Categories
Security

Winning the war on ransomware

In the past 10 years, ransomware has become inescapable. All kinds of institutions have been targeted, from the schools children go to, to fuel and medical infrastructure. A report from the US Treasury estimates there were over half a billion dollars in ransomware payouts in the first half of 2021 alone. Law enforcement has struggled to get a handle on the situation, with many groups operating for years with no apparent fear of repercussions.

This year, federal law enforcement decided to try something new. In April, the Department of Justice created the Ransomware and Digital Extortion Task Force in a move to prioritize the “disruption, investigation, and prosecution of ransomware and digital extortion activity.” The task force is supposed to help share information between DOJ departments, as well as work with outside and foreign agencies. In the months since, it’s made some impressive prosecutions, but they’re just a sliver of the overall — and the bigger picture remains maddeningly unclear.

One of the first publicized wins for the group came in June, when the Department of Justice said the group was handling the case of an individual alleged to be partially responsible for the malware suite known as Trickbot, which could help expose a system to a ransomware attack. Days after that announcement came an even bigger win: the DOJ announced it had seized back $2.3 million of the $4.4 million ransom paid by oil company Colonial Pipeline, and that the task force had coordinated the efforts. Then, in October, its biggest win yet — the arrests of a few alleged members of REvil, a hacking group, by European police forces, and the seizure of over $6 million in funds the department says were linked to ransomware payments.

Still, the sheer volume of attacks means a handful of prosecutions is unlikely to make a difference. Prosecutors need the threat of law enforcement action to scare criminals away from ransomware — and some experts say the scheme is still too lucrative for criminals to give up.

Hackers “prefer to take the risk instead of leaving this lucrative malicious activity behind,” according to Dmitry Bestuzhev, a researcher at cybersecurity company Kaspersky. “So what they try to do is to learn from others’ mistakes and improve their opsec, but there is no evidence they feel intimidated and want to quit.” Bestuzhev says they’ll continue to re-form groups, even as the government works to shut them down — “even with the successful arrest we have recently witnessed, many ransomware groups are just here to stay.”

But not everyone agrees with Bestuzhev. John Fokker, the head of cyber investigations for McAfee Enterprise Advanced Threat Research, is more optimistic that the task force is starting to change the outlook for criminals. For years ransomware “had been relatively untouched,” not getting too much attention from governments, Fokker told The Verge. Now that the task force was starting to crack down, he says, “what used to be a safe space isn’t a safe space anymore. There’s beginning to be an atmosphere of distrust.”

The attention from the task force has also been affecting ransomware groups’ ability to advertise to potential customers, the ones who often use their malware to infect targets. In a blog, Fokker discussed how cybercrime forums have become hesitant to play host to ransomware operators, banning them from advertising in the wake of the Colonial Pipeline attacks. Forum administrators, when they offered an explanation for the decision, said that ransomware was attracting a lot of unwanted attention — as one admin put it, according to The Record, the word “ransom” was now associated with “unpleasant phenomena — geopolitics, extortion, government hacking.” Another forum had a cheekier explanation for why it was banning posts about ransomware: “if it ran somewhere, then you should probably go catch it?”

The ability to advertise on forums cut off the groups’ easy access to customers, made it harder for ransomware creators to get in touch with the affiliates making them billions of dollars, and made the contact that does happen riskier on both sides. Transferring money or giving demos becomes harder when there’s not a (somewhat) trusted third-party platform to help mediate. That, along with bounties for up to $10 million, has started to create “little cracks in the model,” says Fokker. He even mentioned an instance where an affiliate, angry with what they considered to be a meager payout, posted a ransomware group’s entire playbook. “That kind of environment hurts business,” he says.

The task force has also been helping the people on the other side of ransomware: the companies and organizations that are targeted by it. Government agencies have been working together to keep industries informed about what actions they’ve taken against ransomware operators, and to issue guidance to help keep companies safe. ”The Department of Commerce, Department of Treasury, State, Homeland Security, and Defense, all of them have taken a very clear, concrete action on ransomware actors to disrupt and each of them have their own press release and their own guidance,” says Vishaal Hariprasad, CEO of cyber-focused insurance company Resilience.

When asked to grade the government’s actions, he says, “I would actually give the government an A for what they’ve done in the past 90 days. I think it’s been pretty incredible to see that we’re actually taking action, we’re taking the fight to the bad guys with disruption, with arrests, with warrants, sanctions, the $10 million bounty for any information.”

Hariprasad says while the government had carried out similar actions in years prior, the publicity was a boon to victims. “I think the task force has helped coordinate it, but coordinating in the back end where nobody can see isn’t valuable. It doesn’t have the motivating psychological impact unless you can talk about it … the government’s always been doing things, it’s just never been able to publicly talk about it in a clear and concise, coordinated way.”

