Botnet

Attackers DDoS WannaCry Kill Switch (venturebeat.com) 70

An anonymous reader quotes VentureBeat: As of late Friday, after many of the deadlines threatening data deletion had passed, few victims had paid ransoms. According to Elliptic Enterprises, only about $94,000 worth of ransoms had been paid via Bitcoin, which works out to less than one in a thousand of the 300,000 victims who were reportedly affected by WannaCry... While not as bad as feared, ransomware (not to mention cybersecurity threats in general) isn't going away. Wired reported that the domain registered by Hutchins has been under intense denial-of-service attacks delivered by an army of IoT devices marshalled, zombie-like, by Mirai.
Security

New SMB Worm Uses Seven NSA Hacking Tools. WannaCry Used Just Two (bleepingcomputer.com) 109

An anonymous reader writes: Researchers have detected a new worm that is spreading via SMB, but unlike the worm component of the WannaCry ransomware, this one is using seven NSA tools instead of two. Named EternalRocks, the worm seems to be in a phase where it is infecting victims and building its botnet, but not delivering any malware payload.

EternalRocks is far more complex than WannaCry's SMB worm. For starters, it uses a delayed installation process that waits 24 hours before completing the install, as a way to evade sandbox environments. Further, the worm also uses the exact same filenames as WannaCry in an attempt to fool researchers of its true origin, a reason why the worm has evaded researchers almost all week, despite the attention WannaCry payloads have received.

Last but not least, the worm does not have a killswitch domain, which means the worm can't be stopped unless its author desires so. Because of the way it was designed, it is trivial for the worm's owner to deliver any type of malware to any of the infected computers. Unfortunately, because of the way he used the DOUBLEPULSAR implant, one of the seven NSA hacking tools, other attackers can hijack its botnet and deliver their own malware as well. IOCs are available in a GitHub repo.

Ars Technica quotes security researchers who say "there are at least three different groups that have been leveraging the NSA exploit to infect enterprise networks since late April... These attacks demonstrate that many endpoints may still be compromised despite having installed the latest security patch."
Windows

Almost All WannaCry Victims Were Running Windows 7 (theverge.com) 119

An anonymous reader quotes a report from The Verge: According to data released today by Kaspersky Lab, roughly 98 percent of the computers affected by the ransomware were running some version of Windows 7, with less than one in a thousand running Windows XP. 2008 R2 Server clients were also hit hard, making up just over 1 percent of infections. Windows 7 is still by far the most common version of Windows, running on roughly four times as many computers as Windows 10 worldwide. Since more recent versions of Windows aren't vulnerable to WannaCry, it makes sense that most of the infections would hit computers running 7. Still, the stark disparity emphasizes how small of a role Windows XP seems to have played in spreading the infection, despite early concerns about the outdated operating system. The new figures also bear on the debate over Microsoft's patching practices, which generated significant criticism in the wake of the attack. Microsoft had released a public patch for Windows 7 months before the attack, but the patch for Windows XP was only released as an emergency measure after the worst of the damage had been done. The patch was available earlier to paying Custom Support customers, but most XP users were left vulnerable, each unpatched computer a potential vector to spread the ransomware further. Still, Kaspersky's figures suggest that unpatched XP devices played a relatively small role in the spread of the ransomware.
Microsoft

Linux Distros Won't Run On Microsoft's Education-Focused Windows 10 S OS (betanews.com) 115

Reader BrianFagioli writes: I was sort of hopeful for Windows 10 S when Microsoft made a shocking announcement at Build 2017 that it is bringing Linux distributions to the Windows Store. This gave the impression that students using the S variant of the OS would be able to tinker with Linux. Unfortunately, this is not the case as Microsoft will be blocking Linux on the new OS. In other words, not all apps in the store will be available for Windows 10 S. "Windows 10 S does not run command-line applications, nor the Windows Console, Cmd / PowerShell, or Linux/Bash/WSL instances since command-line apps run outside the safe environment that protects Windows 10 S from malicious / misbehaving software," says Rich Turner, Senior Product Manager, Microsoft. Tuner further explains, "Linux distro store packages are an exotic type of app package that are published to the Windows Store by known partners. Users find and install distros , safely, quickly, and reliably via the Windows Store app. Once installed, however, distros should be treated as command-line tools that run outside the UWP sandbox and secure runtime infrastructure. They run with the capabilities granted to the local user -- in the same way as Cmd and PowerShell do. This is why Linux distros don't run on Windows 10 S: Even though they're delivered via the Windows Store, and installed as standard UWP APPX's, they run as non-UWP command-line tools and this can access more of a system than a UWP can."
Government

