" />
Friday, June 23, 2017

WannaCry Ransomware: For Some Companies, Cyber Attack Is Good Business

0

San Francisco: For Kris Hagerman, chief executive of UK-based cyber security firm Sophos Group Plc, the past week could have been bad. The WannaCry “ransomware” attack hobbled some of its hospital customers in Britain’s National Health Service, forcing them to turn away ambulances and cancel surgeries.

The company quickly removed a boast on its website that “The NHS is totally protected with Sophos.” In many industries, that sort of stumble would likely hit a company’s reputation hard.

Yet on Monday, three days after the global malware attack was first detected, Sophos stock jumped more than 7 per cent to set a record high and climbed further on Wednesday after the company raised its financial forecasts.

As for most other cyber security firms, highly publicized cyber attacks are good for business, even though experts say such attacks underscore the industry’s failings.

“We are making good progress and are doing a good job,” Mr Hagerman said in an interview this week. “People ask ‘How come you haven’t solved the cyber crime problem?’ and it’s a little like saying ‘You human beings have been around for hundreds of thousands of years, how come you haven’t solved the crime problem?'”

Mr Hagerman pointed out that his company only claimed to protect 60 per cent of NHS affiliates and that other factors contributed to the disaster at the hospitals.

“They have their own budgets. They have their own approach to IT generally and IT security,” Mr Hagerman said of individual hospitals, which pick their own operating systems, patching cycles and network setups. Microsoft Corp had issued a patch in March for the flaw WannaCry exploited in Windows operating systems.

Yet Mr Hagerman acknowledged that Sophos did not update its basic antivirus software to block WannaCry until hours after it hit customers.

High stakes

Security experts say hospitals, where the stakes are especially high, represent a case study in how legacy industries need to up their cyber security game.

“We’ve tolerated a pretty poor level of effectiveness, because so far the consequences of failure have been acceptable,” said Josh Corman, a cyber security industry veteran now working on related issues at the Atlantic Council and a member of a healthcare security task force established by the US Congress.

“We are going to see failure measured in loss of life and a hit to GDP, and people will be very surprised.”

Some long-lived medical devices have more than a thousand vulnerabilities, Mr Corman said, and perhaps 85 per cent of US medical institutions have no staff qualified for basic cyber security tasks such as patching software, monitoring threat advisories and separating networks from one another.

Increasingly serious cyber security problems are partly an inevitable consequence of the growing complexity of digital technology.

But there are other causes too, including a lack of accountability that stems from the wide range of technology handlers: computer software vendors, antivirus suppliers, in-house professionals, consultants and various regulators.

Ultimately, Mr Corman said, hospitals need to hire solid cyber security people instead of another nurse or two.

Good for business

“What’s needed is punishment of the negligent,” said Ross Anderson, a University of Cambridge pioneer in studying the economics of information security, referring to the hospitals that did not stop WannaCry.

“This is not about technology. This is about people fouling up in ways people would get a pink slip for” in less-insulated environments, he said, meaning they would lose their jobs.

For now, though, there are few signs of any revamp in large institutions’ approach to cyber security – and little incentive for contractors in the cyber security industry to change.

Sophos was not the only company whose stock rose on Monday, as the global scale of WannaCry became apparent. Shares of US-based FireEye Inc and Qualys Inc both rose more than 5 per cent.

But Sophos stood out, aided by higher expectations for a product the company introduced last year to fend off ransomware – so called because the authors of the malware demand a ‘ransom’ to restore a user’s infected computer – which worked at the hospitals that had installed it.

“It’s good news for our business,” one Sophos employee, who asked not to be named, told Reuters this week. “We were so inundated with people calling us.”

Ransomware attack: French researchers find way to unlock WannaCry

0

Frankfurt: French researchers said on Friday they had found a last-chance way for technicians to save Windows files encrypted by WannaCry, racing against a deadline as the ransomware threatens to start locking up victims’ computers first infected a week ago.

