Home Tags Hungary

Tag: Hungary

Kid found a way to travel for free in Budapest. He...

Protests sparked after web security hole reported The arrest of a Hungarian bloke after he discovered a massive flaw in the website of Budapest's transport authority – and reported it – has sparked a wave of protests.…

A 16th-century engineer whose work almost defeated an Empire

When the Ottomans laid siege to Rhodes, this smart inventor held them off for months.

Astronomers find water in the atmosphere of a warm, Neptune-sized planet

It’s hot enough that its clouds could be composed of zinc sulfide.

How the Space Pope is helping to find real exoplanets by...

Project Discovery's latest citizen science experiment goes from proteins to exoplanets.

6 New Security Startups Named to Mach37 Spring Cohort

The companies selected this year include technical talent that draws from Silicon Valley to Hungary and Western Europe.

Security expert: Ransomware took in $1 billion in 2016

Increased user awareness of phishing threats, better antivirus technology, more industry-wide information sharing and cross-border efforts by law enforcement authorities will combine to turn the tide against ransomware this year, according to some security experts, but others expect the attacks to continue to increase. According to a security expert who requested anonymity, ransomware cybercriminals took in about $1 billion last year, based on money coming into ransomware-related bitcoin wallets. That includes more than $50 million each for three wallets associated with the Locky ransomware, and a fourth one that processed close to $70 million.

Cryptowall brought in close to $100 million before it was shut down this year.

CryptXXX gathered in $73 million during the second half of 2016, and Cerber took in $54 million, the expert said. Smaller ransomware families brought in another $150 million, and the FBI has reported $209 million in ransomware payments during the first three months of 2016.
In addition to this $800 million or so in known payments, there are many other Bitcoin wallets that are unknown to researchers and uncounted, pushing the estimated total to $1 billion for all of 2016. “The $1 billion number isn’t at all unreasonable and might even be low,” confirmed Mark Nunnikhoven, vice president of cloud research at Trend Micro. “It’s getting difficult to track the amount of money flowing into criminals’ Bitcoin wallets because they’ve started to try and hide the transactions across a large number of wallets,” he added. He said that there was a 400 percent increase in ransomware variants last year, and he expects to see a 25 percent growth in ransomware families in 2016. “What we’re seeing is a bit of a maturation in how to execute these attacks, so we’re expecting a leveling off to a more realistic growth curve,” he said. But criminals will continue innovating because of how profitable ransomware is. “I don’t think we’ll see the 100 percent growth that we saw from 2015 to 2016,” said Allan Liska, intelligence analyst at Recorded Future. “I think we’ll probably see a 50 percent growth.” The markets for stolen medical records, credit card numbers and email addresses are collapsing, he said. “Not only is it taking a while to get paid, but they’re not getting paid as much as they used to,” he said. Meanwhile, ransomware is an easy business to get into, the payout is immediate, and it offers an ongoing revenue stream. “There’s no incentive for them to discontinue ransomware,” he said. Some experts expect growth to be even higher. Successful ransomware attacks will double this year, predicted Tom Bain, vice president at CounterTack. “The reality is that every single customer I speak to, anyone in the industry really, this is their number one concern,” he said. Better defensive technology and collaboration will help, he said, but the problem is going to get worse before it starts to get better. Gartner analysts estimate that there were between 2 million and 3 million successful ransomware attacks in 2016, and that the frequency will double year over year through 2019. “I think they’re right,” said Bain. But not all experts think the future is quite that bleak. Raj Samani, vice president and CTO at Intel Security, predicts that anti-ransomware efforts will begin to pay off in the next few months. “We’ll see a spike earlier on this year, but then I anticipate our efforts with law enforcement to be successful,” he said. Intel, along with Kaspersky Labs, Europol, and the Dutch National High Tech Crime Unit formed an alliance this past summer, No More Ransom.
Since then, more than a dozen other law enforcement agencies have joined up, including Bosnia and Herzegovina, Bulgaria, Colombia, France, Hungary, Ireland, Italy, Latvia, Lithuania, Portugal, Spain, Switzerland, and the United Kingdom.
Several other security vendors have also joined up. “Now that we’ve got more law enforcement agencies on board, and more private sector firms, we expect to see an increase in successful take-down operations,” said Samani. In addition to working together to bring down ransomware operations, the group also distributes free anti-ransomware tools. That, combined with more user awareness about phishing and better detection technologies, will combine to stop the growth of this attack vector, Samani said. “As an industry, we’ve started to develop new products, sandboxing, threat intelligence exchanges,” he said. “It is getting better.” However, he warned that malware authors do have one significant advantage. “There’s an asymmetry of information,” he said. “They have tools and services that will allow them to run their malware through all the anti-virus engines out there.

