passwords or ask for credit card details over plain text HTTP. Beginning in January 2017 (Chrome 56), HTTP sites that transmit passwords or credit cards are marked as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.
SHA-1 is insecure. Starting on Jan 1, 2017, most CAs will migrate to SHA-2 certificates, and major browser makers have already announced plans to adopt the change, including Microsoft, Google, and Mozilla. Their browsers will no longer trust sites that use SHA-1 starting with that date, and they will mark these websites as insecure. 1/3 of Websites Use SHA-1 Certificates Despite Looming Deadline. SHA-1 will still hang around, like a fart in a spacesuit, for many years to come because some people are lazy enough not to make the change.
There will be changes in how security is viewed in 2017 by businesses. We will likely see cloud adoption continue to grow across the United States, network visibility will no longer just be an option, AI and machine learning will shake old security models, and IoT-powered attacks will continue to rise. All of this will factor into how businesses set up, monitor and secure their networks.
The Commoditization of Cyberattacks Will Make Them More Frequent in 2017. More and more companies suffer from disruption to business due to cyber attacks. Cyber-attacks cause companies significant financial losses, but the studies shows that companies are not prepared for attacks. According to Gartner, by 2018 only 40 per cent of large companies have official plans in case of cyber attacks. Last year, the percentage was zero.
Strap yourself in for a bumpy ride in 2017. 2016 sucked. 2017 won’t be much better, sorry. DDoS attacks have been around since at least 2000, and they’re not going away. In fact, as the number of devices online grows, the volume and velocity of these attacks is also increasing. DDoS attack toolkits have been around for years, as have services that will enable you to pay for an attack. Expect to see more of them. It seems that 2017 promises to be the most dramatic year yet in DDoS conflict. Whale-sized DDoS attacks will increase, the IoT will become a bigger factor in DDoS and DDoS will overshadow ransomware attacks and is used for extortion. Expect to see the Internet of Things (IoT) and other connected devices play an important part in these attacks.
Biometric identification will become more common in 2017, but it will not replace passwords. Fingerprint identification has become increasingly common in smartphones and already the technology is fast and reliable. This year biometric identification devices were sold for 4.5 billion dollars (most of them go to smart phones and laptops). 91 percent of biometric sales were fingerprint sensors, four per cent of face detection and three per cent iris detection.
Biometrics Won’t Kill Passwords any time soon. Even though PIN codes and passwords are actually pretty lousy protection case against skilled cybercriminal, the password will never disappear entirely, as two per cent of the world’s population is persons with a fingerprint not suitable for biometric identifier to work. Other biometric identification systems have also similar limitations and/or are not yet commonly available at reasonable cost. While biometrics, including fingerprint-, face-, iris-, palm- and speech-recognition, will continue to grow as a more secure substitute for passwords, they will not render passwords obsolete. Until the other common biometrics become commonplace, passwords are here to stay until circa 2030.
Fights with encryption and backdoors for them is not over in 2017. Many public figures in law enforcement have consistently argued that device encryption presents a new threat to police powers of investigation. On the other side House Judiciary Committee’s Encryption Working Group report says encryption backdoors pose a security threat, siding with tech experts in their latest report . The problem is that any system allowing police to get into those encrypted system (let it be phone, computer or communications) could also be exploited by criminals. Any action in this space should weigh any short-term benefits against the longterm impacts. Many industry experts will rightly tell you there is no such thing as partial data encryption. You either have a fully capable system or none at all.
Given the security events of 2016, coupled with the rapid advancements and adoption of cloud computing, 2017 will be the year in which many finally accept that network infrastructure and security will have to be rethought from the ground up. In 2017 the cloud will become a risk for users: The cloud becoming insecure – extortion and IoT openings.
The rivalry between the network attacks and network security is in acceleration. Crippling Internet services with denial of service attacks are becoming more common throughout the world. DDoS attacks have been around since at least 2000, and they’re not going away. In fact, as the number of devices online grows, the volume and velocity of these attacks is also increasing. IoT-powered attacks will continue to rise and stopping the attack is not easy. For most companies the key thing is that the attack traffic is stopped before it reaches the company’s Internet connection or servers (needs to use telecom operator and external services increase). In addition to service disturbion Denial of Service Attacks are often used as distraction during the actual data burglary.DDoS may take over from ransomware as a cause for concern.
In 2017 the IT and security professionals talk about more about business risks. Historically, firewalls, DLP, antivirus, SIEM and other technical point solutions have been the centerpiece of security conversations, but the mindset is slowly shifting from technology to risk. The goal of stopping all attacks and preventing all business impact has been recognized as a fool’s errand, and has shifted to measuring risk and minimizing business impacts. Cyber security is increasingly being viewed as a risk management problem.
In 2017 ‘Security’ Must be Added to our Existing Ethical and Philosophic Concerns Over Artificial Intelligence and Algorithms. Algorithms soon run the world. They present problems that are seriously questioned on both ethical and philosophic grounds; and they have become the basis of fictional Armageddons.
Cyber insurance will be more thoughs as on solution for handling cyber risks in 2017. The global cyber insurance market is expected to generate $14 billion by 2022, according to a new report published by Allied Market Research (AMR). That figure represents an impressive compound annual growth rate (CAGR) of nearly 28% from 2016 to 2022.
In 2017 Big Brother will be watching you 24/7.Those of you who’ve read George Orwell’s book 1984 or seen the movie ,will remember how the citizens of the fictitious totalitarian state of Oceana are constantly under surveillance by order of its dictator, Big Brother. So now swap your home desktop computer, laptop or smart phone for the fictitious telescreen and not only are you sitting in front of what is a modern day version of the Big Brother telescreen you are also walking around with one in your pocket or handbag. Sound a bit far fetched to you? Well it’s set to become a reality in many countries.
Users will want better security or at least to feell more secure in 2017. Many people are prepared to to extremes for better security. According to a recent survey of over 2,000 adults conducted by Harris Poll Nearly 40% of Americans Would Give Up Sex for a Year or eating their favourite food in Exchange for Better Online Securit, meant they’d never have to worry about being hacked. When you consider that 87 percent of U.S. adults use the internet, it makes sense that cyber security is one of the biggest concerns today. The single biggest thing people can do to help keep their online identity safe is probably the easiest – a solid password – and not giving it to other people. Still nearly 50% of people have shared a password to an e-mail account or to an account like Netflix.
Security Becomes A Multi-System Issue and more people talking about the issue. Design teams will have to bake strategies in from the start, no matter how insignificant the device.The good news is that it more people talking about the issue. The real challenge is packing enough security features into designs to prevent security breaches of every sort, including those that can come from other electronics that weren’t even considered as part of the design process. Just as devices get more sophisticated, so do hackers.The reality is that security breaches can even cause physical harm. It’s time to look at this at a multi-system, multi-disciplinary level. Otherwise, we literally could be playing with fire.
Block chains have been a big trend for several years. The block chain market is divided now when 2017 starts. During the autumn 2016, we have seen a number of initiatives on cooperation between the financial sector and consulting companies. Microsoft has chosen a platform for Ethereum-block chain and offers it to the Azure cloud service. IBM has jumped Hyperledger consortium bandwagon and offering their own block chains to Bluemix service. Google and Amazon still shine by their absence. Even banks may prefer to see the use of cloud for the block chains.
Other prediction articles worth to look:
What Lies Ahead for Cybersecurity in 2017?