Still others are optimistic that the task force can have an impact if it keeps up its legal actions. “As long as there is a sustained effort against these somewhat decentralized and shifting crime gangs; this isn’t just ‘whack-a-mole,’” says Kurt Baumgartner, principal security researcher at Kaspersky, echoing Fokker’s optimism. “While we are seeing the resurrection of certain parts of the ransomware-as-a-service chain in response,” Baumgartner thinks the “coordinated anti-ransomware efforts are just the start. It is great to see evidence of some ransom payments clawed back, decryption keys obtained, communications infiltrated, successful multi-national law enforcement efforts.”

In particular, Hariprasad thinks massively disruptive attacks could become less frequent. “I think you’ll still have the one or two major coordinated campaigns that will be very sophisticated,” he says. “But as they get a lot of attention and people start focusing on them, you’ll see that happen less, and the younger or the less sophisticated operators will continue to get back to the lower end of the ransoms and just kind of go for quantity over quality.” Better to collect a few $50,000 ransoms without making headlines, the thinking goes, than to bag $40 million and have law enforcement kicking down your door.

It’s hard to say which of the task force’s tactics will end up having the greatest effect, and there’s always the possibility that things get worse before they get better. If ransomware operators wind up desperate, they could end up going after a massive target, in a Hollywood-style “one last job” scenario. Ransomware could also become a more manageable annoyance, as hackers look for the next big cash cow, one that the world’s governments aren’t paying as much attention to. Or attackers could get creative and start developing entirely new ways to make trouble.

Cybersecurity is always a cat-and-mouse game, and the incentives to hack big companies won’t be going away — but as Hariprasad told me, “a big part of deterrence is making sure they understand that there are repercussions to their actions and that the government is actively doing something.” On that point, at least, governments seem to be making progress.

Repost: Original Source and Author Link

Categories
Computing

Winning Olympians Enjoy a Zoom Moment Straight After Victory

The 2020 Tokyo Olympics and Paralympics are well and truly underway, albeit a year late. The delay was of course down to the ongoing coronavirus pandemic, with Japan currently grappling with a fifth wave of infections.

Despite the latest surge, it appears as if the show will go on, with the Olympic organizers’ anti-infection measures set to stay firmly in place. These include keeping athletes’ teams as small as possible, with friends and family asked to stay in their home countries instead of traveling to the host nation to offer their support in person.

Hoping to ease the disappointment of separation, Athlete365, an International Olympic Committee initiative set up by athletes to support one another, created Athlete Moment.

Athlete365

Athlete Moment lets winning athletes at select Olympic events speak to loved ones via a Zoom-like call just seconds after their victory and also after the medal ceremony. You may have already seen it in action at the Tokyo Aquatics Center, which is hosting the Games’ swimming events, though 15 other sports are also involved, including athletics, basketball, BMX racing, and several gymnastics events.

We know how important the support of your loved ones is. ????

Athlete Moment gives you the opportunity to virtually connect with your friends and family following your final competition in Tokyo.

This is your moment. ????
Apply now ???? https://t.co/s7IqreIheJ pic.twitter.com/rDQUtkMh43

— Athlete365 (@Athlete365) July 7, 2021

“The Athlete Moment will bring together you, your families, and friends in a virtual hug that will reach around the world,” Athlete365 says on the webpage where competitors can sign up to the feature.

Once they do so, they’ll receive a link to share with up to five individuals or small groups. If the athlete wins their competition, the link will go live and they’ll be able to briefly chat with loved ones via a large display placed inside the venue.

Of course, athletes can easily jump on their smartphones and fire up a video call later on, but Athlete Moment offers winners a chance for a quick exchange just moments after a race or contest finishes.

In a video promoting the feature, Athlete365 says, “The whole experience lasts for a little over a minute, but the memories will last for a lifetime.”

For more Tokyo 2020 content, check out this stunning Omega commercial promoting the Games.

Editors’ Choice




Repost: Original Source and Author Link

Categories
Tech News

Google Pixel 3 XL review: Winning the game by rewriting the rules

After spending nearly a week with the Pixel 3 XL, my three first impressions of Google’s newest handset haven’t changed: It’s the fastest Android phone I’ve ever used. The cameras are awesome. The notch is an eyesore.

Thankfully, the first two qualities make up for the third. Mostly. If the Pixel 3 XL didn’t have such an ostentatious notch, it would still be an ugly phone, but after a couple days I wouldn’t have cared anymore. Six days later, the notch is still the first thing my eyes go to every time I unlock my phone. It would be one thing if there was some next-generation camera or sensor that demanded such a large notch. But as it stands, there appears to be a lot of unnecessary space around the twin cameras, ambient light sensor, and speaker that live inside it.

pixel 3 xl notch Christopher Hebert/IDG

You’ll find two front cameras and a speaker in the notch. It sure looks like these components have excessive breathing room.