They can install our products and they know how our products work because we openly talk about them.

This is one of the big security challenges.” This story, "Security expert: Ransomware took in $1 billion in 2016" was originally published by CSO.

Living in Glass Houses

The Glass Room is a collection of art pieces designed to make you think of how you're selling yourself.

The National Security Agency can read your email. Verizon knows where you are at all times. Amazon is confident you're in the market for a new printer. We know these things about the weird world we live in, but few of us ever stop to think about what they really mean. Recently, a group of artists got together in New York City to change that.

Apple doesn't have a retail store on Mulberry Street in New York City, but at a glance, you might think it does. The Glass Room exhibit borrows heavily from the Apple Store design aesthetic: white walls, white ceiling, white podium, and even helpful "inGenious" staffers in matching white hoodies (see the photo below). But nothing is for sale in The Glass Room. It's a collection of art pieces designed to make you think of how you're selling yourself, maybe without even knowing it.

The exhibit is curated by Tactical Technology Collective along with The Mozilla Foundation, maker of the Firefox browser. The subjects addressed in The Glass Room are digital: online privacy, location tracking, psychographic profiling, the gamification of security, and so on. But the pieces themselves are grounded in the real world; you can see them, touch them, and in one case, smell them. Here are a few that stood out to me.

Forgot Your Password? (Aram Bartholl): We're so used to massive password hacks that we barely even notice them. In fact, Yahoo recently disclosed that it had compromised at least 1 billion more of its users' passwords. Back in 2012, LinkedIn held the record for the biggest password hack—a paltry 4.6 million. For this exhibit, Bartholl printed all 4.6 million of those passwords alphabetically and bound them into volumes. (I looked for mine; it wasn't in there.)

Subscribe today to the PC Magazine Digital Edition for iOS devices.

Random Darknet Shopper (!Medien-gruppe Bitnik): This artist collective created an online shopping bot and gave it a budget of $100 in bitcoins. They set it loose on the dark Web to make random purchases and have them mailed to the exhibition space. No drugs or pornography arrived; just random stuff. A copy of Mastering the Art of French Cooking, a Hungarian passport photo, and—featured in the Glass Room—a pair of fake Kanye West Nike Air Yeezy 2 sneakers.

Online Shopping Center (Sam Levigne): Amazon does a great job of identifying what you want to buy and getting it to your quickly. As a logical (perhaps inevitable) next step, in 2014, the company was granted a patent for "predictive shopping." Levigne's art takes the concept even further. As a Glass Room "shopper," you strap on a brainwave monitor and allow an algorithm to determine what your brain looks like when you're shopping. When Levigne first conducted this experiment, he had his bot shop for him on Amazon and Alibaba whenever his brain was in the "shopping state." I tried it, but so far, Amazon hasn't sent me anything.

Not all the exhibits at The Glass Room are art. Some are demos of real-world products and services. The Texas Virtual BorderWatch, for example, was a real-time camera system (live from 2008 to 2012) that let volunteers monitor the United States–Mexico border from their homes and alert authorities of infractions. Another, the Silver Mother ($299), is a monitoring solution for seniors that gives medication reminders, tracks sleep, and gives front-door alerts. And then there's Churchix, a facial-recognition system that enables churches to track attendance automatically—a whole new meaning for "witnessing."

Finally, at the back of the room was a "data detox" center. For those who were moved by the exhibit and wanted to make a change in their digital lifestyle, experts at the counter explained their options. We've reviewed a lot of the tools used to manage your privacy, including Signal, Ghostery, Tor, and more.

If The Glass Room made anything clear, it is that technology is the dominant force for change in the world right now. It is affecting our jobs, our home lives, our relationships, our environment, and even our bodies. I'm a big believer in technological progress, but not all of these changes are for the better. PC Magazine is committed to getting you the tools, techniques, and information you need to thrive in this new world.

