Connect with us

Technology

How bitcoin and Putin are enabling the ransomware crime spree | John Naughton

Voice Of EU

Published

on

I’ve just visited the Kaseya website. “We Are Kaseya,” it burbles cheerfully. “Providing you with best-in-breed technologies that allow you to efficiently manage, secure and back up IT under a single pane of glass.

“Technology,” it continues, “is the backbone of all modern business. Small to mid-size businesses deserve powerful security and IT management tools that are efficient, cost-effective, and secure. Enter Kaseya. We exist to help multi-function IT professionals get the most out of their IT tool stack.”

Translation: Kaseya produces remote management software for the IT industry. It develops and sells this software to remotely manage and monitor computers running Windows, OS X, and Linux operating systems. As many organisations will grimly confirm, managing your own IT systems is a pain in the arse. So Kaseya has lots of happy customers in the US, the UK and elsewhere.

Or, rather, it did have. On 2 July it was the victim of a ransomware attack that affected between 800 and 1,500 of its small business customers, potentially making it the largest ransomware attack ever. Such attacks are a form of kidnapping: intruders gain control of an organisation’s systems, encrypt its data, and demand payment (in cryptocurrency) in return for a key to decrypt the hostage data. In an impressive YouTube video posted on 6 July, Kaseya’s chief executive, Fred Voccola, said that the company had shut down the compromised program within an hour of noticing the attack, potentially stopping the hackers from hitting more customers. By industry standards, that was an agile and intelligent response. Other victims – such as the pipeline operator Colonial, and the Irish hospitals that were struck recently – have been much more traumatised.

So what is going on? Basically, what has happened is that, in a relatively short time, ransomware has become the new normal for organisations that are dependent on IT – which is basically every organisation in the industrialised world. And the fact that it happened to Kaseya, as Voccola put it, “just means it’s the way the world we live in is today”.

Men working on computers in front of a Kaseya logo
The attack on Kaseya affected between 800 and 1,500 of the businesses to which it provides services. Photograph: Dado Ruvić/Reuters

It is. So how did we get here? Three major factors were involved. The first was the invention and development of cryptocurrencies. Kidnapping in the old days was a risky business: the family might pay the ransom, but bundles of £20 notes were relatively easy to trace. Cryptocurrencies, on the other hand, are designed to be near-impossible to trace, so there’s no paper trail for police to follow.

“Ransomware is a bitcoin problem,” says the Berkeley researcher Nicholas Weaver, and doing something about it “will also require disrupting the one payment channel capable of moving millions at a time outside of money-laundering laws: bitcoin and other cryptocurrencies”.

The second factor is that ransomware has changed from being an exploit for lone cybercriminals into an industrialised business. We saw this earlier with distributed denial-of-service (DDoS) attacks: once upon a time if you wanted to bring down a server you first had to assemble a small virtual army of compromised PCs to do your bidding; now you can rent such a “bot army” by the hour.

Much the same applies for ransomware: there are a number of criminal gangs, such as REvil, that operate like companies providing what is essentially ransomware-as-a-service (RaaS). Criminals select a target and use REvil’s services in return for giving it a slice of the proceeds. Ross Anderson, professor of computer security at Cambridge University, regards this is “a gamechanger for the cybersecurity business” and he’s right.

The third factor is geopolitics. We live in a world that was created by the peace of Westphalia, which in 1648 brought to an end the thirty years’ war and established the system of sovereign states, which essentially ensures that rulers can do what they like within their own jurisdictions. The RaaS “firm” REvil operates in Russia, a jurisdiction ruled by an autocratic kleptocracy which has – as a state – brilliantly exploited digital technology for propaganda, disruption of democratic processes at home and abroad, and for cyber-espionage on a grand scale. The other day, for example, the NSA revealed that since 2019 Russian security agencies had been using a supercomputer cluster for “brute force” password-guessing on millions of western online services. Since these machines can perform millions of guesses every second, the chances of any normal password remaining safe are pretty poor.

And so are the chances of US, EU or UK law-enforcement agencies getting to arrest and extradite the beneficiaries of ransomware attacks on western organisations – as Joe Biden doubtless discovered when he met Vladimir Putin in Geneva the other week. So the only thing the REvil crowd have to worry about for the time being is making sure they pay up when Putin’s goons come looking for his share of the crypto-loot.

