Paul Wallbank – Brilliant Communications

Author: Paul Wallbank

  • Rampaging Ransomware

    Rampaging Ransomware

    A few years ago Ransomware was a joke, malware would install a screen that would demand a ransom be paid to ‘unlock’ the computer. It was easy to get around and almost trivial to remove.

    Then came Cryptolocker, a nasty piece of malware that would gleefully encrypt a victim’s hard drives, rendering them inaccessible unless a sizeable ransom was paid.

    Ransomware suddenly became serious.

    Cryptolocker eventually was unpicked with a cracking tool released and the ring’s alleged founder, Evgeniy Bogachev, now on the run from US authorities with a three million dollar reward for his arrest.

    A better class of ransomware

    Now the gangs running the ransomware scams are even more sophisticated and well resourced with Andrei Taflan of Romanian security company BitDefender describing how Bitcoin values are often tracking ransomware activity.

    “When we see Bitcoin values surging we watch for increased ransomware activity. Someone is buying Bitcoins to unlock their data,” Taflan told me last week in an underground bar appropriately called The Rabbit Hole.

    Taflan’s colleague Bogdan Botezatu describes how the ransomware problem is getting worse, not better, with Cryptowall patching the weaknesses that led to Bogachev’s downfall.

    One of the fascinating aspects of Cryptowall is that it’s polymorpic – it changes shape to elude traditional signature based anti-virus programs. The malware also creates unique Bitcoin wallets to make tracking transaction harder.

    Paying the ransom

    Many businesses being infected by Cryptowall and having data locked away by an industrial grade encryption program makes it a no brainer to pay the demands. It’s a profitable business.

    Faced this rather impressive piece of work, Botezatu raises a chilling prospect about ransomware in the Internet of Things; how long, he asks, will it take ransomware to target more sensitive devices we use, including cars and medical implants?

    Botezatu’s concern illustrate why security with the Internet of Things is absolutely essential if industry and the public are to have any confidence in connected devices.

    Similar posts:

    • No Related Posts
  • Locking down the firmware of the internet of things

    Locking down the firmware of the internet of things

    There’s a fundamental problem with smart devices warns Kim Zetter and Andy Greenberg in Wired magazine.

    In Why Firmware Is So Vulnerable to Hacking, and What Can Be Done About It, Zetter and Green look at the problem with the embedded software that is shipped with every computerised device from Personal Computers to smart sensors.

    The problem with firmware is that it’s difficult to check it’s not been changed, awkward to upgrade and complex to find, the Wired piece mentions how even the batteries in Apple laptops have vulnerable software embedded into their chips.

    As the smart devices become common in our homes, cars and workplaces suppliers will have to do more to secure their software.

    Similar posts:

    • No Related Posts
  • Why being a unicorn could be a bad thing

    Why being a unicorn could be a bad thing

    Andrew Wilkinson doesn’t want to be a unicorn. In Why I want to be In-N-Out Burger, not McDonalds, Wilkinson describes how he’d rather his business is a sleek racehorse rather than a beautiful, mythical creature.

    One of the misunderstandings in the current startup mania is the motivation of founders and proprietors; many haven’t gone into business with the aim of flipping the company to a rich sugar daddy for a billion dollars.

    In his great presentation “Fuck You, Pay Me” – essential viewing for anyone starting a business – San Francisco designer Mike Montiero describes “We wanted to pick and choose the clients we were gonna work with and we wanted to be responsible for what we’re putting out in the world.”

    For businesses like Montiero’s and Wilkinson, having a venture capital investor looking over their shoulder would be as bad as working for a corporation; ceding control of your work is exactly the reason they started their businesses in the first place.

    While the Silicon Valley venture capital model is valid for high growth businesses that need capital to scale quickly, most ventures don’t need those sort of large cash injections early in their development – for many, a million dollar cheque from a VC could prove to be a disaster.

    There’s myriad reasons why someone starts a venture and all of them pre-date the current startup mania, it’s why every business is different in its own way.

    Similar posts:

  • Closing the video store

    Closing the video store

    The last video store in my neighbourhood is closing down. A few years ago there were six in the suburb.

    Last year the US Blockbuster chain closed down its disk rental business and now the same thing is happening in Australia as people move from playing DVDs to streaming or downloading from the internet.

    In a generation the video rental industry went from nothing to boom to nothing again; a classic case of a transition effect.

    The rise and fall of the video rental industry is a cautionary tale of how yesterday’s hot new industry can become a dinosaur within a couple of decades.

    Similar posts:

  • Reducing big data risks by collecting less

    Reducing big data risks by collecting less

    “To my knowledge we have had no data breaches,” stated Tim Morris at the Tech Leaders conference in the Blue Mountains west of Sydney on Sunday.

    Morris, the Australian Federal Police force’s Assistant Commissioner for High Tech Crime Operations, was explaining the controversial data retention bill currently before the nation’s Parliament which will require telecommunications companies to keep customers’  connection details – considered to be ‘metadata’ – for two years.

    The bill is fiercely opposed by Australia’s tech community, including this writer, as it’s an expensive   and unnecessary invasion of privacy that will do little to protect the community but expose ordinary citizens to a wide range of risks.

    One of those risks is that of the data stores being hacked, a threat that Morris downplayed with some qualifications.

    As we’re seeing in the Snowden revelations, there are few organisations that are secure against determined criminals and the Australian Federal Police are no exception.

    For all organisations, not just government agencies, the question about data should be ‘do we need this?’

    In a time of ‘Big Data’ where it’s possible to collect and store massive amounts of information, it’s tempting to become a data hoarder which exposes managers to various risks, not the least that of it being stolen my hackers. It may well be that reducing those risks simply means collecting less data.

    Certainly in Australia, the data retention act will only create more headaches and risks while doing little to help public safety agencies to do their job. Just because you can collect data doesn’t mean you should.

    Similar posts: