Energy Sector Attacked by Malware

Malware is a plague on our personal security. Today yet another malware security threat has arrived from the energy sector.

The program, named Trojan.Laziok by researchers from antivirus vendor Symantec, was used in spear-phishing attacks earlier this year against companies from the petroleum, gas and helium industries.

The attacks targeted companies from many countries in the Middle East, but also from the U.S., India, the U.K., and others.

The Trojan is spread via emails with malicious documents that exploit a Microsoft Office vulnerability for which a patch has existed since April 2012.

“If the user opens the email attachment, which is typically an Excel file, then the exploit code is executed,” the Symantec researchers said Monday in a blog post. “If the exploit succeeds, it drops Trojan.Laziok, kicking off the infection process.”

Trojan.Laziok is mainly used to determine if a compromised system is worth further attention from the attackers. It collects information like the computer’s name, RAM size, hard disk size, GPU and CPU type, as well as a list of installed software, including running antivirus programs.

The information is sent back to the attackers, who then decide if they want to deploy additional malware that can provide them with remote access to the infected system. For this second stage of attack they use customized versions of Backdoor.Cyberat and Trojan.Zbot, two well known malware threats.

“The group behind the attack does not seem to be particularly advanced, as they exploited an old vulnerability and used their attack to distribute well-known threats that are available in the underground market,” the Symantec researchers said. “However, many people still fail to apply patches for vulnerabilities that are several years old, leaving themselves open to attacks of this kind.”

What is concerning to many is that energy sector companies have been attacked so often by malware. “Of the total number of incidents reported to ICS-CERT, roughly 55 percent involved advanced persistent threats (APT) or sophisticated actors,” the organization said. “Other actor types included hacktivists, insider threats, and criminals.”

British Airways Customer Database Hacked

Yes another security breach has been exposed, this time it is British Airways.

Reports have surfaced that during the last few days, a large number of British Airways customers have found that reward points they had accumulated for flights, called Avios, have disappeared from their accounts. Meanwhile others have been locked out of their accounts completely.

As has become typical of these types of security breaches BA has been giving out “contradictory” information at times.

It seems that this security breach is the result of hackers gaining access to a large number of accounts.

A user posted an email message he received from British Airways’s Executive Club team saying that the company “has become aware of unauthorized activity” on his account. The Executive Club is the name of BA’s frequent flyer program.

“This appears to have been the result of a third party using information obtained elsewhere on the Internet, via an automated process, to try to gain access to your Executive Club account,” the email said. “We understand this was login information relating to a different online service which you may have also used to access your Executive Club account.”

It’s not unusual for hackers to try to access user accounts on multiple services once they obtain a large database of usernames and passwords from a hacked website. That’s because many users tend to use a single email address and password to log in on different online accounts, a practice that security experts have long advised against.

In the email posted online, the company said that despite hackers gaining access to accounts, it is unaware of any access to account information pages, flight history or payment card details.

Users who find themselves in this situation and want to use their Avios miles are advised to contact their local Executive Club service center to reactivate their accounts.

Protecting Yourself

As I have suggested many times you are foolish to trust big organizations and companies with your personal information. The best ways to protect yourself from security breaches like this one are to:

  • Invest in a Password Manager
  • Use a different password for each and every account you hold.
  • Use encrypted passwords

If you take these steps, you will be protected when companies like British Airways are hacked.

Amazon Offers Unlimited Cloud Storage

just wrote last week that the cloud is here to stay and it is benefiting everyone with lower cost and better services then ever before. To prove this point even more clearly, Amazon last week laid down another gauntlet.

Amazon is now offering unlimited cloud storage for individuals for $5 a month.

Amazon’s Unlimited Everything Plan allows users to store an infinite number of  photos, videos, files, documents, movies and music in its Cloud Drive.

The site also announced a separate $12 per year plan for unlimited photos. People who subscribe to Amazon Prime already get unlimited capacity for photos. Both the Unlimited Everything Plan and the Photos Plan have three-month free trial periods.

Online storage and file sharing service providers, such as Google Drive, Dropbox, and iCloud, have been engaged in a pricing war over the past year. Last fall, Dropbox dropped its Pro plan pricing for individuals to $9.99 per month for 1TB of capacity. Dropbox offers 2GB of capacity for free.

Dropbox also offers members 500MB of storage each time they get a friend to sign up; there’s a 16GB max on referrals, though. With Dropbox Pro, members can get 1GB instead of 500MB each time they refer someone.

Google Drive offers 15GB of capacity for free and charges $1.99 per month for 100GB and $9.99 per month for 1TB.

Apple’s iCloud offers 5GB of capacity for free, and charges 99 cents per month for 20GB, $3.99 per month for 200GB and $9.99 per month for 1TB.

Microsoft’s OneDrive offers 15GB of capacity for free, and charges $1.99 per month for 100GB, $3.99 per month for 200GB and $6.99 per month for 1TB.

While Amazon offers unlimited file size uploads for desktop users, it limits file sizes to 2GB for mobile devices.

Congress Continues to Act on Cyber Threat

he federal government is obviously – finally trying to at least address the growing cyber threat we all face. The U.S. Congress is working on several forms of legislation, the latest of which attempts to address the sharing of potential threat information.

