StubHub: U2 Top-selling Live Act for US Summer 2017

Veteran Irish rock band U2 is the top-selling live music act in the United States for summer 2017, ticket seller StubHub said on Sunday, outpacing pop acts such as Ed Sheeran and Lady Gaga with a concert tour celebrating its seminal “Joshua Tree” album.

U2’s 13-stop “The Joshua Tree Tour 2017” topped the list of most popular live music acts in the United States between Memorial Day (May 29) and Labor Day (September 4). British singer Sheeran’s U.S. leg of his “divide” tour came in at No. 2 with 32 shows over the summer.

Unlike most artists who tour in support of new albums, U2’s concert celebrates the 30th anniversary of its 1987 “The Joshua Tree” album, with lyrics that drew from the band’s travels across America and social commentary.

U2 will kick off its U.S. Joshua Tree tour on Sunday at Seattle’s 68,000-capacity CenturyLink Field, and will play shows across the country including California, Texas and Florida before heading to Europe.

Sheeran’s tour will be at venues averaging a capacity of 20,000 while U2’s venues are upwards of 65,000 seats.

StubHub’s top-10 list did not include tickets sold for shows in Canada.

StubHub, which did not release the number of tickets sold, said U2 had outsold Sheeran by 65 percent and outsold last year’s top summer act, British singer Adele, by 15 percent.

Tickets for U2 have averaged around $246, while average ticket prices for Sheeran have been about $231, the ticket seller said, adding that U2’s June 3 Chicago date was the most in-demand concert of the summer.

StubHub’s top-10 acts of the summer saw an equal division of veteran artists and current pop and hip-hop acts, with Tom Petty and The Heartbreakers, Metallica, Tool and Roger Waters facing off Bruno Mars, Lady Gaga, Kendrick Lamar and Justin Bieber.

 

 

 

 

 

 

 

 

your ad here

Europol says Global Cyberattack Affects 150 Countries

Europe’s police agency Europol says a global cyberattack has affected at least 100,000 organizations in 150 countries, with data networks infected by malware that locks computer files unless a ransom is paid.

“I’m worried about how the numbers will continue to grow when people go to work and turn on their machines on Monday,” Europol director Rob Wainwright told Britain’s ITV television.

So far there has been no progress reported in efforts to determine who launched the plot.

Computer security experts have assured individual computer users who have kept their PC operating systems updated that they are relatively safe.

They advised those whose networks have been effectively shut down by the ransomware attack not to make the payment demanded — the equivalent of $300, paid in the digital currency bitcoin, delivered to a likely untraceable destination that consists merely of a lengthy string of letters and numbers.  

However, the authors of the “WannaCry” ransomware attack told their victims the amount they must pay would double if they did not comply within three days of the original infection — by Monday, in most cases. And the hackers warned that they would delete all files on infected systems if no payment was received within seven days.

Avast, an international security software firm that claims it has 400 million users worldwide, said the ransomware attacks rose rapidly Saturday to a peak of 57,000 detected intrusions. Avast, which was founded in 1988 by two Czech researchers, said the largest number of attacks appeared to be aimed at Russia, Ukraine and Taiwan, but that major institutions in many other countries were affected.

‘Kill switch’ found

Computer security experts said the current attack could have been much worse but for the quick action of a young researcher in Britain who discovered a vulnerability in the ransomware itself, known as WanaCryptor 2.0.

The researcher, identified only as “MalwareTech,” found a “kill switch” within the ransomware as he studied its structure.

The “kill” function halted WanaCryptor’s ability to copy itself rapidly to all terminals in an infected system — hastening its crippling effect on a large network — once it was in contact with a secret internet address, or URL, consisting of a lengthy alphanumeric string.

The “kill” function had not been activated by whoever unleashed the ransomware, and the researcher found that the secret URL had not been registered to anyone by international internet administrators. He immediately claimed the URL for himself, spending about $11 to secure his access, and that greatly slowed the pace of infections in Britain.

Experts cautioned, however, that the criminals who pushed the ransomware to the world might be able to disable the “kill” switch in future versions of their malware.

Hackers’ key tool

WanaCryptor 2.0 is only part of the problem. It spread to so many computers so rapidly by using an exploit — software capable of burrowing unseen into Windows computer operating systems.

The exploit, known as “EternalBlue” or “MS17-010,” took advantage of a vulnerability in the Microsoft software that reportedly had been discovered and developed by the U.S. National Security Agency, which used it for surveillance activities.

NSA does not discuss its capabilities, and some computer experts say the MS17-010 exploit was developed by unknown parties using the name Equation Group (which may also be linked to NSA). Whatever its source, it was published on the internet last month by a hacker group called ShadowBrokers.

Microsoft distributed a “fix” for the software vulnerability two months ago, but not all computer users and networks worldwide had yet made that update and thus were highly vulnerable. And many computer networks, particularly those in less developed parts of the world, still use an older version of Microsoft software, Windows XP, that the company no longer updates.

The Finnish computer security firm F-Secure called the problem spreading around the world “the biggest ransomware outbreak in history.” The firm said it had warned about the exponential growth of ransomware, or crimeware, as well as the dangers of sophisticated surveillance tools used by governments.

