Posts tagged " Google "

Four ways to avoid being a victim of Russian cyberwarfare

January 22nd, 2018 Posted by News No Comment yet

Russian cyberwarfare is the new threat to the nation, according to Nick Carter, the head of the British army, which means that the new frontline is, well, you. So it’s now more than just simple self-care to be smart about your online security – it’s your patriotic duty.

Update your devices – and upgrade the ones you can’t

Some of the most damaging cyber-attacks in recent years haven’t come through elite hackers crafting one-of-a-kind viruses to break into secure government devices, but from exploiting the old and out-of-date hardware that normal people use every day.

Take the Mirai botnet: a swarm of millions of hacked devices, it was used to overload servers by bombarding them with traffic requests. But the basic elements of the botnet were simple, cheap, “internet of things” devices such as security cameras or smart lightbulbs, which had glaring security flaws that no one ever bothered to fix.

Don’t be a John Podesta

“Fancy Bear” is the organisation behind the hacking of Hillary Clinton’s campaign chairman, John Podesta. He fell prey to a phishing campaign, well-executed but simplistic, that allowed the attackers to download – and leak – every email he had sent or received.

At its heart, the hack used a fake warning from Google, asking Podesta to click a link and log in to respond to a security alert. After an aide mistakenly told him the link looked legitimate (he meant to type “illegitimate”), he did – but the link didn’t go to Google, and so he ended up sharing his username and password with the attackers.

The easy-to-say, hard-to-do advice is “always make sure links are from who they say they are”. A more useful recommendation may be to join the 10% who have “two-factor authentication” turned on their email.

Avoid paying the ransom

The WannaCry ransomware attack has been credibly linked to North Korea, which has apparently been stepping up its use of cybercrime as a method of fundraising – a technological improvement from recent history, when the nation was one of the largest forgers of US currency.

Keeping a backup of your critical data is a good idea anyway (who knows when a stray cup of coffee will fry your treasured photos?), but it is twice as useful if you can avoid paying a bitcoin ransom to a pariah state.

Think twice before retweeting and sharing

According to new figures from Twitter, more than 50,000 accounts on the site were created for the express purpose of spreading Russian misinformation during the US election. Of course, the point of the misinformation accounts was to blend in with conventional US political activists, so … maybe just log off altogether?

Thanks to Alex Hern at The Guardian for this article.

Ransomeware ‘here to stay’, warns Google study

August 22nd, 2017 Posted by Latest News, Subjects, Tech Talk No Comment yet

Cyber-thieves have made at least $25m (£19m) from ransomware in the last two years, suggests research by Google.

The search giant created thousands of virtual victims of ransomware to expose the payment ecosystem surrounding the malware type.

Most of the money was made in 2016 as gangs realised how lucrative it was, revealed a talk at Black Hat.

Two types of ransomware made most of the money, it said, but other variants are starting to emerge.

Track and trace

“It’s become a very, very profitable market and is here to stay,” said Elie Bursztein from Google who, along with colleagues Kylie McRoberts and Luca Invernizzi, carried out the research.

Ransomware is malicious software that infects a machine and then encrypts or scrambles files so they can no longer be used or read. The files are only decrypted when a victim pays a ransom. Payments typically have to be made using the Bitcoin virtual currency.

Mr Bursztein said Google used several different methods to work out how much cash was flowing towards ransomware creators. As well as drawing on reports from people who had paid a ransom, it sought out the files used to infect machines and then ran those on lots of virtual machines to generate “synthetic victims”. It then monitored the network traffic generated by these victims to work out to where money would be transferred. The data gathered in this stage was also used to find more variants of ransomware and the 300,000 files it found broke down into 34 of them.

The most popular strains were the Locky and Cerber families.

Payment analysis of the Bitcoin blockchain, which logs all transactions made using the e-currency, revealed that those two strains also made the most money over the last year, with Locky collecting about $7.8m (£5.9m) and Cerber $6.9m (£5.2m).

The research project also revealed where the cash flowed and accumulated in the Bitcoin network and where it was converted back into cash. More than 95% of Bitcoin payments for ransomware were cashed out via Russia’s BTC-e exchange, found Google.

On 26 July, one of the founders of BTC-e, Alexander Vinnik, was arrested by Greek police on money laundering charges. The police were acting on a US warrant and his extradition to America is being sought.

The gangs behind the ransomware explosion were not likely to stop soon, said Mr Bursztein, although established strains are facing competition from newer ones.

“Ransomware is a fast-moving market,” he said. “There’s aggressive competition coming from variants such as SamSam and Spora.”

Novel variants were expanding quickly and many were encouraging fast expansion by paying affiliates more if they placed the malware on to large numbers of machines. The ransomware as a service model was already proving popular, he warned.

“It’s no longer a game reserved for tech-savvy criminals,” he said. “It’s for almost anyone.”

Microcomms can help you with cyber security protection. Please contact us for advice and information.