Network Infrastructure, Visibility and Security in 2017
DDoS in 2017: Strap yourself in for a bumpy ride
Cybersecurity Industry Outlook: 2017 to 2021 | CSO Online
IBM’s Cybersecurity Predictions for 2017 – eForensics
https://eforensicsmag.com/ibms-cybersecurity-predictions-2017/
Top 5 Cybersecurity Threats to Watch Out for in 2017
Experts Hopeful as Confidence in Risk Assessment Falls
3,151 Comments
Tomi Engdahl says:
Google’s Elite Hacker SWAT Team vs. Everyone
http://fortune.com/2017/06/23/google-project-zero-hacker-swat-team/
Brash. Controversial. A guard against rising digital threats around the globe. Google’s Project Zero is securing the Internet on its own terms. Is that a problem?
Tomi Engdahl says:
Alasdair Pal / Reuters:
How a network of dummy online stores pretending to sell household goods is used to hide internet gambling payments from regulators and card issuers
Exclusive: Fake online stores reveal gamblers’ shadow banking system
http://www.reuters.com/article/us-gambling-usa-dummies-exclusive-idUSKBN19D137
A network of dummy online stores offering household goods has been used as a front for internet gambling payments, a Reuters examination has found.
The seven sites, operated out of Europe, purport to sell items including fabric, DVD cases, maps, gift wrap, mechanical tape, pin badges and flags. In fact, they are fake outlets, part of a multinational system to disguise payments for the $40 billion global online gambling industry, which is illegal in many countries and some U.S. states.
That strategy is “transaction laundering” – when one online merchant processes payment card transactions on behalf of another, which can help disguise the true nature of payments.
Credit card companies including Visa and Mastercard require all online purchases to be coded so they can see what type of purchase is being processed and block it if it is illegal in a particular country.
websites which accepted payments for household items from a reporter but did not deliver any products
Such sites get around checks by credit card companies by using loopholes in the system
Tomi Engdahl says:
Yvette Tan / Mashable:
The Chinese government orders Weibo, iFeng, and ACFUN to cease all video and audio streaming services, says they don’t meet national audiovisual regulations
China just banned livestreaming because it’s too hard to censor
http://mashable.com/2017/06/23/china-bans-livestreaming/#0Mz3pfheKqqq
Chinese authorities have sent shockwaves through the social media sphere, with a blanket ban on livestreaming across three major online platforms.
On Thursday, the government ordered Weibo, iFeng and ACFUN to stop all its video and audio streaming services, according to an FT report.
Weibo, China’s version of Twitter, and one of its largest social networks, acknowledged that it received the directive from the government
Some of the country’s most famous online celebrities rely on live-streaming sessions to earn virtual gifts, which can be cashed in. The live streaming industry was worth some $9 billion in 2016, according to online tracker Statista.
https://www.ft.com/content/8a06dd5e-5752-11e7-9fed-c19e2700005f
Tomi Engdahl says:
Parliament cyber-attack ‘hit up to 90 users’
http://www.bbc.com/news/uk-40398696
Up to 90 email accounts were compromised during the cyber-attack on Parliament on Friday.
Fewer than 1% of the 9,000 users of the IT system were impacted by the hacking, said a parliamentary spokesman.
The hack prompted officials to disable remote access to the emails of MPs, peers and their staff as a safeguard.
The spokesman said the attack was a result of “weak passwords” and an investigation is under way to determine whether any data has been lost.
‘Passwords for sale’
The spokesman said the parliamentary network was compromised due to “weak passwords” whi
The incident comes just over a month after 48 of England’s NHS trusts were hit by a cyber-attack.
International Trade Secretary Liam Fox said: “We have seen reports in the last few days of even cabinet ministers’ passwords being for sale online.
Tomi Engdahl says:
Patrick Howell O’Neill / Cyberscoop:
Anthem agrees to pay $115M to settle class action lawsuit over 2015 data breach in which hackers gained access to personal info of nearly 80M Americans
Anthem will pay $115 million in largest data breach settlement in history
https://www.cyberscoop.com/anthem-data-breach-settlement/
Anthem Inc. agreed to pay $115 million in a deal to end a court battle over the 2015 data breach where hackers gained access to sensitive records for nearly 80 million Americans. The funds will go toward credit monitoring and reimbursement for customers, in addition to as much as $38 million in attorneys’ fees.
The 2015 breach saw hackers access records including Social Security numbers, birthdays, addresses, detailed employment information and income data. Chinese state-sponsored attackers were suspected in the attack but there has been no official attribution.
Anthem faces further court battles. A crucial point in the litigation against Anthem alleges the company willfully neglected cybersecurity, kept the neglect secret and failed to notify customers of the breach in a timely manner.
Earlier this year, it lost a key decision when a federal judge ruled that security audits from before and after the breach will be made public.
Two years after massive breach, U.S. government still fights to keep security audits of Anthem secret
https://www.cyberscoop.com/two-years-massive-breach-u-s-government-still-fights-keep-security-audits-anthem-secret/
Two years after a cyberattack on Anthem, one of America’s largest health insurers, the company and the U.S. government are still locked in court battles over lawsuits that aim to make public a range of critical documents from two security audits conducted both right before and immediately after the massive hack.
Tomi Engdahl says:
Dani Deahl / The Verge:
Snapchat’s new Snap Map broadcasts your exact location to your friends every time you open the app, unless you turn on “Ghost Mode”
Snapchat’s newest feature is also its biggest privacy threat
This detail about Snap Map is frightening
https://www.theverge.com/2017/6/23/15864552/snapchat-snap-map-privacy-threat
Tomi Engdahl says:
Kantara Initiative Releases Consent Receipt Form for GDPR
http://www.securityweek.com/kantara-initiative-releases-consent-receipt-form-gdpr
The antara Initiative has released an open, global consent receipt specification for use with the European Union’s (EU) General Data Protection Regulation (GDPR).
With less than one year before GDPR kicks in, the newswaves have been flooded in recent months with new surveys showing how ill-prepared business still remains. But while there is much news, there has been little in the way of practical technology solutions. The Kantara Initiative released one on Tuesday: a global consent receipt specification that meets GDPR requirements.
‘Consent’ is one of the big and far-reaching elements of GDPR. Failure to abide by the new consent requirements means failure to comply with GDPR, and potential liability for the regulation’s stringent sanctions — it is no longer simply a matter of preventing breaches.
Consent now must be informed and explicit. It means that in the event of a dispute over the use of personal information, or the transfer of personal data either between applications or to third parties, business will need to be able to prove that consent had indeed been given. Online tick-boxes and assumed consent will not suffice.
Kantara’s Consent Receipt 1.0 (CR 1.0) (PDF) allows businesses dealing with EU-based companies to demonstrate they meet the notice requirements of GDPR scheduled to be enforced on May 25, 2018. The specification is available free for download.
GDPR reflects an almost worldwide shift in attitudes, with consumers becoming more aware of and cynical towards the use of their personal data within surveillance capitalism. “Despite cartel-like market domination in their areas, the actual switching costs for users (and customers) of Facebook and Google are very low.”
https://kantarainitiative.org/wp-content/plugins/email-before-download/?dl=84099635fcdb6711b5263be3db0fa9e2
Tomi Engdahl says:
Facebook, Microsoft, YouTube and Twitter form Global Internet Forum to Counter Terrorism
https://techcrunch.com/2017/06/26/facebook-microsoft-youtube-and-twitter-form-global-internet-forum-to-counter-terrorism/?ncid=rss&utm_source=tcfbpage&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&sr_share=facebook
Today Facebook, Microsoft, YouTube and Twitter collectively announced a new partnership aimed at reducing the accessibility of internet services to terrorists. The new Global Internet Forum to Counter Terrorism adds structure to existing efforts by the companies to target and remove from major web platforms recruiting materials for terror groups.
