Connect with us

Technology

Petya Or NotPetya: Why The Latest Ransomware Is Deadlier Than WannaCry

Published

on

The world suffered another ransomware nightmare on Tuesday, with pharmaceutical companies, Chernobyl radiation detection systems, the Kiev metro, an airport and banks all affected. One U.S. hospital also appears to be a victim. Worse is expected, thanks to some pernicious features in the ransomware sample.

The malware widely believed to be responsible is a version of Petya which security researchers are calling “NotPetya”. It’s similar to Petya, but different enough to qualify as an entirely new form of ransomware, researchers say. Backing up NotPetya is an exploit method borrowed from a leaked NSA hack called EternalBlue, the same which WannaCry used to infect hundreds of thousands of computers and take down hospital networks. Though with the new strain, only computers on a local network are scanned, not the entire internet, as WannaCry attempted.

Mayday! Mayday! I’ve Been Hacked

That’s cause for embarrassment among infected companies: Microsoft released a patch earlier this year which prevented any EternalBlue hacks, even pushing out updates for older, unsupported Windows systems like XP. Businesses should have patched by now, especially given the carnage WannaCry caused.

Extra powers

NotPetya has some extra powers that security experts say make it deadlier than WannaCry. While EternalBlue has allowed it to spread via a weakness in Windows’ SMB, it has other tools for moving at speed across networks. For instance, according to former NSA analyst and cybersecurity entrepreneur David Kennedy, the ransomware finds passwords on the infected computer to move to other systems. It does that by extracting passwords from memory or from the local filesystem, he explained.

“This is going to be a big one. Real big one,” Kennedy added.

Another proliferation technique is NotPetya’s abuse of PsExec. The tool is meant to carry out limited actions on other systems, but in this case its  spreading the infection by executing malicious code on other computers. For instance, if the infected PC has administrator access to the network, every computer can become infected. A similar method is used by NotPetya with the Windows Management Instrumentation (WMI) tool, according to security expert Kevin Beaumont.

“This dangerous combination may be the reason why this outbreak has spread globally and rapidly, even after the previous outbreaks have generated media headlines and hopefully most vulnerabilities have been patched,” said ESET researcher Robert Lipovsky. “It only takes one unpatched computer to get inside the network, and the malware can get administrator rights and spread to other computers.”

Perhaps most crucially, thanks to all these added features, the new strain will infect even patched Windows PCs, including those with Windows 10, as one IT professional noted in a blog, whereas WannaCry worked largely on older systems.

A Microsoft spokesperson said the company was aware of the reports and was investigating, adding: “Our initial analysis found that the ransomware uses multiple techniques to spread, including one which was addressed by a security update previously provided for all platforms from Windows XP to Windows 10 [the EternalBlue vulnerability MS17-010]. As ransomware also typically spreads via email, customers should exercise caution when opening unknown files. We are continuing to investigate and will take appropriate action to protect customers.” It also claimed its anti-malware product, Windows Defender, detected and blocked the malware.

Pro ransomware

This latest attack appears to be the work of a professional group, unlike WannaCry, which was full of bugs and had a killswitch. which a British security researcher accessed and turned off (though more infections occurred just last week). There is no obvious killswitch with NotPetya, which Kaspersky said has infected at least 2,000 organizations across the globe, including Ukraine, Russia, the U.K. and the United States.

NotPetya’s professionalism might come from Petya’s birth in the bustling, highly technical cybercriminal underground. Jakub Kroustek, Threat Lab Team lead at Avast, said: “One of the perfidious characteristics of Petya ransomware is that its creators offer it on the darknet with an affiliate model which gives distributors a share of up to 85% of the paid ransom amount, while 15% is kept by the malware authors.” This kind of “ransomware-as-a-service” has been a growing concern of late, given it opens up the crime to a non-technical audience.

Whatever the class of criminal behind today’s outbreak, they’ve had a good pay day, though not an astounding one. At the time of publication, 22 payments had been made to 2.39818893 Bitcoin, worth around $5,515.

Anyone even considering paying hackers to unlock their computers should reverse course, however: the email account set up to provide keys has been shut down by the provider, Posteo. Thanks to that, there’s no obvious way of recovering files without backups. – Written by Thomas Fox-BrewsterFORBES STAFF

Health

Warning: COVID-19 Contact Tracing Apps Could Be Turned Into Tools For Domestic Abuse

Published

on

By

If governments don’t focus on strong privacy protections in their COVID-19 contact tracking tools, it could exacerbate domestic abuse and endanger survivors, according to a warning from women’s support charities.

They’ve urged the U.K. government to include domestic abuse and violence against women and girls (VAWG) experts in the development of such initiatives.

Though the U.K. doesn’t yet have a widely available track and trace app, the charities – including Women’s Aid and Refuge – are already anxious enough about the current tracing program, where infected people are called up and asked to register themselves online as someone who has contracted COVID-19. They’re then asked to share details on people with whom they’ve been in contact so they too can be informed.

In a joint whitepaper, the nonprofits said they were anxious about contact tracing staff inadvertently leaking contact details of survivors to perpetrators. They also raised fears the program could be turned into a “tool for abuse.” 