 

Google Lens – change the way you use your phone

May 18th, 2017 Posted by News No Comment yet

Google just launched its new Google Lens camera app at Google IO.  There are two features in particular that have really captured my attention – and they’re going to change the way we use our phones and snap pictures.

Auto recognise router details

Auto recognise router details

First up is the ability to auto-recognise the Wi-Fi login details on your router (or more likely, a friend or family member’s router) and connect you to the network without you having to do anything more than point your phone’s camera at the sticker.

It may not sound like a life-changing feature, but it’s one that will likely save all of us a lot of time and hassle.

Of course, it may mean visitors to your home will start hunting round your house to find your router, and then man-handle it to snap the details off the back – but it’s better than having to recite a random string of letters and numbers every time someone shows up.

Edit features from photos

At Google IO, the audience shown a picture of a girl playing baseball from behind the safety of the chain-link fence. It’s a nice photo, but the fence does get in the way.

Google says Lens will be able to remove the fence, and seamlessly fill in the spaces it leaves. It sounds almost impossible, but apparently it works.

Identify photo subjects

google-lens-keynote-4

If this feature works, it will be truly incredible. Google claim that you’ll be able to use your phone to identify subjects and be given information. Lens is essentially image search in reverse: you take a picture, Google figures out what’s in it.

This AI-powered computer vision has been around for some time, but Lens takes it much further. If you take a photo of a restaurant, Lens can do more than just say “it’s a restaurant,” which you know, or “it’s called Golden Corral,” which you also know. It can automatically find you the hours, or call up the menu, or see if there’s a table open tonight. If you take a picture of a flower, rather than getting unneeded confirmation of its flower-ness, you’ll learn that it’s an Elatior Begonia, and that it really needs indirect, bright light to survive. It’s a full-fledged search engine, starting with your camera instead of a text box.

We can’t wait!

Google Docs users hit with sophisticated phishing attack in their inboxes

May 5th, 2017 Posted by Uncategorized No Comment yet

A Google Docs scam that appears to be widespread began landing in users’ inboxes on Wednesday in what seemed to be a sophisticated phishing or malware attack. The deceptive invitation to edit a Google Doc – the popular app used for writing and sharing files – appeared to be spreading rapidly, with a subject line stating a contact “has shared a document on Google Docs with you”. If users click the “Open in Docs” button in the email, it takes them to a legitimate Google sign-in screen that asks to “continue in Google Docs”.

Clicking on that link grants permission to a bogus third-party app to possibly access contacts and email, which could allow the spam to spread to additional contacts.

Google has said it is aware of the issue and investigating it. The company encouraged users to report the email as phishing within Gmail.

“We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts,” a spokesperson said in a statement. “We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again.”

The company did not immediately respond to requests for comment on how many people had been affected by the attack and where it may have originated.

Web

Phishing scams typically involve emails, ads or websites that appear to be real and ask for personal information, such as usernames, passwords, social security numbers, bank account data or birthdays. Google says it does not send out emails asking for this type of data and encourages users not to click on any links and to report suspicious messages.

As the Verge noted, Wednesday’s attack seemed to be more advanced than standard email phishing scams, because it doesn’t simply take users to a bogus Google page to collect a password, but instead is working within Google’s system with a third-party web app that has a deceptive name.

If users have already granted permission through the phishing email, they can go to their settings and revoke the app.

Balloon Masts

EE Shows off helium balloon mobile masts

February 22nd, 2017 Posted by Uncategorized No Comment yet

Mobile phone provider EE has demonstrated helium balloons and drones that could provide 4G mobile coverage following damage to existing infrastructure.

The devices are fitted with small mobile sites that include a base station and an antenna.

They could also be used to connect remote parts of the UK where coverage is thin.

EE said it planned to deploy such a network in a UK rural area this year.

BBC Drone Explanation

BBC Drone Explanation

The drones can stay airborne for up to an hour at a time and the “helikite” balloons for several weeks as they have a tethered power source.

The drone was designed to give short-term targeted coverage to aid search and rescue situations, EE said.

Innovation is essential for us to go further than we’ve ever gone, and deliver a network that’s more reliable than ever before,” said EE chief executive Marc Allera.

“Rural parts of the UK provide more challenges to mobile coverage than anywhere else, so we have to work harder there – developing these technologies will ultimately help our customers, even in the most hard to reach areas.”

It was the first time this had been tried out in the UK, said Kester Mann, analyst at CCS Insight.

Everyone immediately thinks of disruptive players like Facebook and Google when it come to things like balloon-based networks. The traditional networks need to step up so they don’t get left behind,” he told the BBC.

Google is developing a network of huge balloons to provide connectivity to rural areas around the world, known as Project Loon.

Last month the tech giant confirmed it had closed its internet drone project, Titan, which was designed to bring the internet to remote rural areas.

Facebook’s Project Aquila involves building solar-powered aircraft which will fly for months at a time above remote places, beaming down an internet connection.

 

Article first published on the BBC Technology pages 21st Feb 2017