Home Tags Greece

Tag: Greece

IT threat evolution Q1 2017. Statistics

According to KSN data, Kaspersky Lab solutions detected and repelled 479,528,279 malicious attacks from online resources located in 190 countries all over the world.

File antivirus detected a total of 174,989,956 unique malicious and potentially unwanted objects.

WannaCry ransomware used in widespread attacks all over the world

Earlier today, our products detected and successfully blocked a large number of ransomware attacks around the world.
In these attacks, data is encrypted with the extension “.WCRYrdquo; added to the filenames. Our analysis indicates the attack, dubbed “WannaCryrdquo;, is initiated through an SMBv2 remote code execution in Microsoft Windows.

BrandPost: 5 Things to Consider Before an IT Refresh

By Bharath Vasudevan, HPE Product Manager, Software-defined and Cloud GroupHeraclitus, a Greek philosopher, is quoted as saying "change is the only constant in life." And he wrote that in 500 B.C.
I wonder what he would say today about the constant change brought about by technology.The pace of change in business is extraordinary – and if you don’t keep up, you’ll be left behind. Yet how do you know when change is needed for your business — particularly your infrastructure? And how do you decide what change will make you more competitive?A tech refresh is a chance for a business to evaluate the direction of its IT infrastructure and weigh the costs and benefits of trying something new.
It’s a good time to look at the current IT environment and research what other options are available that may better suit the needs of the organization.To read this article in full or to leave a comment, please click here

The future of solar power technology is bright

From photovoltaic paint to thermal fuel, we peek at a future beyond today's solar cells.

KopiLuwak: A New JavaScript Payload from Turla

A new, unique JavaScript payload is now being used by Turla in targeted attacks.

This new payload, dubbed KopiLuwak, is being delivered using embedded macros within Office documents.

The Oracle of Delphi puts a board game Odyssey on your...

Stefan Feld's newest board game is a blast from the past.

Shamoon Can Now Destroy Virtual Desktops, Too

Enlarge / A computer infected by Shamoon System is unable to find its operating system.Palo Alto Networks reader comments 19 Share this story There's a new variant of the Shamoon disk-wiping malware that was originally unleashed on Saudi Arabia's state-owned oil company in 2012, and it has a newly added ability to destroy virtual desktops, researchers said. The new strain is at least the second Shamoon variant to be discovered since late November, when researchers detected the return of disk-wiping malware after taking a more than four-year hiatus.

The variant was almost identical to the original one except for the image that was left behind on sabotaged computers. Whereas the old one showed a burning American flag, the new one displayed the iconic photo of the body of Alan Kurdi, the three-year-old Syrian refugee boy who drowned as his family tried to cross from Turkey to Greece. Like the original Shamoon, which permanently destroyed data on more than 30,000 work stations belonging to Saudi Aramco, the updates also hit one or more Saudi targets that researchers have yet to name. According to a blog post published Monday night by researchers from Palo Alto Networks, the latest variant has been updated to include legitimate credentials to access virtual systems, which have emerged as a key protection against Shamoon and other types of disk-wiping malware.

The actor involved in this attack could use these credentials to manually log into so-called virtual management infrastructure management systems to attack virtual desktop products from Huawei, which can protect against destructive malware through its ability to load snapshots of wiped systems. "The fact that the Shamoon attackers had these usernames and passwords may suggest that they intended on gaining access to these technologies at the targeted organization to increase the impact of their destructive attack," the Palo Alto Networks researchers wrote. "If true, this is a major development and organizations should consider adding additional safeguards in protecting the credentials related to their VDI deployment." Several of the usernames and passwords are included in official documentation as administrator accounts for Huawei’s virtualized desktop products, such as FusionCloud.

The researchers still aren't sure if Shamoon attackers obtained the credentials from an earlier attack on the targeted network or included the default usernames and passwords in an attempt to guess the login credentials to the VDI infrastructure. In addition to the virtualization-defeating update, the variant found by Palo Alto Networks also contained hardcoded Windows domain account credentials that were specific to the newly targeted organization.

The credentials met Windows password complexity requirements, a finding that suggests the attackers obtained the credentials through a previous breach. Like the previous Shamoon variant, the new one spread throughout a local network by "logging in using legitimate domain account credentials, copying itself to the system and creating a scheduled task that executes the copied payload." The Shamoon update was set to begin overwriting systems on November 29, 2016 at 1:30am.

The timing aligns with previous Shamoon strains, which attempted to maximize their destructive impact by striking when the targeted organization would have fewer personnel and resources available on site. Post updated in the headline and third paragraph to make clear VDI systems are manually accessed.