Back in December of 2016, the same four companies announced the creation of a shared industry hash database. By sharing hashes with each other, the group was able to collectively identify terror accounts without each having to do the time- and resource-intensive legwork independently. This new organization creates more formal bureaucracy for improving that database.
will be teaching smaller companies and organizations to follow in their footsteps to adopt their own proactive plans for combating terror.
Tomi Engdahl says:
FBI: $1.45 Billion in Losses to Internet Crime Reported in 2016
http://www.securityweek.com/fbi-145-billion-losses-internet-crime-reported-2016
The FBI has published its Internet Crime Report 2016 based on information received by the Internet Crime Complaint Center (IC3). It shows that 298,728 complaints were received by the IC3 during 2016 (up from 288,012 in 2015); and that reported losses to internet crime totaled more than $1.45 billion (up from $1.07 billion in 2015).
Tomi Engdahl says:
Govt Websites in Ohio, Maryland Hacked With Pro-IS Messages
http://www.securityweek.com/govt-websites-ohio-maryland-hacked-pro-messages
Several government websites in the US states of Ohio and Maryland had to be shut down Sunday after being hacked to display messages supporting the Islamic State group
Tomi Engdahl says:
Apple, Cisco Partner to Improve Cyber Insurance Policies
http://www.securityweek.com/apple-cisco-partner-improve-cyber-insurance-policies
Cisco is getting ready for a new journey in cyber insurance, and Apple will be part of it, the company announced this week.
The company didn’t provide specific details on what its customers should be looking for, but David Ulevitch, Vice President for Cisco’s Security Business Group, mentioned in a blog post on Monday that the company is working with leading companies to build the architecture needed to offer “more robust” policies.
Tomi Engdahl says:
Cloudflare Launches New App Store for Websites, $100 Million Development Fund
http://www.securityweek.com/cloudflare-launches-new-app-store-websites-100-million-development-fund
Cloudflare Launches New Website App Store and Partners With Venture Firms to Launch $100 Million Development Fund
“It’s similar to the platform built by Apple. We make it easy for the developers to produce apps, and easy for them to get paid for those apps.
The Cloudflare network comprises some 6 million website customers that use Cloudflare’s approximately 115 worldwide data centers for security — such as DDoS mitigation– and performance optimization. The basic service is free, but more advanced options can be paid for.
The new app service will add app code to delivered customer web pages as the page passes through Cloudflare’s data centers. This provides both flexibility and control. Developed apps can be added to websites by customers simply by specifying which sites or pages on which they should run. For the customer, everything is automatic and requires zero coding.
“We’ve taken an approach similar to Apple. We review all apps before deployment, and each one is individually sandboxed and cannot affect any other app,”
If a vulnerability is ever discovered, much like Apple we can withdraw that application from any customer that is using it and prevent any other customer from using it in the future. So, while there is a potential that an app vulnerability may slip through the vetting and the static analysis that we do before it is delivered, it is never deployed software. The app is code that is running on our hardware and injected into web pages as they pass through our systems; and we can simply turn it off without any effect on the customer’s website
Tomi Engdahl says:
New Fileless Ransomware with Code Injection Ability Detected in the Wild
https://vulnerablelife.wordpress.com/2017/06/18/new-fileless-ransomware-with-code-injection-ability-detected-in-the-wild/
Security researchers have recently discovered a new fileless ransomware, dubbed “Sorebrect,” which injects malicious code into a legitimate system process (svchost.exe) on a targeted system and then self-destruct itself in order to evade detection.
Unlike traditional ransomware, Sorebrect has been designed to target enterprise’s servers and endpoint. The injected code then initiates the file encryption process on the local machine and connected network shares.
This fileless ransomware first compromises administrator credentials by brute forcing or some other means and then uses Microsoft’s Sysinternals PsExec command-line utility to encrypt files.
Tomi Engdahl says:
JASK emerges from stealth with $12 million and an automated threat detection service
https://techcrunch.com/2017/06/27/jask-emerges-from-stealth-with-12-million-and-an-automated-threat-detection-service/?ncid=rss&utm_source=tcfbpage&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&sr_share=facebook
The thesis behind JASK’s service is the somewhat depressing (and frightening) thought that these days there aren’t enough security experts to meet the demands of running a modern business. Simply put, people can’t respond to every breach that a company faces, because there aren’t enough professionals trained in cybersecurity.
To manage that staffing shortage, companies can turn to automated services like JASK that will monitor networks and prioritize threats to chief information security officers and their teams based on the severity of the threat, according to a statement from the company.
Tomi Engdahl says:
Another Massive Ransomware Outbreak Is Going Global Fast
https://www.forbes.com/sites/thomasbrewster/2017/06/27/ransomware-spreads-rapidly-hitting-power-companies-banks-airlines-metro/#26216e537abd
Ukraine’s government, National Bank, its transportation services and largest power companies are bearing the brunt of what appears to be a massive ransomware outbreak that’s fast spreading across the world and hitting a significant number of critical infrastructure providers.
Whispers of WannaCry abound, though some security experts said on Tuesday that a different breed, named Petya, was to blame. “[We're seeing] several thousands of infection attempts at the moment, comparable in size to WannaCry’s first hours,”
Regardless of the malware, the attacks are now global. Danish shipping and energy company Maersk reported a cyberattack on Tuesday, noting on its website: “We can confirm that Maersk IT systems are down across multiple sites and business units due to a cyberattack.” Russian oil industry giant Rosnoft said it was facing a “powerful hacker attack.” Major British advertiser WPP said on Facebook it was also hit by an attack, while law firm DLA Piper also confirmed it had been targeted by hackers.
Attacks on the U.S. pharmaceuticals company Merck extended to its to global offices
Ukraine the main target
The impact initially appeared to be most severe in Ukraine, with very few instances in the U.S., according to Kaspersky.
organization managing the zone of the Chernobyl disaster fallout
Other victims included major energy companies such as the state-owned Ukrenergo and Kiev’s main supplier Kyivenergo.
A Ukrenergo spokesperson told Forbes power systems were unaffected
The National Bank blamed an “unknown virus” as the culprit, hitting several Ukrainian banks and some commercial enterprises.
Security researchers fear the latest outbreak is hitting systems via the same leaked NSA vulnerabilities used by WannaCry.
using phishing emails containing Excel files. The malware may have used the worm features
What’s clear is the latest ransomware variant is spreading quickly, even on patched Windows PCs, thanks to some added features in the malware, now being dubbed NotPetya.
