Home Tags Billions of dollars

Tag: billions of dollars

Key US general embraces new space ethos of “go fast, test,...

"We have got to get back to where we accept risk.”

Enthusiasts warn planetary protection may stop humans from going to Mars

“If we could get the red death from Mars, wersquo;d already have it.”

Uber lost another $708 million in the first three months of...

Chief Financial Officer Gautam Gupta is also leaving the company.

Build offline-first mobile apps without pain

Alexander Stigsen is co-founder and CEO of Realm. It is a truth universally acknowledged that a user in possession of a smartphone must be in want of a better connection.

Despite billions of dollars of infrastructure investment and relentless technological innovation, it doesn’t take much more than a short drive to notice an essential reality of the connected era: You can’t assume a network connection will be available every time you want it.

As mobile developers, it’s a truth that’s convenient to ignore. Offline states in apps can be confounding to handle, but the problem begins with a basic and incorrect assumption—that offline is, by default, an error state.

That made sense when we built apps for desktop computers with dedicated ethernet uplinks.
It doesn’t make sense when the closing of an elevator’s doors renders an app completely useless or when it’s reasonable to expect that your application will be used in places that lack a reliable cellular infrastructure.To read this article in full or to leave a comment, please click here

In the US, added wildfires due to carelessness, not climate change

Humans start fire when lightning wouldn't, making for a much longer risk season.

How Cisco wants to become the Switzerland of the cloud

After years of juggling with different strategies of how to pursue the cloud computing market, Cisco now has what it believes will be a winning one: Become a so-called Switzerland of the cloud.Cisco is not spending billions of dollars to build a pub...

IDG Contributor Network: Bots will change workplace research sooner than you...

Bots get a lot of buzz these days.
In the enterprise, a lot of this buzz focuses on customer care use cases, trying to provide better customer service or increase sales. I think there are even bigger opportunities upcoming in the enterprise, especially in research and analytics, where AI has transformed what bots can do.

Today’s bots, when focused on specific tasks, have the ability to intelligently find and confirm data, sift out noise, and return consolidated, relevant information that can change the way organizations do business. Here are three sectors ripe for transformation with bot technology.  Compliance Banks today employ armies of compliance people -- as many as 10,000 for a top global bank.

They see no alternative, as regulations increase and criminals conduct billions of dollars of illicit trade activity, and worldwide costs for breaking sanctions reach an estimated $12 billion.To read this article in full or to leave a comment, please click here

Rick Perry, DOE nominee, says he regrets calling for Department’s elimination

Enlarge / WASHINGTON, DC - JANUARY 19: Former Texas Governor Rick Perry, President-elect Donald Trump's choice as Secretary of Energy, testifies during his confirmation hearing before the Senate Committee on Energy and Natural Resources on Capitol Hill January 19, 2017 in Washington, DC. Perry is expected to face questions about his connections to the oil and gas industry. (Photo by Aaron P.

Bernstein/Getty Images)Getty Images reader comments 12 Share this story On Thursday, former Texas Governor Rick Perry appeared before the Senate Energy and Natural Resources Committee to answer questions from the senators, who will vote on whether Perry will become the nation’s Energy Secretary.

The Republican-controlled Senate gave him little trouble this morning, although Democratic and Independent senators lobbed a few tough questions. Perry’s nomination has been controversial, notably because in a 2011 presidential primary election debate, he couldn’t remember the name of one of the Departments he promised to eliminate as President—that Department was the Department of Energy (DOE). He also drew criticism after the New York Times reported last night that Perry had accepted the Energy Secretary nomination unaware that more than half of the Department of Energy’s budget is devoted to managing the US nuclear arsenal as well as directing nuclear energy facilities’ cleanup and maintenance.  At the Senate hearing today, Perry attempted to persuade senators that he actually wanted the job. “My past statements made over five years ago about abolishing the Department of Energy do not reflect my current thinking,” Perry said in his opening statements. “In fact, after being briefed on so many of the vital functions of the Department of Energy, I regret recommending its elimination.” Perry has also attracted criticism for his so-so performance in college, especially given that the current Energy Secretary is a nuclear physicist, his predecessor was a Nobel Prize-winning physicist, and the secretary before that was an MIT-trained chemical engineer.

