Why the Colonial Pipeline ransomware attack is a sign of things to come

Ransomware has grown fouler than ever, but it’s also grown up. The practice of using malware to encrypt files on a victim’s devices and then demanding a ransom payment for unlocking them has advanced far beyond its origins as a nuisance for individual users. These days, it’s a massively profitable business that has spawned its own ecosystem of partner and affiliate firms. And as a succession of security experts made clear at the RSA Conference last week, we remain nowhere near developing an equivalent of a vaccine for this online plague. “It’s professionalized more than it’s ever been,” said Raj Samani, chief scientist at McAfee, in an RSA panel . “Criminals are starting to make more money,” said Jen Miller-Osborn, deputy director of threat intelligence at Palo Alto Networks’ Unit 42, in another session . Read More …

Why the Colonial Pipeline ransomware attack is a sign of things to come

Ransomware has grown fouler than ever, but it’s also grown up. The practice of using malware to encrypt files on a victim’s devices and then demanding a ransom payment for unlocking them has advanced far beyond its origins as a nuisance for individual users. These days, it’s a massively profitable business that has spawned its own ecosystem of partner and affiliate firms. And as a succession of security experts made clear at the RSA Conference last week, we remain nowhere near developing an equivalent of a vaccine for this online plague. “It’s professionalized more than it’s ever been,” said Raj Samani, chief scientist at McAfee, in an RSA panel . “Criminals are starting to make more money,” said Jen Miller-Osborn, deputy director of threat intelligence at Palo Alto Networks’ Unit 42, in another session . She added that the average ransomware payout now exceeds $300,000, fueled by such tactics as the “double extortion” method of exfiltrating sensitive data from targeted systems and then threatening to post it. That method figured in recent ransomware attacks against Colonial Pipeline and Washington, D.C.’s Metropolitan Police Department . “It’s such a lucrative business now for the criminals, it is going to take a full court press to change that business model,” agreed Michael Daniel, president and CEO of the Cyber Threat Alliance, in that panel. (Just five years ago, the $17,000 ransom reportedly paid by a compromised hospital was a newsworthy figure.) Having this much money sloshing around has given rise to networks of affiliates and brokers. Samani’s colleague John Fokker, head of cyber investigations at McAfee, explained the rise of “ransomware as a service” (“RaaS”), in which you can buy or rent exploit kits or back doors into companies. He showed one ad from an “access broker” that listed a price of $7,500 for compromised Virtual Private Network accounts at an unspecified Canadian firm. The ad vaguely described this target company as a “Consumer Goods (manufacturing, retailing, food etc…)” enterprise with about 9,000 employees and $3 billion in revenue. “The commoditization of these capabilities for the criminals makes it so easy,” said Phil Reiner, CEO of the Institute for Security and Technology, during one of the RSA panels. RSA speakers noted how often ransomware attacks start with exploitations of known, avoidable vulnerabilities. Samani called Microsoft’s Remote Desktop Protocol “the number-one most common entry vector for corporate networks related to ransomware attacks.” Fokker added that companies that use RDP often make this remote-access tool too easy to compromise, joking that RDP also means “really dumb passwords.” The pandemic has helped grease the skids further for ransomware attacks—both by requiring companies to rush into remote work and by making people a little more tempted to respond to COVID-themed phishing lures. As Samani put it, phishing is “still there, still works, people still click on links.” Two other factors make ransomware especially resistant to any suppression attempts. One is cryptocurrency enabling hard-to-trace online funds transfers. Bitcoin and other digital currencies may not be too useful for everyday transactions , but they suit the business of ransomware well Read More …