Lesson: Update programs

With WanaCryptor and MS17-010 both “unleashed into the wild,” F-Secure said the current problem seems to have combined and magnified the worst of the dangers those programs represent.

The security firm Kaspersky Lab, based in Russia, noted that Microsoft had repaired the software problem that allows backdoor entry into its operating systems weeks before hackers published the exploit linked to the NSA, but also said: “Unfortunately it appears that many users have not yet installed the patch.”

Britain’s National Health Services first sounded the ransomware alarm Friday.

The government held an emergency meeting Saturday of its crisis response committee, known as COBRA, to assess the damage. Late in the day, Home Secretary Amber Rudd said the NHS was again “working as normal,” with 97 percent of the system’s components now fully restored.

Spanish firm Telefonica, French automaker Renault, the U.S.-based delivery service FedEx and the German railway Deutsche Bahn were among those affected.

None of the firms targeted indicated whether they had paid or would pay the hackers ransom.

 

your ad here

Europol: Global Cyberattack Affects 150 Countries

A cyberattack that has already taken over computers in 150 countries could spread further Monday, as people return for the start of a new work week and use computers that may not have been updated with a security patch.

Europe’s police agency Europol said Sunday the attack had already affected at least 100,000 organizations in 150 countries, with data networks infected by malware that locks computer files unless a ransom is paid.

“I’m worried about how the numbers will continue to grow when people go to work and turn on their machines on Monday,” Europol director Rob Wainwright told Britain’s ITV television.

So far there has been no progress reported in efforts to determine who launched the plot.

Computer security experts have assured individual computer users who have kept their operating systems updated that they are relatively safe, but urged companies and governments to make sure they apply security patches or upgrade to newer systems.

They advised those whose networks have been effectively shut down by the ransomware attack not to make the payment demanded — the equivalent of $300, paid in the digital currency bitcoin, delivered to a likely untraceable destination that consists merely of a lengthy string of letters and numbers.  

However, the authors of the “WannaCry” ransomware attack told their victims the amount they must pay would double if they did not comply within three days of the original infection — by Monday, in most cases. And the hackers warned that they would delete all files on infected systems if no payment was received within seven days.

Avast, an international security software firm that claims it has 400 million users worldwide, said the ransomware attacks rose rapidly Saturday to a peak of 57,000 detected intrusions. Avast, which was founded in 1988 by two Czech researchers, said the largest number of attacks appeared to be aimed at Russia, Ukraine and Taiwan, but that major institutions in many other countries were affected.

‘Kill switch’ found

Computer security experts said the current attack could have been much worse but for the quick action of a young researcher in Britain who discovered a vulnerability in the ransomware itself, known as WanaCryptor 2.0.

The researcher, identified only as “MalwareTech,” found a “kill switch” within the ransomware as he studied its structure.

The “kill” function halted WanaCryptor’s ability to copy itself rapidly to all terminals in an infected system — hastening its crippling effect on a large network — once it was in contact with a secret internet address, or URL, consisting of a lengthy alphanumeric string.

The “kill” function had not been activated by whoever unleashed the ransomware, and the researcher found that the secret URL had not been registered to anyone by international internet administrators. He immediately claimed the URL for himself, spending about $11 to secure his access, and that greatly slowed the pace of infections in Britain.

Experts cautioned, however, that the criminals who pushed the ransomware to the world might be able to disable the “kill” switch in future versions of their malware, and that new versions were already emerging.​

Hackers’ key tool

WanaCryptor 2.0 is only part of the problem. It spread to so many computers so rapidly by using an exploit — software capable of burrowing unseen into Windows computer operating systems.

The exploit, known as “EternalBlue” or “MS17-010,” took advantage of a vulnerability in the Microsoft software that reportedly had been discovered and developed by the U.S. National Security Agency, which used it for surveillance activities.

NSA does not discuss its capabilities, and some computer experts say the MS17-010 exploit was developed by unknown parties using the name Equation Group (which may also be linked to NSA). Whatever its source, it was published on the internet last month by a hacker group called ShadowBrokers.

Microsoft distributed a patch for the software vulnerability two months ago, but not all computer users and networks worldwide had yet made that update, and thus were highly vulnerable. And many computer networks, particularly those in less-developed parts of the world, still use an older version of Microsoft software, Windows XP.  The company did issue a patch for Windows XP, but has otherwise largely stopped issuing updates for the software.

The Finnish computer security firm F-Secure called the problem spreading around the world “the biggest ransomware outbreak in history.” The firm said it had warned about the exponential growth of ransomware, or crimeware, as well as the dangers of sophisticated surveillance tools used by governments.

Lesson: Update programs

With WanaCryptor and MS17-010 both “unleashed into the wild,” F-Secure said the current problem seems to have combined and magnified the worst of the dangers those programs represent.

The security firm Kaspersky Lab, based in Russia, noted that Microsoft had repaired the software problem that allows backdoor entry into its operating systems weeks before hackers published the exploit linked to the NSA, but also said: “Unfortunately it appears that many users have not yet installed the patch.”

Britain’s National Health Services first sounded the ransomware alarm Friday.

