Home Tags Monetize

Tag: Monetize

XPan, I am your father

While we have previously written on the now infamous XPan ransomware family, some of it’s variants are still affecting users primarily located in Brazil.

This sample is what could be considered as the “father” of other XPan ransomware variants.

A considerable amount of indicators within the source code depict the early origins of this sample.

YouTube won’t put ads on videos from channels with fewer than...

Putting more hoops in place for creators to jump through before they can make money.

Python vs. R: The battle for data scientist mind share

The boss’s boss looks out across the server farm and sees data—petabytes and petabytes of data.

That leads to one conclusion: There must be a signal in that noise.

There must be intelligent life in that numerical world—a strategy to monetize all those hard disks filling up with numbers.That job falls on your desk, and you must now find a way to poke around the digital rat’s nest and find a gem to hand the boss.[ Download the InfoWorld megaguide: The best Python frameworks and IDEs. | Learn to crunch big data with R. | Keep up with hot topics in programming with InfoWorld’s App Dev Report newsletter. ]How? If you’re a developer, there are two major contenders: R and Python.

There are plenty of other solutions that help crunch data, and they live under rubrics like business intelligence or data visualization, but they are often full-service solutions.
If they do what you want, you should choose them.

But if you want something different, well, writing your own code is the only solution.

Full-service tools do a good job when the data is cleaned, buffed, and ready, but they tend to hiccup and even throw up when everything is not quite perfect.To read this article in full or to leave a comment, please click here

Openwave Mobility Strengthens Mobile Digital Identity with Subscriber Privacy upgrade

MOBILE WORLD CONGRESS AND REDWOOD CITY, CA 1 March 2017 – Openwave Mobility, a software innovator enabling operators to manage and monetize encrypted mobile data, today announced that it has released key User Privacy upgrades as part of SmartIDM, a comprehensive digital identity solution for mobile operators partnering with OTTs.

This launch comes at a time of heightened interest from network operators and regulators for secure subscriber identity solutions and robust privacy safeguards.
SmartIDM is... Source: RealWire

Openwave Mobility Launches NFV-Based App Monetization for OTT Partnering

NFV-based app monetization differentiates data, enabling operators to launch OTT partnerships and streaming packagesBARCELONA, MOBILE WORLD CONGRESS AND REDWOOD CITY, CA February 28 2017 – Openwave Mobility, a software innovator enabling operators to manage and monetize encrypted mobile data today launched the industry’s first generic NFV-based application monetization solution. Operators can now identify all individual data flows on their network, including encrypted data, and separately bill or zero-rate data use for any specific service.This solution... Source: RealWire

Lumata Digital Leverages its AI Driven Digital Engagement Solutions to Monetize...

Lumata Digital will demonstrate its inventive Artificial Intelligence driven Digital Engagement Solutions at the Mobile World Congress, Feb 27 to March 3, 2017 at Hall No. 6, Booth 6K 15Feb 27, 2017: Barcelona: The expansive growth of the mobile users & data usage across the world has resulted in a digitally engaged active user base across enterprises.

The advent of stagnating ARPU (Average Revenue per User) sets the context right for the Telco’s to capitalise... Source: RealWire

In Seven Months, Seven Mobile Operators Turn to Openwave Mobility to...

100 million additional subscribers come as Google’s QUIC encryption protocol increases by 200% MOBILE WORLD CONGRESS AND REDWOOD CITY, CA 27 February 2017 – Openwave Mobility, a software innovator enabling operators to manage and monetize encrypted mobile data today announced that seven mobile operators have deployed its optimization technology, Secure Traffic Manager (STM), in the past seven months.

This crowns a remarkable half-year for Openwave Mobility whose solutions have been selected by tier 1 operators... Source: RealWire

TEOCO Brings Cutting-edge Data Analytics Solution to Market

Providing real-time quality of experience and consumption analytics across video, VoLTE, and mobile broadband vis-à-vis the network and the deviceFAIRFAX, VA., USA – 27 February 2017 - TEOCO, the leading provider of analytics, assurance and optimization solutions to over 300 communication service providers (CSPs) and OEMs worldwide, today launched its new suite of customer experience analytics solutions, INsync and INsync Mobile.Designed to help global operators optimize and monetize the evolving demand for network services such... Source: RealWire

A look into the Russian-speaking ransomware ecosystem

In other words, crypto ransomware is a fine tuned, user friendly and constantly developing ecosystem. In the last few years we, at Kaspersky Lab, have been monitoring the development of this ecosystem. This is what we’ve learned.

Data breaches through wearables put target squarely on IoT in 2017

Forrester predicts that more than 500,000 internet of things (IoT) devices will suffer a compromise in 2017, dwarfing Heartbleed.

Drop the mic—enough said. With the sheer velocity of how the distributed denial-of-service (DDoS) attacks spread through common household items such as DVR players, makes this sector scary from a security standpoint. “Today, firms are developing IoT firmware with open source components in a rush to market. Unfortunately, many are delivering these IoT solutions without good plans for updates, leaving them open to not only vulnerabilities but vulnerabilities security teams cannot remediate quickly,” write Forrester analysts. The analyst firm adds that when smart thermostats alone exceed over 1 million devices, it’s not hard to imagine a vulnerability that easily exceeds the scale of Heartbleed.
Security as an afterthought for IoT devices is not an option, especially when you can’t patch IoT firmware because the vendor didn’t plan for over-the-air patching. Alex Vaystikh, co-founder/CTO of advanced threat detection software provider SecBI, says small-to-midsize businesses and enterprises alike will suffer breaches originating from an insecure IoT device connected to the network.

The access point will be a security camera, climate control, an old network printer, or even a remote-controlled lightbulb.

This was demonstrated in September in a major DDoS attack on the website of security expert Brian Krebs.

A hacker found a vulnerability in a brand of IoT camera and caused millions of them to simultaneously make HTTP requests from Krebs’ site.  “It successfully crashed the site, but DDoS attacks are not a great way to make money. However, imagine an IoT camera within a corporate network being hacked.
If that network also contains the company’s database center, there’s no way to stop the hacker from making a lateral move from the compromised camera to the database,” Vaystikh said. “This should scare organizations into questioning the popular BYOD mentality. We are already seeing a lot of CCTVs being hacked within organizations.”  Florin Lazurca, senior technical manager at Citrix, believes that consumers will be a target of opportunity in 2017.
Innovative criminal enterprises will devise ways to monetize on potentially billions of internet-facing devices that many times do not meet stringent security controls. “Want to browse the internet? Pay the ransom. Want to use your baby monitor? Pay the ransom. Want to watch your smart TV? Pay the ransom,” Lazurca says. Florin Lazurca, senior technical manager at Citrix Mike Kelly, CTO of Blue Medora, agrees, stating that, “the inability to quickly update something, such as your home thermostat, is where we will see the risk.
It’s not about malware getting on the devices, the focus will need to be on the ability to remediate the issue. Like we saw with Windows, there will be a slew of vulnerabilities, but unlike with a computer, patching won’t be as easy with IoT devices,” he says. More connected devices will create more data, which has to be securely shared, stored, managed and analyzed.

As a result, databases will become more complex and the management burden will increase.

Those organizations that can most effectively monitor their database layer to optimize peak performance and resolve bottlenecks will be in a better position to exploit the opportunities the IoT will bring, he says. Lucas Moody, CISO at Palo Alto Networks, says security has to be baked into the IoT devices – not be an afterthought.

The bloom of IoT devices has security practitioners in the hot seat, with industry analysts suggesting a possible surge up to 20 billion devices by 2020. “Given the recent upward trend in both frequency and intensity of DDoS attacks of late, 2017 will introduce an entirely new challenge that security teams will need to contend with; how do we secure devices, many of which are by design dumb and, for that matter, cheap?,” he says.  Large corporations are still challenged with finding security talent to manage security in the “traditional” sense, leaving IoT startups to fend for themselves in a digital economy.  Moody asks, can they keep up? For the interconnected future of cars, televisions and refrigerators, maybe, but maintaining the security of smaller – and seemingly less critical items – such as toasters, thermostats, and pet feeders, it seems unlikely. “Security has to be baked into these technologies from the conception and design stages all throughout development and roll-out.
Security practitioners will need to do more than just scramble to develop strategies to address this pivotal trend,” he says. Corey Nachreiner, CTO at WatchGuard Technologies, predicts that IoT devices will become the de facto target for botnet zombies. With the shear volume of internet-connected devices growing every year, IoT represents a huge attack surface for hackers. More disturbingly, many IoT manufacturers do not create devices with security in mind, and therefore release devices full of potential vulnerabilities. Many of their products have vulnerabilities that were common a decade ago, providing easy pickings for cyber criminals. Many IoT devices coming on the market have proprietary operating systems, and offer very little compute and storage resources. Hackers would have to learn new skills to reverse engineer these devices, and they don’t provide much in terms of resources or data for the attacker to steal or monetize. On the other hand, another class of IoT products are devices running embedded Linux.

