© 2021 AO Kaspersky Lab. All Rights Reserved.
COVID fake news and false hope
“Cybercriminals were quick to realize many years ago that people fall prey to hot topics,” says Costin Raiu, Director of Global Research & Analysis, Kaspersky. And today’s hottest topic is the pandemic.
Chapter 2 of hacker:HUNTER ha(ck)c1ne explores COVID-related phishing attacks, known as spear-phishing. These attacks skyrocketed by nearly seven times between February and March this year.
When the virus took force, and we were all frantic trying to help each other, cybercriminals found a way to wreak havoc. In September, Facebook announced an aid program of $100 million for small business owners affected by the pandemic. When the story was picked up by the media, hackers started fishing (or, more accurately, phishing) with the bait.
Cybercriminals published fake news saying Facebook would be handing out free money to everyone affected by COVID-19. On a site cleverly disguised to look like Facebook, you fill out a form that shares personal data like your address, social security number or a photo of your ID. You get a confirmation message that your application has been accepted and sit back and wait for the money to arrive. It never will.
The worst part? It’s not the false hope, but what cybercriminals can do with this information: tricking friends and family members into sending money, credit card fraud or even identity theft
.
It’s not just people like us who criminals are targeting – organizations are hit too. At work, you get sent an email you think is from someone you know or your manager. But when you click on a link or open an attachment, it downloads malicious software opening the door for hackers to access the corporate network. They download data to sell on the dark web, or encrypt it via ransomware and force the business to pay the ransom to stop it from being leaked.
Photo by Adam Nieścioruk on Unsplash
Criminals have the resources to hit everyone, from society’s most vulnerable people to lucrative targets like big businesses and government. “Clearly the world is not as safe as we would like it to be. We’re surrounded by all kinds of new and different threats,” explains Zak Doffman, Founder and CEO of Digital Barriers. “The access to COVID treatments is a nation-state wide competitive advantage.”
In the face of this influx of threats, more kudos to the people keeping us and our data safe, like the Cyber Volunteers 19. To keep yourself safe, Kaspersky Daily serves up advice on spotting and protecting yourself from the Facebook grants scam.
#fromkurilswithlove:
Defenders of Digital:
Topic:
AI won’t steal all our jobs – tech entrepreneurs predict something different.
With COVID-19, businesses have changed fast, but leaders see bigger changes coming.
With COVID-19, businesses have changed fast, but leaders see bigger changes coming.
Entrepreneurs in cutting-edge tech don’t believe AI, robots and automation will replace all human jobs, leaving us nothing to do. A new two-part video series, The Future That Works, looks at how work is about to change beyond recognition.
As automation changes the workplace, ever-increasing output is leading us to another crisis. Technology entrepreneurs argue we must make fundamental changes in why businesses exist and how economies work to reduce the inequality that threatens to destabilize society.
Watch the film to explore how experts including Aaron Dignan (Founder, The Ready), Katz Kiely (Founder, Beep) and Theo Saville (CEO, CloudNC) are imaging a future that works.
Topic:
Why listen to these tech high-flyers about your work future?
Because they know what they're talking about.
Because they know what they're talking about.
The prevailing wisdom is that the fast pace of automation, digital change and AI (artificial intelligence) will soon leave most of us jobless. Talking with some of the most successful tech entrepreneurs around the world, not one agreed with this dark premonition. Rather, they pointed to a different kind of future we should prepare for.
A new two-part video series, The Future That Works, probes the minds of people who are harnessing AI and emerging technologies to help solve some tough problems. They see work changing beyond recognition in the future, but it’s not all bad.
Watch The Future That Works, Part 1:
AI and robots will take all our jobs? Tech leaders don’t think so – Part 1 youtu.be
Why listen to these people when it comes to predicting our technological future? Let’s take a look at some of the innovative businesses they front.
Simby is a fully personalized, wearable AI technology that aims to break our addictions to our devices and social media while still giving us all the benefits of being digitally connected. Co-founder and head of product Andrew Doherty believes technology should benefit our lives and do no harm, and that users should have full control of their data. This ‘sassy best friend’ is still under development but coming soon.
Organizations can be as buggy as bad software, with minor frustrations putting a damper on everyone’s concentration and creativity. Doing something about these problems can feel like swimming upstream, especially when management doesn’t understand how much energy small annoyances suck out of their staff.
Katz Kiely is part of the team behind Beep, a system that rewards and recognizes people for raising problems and finding solutions in their business. It puts leaders in touch with their employees’ real challenges, flattening the hierarchy and reconnecting people with meaning in their work.