Shamoon disk-wiping malware can now destroy virtual desktops, too

Enlarge / A computer infected by Shamoon System is unable to find its operating system.Palo Alto Networks reader comments 14 Share this story There's a new variant of the Shamoon disk-wiping malware that was originally unleashed on Saudi Arabia's state-owned oil company in 2012, and it has a newly added ability to destroy virtual desktops, researchers said. The new strain is at least the second Shamoon variant to be discovered since late November, when researchers detected the return of disk-wiping malware after taking a more than four-year hiatus.

The variant was almost identical to the original one except for the image that was left behind on sabotaged computers. Whereas the old one showed a burning American flag, the new one displayed the iconic photo of the body of Alan Kurdi, the three-year-old Syrian refugee boy who drowned as his family tried to cross from Turkey to Greece. Like the original Shamoon, which permanently destroyed data on more than 30,000 work stations belonging to Saudi Aramco, the updates also hit one or more Saudi targets that researchers have yet to name. According to a blog post published Monday night by researchers from Palo Alto Networks, the latest variant has been updated to attack virtual desktops, which have emerged as one of the key protections against Shamoon and other types of disk-wiping malware.

The update included usernames and passwords related to the virtual desktop infrastructure products from Huawei, which can protect against a destructive malware through its ability to load snapshots of wiped systems. "The fact that the Shamoon attackers had these usernames and passwords may suggest that they intended on gaining access to these technologies at the targeted organization to increase the impact of their destructive attack," the Palo Alto Networks researchers wrote. "If true, this is a major development and organizations should consider adding additional safeguards in protecting the credentials related to their VDI deployment." Several of the usernames and passwords are included in official documentation as administrator accounts for Huawei’s virtualized desktop products, such as FusionCloud.

The researchers still aren't sure if Shamoon attackers obtained the credentials from an earlier attack on the targeted network or included the default usernames and passwords in an attempt to guess the login credentials to the VDI infrastructure. In addition to the virtualization-defeating update, the variant found by Palo Alto Networks also contained hardcoded Windows domain account credentials that were specific to the newly targeted organization.

The credentials met Windows password complexity requirements, a finding that suggests the attackers obtained the credentials through a previous breach. Like the previous Shamoon variant, the new one spread throughout a local network by "logging in using legitimate domain account credentials, copying itself to the system and creating a scheduled task that executes the copied payload." The Shamoon update was set to begin overwriting systems on November 29, 2016 at 1:30am.

The timing aligns with previous Shamoon strains, which attempted to maximize their destructive impact by striking when the targeted organization would have fewer personnel and resources available on site.

DoD Warns Contractors About Iran-Linked Malware

Shamoon, a piece of malware that tries to turn infected computers into unusable bricks, is back. Earlier this month, a number of cybersecurity firms reported that hackers had used the malware against thousands of computers in Saudi Arabia's civil aviation agency and other government bodies. According to Bloomberg, the attacks, like previous ones involving Shamoon, seemingly originated from Iran. Now, the Defense Security Service (DSS), part of the US Department of Defense, has issued a bulletin to cleared contractors warning them of the threat. “Between 2 and 7 December 2016, DSS was given information from another government agency regarding Indicators of Compromise (IOC) associated with a Shamoon malware variant and may be used in computer network exploitation attempts,” the bulletin, distributed on Thursday and obtained by Motherboard, reads. It does not specify the government agency that provided the information. These bulletins are sent to contractors to alert them to threats from foreign intelligence entities (FIEs), and in particular, FIEs' infrastructure, malware, tactics, techniques or procedures. “This information is being shared by DSS in order to enable potential targets of possible espionage activity to detect, disrupt or deny FIE's exploitation of cleared contractor information systems, networks or personnel,” it reads. In 2012, the “Cutting Sword of Justice,” a suspected Iranian hacking group, used Shamoon to aggressively wipe tens of thousands of computers belonging to Saudi Aramco. Aramco is the state-owned oil company of Saudi Arabia. In the wake of the attack, Armaco had to take itself entirely offline. “No emails, no phones, nothing,” Chris Kubecka, a consultant who worked with Aramco, told an audience at the Black Hat hacking conference last year. The hackers also replaced emails and documents with a picture of a burning American flag, according to The Register. The new version of Shamoon, however, displays a picture of a Alan Kurdi, the 3-year-old Syrian boy who drowned while trying to cross from Turkey to Greece, according to a report from security company Symantec. Neither the FBI or the Department of Defense provided comment in time for publication, and the NSA did not respond to a request for comment.