But I don’t want to waste too many words debating the merits of the Pixel 3 XL’s notch. Google has already signaled that it will be adding a way to black it out via software—which may or may not improve things—and it basically comes down to preference. If you can deal with it, get the Pixel 3 XL. If not, get the notchless Pixel 3. It’s that simple.

Because otherwise, the Pixel 3 is more than just another great Android phone. It’s the emergence of the Pixel as a bona fide smartphone platform. There are features of other phones that may be better—the Galaxy S9’s design, the Huawei P20’s camera hardware, the Note 9’s battery—but no single Android phone can top the end-to-end performance that the Google delivers with the Pixel 3.

A nice back, a great screen

The back of the Pixel has always looked better than the front, but that stark juxtaposition is amplified to an absurd level on the Pixel 3. The all-glass back of Google’s new phone is one of the nicest I’ve ever used, even in Google’s relatively pedestrian assortment of colors.

pixel 3 xl button Christopher Hebert/IDG

The green poewr button is the Pixel 3’s most distinctive design feature—other than the notch.

The new Pixel doesn’t need the reception-friendly glass window anymore, but the Pixel 3 nonetheless retains the trademark two-tone look of its predecessors. The corners of the square are now curved to match the phone’s shape, giving the design a natural flow it didn’t have before.

To mimic the aluminum look and feel of the first two Pixels, the bottom of the Pixel 3 XL is made of frosted glass, and it’s difficult to describe how luxurious it feels. Back when it created the iPhone 7’s “jet black” color, Apple developed a new manufacturing process that gave the aluminum a glass-like feel. Google’s frosted glass has the opposite effect: It makes the Pixel’s glass back feel like smooth aluminum. The result is a texture that’s less slippery and fingerprint-prone than most other glass phones. I’ve picked up a couple of scratches during my first case-less week with it, but they generally wiped off and aren’t nearly as noticeable as they are on other all-glass phones.

The sides of the Pixel 3 are aluminum to match the back color, with the non-black models once again featuring a colored power button to break up the monotony. And of course, there’s no headphone jack, though Google is finally bundling a pair of Google Assistant and Translate-capable USB-C Pixel Buds in the box.

Repost: Original Source and Author Link

Categories
Game

It’s a PS5 restock war and the scalpers and bots are winning

As the PlayStation 5 and Xbox Series X continue to sell out immediately – seemingly the moment new stock is listed – there’s a lot of concern from regular consumers that scalpers are beating everyone to the punch. When it comes to the latest PS5 restock from UK retailer Argos, that seems to quite literally be the case, as a group of organized scalpers were able to take advantage of a loophole to buy up stock before Argos intended to open sales to the general public.

Initially reported by IGN after speaking to anonymous sources familiar with the matter and later confirmed by Argos itself, these scalpers – who organized using a paid Discord server – were able to buy up a number of PlayStation 5 consoles on January 25, a day before they were slated to go on sale at Argos. Some of those scalpers have even taken to social media sites to boast about their hauls.

Argos was apparently able to stop some of the early sales, but the company did confirm in a statement to IGN that there was a technical issue that allowed some people to buy up PS5 stock ahead of time. The company said that it “identified a technical issue which allowed a small proportion of customers to place orders early,” before stating the obvious and noting that these consoles are hotly in-demand.

“It’s clear our customers are excited for the new PlayStation. We released a small amount of additional stock and have seen huge numbers of customers trying to place their orders with us and we have now sold out,” the retailer said. It’s bad enough to have to contend with scalpers and bots when the playing field is otherwise even, but if there are organized groups out there who are looking for loopholes they can take advantage of, it’s pretty easy to feel extremely disadvantaged as a regular consumer just looking to land one next-gen console.

Stock issues for both the Xbox Series X and PlayStation 5 have been constant since the consoles released in November. With demand as high as it is, these stock problems aren’t likely to be solved anytime soon. Those of you looking for tips on securing a console can check out our buying guide for more information, but unfortunately, we don’t have any tips on beating groups of organized scalpers taking advantage of a retailer’s technical problems.

Repost: Original Source and Author Link

Categories
Tech News

OnePlus 8T review in progress: Return to a winning formula

The OnePlus 8T couldn’t have come at a better time. When OnePlus launched the OnePlus 8 and 8 Pro earlier this year, they were the company’s most expensive phones ever, and they came amidst a premium smartphone slump fueled by economic uncertainty and a global pandemic. In short, people needed the Samsung Galaxy A71 but got the Samsung Galaxy S20 Ultra.