What I’ve been reading

Known unknowns
Donald Rumsfeld, Rot in Hell. Ben Burgis’s acerbic assessment in Jacobin magazine of the late Donald Rumsfeld.

Joy of home working
Paul Krugman on the relevance of Alexander Hamilton to our Covid experience. Nice New York Times column.

Antagonising antifa
People of Earth: Hello. Lovely message from aliens by Will Stephen in the New Yorker.

Source link

Technology

Russian-backed rulers of Costa Rican hacktocracy? • The Register

Voice Of EU

Published

on

In brief The notorious Russian-aligned Conti ransomware gang has upped the ante in its attack against Costa Rica, threatening to overthrow the government if it doesn’t pay a $20 million ransom. 

Costa Rican president Rodrigo Chaves said that the country is effectively at war with the gang, who in April infiltrated the government’s computer systems, gaining a foothold in 27 agencies at various government levels. The US State Department has offered a $15 million reward leading to the capture of Conti’s leaders, who it said have made more than $150 million from 1,000+ victims.

Conti claimed this week that it has insiders in the Costa Rican government, the AP reported, warning that “We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power, you have introduced an emergency.” 

Experts who spoke to the AP said they doubt actual regime change is likely, or the goal; Emsisoft analyst Brett Callow told the newswire that the threats are simply noise, and not to be taken seriously.

Callow may be right: News unfolding late this week suggests that Conti has gone offline, and may be breaking into several subsidiary groups. Its political ambitions in Costa Rica may just be a distraction, albeit one that could also turn a tidy profit. 

NSA: Trust us, no post-quantum encryption backdoors

The NSA wants to ease everyone’s concerns now: Even though it’s been involved in the US government’s post-quantum encryption research, the spy agency won’t have a backdoor.

Speaking to Bloomberg while discussing the National Institute for Standards and Technology’s post-quantum encryption competition, NSA Director of Cybersecurity (and Christmas-tree hacker) Rob Joyce said the new standards being developed are so strong that “there are no backdoors.” 

That would be a departure from previous encryption standards, which the NSA is believed to have had ready access to – until foreign spies acquired a copy of the backdoor software for their own use. The Biden administration recently announced additional funding for post-quantum encryption research, which aims to develop a form of protecting sensitive data so secure that even a quantum computer couldn’t crack it. 

The US has been actively working to develop encryption standards able to stand up to quantum computers for some time; Joyce claimed to Bloomberg that the NSA has had its own post-quantum encryption algorithms for several years, but those aren’t part of the NIST competition or available to the public. 

Despite spending tens of millions to address the security problems posed by quantum computers, the NSA also readily admits that it has no idea when, or even if, quantum computers able to crack modern public key cryptography will be realized. 

Frustrated IT admin gets seven years for deleting company databases

A former database administrator from China who wiped out his employer’s financial records has been sentenced to seven years in prison as a result.

Han Bing, who managed databases for Chinese real estate brokerage Lianjia, allegedly used his administrator access and root privileges to log in to two of Lianjia’s database servers, and two application servers, where he wiped financial data and related applications that took the company’s entire finance system offline, said Chinese news sources. 

Bing was reportedly disgruntled with his employer. He repeatedly warned them of security flaws in Lianjia’s finance system but felt ignored and undervalued, Lianjia’s ethics chief testified in court. Bing’s actions directly cost the company around $27,000 to recover data and rebuilt systems, but that doesn’t include the impact of lost business.

Bing was caught when Lianjia questioned everyone with access to the financial systems who had permissions to do what Bing did, of whom there were only five. The company claims that Bing acted suspiciously when asked to present his laptop for inspection, refusing to provide his password and claiming privacy privileges. 

The company said it suspected none of the laptops would show traces of the attack, but wanted to see how those it questioned would react. Investigators were later able to recover logs that pointed to Bing’s laptop’s IP and MAC addresses, and crosschecking logs against security footage put Bing in the right place at the right time to be the guilty party.

Apple patches a whopping 98 separate vulnerabilities

Apple has had a busy week: In a series of security updates released Monday and Wednesday, the iMaker patched 98 separate vulnerabilities out of its various software platforms.

