Intel Warns Of Alarming Rise In Ransomware Attacks

According to the European head of technology for Intel, Raj Samani, Ransomware is “rising at an alarming rate and show no signs of stopping…”

Ransomware is malicious malware installed secretly on victim’s machines that encrypts all or part of the data on a person’s machine and that can then only be unlocked by entering the decryption key, or by the hacker themselves.

But of course it’s not like the software criminals are doing it for a laugh or as part of some sort of merry jest.

Typically, for an end user to be given access to the decryption key, they must first pay the ransom, normally in the form of the online crypto currency Bitcoin, which by its nature is almost impossible to trace.

Users who refuse to pay, or don’t do so before a given deadline face losing the data stored on their computers forever. The cost or ransom demand for unlocking the data can vary enormously, with individuals being forced to pay a few hundred dollars, with businesses being asked to part with thousands of dollars.

The surge in the use of ransomware is partly down to the ease of use with which online criminals can get their hands on ransomware, and the increase of DIY kits that hackers can use to trap their victims.

Mr Samani, talking to the BBC, blamed the rise on the appearance of freely available source code for ransomware and the debut of online services that let amateurs cash in for a relatively small one-time investment.

Recently released research has pointed to a 3,500% increase in the criminal use of net infrastructure that helps run ransomware campaigns in the last year alone

Experts who study ransomware have noted that there are now more than 120 separate families of ransomware that are currently in use.

But why is it so effective?

Because victims don’t have much of a choice but to pay up. For the criminals who use it, it’s a win/win situation. Even if someone doesn’t pay and decides that they can afford to lose all their data such as family photos, essays, and whatever else they have on their machines, the criminal will just move on to the next victim.

But for some people, they feel they have no option, and in terms of forcing victims to comply, time limits are set for them to make up their mind or face the real promise that they will lose their private or corporate information forever.

But crucially, experts have also stated that the increased use of ransomware has proved to be a problem for antivirus programs highlighting their weakness as an effective deterrent when it comes to dealing with such attacks. That being said, it would be a mistake not to have up-to-date antivirus on your device!

BullGuard And The World’s First IoT Security Scanner

The internet of things is awesome…and BullGuard aims to keep it that way by keeping hackers out of your connected devices with its IoT Scanner.

The Internet of Things has steadily taken off, perhaps not in the overnight world-changing manner that many people hoped, but in the ongoing rollout of connected devices that make our lives easier, safer, and just more fun. From thermostats that track your usage and adjust accordingly to refrigerators that keep up with how much milk you’ve used in order to quietly purchase more for you, IoT innovation is only scratching the surface of its capabilities.

But what if IoT wasn’t so helpful, or so user-centric? What if it was actually more like the latest Hollywood blockbuster cyberthriller? White hat hackers have already demonstrated how they can intercept an installed insulin pump and deliver a fatal dosage. Implanted pacemakers that “talk” to the patients’ cardiologists have been scrutinized for their ability to be hacked and forced to fatally alter patients’ heart rhythms. Even vehicles on the road have been proven in a now-famous demonstration to be vulnerable to hackers who can take over everything from the windshield wipers to the brakes while the car is in motion.

That’s why antivirus software developer BullGuard has issued what they consider the world’s first IoT scanning software, intended to show consumer-level users who else is on their network and potentially tampering with their devices.

“The Internet of Things has moved rapidly from an early adopter market into the mainstream, but in doing so has introduced a range of new security concerns for consumers,” said Paul Lipman, CEO, BullGuard, in a press release. “We’ve made an important first step towards addressing these issues with IoT Scanner, a tool that allows anyone to check if smart devices in their home are secure.”

In an interesting turn of the tables, IoT Scanner uses data from Shodan, a search engine for IoT devices that are currently installed and in use; Shodan has already been blamed for being the data source that hackers have used to remotely infiltrate IoT products without their owners’ knowledge. BullGuard’s IoT Scanner scans for vulnerable smart devices–security cameras, baby monitors, Smart TVs, even wearables– and presents the results in a user-friendly way. If an unsecured device is discovered, it’s flagged and shared with the owner, along with “details of potential vulnerabilities.”

Facebook Reluctantly Offers End-to-End Encryption

In this day and age of privacy invasion–whether committed by hackers or by our own governments–end-to-end encryption in a messaging platform is highly sought after. It has the power to win over long-time devotees to a competing app, for example, as WhatsApp discovered when they unveiled their e-to-e offering. Other platforms have followed suit, and have even made this sender/recipient-only encryption par for the course, meaning it’s a default feature without any kind of hoop-jumping on the part of the user.