Author and tech entrepreneur Aaron Dignan knows exactly how hierarchy and bureaucracy hold back progress in business. He gleaned this wisdom from in-depth study of organizations known for adapting to change and getting fast results, like Spotify, Burning Man and Basecamp.
He’s not only published these findings for the benefit of other entrepreneurs in his popular 2019 book Brave new work: Are you ready to reinvent your organization? He’s also founder of The Ready: An ‘operating system’ that helps businesses change their culture and see themselves more as a garden than a machine.
CloudNC is bringing safety and accuracy to factories with AI and autonomous manufacturing. Their clients manufacture parts for air travel, space exploration and defense, among other industries, where perfection is necessary every time.
Full automation in manufacturing also allows for on-demand production. This option is in high demand since COVID-19 has made the global market and labor supply hard to predict. Co-founder Theo Saville says making manufacturing more environmentally sustainable is also top of CloudNC’s agenda.
Agriculture is one of the fastest-changing industries on the planet, while soil depletion, habitat loss and methane emissions come to the fore in the public consciousness. Farmers often face little choice in how they operate because they’re time-poor, isolated and face high set-up costs for change.
AgriLedger Founder and CEO Genevieve Leveille wants farmers to get the best price for their hard work, giving them more choice and making sure doing better for people, animals and the environment pays dividends. Using blockchain, AgriLedger brings users benefits like supply chain traceability, market information and access to finance.
Topic:
Unravelling the 2018 Pyeongchang Olympic cyberattack mystery
Looking forward to watching the Olympic Games in Tokyo? Here’s a reminder of what happened at the opening ceremony of the 2018 Winter Olympics in Pyeongchang
Barely noticed by the public, but an elaborate hacking attack hit the stadium, starting a cyber-political puzzle.
It is February 9, 2018. The stage is set for the Pyeongchang Winter Olympics’ opening ceremony. But the organizers didn’t realize one of the most deceptive cyberattacks in history was afoot.
This three-part series looks at the background to the Pyeongchang cyberattack, the Olympics IT team’s stunning response and why it was so hard (and so risky) to find out who did it.
Meet the tech visionaries defending your digital world
The Defenders of Digital video series profiles tech experts who guard the digital world. We’ll soon launch season two, but for now, these are the five people whose stories started it all. They’re critical to our future: they make our digital world safe, free, open and functional. Who are they, and what motivates them?
Eva Galperin was outraged by a hacker who abused women then threatened to compromise their devices if they spoke out. She has since become the most powerful voice in the fight against stalkerware, and in doing so, helped thousands of victims get their privacy back.
Security specialist Einar Otto Stangvik wanted to use his programming skills to do more than make money. He developed software to identify hackers stealing and sharing private photos from iCloud backups. One hacker turned out to be a prominent public figure.
Now Stangvik is onto an even more ambitious project that will help vulnerable children.
Salvi Pascual knows the heavily censored Cuban media and internet well. When he moved to the US, friends started asking him to send them online content they wanted. It turned into a business, but getting around government controls had Pascual’s team always on their toes. Soon, they’d developed a solution that’s uncensored the internet for thousands of Cubans.
Giorgio Patrini is fighting back against the constant threat of fake news.
‘Deepfakes’ is the disturbing phenomenon of videos or audio that use AI-based algorithms to substitute one person for another. Nearly indistinguishable from the real thing, they’re used to harass, blackmail and commit fraud. But Patrini knew when technology creates a problem, it can also create a solution.
Kira Rakova believes our digital footprint is like a private journal. A breach of private online information is like publishing someone’s diary without their consent. While there is increasing concern over personal data being used to manipulate and defraud, not everyone understands the risks and what they can do about them.
That’s where Rakova and her team come in. They use privacy auditing to help people regain control of their data.
You’ve seen the first series of Defenders of Digital. Soon, we’ll bring you a new series with changemakers from around the globe.
Subscribe to Tomorrow Unlocked on YouTube for the latest episodes.
False flags and confusion bombs: Inside the 2018 Olympics malware
Security researchers described the code used to attack the 2018 Pyeongchang winter Olympics as ‘Frankenstein-like.’ In part two of our video series, hacker:HUNTER Olympic Destroyer, they explain how the malware was designed to point in multiple directions.
The designer of an extraordinary piece of code lodged it in a system where it remained undetected for months. Part two of hacker:HUNTER Olympic Destroyer explores the nature of the attack, its process and why ‘Frankenstein-like’ code made it one of the most mysterious advanced persistent threat (APT) attacks in history.
Olympic Destroyer was the perfect example of an APT. What are they, and why are they so harmful?
