WannaCry Came From North Korea Say Experts
The UK’s National Cyber Security Centre (NCSC) led investigation into the origins of the WannaCry ransomware attack that crippled NHS systems last month has concluded that it came from a hacking group in North Korea.
What Happened?
The WannaCry global cyber attack back in May spread worldwide, claiming victims in 150 countries and leading to around 130,000 ransomware infections of computers. The attack also made the headlines in the UK because it temporarily crippled NHS computer systems.
WannaCry was made to exploit a vulnerability on an NSA-developed hacking tool called ‘Eternal Blue’. The rapid, global spread of WannaCry was eventually thwarted when UK security researcher Marcus Hutchins registered and took over the domain that was written into the ransomware’s core code.
Lazarus
The recent NCSC investigation has concluded that WannaCry was made and distributed by the North Korea-based hacking group known as Lazarus. This is believed to be the same group that targeted Sony Pictures with a hack in 2014 over the release of the film ‘The Interview’ that satirised the North Korean leadership. The Lazarus group is also believed to have targeted a South Korean supermarket chain.
Indiscriminate
It is believed that the WannaCry ransomware attack was indiscriminate, and the fact that the (old) NHS systems were particularly badly affected may have made it appear that it was targeted.
Traced
Initial reports from cyber security experts ruled out Russian-based hackers and focused on the fact that the code showed that it may have been created on a machine in a +9 GMT timezone.
A study and reverse-engineering of the WannaCry code, combined with some overlaps with previous code developed by the Lazarus group, plus taking into account wider evidence gathered by GCHQ’s NCSC, have led experts to confirm that WannaCry was the product of the North Korean Lazarus group. It is believed that America’s NSA did not contribute heavily to the investigation because the U.S. was not hit as badly as the UK by the attack.
Was It Worth It?
The motivation of the group has been called into question since the amount of ransom paid by victims is thought to only have been around £40,000, and none of the money has been collected by the group. Also, unlike many other hacking groups, Lazarus doesn’t claim responsibility for its attacks, does not release communiqués, and does not tweet about its exploits.
IT security commentators have, therefore, concluded that WannaCry is likely to have been an attack that was far more successful and widespread than the group had intended or expected.
What Does This Mean For Your Business?
In the wake of WannaCry’s rapid and extensive spread, Internet and data security, particularly with GDPR due to come into force next year, must surely now be given high priority by businesses and must be championed at board level. The danger and false economy of staying with old operating systems as long as possible was painfully exposed in this attack. For businesses, where an attack comes from is not as relevant and important as knowing that protection is in place.
Businesses need to take a range of measures to ensure that they are well defended against known cyber threats, and prepared for the aftermath, should defences be breached. Preparations could include making sure that all the latest updates and patches are installed on systems and that anti-virus software is up to date, all important data is regularly and securely backed-up, all staff are trained to spot and deal correctly with potential threats, and workable Disaster Recovery and Business Continuity Plans are in place.
Tech Tip : Get a Screenshot of Just PARTS of Your Screen
Although getting a screenshot of the screen is relatively easy by pressing a single key on the keyboard—PrtSc, using this ‘primitive’ option means capturing unintended parts of the screen, hence the need to do some basic image editing or cropping.
Luckily, with the introduction of the so-called “Snipping Tool” since Windows 7, users have now been given the power to highlight on certain part of the screen and take a screenshot from there.
To enable the Snipping Tool:
- Go to the Start Menu.
- Use the Search feature and look for “Snipping Tool” by typing it letter for letter.
- The Snipping Tool will appear from the Start Menu.
- Make a shortcut for it for easy future access.
- Run the app as needed.
- Save it (PNG,GIF, JPG) Highlight it, Embed it, Email it … Whatever you want.
‘Machine Learning’ Can Protect You From Phishing Attacks Says Google
According to a recent blog post by Google’s Senior Product Manager of Counter Abuse Technology Andy Wen, AI machine learning technology was recently used successfully on the Google’s Gmail service, and reportedly blocked 99.9% of all phishing attempts that it detected.
What Is Phishing?
Phishing emails are a well-known and widely used fraudulent practice, which relies upon human error by sending emails, purporting to be from reputable companies, in order to induce individuals to reveal personal information, or to take other action such as wiring money to the apparent sender.
KPMG figures show that the value of (reported) fraud committed in the UK last year exceeded £1.1bn, which is part of a 55% year-on-year rise, and can be attributed to the huge growth of cybercrime, with phishing being one of the most popular methods.
Helping Business Fight Security Threats
In the blog post by Wen, he outlined how machine learning Early Phishing Detection is one of several new features being added to Gmail to help businesses stay ahead of potential cyber threats. Other features that Google is adding to its flagship web-based email system reportedly include click-time warnings for malicious links, unintended external reply warnings and built-in defences against new threats
Machine Learning Early Phishing Detection
The Early Phishing Detection service that Google has added to Gmail works by using a dedicated machine learning model that selectively delays messages to allow it enough time to carry out a rigorous analysis for any signs of phishing.
This works in conjunction with more machine learning technologies such Google Safe Browsing which finds and flags phishy and suspicious URLs.