“For example, perpetrators may make fraudulent claims that they have been in contact with survivors in order for them to be asked to self-isolate unnecessarily, and in these circumstances survivors will have no means to identify the perpetrator as the original source,” they warned. “Perpetrators or associates may also pose as contact tracing staff and make contact with victims [or] survivors requesting they self-isolate or requesting personal information.”

The paper also claims abusers are already using the coronavirus pandemic for “coercive control,” in some cases deliberately breathing, spitting and coughing in survivors’ faces. As Forbes previously reported, the sharing of child abuse material has also spiked during global COVID-19 lockdowns.

As for apps, the report warned they required location services to be switched on. “While the NHS app itself doesn’t collect location data, if a perpetrator has installed spyware onto a survivor’s phone or is able to hack into it, then turning on location services will expose their location.”

Problems with Palantir?

The charities also raised concerns about a number of companies who’d partnered with the U.K. on the contact tracing initiatives. They said Serco, which is handling recruiting for contact tracing staff, “has a significant track record of failings and human rights violations, including running a controversial women’s immigration detention centre where staff have been accused of sexual misconduct and involvement in unlawful evictions of asylum seekers.” Serco also recently had to apologize for leaking email addresses of contact tracer staff.

Serco denies that it has any kind of significant track record of failing and human rights violations and that the evictions to which the charities are referring were in Scotland and were ruled legal. It also said that in seven years there had been no substantiated complaints about any sexual wrongdoing at the Yarl’s Wood immigration removal centre, where reports had revealed allegations.

“We are proud to be supporting the government’s test and trace programme with our Tier 3 contact centre team working from pre-approved Public Health England scripts. This is important work and we would like to thank all our teams who have stepped forward. In just four week we mobilised many thousands of people, which is a huge achievement, and we are focussed on ensuring that all our people are able to support the government’s programme going forwards,” a Serco spokesperson said.

Palantir, the $20 billion big data crunching business, also raised an eyebrow. The company, which has secured millions of dollars in contracts to help health agencies manage the outbreak, has come in for criticism for assisting U.S. immigration authorities on finding and ejecting illegal aliens.

Palantir hadn’t responded to a request for comment at the time of publication.

UK’s delayed COVID-19 app

The charities’ warning comes as the U.K. announced its contact tracing app would be shifting to the Apple and Google models, which promise stronger privacy protections than the app being tested by the government. The main difference is in where user information goes. In the government’s app, anonymized phone IDs of both the infected person and the people they’ve been near are sent to a centralized server, which determines who to warn about possible COVID-19 infection. In the Apple and Google model, only the phone ID of the infected person is sent to a centralized database. The phone then downloads the database and decides where to send alerts. The latter means the government has access to far less data on people’s phones, pleasing some critics but aggravating the government.

Health secretary Matt Hancock said on Thursday that Apple’s restrictions on third-party apps’ use of Bluetooth may’ve been one reason the government’s own app wasn’t as successful as hoped. Bluetooth is being used to determine whether an infected person has been in close proximity with another person’s phone.

Earlier this week, Amnesty International cybersecurity researcher Claudio Guarnieri warned that global rollouts of contact tracing apps were a privacy “trash fire.” After analyzing 11 apps, he found many contained privacy shortcomings. So concerned was Norway that it suspended its tool.

Even with lockdowns easing, those who’re infected are still being advised to isolate. However,  the NHS guidance says that “the household isolation instruction as a result of Coronavirus (COVID-19) does not apply if you need to leave your home to escape domestic abuse.” That message may not have been amplified as much as it should’ve been.

Thomas Brewster, Forbes Staff, Cybersecurity

Continue Reading

Technology

Twitter Begins Asking Users To Actually Read Articles Before Sharing Them

Published

on

By

TOPLINE Twitter announced Wednesday that it will test a new feature that will prompt users to open up a link to an article before sharing it, which appears to be a move to further combat the spread of misinformation on the platform.

KEY FACTS

  • Some Twitter uses may be subject to a prompt to click on a link if they try to retweet without reading the article first, billed by Twitter as a feature “designed to empower healthy and informed public conversation.”
  • English speakers on Android devices will be the first to see the tests.Users will still have the ability to retweet a message without clicking the link first if they chose to tap through the prompt.
  • According to Twitter Support, an official company account, the platform will only check if a user has clicked the article link recently through Twitter, not elsewhere on the internet.
  • Twitter denied some skeptical users’ accusations that the platform is testing the feature to establish a revenue stream via click-through to outside websites, saying the platform is not testing ad products with the prompts.
  • Twitter Support told one user it would watch to see if reminding users to read an article before they share it leads to more informed discussion.

CRUCIAL QUOTE

“It’s easy for links [and] articles to go viral on Twitter. This can be powerful but sometimes dangerous, especially if people haven’t read the content they’re spreading. This feature (on Android for now) encourages people to read a linked article prior to retweeting it,” Twitter product lead Kayvon Beykpour commented upon the announcement of the feature testing.