WannaCry, which started to sweep round the globe last Friday and has infected more than 300,000 computers in 150 nations, threatens to lock out victims who have not paid a sum of $300 to $600 within one week of infection. (http://bit.ly/2q0gVEr)

A loose-knit team of security researchers scattered across the globe said they had collaborated to develop a workaround to unlock the encryption key for files hit in the global attack, which several independent security researchers have confirmed.

The researchers cautioned that their solution only works in certain conditions, namely if computers had not been rebooted since becoming infected and if victims applied the fix before WannaCry carried out its threat to lock their files permanently.

Europol said on Twitter that its European Cybercrime Centre had tested the team’s new tool and said it was “found to recover data in some circumstances”.

The group includes Adrien Guinet, who works as a security expert, Matthieu Suiche, who is an internationally known hacker, and Benjamin Delpy, who helped out by night, in his spare time, outside his day job at the Banque de France.

“We knew we must go fast because, as time passes, there is less chance to recover,” Delpy said after a second sleepless night of work this week allowed him to release a workable way to decrypt WannaCry at 6 am Paris time (0400 GMT) on Friday.

Delpy calls his free tool for decrypting infected computers without paying ransom “wanakiwi”.

Suiche published a blog with technical details summarising what the group of passing online acquaintances (https://goo.gl/iIFDZs) has built and is racing to share with technical staff at organisations infected by WannaCry.

Wanakiwi was quickly tested and shown to work on Windows 7 and older Windows versions XP and 2003, Suiche said, adding that he believed the hastily developed fix also works with Windows 2008 and Vista, meaning the entire universe of affected PCs.

“(The method) should work with any operating system from XP to Win7,” Suiche told Reuters, via direct message on Twitter.

Delpy added that so far, banking, energy and some government intelligence agencies from several European countries and India had contacted him regarding the fix.

“THE ONLY WORKABLE SOLUTION”

Guinet, a security researcher at Paris-based Quarks Lab, published the theoretical technique for decrypting WannaCry files late Wednesday and Thursday, which Delpy, also in Paris, figured out how to turn into a practical tool to salvage files.

Suiche, based in Dubai and one of the world’s top independent security researchers, provided advice and testing to ensure the fix worked across all various versions of Windows.

His blog post links to a Delpy’s “wanakiwi” decryption tool which is based on Guinet’s original concept. His idea involves extracting the keys to WannaCry encryption codes using prime numbers rather than attempting to break the endless string of digits behind the malicious software’s full encryption key.

“This is not a perfect solution,” Suiche said. “But this is so far the only workable solution to help enterprises to recover their files if they have been infected and have no back-ups” which allow users to restore data without paying black-mailers.

As of Wednesday, half of all internet addresses corrupted globally by WannaCry were located in China and Russia, with 30 and 20 percent of infections, respectively, according to data supplied by threat intelligence firm Kryptos Logic.

By contrast, the United States accounts for 7 percent of WannaCry infections while Britain, France and Germany each represent just 2 percent of worldwide attacks, Kryptos said.

Only 309 transactions worth around $94,000 appear to have been paid into WannaCry blackmail accounts by Friday (1345 GMT), sevens days after the attack began. (Reuters graphic: [tmsnrt.rs/2rqaLyz).

That’s just under one in 1,000 of the estimated victims.

This may reflect a variety of factors, security experts say, including scepticism that attackers will honour their promises or the possibility that organisations have back-up storage plans allowing them to recover their data without paying ransom.

Google I/O 2017: Google.ai launched in push towards an AI-first world

0

Mountain View, California: As it continues to further its core mission of “organizing the world’s information”, Google (Alphabet Inc.), is moving from a mobile-first to an artificial intelligence (AI) first world, said CEO Sundar Pichai at the Google I/O 2017 developers conference at the Shoreline Amphitheatre in Mountain View, California.

“In an AI-first world, we are rethinking all our products,” Pichai said, adding that the company is using machine learning (ML), deep learning (DL) and computer vision in all its products—be it search, data centres, medical imaging, cloud, Google Assistant, the newly-launched Google Lens for Google Assistant, Google Home, or hands-free calling on Google Home.