Tomi Engdahl says:
Pnyetya: Yet Another Ransomware Outbreak
Hiding the small movement inside the big movement
https://medium.com/@thegrugq/pnyetya-yet-another-ransomware-outbreak-59afd1ee89d4
Today saw a massive outbreak of not-really ransomware that has caused significant damage to both Ukrainian targets and strategic global logistics companies. The worm uses three different infection vectors:
ETERNALBLUE
Harvested password hashes
psexec
The code is well written, obfuscated to protect against AV detection
Tomi Engdahl says:
The superficial resemblance to Petya is only skin deep. Although there is significant code sharing, the real Petya was a criminal enterprise for making money. This is definitely not designed to make money. This is designed to spread fast and cause damage, with a plausibly deniable cover of “ransomware.”
https://medium.com/@thegrugq/pnyetya-yet-another-ransomware-outbreak-59afd1ee89d4
Tomi Engdahl says:
NEWS ALERT – Major ransomware attack affects users worldwide.
http://www.bullguard.com/blog/2017/06/news-alert-major-ransomware-attack-affects-users-worldwide-bullguard-users-are-protected.html?lang=en-IN
major ransomware outbreak is currently circulating, potentially similar in magnitude to the WannaCry outbreak which hit 230,000 computers in over 150 countries.
Variously called GoldenEye, Petya and NotPetya the attack first surfaced in Ukraine where state infrastructure including government-owned banks, energy firms and ministers’ computers were hit by the ransomware.
It has shut down transport, hit a nuclear reactor and almost halted oil production
this new ransomware has infected:
Kiev’s airport and metro system – it halted transport for a while
Chernobyl, a radiation monitoring system had to be taken offline
Rosneft, the Russian oil giant. The company said it narrowly avoided damage to oil production
Maersk, the world’s largest shipping company – employees at Maersk’s main UK office in Maidenhead said all staff had been locked out of their computers and IT systems around the world have been hit
WPP – the global advertising giant, several of its subsidiary companies have been affected
UK-based Mondelez International, a food giant
DLA Piper, a global legal firm
Saint-Gobain, a French construction materials company
Evraz, a Russian steel firm
Merck, the American pharmaceutical giant
So far, reports are still emerging and a full picture is not yet known. However, while the attack seems to be confined to Europe, security analysts said the ransomware has been designed to spread quickly and by the time you read this it could have escalated into a global crisis.
Tomi Engdahl says:
‘They sow chaos wherever they can’: A familiar actor may be behind the massive cyberattack that swept Europe
http://nordic.businessinsider.com/petya-cyber-attack-who-is-responsible-russia-europe-ukraine-2017-6?r=US&IR=T
A colossal cyberattack on Tuesday has been wreaking havoc on countries and corporations across the globe, and some cybersecurity experts are zeroing in on a familiar name as the possible culprit.
Though it’s too soon to be certain, experts say it seems as though a confluence of factors may be pointing to Russian state involvement in carrying out the attack.
‘Ukraine was targeted’
Ukraine was hardest hit by the attack, which came one day before the country’s Constitution Day.
Russia and Ukraine’s rocky relationship has been well-documented
Tomi Engdahl says:
Russell Brandom / The Verge:
Ransomware attack spreads to orgs in Britain, US, and Europe, including ad firm WPP, Chernobyl power plant, shipping giant Maersk, US hospital, Merck, more — A major ransomware attack has brought businesses to a close throughout Europe, in an infection reminiscent of last month’s WannaCry attack.
A new ransomware attack is infecting airlines, banks, and utilities across Europe
https://www.theverge.com/2017/6/27/15879480/petrwrap-virus-ukraine-ransomware-attack-europe-wannacry
A major ransomware attack has brought businesses to a close throughout Europe, in an infection reminiscent of last month’s WannaCry attack. The most severe damage is being reported by Ukrainian businesses, with systems compromised at Ukraine’s central bank, state telecom, municipal metro, and Kiev’s Boryspil Airport. Systems were also compromised at Ukraine’s Ukrenego electricity supplier, although a spokesperson said the power supply was unaffected by the attack.
The attack has even affected operations at the Chernobyl nuclear power plant, which has switched to manual radiation monitoring as a result of the attack. Infections have also been reported in more isolated devices like point-of-sale terminals and ATMs.
The virus has also spread internationally. The Danish shipping company Maersk has also reported systems down across multiple sites, including the company’s Russian logistics arm Damco. The virus also reached servers for the Russian oil company Rosneft, although it’s unclear how much damage was incurred. There have also been several recorded cases in the United States, including the pharmaceutical company Merck, a Pittsburgh-area hospital, and the US offices of law firm DLA Piper.
Early reports from a Kaspersky researcher identified the virus as a variant of the Petya ransomware, although the company later clarified that the virus is an entirely new strain of ransomware, which it dubbed “NotPetya.”
Reached by The Verge, Microsoft said it was continuing to investigate the attack. “Our initial analysis found that the ransomware uses multiple techniques to spread, including one which was addressed by a security update previously provided for all platforms from Windows XP to Windows 10 (MS17-010),”
Petrwrap itself appears to be a straightforward ransomware program.
The origins of the attack are still unclear, but the involvement of Ukraine’s electric utilities is likely to cast suspicion on
Tomi Engdahl says:
Joseph Cox / Motherboard:
German email host closes account of hacker behind today’s ransomware outbreak, but because victims can’t reach hacker, they can’t decrypt files even if they pay — On Tuesday, a new, worldwide ransomware outbreak took off, infecting targets in Ukraine, France, Spain, and elsewhere.
Hacker Behind Massive Ransomware Outbreak Can’t Get Emails from Victims Who Paid
https://motherboard.vice.com/en_us/article/new8xw/hacker-behind-massive-ransomware-outbreak-cant-get-emails-from-victims-who-paid
A German email provider has closed the account of a hacker behind the new ransomware outbreak, meaning victims can’t get decryption keys.
the email company the hacker happened to use, Posteo, says it has decided to block the attacker’s account, leaving victims with no obvious way to unlock their files.
Just to be super-clear, Posteo clarified, “Since midday it is no longer possible for the blackmailers to access the email account or send emails,” and “Sending emails to the account is no longer possible either.”
In other words, victims allegedly cannot contact the hacker by email, nor send the details necessary to unlock their files.
Tomi Engdahl says:
Catalin Cimpanu / BleepingComputer.com:
Researchers find creating a read-only “perfc” file on Windows stops the current “Petya” ransomware variant from executing locally — Cybereason security researcher Amit Serper has found a way to prevent the Petya (NotPetya/SortaPetya/Petna) ransomware from infecting computers.
Vaccine, not Killswitch, Found for Petya (NotPetya) Ransomware Outbreak
https://www.bleepingcomputer.com/news/security/vaccine-not-killswitch-found-for-petya-notpetya-ransomware-outbreak/
Cybereason security researcher Amit Serper has found a way to prevent the Petya (NotPetya/SortaPetya/Petna) ransomware from infecting computers.
The ransomware has been wreaking havoc across the globe today, locking hard drive MFT and MBR sections and preventing computers from booting. Unless victims opted to pay a ransom (which is now pointless and not recommended), there was no way to recover their systems.
Because of the ransomware’s global outreach, many researchers flocked to analyze it, hoping to find a loophole in its encryption or a killswitch domain that would stop it from spreading, similar to WannaCry.
Serper was the first to discover that NotPetya would search for a local file and would exit its encryption routine if that file already existed on disk.
This means victims can create that file on their PCs, set it to read-only, and block the NotPetya ransomware from executing.
While this does prevent the ransomware from running, this method is more of a vaccination then a kill switch. This is because each computer user must independently create this file
simply create a file called perfc in the C:\Windows folder and make it read only.