Now, if you'll excuse me, I need to go clear my browsing history.

For more, check out the January issue of the PC Magazine Digital Edition, available now via Apple iTunes.

[embedded content]

34 People Arrested in 13 Countries for Hiring DDoS Attack Services

Europol, the FBI and the UK National Crime Agency arrest 34 individuals in a crack down on DDoS-for-sale services, also known as booters and stressors. International law enforcement agencies in more than dozen countries arrested 34 individuals in a cyber-crime sweep that focused on customers of online services that provide denial-of-service attacks to order.In the United States, the FBI arrested a 26-year-old University of Southern California graduate student allegedly linked to distributed denial-of-service (DDoS) attack that knocked a San Francisco chat-service company offline.

The suspect, Sean Sharma, was arrested on Dec. 9 for purchasing a DDoS tool used to mount the attack, the FBI stated in a release.Since last week, the FBI’s International Cyber Crime Coordination Cell, or IC4, and other law enforcement agencies—including Europol and the U.K.’s National Crime Agency—have arrested 34 suspects and conducted interviews with 101 individuals.“DDoS tools are among the many specialized cyber-crime services available for hire that may be used by professional criminals and novices alike,” Steve Kelly, FBI unit chief of IC4, said in the agency’s statement. “While the FBI is working with our international partners to apprehend and prosecute sophisticated cyber-criminals, we also want to deter the young from starting down this path.” DDoS-for-hire services have increased in use to account for 93 percent of all distributed denial-of-service attacks, according to Incapsula, a DoS mitigation service owned by Imperva. Neustar, a real-time cloud-based information and analysis provider, confirmed that booters and stressors have grown significantly over the past four years. "A pretty large portion of the DDoSes we have seen are the fault of the stressors and booters,” Rodney Joffe, senior vice president and fellow at Neustar, told eWEEK. “And it has been a problem for 4 years.”The worldwide law enforcement action aims to carry a message to young offenders that what may seem to them as innocuous cyber-pranks are actually serious crimes that carry hefty legal penalties, the law enforcement groups said.The people arrested are suspected of paying for DDoS services to launch floods of data against websites and online services—often gaming platforms.“Today’s generation is closer to technology than ever before, with the potential of exacerbating the threat of cyber-crime,” Steve Wilson, head of the European Cyber Crime Centre (EC3), said in a statement. “Many IT enthusiasts get involved in seemingly low-level fringe cyber-crime activities from a young age, unaware of the consequences that such crimes carry.”Yet, Neustar’s Joffe doubted that the arrests will make much of an impact.“There are millions of kids who play games, and they don’t think this is illegal,” he said. “Or they understand that this is illegal, but they don’t think they are going to get caught.”Law enforcement agencies carried out actions in Australia, Belgium, France, Hungary, Lithuania, the Netherlands, Norway, Portugal, Romania, Spain, Sweden, the United Kingdom, and the U.S.

The law enforcement organizations underscored that fighting the cyber-crimes require a collaborative effort.“No law enforcement agency or country can defeat cyber-crime alone,” the FBI said in its statement. “This demands a collective global approach.”

DDoS script kiddies are also… actual kiddies, Europol arrests reveal

Young 'uns hire tools to hit infrastructure, info systems Law enforcement bods at Europol have arrested 34 users of Distributed Denial of Service (DDoS) cyber-attack tools and interviewed and cautioned 101 suspects in a global crackdown. Unsurprisingly, the users identified by Europol’s European Cybercrime Centre (EC3) were mainly young adults under the age of 20. The body worked with regional agencies to identify cyber-attackers that had targeted critical infrastructure and information systems in the European Union. The individuals arrested are suspected of paying for stressers and booters services to maliciously deploy software to launch DDoS attacks. The tools used are part of the criminal "DDoS for hire" facilities for which hackers can pay and aim at targets of their choosing, said Europol in its press release. Steven Wilson, head of Europol’s European Cybercrime Centre (EC3), said: “Today’s generation is closer to technology than ever before, with the potential of exacerbating the threat of cybercrime. Many IT enthusiasts get involved in seemingly low-level fringe cybercrime activities from a young age, unaware of the consequences that such crimes carry. "One of the key priorities of law enforcement should be to engage with these young people to prevent them from pursuing a criminal path, helping them understand how they can use their skills for a more constructive purpose.“ Europol is currently conducting a prevention campaign in all participating countries in order to raise awareness of the risk of young adults getting involved in cybercrime. The European Multidisciplinary Platform against Criminal Threats project included Belgium, France, Hungary, Lithuania, the Netherlands, Norway, Portugal, Romania, Spain, Sweden, and the United Kingdom. However, back in September, Europol's acting head of strategy for cybercrime warned The Register that the UK will “certainly be cut off from the full intelligence picture” after Brexit.® Sponsored: Next gen cybersecurity. Visit The Register's security hub