All these innovations are now being clubbed under an umbrella unit called Google.ai, which comprises Research, Tools and Applied AI.

“Mobile brought multi-touch. Now we have voice and vision,” explained Pichai. He pointed out that computers are getting much better at understanding speech. “Similar is the case for Vision (with) great improvements in computer vision. Clearly at an inflection point with vision. So today we are announcing Google Lens, which will be first included in Google Assistant,” Pichai said.

As part of Google’s AI-first strategy, Pichai also unveiled its second-generation Tensor Processor Unit (TPU)—a cloud-computing hardware and software system that is part of Google’s AI-first data centre strategy. TPUs, first revealed last year, are chips designed specifically for Machine Learning. Pichai pointed out that TPUs were used by the AlphaGo AI system, DeepMind, that created a stir when it beat Go expert, Lee Sedol.

TPUs are being used by ML models to improve the company’s products like Google Translate and Google Photos. Google said its cloud TPUs are now being deployed across its Google Compute Engine—a platform that companies and researchers can tap for computing resources similar to Amazon Web Services Inc. and Microsoft Corp.’s Azure.

Google also announced that the Assistant is coming to iOS devices. Users will be able to open up the Google App, press the voice button, and speak to the Assistant.

Google wants to improve intelligence in cars too. Even as cars are rapidly transforming into connected, intelligent machines and provide a new opportunity for enabling a rich app ecosystem, they still present a challenging environment—driver distraction, varying screen sizes and shapes, different input mechanisms and local regulations to name a few.

Google on Wednesday said that two billion users are using Android users. Google is using Android Auto to enable developers to deliver “seamless experiences” to drivers through the number of Android Auto compatible cars and the new standalone phone app. The company is now beginning to integrate Android, the ecosystem, and the Google Assistant more deeply into cars.

Further, it was only on 12 May that Google announced Project Treble, insisting that it was “re-architecting Android to make it easier, faster and less costly for manufacturers to update devices to a new version of Android”. Project Treble is a utility that Google wants to implement in the Android ecosystem to roll out the latest updates to the end user, regardless of the device’s make.

Android was unveiled in 2007 as a free, open-source mobile operating system. Project Treble will be coming to all new devices launched with Android O and beyond, according to the blog.

In 2007, Google held its first annual developer conference, which it called Google Developer Day. In 2008, this evolved into a two-day developer gathering at the Moscone Centre in San Francisco and gave way to the Google I/O conference we know today. The “I” and the “O” stand for “input/output”, and Google’s statement of its commitment to “Innovation in the Open”. The goal of the event is to empower developers with the resources they need to create experiences on its platforms including Android, Chrome, and Cloud.

Technology companies such as Google, Facebook Inc., Amazon.com Inc. and Nvidia Corp. want to claim the AI mindspace. For instance, just as Google has its TensorFlow framework for Deep Learning, Facebook has Caffe2. Amazon’s Alexa, Microsoft’s Cortana and Apple’s Siri compete with Google Assistant.

Moreover, other than newer entrants like the Bridge Explorer Edition from Occipital, there are existing products like Amazon Echo and Microsoft’s Project Evo that compete with Google Home. Echo connects to the Alexa Voice Service to play music, provide information, news, sports scores, weather and more. Google Home, on its part, is a voice-activated speaker powered by the Google Assistant.

The question, though, is whether Google have what it takes to deliver the goods, especially in the enterprise market where it does not have a significant presence?

“I think Google has everything it takes to deliver consumer services that are enhanced and improved by AI. Google derives 95% of their profit from consumers, so I’m a bit sceptical if they can convert that to enterprises. Their business model of mining personal information could also clash with what enterprises really want, which are ways to make more and save more money. There’s no doubt Google has the experience. I question whether they have the enterprise mindset,” said Patrick Moorhead, president and principal analyst, Moor Insights and Strategy.