But Perry's supporters, like Committee Chairwoman Murkowski (R-AL), didn't seem to mind. “I don’t subscribe to the theory that only scientists can manage other scientists.
I think what we need is a good manager,” she said. Although nuclear capabilities are a vital part of the DOE’s mission, directing the department’s national laboratories and funding energy research would also come under Perry’s purview.

But his nomination has also drawn criticism because he’s vocally denied that climate change is happening, even, according to Senator Al Franken, claiming in a 2010 book that the Earth was going through a “cooling trend.” This has been flatly denied by almost all climate researchers. Perry tried to head off these criticisms in his opening statements, saying he does believe in climate change now.

But throughout the hearing, Perry was unwilling to walk back his previous statements about climate change completely and admit that the changing climate is significantly related to human activity, a point which science also supports.

Today, Perry only noted that “parts of it are created by human activity.” One of the first questions out of the gate came from Senator Cantwell (D-WA), who asked about a controversial questionnaire sent to the DOE by the Trump Administration transition team asking the department to provide a list of all employees who worked on climate change research.

The questionnaire sparked fears that the new Administration, whose leader has been openly hostile to science, would try to purge DOE employees who work on projects Trump doesn’t personally like.

After the DOE refused to provide that information to the transition team in December, the team disavowed the memo and said it was not authorized. Perry seemed to agree that it was improper to ask for the names of career scientists and employees, many of whom served under both Bush and Obama Administrations. “That questionnaire that you reference went out before I was even selected,” Perry said. “I didn’t approve it, I don’t approve of it, I don’t need that information, I don’t want that information.” Senator Cortez Masto (D-NV) asked Perry repeatedly about his opinions on nuclear waste, an issue that has concerned Nevada especially as many of the state’s residents have been vocally against a proposed nuclear waste storage facility near Yucca Mountain. Perry responded diplomatically that nuclear waste is a problem that “this country has been flummoxed by for 30 years, and we have spent billions of dollars on this issue.” But towards the end of the hearing he stopped short of assuring Cortez Masto that the question of Yucca Mountain would be dropped completely. Other senators were concerned about a report that was published in The Hill this morning saying that the Trump team planned “dramatic cuts” across all sectors of federal government, including DOE programs.
In cuts specific to the DOE, the Hill reported that funding for nuclear physics and advanced scientific computing research would be slashed, and that the Office of Electricity, the Office of Energy Efficiency and Renewable Energy, and the Office of Fossil Energy (which focuses on ways to limit greenhouse gases from fossil fuel use) would be totally eliminated. “Square this with me. How do you see your role?” Sen.
Stabenow (D-MI) asked, referencing the reported cuts. Perry said he hadn’t been privy to the conversations that The Hill reports were based on, adding that just because it’s on the Internet “doesn’t mean it’s true.” Later, responding to similar questions from Sen. Hirono (D-HI) about the reported budget cuts, Perry joked that maybe the people in the Trump administration who wanted those cuts will “have the same experience I had and forget that they said that.” A moment of levity broke up the questioning when Sen.

Franken (D-MN) thanked Perry for meeting with him before the hearing in Franken’s office. “I hope you are as much fun on that dais as you were on that couch,” Perry said, initially unaware of how his words painted a much more intimate scene than what actually took place.

The audience giggled. Perry realized what he said, laughed, and added, “May I rephrase that?” Open laughter broke out in the chamber. “Please,” Franken deadpanned. “I think we found our SNL soundbite,” Perry returned. After that exchange, Sen Sanders (I-VT) pressed Perry on whether he believed climate change is a crisis and human actions are to blame. “I believe the climate’s changing,” Perry said. “I believe some of it is naturally occurring, I believe that some of it has been caused by man made activity.” This statement is contrary to the research that has been produced by scientists for decades showing that climate change is human caused. Sanders also pressed Perry to clarify his position on nuclear weapons testing, but Perry resisted giving a clear answer. “I think it’s really important for the US to have a nuclear arsenal that is modern, that is safe,” Perry said, adding that he’d rely on the opinions of DOE scientists to make any relevant judgements. “I think anyone would be of the opinion that if we don’t ever have to test another nuclear weapon that would be a good thing not just for the United States, but for the world.” The nuclear weapons questions were especially pertinent given some of President Elect Trump’s brash statements about nuclear proliferation.