The U.S. Congress is moving forward with legislation that would encourage private companies to share cyberthreat information with government agencies, despite concerns that two leading bills weaken consumer privacy protections.

The House of Representatives Intelligence Committee voted Thursday to approve the Protecting Cyber Networks Act (PCNA), just two days after the bill was introduced.

The House bill “is a cybersurveillance bill at least as much as it is a cybersecurity bill, and it is written so broadly that it could wind up making the Internet less safe,” Robyn Greene, policy counsel at the New America Foundation’s Open Technology Institute [OTI], said by email.

The PCNA requires government agencies to “automatically and indiscriminately” share information they receive with military and intelligence agencies, OTI said in a critique of the bill. The bill would allow other agencies to pass cyberthreat information to the FBI and the National Security Agency, where “it could be used in investigations that have absolutely nothing to do with cybersecurity,” Greene said.

While the PCNA limits what personal information businesses can share with government agencies, it does not actually require companies to remove all personal information, OTI added. In addition the bill authorizes companies to monitor all activities and communications of users as a way to identify threats, OTI said.

The House bill would “explicitly undermine every rule that is currently in place to protect Americans’ Internet privacy, and replaces them with dangerously weak protections,” Greene added. “It would massively increase companies’ monitoring of our online communications and activities, and give them a nearly blank check to share that information with the government.”
The bill came after several months of negotiations that included privacy groups, Schiff said through a spokesman. The committee addressed the main concerns raised by privacy groups, he added. The bill requires companies to remove personal information before sharing information with the government and limits the way government can use the data, he said.

The bill also does not authorize offensive countermeasures against attackers, he noted, even though that would be permitted in other information-sharing proposals.

“Protecting privacy was at the forefront during the process of crafting this bill, and I’m pleased by the progress we’ve made,” Schiff said.

Amazon’s New Photo Cloud Offer

If you still believe that the cloud is not relevant all you need to do is look at all, and I mean all of the big technology companies out there. Each and everyone is moving in that direction and many are actually using cloud services as a lure to attract consumers to their other services. What this means is that cloud storage is cheaper and better then ever before. Just this week Amazon has enhanced their cloud services and reduced cost in an effort to compete with Google and Microsoft.

So getting back to Amazon. Earlier Amazon had given a boost to its Prime members when it launched a free, unlimited photo storage for them on Cloud Drive. This week, the company announced it is expanding that service as a paid offering to cover other types of content, and to users outside of its loyalty program (non-Amazon Prime members).

Unlimited Cloud Storage will let users get either unlimited photo storage or “unlimited everything” — covering all kinds of media from videos and music through to PDF documents — respectively for $11.99 or $59.99 per year.

There is a free three month trial period for anyone interested in the service.

As I said at the start of this article the idea here is to tap into the average consumer who has started to reach a point with the amount of digital media he or she now owns and the struggle to organize, secure and store all of that data.

Comparing to Office 365 Home

I still believe Office 365 Home is a much better deal. For $99.99/year you get unlimited cloud storage with OneDrive (which you can also use for music and photos) in addition to the latest version of Microsoft Office on up to 5 computers/laptops and tablets.

USB 3.1 Arrives

There is a new USB standard about to arrive and it’s called USB 3.1. This new standard is set to reach desktops as hardware companies release motherboards with ports that can transfer data twice as fast as the previous 2.0 USB technology.

USB 3.1 is special because it can shuffle data between a host device and peripheral at 10Gbps, which is two times faster than USB 3.0. USB 3.1 is also generating excitement for the reversible Type-C cable, which is the same on both ends so users don’t have to worry about plug orientation.

Motherboards with USB 3.1 technology are being targeted at high-end desktops. Some enthusiasts like gamers seek the latest and greatest technologies and build desktops with motherboards sold by MSI, Asus and Gigabyte. Many of the new desktop motherboards announced have the Type-C port interface, which is also in recently announced laptops from Apple and Google.

PC makers are expected to start putting USB 3.1 ports in more laptops and desktops starting later this year.

The need for faster access to external storage could make the motherboards with USB 3.1 are very attractive to gamers especially.

Some storage peripherals with Type-C connectors are becoming available, but can not reach full USB 3.1 speeds yet. However, the data transfer speeds will continue to improve as controllers are refined.

USB 3.1 will surely be standard on all computers within the year. Faster is without better in this case.

YouTube Rumored to Launch Subscription Service

It is looking like YouTube will soon have a subscription option for its best original content. The service would more then likely offer ad-free streaming of certain video content that’s part of the program. The new subscription service would likely include videos from YouTube stars under the YouTube Originals banner.

youtube-ps4

This service will probably be similar to YouTube Music Key, which provides ad-free access to select music videos and free streaming from Google Play Music for an introductory price of $7.99 per month.

YouTube’s move into a subscription model can be seen as a response to pressure from competitors like Vimeo, Hulu, Vessel, and others. These video services are working to entice video creators and YouTube stars to host their videos on their sites in exchange for a more lucrative percentage of ad revenue. By introducing a paid subscription service, YouTube would not only be able to funnel more money to its content creators, but also bolster its bottom line. With all of it’s success YouTube has essentially been breaking even for ten years now.