The government held an emergency meeting Saturday of its crisis response committee, known as COBRA, to assess the damage. Late in the day, Home Secretary Amber Rudd said the NHS was again “working as normal,” with 97 percent of the system’s components now fully restored.

Spanish firm Telefonica, French automaker Renault, the U.S.-based delivery service FedEx and the German railway Deutsche Bahn were among those affected.

None of the firms targeted indicated whether they had paid or would pay the hackers ransom.

 

your ad here

Fleming Ready to Move On, Performs Marschallin One Last Time

Renee Fleming sang the famous “Ja, ja” one last time, acknowledging the ascendancy of youth, and made a graceful exit from the stage.

 

The 58-year-old soprano, the most well-known American classical singer, performed the Marschallin in Strauss’ “Der Rosenkavalier” for the final time Saturday in what may have been her farewell to staged standard repertoire.

 

Confetti fell from the top of the Metropolitan Opera and bouquets were thrown from the crowd during a nine-minute ovation that followed the performance on the final day of the company’s 2016-17 season. Fleming plans to concentrate her appearances on concerts and will consider singing in new operas. 

 

Fleming first sang the Marschallin, an aristocrat who accurately predicts her lover will leave her for a younger woman, at the Houston Grand Opera in 1995. Saturday was her 70th staged performance of the role, which included productions in San Francisco, London, Paris, Zurich, Baden-Baden and Munich, and with the Met on tour in Japan. She sang additional concert versions in Boston, Washington, and Paris.

 

“I feel satiated,” she said outside her dressing room. “It’s time — time to say goodbye.”

 

She was 36 for her first Marschallin, four years older than the age of the character created by composer Richard Strauss and librettist Hugo von Hofmannsthal for the opera, which premiered in 1911.

 

“Nothing seems like 22 years. Where did it go?” Fleming said. 

 

The Marschallin is one of her most acclaimed roles and it seemed an apropos choice. She wistfully sings during her first act monologue: “Time is a strange thing. While one is living one’s life away, it is absolutely nothing. Then, suddenly, one is aware of nothing else.”

 

“This fear of aging, it touches everybody’s heart,” Fleming said after the performance.

your ad here

New Rover to Make Moon Landing Next Year

Science fiction movies often contain imaginary technology. But now a real life moon rover has made it onto the big screen. Not only is it a star in a new film, but it will also play a starring role on a private mission to the moon next year. VOA’s Deborah Block has the story.

your ad here

Global Cyberattack in Brief: Ransomware, a Vision of Future?, Seeking Culprits

In what is believed to be the largest attack of its kind ever recorded, a cyberextortion attack continued causing problems Saturday, locking up computers and holding users’ files for ransom at dozens of hospitals, companies and government agencies. Businesses and computer security organizations await problems in the new workweek.

Ransomware Attack Could Herald Future Problems — Tech staffs around the world worked around the clock this weekend to protect computers and patch networks to block the computer hack whose name sounds like a pop song — “WannaCry” — as analysts warned the global ransomware attack could be just the first of a new wave of strikes by computer criminals.

Worldwide Cyberattack Spreads Further in Second Day — A cyberattack against tens of thousands of data networks in scores of countries, all infected by malware that locks computer files unless a ransom is paid, spread further in its second day Saturday, with no progress reported in efforts to determine who launched the plot.

Authorities Seek Clues On Culprits Behind Global Cyberattack — The British government said on Saturday it does not yet know who was behind a massive global cyberattack that disrupted Britain’s health care services, but Interior Minister Amber Rudd said the country’s National Crime Agency is investigating where the attacks came from.

Europol Working on Probe Into Massive Cyberattack — The European Union’s police agency, Europol, says it is working with countries hit by the global ransomware cyberattack to rein in the threat and help victims.

‘Perfect Storm’ of Conditions Helped Cyberattack Succeed — The cyberextortion attack that hit dozens of countries spread quickly and widely thanks to an unusual confluence of factors: a known and highly dangerous security hole in Microsoft Windows, tardy users who didn’t apply Microsoft’s March software fix, and a software design that allowed the malware to spread quickly once inside university, business and government networks.

Where Global Cyberattack Has Hit Hardest — A look at some of the countries and organizations hardest hit during the global cyberattack.

What Is the Digital Currency Bitcoin? — In the news now after a cyberextortion attack this weekend, bitcoin has a fuzzy history, but it’s a type of currency that allows people to buy goods and services and exchange money without involving banks, credit card issuers or other third parties.

 

your ad here

Eurovision Song Contest 2017

The Ukrainian capital, Kyiv, was the scene of the final of the 2017 Eurovision Song Contest, the annual europop song fest that was expected to garner a television audience of some 200 million.

your ad here

Where Global Cyberattack Has Hit Hardest

Here is a look at some of the places hit by the global cyberattack.

European Union — Europol’s European Cybercrime Center, known as EC3, said the attack “is at an unprecedented level and will require a complex international investigation to identify the culprits.”

Britain — Britain’s home secretary said the “ransomware” attack hit one in five of 248 National Health Service groups, forcing hospitals to cancel or delay treatments for thousands of patients — even some with serious aliments like cancer.