But Perry towed a more mainstream line today, saying “I think nonproliferation is a good thing in a general sense,” all while adding that he couldn’t make a definitive comment until he had a classified briefing. Perry also seemed quite positive about nuclear energy and waste cleanup, telling Senator Flake (R-AZ) that he found the concept of small modular reactors “fascinating” and promising Senator Heinrich (D-NM) that money would be allocated to keep the Waste Isolation Pilot Plant (WIPP) open and safe. Throughout the hearing, Perry repeated that he'd follow an "all of the above" approach to energy, meaning he'd support renewable energy development as well as oil, natural gas, and coal—a reversal from the current administration's efforts to push for non-greenhouse-gas-emitting energy sources. While Perry's tenure as Governor saw a boom in wind energy, he also has close ties to the fossil fuel industry, only this month stepping down from the board of Energy Transfer Partners, the controversial company at the heart of the Dakota Access Pipeline protests.

Credential-stuffers enjoy up to 2% attack success rate – report

It's kinda easy when all the passwords are 1234567 Hackers achieve a success rate of 0.1 to 2 per cent when reusing stolen credentials to access other sites, according to a new study by Shape Security. More than three billion credentials were reported stolen worldwide in 2016, with 51 companies admitting a breach.

These stolen credentials are routinely abused by cybercriminals in attempts to hijack accounts on other sites, a tactic that only works because consumers often reuse the same password and login ID combination on multiple sites. A major retailer (which later became a Shape customer) experienced a large-scale credential-stuffing attack with more than 10,000 total login attempts over one day, using the most popular credential-stuffing attack tool, Sentry MBA. "Shape has identified millions of instances of credentials from reported breaches being used in credential-stuffing attacks on other websites, with up to a 2 per cent success rate in taking over accounts on systems that did not report public data breaches," the firm said. "As a result, automated fraud losses from credential stuffing is in the billions of dollars worldwide, based on the value of accounts taken over.

The most commonly targeted account systems include bank accounts, retail gift card accounts, and airline and hotel loyalty programmes." Yahoo!, which reported two separate spills in 2016, leaked the greatest number of login credentials, followed by FriendFinder, MySpace, Badoo and LinkedIn.

Tech companies spilled the most credentials (1.75 billion) but the gaming industry was the sector that witnessed the largest number of breaches. In response to the abuse of compromised user credentials, the National Institute of Standards and Technology last month recommended that online account systems check their users' passwords against known spilled credential lists, a practice already followed by companies such as Facebook and others.

The proposed checks are included in Draft NIST Special Publication 800-63B Digital Identity Guidelines.
If the password chosen by a user appears on the spilled credential lists, NIST recommends that the user be informed that they should choose another since their chosen phrase has been compromised. ® Sponsored: Next gen cybersecurity.
Visit The Register's security hub

DOJ indicts 6 Volkswagen executives, automaker will pay $4.3 billion in...

photo reader comments 23 Share this story The US Justice Department announced on Wednesday that Volkswagen would pay $4.3 billion in civil and criminal fines and plead guilty to three criminal charges pertaining to the automaker’s diesel emissions scandal.

The DOJ also announced an indictment of six high-level VW Group executives, who are charged with lying to regulators and destroying documents. Working with US Customs and Border Patrol, the DOJ brought against VW Group charges of defrauding the US government, committing wire fraud, and violating the Clean Air Act.