These machine learning models are reported to be more than 99% accurate in detecting spam and phishing messages in Gmail inboxes. This is particularly important when you consider that that 50-70% of messages that Gmail receives are spam anyway.
Ransomware Protection Too
Google is also reported to be equipping Gmail with built-in defences against ransomware and polymorphic malware. This could be particularly relevant and important in the light of the recent WannaCry ransomware attack in the UK, which was the biggest in history, and was so devastating to the NHS.
What Does This Mean For Your Business?
Online fraud techniques such as phishing use social engineering and rely upon human error, gaps in human knowledge, and bad human decisions made under work pressures to be successful. Developing tools that can very accurately detect, flag and / or filter out potential cyber / data security threats could dramatically reduce the chances of successful attacks by cutting out the chance for human error. The introduction of machine learning / AI also means that these tools can keep themselves up to date, thereby offering better levels of protection than other methods that have to wait for updates to be delivered or activated by humans.
Empowering staff to make the right decisions to protect data can, therefore, involve the right software protection tools, as well as training in how to spot all popular, known cyber / data attack methods, and agreed processes for dealing with them.
Uber Refunds Terror Escapees
After a barrage of bad publicity over surge pricing, ride-hailing company Uber has announced that it has refunded those affected by inflated prices while trying to escape from the London terror attack.
Surge Pricing
The ‘surge pricing’ which can be turned on or off when needed via Uber’s app system means that Uber customers are charged higher prices in the area of a city town where demand has suddenly increased, and where not enough Uber drivers are available to meet that demand.
According to Uber, the higher prices that can be charged at these times are designed to encourage more Uber drivers to go to that area and respond to the requests from customers.
The kinds of events that would trigger surge pricing by Uber under normal circumstances in a certain area of a city are reported to be rush hour traffic, bad weather or special events.
On Saturday Night
Unfortunately, a terrorist attack in the London Bridge area of the capital at around 10pm on Saturday night meant that many more people than normal contacted Uber to get transport home or just away from the area as quickly as possible. This surge in demand reportedly meant that surge pricing was switched on.
The criticism of Uber that followed, most of it online e.g. Twitter, was broadly made up of people accusing Uber of profiting from people who were trying to get of out an area where their lives were under threat (and were instructed to by the police) .
Since Uber can also choose when to switch surge pricing on and off some people have also criticised Uber for not turning it off quickly enough.
Didn’t Realise At First
Uber’s general manager in London Tom Elvidge, has been reported as saying that as soon as it was apparent (from the news reports) what was actually happening around the London Bridge area on Saturday night, dynamic pricing was turned off all around that area at 10:50pm. Surge pricing was also then cancelled for the whole of central London by 11:40pm.
Uber is reported to have offered free rides around the London bridge area after the surge pricing was turned off (as it did for customers in Manchester after the attack at the Manchester Arena on 22 May), as well as working with the Metropolitan Police to help them get any footage from drivers who were in the area at the time of the London attack.
Refunded
Uber has said that people who used the app in the surrounding area of London Bridge on Saturday night should have already been automatically refunded, and if they have not been refunded yet, they are advised to contact customer services.
What Does This Mean For Your Business?
Uber has come in for quite a bit of criticism over the last year, mostly relating to its app e.g. tracking people long after they have left the vehicle or turned the app off. This has led to some suspicion and mistrust in the marketplace, which can’t have helped in the light of this recent incident. Uber’s reasons for the normal operation of surge pricing sound reasonable enough, and many would say that Uber were unlucky in this case in that the incident was out of the ordinary and unforeseen.
Police response to the attack is reported to have been within 8 minutes, and TV news reports would have followed not long after that, and with the connected nature of all of us these days e.g. via smart-phones, it is likely that someone from Uber could have known about the attack relatively early on, although it may be a little harsh to suggest that those with authority at Uber didn’t turn the surge pricing off quickly enough. In incidents that are particularly terrible and shocking, feelings run high anyway, and this also appears to have gone against Uber.
Uber’s announcements of its willingness to refund, help the authorities, give free rides, and switch off surge pricing in a wide area are examples of how a good, and fast response (and PR response) from businesses to unforeseen disasters can limit damage to a company’s reputation and share price, and can even show a company in a more positive light.
Apple HomePod “Different”, Says Apple
Apple is reported to be launching its “HomePod” Siri-controlled smart speaker in December this year, and although it’s in the same market as Amazon’s Echo and Sonos, the marketing message is that it’s more about music and sound quality.
What Is Siri?
Apple’s Siri is like Amazon’s Alexa. It is the intelligent, talking personal assistant voice control system that you can give commands to in natural language, and thereby operate and interact with your Apple iPhone, iPad, iPod Touch and now your HomePod.
The Focus = Music & Sound
The ‘Pod’ part of the name HomePod, and the fact that it is an intelligent speaker (with a focus on a special speaker arrangement) mean that it is very much focused on music and creating a good sound experience, rather than focusing too much on Siri and Siri’s ‘intelligence’.