This batch file can be found at: https://download.bleepingcomputer.com/bats/nopetyavac.bat
Tomi Engdahl says:
LA Business Journal:
Malware causes Maersk to cease some operations in LA, New York, New Jersey, Rotterdam; in LA, only one Maersk vessel was able to depart on schedule early Tues.
Maersk Halts Operations at Port of Los Angeles After Cyberattack
http://labusinessjournal.com/news/2017/jun/27/maersk-halts-operations-port-los-angeles-after-cyb/
Shipping giant A.P. Moller-Maersk shut down its operations at the Port of Los Angeles’ largest terminal Tuesday morning after a cyberattack hobbled its computer systems worldwide.
“The fact that there’s not a ship there sitting idle is a good thing, though I’m sure it still affects their landside operations,”
Maersk reportedly ceased operations at the ports of New York, New Jersey, and Rotterdam, Netherlands, as well.
The Copenhagen, Denmark-based company released a statement early Tuesday about the cyberattack.
“We confirm that some Maersk IT systems are down,” Maersk said. “We are assessing the situation. The safety of your business and our people is our top priority. We will update you when we have more information.”
Tomi Engdahl says:
Jonathan Stempel / Reuters:
Florida man who ran the illegal bitcoin exchange Coin.mx and was tied to JPMorgan Chase hacks gets 5.5 years in US prison after pleading guilty on many charges’
Bitcoin exchange operator tied to hacks gets five-and-a-half years U.S. prison
http://www.reuters.com/article/us-cyber-jpmorgan-murgio-idUSKBN19I2JM
A Florida man was sentenced on Tuesday to 5-1/2 years in prison after pleading guilty to operating an illegal bitcoin exchange suspected of laundering money for hackers and linked to a data breach at JPMorgan Chase & Co.
Anthony Murgio, 33, of Tampa, pleaded guilty on Jan. 9 to three conspiracy counts, including bank fraud and operating an unlicensed money transmitting business.
Prosecutors said many transactions were conducted by victims of ransomware, a malicious software that locks up data unless people pay “ransom” to unlock it. Cyber criminals often demand ransom paid in bitcoin.
Tomi Engdahl says:
Peter Bright / Ars Technica:
Microsoft to add Exploit Guard feature in this fall’s Creators Update for Windows to help manage EMET-like exploit mitigations app by app
Microsoft bringing EMET back as a built-in part of Windows 10
The built-in exploit mitigations are getting stronger and easier to configure
https://arstechnica.com/information-technology/2017/06/microsoft-bringing-emet-back-as-a-built-in-part-of-windows-10/
The Windows 10 Fall Creators Update will include EMET-like capabilities managed through a new feature called Windows Defender Exploit Guard.
Microsoft’s EMET, the Enhanced Mitigation Experience Toolkit, was a useful tool for hardening Windows systems. It used a range of techniques—some built in to Windows, some part of EMET itself—to make exploitable security flaws harder to reliably exploit. The idea being that, even if coding bugs should occur, turning those bugs into actual security issues should be made as difficult as possible.
With Windows 10, however, EMET’s development was essentially cancelled. Although Microsoft made sure the program ran on Windows 10, the company said that EMET was superfluous on its latest operating system. Some protections formerly provided by EMET had been built into the core operating system itself, and Windows 10 offered additional protections far beyond the scope of what EMET could do.
Tomi Engdahl says:
Wall Street Journal:
How China is rushing to deploy facial recognition systems to monitor citizens and identify lawbreakers, unfettered by privacy concerns or public debate
China’s All-Seeing Surveillance State Is Reading Its Citizens’ Faces
In vast social-engineering experiment, facial-recognition systems crunch data from ubiquitous cameras to monitor citizens
https://www.wsj.com/articles/the-all-seeing-surveillance-state-feared-in-the-west-is-a-reality-in-china-1498493020
Tomi Engdahl says:
RESEARCHERS FOUND THEY COULD HACK ENTIRE WIND FARMS
https://www.wired.com/story/wind-turbine-hack/
AUTHOR: ANDY GREENBERGANDY GREENBERG
SECURITY
They’d picked the simple pin-and-tumbler lock on the turbine’s metal door in less than a minute and opened the unsecured server closet inside.
‘We Were Shocked’
For the past two years, Staggs and his fellow researchers at the University of Tulsa have been systematically hacking wind farms around the United States to demonstrate the little-known digital vulnerabilities of an increasingly popular form of American energy production. With the permission of wind energy companies, they’ve performed penetration tests on five different wind farms across the central US and West Coast that use the hardware of five wind power equipment manufacturers.
As part of the agreement that legally allowed them to access those facilities, the researchers say they can’t name the wind farms’ owners, the locations they tested, or the companies that built the turbines and other hardware they attacked.
Tomi Engdahl says:
New York Times:
Ransomware attack spreads to 64 countries including the Asia-Pacific region, is said to originate in software from a Ukrainian tax accountancy firm M.E.Doc — SHANGHAI — A cargo terminal at a bustling Mumbai port lurched to a stop. Threatening text filled computer screens at a chocolate factory in Tasmania.
http://www.nytimes.com/2017/06/28/business/ramsonware-hackers-cybersecurity-petya-impact.html
Tomi Engdahl says:
Dan Goodin / Ars Technica:
Experts from Eset and Recorded Future say ransomware scans systems for passwords to send to server, uses NSA “EternalBlue” exploit, is “Petya” variant — Like earlier ransomware worm, new attacks use potent exploit stolen from the NSA.
A new ransomware outbreak similar to WCry is shutting down computers worldwide
Like earlier ransomware worm, new attacks use potent exploit stolen from the NSA.
https://arstechnica.com/security/2017/06/a-new-ransomware-outbreak-similar-to-wcry-is-shutting-down-computers-worldwide/
A new ransomware attack similar to last month’s self-replicating WCry outbreak is sweeping the world with at least 80 large companies infected, including drug maker Merck, international shipping company Maersk, law firm DLA Piper, UK advertising firm WPP, and snack food maker Mondelez International. It has attacked at least 12,000 computers, according to one security company.
PetyaWrap, as some researchers are calling the ransomware, uses a cocktail of potent techniques to break into a network and from there spread from computer to computer. Like the WCry worm that paralyzed hospitals, shipping companies, and train stations around the globe in May, Tuesday’s attack made use of EternalBlue, the code name for an advanced exploit that was developed and used by, and later stolen from, the National Security Agency.
According to a blog post published by antivirus provider Kaspersky Lab, Tuesday’s attack also repurposed a separate NSA exploit dubbed EternalRomance
Besides use of EternalRomance, Tuesday’s attack showed several other impressive improvements over WCry. One, according to Kaspersky, was the use of the Mimikatz hacking tool to extract passwords from other computers on a network. With those network credentials in hand, infected computers would then use PSExec, a legitimate Windows component known as the Windows Management Instrumentation, and possibly other command-line utilities to infect other machines, even when they weren’t vulnerable to the EternalBlue and EternalRomance exploits.
Once the malware takes hold of a computer, it waits 10 to 60 minutes to reboot the infected computers, Kaspersky said. The encryption routine that permanently locks data until targets pay a $300 fee starts only after the computer restarts. Researchers said anyone who experiences an infection may be able to preempt the encryption process by immediately turning off the computer and allowing only an experienced security professional to restart it.