As part of the settlement, VW Group has agreed to submit to three years of criminal probation, which will require the German automaker to "retain an independent monitor to oversee its ethics and compliance program." It has also agreed to cooperate with the DOJ's ongoing investigations into individual executives that may have been involved with the scandal. For the past 17 months, the automaker has maintained that none of its executives were involved with the diesel scandal, in which illegal software was discovered on Volkswagens, Audis, and Porsches to alter the cars' emissions controls depending on whether the cars sensed they were under real-world driving conditions or lab conditions.
Instead, VW Group claimed, "rogue engineers" were responsible for the placement of the emissions cheating software on the cars. After the software was discovered, VW Group admitted that its cars did have mechanisms to reduce the effectiveness of the emissions controls on its so-called "Clean Diesel" cars.

Earlier this year, the Justice Department and a class-action group of consumers pursued civil penalties from VW Group, leading to historic settlements of many billions of dollars earlier this year. This new agreement repudiates VW Group's assertion that its executives were wholly innocent of tampering with the cars' emissions control systems.

The indicted VW Group executives include Richard Dorenkamp, Bernd Gottweis, Jens Hadler, Heinz-Jakob Neusser, Jürgen Peter, and Oliver Schmidt.
Schmidt, a former emissions compliance executive for VW Group, is the only executive currently in the US—he was arrested over the weekend by the FBI on charges that he knew about the cheating software and lied to federal regulators about it. Among the other five men indicted, Richard Dorenkamp, head of VW’s technical development for lowest emission engines, was suspended from VW Group in 2015; Bernd Gottweis, a retired VW Group executive, apparently warned CEO Martin Winterkorn that the company's cars could be found with defeat devices; Jens Hadler worked as executive director of powertrain development at Volkswagen in 2008; Heinz-Jakob Neusser oversaw Volkswagen research and development; and Jürgen Peter was a Volkswagen engineering executive who implored his colleagues via internal e-mail to "Come up with the story please!" when the California Air Resources Board started pressing Volkswagen on discrepancies in emissions tests that persisted after VW Group issued a "fix." So far, Volkswagen has agreed to pay $15 billion to compensate victims of the 2.0L diesel engine scandal, $1 billion to settle charges related to 3.0L diesel vehicles (although owner compensation hasn’t been decided on yet), and $1.2 billion to compensate US Volkswagen dealers, who were unaware that the cars they were selling were not in compliance with US emissions regulations. One engineer, James Liang, has pleaded guilty. According to the Associated Press, this fresh $4.3 billion settlement "is the largest ever levied by the government against an automaker, eclipsing the $1.2 billion fine against Toyota in 2014 over safety issues related to unintended acceleration." Assistant Attorney General Leslie Caldwell, speaking at the DOJ's press conference, said that VW Group executives were largely responsible for the scandal, describing a company culture where "lower-level people" expressed concerns and "higher-level people" decided to move forward with planting the illegal software.

Apple pulls New York Times apps from Chinese App Store by...

Enlarge / The iOS version of The New York Times app.Andrew Cunningham reader comments 28 Share this story Citing local Chinese regulations, Apple confirmed today to The New York Times that the publication's English- and Chinese-language apps had been removed from the Chinese version of the Apple app store.

Apple said that "when the situation changes, the App Store will once again offer The New York Times app for download in China," but it declined to cite the specific regulations violated or who had contacted Apple about it in the first place.

The apps were removed from the store on December 23. According to the Times, the Chinese government has been taking steps to block the publication in the country since a series of articles in 2012 highlighted the hidden wealth of then-Prime Minister Wen Jiabao and his family. Legislation called "The Provisions on the Administration of Mobile Internet Application Information Services" passed in June of 2016 prohibits apps from publishing "prohibited" information among other things, and the Times suspects this is the rule that got its news apps pulled. “The request by the Chinese authorities to remove our apps is part of their wider attempt to prevent readers in China from accessing independent news coverage by The New York Times of that country, coverage which is no different from the journalism we do about every other country in the world,” said NYT spokesperson Eileen Murphy. China has become a very important territory for Apple's bottom line in the last couple of years, though 2016's sales were far below the heights of 2015's.

The country also plays a large part in the manufacturing of Apple's hardware—the Times detailed last week the billions of dollars in benefits and subsidies that China and the city of Zhengzhou have provided to Apple's manufacturing partner Foxconn.