CIA Co-Developed 'Athena' Windows Malware With US Cyber Security Company, WikiLeaks Reveals (bleepingcomputer.com) 103

An anonymous reader writes: Today, WikiLeaks leaked documentation about a tool called Athena. According to leaked documents, which WikiLeaks previously claimed it received from hackers and CIA insiders, Athena is an implant -- a CIA technical term for "malware" -- that can target and infect any Windows system, from Windows XP to Windows 10, Microsoft's latest OS version. Documents leaked today are dated between September 2015 and February 2016, showing that the CIA had the ability to hack Windows 10 months after its launch, despite Microsoft boasting about how hard it would be to hack its new OS. [...] The documents reveal that CIA had received help from a non-government contractor in developing the malware. The company is Siege Technologies, a cyber-security company based in New Hampshire, which was acquired on November 15, 2016, by Nehemiah Security, another US company, based in Tysons, Virginia, on the outskirts of Washington and near CIA's headquarters, in a zone peppered with various military and defense contractors.
China

Chinese State Media Says US Should Take Some Blame For Cyberattack (cnbc.com) 82

An anonymous reader shares a CNBC report: Chinese state media on Wednesday criticized the United States for hindering efforts to stop global cyber threats in the wake of the WannaCry ransomware attack that has infected more than 300,000 computers worldwide in recent days. The U.S. National Security Agency (NSA) should shoulder some blame for the attack, which targets vulnerabilities in Microsoft systems and has infected some 30,000 Chinese organisations as of Saturday, the China Daily said. "Concerted efforts to tackle cyber crimes have been hindered by the actions of the United States," it said, adding that Washington had "no credible evidence" to support bans on Chinese tech firms in the United States following the attack. The malware attack, which began on Friday and has been linked by some researchers to previous hits by a North Korean-run hacking operation, leveraged a tool built by the NSA that leaked online in April, Microsoft says.
United States

The Tech Sector Is Leaving the Rest of the US Economy In Its Dust (theverge.com) 155

Yesterday afternoon, the S&P 500 closed at a record high, and is up over $1.5 trillion since the start of 2017. "And the companies doing the most to drive that rally are all tech firms," reports The Verge. "Apple, Alphabet, Facebook, Amazon, and Microsoft make up a whopping 37 percent of the total gains." From the report: All of these companies saw their share prices touch record highs in recent months. This is in stark contrast to the rest of the U.S. economy, which grew at a rate of less than 1 percent during the first three months of this year. That divide is the culmination of a long-term trend, according to a recent report featured in The Wall Street Journal: "In digital industries -- technology, communications, media, software, finance and professional services -- productivity grew 2.7% annually over the past 15 years...The slowdown is concentrated in physical industries -- health care, transportation, education, manufacturing, retail -- where productivity grew a mere 0.7% annually over the same period." There is no industry where these players aren't competing. Music, movies, shipping, delivery, transportation, energy -- the list goes on and on. As these companies continue to scale, the network effects bolstering their business are strengthening. Facebook and Google accounted for over three-quarters of the growth in the digital advertising industry in 2016, leaving the rest to be divided among small fry like Twitter, Snapchat, and the entire American media industry. Meanwhile Apple and Alphabet have achieved a virtual duopoly on mobile operating systems, with only a tiny sliver of consumers choosing an alternative for their smartphones and tablets.
Businesses

Microsoft Commits $5 Million To 'Landmark' United Nations Technology Partnership (venturebeat.com) 21

