News Roundup: NotPetya is the next WannaCry and then some
Internet

News Roundup: NotPetya is the next WannaCry and then some

A roundup of the week’s tech news including two billion Facebook users, Game of Drones, and Snoop Storage.

NotPetya is the next WannaCry and then some

Another week, another massive ransomware attack based upon exploits hoarded the by NSA.

The infection started with various companies in the Ukraine including freight company Maersk and the state-owned Ukrenergo and Kyivenergo have been affected. But it has since spread across Europe and beyond, including Rosneft, WPP, DLA Piper.

“Whether you believe the Ukraine is a test-bed for nation-state aggression or an issue between two specific countries, the continued barrage of attacks against Ukrainian infrastructure is disturbing,” said Edgard Capdevielle, CEO of Nozomi Networks.

The official Ukraine Twitter account took the attack in its usual good humour, claiming there ‘was no need to panic’ and posting a ‘this is fine’ meme.

This new variant of the Petya ransomware – dubbed NotPetya by Kaspersky Lab – uses a mix of the NSA exploit used within WannaCry and then spreads through internal networks using the PsExec command-line tool which allows users to run processes on remote systems. Once it has spread to a computer, it then encrypts the entire disk rather than individual files and demands $300 in Bitcoin to unlock. Some experts are pointing to a corrupted update from Ukrainian tax-filing software, MEDoc, as the source. The company has denied this.

A work-around was found to help stop the spread of the virus but has to be done on a per-device basis, and no WannaCry-style killswitch has been found.

Theories about what is behind the attack are yet to materialise.

“It’s hard to say what the motivation behind the attack might be, but one could speculate it is someone “testing” for something larger,” said Malcolm Harkins, Chief Security and Trust Officer at Cylance. “It could also be someone wanting to bring attention to how vulnerable the world has become and demonstrate the lack of adequate security in organizations and the failed security solutions they have deployed.  It could be organised crime who is monetising this in a different way than by using Bitcoin.  It could be a variety of nation-state actors trying to demonstrate to others they could cause harm if they wanted.  Or it could be someone who is just wanting to create a little havoc for the world and they have the means to do it because the barrier to entry to unleash something like this are so low.”

The email address used in the ransomware payment details has been shut down by its host, Posteo. This does mean, however, even if the ransom is paid, there’s no way to communicate that to the attackers. So don’t pay up. The Bitcoin wallet associated with the ransomware has so far had just 46 payments totaling four bitcoins (around $12,000) paid into it. However, some researchers are claiming the attack was never designed to make money in the first place but simply to destroy data.

The Shadow Brokers – the group which first leaked the NSA’s EternalBlue exploit – used the attack as a chance to promote itself again and double the fee for subscribing to its July information dump. The fee is now 200 zCash coins, equivalent to around $60,000. There is a crowdfunding campaign designed to help SMBs spread the financial burden of subscribing and share (and patch) whatever the Shadow Brokers release. 

Ed Snowden took another opportunity to have a pop at the NSA for developing exploits in the first place. He tweeted:

“How many times does NSA's development of digital weapons have to result in harm to civil infrastructure before there is accountability?”

In other WannaCry-related news, a report from the Chartered Institute for IT in the UK blamed ‘a lack of accountability and investment’ as the reason the NHS was so badly affected by the ransomware attack.

 

Google fined

When you dominate one aspect of business almost completely, you’re bound to run into trouble occasionally. Google this week was fined €2.42 billion ($2.7 billion) by the European Commission after it was found to be promoting its own shopping service in search results.

“Google's strategy for its comparison shopping service wasn't just about attracting customers by making its product better than those of its rivals,” said Commissioner Margrethe Vestager. “Instead, Google abused its market dominance as a search engine by promoting its own comparison shopping service in its search results, and demoting those of competitors.”

The company must end the practice within 90 days or face additional penalties of 5% of the average daily worldwide turnover of Alphabet; around $14 million a day.

Swiss email service ProtonMail – who has accused Google of suppressing the company in search results – was glad of the outcome.

"As a recent victim of Google's search practices, we are glad the EU is doing more to ensure accountability and transparency in search," CEO Dr. Andy Yen said in a statement emailed to INQ.

"In doing so, we believe the EU is taking an important step towards protecting consumers and ensuring healthy competition online."

Google is considering whether to appeal and outlined its view in a company blog:

“While some comparison shopping sites naturally want Google to show them more prominently, our data shows that people usually prefer links that take them directly to the products they want, not to websites where they have to repeat their searches,” wrote Google General Counsel Kent Walker.

Two billion FB users

Of the seven billion-odd people in the whole world, some 3.2 billion people are estimated to be online. Facebook now has two billion monthly active users. That’s around 2/3 of the entire online population and around 1/3 of the entire world. Visiting one site. It reached one billion in October 2012. Those are some big numbers.

 

 

M&A

Toshiba has missed its own deadline for announcing a buyer and decided to sue WD. Raytheon could be headed towards an IPO while TinTri has abandoned its own at the 11th hour. Trend Micro has announced a $100 million venture fund for security startups.

Apple has bought German eye-tracking startup SensoMotoric Instruments, Accenture has acquired Intrepid, Progress has snapped up Kinvey, JFrog has purchased CloundMunch, Fiverr has snaffled Veed.me, and India’s WhatsApp Hike has snaffled InstaLively.