Which is why Facebook’s new end-to-end offer is so confusing. Not only does the user have to engage the encryption every single time he sends a message–meaning there’s no setting that can just automatically afford the user this level of security–but only one device in the Facebook user’s account can be encrypted for this kind of purpose. There’s no syncing your messages with encryption engaged, that is.

Why would two of the biggest names in tech–Facebook and the other company to shun this encryption, Google–be willing to lose out on the user loyalty that e-to-e could stand to offer? Perhaps because both Facebook and Google are in the business of gathering their customers’ information, storing it, using it, and even selling it. However, don’t think they’re all bad: the method by which Facebook’s new Secret Messages (yes, it’s actually called that) will function means your messages cannot be accessed by the company and therefore cannot be turned over to the government, even with a warrant or court order. How very Apple of them.

Secret Messages will be powered by a mainstay of encrypted communication tech, Open Whisper Systems, whohas publicly stated its approval for Facebook’s efforts, even while admitting it’s less than thrilled with the multi-step effort users have to expend rather than making encryption the default setting for every user.

US Court Rules Password Sharing Is Illegal

A US appeals court hearing has ruled that password sharing is actually illegal.

So could Netflix users find themselves up in court now? Probably not. Probably….

The verdict was handed down in a case involving a former employee of a business who had used a former colleague’s login details to access his ex-workplace’s network and database.

In the final response to the case, one of the presiding judges ruled that nearly all access to protected computers without proper authorisation or permission, was an activity that in theory at least, could actually now be considered a criminal act.

The wider implications could have a real effect on the wider sharing of passwords outside of confidential and/or business environments, said one of the judges who disagreed with the ruling.

Some tech industry commentators have also shared concerns that the ruling could set a precedent for the results in future cases, including disputes about the sharing of Netflix passwords.

Judge Reinhardt, who was against the specifics of the ruling argued that the verdict called into question that fact that password sharing was not the same as hacking, could not be considered the same thing, and was concerned how the outcome of the case would affect the literally millions of people who shared passwords for email, social media, and other sites such as Netflix, citing the fact that the act of doing so was ‘generally harmless conduct.’

Reinhardt speculated that ordinary people could in certain innocent cases find themselves jailed as a result of the ruling.

Judge McKeown however, another of the appeals court judges, disagreed, and wrote in her summation that the specifics of the case bore little or no ‘resemblance to asking a spouse to log in to an email account to print a boarding pass.’

Only time will tell how other similar cases fare in criminal and civil prosecutions, and whether the case in question will be referred to in a specific sense, or if a blanket precedent has been set that could negatively affect people who like House of Cards.

Are Security Holes In Apps Leaking Your Data?

There’s an app for just about everything these days, especially where our health is concerned. However, what permissions are consumers blindly granting to the latest apps, and who has access to that data?

News recently appeared that a popular pregnancy and fertility tracking app had some serious security holes,  inlcluding a security issue that allowed a relatively easy breach of users’ information.

Glow, which lets its users do everything, from monitoring their entered data to connecting with other couples via the app’s forum, was the subject of a Consumer Reports investigation. The results were alarming. Using simple, free security testing software, the team was able to access Glow users’ names, email address, birth dates, pregnancy due dates, sensitive health information, and more.

Even more upsetting, Consumer Reports was able to glean data on users’ sexual activity, history of abortions or miscarriages, and more; all through a security flaw, which was left wide open and required very little technical skill to penetrate.

Glow’s executives have been quick to point out that this was not a data breach, but an intentional investigation by an outside consumer advocacy group working to protect the public. They also claim that the security hole has now been patched. But is this another sign that we’re blithely giving faceless entities access to our most sensitive–and even intimate–personal information?

It’s all too easy to blame the app developer for building a vulnerable product, but at some point, consumers have to take responsibility for limiting how much data they share, knowing where it goes, and understanding who can access it. In the case of Glow, users were understandably in a precarious position; pregnancy and fertility are highly emotionally charged personal issues, and any tool that can make the process easier for would-be parents is certainly enticing. And given the financial burden surrounding conception and carrying a child to term–considering that fertility care in the US is a $2 billion a year industry that costs patients an average of $12,400 per IVF attempt–it’s easy to see why an inexpensive app that might help move things along seems like a good option.

But that’s just one app. Headlines about security flaws and data breaches surrounding everything from school database software to the latest game app should have already served as a cautionary tale, yet consumers still willingly agree to grant permissions to the developers without even questioning the privacy concerns. In order to secure our data, as tech users we’ve got to start demanding answers to the questions of where our information goes after we share it, and why someone needs it in the first place.