With the 8T, OnePlus has returned to its roots. At $750 from OnePlus, not only is it $50 cheaper than a comparably specced OnePlus 8, but it also brings the kind of high-end features and innovations that fans expect without cutting too many corners. You’re still not getting wireless charging, which is almost a running gag for OnePlus at this point, but you are getting stupendous 65W Warp charging out of the box. 

While you’re missing out on a few other “pro” features like a curved Quad HD display and the newer Snapdragon 865+ processor, nothing about the OnePlus 8T feels inferior to phones costing upward of $1,200. Stacked up against the $700 Galaxy S20 FE and $799 iPhone 12, the OnePlus 8T is once again a true competitor.

Editor’s note: We’re still testing the OnePlus 8T and will update this review accordingly.

This story is part of our ongoing roundup of the best Android phones. Go there for information on competing products and how we tested them.

A beautiful design all around

Like every other phone in 2020, the OnePlus 8T doesn’t reinvent the wheel. It has a 6.55-inch display with a hole-punch camera and rounded corners, and a glass back that isn’t too glossy or slippery. It feels good in my hand and pocket, and likely hits the sweet spot for most people looking for a larger-screen phone.

oneplus 8t buttons Michael Simon/IDG

The OnePlus 8T keeps the excellent alert slider.

OnePlus sent me the Aquamarine Green colorway, and I was instantly smitten. Like a chameleon, it changes between green and blue based on the lighting, and the color-matched sides create a nice contrast with the display. The camera array on the back is derivative of the flagship Galaxy phones and thus loses some of OnePlus uniqueness—particularly compared to the circular array on the 7T—but the 8T definitely ranks as one of the nicest phones OnePlus has ever made.

The niceness continues to the front as well. While at first glance the 8T has the same overall look as the 8 and 8 Pro, with a left-aligned hole-punch camera and slim bezels, a closer inspection will reveal that the bezels are more balanced. It’s a small thing, but OnePlus’s use of a bendable chip-on-panel OLED allows the top and bottom bezels to be symmetrical, which makes a subtle but meaningful difference.

It’s not quite as uniform as the iPhone 11, but it’s very close, and it’s an engineering feat that portends great things for the OnePlus 9. The OnePlus 8T is one of the few Android phones that feels like it was designed inside and out with a purpose, rather than assembled using pieces that somehow had to fit.

Repost: Original Source and Author Link

Categories
Tech News

Winning the web means winning Google searches. This $29 SEO training can get it done

TLDR: The Pro Google SEO and SERP Certification Bundle can turn you into an SEO expert with tips and tactics for putting your brand at the top of those valuable Google search results.

If you have any responsibility for a brand or play any role in marketing, then you know about search engine optimization (SEO). And you probably know that deft use of SEO practices can draw a straight line from you and your product to heightened web exposure and higher sales.

Google drives over 2.5 trillion web searches a year and controls over 86 percent of the search engine market. And the top ranked item in any Google search gets clicked almost a third of the time. But how do you know which of the more than 200 factors Google algorithms use to rank sites and site content are the most important for you and your brand?

The training in The Pro Google SEO and SERP Certification Bundle ($29, over 90 percent off, from TNW Deals) is a great place to start, including an overview of all the key elements that can push a brand and a business to the top of a customer’s search results.

From these 10 courses, students can build their own road map to search success, incorporating all the most proven tactics for crafting content that gets attention and establishes brand leadership on the web.

The first half of this collection dives right into the belly of the beast, covering the basics of search engine rankings and what they mean. Between the Perfect On-Page SEO In 1 Day That Users and Google Will Love, and Advanced SEO Keyword Research courses, learners get all the insight on how to make content more search-friendly as well as how to determine the keywords that can be the bread and butter for ranking success.

Meanwhile, other courses explore how to dominate an entire Google search page, how to create backlinks that boost your content’s profile, what a locally-based small business needs to do to find traction on the global web, and how even the right images can play a big role in search rankings.

The rest of this bundle leans more heavily into applying sound marketing tactics alongside your SEO efforts. If you’d love to see 1,000,000 visitors to your site (and who wouldn’t), the Marketing Strategies to Reach 1,000,000 People can put that goal right in your crosshairs.

Budding marketers also get tips for scoring big with Google Shopping ads and even how to apply SEO as a third-party Amazon seller.

The entire Pro Google SEO and SERP Certification Bundle usually would cost $2,000, but with the current offer, it’s available now for a fraction of that price, just $29 before the deal runs out.

Prices are subject to change.

Repost: Original Source and Author Link