In the rumours department, Alibaba is reportedly close to taking over ZTE’s software unit, known as ZTEsoft.

AR startup CastAR and automotive camera maker Pearl are both shutting up shop.

 

TGIOSF (or Thank God It’s Open Source Friday)

It’s Friday! Which means it’s nearly time to get ready for the weekend and party. Except to GitHub, which has decided that Fridays should be about developing Open Source projects. Open Source Friday is just that; an initiative to make Friday a day of the week where businesses spend time giving back to the Open Source community.

LinkedIn has Open Sourced two tools designed to help with reporting problems. Iris is an automated system for incident reporting, while Oncall is a scheduling application for engineers.

Sony, meanwhile, has released its Neural Network Libraries to the world. The NNL provide a framework for creating Deep Learning/Neural Network-based applications.

 

Fix your phones so we can fix our phones

The likes of iFixit, Tech Dirt, and the EFF have been banging the drum of repairable electronics and ‘Right to Repair’ legislation for a long while. Greenpeace has now joined the call with its Rethink-IT campaign. The big green non-profit rated 40 phones from 17 companies on their reparability. Fairphone and LG did well in the mobile space, while HP fared best in the tablet space and Dell in the laptop section. Samsung fared worse in the mobile space, while Apple and Microsoft did badly in the tablet and laptop sections.

“A number of products from Apple, Samsung, and Microsoft are increasingly being designed in ways that make it difficult for users to fix, which shortens the lifespan of these devices and adds to growing stockpiles of e-waste,” said Gary Cook, IT Sector Analyst at Greenpeace USA.

 

Cloud wars

Last week it was reported that Walmart has told its developers and partners not to use Amazon’s Cloud services. Amazon isn’t impressed.

“We've heard that Walmart continues to try to bully their suppliers into not using AWS because they have an incorrect view that AWS is somehow supporting Amazon's retail business,” reads an Amazon statement.

“Plenty of suppliers are standing up to Walmart and refusing to be told that they can't use the leading infrastructure technology platform (AWS). Tactics like this are bad for business and customers and rarely carry the day.”

 

Confused by kangaroos

Driverless cars have come a long way in a short space of time. And we don’t just mean the distance driven. But there are still plenty of variables that can easily confuse these autonomous vehicles. For example, in Australia, Kangaroos apparently confuse the cars no end.

"We've noticed with the kangaroo being in mid-flight when it's in the air, it actually looks like it's further away, then it lands and it looks closer,” Volvo Australia's technical manager David Pickett told ABC.

Given that roos account for thousands of driving incidents a year in the country, it’s something those cars are going to need to overcome.

In other news, California legislators have ruled that all driverless cars will require a licensed driver behind the wheel.

 

Vive la France

With the UK and US seemingly terrified of people coming to live in their country, even if they’ve got a high skill set, there are windows of opportunity for other countries to develop their tech nous. Canada is reaping the benefits from the US, and France is poised to mop up from the Brexit fallout.

“I want France to be the nation of innovation and start-ups, ” President Macron said at the Viva Tech conference in Paris, where he also said that the previously announced French Tech Visa is now available. The visa allows international tech founders, employees, and investors to obtain a four-year work and residence permit.

 

Driving flying drones

What if drones only flew some of the time? It’s a question MIT researchers have been looking at and in response have developed autonomous drones that can both fly and drive. Such designs would enable ‘machines that could fly into construction areas or disaster zones that aren’t near roads and then squeeze through tight spaces on the ground to transport objects or rescue people, according to MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL). Part of the research was around finding a way to balance energy requirements and the design.

There’s already competitive drone racing and robot sumo, so of course some genius combined the two. Enter Game of Drones:

Walk

We’ve all done it; you’re engrossed in your phone and then boom, you’re millimetres away from clanging into a lamppost. Well, no more! Samsung has quietly solved the problem. Its ‘Walk Mode’ app will provide you with ‘unsafe walking alerts’ and detect if you’re being honked by a car (because soundproof earphones are pretty good these days).

Currentl, it’s only available in India and had less than 500 downloads, and the disclaimer is worth a read:

“Samsung shall not be responsible for any loss or damage arising from non-compliance with any applicable laws, regulations, or guidelines. Use of mobile phones while walking should be avoided. The intent of Walk Mode is only to caution you to refrain from using mobile phones while walking.”

Snoop storage

Remember that time Salesforce had Metallica play at its conference? That was pretty cool. Pure Storage, however, refuses to be outdone. They had the one and only Snoop Dogg play at its Accelerate 2017’ conference in San Francisco. According the Reg, Snoop asked the crowd, “Where the sexy single ladies at?”, showing he has a firm grasp of the issues around the lack of women in IT.

No official footage so far, but here’s some mobile footage from an attendee:

PREVIOUS ARTICLE

«Sneak peek: Augmented reality looks to shake up Wimbledon

NEXT ARTICLE

African response: Seven ways the local datacentre space is booming »
author_image
Dan Swinhoe

Dan is Senior Staff Writer at IDG Connect. Writes about all manner of tech from driverless cars, AI, and Green IT to Cloudy stuff, security, and IoT. Dislikes autoplay ads/videos and garbage written about 'milliennials'.  

  • twt
  • twt
  • Mail

Add Your Comment

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Will Kotlin overtake Java as the most popular Android programming language in 2018?