These reasons make it beneficial for Apple to play ball with Chinese authorities and make investments in China and Chinese companies.

But there have been other censorship-related clashes, like when China shut down the Chinese iTunes movie and book stores just a few months after allowing them to open.

Apple has also refused to give its operating systems' source code to the country. When contacted for comment, Apple Director of Corporate Communications Fred Sainz told Ars that Apple had no statements beyond what was already printed in the Times article. Readers in China can still access the Times' reporting using a VPN or other software that circumvents the country's so-called "Great Firewall."

Kaspersky Security Bulletin 2016. Review of the year. Overall statistics for...

 Download Review of the year  Download Overall statistics  Download the consolidated Kaspersky Security Bulletin 2016 Introduction If they were asked to sum up 2016 in a single word, many people around the world – particularly those in Europe and the US – might choose the word ‘unpredictable’. On the face of it, the same could apply to cyberthreats in 2016: the massive botnets of connected devices that paralysed much of the Internet in October; the relentless hacking of high profile websites and data dumps; the SWIFT-enabled bank heists that stole billions of dollars, and more. However, many of these incidents had been in fact been predicted, sometimes years ago, by the IT security industry, and the best word for them is probably ‘inevitable’. For cyberthreats, 2016 was the year when “sooner or later” became “now” #KLReport Tweet Most of all, in 2016, ransomware continued its relentless march across the world – with more new malware families, more modifications, more attacks and more victims. However, there are rays of hope, including the new, collaborative No More Ransom initiative. Kaspersky Lab has designated the revolution in ransomware its Story of the Year for 2016 and you can read more about its evolution and impact here. Elsewhere on the cybersecurity landscape, targeted cyberespionage attacks, financial theft, ‘hacktivism’ and vulnerable networks of connected devices all played their part in what has been a tense and turbulent year. This Executive Summary provides an overview of the top threats and statistics for 2016. Full details are included in the accompanying Review & Statistics. It also considers what these threats mean to organisations trying spot a breach or cyberattack. How ready are businesses to proactively prevent and mitigate a cyberthreat? What can be done to help them? Six things we learned this year that we didn’t know before 1. That the underground economy is more sophisticated and bigger than ever: xDedic – the shady marketplace In May, we uncovered a large, active cybercriminal trading platform, called xDedic. xDedic listed and facilitated the buying and selling of hacked server credentials. Around 70,000 compromised servers were on offer – although later evidence suggests that there could have been as many as 176,000 – located in organisations around the world. In most cases, the legitimate owners had no idea that one of their servers, humming away in a back room or data center, had been hijacked and was being passed from criminal to criminal. xDedic is not the first underground marketplace, but it is evidence of the growing complexity and sophistication of the black market economic ecosystem. “xDedic is a hacker’s dream, simplifying access to victims, making it cheaper and faster, and opening up new possibilities for both cybercriminals and advanced threat actors.” GReAT 2. That the biggest financial heist did not involve a stock exchange: the SWIFT-enabled transfers One of the most serious attacks in 2016 was that using the inter-bank network, SWIFT (Society for Worldwide Interbank Financial Telecommunication). In February 2016, hackers used the SWIFT credentials of Bangladesh Central Bank employees to send fraudulent transaction requests to the Federal Reserve Bank of New York, asking it to transfer millions of dollars to various bank accounts in Asia. The hackers were able to get $81 million transferred to the Rizal Commercial Banking Corporation in the Philippines and an additional $20 million to Pan Asia Banking. The campaign was cut short when the bank spotted a typo in one of the transfer requests. You can read the story here. In the following months, further bank attacks using SWIFT credentials came to light. Following the theft of $100 million many banks were forced to improve their authentication and SWIFT software update procedures #KLReport Tweet 3. That critical infrastructure is worryingly vulnerable: the BlackEnergy attacks BlackEnergy deserves a place in this list even though, strictly speaking, it took place at the end of 2015. However, it was only in early 2016 that the full effect of the BlackEnergy cyber-attack on the Ukrainian energy sector became clear. The attack was unique in terms of the damage it caused. This included disabling the power distribution system in Western Ukraine, wiping software on targeted systems and unleashing a Distributed Denial of Service (DDoS) attack on the technical support services of affected companies. Kaspersky Lab has supported the investigation into BlackEnergy since 2010, with among other things, an analysis of the tool used to penetrate the target systems. You can find our 2016 report here. The BlackEnergy cyberattack on the Ukrainian energy sector revealed the vulnerability of critical infrastructures worldwide #KLReport Tweet To help organizations working with industrial control systems (ICS) to identify possible points of weakness, Kaspersky Lab experts have conducted an investigation into ICS threats. Their findings are published in the Industrial Control Systems Threat Landscape report. 