Microdemocracy is the next logical step for the United States

Enlarge / Cover detail from Infomocracy, by Malka Older.Will Staehle reader comments 48 Share this story Whether or not you think American democracy is broken, you can probably come up with some ways to improve it.

The country gets less than 50-percent voter turnout; the Electoral College has disagreed with the popular vote twice in the past five election cycles; there are referenda with explanations that take 10 minutes to read and still don’t make any sense; and don’t forget all the special interests and pork-barrels and legislative gridlock.
Surely we can do better. With all the technology we’ve developed in the centuries since the Founding Fathers set up our system, we have the capacity to make voting much more convenient. Plus, we can manage an almost unlimited number of voter concerns simultaneously. With all this technological capacity, what are the possible next steps for democracy? One idea is microdemocracy.

As the name suggests, this is about getting democracy to a more granular, local scale, although there are different suggestions for how to do so.
In the 1990s, the term arose in academic literature exploring whether democratic practices at the civil society level could support democratic transitions in authoritarian regimes such as Zimbabwe. Today, organizations like The Right Question Institute, which calls itself “a catalyst for microdemocracy,” think microdemocracy could work in countries that are already democratic.

They suggest that if citizens engage critically and demand accountability at the most local of levels—PTA meetings, community clinics—they will then “begin to move along the continuum of democratic action from an individual encounter at the agency to attending public hearings, joining with others through organizing, and exercising their right to vote.” In other words, the solution to low voter turnout and political apathy is to get people to make their voices heard where public policy meets their direct interest and work their way up from there.
Information technology will make this process easier and more accessible, especially when it makes initial information gathering and post-engagement followup far less onerous. Microdemocracy can also be used to describe a system that gives people power to vote, not just on their representatives and a few referenda, but on nearly every element of their government, from how their taxes are apportioned to individual pieces of legislation. More commonly known as direct democracy, this intensive involvement in government decision-making is similar to the ancient Greek model, but very rare today. Although Switzerland uses direct democracy instruments, requiring voters to approve every law passed by the legislature, most other modern democracies are representative: citizens elect representatives, who then make most of the decisions for them.

This is partly because the 18th-century trailblazers of modern democracy were also wary of democracy.

They wanted some elite roadblocks in front of rule by the masses. But representative democracy was also preferable because of logistical issues. When it took weeks to travel to the capital, it was hardly feasible for everyone, or even all free landholding men, to do so every time something needed to be voted on. Now, however, we have the communications technology to enable the rapid spread of information and immediate, verifiable voting from the comfort of your home, or car, or as you’re walking down the street. Political technology of the future In my recent science-fiction novel Infomocracy, I offer yet another definition of microdemocracy.

The book is set some sixty years in the future, when the nation-state is (mostly) dead and the basic political unit is a “centenal” of 100,000 people.

Each centenal can vote for any government it wants, from anywhere in the world.

This both makes politics very local—you only have to convince 50,000 of your closest neighbors to support your choice in order to win–and decouples it from geography—if the form of government you prefer originated in Denmark, you can vote for it without emigrating from your home in Tampa. Centenal-based microdemocracy naturally requires extensive use of technology.
In my book, it’s provided through a massive international bureaucracy known as Information, which offers voters data about the thousands of possible governments and helps those governments manage what may be far-flung territories once they’re elected. Although I included some cool-sounding tech gadgets to make all this more interesting, it’s really not so much of a leap, technologically. We already have countries governing territory that is not geographically contiguous–Alaska, Gibraltar, Ceuta, Oecusse. We already have multiple choices in the ballot box, and most of us have access to all the information we could want about those choices.

As with direct democracy, what makes the scenario improbable is lack of political will or, to put it another way, entrenched power structures. These various definitions of microdemocracy have a few points in common.

They all point toward improving democracy through getting more citizens more involved and tying the complex, big-picture forces of government directly to people’s day-to-day interests.

They all see technology as a means of facilitating democracy, bringing people closer to their government.

And they all believe that this will make governance—or quality of life, or life itself—better, buying into a central assumption of democracy: that it leads to better government. Decentralization and freedom The rationale behind microdemocracy is not so different from that behind a less cutting-edge concept that has been extremely popular over the last few decades: decentralization. Pushing power down to local areas has been one of the common prescriptions for countries transitioning out of authoritarianism since the 1980s: if you disperse power through the regions of a country, it becomes harder for one person—or ethnic group, say, or religion—to dominate the whole. As with The Right Question Institute’s theory of microdemocracy, many proponents of decentralization argue that getting citizens involved at the local level will translate into greater participation, and democracy, throughout the government.
In a 1999 paper on decentralization, political scientists Arun Agrawal and Jesse Ribot write: Most justifications of decentralization are built around the assumption that greater participation in public decision making is a positive good in itself or that it can improve efficiency, equity, development, and resource management. [...] At its most basic, decentralization aims to achieve one of the central aspirations of just political governance-democratization, or the desire that humans should have a say in their own affairs. Despite these lofty and seemingly logical aims, as well as the enthusiasm with which the strategy has been pursued, evidence on the results of decentralization is mixed.