Kaspersky Security Bulletin 2016. Story of the year

 Download the PDF Introduction In 2016, ransomware continued its rampage across the world, tightening its hold on data and devices, and on individuals and businesses. The numbers speak for themselves: 62 new ransomware families made their appearance. There was an 11-fold increase in the number of ransomware modifications: from 2,900 new modifications in January/March, to 32,091 in July/September. Attacks on business increased three-fold between January and the end of September: the difference between an attack every 2 minutes and one every 40 seconds. For individuals the rate of increase went from every 20 seconds to every 10 seconds. One in five small and medium-sized business who paid the ransom never got their data back. 2016 also saw ransomware grow in sophistication and diversity, for example: changing tack if it encountered financial software, written in scripting languages, exploiting new infection paths, becoming more targeted, and offering turn-key ransomware-as-a-service solutions to those with fewer skills, resources or time – all through a growing and increasingly efficient underground ecosystem. At the same time, 2016 saw the world begin to unite to fight back: The No More Ransom project was launched in July, bringing togetheal Police, Europol, Intel Security and Kaspersky Lab.

A further 13 organizations joined in October.

Among other things, the collaboration has resulted in a number of free online decryption tools that have so far helped thousands of ransomware victims to recover their data. This is just the tip of the iceberg – much remains to be done.

Together we can achieve far more than any of us can on our own.
What is ransomware? Ransomware comes in two forms.

The most common form of ransomware is the cryptor.

These programs encrypt data on the victim’s device and demand money in return for a promise to restore the data.

Blockers, by contrast, don’t affect the data stored on the device.
Instead, they prevent the victim from accessing the device.

The ransom demand, displayed across the screen, typically masquerades as a notice from a law enforcement agency, reporting that the victim has accessed illegal web content and indicating that they must pay a spot-fine. You can find an overview of both forms of ransomware here. Ransomware: the main trends & discoveries of 2016 “Most ransomware thrives on an unlikely relationship of trust between the victim and their attacker: that, once payment is received, the ransomed files will be returned.

Cybercriminals have exhibited a surprising semblance of professionalism in fulfilling this promise.” GReAT, Threat Predictions for 2017 Arrivals and departures Arrivals – in 2016, the world said hello to Cerber, Locky and CryptXXX – as well as to 44,287 new ransomware modifications Cerber and Locky arrived in the early Spring.

Both are nasty, virulent strains of ransomware that are propagated widely, mainly through spam attachments and exploit kits.

They rapidly established themselves as ‘major players’, targeting individuals and corporates. Not far behind them was CryptXXX.