APTs are sophisticated hacks that often wait for the perfect time to strike to create maximum damage. They lodge themselves in a system and steal critical data over weeks, months or years. Those behind these attacks build complex software for intentional damage – from espionage and sabotage to data theft.
APTs are notoriously associated with highly organized groups. They attack high-status targets like countries or large corporations, notably in manufacturing and finance, aiming to compromise high-value information like intellectual property, military plans and sensitive user data.
Their high-profile targets will have secure networks and defenses, so threats must stay undetected as long as possible. The longer the attack goes on, the more time attackers have to map the system and plan to steal what they want.
Motives behind attacks vary, from harvesting intellectual property to gaining advantage in an industry, to stealing data for use in fraud. One thing is clear: APTs cause severe damage.
Olympic Destroyer was the perfect APT. A highly-organized group attacked a national Olympic committee, and it worked.
The ‘confusion bomb’ had been undetected in the computer system for four months, biding its time to strike. Being in the system gave them time to find weak spots and pain points to make the attack more devastating. When it finally surfaced, all hell broke loose.
By directly attacking the Olympics’ data centers in Seoul, South Korea, Olympic Destroyer cut employees’ access to network computers. Because Wi-Fi was out, Olympic building security gates stopped working, coverage stopped, and the whole infrastructure went offline. The Pyeongchang IT team was staring down the barrel of a potential geopolitical disaster.
Stay tuned for episode three, where we unravel the IT team’s ingenious response and find out who did it. Any guesses? Go to hacker:HUNTER to stay up to speed.
The people fighting online child exploitation, one image at a time
Meet Susie Hargreaves and her team.
Meet Susie Hargreaves and her team.
Internet Watch Foundation (IWF) hunts down child sexual abuse images online and helps identify children involved so that law enforcement can intervene. While the recent pandemic has triggered greater numbers of child abuse images, CEO Susie Hargreaves and her team are fighting back with a new piece of tech.
COVID-19 has fuelled a disturbing increase in child sex abuse material online. Our latest Defenders of Digital series begins by introducing Susie Hargreaves’s team at Internet Watch Foundation (IWF) and explores their mission to make children safer. It also looks at how the pandemic has moved the goalposts and the new tech making a difference.
Formed in 1996 in response to a fast-growing number of online child abuse cases, IWF’s 155 members include tech’s biggest names, such as Microsoft and Google. They’re united by the common goal to rid the internet of child sexual abuse images and videos.
The pandemic has made the issue of online child sexual abuse material more acute. During lockdown in the UK alone, IWF says 300,000 people were looking at online child sexual abuse images at any one time. What’s worse, the material is always changing.
IWF has recently seen a worrying rise in self-generated sexual abuse material, chiefly among girls age 11 to 13. The victim is groomed or coerced into photographing or filming themselves, which the sexual predator captures and distributes online. In the past year alone, the proportion of online content they’re removing that is self-generated has risen from 33 to 40 percent.
There are encouraging developments helping IWF with their work. Microsoft’s PhotoDNA analyzes known child exploitation images, finds copies elsewhere on the internet, and reports them for removal. It helped IWF remove 132,700 web pages showing child sexual abuse images in 2019. How does it work?
First, PhotoDNA creates a unique digital fingerprint of a known child abuse image, called a ‘hash.’ It compares that fingerprint against other hashes across the internet to find copies. It reports copies it finds to the site’s host. It’s a fast and ingenious way to shut down child exploitation.
Internet users who have stumbled across suspected child abuse images and reported them to IWF have been instrumental in starting a process that’s led to many children in abusive situations receiving help. If you see an image or video you think may show child sexual exploitation, report it anonymously to IWF.
Want to learn how to better protect your kids when they’re online? A free training course, based on the Skill Cup mobile app and developed with Kaspersky, is now available for parents to understand the challenges children face today.
Explore the course to better protect your kids online.
This NGO believes an online privacy utopia is worth fighting for
Algorithms are everywhere, but they are trained based on the beliefs of their developer. In episode two of our second season of Defenders of Digital, we learn about Homo Digitalis‘ work to expose algorithm bias that impedes digital rights for millions. The first corporate they catch might surprise you.
Algorithms can improve our experience online. But one not-for-profit is going beyond the code for the greater good. Founded in 2018, Homo Digitalis has over 100 members. They promote transparency in algorithmic programming and safeguards against discrimination by algorithm.
Because programmers – as humans – have biases, algorithms learn from those biases. When we hand power over to the algorithm, it may erode digital rights and impinge freedom of expression without us knowing.
Homo Digitalis has already called out one tech giant for their moderation process. It could have impacted millions. Who was it? Find out in Defenders of Digital season two, episode two.