“WannaCry had all kinds of stupid bugs and issues (hi killswitch),” researcher Kevin Beaumont wrote on Twitter. “This has no killswitch, and it looks like they had a development budget.”
The malware attack, according to researchers at Kaspersky and AV provider F-Secure, uses a modified version of EternalBlue. Researchers from AV provider Eset said in an e-mail that the malware also used the PSExec command-line tool.
“Remember, good ransomware is a turnkey, purchasable product, with many vendors to chose from,” Weaver wrote on Twitter. “Yet they chose one of the worst (it bricks computers) and then broke the payment mechanism and no C&C.”
The rapid spread mimics the WCry outbreak, which infected more than 727,000 computers in 90 countries. WCry was designed to be a worm, meaning once it infected a computer it could spread to other connected computers without requiring any user interaction. It is not yet clear if PetyaWrap has the same self-replicating ability.
Tomi Engdahl says:
Russell Brandom / The Verge:
Ransomware attack leveraged Windows’ remote admin access tools like Windows Management Instrumentation (WMI) and PsExec to infect other PCs on network
The global ransomware attack weaponized software updates
Beyond exploits and vulnerabilities
https://www.theverge.com/2017/6/27/15883110/petya-notpetya-ransomware-software-update-wannacry-exploit
Where WannaCry focused on poorly patched systems, Petya seems to have hit hardest among large corporate networks, a pattern that’s partially explained by how the virus spread. Once a single computer on a network was infected, Petya leveraged Windows networking tools like Windows Management Instrumentation (WMI) and PsExec to infect other computers on the same network.
Both tools are normally used for remote admin access, but security researcher Lesley Carhart says they’re often used by attackers as a way to spread malware within a compromised network. “WMI is a super-effective lateral movement method for hackers. It’s frequently allowed and built-in, so rarely logged or blocked by security tools,” says Carhart. “Psexec is a bit more depreciated and more monitored but still very effective.”
Even networks that had patched against the EternalBlue exploit were sometimes vulnerable to attacks launched from within the network. According to F-Secure’s Sean Sullivan, that’s in keeping with previous Petya attacks, which have historically targeted large companies likely to quickly pay out ransoms. “This started as a group targeting businesses,” Sullivan says, “and you have them picking up an exploit that’s perfect to nail businesses with.”
The more troubling aspect is how Petya got into the computers in the first place. According to research by Talos Intelligence, the ransomware may have spread through a falsified update to a Ukranian accounting system called MeDoc.
That would also explain Petya’s heavy footprint in Ukraine: as many as 60 percent of total infections were in the country, including the country’s central bank and largest airport.
It’s not the first time hackers have compromised auto-update systems to deliver malware
Tomi Engdahl says:
Critical infrastructures under daily attack – ERNCIP head Georg Peter
https://horizon-magazine.eu/article/critical-infrastructures-under-daily-attack-erncip-head-georg-peter_en.html
Critical infrastructures such as railway networks, power stations and telephone grids are under daily attack by cyber criminals, according to Georg Peter, who is responsible for the European Reference Network for Critical Infrastructure Protection (ERNCIP), an important part of the EU response to help countries defend their assets.
How significant is the problem that we are facing?
‘Critical infrastructure is a very attractive target for terrorist attacks because of the potential for large loss of life, for example rupturing of a dam, poisoning drinking water or the air, or destabilising large parts of society, such as with a large-scale electricity blackout.
Tomi Engdahl says:
Google’s $2.73 Billion Fine Demonstrates Importance of GDPR Compliance
http://www.securityweek.com/googles-273-billion-fine-demonstrates-importance-gdpr-compliance
The European Commission (EC) has levied a €2.42 billion ($2.73 billion) fine against Google because it “has abused its market dominance as a search engine by giving an illegal advantage to another Google product, its comparison shopping service.”
While this is an antitrust action, it raises the possibility of similarly large fines under the General Data Protection Regulation coming into force in less than a year’s time. That new regulation can set sanctions at up to 4% of a firm’s annual global turnover. While this would rarely reach the level of today’s fine against Google in absolute terms, it provides the potential for proportionately similar fines against a far larger number of companies than those that might be caught by antitrust regulations.
Today’s fine was levied because the EC concluded that firstly, “Google is dominant in general internet search markets throughout the European Economic Area;” and that secondly, “Google has abused this market dominance by giving its own comparison shopping service an illegal advantage.”
Google can, and almost certainly will, appeal the decision.
The level of the fine was calculated on the basis of a specified formula. “The Commission’s fine of €2,424,495,000,” explains the EC announcement, “takes account of the duration and gravity of the infringement. In accordance with the Commission’s 2006 Guidelines on fines… the fine has been calculated on the basis of the value of Google’s revenue from its comparison shopping service in the 13 EEA countries concerned.”
It is this use of a known formula that allows us to speculate on any future GDPR fines (for any infringer and not just Google)
“My personal expectation is that the same approach will be taken with respect to GDPR fines. The EU States hold the concept of individual personalty and their consequent rights very highly. In a sense, that is the moving force behind the GDPR. In the European Commission Fact Sheet on this subject (24th May 2017): ‘The reform provides tools for gaining control of one’s personal data, the protection of which is a fundamental right in the European Union.’
Tomi Engdahl says:
Petya/NotPetya: What We Know in the First 24 Hours
http://www.securityweek.com/petyanotpetya-what-we-know-first-24-hours
The Petya/NotPetya attack hit a total of 65 countries, including Belgium, Brazil, Germany, Russia, and the United States, Microsoft reveals. In Ukraine, more than 12,500 machines were affected by the ransomware attack, the tech giant says.
The attack hit Ukraine central bank, government computers, airports, the Kiev metro, the state power distributor Ukrenergo, Chernobyl’s radiation monitoring system, and other machines in the country. It also affected Russian oil giant Rosneft, DLA Piper law firm, U.S. biopharmaceutical giant Merck, British advertiser WPP, and Danish shipping and energy company Maersk, among others.
Tomi Engdahl says:
Paul Chadwick / The Guardian:
The Guardian rolls back much of its WhatsApp backdoor story, which was decried by 70+ experts, but will leave it online with a note highlighting deficiencies
Flawed reporting about WhatsApp
https://www.theguardian.com/technology/commentisfree/2017/jun/28/flawed-reporting-about-whatsapp
Cumulative effect of missteps led the Guardian to overstate the potential impact on the security of users’ messaging
The Guardian was wrong to report in January that the popular messaging service WhatsApp had a security flaw so serious that it was a huge threat to freedom of speech.
But it was right to bring to wide public notice an aspect of WhatsApp that had the potential to make some messages vulnerable to being read by an unintended recipient.
The Guardian did not test with an appropriate range of experts a claim that had implications for the more than one billion people who use the Facebook-owned WhatsApp.
In a detailed review I found that misinterpretations, mistakes and misunderstandings happened at several stages of the reporting and editing process. Cumulatively they produced an article that overstated its case.
The original article – now amended and associated with the conclusions of this review – led to follow-up coverage, some of which sustained the wrong impression given at the outset. The most serious inaccuracy was a claim that WhatsApp had a “backdoor”, an intentional, secret way for third parties to read supposedly private messages.
https://www.theguardian.com/technology/2017/jan/13/whatsapp-design-feature-encrypted-messages
Tomi Engdahl says:
Petya.2017 is a wiper not a ransomware
https://blog.comae.io/petya-2017-is-a-wiper-not-a-ransomware-9ea1d8961d3b
Ransomware-as-a-service soon to be renamed Lure-as-a-Service
TL;DR: The ransonware was a lure for the media, this version of Petya actually wipes the first sectors of the disk like we have seen with malwares such as Shamoon.