All three families continue to evolve and to hold the world to ransom alongside well-established incumbents such as CTB-Locker, CryptoWall and Shade. Locky ransomware has so far been spread across 114 countries #KLReport Tweet As of October 2016, the top ransomware families detected by Kaspersky Lab products look like this: Name Verdicts* percentage of users** 1 CTB-Locker Trojan-Ransom.Win32.Onion /Trojan-Ransom.NSIS.Onion 25.32 2 Locky Trojan-Ransom.Win32.Locky /Trojan-Dropper.JS.Locky 7.07 3 TeslaCrypt (active till May 2016) Trojan-Ransom.Win32.Bitman 6.54 4 Scatter Trojan-Ransom.Win32.Scatter /Trojan-Ransom.BAT.Scatter /Trojan-Downloader.JS.Scatter /Trojan-Dropper.JS.Scatter 2.85 5 Cryakl Trojan-Ransom.Win32.Cryakl 2.79 6 CryptoWall Trojan-Ransom.Win32.Cryptodef 2.36 7 Shade Trojan-Ransom.Win32.Shade 1.73 8 (generic verdict) Trojan-Ransom.Win32.Snocry 1.26 9 Crysis Trojan-Ransom.Win32.Crusis 1.15 10 Cryrar/ACCDFISA Trojan-Ransom.Win32.Cryrar 0.90 * These statistics are based on the detection verdicts returned by Kaspersky Lab products, received from usersof Kaspersky Lab products who have consented to provide their statistical data.** Percentage of users targeted by a certain crypto-ransomware family relative to all users targeted with crypto-ransomware. Departures – and goodbye to Teslascrypt, Chimera and Wildfire – or so it seemed… Probably the biggest surprise of 2016 was the shutdown of TeslaCrypt and the subsequent release of the master key, apparently by the malware actors themselves. TeslaCrypt “committed suicide” – while the police shut down Encryptor RaaS and Wildfire #KLReport Tweet Encryptor RaaS, one of the first Trojans to offer a Ransomware-as-a-Service model to other criminals shut up shop after part of its botnet was taken down by the police. Then, in July, approximately 3,500 keys for the Chimera ransomware were publicly released by someone claiming to be behind the Petya/Mischa ransomware. However, since Petya used some of the Chimera source code for its own ransomware, it could in fact be the same group, simply updating its product suite and causing mischief. Similarly, Wildfire, whose servers were seized and a decryption key developed following a combined effort by Kaspersky Lab, Intel Security and the Dutch Police, now appears to have re-emerged as Hades. Abuse of ‘educational’ ransomware Well-intentioned researchers developed ‘educational’ ransomware to give system administrators a tool to simulate a ransomware attack and test their defenses.

Criminals were quick to seize upon these tools for their own malicious purposes. Ransomware developed for ‘education’ gave rise to Ded Cryptor and Fantom, among others #KLReport Tweet The developer of the educational ransomware Hidden Tear & EDA2 helpfully posted the source code on GitHub.
Inevitably, 2016 saw the appearance of numerous malicious Trojans based on this code.

This included Ded Cryptor, which changed the wallpaper on a victim computer to a picture of an evil-looking Santa Claus, and demanded a massive two Bitcoins (around $1,300) as a ransom.

Another such program was Fantom, which simulated a genuine-looking Windows update screen. Unconventional approaches Why bother with a file when you can have the disk? New approaches to ransomware attacks that were seen for the first time in 2016 included disk encryption, where attackers block access to, or encrypt, all the files at once. Petya is an example of this, scrambling the master index of a user’s hard drive and making a reboot impossible.

Another Trojan, Dcryptor, also known as Mamba, went one step further, locking down the entire hard drive.

This ransomware is particularly unpleasant, scrambling every disk sector including the operating system, apps, shared files and all personal data – using a copy of the open source DiskCryptor software. Attackers are now targeting back-ups and hard drives – and brute-forcing passwords #KLReport Tweet The ‘manual’ infection technique Dcrypter’s infection is carried out manually, with the attackers brute-forcing passwords for remote access to a victim machine.

Although not new, this approach has become significantly more prominent in 2016, often as a way to target servers and gain entry into a corporate system. If the attack succeeds, the Trojan installs and encrypts the files on the server and possibly even on all the network shares accessible from it. We discovered TeamXRat taking this approach to spread its ransomware on Brazilian servers. Two-in-one infection In August we discovered a sample of Shade that had unexpected functionality: if an infected computer turned out to belong to financial services, it would instead download and install a piece of spyware, possibly with the longer term aim of stealing money. Shade downloaded spyware if it found financial software #KLReport Tweet Ransomware in scripting languages Another trend that attracted our attention in 2016 was the growing number of cryptors written in scripting languages.
In the third quarter alone, we came across several new families written in Python, including HolyCrypt and CryPy, as well as Stampado written in AutoIt, the automation language. A long line of amateurs and copycats Many of the new ransomware Trojans detected in 2016 turned out to be of low-quality; unsophisticated, with software flaws and sloppy errors in the ransom notes. Poor quality ransomware increases likelihood of data being lost forever #KLReport Tweet This was accompanied by a rise in copycat ransomware.