Germany — The national railway said Saturday departure and arrival display screens at its train stations were affected, but there was no impact on actual train services. Deutsche Bahn said it deployed extra staff to help customers.

Russia — Two security firms — Kaspersky Lab and Avast — said Russia was hit hardest by the attack. The Russian Interior Ministry, which runs the country’s police, confirmed it was among those that fell victim to the “ransomware,” which typically flashes a message demanding payment to release the user’s data. Spokeswoman Irina Volk was quoted by the Interfax news agency Saturday as saying the problem had been “localized” and that no information was compromised. Russia’s health ministry said its attacks were “effectively repelled.”

United States — In the U.S., FedEx Corp. reported that its Windows computers were `”experiencing interference” from malware, but wouldn’t say if it had been hit by ransomware. Other impacts in the U.S. were not readily apparent.

Turkey — The head of Turkey’s Information and Communication Technologies Authority or BTK says the nation was among those affected by the ransomware attack. Omer Fatih Sayan said the country’s cyber security center is continuing operations against the malicious software.

France — French carmaker Renault’s assembly plant in Slovenia halted production after it was targeted. Radio Slovenia said Saturday the Revoz factory in the southeastern town of Novo Mesto stopped working Friday evening to stop the malware from spreading.

Brazil — The South American nation’s social security system had to disconnect its computers and cancel public access. The state-owned oil company Petrobras and Brazil’s Foreign Ministry also disconnected computers as a precautionary measure, and court systems went down, too.

Spain — The attack hit Spain’s Telefonica, a global broadband and telecommunications company.

your ad here

Portugal’s Sobral Wins Eurovision Contest With Tender Ballad

Portugal’s Salvador Sobral won the Eurovision Song Contest on Saturday with a gentle romantic ballad that challenged the event’s decades-long reputation for cheesy, glittery excess.

Sobral sang his Amar Pelos Dois (Love For Both) in a high, clear tenor accompanied by quiet strings and a piano. Unlike the 25 other competitors who performed on a wide stage backed by flashing lights, bursts of flames and other effects, Sobral sang from a small elevated circle in the middle of the crowd, an intimate contrast to others’ bombast.

“Music is not fireworks, music is feeling,” he said while accepting the award.

Runner-up Kristian Kostov of Bulgaria wasn’t short on feeling — his power-ballad “Beautiful Mess” was awash in melodrama, the singer appearing almost wrung out by romantic turmoil.

Moldova’s Sunstroke Project finished a surprising third, with a bouncy, jazzy song called “Hey Mama”‘ that featured a clever stage routine in which the female backup singers hid their microphones in bridal bouquets.

Francesco Gabbani of Italy had led bookmakers’ tallies for most of the days leading up to the final, but he ended up placing sixth even though his act seemed the epitome of Eurovision’s cheerfully tacky aesthetics — singing a driving number about spirituality while accompanied by someone in a gorilla suit.

Eurovision, in its 62nd year, is aimed at apolitical entertainment. But the sweet intentions were soured this year when Russia’s participation was scuttled by host Ukraine over the two nations’ diplomatic and military conflict.

Russia is one of Eurovision’s heavy hitters, tied with Sweden for the most top-five finishes this century. But this year’s Russian entrant, Yuliya Samoylova, was blocked from competing by Ukraine because she had toured in Crimea after Russia’s 2014 annexation of the peninsula.

In response, Russia’s state-owned Channel 1 television is refusing to broadcast the contest, replacing Saturday’s final with a screening of the film “Alien.”

The Moscow-Kyiv split is a headache for Eurovision’s producer, the European Broadcasting Union, which strives mightily to keep pop and politics separate. Overtly political flags and banners are banned, and lyrics are monitored for provocative content.

In 2009, the EBU nixed the Georgian entry “We Don’t Wanna Put In,” a dig at Russian President Vladimir Putin. The union, however, has been criticized for not barring “1944” last year, allowing Russia-Ukraine tensions to fester.

The acrimony is ironic, since Eurovision was founded in 1956 to bring the recently warring countries of Europe together. It launched a year before the foundation of the European Economic Community, forerunner of the European Union.

From its launch with seven countries, Eurovision has grown to include more than 40, including non-European nations such as Israel and — somewhat controversially — far-off Australia.

The contest helped launch the careers of Sweden’s ABBA — victors in 1974 with “Waterloo” — Canada’s Celine Dion, who won for Switzerland in 1988, and Irish high-steppers Riverdance, the halftime entertainment in 1994.

your ad here

Ransomware Attack Could Herald Future Problems

Tech staffs around the world worked around the clock this weekend to protect computers and patch networks to block the computer hack whose name sounds like a pop song — “WannaCry” — as analysts warned the global ransomware attack could be just the first of a new wave of strikes by computer criminals.

The United States suffered relatively few effects from the ransomware that appeared on tens of thousands of computer systems across Europe and into Asia, beginning Friday. Security experts remained cautious, however, and stressed there was a continuing threat.

In contrast to reports from several European security firms, a researcher at the Tripwire company on the U.S. West Coast said late Saturday that the attack could be diminishing.