4. That a targeted attack can have no pattern: the ProjectSauron APT In 2016 we discovered the ProjectSauron APT: a likely nation-state backed cyberespionage group that has been stealing confidential data from organisations in Russia, Iran and Rwanda – and probably other countries – since June 2011. Our analysis uncovered some remarkable features: for example, the group adopted innovative techniques from other major APTs, improving on their tactics in order to remain undiscovered. Most importantly of all: tools are customized for each given target, reducing their value as Indicators of Compromise (IoCs) for any other victim. An overview of the methods available to deal with such a complex threat can be found here. ProjectSauron’s pattern-less spying platform has far-reaching implications for some basic principles of threat detection #KLReport Tweet 5. That the online release of vast volumes of data can be an influential tactic: ShadowBrokers and other data dumps 2016 saw a number of remarkable online data dumps. The most famous is probably that by a group calling itself the ShadowBrokers. On August 13, they appeared online claiming to possess files belonging to the ultimate APT predator, the Equation Group. Our research suggests there are similarities between the data dumped by ShadowBrokers and that used by the Equation Group. The initial data dump included a number of unreported zero-days, and there have been further dumps in recent months. The long-term impact of all this activity is unknown, but is has already revealed the huge and rather worrying influence such data dumps can potentially have on public opinion and debate. In 2016 we also witnessed data breaches at beautifulpeople.com, Tumblr, the nulled.io hacker forum, Kiddicare, VK.com, Sage, the official forum of DotA 2, Yahoo, Brazzers, Weebly and Tesco Bank – for motives ranging from financial gain to personal reputation blackmail. A LinkedIn hack made public in 2016 revealed over a million uses of the password ‘123456’. #KLReport Tweet 6. That a camera could be part of a global cyber-army: the insecure Internet of Things Connected devices and systems, from homes and vehicles to hospitals and smart cities, exist to make our lives safer and easier. However, many were designed and manufactured without much thought for security – and sold to people who underestimated the need to protect them with more than default factory security settings. The risk of connecting everything without proper safeguards – after 2016, need we say more? #KLReport Tweet As the world now knows, all these millions of insecure connected devices represent a powerful temptation to cybercriminals. In October, attackers used a botnet of over half a million internet-connected home devices to launch a DDoS attack against Dyn – a company that provides DNS services to Twitter, Amazon, PayPal, Netflix and others. The world was shocked, but warnings about unstable IoT security have been around for a long time. For example, in February, we showed how easy it was to find a hospital, gain access to its internal network and take control of an MRI device – locating personal data about patients and their treatment procedures and obtaining access to the MRI device file system. In April, we published the results of our research into, among other things, the vulnerability of city traffic sensors and smart ticket terminals. Manufacturers need to work with the security industry to implement ‘security-by-design’ #KLReport Tweet Other top threats Inventive APTs At least 33 countries were targeted by APTs reported on by Kaspersky Lab #KLReport Tweet In February, we reported on Operation Blockbuster, a joint investigation by several major IT security companies into the activities of the Lazarus gang, a highly malicious entity responsible for data destruction. The Lazarus group is believed to have been behind the attack on Sony Pictures Entertainment in 2014 #KLReport Tweet Adwind, is a cross-platform, multi-functional RAT (Remote Access Tool) distributed openly as a paid service, where the customer pays a fee in return for use of the malicious software. It holds the dubious distinction of being one of the biggest malware platforms currently in existence, with around 1,800 customers in the system by the end of 2015. Adwind’s malware-for-rent had a customer base of 1,800 #KLReport Tweet APTs everywhere continued to make the most of the