Among other things, we spotted that: Bart copies the ransom note & the style of Locky’s payment page. An Autoit-based copycat of Locky (dubbed AutoLocky) uses the same extension “.locky”. Crusis (aka Crysis) copies the extension “.xtbl” originally used by Shade. Xorist copies the whole naming scheme of the files encrypted by Crusis. Probably the most prominent copycat we discovered this year was Polyglot (aka MarsJoke).
It fully mimics the appearance and file processing approach of CTB-Locker. These trends are all expected to increase in 2017. “As the popularity continues to rise and a lesser grade of criminal decides to enter the space, we are likely to encounter more and more ‘ransomware’ that lacks the quality assurance or general coding capability to actually uphold this promise. We expect ‘skiddie’ ransomware to lock away files or system access or simply delete the files, trick the victim into paying the ransom, and provide nothing in return.” GReAT, Threat Predictions for 2017 The thriving ransomware economy The rise of RaaS While Ransomware-as-a-Service is not a new trend, in 2016 this propagation model continued to develop, with ever more ransomware creators offering their malicious product ‘on demand’.

This approach has proved immensely appealing to criminals who lack the skills, resources or inclination to develop their own. Ransomware is increasingly for hire on the criminal underground #KLReport Tweet Notable examples of ransomware that appeared in 2016 and use this model are Petya/Mischa and Shark ransomware, which was later rebranded under the name Atom. This business model is increasingly sophisticated: The Petya ransomware partner site The partner often signs up to a traditional commission-based arrangement.

For example, the “payment table” for Petya ransomware shows that if a partner makes 125 Bitcoins a week thy will walk away with 106.25 Bitcoins after commission. Petya payment table There is also an initial usage fee.
Someone looking to use the Stompado ransomware, for example, needs to come up with just $39. With other criminals offering their services in spam distribution, ransomware notes etc. it’s not difficult for an aspiring attacker to get started. From commission-based networks to customer support and branding The most ‘professional’ attackers offered their victims a help desk and technical support, guiding them through the process of buying Bitcoins to pay the ransom, and sometimes even being open to negotiation.

Every step further encouraged the victim to pay. Criminals offer customer support to ensure more victims pay #KLReport Tweet Further, Kaspersky Lab experts studying ransomware in Brazil noticed that for many attacks, branding the ransomware was a matter of some importance.

Those looking for media attention and customer fear would opt for a high profile, celebrity theme or gimmick – while those more concerned about staying under the radar would forgo the temptation of fame and leave their victims facing just an e-mail for contacting the bad guys and a Bitcoin address to pay into. It’s still all about the Bitcoins Throughout 2016, the most popular ransomware families still favored payment in Bitcoins. Most ransomware demands were not excessive, averaging at around $300, although some were charged – and paid – a great deal more. Others, particularly regional and hand-crafted operations, often preferred a local payment option – although this also meant that they were no longer able to hide in plain sight and blend in with the rest of the ransomware noise. Ransomware turned its weapons on business In the first three months of 2016, 17% of ransomware attacks targeted corporates – this equates to an attack hitting a business somewhere in the world every two minutes1.