The updates in question cover most every bit of software Apple makes: WatchOS, iOS and iPad OS, macOS Monterey, Big Sur and Catalina, Xcode, tvOS, Safari and iTunes for Windows were all included. Most of the vulnerabilities are from the past few months, but one common vulnerability and exposure (CVE) number covered by the updates dates back to 2015.

A few of the vulnerabilities covered by this week’s glut of Apple patches were rolled out previously for one system, but not others, as was the case with CVE-2022-22674 and -22675, which were patched in macOS Monterey, but not older versions, in April. Those vulnerabilities were reportedly being actively exploited at the time. 

Malicious applications executing arbitrary code with kernel privileges appears to be the most common type of hole being closed in this round of patches, though some do stand out, like Apple Watch bugs that could let apps capture the screen and bypass signature validation.

On iOS, vulnerabilities patched include websites being able to track users in Safari private browsing mode, while macOS users are being protected against apps being able to bypass Privacy preferences and access restricted portions of the filesystem.

Russian-backing Chaos ransomware variant is pure destruction

Cybersecurity firm Fortinet has discovered a variant of the Chaos ransomware that professes support for Russia’s invasion of Ukraine, but appears to have no decryption key to rescue victims in Putin’s regime. 

The variant appears to have been compiled with Chaos’ GUI customization tool as recently as May 16, Fortinet said. The researchers said they’re unsure how the Chaos variant infects its victims, and said the variant doesn’t act any differently than typical Chaos ransomware. 

Like other forms of Chaos, it enumerates files on infected systems, and irrevocably damages any larger than around 2MB by filling it with random bytes. Anything smaller is encrypted, but recoverable with a key. Chaos also typically attacks commonly used directories like Desktop, Contacts, Downloads and Pictures, which are encrypted entirely. 

Here’s where this Chaos variant differs: It’s overtly political, and instead of offering contact info and a ransom demand, the malware simply says “Stop Ukraine War! F**k Zelensky! Dont [sic] go die for f**king clown,” along with a pair of links to sites claiming to belong to the Information Coordination Center, but offering no information otherwise. Files are also encrypted with a “f**kazov” extension, likely referring to the Ukrainian Azov Battalion.

Fortinet said that this Chaos variant appears unique in the sense it appears designed to be file-destroying malware. “This particular variant provides no such avenue as the attacker has no intent on providing a decryption tool … clearly, the motive behind this malware is destruction,” Fortinet said. 

The FortiGuard team behind the research warns that with its GUI, Chaos ransomware has become a commodity product, and it expects additional attacks of this variety to emerge. ®



Source link

Continue Reading

Technology

UCD-led research finds potential treatment for advanced eye cancer

Voice Of EU

Published

on

The team said their research could help improve treatment options for advanced uveal melanoma, which currently has a poor survival rate.

An international team of researchers led by University College Dublin (UCD) have uncovered a potential treatment for a type of cancer that effects the eye.

The researchers looked at uveal melanoma (UM), the most common form of eye cancer which is diagnosed in 50 to 60 people in Ireland each year. The team explained that UM begins in the middle layer of the eye, but if it spreads to the liver and other parts of the body, patients have a poor survival prognosis.

Future Human

In their study, the team aimed to uncover treatment options for the advanced stage of this eye cancer, as it becomes very difficult to treat once it has spread.

The researchers focused on a drug called ACY-1215, which is currently in clinical trials for other solid tumours and blood cancers. This drug belongs to a relatively new group of anticancer drugs called histone deacetylase inhibitors (HDACi).

“We wanted to understand how ACY-1215 works to prevent tumour cell growth and spread, in the context of UM,” said postdoctoral researcher Dr Husvinee Sundaramurthi.

Histones are proteins that provide structural support for DNA in cells, allowing DNA to be tightly packaged together. The researchers said these proteins act like a spool that a thread of DNA can wrap itself around.

In the study, the team used the drug ACY-1215 to interfere with the histones in advanced UM cells, to stop the processes involved in their survival and growth.

“We uncovered the particular molecules that may be involved in the anticancer effects the drug ACY-1215 has in advanced UM cells,” said study lead Prof Breandan Kennedy.