“It looks like it’s tailing off,” said Travis Smith of Tripwire.

“I hope that’s the case,” Smith added. The Oregon firm protects large enterprises and governments from computer security threats.

Ransomware attack

The code for the ransomware unleashed Friday remains freely available on the internet, experts said, so those behind the WannaCry attack — also known as WanaCryptor 2.0 and a variety of other names — could launch new strikes in coming days or weeks. Copycat attacks by other high-tech criminals also are possible.

“We are not out of the woods yet,” said Gary Davis, chief consumer security evangelist at McAfee, the global computer security software company in Santa Clara, California. “We think it’s going to be the footprint for other kinds of attacks in the future.”

The attack hit scores of countries — more than 100, by some experts’ count — and infected tens of thousands of computer networks.

Industry reports indicate Russia, Taiwan, Ukraine and Britain were among the countries hit hardest, and more hacking reports can be expected when offices reopen for the new workweek Monday or, in some parts of the world, Sunday.

One of the weapons used in the current attack is a software tool reportedly stolen from the U.S. National Security Agency and published on the internet by hackers last month.

The tool affords hackers undetected entry into many Microsoft computer operating systems, which is what they need to plant their ransomware. However, Microsoft issued patches to fix that vulnerability in its software weeks ago that could greatly reduce the chances of intrusion.

Outdated operating systems

The crippling effects of WannaCry highlight a problem that experts have long known about, and one that appears to have hit developing countries harder.

Some organizations are more vulnerable to intrusion because they use older or outdated operating systems, usually due to the cost of upgrading software or buying modern hardware needed to install better-protected operating systems. Companies like Microsoft eventually stop updating or supporting older versions of their software, so customers using those programs do not receive software patches or security upgrades.

Much of the ransomware’s spread around the world occurred without any human involvement. The WannaCry malware self-propagates, copying itself to all computers on a network automatically.

When a demand for ransom payments appears on a user’s screen — $300 at first, doubling to $600 in a few days — it’s usually too late: All files on that computer have been encrypted and are unreadable by their owners.

The hackers said they would reverse the effect of their software once they received the payments they demanded.

Microsoft patched the “hole” in the newest versions of its operating software — Windows 10 for most home users — in March, three weeks before the stolen NSA exploit software was published on the internet. Since Friday, the company dropped its refusal to update old versions of its programs and issued patches specifically written for use in Windows XP and several other systems.

Microsoft declined a request for an interview, but a statement on the company’s blog said: “Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful. We are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003.”

“A lot of people in the security community were impressed with Microsoft’s speed, but it highlights an ongoing challenge we have,” said Stephen Cobb, a senior security researcher with ESET, a global security software company. “If a malicious code outbreak breaks out tomorrow, and targets unsupported operating systems, Microsoft may have to go there again.”

your ad here

‘Perfect Storm’ of Conditions Helped Cyberattack Succeed

The cyberextortion attack hitting dozens of countries spread quickly and widely thanks to an unusual confluence of factors: a known and highly dangerous security hole in Microsoft Windows, tardy users who didn’t apply Microsoft’s March software fix, and a software design that allowed the malware to spread quickly once inside university, business and government networks.

Not to mention the fact that those responsible were able to borrow weaponized software code apparently created by the U.S. National Security Agency to launch the attack in the first place.

Other criminals may be tempted to mimic the success of Friday’s “ransomware” attack, which locks up computers and hold people’s files for ransom. Experts say it will be difficult for them to replicate the conditions that allowed the so-called WannaCry ransomware to proliferate across the globe.

But we’re still likely to be living with less virulent variants of WannaCry for some time. And that’s for a simple reason: Individuals and organizations alike are fundamentally terrible about keeping their computers up-to-date with security fixes.

The worm

One of the first “attacks” on the internet came in 1988, when a graduate student named Robert Morris Jr. released a self-replicating and self-propagating program known as a “worm” onto the then-nascent internet. That program spread much more quickly than expected, soon choking and crashing machines across the internet.

The Morris worm wasn’t malicious, but other nastier variants followed — at first for annoyance, later for criminal purposes, such as stealing passwords. But these worm attacks became harder to pull off as computer owners and software makers shored up their defenses.

So criminals turned to targeted attacks instead to stay below the radar. With ransomware, criminals typically trick individuals into opening an email attachment containing malicious software. Once installed, the malware just locks up that computer without spreading to other machines.

The hackers behind WannaCry took things a step further by creating a ransomware worm, allowing them to demand ransom payments not just from individual but from entire organizations — maybe even thousands of organizations.

Perfect storm

Once inside an organization, WannaCry uses a Windows vulnerability purportedly identified by the NSA and later leaked to the internet. Although Microsoft released fixes in March, the attackers counted on many organizations not getting around to applying those fixes. Sure enough, WannaCry found plenty of targets.

Since security professionals typically focus on building walls to block hackers from entering, security tends to be less rigorous inside the network. WannaCry exploited common techniques employees use to share files via a central server.

“Malware that penetrates the perimeter and then spreads inside the network tends to be quite successful,” said Johannes Ullrich, director of the Internet Storm Center at the SANS Institute.