New iPad Pro: Amazing hardware in search of equally amazing software

There’s a long-standing urban myth that Apple designs products with planned obsolescence in mind—intentionally engineering them so that you’ll grow dissatisfied over time and want to replace them with something newer and shinier. Don’t you believe it. The company actually has a pretty impressive track record of building products that remain useful for the long haul, even well after they’ve been discontinued and replaced. One of the best recent examples is the iPad Pro that arrived back in November 2018 . Now theoretically two generations out of date, it belies its age by feeling just about as fast, fresh, stylish, and capable as it did on day one. It’s even compatible with Apple’s Magic Keyboard, which shipped 16 months later and took the iPad Pro to new heights as a laptop replacement. That 2018 iPad Pro was so good, in fact, that it hasn’t cried out for reinvention. Last year’s iPad Pro  acknowledged that by focusing on improvements to the rear camera system, including some aimed at making augmented-reality apps work better. For most iPad Pro users, it was the kind of update you could sensibly skip, biding your time to see what came next. That time has arrived. Apple is about to release  another new iPad Pro that, like last year’s model, retains the industrial design and basic feature set of the 2018 version. (It officially arrives in stores on Friday, though it’s already in enough demand that Apple is quoting availability dates for new preorders in late June and July.) I’ve spent more than a week with a prerelease 12.9-inch unit provided by Apple, along with a Magic Keyboard case and Pencil stylus. (The keyboard is the new white version , which looks mighty sharp—and, unlike any previous iPad keyboard, is color-coordinated with the Pencil.) Finally, an iPad keyboard case that matches Apple’s Pencil. [Photo: Harry McCracken] In terms of sheer technical excellence, this new iPad Pro is a good-size leap beyond its 2018 and 2020 predecessors. Read More …

Meet the mystery woman who mastered IBM’s 5,400-character Chinese typewriter

I had seen this woman before. Many times now. I was certain of it. But who was she? In a film from 1947, she’s operating an electric Chinese typewriter, the first of its kind, manufactured by IBM. Semi-circled by journalists, and a nervous-looking middle-aged Chinese man—Kao Chung-chin, the engineer who invented the machine—she radiates a smile as she pulls a sheet of paper from the device. Kao is biting his lip, his eyes darting back and forth intently between the crowd and the typist. As soon as I saw that film, I began to riffle through my files. I’m a professor of Chinese history at Stanford University, and I was years into a book project on the history of modern Chinese information technology—and the Chinese typewriter specifically. By that point, I had amassed a large and still-growing body of source materials, including archival documents, historic photographs, and even antique machines. My office was becoming something of a private museum. As I thought, I’d encountered the typist previously in my research, in glossy IBM brochures and on the cover of Chinese magazines. Who was she? Why did she appear so frequently, so prominently, in the history of IBM’s effort to electrify the Chinese language? Read More …

Meet the mystery woman who mastered IBM’s 5,400-character Chinese typewriter

I had seen this woman before. Many times now. I was certain of it. But who was she? In a film from 1947, she’s operating an electric Chinese typewriter, the first of its kind, manufactured by IBM. Semi-circled by journalists, and a nervous-looking middle-aged Chinese man—Kao Chung-chin, the engineer who invented the machine—she radiates a smile as she pulls a sheet of paper from the device. Kao is biting his lip, his eyes darting back and forth intently between the crowd and the typist. As soon as I saw that film, I began to riffle through my files. I’m a professor of Chinese history at Stanford University, and I was years into a book project on the history of modern Chinese information technology—and the Chinese typewriter specifically. By that point, I had amassed a large and still-growing body of source materials, including archival documents, historic photographs, and even antique machines. My office was becoming something of a private museum. As I thought, I’d encountered the typist previously in my research, in glossy IBM brochures and on the cover of Chinese magazines. Who was she? Why did she appear so frequently, so prominently, in the history of IBM’s effort to electrify the Chinese language? The IBM Chinese typewriter was a formidable machine—not something just anyone could handle with the aplomb of the young typist in the film. On the keyboard affixed to the hulking, gunmetal gray chassis, 36 keys were divided into four banks: 0 through 5; 0 through 9; 0 through 9; and 0 through 9. With just these 36 keys, the machine was capable of producing up to 5,400 Chinese characters in all, wielding a language that was infinitely more difficult to mechanize than English or other Western writing systems Read More …