What’s the difference between a wiper and a ransomware ?
The goal of a wiper is to destroy and damage. The goal of a ransomware is to make money. Different intent. Different motive. Different narrative. A ransomware has the ability to restore its modification such as (restoring the MBR like in the 2016 Petya, or decrypting files if the victim pays) — a wiper would simply destroy and exclude possibilities of restoration.
Tomi Engdahl says:
We believe the ransomware was in fact a lure to control the media narrative, especially after the WannaCry incidents to attract the attention on some mysterious hacker group rather than a national state attacker like we have seen in the past in cases that involved wipers such as Shamoon.
The fact of pretending to be a ransomware while being in fact a nation state attack — especially since WannaCry proved that widely spread ransomware aren’t financially profitable — is in our opinion a very subtle way from the attacker to control the narrative of the attack.
Source: https://blog.comae.io/petya-2017-is-a-wiper-not-a-ransomware-9ea1d8961d3b
Tomi Engdahl says:
Petya Or Not? Global Ransomware Outbreak Hits Europe’s Industrial Sector, Thousands More
http://www.darkreading.com/attacks-breaches/petya-or-not-global-ransomware-outbreak-hits-europes-industrial-sector-thousands-more/d/d-id/1329231
With echoes of WannaCry, infections spread fast. Some security researchers describe malware as variant of Petya; others say it’s a brand new sample.
Tomi Engdahl says:
In aftermath of Petya, congressman asks NSA to stop the attack if it knows how
https://techcrunch.com/2017/06/28/ted-lieu-petya-notpetya-no-kill-switch/amp/
Today Democratic Congressman Ted Lieu of California wrote to the NSA in an appeal for the agency to do anything in its power to stop the spread of the global ransomware (or potentially just disguised as ransomware) attack that began yesterday.
Tomi Engdahl says:
More than half of major malware attack’s victims are industrial targets
https://techcrunch.com/2017/06/29/kaspersky-petya-expetr-not-ransomware-industrial-targets/?ncid=rss&utm_source=tcfbpage&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&utm_content=FaceBook&sr_share=facebook
More than half of major malware attack’s victims are industrial targets
Posted 1 hour ago by Taylor Hatmaker (@tayhatmaker)
A new report from cybersecurity firm Kaspersky Labs examining the targets — and intended effects — of this week’s massive malware attack comes up with some significant insights.
The attack, initially believed to be a variation of commercial malware software known as Petya, appeared to be a vast ransomware scheme. As the story developed, it became clear that the attack was more destructive than it was lucrative, as ransom payments failed to result in a return of decryption keys that would unlock affected systems.
Now, Kaspersky Labs reports that while the finance sector was hit hardest, more than 50 percent of the remaining targets fell into the categories of manufacturing or oil and gas.
“This supports the theory that this malware campaign was not designed as a ransomware attack for financial gain,” Kaspersky Labs wrote in a blog analysis. “Instead, it appears it was designed as a wiper pretending to be ransomware.”
According to our telemetry, we see evidence that many industrial companies are being attacked by ExPetr (Petya) malware.
Tomi Engdahl says:
Shifr RaaS lets create a simple ransomware with just 3 steps
http://securityaffairs.co/wordpress/60472/malware/shifr-raas.html
Over the weekend, security experts discovered a new Ransomware-as-a-Service dubbed Shifr RaaS that allows creating a ransomware compiling 3 form fields.
Ransomware represents a profitable business for crooks, it is normal that the offer of Ransomware-as-a-Service (RaaS) will continue its success in the cyber criminal ecosystem.
Tomi Engdahl says:
Jonathan Shieber / TechCrunch:
JASK emerges from stealth with $12M Series A, led by Dell Technologies Capital, for its automated threat detection service — JASK is emerging from stealth today with $12 million in the bank and a machine learning technology that automates network monitoring and management for overtaxed security teams.
JASK emerges from stealth with $12 million and an automated threat detection service
https://techcrunch.com/2017/06/27/jask-emerges-from-stealth-with-12-million-and-an-automated-threat-detection-service/
JASK is emerging from stealth today with $12 million in the bank and a machine learning technology that automates network monitoring and management for overtaxed security teams.
The thesis behind JASK’s service is the somewhat depressing (and frightening) thought that these days there aren’t enough security experts to meet the demands of running a modern business. Simply put, people can’t respond to every breach that a company faces, because there aren’t enough professionals trained in cybersecurity.
To manage that staffing shortage, companies can turn to automated services like JASK that will monitor networks and prioritize threats to chief information security officers and their teams based on the severity of the threat, according to a statement from the company.
The company was founded by network security veteran Greg Martin, a co-founder of ThreatStream (now Anomali), which was also developing network monitoring technologies.
https://jask.ai/
Tomi Engdahl says:
EXCLUSIVE: HACKING DEMOCRACY
Obama’s secret struggle to punish Russia for Putin’s election assault
https://www.washingtonpost.com/graphics/2017/world/national-security/obama-putin-election-hacking/?hpid=hp_hp-banner-low_russiaobama-banner-7a%3Ahomepage%2Fstory&utm_term=.8e1ffe64a94d
The White House debated various options to punish Russia, but facing obstacles and potential risks, it ultimately failed to exact a heavy toll on the Kremlin for its election meddling.
Inside was an intelligence bombshell, a report drawn from sourcing deep inside the Russian government that detailed Russian President Vladimir Putin’s direct involvement in a cyber campaign to disrupt and discredit the U.S. presidential race.
But it went further. The intelligence captured Putin’s specific instructions on the operation’s audacious objectives — defeat or at least damage the Democratic nominee, Hillary Clinton, and help elect her opponent, Donald Trump.
Tomi Engdahl says:
New York Times:
Malware attack raises concern that the NSA has lost control over cyberweapons they developed, and that damage from the Shadow Brokers leaks could be much worse — Twice in the past month, National Security Agency cyberweapons stolen from its arsenal have been turned against two very different partners …
Hacks Raise Fear Over N.S.A.’s Hold on Cyberweapons
http://www.nytimes.com/2017/06/28/technology/ransomware-nsa-hacking-tools.html
Twice in the past month, National Security Agency cyberweapons stolen from its arsenal have been turned against two very different partners of the United States — Britain and Ukraine.
The N.S.A. has kept quiet, not acknowledging its role in developing the weapons. White House officials have deflected many questions, and responded to others by arguing that the focus should be on the attackers themselves, not the manufacturer of their weapons.
But the silence is wearing thin for victims of the assaults, as a series of escalating attacks using N.S.A. cyberweapons have hit hospitals, a nuclear site and American businesses. Now there is growing concern that United States intelligence agencies have rushed to create digital weapons that they cannot keep safe from adversaries or disable once they fall into the wrong hands.
On Wednesday, the calls for the agency to address its role in the latest attacks grew louder, as victims and technology companies cried foul.
In an email on Wednesday evening, Michael Anton, a spokesman for the National Security Council at the White House, noted that the government “employs a disciplined, high-level interagency decision-making process for disclosure of known vulnerabilities” in software, “unlike any other country in the world.”