Microsoft and the United Nations (UN) have announced a five-year "landmark" partnership to develop technology to "better predict, analyze and respond to critical human rights situations," according to a statement issued today. From a report: Additionally, Microsoft will support work being carried out by the UN Human Rights Office by contributing $5 million to a grant in what the UN called an "unprecedented level of support" from a private organization. An example of the kind of technology the duo have been working on is an information dashboard called Rights View that gives UN employees access to real-time aggregated data on rights violations by country. This, it's hoped, will "facilitate analysis, ensure early warning of emerging critical issues, and provide data to guide responses," according to Microsoft.
The Almighty Buck

Big Banks Will Fall First To AI, China's Most Famous VC Predicts (qz.com) 64

An anonymous reader writes: Wall Street will be one of the first and largest industries to be automated by artificial intelligence, predicts Kai-Fu Lee, China's most famous venture capitalist and former Microsoft and Google executive. Lenders, money managers, and analysts -- any jobs that involve crunching numbers to estimate a return -- are at risk. "Banks have the curse of the baggage they have, like Kodak letting go of film," Lee says. "Their DNA is all wrong." [...] The big banks that dominate now, the venture capitalist predicts they will be outmaneuvered by smaller startups able to deploy new technology much faster.
Intel

Apple To Refresh Entire MacBook Lineup Next Month, Air and Pro To Feature Kaby Lake (bloomberg.com) 232

Apple will unveil new laptops during its annual developer conference, known as WWDC, next month, reports Bloomberg. The company is going to refresh the MacBook Pro (as well as Air and just the 'MacBook' models) with new seventh-gen processors from Intel, the newest available, the report adds. Last year, Apple launched three new MacBook Pro laptops with older sixth-generation chips, which means people who already own the newer model may be a bit dismayed by Apple's refresh. From the article: Apple is planning three new laptops, according to people familiar with the matter. The MacBook Pro will get a faster Kaby Lake processor from Intel, said the people, who requested anonymity to discuss internal planning. Apple is also working on a new version of the 12-inch MacBook with a faster Intel chip. The company has also considered updating the aging 13-inch MacBook Air with a new processor as sales of the laptop, Apple's cheapest, remain surprisingly strong, one of the people said.
Security

Group Linked To NSA Spy Leaks Threatens Sale of New Tech Secrets (reuters.com) 104

Hacker group Shadow Brokers, which has taken credit for leaking NSA cyber spying tools -- including ones used in the WannaCry global ransomware attack -- has said it plans to sell code that can be used to hack into the world's most used computers, software and phones. From a report on Reuters: Using trademark garbled English, the Shadow Brokers group said in an online statement that, from June, it will begin releasing software to anyone willing to pay for access to some of the tech world's biggest commercial secrets. In the blog post, the group said it was setting up a "monthly data dump" and that it could offer tools to break into web browsers, network routers, phone handsets, plus newer exploits for Windows 10 and data stolen from central banks. It said it was set to sell access to previously undisclosed vulnerabilities, known as zero-days, that could be used to attack Microsoft's latest software system, Windows 10. The post did not identify other products by name. It also threatened to dump data from banks using the SWIFT international money transfer network and from Russian, Chinese, Iranian or North Korean nuclear and missile programs, without providing further details.
Microsoft

Microsoft Job Posting Hints At VR MMO (roadtovr.com) 18

sqorbit writes: Microsoft has posted a job opening for a Senior Design Manager for a mixed-reality team. The posting states they are "looking to build a massively social gaming and entertainment experience for both the PC and the console." It looks like they are targeting both PC and Xbox Platforms for a VR socially geared development project. The requirements: "The Xbox Mixed Reality team is looking for an experienced senior design manager with deep expertise and passion around crafting immersive social systems and experiences. [...] Here is an opportunity to join a fun and collaborative team that experiments with the latest toys, works with state of the art tech, and crafts the future of entertainment." Road to VR notes that the company says they're looking for someone who has "Shipped at least 3 AAA consumer entertainment products" and has 7+ years using design tools; bonus points if they've got experience in "NUI, VR, AR, game design, art direction, and video storytelling."
Windows