fact that not everyone promptly installs new software updates – in May we reported that at least six different groups across the Asia-Pacific and Far East regions, including the newly discovered Danti and SVCMONDR groups, were exploiting the CVE-2015-2545 vulnerability. This flaw enables an attacker to execute arbitrary code using a specially-crafted EPS image file. A patch for the vulnerability was issued back in 2015. Over six APT groups used the same vulnerability – patched back in 2015 #KLReport Tweet New zero-days Zero-days remained a top prize for many targeted attackers. In June, we reported on a cyber-espionage campaign launched by a group named ScarCruft and code-named Operation Daybreak, which was using a previously unknown Adobe Flash Player exploit (CVE-2016-1010). Then in September we discovered a Windows zero-day, CVE-2016-3393, being used by a threat actor known as FruityArmor to mount targeted attacks. In all, new Kaspersky Lab technologies designed to identify and block such vulnerabilities helped us to uncover four zero-days in 2016. The other two are an Adobe Flash vulnerability CVE-2016-4171 and a Windows EoP (Escalation of Privilege) exploit CVE-2016-0165 . The hunt for financial gain Tricking people into either disclosing personal information or installing malware that then seizes the details for their online bank account remained a popular and successful option for cyber-thieves in 2016. Kaspersky Lab solutions blocked attempts to launch such malware on 2,871,965 devices. The share of attacks targeting Android devices increased more than four-fold. A third of banking malware attacks now target Android devices #KLReport Tweet Some APT groups were also more interested in financial gain than cyberespionage. For example, the group behind Metel infiltrated the corporate network of banks in order to automate the roll-back of ATM transactions: gang members could then use debit cards to repeatedly steal money from ATMs without ever affecting the balance on the card. At the end of 2016 this group remains active. Metel launched targeted attacks on banks – then sent teams to ATMs at night to withdraw the cash #KLReport Tweet In June, Kaspersky Lab supported the Russian police in their investigation into the Lurk gang. The collaboration resulted in the arrest of 50 suspects allegedly involved in creating networks of infected computers and the theft of more than 45 million dollars from local banks, other financial institutions and commercial organizations. During the investigation, researchers spotted that users attacked by Lurk had the remote administration software Ammyy Admin installed on their computers. This led to the discovery that that the official Ammyy Admin website had most probably been compromised, with the Trojan was downloaded to users’ computers along with the legitimate Ammyy Admin software. The takedown of the Lurk gang was the largest ever arrest of hackers in Russia #KLReport Tweet The ultimate vulnerability: people 2016 also revealed that targeted attack campaigns don’t always need to be technically advanced in order to be successful. Human beings – from hapless employees to malicious insiders – often remained the easiest access route for attackers and their tools. In July, we reported on a group called Dropping Elephant (also known as ‘Chinastrats’ and ‘Patchwork’). Using high quality social engineering combined with old exploit code and some PowerShell-based malware, the group was able to successfully steal sensitive data from high-profile diplomatic and economic organisations linked to China’s foreign relations. Dropping Elephant and Operation Ghoul confirmed the fearsome power of high quality social engineering #KLReport Tweet Further, Operation Ghoul sent spear-phishing e-mails that appeared to come from a bank in the UAE to top and middle level managers of numerous companies. The messages claimed to offer payment advice from the bank and attached a look-like SWIFT document containing malware. Cybercriminals are using insiders to gain access to telecommunications networks and subscriber data, recruiting disaffected employees through underground channels or blackmailing staff using compromising information gathered from open sources.” Threat Intelligence Report for the Telecommunications Industry Mobile advertising The main mobile threats in 2016 were advertising Trojans able to obtain ‘root’ or superuser rights on an infected Android device – a level of access that allowed them to do pretty much whatever they wanted. This included hiding in the system folder, thereby making themselves almost impossible to delete, and silently installing and launching different apps that aggressively display advertising. They can even buy new apps from Google Play. 22 of the 30 most popular Trojans in 2016 are advertising Trojans – twice as many as in 2015 #KLReport Tweet Many such Trojans were distributed through the Google Play Store: some of them were installed more than 100,000 times, and one – an infected Pokemon GO Guide app was installed more than 500,000 times. Malware distributed through Google Play was downloaded hundreds