Just Like In Person by @Cinematograaf
If you could stop a devastating cyberattack, would you think about yourself first, or just act? This is the uncensored story of the WannaCry ransomware attack, how Marcus Hutchins went from cyber celebrity to wanted cyber criminal overnight and where he is now.
“I was shaking, I think I sweated through my T-shirt and blazer. I did not know how to feel – it just felt like everything was coming to an end, but not in a good way…”
For Marcus Hutchins, a dream that turned into a nightmare ended in July 2019 with a compassionate sentence by a Milwaukee judge. “I just got out of my court hearing for the sentencing. I wasn’t sure how it would go down. I was very, very nervous,” he told us after leaving the courtroom. “But the judge took a broad view of the entire circumstances. He weighed up my past work helping security. He ended up ruling ‘time served,’ which was a big surprise to me. But it does make sense, when you weigh in that I’ve been forced to stay in a foreign country for two years.”
Marcus’s story starts with what strangely became his downfall – stopping a catastrophic ransomware attack called WannaCry.
Hutchins became an overnight cybersecurity celebrity in 2017. “I came back from lunch, saw all the news about something targeting the NHS and decided to dig a little deeper, which was when I noticed an unregistered domain inside the code.” He registered the domain and the infection count went down. He had found the ‘kill switch’ for the WannaCry epidemic.
It changed his life. He became a hero, then fell to zero a few weeks later. “I woke up to see my face over a two-page spread of the Daily Mail. Media had posted my address in the paper, which meant the bad guys I am fighting know where I live.”
After saving the world from the worst ransomware attack in history, Hutchins became a cyber hero. The pinnacle of his fame was global hacker conference Defcon 2017. Marcus had become a demi-god among cyber researchers, journalists and the public before the event. After a week in the Las Vegas sun, partying and rubbing shoulders with the industry’s biggest names, everything would come crashing down.
That week, Marcus Hutchins had shared a mansion with his friends – think huge pool, all-night parties and legal marijuana. Allegedly, while picking up a McDonalds delivery outside the mansion one morning, he noticed an unmarked FBI vehicle.
At the airport, his suspicions were confirmed, “I am completely exhausted. I have no idea what’s going on and I’m just relaxing waiting for my flight. And a man and two other people in uniform approached me and asked, “Are you Marcus Hutchins?” I said yes, and they asked me to come with them. It turned out the guy was an FBI agent and that’s when they arrested me.”
At this point, Hutchins is in a sleep-deprived state of shock. Things aren’t looking good. The FBI showed a warrant for his arrest on conspiracy to commit computer fraud and abuse. It wasn’t for his role in WannaCry, but for a cyber ghost from his past: malware called Kronos, created on the sunny shores of Devon, UK, was of critical importance to the FBI.
When the world got hold of Hutchins’ arrest, social media was awash with support and slander. One cybersecurity researcher suggested Hutchins created WannaCry himself only to stop it as it spiraled out of control. But as supporters who raised the alarm on the FBI’s treatment of Hutchins, Twitter bulged with support for Marcus’ character.
Eventually, Hutchins was bailed to a halfway house with a curfew and GPS monitoring. The Twitter community again came to his aid and two lawyers took Hutchins’ case for free. They were able to overturn the curfew and GPS monitoring.
The FBI said if Hutchins called out other hackers he knew of, they’d let him off. On principle, Marcus opposed snitching. Instead, he set his sights on a criminal trial. Hutchins’ cybersecurity background, diligence and good heart played in his favor when the day came.
Much to Hutchins’ surprise, the judge ruled his hero status could almost warrant a full pardon, but that was out of the question. Rather than a 10-year prison sentence and a 500,000 US dollar fine, Marcus stepped out of the courtroom with one year supervised release.
Wait, what? After months of anxiety, Marcus was a free-ish man. The judge smiled on him that day, understanding Hutchins had already served a type of sentence being kept in the US without the right to go home.
Hutchins has retreated from the public spotlight for now. Keep an eye on his Twitter, @MalwareTechBlog, for updates on what he’ll do next. From a recent interview in WIRED, it sounds like a return to his childhood love, surfing:
“Someday, I’d like to be able to live in a house by the ocean like this, where I can look out the window and if the waves are good, go right out and surf.”
There’s much more to Marcus Hutchins’ story, in his own words. The cybersecurity hero who stopped WannaCry turned cybercrime defendant speaks in our exclusive documentary.
Explore more of history’s craziest and most mysterious cybercrime with our hacker:HUNTER series.
Show Less
Topic:
Loading more articles