“This study will pave the way to look more closely at the benefits of using HDACi, specifically ACY-1215, as a suitable treatment option for advanced UM.”

Kennedy said that by understanding the therapeutic potential of the small molecules involved in the anticancer effects, researchers can improve UM patient care and create personalised treatment strategies.

The international research team involved groups from Spain, Sweden and Ireland. Funding was provided through grants from the Irish Research Council, in collaboration with Breakthrough Cancer Research, UCD’s TopMed10, Marie Skłodowska-Curie Actions CoFund Programme and Horizon 2020.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Source link

Continue Reading

Technology

Crypto is starting to lose its cool – just look at El Salvador | Rowan Moore

Voice Of EU

Published

on

To its evangelists, bitcoin is a frictionless, empowering form of money that liberates citizens of the world from the shackles of banks and national governments. To sceptics, the cryptocurrency is a tool of kleptocrats and gangsters, environmentally monstrous in its consumption of energy, a digitally glamorised Ponzi scheme whose eventual crash will most hurt those least able to afford a loss.

Confidence may or may not have been enhanced by the unveiling, by President Nayib Bukele, of images of a proposed bitcoin-shaped Bitcoin City in El Salvador, funded with a bitcoin bond, the currency’s logo embedded in the central plaza, a metropolis powered with geothermal energy from a nearby volcano. Bukele, the self-styled “coolest dictator in the world”, a former publicist who wears baseball caps back to front, has already made El Salvador the first country to adopt bitcoin as the official currency. “The plan is simple,” he said. “As the world falls into tyranny, we’ll create a haven for freedom.”

Leaving aside the worrisome Pompeii vibe of the city’s location, some shine has come off the president’s vision with the news that the country’s investments in cryptocurrency have lost 45% of their value, that it scores CCC with the credit rating agency Fitch, and that the perceived risk of its bonds is up there with that of war-torn Ukraine. And Bukele’s talk of freedom doesn’t sit well with Amnesty International’s claim that his recent state of emergency has created “a perfect storm of human rights violations”.

But why worry about any of this when you have shiny computer-generated images of a fantasy city to distract you?

Unsecured credit line

Boris Johnson waves his arms behind a podium with the Elizabeth line sign.
The Mayor of London Sadiq Khan looks on as Boris Johnson gives a speech at Paddington station on 17 May 2022. Photograph: Reuters

The use of constructional bluster by populist leaders – Trump’s wall, for example – is not in itself anything new. See also the island airport, garden bridge, Irish Sea bridge, 40 new hospitals and 300,000 homes a year promised but not delivered by Boris Johnson, and the nuclear power stations he has implausibly pledged to build at a rate of one a year.

Last week his fondness for Potemkin infrastructure took a new twist. Rather than over-promise illusory schemes and under-deliver them, he decided to take credit for something actually built, the £19bn Elizabeth line in London, formerly known as Crossrail, whose central section opens to the public on Tuesday. “We get the big things done,” he boasted to the House of Commons, choosing to ignore the fact that the line was initiated under a Labour prime minister and a Labour mayor of London. He almost makes Nayib Bukele look credible.

Behind the red wall

Characters from The House of Shades gather around a table on stage
Mounting misery: The House of Shades. Photograph: Helen Murray

If you want a light-hearted night out – a date, a birthday treat – then The House of Shades, a new play by Beth Steel, might not, unless you are an unusual person, be for you. It is a cross between Greek tragedy and what was once called kitchen sink drama, a story of ever-mounting misery set in a Nottinghamshire town from 1965 to 2019. It covers the collapse of manufacturing, the rise of Thatcherism, the promises of New Labour and the disillusionment that led to “red wall” seats voting Conservative in 2019.

It features illegal abortion, graphically portrayed, and the effects of inflation, both newly significant. All presented at the Almeida theatre in the famously metropolitan London borough of Islington, not far from the former restaurant where Tony Blair and Gordon Brown did the 1994 deal that shaped some of the events in the play. There’s irony here to make this audience squirm. Which, along with several other not-comfortable emotions, is probably the desired effect.

Rowan Moore is the Observer’s architecture correspondent

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!