Persistent infections

“When any technique is shown to be effective, there are almost always copycats,” said Steve Grobman, chief technology officer of McAfee, a security company in Santa Clara, California. But that’s complicated, because hackers need to find security flaws that are unknown, widespread and relatively easy to exploit.

In this case, he said, the NSA apparently handed the WannaCry makers a blueprint — pre-written code for exploiting the flaw, allowing the attackers to essentially cut and paste that code into their own malware.

Mikko Hypponen, chief research officer at the Helsinki-based cybersecurity company F-Secure, said ransomware attacks like WannaCry are “not going to be the norm.” But they could still linger as low-grade infections that flare up from time to time.

For instance, the Conficker virus, which first appeared in 2008 and can disable system security features, also spreads through vulnerabilities in internal file sharing. As makers of anti-virus software release updates to block it, hackers deploy new variants to evade detection.

Conficker was more of a pest and didn’t do major damage. WannaCry, on the other hand, threatens to permanently lock away user files if the computer owner doesn’t pay a ransom, which starts at $300 but goes up after two hours.

The damage might have been temporarily contained. An unidentified young cybersecurity researcher claimed to help halt WannaCry’s spread by activating a so-called “kill switch.” Other experts found his claim credible. But attackers can, and probably will, simply develop a variant to bypass this countermeasure.

Fighting back

The attack is likely to prompt more organizations to apply the security fixes that would prevent the malware from spreading automatically. “Talk about a wake-up call,” Hypponen said.

Companies are often slow to apply these fixes, called patches, because of worries that any software change could break some other program, possibly shutting down critical operations.

“Whenever there is a new patch, there is a risk in applying the patch and a risk in not applying the patch,” Grobman said. “Part of what an organization needs to understand and assess is what those two risks are.”

Friday’s attack might prompt companies to reassess the balance. And while other attackers might use the same flaw, such attacks will be steadily less successful as organizations patch it.

Microsoft took the unusual step late Friday of making free patches available for older Windows systems, such as Windows XP from 2001. Before, Microsoft had made such fixes available only to mostly larger organizations that pay extra for extended support, yet millions of individuals and smaller businesses still had such systems.

But there will be other vulnerabilities to come, and not all of them will have fixes for older systems. And those fixes will do nothing for newer systems if they aren’t installed.

your ad here

Worldwide Cyberattack Spreads Further in Second Day

A cyberattack against tens of thousands of data networks in scores of countries, all infected by malware that locks computer files unless a ransom is paid, spread further in its second day Saturday, with no progress reported in efforts to determine who launched the plot.

Computer security experts assured individual computer users who have kept their PC operating systems updated that they are relatively safe.

They advised those whose networks have been effectively shut down by the ransomware attack not to make the payment demanded — the equivalent of $300, paid in the digital currency bitcoin, delivered to a likely untraceable destination that consists merely of a lengthy string of letters and numbers.

However, the authors of the “WannaCry” ransomware attack told their victims the amount they must pay would double if they did not comply within three days of the original infection — by Monday, in most cases. And the hackers warned that they would delete all files on infected systems if no payment was received within seven days.

Avast, an international security software firm that claims it has 400 million users worldwide, said the ransomware attacks rose rapidly Saturday to a peak of 57,000 detected intrusions. Avast, which was founded in 1988 by two Czech researchers, said the largest number of attacks appeared to be aimed at Russia, Ukraine and Taiwan, but that major institutions in many other countries were affected.

‘Kill switch’ found

Computer security experts said the current attack could have been much worse but for the quick action of a young researcher in Britain who discovered a vulnerability in the ransomware itself, known as WanaCryptor 2.0.

The researcher, identified only as “MalwareTech,” found a “kill switch” within the ransomware as he studied its structure.

The “kill” function halted WanaCryptor’s ability to copy itself rapidly to all terminals in an infected system — hastening its crippling effect on a large network — once it was in contact with a secret internet address, or URL, consisting of a lengthy alphanumeric string.

The “kill” function had not been activated by whoever unleashed the ransomware, and the researcher found that the secret URL had not been registered to anyone by international internet administrators. He immediately claimed the URL for himself, spending about $11 to secure his access, and that greatly slowed the pace of infections in Britain.

Expects cautioned, however, that the criminals who pushed the ransomware to the world might be able to disable the “kill” switch in future versions of their malware.

Hackers’ key tool

WanaCryptor 2.0 is only part of the problem. It spread to so many computers so rapidly by using an exploit — software capable of burrowing unseen into Windows computer operating systems.

The exploit, known as “EternalBlue” or “MS17-010,” took advantage of a vulnerability in the Microsoft software that reportedly had been discovered and developed by the U.S. National Security Agency, which used it for surveillance activities.

NSA does not discuss its capabilities, and some computer experts say the MS17-010 exploit was developed by unknown parties using the name Equation Group (which may also be linked to NSA). Whatever its source, it was published on the internet last month by a hacker group called ShadowBrokers.

Microsoft distributed a “fix” for the software vulnerability two months ago, but not all computer users and networks worldwide had yet made that update and thus were highly vulnerable. And many computer networks, particularly those in less developed parts of the world, still use an older version of Microsoft software, Windows XP, that the company no longer updates.