By the end of Q3 this had increased to 23.9% – an attack every 40 seconds. A business is attacked with ransomware every 40 seconds #KLReport Tweet According to Kaspersky Lab research, in 2016, one in every five businesses worldwide suffered an IT security incident as a result of a ransomware attack. 42% of small and medium-sized businesses were hit by ransomware in the last 12 months. 32% of them paid the ransom. One in five never got their files back, even after paying. 67% of those affected by ransomware lost part or all of their corporate data – and one- in-four spent several weeks trying to restore access. One in five SMBs never gets their data back, even after paying #KLReport Tweet Social engineering and human error remain key factors in corporate vulnerability. One in five cases involving significant data loss came about through employee carelessness or lack of awareness. “We are seeing more targeted ransomware, where criminal groups carefully hand-pick and spear-phish their targets because of the data they possess and/or their reliance on the availability of this valuable data.” John Fokker, Digital team Coordinator with the Dutch National High Tech Crime unit Some industry sectors are harder hit than others, but our research shows that all are at risk There is no such thing as a low-risk sector anymore #KLReport Tweet Industry sector % attacked with ransomware 1 Education 23 2 IT/Telecoms 22 3 Entertainment/Media 21 4 Financial Services 21 5 Construction 19 6 Government/public sector/defence 18 7 Manufacturing 18 8 Transport 17 9 Healthcare 16 10 Retail/wholesale/leisure 16 Ransomware attacks that made the headlines Hospitals became a prime target – with potentially devastating impact as operations were cancelled, patients diverted to other hospitals and more. Hosted desktop and cloud provider VESK paid nearly $23,000 dollars in ransom to recover access to one of its systems following an attack in September. Leading media, including the New York Times, the BBC and AOL were hit by malware carrying ransomware in March 2016. The University of Calgary in Canada, a major research center, acknowledged it had paid around $16,000 to recover emails that been encrypted for a week. A small police station in Massachusetts, ended paying a $500 ransom (via Bitcoin) in order to retrieve essential case-related data, after an officer opened a poisonous email attachment. Even motor racing was hit: a leading NASCAR racing team faced losing data worth millions to a TeslaCrypt attack in April. Fighting Back Through technology The latest versions of Kaspersky Lab products for smaller companies have been enhanced with anti-cryptomalware functionality.
In addition, a new, free anti-ransomware tool has been made available for all businesses to download and use, regardless of the security solution they use. A new free, AV-independent anti-ransomware tool is available #KLReport Tweet Kaspersky Lab’s Anti-Ransomware Tool for Business is a ‘light’ solution that can function in parallel with other antivirus software.

The tool uses two components needed for the early detection of Trojans: the distributed Kaspersky Security Network and System Watcher, which monitors applications’ activity. Kaspersky Security Network quickly checks the reputation of files and website URLs through the cloud, and System Watcher monitors the behavior of programs, and provides proactive protection from yet-unknown versions of Trojans. Most importantly, the tool can back up files opened by suspicious applications and roll back the changes if the actions taken by programs prove malicious. Through collaboration: The No More Ransom Initiative On 25 July 2016, the Dutch National Police, Europol, Intel Security and Kaspersky Lab announced the launch of the No More Ransom project – a non-commercial initiative that unites public and private organizations and aims to inform people of the dangers of ransomware and help them to recover their data. The online portal currently carries eight decryption tools, five of which were made by Kaspersky Lab.

These can help to restore files encrypted by more than 20 types of cryptomalware.

To date, more than 4,400 victims have got their data back – and more than $1.5 million dollars in ransom demands has been saved. No More Ransom has so far got 4.400 people their data back – and deprived criminals of $1.5 million in ransom #KLReport Tweet In October, law enforcement agencies from a further 13 countries joined the project, including: Bosnia and Herzegovina, Bulgaria, Colombia, France, Hungary, Ireland, Italy, Latvia, Lithuania, Portugal, Spain, Switzerland and the United Kingdom. Eurojust and the European Commission also support the project’s objectives, and more partners from the private sector and law enforcement are expected to be announced soon. “Public/Private partnerships are the essence and the strength of the NMR initiative.

They are essential to effectively and efficiently tackle the problem, providing us with much greater capability and reach than law enforcement could have alone.” Steven Wilson, Head of Europol’s EC3 Standing up to ransomware – how to stay safe Back up data regularly. Use a reliable security solution, and remember to keep key features – such as System Watcher – switched on. Always keep software updated on all the devices you use. Treat email attachments, or messages from people you don’t know, with caution.
If in doubt, don’t open it. If you’re a business, you should also educate your employees and IT teams; keep sensitive data separate; restrict access; and back up everything, always. If you are unlucky enough to fall victim to an encryptor, don’t panic. Use a clean system to check our No More Ransom site; you may well find a decryption tool that can help you get your files back. Last, but not least, remember that ransomware is a criminal offence. Report it to your local law enforcement agency. “We urge people to report an attack.

Every victim holds an essential piece of evidence that provides invaluable insight.
In return, we can keep them informed and protect them from dodgy third-party ‘offers’ to unencrypt data.