Mr. Anton said the administration “is committed to responsibly balancing national security interests and public safety and security,” but declined to comment “on the origin of any of the code making up this malware.”
Beyond that, the government has blamed others. Two weeks ago, the United States — through the Department of Homeland Security — said it had evidence North Korea was responsible for a wave of attacks in May using ransomware called WannaCry that shut down hospitals, rail traffic and production lines. The attacks on Tuesday against targets in Ukraine, which spread worldwide, appeared more likely to be the work of Russian hackers, though no culprit has been formally identified.
In both cases, the attackers used hacking tools that exploited vulnerabilities in Microsoft software. The tools were stolen from the N.S.A., and a group called the Shadow Brokers made them public in April.
Tomi Engdahl says:
Sam Chambers / Splash 247:
How Maersk has largely gone back to operating manually after malware attack, which some experts are calling a “Y2K moment” for the shipping industry
http://splash247.com/back-future-maersk-wake-petya-attack/
http://splash247.com/back-future-maersk-wake-petya-attack/
Tomi Engdahl says:
Dani Deahl / The Verge:
Researchers training machine learning on 1.6M tweets from the 2011 London riots identify threats up to an hour faster than the police
Twitter can predict a riot faster than police
By up to an hour
https://www.theverge.com/2017/6/28/15882272/twitter-riot-predict-faster-than-police-cardiff
A new study by Cardiff University has determined that Twitter can be used to identify dangerous situations up to an hour faster than police reports.
Using a dataset of 1.6 million tweets from the London riots in 2011, researchers were able to have a series of machine learning algorithms automatically scan Twitter to identify threats. The system took into account things like the location of the tweet, the frequency of tweets containing certain words (or variants of these words), and timing of the tweets.
Applying these algorithms to the London riots, they were able to detect incidents faster than police in almost every instance.
As the report notes, many existing approaches to event detection are directed toward large-scale events like terror attacks, and it’s much harder to be alerted to smaller incidents like fires or car accidents. Leveraging social media data can solve this gap and also be applied to large-scale events, as well.
Tomi Engdahl says:
New York Times:
Germany passes law allowing fines of up to $57M for social media companies if they do not delete illegal, racist, or slanderous content within 24 hours — BERLIN — Social media companies operating in Germany face fines of as much as $57 million if they do not delete illegal …
Delete Hate Speech or Pay Up, Germany Tells Social Media Companies
https://www.nytimes.com/2017/06/30/business/germany-facebook-google-twitter.html
BERLIN — Social media companies operating in Germany face fines of as much as $57 million if they do not delete illegal, racist or slanderous comments and posts within 24 hours, under a law passed on Friday.
The law reinforces Germany’s position as one of the most aggressive countries in the Western world at forcing companies like Facebook, Google and Twitter to crack down on hate speech and other extremist messaging on their digital platforms.
But the new rules have also raised questions about freedom of expression. Digital and human rights groups, as well as the companies themselves, had opposed the law on the grounds that it placed limits on individuals’ right to free expression. Critics also said the legislation shifted the burden of responsibility to the providers from the courts, leading to last-minute changes in its wording.
Technology companies and free speech advocates argue that there is a fine line between policy makers’ views on hate speech and what is considered legitimate freedom of expression, and social networks say they do not want to be forced to censor those who use their services.
Still, German authorities pressed ahead with the legislation. Germany witnessed an increase in racist comments and anti-immigrant rhetoric after the arrival of more than a million migrants
The law will take effect in October, less than a month after nationwide elections, and will apply to social media sites with more than two million users in Germany.
It will require companies including Facebook, Twitter and Google, which owns YouTube, to remove any content that is illegal in Germany — such as Nazi symbols or Holocaust denial — within 24 hours of it being brought to their attention.
Tomi Engdahl says:
Ali Al Shouk / Gulf News:
Dubai Police plan to deploy self-driving miniature vehicles that will use biometrics to scan crowds and identify criminals and suspects — Self-driving mini police vehicles will use biometrics to scan crowds and identify criminals, or suspects — Dubai: Months after Dubai unveiled …
http://gulfnews.com/news/uae/emergencies/dubai-police-to-deploy-robotic-patrols-1.2049873
Tomi Engdahl says:
Reuters:
Sources: cybersecurity firm Zscaler to hire banks for potential IPO later this year at a valuation of about $2B
Exclusive: Cyber security firm Zscaler to hire banks for IPO – sources
http://www.reuters.com/article/us-zscaler-ipo-exclusive-idUSKBN19K2TM
Zscaler Inc is interviewing investment banks to hire as underwriters for an initial public offering later this year that could value the U.S. cyber security software firm at about $2 billion, people familiar with the matter said.
If Zscaler succeeds in going public, it would be one of the few venture capital-backed cyber security IPOs in recent years, despite a surge in cyber attacks and hacks. Investors have been wary of the companies’ ability to constantly advance their software to stay on top of threats.
Cyber security companies such as Carbon Black, ForeScout and LogRhythm have been exploring IPOs, but have remained on the sidelines.
Hundreds of security startups have sprouted in recent years, promising “next-generation” technologies to fight cyber criminals, government spies and hacker activists, who have plagued some of the world’s biggest corporations.
Many of the younger companies have struggled to stand out from the crowd and grow revenue on a sustainable basis since sophisticated cyber attacks can make software obsolete very quickly.
Tomi Engdahl says:
London Met Police’s 18,000 Windows XP PCs is a disaster waiting to happen
https://mspoweruser.com/london-metropolitan-polices-18000-windows-xp-pcs-is-a-disaster-waiting-to-happen/
The majority of PCs used by the London Metropolitan Police are still running Windows XP, which has been completely unsupported since 2014. The London Metropolitan Police are still using around 18,000 PCs powered by Windows XP which truly is a horrifying number.
The force was initially planning to get all of the Windows XP PCs to Windows 8 by March 2016 but that was a failed attempt.
Right now, more than 14,000 PCs are powered by Windows 8.1 at the London Metropolitan Police service.
London Metropolitan Police will continue to upgrade their systems to Windows 8.1 at the moment. Windows 8.1 is still being supported by Microsoft, although the mainstream support for the OS is set to end on the 9 January 2018. Microsoft will offer extended support for the OS until 2023, which means Windows 8.1 is still a much more secure alternative for the Metropolitan Police than Windows XP.
18,000 PCs running Windows XP is still quite horrifying — especially considering all the recent ransomware attacks. Just yesterday, the “Petya” ransomware attacked PCs and big organizations all around the world.
Let’s hope the service gets their cyber-ducks in order before they have a major incident rather than after.
Tomi Engdahl says:
Industry Reactions to Destructive NotPetya Attacks: Feedback Friday
http://www.securityweek.com/industry-reactions-destructive-notpetya-attacks-feedback-friday
A wiper malware disguised as ransomware wreaked havoc this week, infecting the systems of numerous organizations across more than 60 countries.
While initial analysis suggested that this was a Petya-powered ransomware attack similar to WannaCry, further investigation revealed that the malware is actually designed to overwrite the master boot record (MBR) of compromised machines. There is no way to recover encrypted files, even if the ransom is paid.
The wiper, tracked as NotPetya, Petya.A, Petrwrap, exPetr, and GoldenEye, has leveraged various tools and exploits for initial infection and lateral movement within a network.
While major organizations around the world were hit by the ransomware, some evidence suggests that the attack may have actually been aimed at Ukraine.