Chinese firms shipped 51% smartphones to India in March quarter: IDC report

0

Chinese phone makers are on a roll in India, according to International Data Corporation’s (IDC) Quarterly Mobile Phone Tracker for Q1 of calendar year 2017. The report shows that Chinese phone makers shipped 51.4% of the total smartphones shipped in the Indian smartphone market in this quarter, with year-on-year growth of 142.6% and quarterly growth rate of 16.9%.

Xiaomi, which wasn’t even in the top five list in Q1 2016, is now the second leading smartphone company in India with a market share of 14.2%. It registered a sequential growth of 39.8% in Q1 2017. IDC attributes its success to its budget offerings such as Redmi Note 4 (priced at Rs9,999 onwards) and Redmi 4A (Rs5,999). The Redmi Note 4 also emerged as the highest shipped smartphone in the country in Q1 2017, replacing Samsung’s Galaxy J2 which was the most shipped smartphone in the last quarter of 2016.

Vivo, Lenovo and Oppo occupy the third, fourth and fifth positions, respectively, in terms of market share. Vivo controls 10.5% of the market share and its shipments grew 44% over the last quarter. With a market share of 9.5%, Lenovo has slipped down from the third to fourth slot in Q1 despite the fact that its shipments grew by 33.7%. Oppo has a market share of 9.3% but its shipments grew by just 14%.

The success of Chinese brands can be attributed to their aggressive pricing, better user experience, faster adoption of 4G technology and greater emphasis on cameras. About 62.2% of smartphones shipped by Chinese brands in Q1 2017 had 13-megapixel or higher resolution cameras.

The unshakeable Samsung

South Korean giant Samsung continues to be the number one smartphone company in India with a market share of 28.1%. Though the company registered year-on-year growth of just 1.5% (it controlled 26.5% of the market in Q1 2016), it reported growth of 16.9 % in Q1 2017. Samsung’s success can be attributed to its volume-driven market strategy and launches in the affordable J series and the mid-range C and A series in Q1 2017.

Tough times for Indian companies

Indian companies such as Micromax, Lava, Reliance Jio and Intex which together controlled 40 % market share in Q1 2016, have slumped further and now control just 13.5% of the smartphone market share. “Indian vendors are making attempts to recapture the lost ground with new launches in sub-$100 as well as in the mid-range segment. But intense competition from China-based vendors continues to be a major challenge and is expected to increase in coming quarters,” says Jaipal Singh, market analyst, client devices, IDC India.

Positive signs

The Indian market showed a healthy year-on-year growth of 14.8% and quarterly growth rate of 4.7%, claims IDC. Also, a total of 27 million smartphones were shipped in the country in Q1 2017.

People are now spending more on smartphones. The report points out that the average selling price (ASP) of smartphones selling in the country has increased from $131 (approximately Rs8,390) in Q1 2016 to $155 (approximately Rs9,927) in Q1 2017.

Facebook adds Snapchat-like camera filters to Instagram

0

Bengaluru: Facebook Inc’s Instagram has souped up its camera with quirky face-tracking filters, adding another feature similar to that offered by social media rival Snap Inc’s Snapchat.

Instagram users will now be able to choose from a range of filters including koala ears that move and twitch as well as math equations that spin to create humorous effects.

Other new features include a rewind mode for videos, which will allow users to play video in reverse, and hashtag stickers to visit hashtag pages.

Facebook has been amping up its camera tool to take on Snapchat’s features such as disappearing messages and face-tracking filters, which are hugely popular among its teenage and millennial users.

The world’s largest social media network has already added several Snapchat-like features such as Stories, which allows users to upload pictures and video slideshows that disappear after 24 hours.

Instagram said in April over 200 million people used Stories daily.

Snap, in its first earnings report as a listed company, said it had 166 million daily active users as of 31 March.

Snap’s shares have been on a roller-coaster ride since their market debut on 1c March. The stock plunged about 23% last week after the company posted disappointing quarterly results.

However, it recouped some of those losses after several institutional investors including George Soros and Daniel Loeb disclosed stakes in the company.

Snapchat’s shares fell 1.5% to $20.42 in early trading on Tuesday, while Facebook’s shares were little changed.

Verification: 55a190b0664d6f07