But we need to ensure that more law enforcement offices know how to deal with digital crime.” Ton Maas, Digital team Coordinator with the Dutch National High Tech Crime unit Why you shouldn’t pay – advice from the Dutch National High Tech Crime Unit You become a bigger target. You can’t trust criminals – you may never get your data back, even if you pay. Your next ransom will be higher. You encourage the criminals. Can we ever win the fight against ransomware? We believe we can – but only by working together. Ransomware is a lucrative criminal business.

To make it stop the world needs to unite to disrupt the criminals’ kill-chain and make it increasingly difficult for them to implement and profit from their attacks. 1Estimates based on: 17% of 372,602 unique users with ransomware attacks blocked by Kaspersky Lab products in Q1, 2016 and 23.9% of 821,865 unique users with ransomware attacks blocked by Kaspersky Lab products in Q3,2016.

German company beats Rubik’s Cube trademark

Getty Imagesreader comments 19 Share this story Iconic puzzle game Rubik's Cube lost a major trademark battle earlier today, when the European Court of Justice (ECJ) held that a trademark on the shape of Rubik's Cube is invalid. The court held that there was too much functionality in the shape of the puzzle game, "such as its rotating capability." The puzzle was invented in 1974 by Hungarian Ernő Rubik, who originally named it the Magic Cube.
It was renamed Rubik's Cube in 1980 and exported to the west. More than 350 million cubes have been sold since. Rubik's Cube received a three-dimensional trademark on its shape in 1999, but that was challenged in 2006, when German company Simba Toys took the case to court.
Simba argued that the design, with its nine miniature moving cubes, should be protected with a patent rather than a trademark.
It lost in lower court, but the company now has won big with the ECJ ruling. Having lost to a competing toy company, it seems logical that the market will soon have lower-priced imitations available. However, the president of Rubik's Brand in the UK told The Guardian that while they're disappointed, they have other trademarks and copyright "to ensure [the] exclusivity" of the cube. "[T]his judgment sets a damaging precedent for companies wishing to innovate and create strong brands and distinctive marks within the EU, and is not what European lawmakers intended when they legislated for 3D trademarks," he added. "We are baffled that the court finds functionality or a technical solution implicit in the trademark." "In our opinion the Magic Cube involves a technical solution consisting of its rotating capacity," Simba spokeswoman Isabel Weishar told the Financial Times. "Therefore, it may be protected only by a patent and not as a trademark. Now, 10 years after starting this lawsuit, the court decided in our favor." 3D trademarks are allowed under European law, but they don't always hold up when challenged. Most famously, Nestle failed to get a 3D trademark on the shape of its Kit Kat bars in the UK after a court decision last year.

Hungarian bug-hunters spot 130,000 vulnerable Avtech vid systems on Shodan

SOHOpeless CCTVs and video recorders It shouldn't surprise anyone that closed circuit television (CCTV) rigs are becoming the world's favourite botnet hosts: pretty much any time a security researcher looks at a camera, it turns out to be a buggy mess. According to this advisory, Avtech's IP cameras and video recorders offer the world the usual list of possible exploits: credentials in plain text, information disclosure, request forgery vulns, and more. The advisory claims all Avtech CCTVs, digital video recorders and network video recorders – and all firmware revisions – contains vulnerabilities. The researchers who turned up the vulnerabilities, from the Budapest University of Technology and Economics, say around 130,000 vulnerable devices are searchable on Shodan. Since the bugs haven't yet been fixed, users are advised to change their admin passwords and take the devices off the Internet. Of the 14 vulnerabilities disclosed by the researchers, some are pretty special: All cgi scripts are remotely accessible without authentication; All device settings can be accessed and modified via a cross-site request forgery attack; All passwords are accessible in plain text; DVRs have a search.cgi that doesn't need authentication. Not only does that let an attacker into the target device, the script also searches for cameras on the local network.
Search.cgi also has a command injection vulnerability that lets an attacker get root on the target; If you need to bypass authentication – remember, there's no credential protection anyway – there are two vectors, either via video plugins stored in the Web root; or via /cgi-bin/nobody; Someone figured login needed a captcha; to stop the captcha irritating developers, there's a login=quick parameter that nobody thought to remove. Oh, and the captcha can be bypassed if an attacker manually sets the appropriate cookie in their request. The researchers say they pressed the “publish” button after trying to contact Avtech in October 2015, and twice in May 2016. ®