These devices look very familiar to hackers.

They already have tools and malware designed to target them, so “pwning” them is as familiar as hacking any Linux computer. “On top of that, the manufacturers releasing these devices seem to follow circa 2000 software development and security practices. Many IoT devices expose network services with default passwords that are simple for attackers to abuse,” Nachreiner says. He cited the leaking of the source code for the Mirai IoT botnet.

This botnet included a scanner that automatically searched the internet to find unsecured, Linux-based IoT devices, and take them over using default credentials. With this leaked code, criminals were able to build huge botnets consisting of hundreds of thousands of IoT devices.

They used these IoT botnets to launch gigantic DDoS attacks that generated up to 1Tbps of traffic; the largest ever recorded. In 2017, criminals will expand beyond DDoS attacks and leverage these botnets for click-jacking and spam campaigns to monetize IoT attacks in the same way they monetized traditional computer botnets.

Expect to see IoT botnets explode next year, he says. Mike Davis, CTO at CounterTack, believes IoT will continue to be a part of the threat conversation in the coming year, but fundamentally there will be a massive change in the risks associated with the devices—it won’t be about security, it will be about patching.  Hold your IoT security hypberbole Stan Black, CSO at Citrix, says we need to dispel security myths around emerging technology like IoT, machine learning and artificial intelligence. “Many people are afraid to adopt these emerging technologies for fear that they may be their security downfall, but as with any technology, the same security 1-2-3s apply.

Change the admin username and password, allow and enable devices on separate networks (separate from the networks used to pass sensitive data), create management and access policies, and above all, make sure that employees are educated about how, when and where to use these kinds of technologies,” he says.  Adoption of emerging tech like IoT can actually have more security benefits than challenges, if implemented correctly, Black says.

The same goes for machine learning.

The security wave of the future includes these technologies, so it’s best for businesses to learn about them early, learn about the benefits and reap the rewards of clouds, devices and networks that can learn from, and adapt to, changing behaviors to make for a stronger security posture. The wave of the future will be computers that can grant or deny access based on fingerprinted keyboards that can sense the normal amount of pressure your fingers normally apply.

Taking advantages of benefits like these will help companies move to a new security infrastructure and mindset, he predicts.  “The mobile devices we depend on every day are loaded with sensors, heat, touch, water, impact, light, motion, location, acceleration, proximity, etc.

These technologies have numerous applications including sensing motion and location to ensure people are safe when they travel,” Black adds. These devices are rarely protected or maintained with the same vigor as corporate IT systems, making them generally more vulnerable to being compromised and drafted into a zombie army.

This situation is nothing new, but in the next year we can expect to see “personal networks of things” reside in homes with gigabit internet connections—like those offered by Google and AT&T—and so make home networks far more interesting, especially if vulnerabilities in popular home devices can be exploited mechanically (e.g., how the Mirai botnet was built). Consumers will need to protect their personal networks from this new version of Mirai botnets, creating demand for services that safeguard them. More importantly, vendors will need to adopt better standards for protection of devices.
If the Mirai botnet is any indication, the lack of security in device design is still quite profound, Black says. Speaking of standards Steven Sarnecki, vice president of federal and public sector at OSIsoft, pointed to the National Institutes of Standards and Technology’s (NIST) National Cyber Center of Excellence for a glimpse of what is to come. NIST is currently piloting a project to assess how energy companies can better utilize connected devices to integrate and increase security with hopes of sharing those best practices and insights across the energy sector.   “As more companies wake up to the reality of IoT security threats, these solutions will become more commonplace, enabling enterprises to markedly increase their security footprint with only minimal incremental cost,” he says. Sarnecki adds that in 2017 he would expect a large portion of IoT users, especially within the enterprise and industrial spaces, to begin to seriously consider the “internet of threats” aspect posed by IoT to their networks.