'Don't Tell People To Turn Off Windows Update, Just Don't' (troyhunt.com) 507

Security researchers Troy Hunt, writing on his blog: Often, the updates these products deliver patch some pretty nasty security flaws. If you had any version of Windows since Vista running the default Windows Update, you would have had the critical Microsoft Security Bulletin known as "MS17-010" pushed down to your PC and automatically installed. Without doing a thing, when WannaCry came along almost 2 months later, the machine was protected because the exploit it targeted had already been patched. It's because of this essential protection provided by automatic updates that those advocating for disabling the process are being labelled the IT equivalents of anti-vaxxers and whilst I don't fully agree with real world analogies like this, you can certainly see where they're coming from. As with vaccinations, patches protect the host from nasty things that the vast majority of people simply don't understand. This is how consumer software these days should be: self-updating with zero input required from the user. As soon as they're required to do something, it'll be neglected which is why Windows Update is so critical.
Android

Slashdot Asks: In the Wake Of Ransomware Attacks, Should Tech Companies Change Policies To Support Older OSs Indefinitely? 358

In the aftermath of ransomware spread over the weekend, Zeynep Tufekci, an associate professor at the School of Information and Library Science at the University of North Carolina, writes an opinion piece for The New York Times: At a minimum, Microsoft clearly should have provided the critical update in March to all its users, not just those paying extra. Indeed, "pay extra money to us or we will withhold critical security updates" can be seen as its own form of ransomware. In its defense, Microsoft probably could point out that its operating systems have come a long way in security since Windows XP, and it has spent a lot of money updating old software, even above industry norms. However, industry norms are lousy to horrible, and it is reasonable to expect a company with a dominant market position, that made so much money selling software that runs critical infrastructure, to do more. Microsoft supported Windows XP for over a decade before finally putting it to sleep. In the wake of ransomware attacks, it stepped forward to release a patch -- a move that has been lauded by columnists. That said, do you folks think it should continue to push security updates to older operating systems as well?
Security

Cyberattacks From WannaCry Ransomware Slow But Fears Remain (bbc.com) 76

WannaCry ransomware, which has spread across 150 countries, appears to be slowing down with few reports of fresh attacks in Asia and Europe on Monday. A report on BBC adds: However staff beginning the working week have been told to be careful. The WannaCry ransomware started taking over users' files on Friday, demanding $300 to restore access. Hundreds of thousands of computers have been affected so far. Computer giant Microsoft said the attack should serve as a wake-up call. BBC analysis of three accounts linked to the ransom demands suggests only about $38,000 had been paid by Monday morning.
Biotech

Researcher Hacks Nine Sleep-Tracking Devices To Test Their Accuracy (brown.edu) 44

A determined researcher at Brown University extracted "the previously irretrievable sleep tracking data from the Hello Sense, from the Microsoft Band, and nine other popular devices," according to an anonymous reader, "by decompiling the apps and using man-in-the-middle attacks." Then they compared each device's data to that from a research-standard actigraph. Their results? The Fitbit Alta seems to be the most accurate among the other nine in terms of sleep versus awake data... Our findings tell that these consumer-level sleep reports should be taken with a grain of salt, but regardless we're happy to see more and more people investing in improving their sleep.
Communications

FCC Suspends Net Neutrality Comments, As Chairman Pai Mocks 'Mean Tweets' (gizmodo.com) 184

An anonymous reader writes:Thursday the FCC stopped accepting comments as part of long-standing rules "to provide FCC decision-makers with a period of repose during which they can reflect on the upcoming items" before their May 18th meeting. Techdirt wondered if this time to reflect would mean less lobbying from FCC Chairman Ajit Pai, but on Friday Pai recorded a Jimmy Kimmel-style video mocking mean tweets, with responses Gizmodo called "appalling" and implying "that anyone who opposes his cash grab for corporations is a moron."