For one thing, what is called decentralization is often not; it’s easy enough to attach a buzzword to a toothless public policy.
Some governments use the concept as a way of pushing fiscal and administrative responsibilities onto lower levels of government without giving local governments more decision-making power. While decentralization does help to disperse power away from the network of a central authoritarian figure, it also holds other risks.
It might consolidate the power of local or regional elites. Kent Eaton and Ed Connerley write: In many developing countries that have completed the national transition to democracy but that contain enclaves of persistent authoritarianism at the subnational level, decentralization has the unfortunate effect of transferring power and authority from units of government that are more democratic to units of government that are less democratic or nondemocratic. But this is not only true of developing countries: consider the Civil Rights struggle in the United States. Microdemocracy, in any of its forms, faces many of the same difficulties as decentralization.

As an attractive term that suggests greater accountability and transparency, it can be strategically deployed to produce the opposite.
In disempowering some elites it offers power to others–those who care more about the issues, for example, or those who are more comfortable with the technology it uses. We certainly have the necessary technology to improve democratic functioning in any number of ways.

But these initiatives are likely to require close attention and considerable calibration to make sure they are working the way we hoped.
Since this means trial and error, the sooner we can get started, the better. Malka Older is a writer and political scientist.
She was named Senior Fellow for Technology and Risk at the Carnegie Council for Ethics in International Affairs for 2015 and has more than a decade of experience in humanitarian aid and development. Her doctoral work on the sociology of organizations at the Institut d’Études Politques de Paris (Sciences Po) explores the dynamics of multi-level governance and disaster response using the cases of Hurricane Katrina and the Japan tsunami of 2011. Her 2015 novel
Infomocracy was named one of the best science fiction novels of the year by the Washington Post.

Shamoon wiper malware returns with a vengeance

Enlargereader comments 5 Share this story A new variant of Shamoon, the malware that wiped hard drives at Saudi Aramco and other energy companies in 2012, has struck multiple organizations in Saudi Arabia in a new campaign that researchers call a "carefully planned operation." The new variant, which is almost identical to the version used in the 2012 attacks, has replaced the message it previously displayed—which included an image of a burning American flag—with the photo of the body of Alan Kurdi, the 3-year-old Syrian refugee boy who drowned as his family tried to cross from Turkey to Greece. Bloomberg reports that digital forensics by Saudi officials indicated that the attacks were launched from Iran.
Several Saudi government agencies were among the organizations attacked. New versions of Shamoon, also known as Disttrack, have been detected by multiple information security companies, including McAfee, Symantec, Palo Alto Networks, and FireEye.
It isn't yet clear how the malware's "dropper" has gotten into the networks it has attacked.

But once on a victim's Windows system, it determines whether to install a 32-bit or 64-bit version of the malware.

According to a report from Symantec, the latest Shamoon attack was configured to automatically start wiping the disk drives of computers it had infected at 8:45am local time on November 17. The wiper malware itself uses RawDisk, a commercial software driver from EldoS that gives direct access to the disk drives of the infected system to write data—or in this case, overwrite data.

The same driver was used in the "wiper" attacks against Sony Pictures in 2014.

Before beginning the wipe, the malware sets the system clock of the infected computer back to a random date in August of 2012, according to a report from FireEye—likely to bypass code in the EldoS driver from checking for a valid license. "Analysis suggests this might be for the purposes of ensuring the [EldoS driver] that wipes the Master Boot Record (MBR) and Volume Boot Record (VBR) is within its test license validity period," the FireEye research team wrote. The new Shamoon variant attempts to spread across the network by turning on file sharing and attempting to connect to common network file shares, and it disables user access controls for remote control sessions with a Windows Registry change.

The malware attempts to connect to ADMIN$, C$\Windows, D$\Windows, and E$\Windows shares on the target systems with the local user's current privileges first.
If they aren't enough to gain access to those shares, it starts trying stolen credentials—credentials that have been hard-coded into the malware samples, indicating that the attackers had previously managed to penetrate the targeted networks and harvest user credentials for Windows domain administrators and other high-level accounts. When it finds these shares available, it copies itself into the Windows directory of the other system. While these latest malware attacks have included code to communicate with a command-and-control system, the attackers apparently disabled the code, leaving it pointed at a nonexistent server.