The Finnish computer security firm F-Secure called the problem spreading around the world “the biggest ransomware outbreak in history.” The firm said it had warned about the exponential growth of ransomware, or crimeware, as well as the dangers of sophisticated surveillance tools used by governments.

Lesson: Update programs

With WanaCryptor and MS17-010 both “unleashed into the wild,” F-Secure said the current problem seems to have combined and magnified the worst of the dangers those programs represent.

The security firm Kaspersky Lab, based in Russia, noted that Microsoft had repaired the software problem that allows backdoor entry into its operating systems weeks before hackers published the exploit linked to the NSA, but also said: “Unfortunately it appears that many users have not yet installed the patch.”

Britain’s National Health Services first sounded the ransomware alarm Friday.

The government held an emergency meeting Saturday of its crisis response committee, known as COBRA, to assess the damage. Late in the day, Home Secretary Amber Rudd said the NHS was again “working as normal,” with 97 percent of the system’s components now fully restored.

Spanish firm Telefonica, French automaker Renault, the U.S.-based delivery service FedEx and the German railway Deutsche Bahn were among those affected.

None of the firms targeted indicated whether they had paid or would pay the hackers ransom.

your ad here

What Is the Digital Currency Bitcoin?

It’s worth more than an ounce of gold right now, it’s completely digital and it’s the currency of choice for the cyberattackers who crippled computer networks around the world in recent days.

When the attackers’ “ransomware” sprang into action, it held victims hostage by encrypting their data and demanding they send payments in bitcoins to regain access to their computers. Bitcoin has a fuzzy history, but it’s a type of currency that allows people to buy goods and services and exchange money without involving banks, credit card issuers or other third parties.

Here’s a brief look at bitcoin:

How bitcoins work

Bitcoin is a digital currency that is not tied to a bank or government and allows users to spend money anonymously. The coins are created by users who “mine” them by lending computing power to verify other users’ transactions. They receive bitcoins in exchange. The coins also can be bought and sold on exchanges with U.S. dollars and other currencies.

How much is it worth?

One bitcoin recently traded for $1,734.65, according to Coinbase, a company that helps users exchange bitcoins. That makes it more valuable than an ounce of gold, which trades at less than $1,230.

The value of bitcoins can swing sharply, though. A year ago, one was worth $457.04, which means that it’s nearly quadrupled in the last 12 months. But its price doesn’t always go up. A bitcoin’s value plunged by 23 percent against the dollar in just a week this past January. It fell by the same amount again in 10 days during March.

Why bitcoins are popular

Bitcoins are basically lines of computer code that are digitally signed each time they travel from one owner to the next. Transactions can be made anonymously, making the currency popular with libertarians as well as tech enthusiasts, speculators — and criminals.

Who’s using bitcoin?

Some businesses have jumped on the bitcoin bandwagon amid a flurry of media coverage. Overstock.com accepts payments in bitcoin, for example.

The currency has become popular enough that more than 300,000 daily transactions have been occurring recently, according to bitcoin wallet site blockchain.info. A year ago, activity was closer to 230,000 transactions per day.

Still, its popularity is low compared with cash and cards, and many individuals and businesses won’t accept bitcoins for payments.

How bitcoins are kept secure

The bitcoin network works by harnessing individuals’ greed for the collective good. A network of tech-savvy users called miners keep the system honest by pouring their computing power into a blockchain, a global running tally of every bitcoin transaction. The blockchain prevents rogues from spending the same bitcoin twice, and the miners are rewarded for their efforts by being gifted with the occasional bitcoin. As long as miners keep the blockchain secure, counterfeiting shouldn’t be an issue.

How bitcoin came to be

It’s a mystery. Bitcoin was launched in 2009 by a person or group of people operating under the name Satoshi Nakamoto. Bitcoin was then adopted by a small clutch of enthusiasts. Nakamoto dropped off the map as bitcoin began to attract widespread attention. But proponents say that doesn’t matter: The currency obeys its own internal logic.

An Australian entrepreneur last year stepped forward and claimed to be the founder of bitcoin, only to say days later that he did not “have the courage” to publish proof that he is.

your ad here

Italy, Portugal Eyed as Favorites as Ukraine Hosts Eurovision Final

The Ukrainian capital, Kyiv, is bracing to host the finale of the 2017 Eurovision Song Contest, the annual europop song fest that is expected to garner a television audience of some 200 million.

your ad here

Fact Check: This News Is Not Real

A roundup of some of the most popular, but completely untrue, headlines of the week. None of these stories are legit, even though they were shared widely on social media. AP checked these out; here are the real facts:

 

NOT REAL: U.S. Department of State suspends New York Times license 

THE FACTS: The account claiming the State Department suspended the newspaper’s operational permit after it criticized Philippine President Rodrigo Duterte is “completely false,” Times spokeswoman Danielle Rhoades Ha says. There is no permit required for U.S. news organizations and there is no issue with the newspaper’s foreign press credentials, she said. A website made up to look like a CNN outlet says in a story published last month that the State Department accused The Times of “breaking communication code of ethics” in a matter that could cause diplomatic challenges between the two countries.