of thousands of times #KLReport Tweet One Android Trojan installed and even updated as a ‘clean’ (malware-free) app before hitting targets with an infected version. Others, including Svpeng, used the Google AdSense advertising network for distribution Further, some Trojans found new ways to bypass Android security features – in particular the screen overlays and the need to request permission before opening a new app – forcing the user to sign over the access rights the Trojan was looking for. Mobile ransomware also evolved to make use of overlays, blocking rather than encrypting data since this is generally backed-up. To read more on these stories, please download the full annual Review for 2016 here. For an in-depth look at the Statistics for 2016, please register to download the Statistics report here. The impact on business The 2016 threat landscape indicates a growing need for security intelligence The Kaspersky Security Bulletin 2016 highlights the rise of complex and damaging cybersecurity threats, many of which have a far-reaching impact on businesses. This impact is also reflected in our Corporate IT Security Risks Reports (1, 2) based on a 2016 survey of more than 4000 businesses worldwide. Among other things, the survey asked companies about the most crucial metric of incident detection and response: time. Incident detection time is critical Previously unreleased findings from the research show that the typical time required to detect an IT Security event is several days – 28.7% of companies said it took them that long to detect a security breach on average. Time required to detect an IT security event Only 8.2% of businesses managed to detect security breaches almost instantly, and for 19.1% of businesses it took several weeks to detect a serious security event. When we asked how they eventually detected a long-standing breach, the replies were revealing. Going beyond prevention Average time frame required to detect a security event, across all security eventswithin the last 12 months In this chart we combine the average time to discover a security event with the responses we received on how businesses detected a breach. Apparently, businesses that struggle to detect a breach quickly, eventually spot them through one or more of the following: an external or internal security audit, or, sadly, notification from a third party. It turns out that for these businesses a security audit of any kind is the best measure of ‘last resort’ to finally bring it to light. But should it be only a last resort? This is where our report detects an obvious discrepancy between theory and practice. Although 65% of businesses admit that a security audit is an effective security measure, less than half of the companies surveyed (48%) have conducted such audit in the last 12 months. Further, 52% of companies operate under the assumption that their IT security will inevitably be compromised at some point, although 48% are not ready to accept this. In short: many businesses find a structured detection and response strategy difficult to embrace. The cost of delay It is safe to assume that the longer it takes to detect a security breach, the higher the mitigation costs and the greater the potential damage. The results reveal the shocking truth that failure to discover an attack within a few days, results in a doubling, or more of the costs. Cost of recovery vs. time needed to discover a security breach for enterprises For enterprises, an attack undiscovered for a week or more costs 2.77 times that of a breach detected almost instantly. SMBs end up paying 3.8 times more to recover from an incident detected too late. It is clear that better detection significantly reduces business costs. But the implementation of incident detection and response strategies is quite different from ensuring proper prevention. The latter provides a choice of well-established corporate solutions. The former requires security intelligence, a deep knowledge of the threat landscape, and security talent capable of applying that expertise to the unique specifics of a company. According to our special Corporate IT Security Risks report, businesses that struggle to attract security experts end up paying twice as much for their recovery after an incident. Kaspersky Lab’s solution: turning intelligence into protection In 2016 Kaspersky Lab significantly expanded its portfolio with products like Kaspersky Anti-Targeted Attack Platform and security services like Penetration Testing and Threat Data Feeds, all to help meet customer needs for better detection and response. Our plan is to offer security intelligence via any means necessary: with a technology to detect targeted threats, a service to analyze and respond to a security event, and intelligence that helps investigate an issue properly. [embedded content] We appreciate that, for many businesses, going beyond prevention is a challenge. But even a single targeted attack that is detected early and mitigated rapidly is worth the investment – and increases the chances that the next assault on the corporate infrastructure is prevented outright.