KEY BACKGROUND

The new prompt tests are the latest Twitter effort to curb the spread of misinformation on the platform. Twitter last month displayed fact-check tags on two of President Donald Trump’s tweets that featured misleading information regarding mail-in ballots and voter fraud. Twitter also rolled out testing for a new feature to allow users to limit who can reply to their tweets. The platform has faced criticism from both sides of the aisle in recent weeks, from conservatives over accusations of censorship and from the left for not doing enough to stifle misinformation.

Carlie Porterfield, Forbes Staff, Business

Continue Reading

Finance

Op-Ed: From Cashless To Digital: The Covid-19 Tipping Point

Published

on

People’s safety concerns about transmission through contact has resulted in Covid-19 becoming a catalyst for the adoption of cashless payments globally and even more so in South Africa, with the disruption expected to effect lasting changes in the way people transact with cards and cash.  

While consumers had already begun to embrace digital payment options prior to the pandemic, the health crisis is rapidly accelerating the adoption rate with more consumers seeking safer, contact-free payment methods.

This rapid adoption of digital payments will help shape a new normal as businesses begin to emerge from the more stringent levels of lockdown regulations and attempt to navigate their post-Covid-19 futures.

Derek Cikes, Commercial Director at Payflex, says the pandemic represents a watershed for the payments industry.

“The acceleration towards a cashless society is one of the key opportunities that has emerged from the pandemic, bringing the advantages of digital payments  to the fore including lower fees,  convenience, seamless delivery, greater security, and more flexible payment options,” says Cikes who adds that what makes this trend so interesting, is that historically, people used to hoard cash in times of crisis. Now, the opposite is occurring.

A study by MasterCard revealed that since the beginning of Covid-19 in South Africa, 89 percent of South African respondents have been using contactless methods to pay for groceries, 60 percent for pharmaceutical items, 39 percent for other retail items, 15 percent for fast food, and eight percent for transport.

Similarly, recent figures from Bain echo this, with estimates that by 2025, the adoption of digital payments could accelerate by a 5 – 10 percentage point increase globally, above what was previously anticipated at 57% before Covid-19 to 67% after Covid-19.   

Are contactless payments here to stay?

Cash is perceived as a vehicle for the transmission of the virus. As stores, restaurants and other merchants begin to open their doors again, contactless payments are key in providing consumers with a much-needed sense of comfort and reassurance.


“Businesses have no option but to rethink their use of shared payment surfaces, with customers more conscious than ever of what they touch. People don’t want to touch ATM or PIN pads or have to hand their cards to store tellers.  Once viewed as a convenience or nice-to-have, digital payments are now viewed as a critical service, providing a solution to limiting contact with other surfaces,” says Cikes.

Creation of new payment habits

From banking facilities like tap-to-pay, payment apps such as Zapper and Snapscan, to digital banking and e-wallet providers, South African fintech firms have reported significant increases in the use and adoption of digital payment methods since the outbreak began in March. The simple truth is, while these channels provide a convenient way of paying, they are also contactless, allowing consumers to pay for their goods while not having to exchange cash or cards with merchants.

“The perception of cards and cash as vehicles for transferring microorganisms has changed how people physically interact with their payments in favour of contactless options. With health and safety being top priorities, we anticipate this trend to become more permanent with hygiene measures and social distancing likely to become part and parcel of our daily realities for years to come,” says Cikes.

Retailers drive adoption of digital payments

Both online and brick and mortar retailers are helping to accelerate this trend with stores like Mr Price enabling consumers a contactless way to pay in-store pay via their app, and most South African retailers offering tap-to-pay-methods. There is also an expected uptick in omnichannel capabilities (being able to sell your goods through many channels such as website, app, retail, third-party platforms such as Amazon or Shopify) which bridges payments in any environment, physical or digital.

Another contactless payment method driving this trend is e-wallets with over 500 million mobile money users expected on the continent in 2020. In addition, it is anticipated that the capabilities of digital wallets will expand to offer features such as digital IDs and transaction monitoring and reporting, which is expected to create even more growth for this payment mechanism.


Flexibility needed more than ever

According to TransUnion’s Financial Hardship Survey, conducted in the United States, United Kingdom, Canada, India, Hong Kong and South Africa, one in six people lost their job in early May, with defaulting on their bills just seven weeks away. 82% of consumers indicated their household income had been impacted, and on average, consumers who were impacted, expect they will be short by R 7 542.90 when paying bills or loans.

“Many people are financially stretched and need the support of alternative payment solutions to help manage their cash flow without incurring further credit card debt,” says Cikes.

A report by GlobalWebIndex shows that 83% of South African consumers are expecting flexible payment options from brands.

“We have seen this play out in the increased uptake of our Payflex Buy Now Pay Later payment solution, which allows people to make interest-free payments over two paychecks,” says Cikes.

With health, safety and financial security at the forefront of consumer sentiments, companies will need to provide payment options which meet these consumer needs.

“Digital payment solutions provide an avenue which safeguards against physical interaction, enabling both consumers and business to navigate the environment as the economy is restarted.  These digital adoptions will not only help manage the current situation but will also have far-reaching benefits, facilitating a more customer-centric, efficient and resilient economy,” concludes Cikes.

-Derek Cikes, Commercial Director, Payflex

Continue Reading

Trending