The Hardware
The HomePod is a circular pill-shaped device that is slightly wider and shorter than the Amazon Echo, and the outside is covered in a minimal-style mesh white or black material. This houses 7 tweeter and 1 custom woofer speakers, microphones, and an Apple 8 chip.
What’s So Good About It?
Although it may be tempting to assume that the HomePod is a slightly late to market ‘me-too’ version of other intelligent speakers, Apple is positioning it as a new and better way of experiencing home music.
The beam-forming array of speakers and microphones are reported to be able to intelligently adjust and tune themselves to the individual shape of a room by bouncing sounds off the walls. The result is reported to be the sensation that the sound fills the room, rather than obviously coming from an isolated speaker in the corner.
The sound from the HomePod is also reported to be bassier and beefier than the Amazon Echo. All this, combined with its multi-channel echo cancellation and real-time acoustic modelling mean that the HomePod can provide a better audio experience than other ‘smart speakers’.
The HomePod is optimised to be completely compatible with a user’s entire Apple music library, and one way in which the ‘intelligent’ aspect of the device interacts with this is in enabling you to ask it to play more songs of a certain type, or by telling it (and it learning) what songs you like.
With Apple’s AirPlay 2, multiple speakers can be also used around the home.
What About The ‘Smart’ Questions?
Although the device is very much focused on the music, you can ask the intelligent assistant Siri questions in a similar way to Amazon’s Alexa e.g. the news headlines and the weather. As critics have pointed out, however, this aspect of the device is not as good as Echo, and this may be the reason why Apple have chosen to position the device with a music and sound quality focus.
What Does This Mean For Your Business?
This story shows how the market for devices with an intelligent AI aspect to them is growing and how some highly sophisticated technology is now being incorporated into what are essentially household entertainment systems. Companies are now able to produce products and services that provide highly customised experiences that adapt intelligently and relate more closely than ever to our personal likes and needs. Rather than us having to take time to learn about complicated devices and how to work the many aspects of them to get what we want out of them, we are now being offered complicated devices that learn about and adapt to us.
Calls For Tighter Online Regulation To Tackle Terrorism
The recent terror attacks in Manchester and London have led to renewed calls by the UK government for more to be done to beat terror online including ending end-to-end encryption of messages and tech companies doing more to find and remove extremist content.
Tighter Regulation Says Government
Prime Minister Theresa May and Home Secretary Amber Rudd have suggested that a lack of regulation, social media platforms not doing enough, and the fact that encryption means that there are some messages that law enforcement are unable to read have created what amount to creating a safe place on the Internet for terrorists to spread their ideology, recruit, communicate and plan attacks.
The Encryption Argument
Devices and some apps such WhatsApp allow users to encrypt (scramble) messages when they are sent and allow only the intended recipient’s device / app to un-encrypt them.
Although, in a time when there are very high levels of cyber crime, encryption provides a valuable layer of security e.g. personal data and bank details, politicians now appear to be arguing that there should be less use of encryption, disabling of automatic encryption on popular apps, and more ‘back doors’ for the authorities to use in popular apps.
Tech and online security commentators argue, however, that although this may close some of the current avenues for terrorists, it would leave ordinary Internet users more open to attack by cyber criminals. It would also not stop terrorists from encrypting messages manually, encrypting them in code, or finding alternative, more underground methods of communication.
Could Social Media Giants Do More?
Government criticism has also focused on social media and video sharing platforms such as Facebook and YouTube allowing hate / terrorist / extremist content to be displayed, not finding and removing that content quickly enough and, therefore, not policing and censoring their own platforms.
The global popularity of sites like Google, YouTube (owned by Google), Facebook and Twitter means that they have large amounts content uploaded to them daily (400 hours of videos are uploaded to YouTube every minute, and 200,000 reports of inappropriate content a day).
Despite the significant challenge of identifying and removing suspect content, all sites report that terrorist content has no place on their platforms, and that they are investing and making significant efforts to stop it e.g. Facebook by a combination of technology and human review, and Google’s development of an international forum to fight abuse on its platform.
What More?
It has been suggested that the big tech companies may be erring on the side of privacy and not security, and that they could be spurred on to greater efforts to deal more effectively with problems like extremist content with the help of more pressure from shareholders and advertisers.
Online Freedom Campaigners
Online freedom campaigners such as The Open Rights Group have pointed out that in reality, attempts to control and censor the Internet could be very challenging and difficult to enforce. The ORG have also warned that governments should seek sensible solutions as more regulations could simply push terrorists into more difficult to reach areas of the Internet.
What Does This Mean For Your Business?
As commercial organisations, the big social media platforms clearly have at the very least an interest in protecting their reputations. At the same time, they are likely to be cautious about kneejerk reactions to situations, and resistant to measures that could restrict freedoms enjoyed by the vast majority of law-abiding users that have made the platforms so popular in the first place. There may also be some truth in the fact that it may be convenient for governments to blame tech companies and social media platforms for security failings.
Stopping or limiting encryption of messages, and building ‘back doors’ in popular devices and systems may sound helpful for governments trying to tackle extremists, but this could mean more security and cyber crime risks for the rest of us, and could lead to more cyber attacks on businesses.