Meanwhile, Wednesday The Consumerist reported the FCC's sole Democrat "is deploying some scorched-earth Microsoft Word table-making to use FCC Chair Ajit Pai's own words against him." (In 2014 Pai wrote "A dispute this fundamental is not for us five, unelected individuals to decide... We should also engage computer scientists, technologists, and other technical experts to tell us how they see the Internet's infrastructure and consumers' online experience evolving.") But Pai seemed to be mostly sticking to friendlier audiences, appearing with conservative podcasters from the Taxpayer Protection Alliance, the AEI think tank and The Daily Beast.

The Verge reports the flood of fake comments opposing Net Neutrality may have used names and addresses from a breach of 1.4 billion personal information records from marketing company River City Media. Reached on Facebook Messenger, one woman whose named was used "said she hadn't submitted any comments, didn't live at that address anymore and didn't even know what net neutrality is, let alone oppose it."

Techdirt adds "If you do still feel the need to comment, the EFF is doing what the FCC itself should do and has set up its own page at DearFCC.org to hold any comments."
Government

Microsoft Blasts Spy Agencies For Leaked Exploits Used By WanaDecrypt0r (engadget.com) 323

An anonymous reader shares Engadget's report about Microsoft's response to the massive WanaDecrypt0r ransomware attack: Company president Brad Smith has posted a response to the attack that roasts the NSA, CIA and other intelligence agencies for hogging security vulnerabilities instead of disclosing them to be fixed. There's an "emerging pattern" of these stockpiles leaking out, he says, and they cause "widespread damage" when that happens. He goes so far as to liken it to a physical weapons leak -- it's as if the US military had "some of its Tomahawk missiles stolen"... Microsoft had already floated the concept of a "Digital Geneva Convention" that required governments to report security holes, but the idea has gained a new sense of urgency in light of the recent ransomware chaos... While Microsoft makes its own efforts by rushing out patches and sharing concerns with other companies, it also chastises customers who could have closed the WannaCry hole two months earlier but didn't.
BrianFagioli shared a BetaNews article arguing Microsoft "should absolutely not shoulder any of the responsibility. After all, the vulnerability that led to the disaster was patched back in March." But troublemaker_23 notes that ITwire still faults Microsoft for not planning ahead, since in February 150 million people were still using Windows XP.
Cloud

Microsoft Wants To Monitor Your Workplace With AI, Computer Vision and the Cloud (gizmodo.com) 112

"If you're an employee under the heel of a giant corporation you should probably be terrified by the vision of the future of connected gadgets that Microsoft just revealed at its Build developer conference here in Seattle," warns Gizmodo. Slashdot reader dryriver writes: Gizmodo reports on a Microsoft Workplace Monitoring demo where CCTV cameras watch a workplace -- like a construction site -- on 24/7 basis, and AI algorithms constantly oversee and evaluate what is happening in that workplace. The system can track where employees are, where physical equipment and tools are at what time, who does what at what time in this workplace and apparently use Cloud-based AI of some sort to evaluate what is happening in the workplace being monitored. Spotting employees misbehaving, breaking workplace rules or putting themselves and expensive equipment at risk may be the intended "value proposition" this system brings to the workplace. Another aspect may be reducing insurance premiums employers pay by creating a strict, highly monitored work environment. But the system is also very Big Brother -- an AI is monitoring people and equipment in a workplace in realtime at all times, and all the data ends up being processed in the Microsoft Cloud.
Gizmodo gave their article the title, "Microsoft's Latest Workplace Tech Demos Creep Me Out."
Security

Researchers Find New Version Of WanaDecrypt0r Ransomware Without A Kill Switch (vice.com) 98

Remember that "kill switch" which shut down the WannCry ransomware? An anonymous reader quotes Motherboard: Over Friday and Saturday, samples of the malware emerged without that debilitating feature, meaning that attackers may be able to resume spreading ransomware even though a security researcher cut off the original wave. "I can confirm we've had versions without the kill switch domain connect since yesterday," Costin Raiu, director of global research and analysis team at Kaspersky Lab told Motherboard on Saturday... Another researcher confirmed they have seen samples of the malware without the killswitch.

Slashdot Top Deals