Energy companies, water utilities, and many other critical infrastructure sectors rely on connected devices to support their missions. Jeannie Warner, security manager at WhiteHat Security, agrees that new guidelines will emerge from organizations such as NIST requiring that application security vendors partner with device manufacturers and testing labs to deliver secure IoT systems.  “The internet of things is growing daily, with smart devices and controlling applications at the core of every business from healthcare to smart cars and smart buildings.
It’s essential to protect smart anything from attackers attempting to exploit their vulnerabilities,” she says. In the same way manufacturing safety testing via the American National Standards Institute controls new releases in devices, she believes NIST SP 800 or a similar body will form guidelines for a comprehensive security assurance through the integration of dynamic application scanning technology and rigorous device controls testing. Commonalities in all IoT systems include controls for tracking and sensing interfaces, combined with web- or mobile-enabled control applications that combine to expand the borders of the security ecosystem, she says. New guidelines will (ideally) force more application security vendors to partner with device control testing labs to support manufacturing earlier in the development process, helping the innovative organizations to manage risk by identifying vulnerabilities early in development, continue to monitor challenges during testing, and help release more secure products. Big data The enterprise has paid attention to IoT for some time, though 2017 will be the year we move past the “wow” phase and into the “how do we do we securely and effectively bring IoT to the enterprise, how do we handle the high speed data ingest, and how do we optimize analytics and decisions based on IOT data,” says Redis Labs Vice President of Product Marketing Leena Joshi. Mark Bregman, Chief Technology Officer at NetApp, believes 2017 will be about capitalizing on the value of data.

The explosion of data in today’s digital economy has introduced new data types, privacy and security concerns, the need for scale and a shift from using data to run the business to recognizing that data is the business. Off-line data analytics and threat hunting become endless money pits, says Gunter Ollmann of Vectra Networks. “We’re told, and we observe, that each year our corporate data doubles.

That power-of-two exponential growth, after merely four years of storing, mining, and analyzing logs for threats, means a 16-fold increase in overall costs—with an accompanying scaled delay in uncovering past threats.” Cybersecurity will be the most prominent big data use case, says Quentin Gallivan, CEO of Pentaho, a Hitachi Group Company.

As with election polls, detecting cybersecurity breaches depends on understanding complexities of human behavior.

Accurate predictions depend upon blending structured data with sentiment analysis, location and other data. This then opens another door for hackers. WatchGuard’s Nachreiner says attackers will start leveraging machine learning and AI to improve malware and attacks. “In the past few years, cyber security companies have started leveraging these technologies to help defend our organizations. One of the big problems in infosec today is we are too reactive, and not predictive enough when it comes to new threats.
Sure, once we recognize a piece of malware or a new attack pattern, we can design systems to identify and block that one threat, but hackers have become infinitely evasive.

They have found techniques that allow them to continually change their attacks and malware so regularly that humans and even basic automated systems can’t keep up with the latest attack patterns. Wouldn’t it be great if we had technology that predicted the next threats instead?,” he says. Machine learning can help us do just that.

By feeding a machine learning system a gigantic dataset of good and bad files, or good and bad network traffic, it can start to recognize attributes of “badness” and “goodness” that humans never would have noticed on their own. “Next year, I expect the more advanced cyber criminals to start somehow leveraging machine learning to improve their attacks and malware,” he says, adding that today, both good and bad guys have easy access to open source machine learning libraries like Google’s TensorFlow. The security community as a whole will utilize big data more effectively in order to identify trends and threats, predicts Matt Rodgers, head of security strategy at E8 Security. “Organizations have the information they need, but they cannot find it.
In 2017, companies will start looking at their data sets through advanced analytics to identify trends and risks.

Big companies are already starting to augment their existing SIEM technology with behavior analytics capabilities to this end,” he says. This story, "Data breaches through wearables put target squarely on IoT in 2017" was originally published by CSO.

How Microsoft will drive enterprise IT in 2017

Microsoft had a fascinating and positive 2016, with new hardware and software launches, as well as some surprising acquisitions. With CEO Satya Nadella’s transformation of Redmond nearly complete, we can expect more changes in 2017 as Microsoft’s enterprise reach stretches beyond Windows into the wider world of cross-platform computing and the cloud. Here’s my guide as to what enterprise IT should expect from Microsoft in the new year in each core Microsoft domain. Azure and the cloud transition For the IT administrator and the datacenter, 2017 is likely to be a transitional year. We’ve had a new Windows Server 2016 release, and it’s going to take some time to roll out across businesses of all sizes. With a strong focus on the datacenter (in particular, on running virtualized workloads), it’s clear Microsoft is positioning Windows Server as a tool for the ongoing cloud transition. How does Microsoft see this transition? Most likely: You start with an on-premises Windows Server deployment, moving existing applications and workloads to virtual server instances. New applications and rewrites can then start taking advantage of the extremely lightweight nature of Windows Nano Server and of the cross-platform development model that comes with the open source .Net Core. Once you’ve moved to a containerized delivery model, it doesn’t matter where that code runs—in the cloud or on your servers. One of Microsoft’s big deliverables for 2017 will be its Azure Stack “cloud in a box” combination of software and third-party server hardware.

