Stolen U.S. spy agency tool used to launch global cyberattack
A global cyberattack leveraging hacking tools widely
believed by researchers to have been developed by the U.S. National Security
Agency hit international shipper FedEx, disrupted Britain’s health system and
infected computers in nearly 100 countries on Friday.
Cyber extortionists tricked victims into opening malicious
malware attachments to spam emails that appeared to contain invoices, job
offers, security warnings and other legitimate files.
The ransomware encrypted data on the computers, demanding
payments of $300 to $600 to restore access. Security researchers said they observed some
victims paying via the digital currency bitcoin, though they did not know what
percent had given in to the extortionists.
Researchers with security software maker Avast said they
had observed 57,000 infections in 99
countries with Russia, Ukraine and Taiwan the top targets.
The most disruptive attacks were reported in Britain,
where hospitals and clinics were forced to turn away patients after losing
access to computers.
(Related)
'Accidental
hero' finds kill switch to stop spread of ransomware cyber-attack
… The switch was
hardcoded into the malware in case the creator wanted to stop it spreading. This involved a very long nonsensical domain
name that the malware makes a request to – just as if it was looking up any
website – and if the request comes back and shows that the domain is live, the
kill switch takes effect and the malware stops spreading.
“I saw it wasn’t registered and thought, ‘I think I’ll
have that’,” he is reported as saying. The purchase cost him $10.69. Immediately, the domain name was registering
thousands of connections every second.
(Related)
Everything you need to know about the WannaCry / Wcry /
WannaCrypt ransomware
(Related).
Microsoft fixes.
Customer Guidance for WannaCrypt attacks
… This blog spells
out the steps every individual and business should take to stay protected. Additionally, we are taking the highly unusual
step of providing a security update for all customers to protect Windows
platforms that are in custom support only, including Windows XP, Windows 8, and
Windows Server 2003. Customers running
Windows 10 were not targeted by the attack today.
To encourage my Computer Security students. (and depress Security managers)
Cybersecurity market research: Top 15 statistics for 2017
1. Global
cybersecurity spending is predicted to exceed $1 trillion cumulatively over the
next five years, from 2017 to 2021.
2. Cybercrime
damage costs are predicted to reach $6 trillion globally by 2021, up
from $3 trillion in 2015.
3. There
are 1 million cybersecurity job openings
in 2017, and that is projected to exceed 1.5 million by 2019.
4. The
cybersecurity unemployment rate remains at zero percent in 2017 (same as
2016).
5. The
security awareness training market is predicted to reach $10 billion annually by 2027.
6. Global
healthcare cybersecurity spending
is predicted to exceed $65 billion cumulatively over the next five years, from
2017 to 2021.
7. Ransomware
attacks on healthcare organizations are predicted to quadruple by 2020.
8. 300 billion passwords will require cyber protection by
2021.
9. Wi-Fi
and mobile devices are predicted to account for nearly 80 percent of IP traffic by 2025.
10. Zero-day
exploits will rise from one-per-week in 2015 to one-per-day by 2021.
11. 111
billion lines of new software code will be created
- and needs to be secured - in 2017.
12. 4 billion people are expected to be online - and need cyber
protection - by 2020, up from 2 billion plus last year
13. By
the end of 2017, all DoD contractors — about 160,000 or so — will have to
meet regulations (DFARS 252.204-7012) which require
prime contractors and their subs to employ adequate security.
14. Nearly
half of all cyber-attacks are committed against small businesses.
15. 65
percent of respondents to a poll say black-hat hackers are more experienced than white-hats.
Another view of threats.
U.S. Intelligence Community Highlights Cyber Risks in
Worldwide Threat Assessment
… Cyber
adversaries, warns the Worldwide Threat Assessment of the US Intelligence
Community (PDF),
"are becoming more adept at using cyberspace to threaten our interests and
advance their own, and despite improving cyber defenses, nearly all
information, communication networks, and systems will be at risk for years."
What predicts crime?
Would an AI do better?
Mick Dumke and Frank Main report:
As Chicago endured a devastating
surge in gun violence last summer, scores of people with long rap sheets stood
atop the Chicago Police Department’s secret watch list, newly obtained records
show.
One of the men had been arrested
12 times for violent crimes, all before turning 20. He’d also been charged with illegal gun
possession. Two others each had been
arrested eight times for violent crimes and caught three times with guns. Another man had been busted three times for
illegal guns, racked up four arrests for violent offenses and been shot twice.
Read more on Chicago
Sun-Times.
Another question: What should you specify in your warrant?
You had to know I’d do a follow-up on the story where a
Minnesota judge
issued a search warrant for anyone who Googled a victim’s name in an
entire US town.
Did law enforcement’s strategy work? We don’t yet know.
Miguel Otárola reports that once the search was
narrowed, there was only one record produced by Google from the search. That’s a far, far cry from the concerns at the
time that the search would scoop up too many people’s records, but Google says
the limited outcome was precisely because they fought to limit/narrow the
search.
Neither Google nor Edina officials explained how the search was specified
or what information was turned over to police. As of Friday, no arrest had been made in the
case, Edina spokeswoman Jennifer Bennerotte said, but she declined to comment
on the investigation.
Read more on the Star
Tribune.
Curiosity about a verdict?
Alyssa Rege reports:
A Washington couple filed a
second lawsuit against Seattle-based Virginia Mason Medical Center, alleging
the institution failed to provide information about multiple privacy breaches
involving their medical and financial records, according to K-5
News.
Matthew and Sarah Hipps, MD,
previously sued
VMMC in 2013.
Read more on Becker’s
Hospital Review.
Perhaps too big to fail but not too big to flail.
Wells Fargo bogus accounts balloon to 3.5 million: lawyers
… The new estimate
was provided in a filing late Thursday night in the federal court in San
Francisco, and is 1.4 million accounts higher than previously reported by federal
regulators, in what became a national scandal.
Keller Rohrback, a law firm
for the plaintiff customers, said the higher estimate reflects "public
information, negotiations, and confirmatory discovery."
… Nonetheless,
it could complicate Wells Fargo's ability to win approval for the settlement,
which has drawn opposition from some customers and lawyers who consider it too
small.
… Garrison's
firm said in a filing the accord underestimated the potential maximum damages
by at least 50 percent, and did not properly address whether Wells Fargo
committed identity theft by using customers' personal data to open accounts.
This is such a major management failure that I suspect we’ll
see it in a Dilbert cartoon. Note: This
is not just for Air Force One. All aircraft
need this procedure. Why were untrained
mechanics working on any plane?
Boeing mechanics caused $4 million in damage to Air Force
One's oxygen system
Mechanics from Boeing contaminated the oxygen system on a
presidential Air Force One aircraft last April, according to an accident
investigation board report released Tuesday.
The contamination to the VC-25A — one of two planes that
is known as Air Force One when it carries the president — required $4 million
in repairs, which Boeing paid for, the March 6 report said. Had it not been corrected, such contamination
could have increased the risk of a fire.
The report said that three Boeing mechanics at a plant in
Port San Antonio, Texas, used a contaminated regulator and contaminated tools,
parts and components while checking the oxygen system for leaks during regular
depot maintenance between April 1 and 10, 2016. They also used an unauthorized cleaning procedure
while unsuccessfully trying to sanitize the parts, the report said.
To avoid the chances of a fire breaking out, only
"oxygen-clean" tools and components — items that have been cleaned in
a specific way to remove any residue that could react when coming into contact
with oxygen — can be used on the plane's oxygen system, according to the
report.
For my student entrepreneurs: Think of this as Khan
Academy, but with stuff to sell.
NBCUniversal spent around $230 million to buy the video
tutorial site Craftsy
It turns out content and commerce can be a valuable mix.
Earlier this week, NBCUniversal announced the
acquisition of Craftsy, a Denver-based startup that sells videos of crafts classes, as
well as craft supplies and kits.
God bless all who conduct such studies! I may need to change my diet. What is it called when you ONLY eat cheese
and drink wine?
Wine and cheese make you smart and healthy, according to new
studies
A recent study challenges some of the health concerns
around cheese and dairy: Mainly that they are fatty and lead to potential heart
attacks or strokes. The researchers,
using previous studies and data found on these dairy products, found cheese
doesn’t increase the risk of heart attacks and strokes. It is important to note, however, that the
study was funded in part by three dairy organizations, which obviously have a
vested interest in positive results. The
Global Dairy Platform, Dairy Research Institute and the Dairy Australia (even
though the paper says they had no role in study design or data collection and
analysis).
And red wine, in moderation, can help your heart and your
brain, according to a recent study published in the journal Frontiers in Nutrition. Contrary to previous findings, such as one Swedish
report from 2014, cheese, as well as other dairy products like milk and
yogurt, may not be more dangerous to your health.
Dilbert suggests a new version of the Turing test!