There was clearly no desire to exfiltrate information—though information may well have already been stolen before Shamoon was activated, and the disk wiper may have been left as a parting gift by the attackers.

SpeedCast Introduces SIGMA Net

A new standard in cloud-based vessel management with security by design

Sydney, Australia, November 30, 2016 - SpeedCast International Limited (ASX: SDA), a leading global satellite communications and network service provider, today announced the official release of SIGMA Net, the new standard for shipping and remote site network management designed specifically for VSAT and MSS.

SIGMA Net is a small but powerful industrial-grade VSAT and MSS network management device designed for ships and remote sites, providing automated and efficient management of multiple WAN links. Cyber security is at the heart of SIGMA Net, which incorporates a stateful firewall and Virtual Private Networking between the vessel and the Internet plus unique methods to regulate Internet access, including rejection of update services to Windows or mobile devices. Voice calling across multiple satellite equipment is simplified via SIGMA Net’s integrated VoIP server, allowing a caller to choose the outbound call route via a prefix. National numbers can also be allocated, allowing for cost-effective calling from shore to a vessel. Feature and performance enhancements are automatically applied, ensuring that the SIGMA Net’s software is always kept up to date.

SIGMA Net offers flexible crew services, including innovative pre-paid PIN-based BYOD (Bring Your Own Device) Internet and voice calling services, allowing for simplified voucher generation and management from shore. SIGMA Net provides managed network segmentation between business critical, crew or M2M networks at the remote location.

The cloud-based SIGMA Net Portal brings a vessel or remote site closer to IT management through its innovative and secured portal. The browser-based SIGMA Net Portal provides remote management and configuration of SIGMA Net from shore. Any configuration changes made from the portal are instantly replicated to one or more SIGMA Net terminals, with full auditing of amendments recorded. Reliability and redundancy is a primary feature of SIGMA Net, with its configuration securely synchronized and stored to the portal. The portal also presents fully-featured and interactive reporting of all data transferred via the SIGMA Net WAN links onboard.

“SIGMA Net has introduced a new degree of connection and network management to the Danaos fleet,” said Mr V Fotinias, Vessel IT Manager at Danaos Shipping, Greece. “The SIGMA Net Portal provides a web interface that enables remote configuration of SIGMA Net terminals across our fleet. The reporting provided by the SIGMA Net Portal gives us full visibility on traffic sent and received via the WAN links. Our vessel IT support team is able to easily and quickly resolve problems on board via SIGMA Net. The Danaos crew are extremely happy with the SIGMA Net prepaid vouchers for Internet access or crew calling.”

Danaos Shipping is one of the world’s largest containership owners, with a modern fleet of 59 container ships operating globally.

“SIGMA Net is a robust and secure cloud-based management platform that will both revolutionize and simplify vessel IT administration, both for shore-based support staff and a vessel’s crew,” said Dan Rooney, Maritime Product Director for SpeedCast. “The highly-configurable and flexible prepaid voucher services allow for time-consuming administrative tasks such as voucher generation to be managed centrally, rather than relying upon the Captain.”

About SpeedCast International Limited
SpeedCast International Limited (ASX: SDA) is a leading global satellite communications and network service provider, offering high-quality managed network services in over 90 countries and a global maritime network serving customers worldwide. With a worldwide network of 42 sales and support offices and 39 teleport operations, SpeedCast has a unique infrastructure to serve the requirements of customers globally. With over 5,000 links on land and at sea supporting mission critical applications, SpeedCast has distinguished itself with a strong operational expertise and a highly efficient support organization. For more information, visit http://www.speedcast.com/.

Social Media: Twitter | LinkedIn | Facebook

SpeedCast® is a trademark and registered trademark of SpeedCast International Limited. All other brand names, product names, or trademarks belong to their respective owners.

© 2016 SpeedCast International Limited. All rights reserved.

For more information, please contact:
Media:
Clara So
SpeedCast International Limited
clara.so@speedcast.com
Tel: +852 3919 6800

About Danaos Corporation
Danaos Corporation is one of the largest independent owners of modern, large-size containerships. Our current fleet of 59 containerships aggregating 353,586 TEUs, including four vessels owned jointly with Gemini Shipholdings Corporation, is predominantly chartered to many of the world's largest liner companies on fixed-rate, long-term charters. Our long track record of success is predicated on our efficient and rigorous operational standards and environmental controls. Danaos Corporation's shares trade on the New York Stock Exchange under the symbol "DAC". Please visit www.danaos.com for more information.