Both Dell and HP have announced that they’ll ship Azure Stack racks midyear; Microsoft has recently delivered a second preview build for proof-of-concept deployments. Although it’s not a tool for every datacenter, Azure Stack can help deliver hybrid cloud solutions where the same code runs on Azure and on-premises, with the same control and deployment models but with highly regulated data staying in your datacenter. Azure and the rest of Microsoft’s cloud will become increasingly important as part of any IT management policy, with key features in the upcoming Creators Update for Windows 10 relying on cloud services to handle security reports and for software delivery. Much of this will depend on light-touch cloud-based management tools delivered with Intune and initially exposed in Windows 8. Windows 10’s upcoming support for Qualcomm-based ARM PC/smartphone hybrids running Win32 code will likely need to take advantage of this approach, because the resulting budget devices will be used by home workers and contract staff for a mix of personal and work tasks. Cross-platform development The cloud will be a big part of Microsoft’s 2017, especially for anyone writing code.
If you tuned into its 2016 Connect event, you’d have seen that cloud services are a key part of Microsoft’s cross-platform development strategy.

As Xamarin continues to be folded into Visual Studio, the resulting tools (along with the open source Visual Studio Code programmer’s editor) will let you quickly build and deliver application endpoints that run on Windows, Android, iOS, MacOS, and even Unix, thanks to Windows 10’s Bash shell and its Linux support.

Those endpoints will take advantage of Azure services; whether via Service Fabric or serverless compute in Azure Functions. 2017 should see Microsoft continue to improve its Azure services, with updates to DocumentDB and the associated big data tools, as well as the range of IoT services and data analysis services wrapped in the Cortana Analytics Services platform. Similarly, more machine learning functionality should transition from research groups to the wider world as part of the ever-growing Cognitive Services set of APIs, which have turned what would have been complex image recognition and natural language interpretation tools into plug-and-play APIs. Developers should also pay close attention to recent moves by Oracle to monetize its Java licenses, which may make .Net Core a more attractive platform for building the middle tier of applications.

Combined with the release of SQL Server, .Net Core, and PowerShell all on Linux mean that Microsoft’s developer and management platforms can now compete directly with Java, with licensing terms that may well be a lot more attractive.

That’s not something I’d have expected to say about .Net at the beginning of 2016! Devices and collaboration Microsoft’s enterprise device strategy appears to be going well, with significant sales for the collaborative Surface Hub, including some very large deployments. Collaboration is going to be an important theme in 2017, building on the tools in Office 365 and Skype, and with strong competition from Google’s G Suite platform and third-party tools like Slack. People need to work together, and Microsoft is quickly moving to supporting these scenarios. With its new rapid delivery schedule, I expect to see quick changes in Microsoft Teams, opening up to users outside corporate Office 365 installs. The launch of Microsoft’s Teams collaboration platform also sets the scene for another year of incremental improvements to Office 365.

The launch of the Office Insiders program has meant that new features can be rolled out to users and tested in the wild, making it easier to see what new features are coming and when they’re likely to be released. Office 365 and Dynamics should also benefit from the acquisition of LinkedIn, adding an external relationship graph to Microsoft’s existing machine learning tools. Security LinkedIn should also help power a new generation of security tools, using individual relationships to help map the context of, for example, email messages.
Identity has long been a big problem facing enterprises, and by bringing together LinkedIn and Azure Active Directory, Microsoft now has an opportunity to expand its security model away from devices to people—a model that makes more sense in a world where people use multiple devices and multiple operating systems. That model also allows Microsoft to expand its intelligence-based security used by Windows Defender and Office 365 Advanced Threat Protection and other tools, bringing in more ways of understanding how malware flows and providing better tools for identifying phishing messages—especially targeted spear-phishing attacks. There’s already basic support for the FIDO (Fast Identity Online) security tools in Windows 10 and Edge browser. 2017 should see improved support for password-less security, as FIDO 2.0 gains wider acceptance. We’ll see support for Windows Hello biometrics in applications as an alternative sign-in method, as well as support for device-to-device authentication. Although 2017 won’t see the death of the password, it’ll be one of the bigger steps on the road to better ways of authenticating and securing all our devices.

Methbot Ad Fraud Attack Stealing Millions of Dollars Every Day

White Ops report details Methbot advertising fraud scam that is stealing as much as $3-5 million per day, by impersonating both websites and end-users. Security firm White Ops released a study on December 20 detailing a new advertising fraud attack net...