 

NOT REAL: Sarah Palin out of her coma, able to identify her attackers

 

THE FACTS: More than half a dozen sites have run the same verbatim account of a hit-and-run accident on California’s Pacific Coast Highway involving the former Alaska governor, followed up by stories alleging Palin emerged from her coma to identify her assailants. A spokesman for Palin tells the AP the reports are “as fake as fake can be.” The sites report that the accident happened April 28, when Palin’s Twitter and Facebook accounts were active. The 2008 Republican vice presidential candidate has been a target of hoax articles in the past.

 

NOT REAL: Hobby Lobby just announced plan to close ALL stores

 

THE FACTS: The arts and crafts retail chain has 700-plus stores and says it’s adding 60 more in 2017. A story published by Daily Info News, The Washington Feed and other outlets said the chain’s CEO said it could go out of business if it pays fines for violating a mandate under the Affordable Care Act to provide employees access to emergency contraception. Hobby Lobby won an exemption from the law based on religious preferences in a 2014 Supreme Court decision.

 

NOT REAL: 2 moms, 5 kids killed in car crash in (insert place here)

 

THE FACTS: Multiple websites have appropriated many details from a true account of a June 2016 minivan accident in Southern California that killed two mothers and four children while two fathers survived. The stories circulating with dozens of different headlines change the U.S. county where it occurred, and in some cases add the fathers’ names and varying ages of the children.

 

NOT REAL: Robertson: David Bowie is not dead, he was kidnapped by demons summoned by rock music

 

THE FACTS: This account first published by politicops.com last year and recently recycled by admitted hoax site uspoln.com began with an accurate answer by “700 Club” host Pat Robertson to a teenager’s written question on whether it was OK to listen to rock music. Robertson replied that some rock wasn’t “all that bad,” but some “is just evil.” A spokesman for Robertson’s Christian Broadcasting Network tells the AP that the evangelist made no mention of Bowie, who died Jan. 10, 2016. 

your ad here

Global Cyberattack in Brief: Ransomware Attack, How Does It Work, How to Prevent It

In what is believed to be the largest attack of its kind ever recorded, a cyberextortion attack struck in dozens of countries Friday, locking up computers and holding users’ files for ransom at dozens of hospitals, companies and government agencies.

Massive Cyberattack Hits Organizations Around Globe — An aggressive wave of cyberattacks has hit companies and public institutions around the globe, causing international havoc and bringing many services to a standstill. The cyberextortion attempt appeared to use stolen software developed by a U.S. spy agency.

What You Need to Know About Ransomware — What is ransomware? How does it infect your computer? How is the U.S. government’s National Security Agency involved? How to keep your computer safe.

Global Cyberattack Fuels Concern About US Vulnerability Disclosures — A global cyberattack on Friday renewed concerns about whether the U.S. National Security Agency and other countries’ intelligence services too often horde software vulnerabilities for offensive purposes, rather than quickly alerting technology companies to such flaws.

Companies Affected by Global Cyber Attack — A global cyber attack on Friday affected British hospitals, government agencies and companies, such as FedEx Corp., Telefonica SA, Portugal Telecom and Telefonica Argentina, in 99 countries, with Russia, Ukraine and Taiwan the top targets.

Don’t Click: What Is the ‘Ransomware’ WannaCry Worm? — What is so special about WannaCry?

your ad here

Don’t Click: What Is the ‘Ransomware’ WannaCry Worm?

Malicious software called “ransomware” has forced British hospitals to turn away patients and affected Spanish companies such as Telefonica as part of a global outbreak that has affected tens of thousands of computers.

How does it work?

WannaCry — also known as WanaCrypt0r 2.0, WannaCry and WCry — is a form of “ransomware” that locks up the files on your computer and encrypts them in a way that you cannot access them anymore.

How does it spread?

Ransomware is a program that gets into your computer, either by clicking on the wrong thing or downloading the wrong thing, and then it holds something you need to ransom.

In the case of WannaCry, the program encrypts your files and demands payment in bitcoin in order to regain access.

Security experts warn there is no guarantee that access will be granted after payment. Some ransomware that encrypts files ups the stakes after a few days, demanding more money and threatening to delete files altogether.

There are different variants of what happens: Other forms of ransomware execute programs that can lock your computer entirely, only showing a message to make payment in order to log in again. There are some that create pop-ups that are difficult or impossible to close, rendering the machine difficult or impossible to use.

Where has it spread?

British-based cyber researcher Chris Doman of AlienVault said the ransomware “looks to be targeting a wide range of countries,” with initial evidence of infections in at least two dozen nations, according to experts from three security firms.

The broad-based ransomware attack has appeared in at least eight Asian nations, a dozen countries in Europe, Turkey and the United Arab Emirates and Argentina, and appears to be sweeping around the globe, researchers said.

What is so special about WannaCry?

WannaCry is not just a ransomware program, it is also a worm.

This means that it gets into your computer and looks for other computers to try and spread itself as far and wide as possible.

Ransomware has a habit of mutating, so it changes over time in order to find different ways to access computers or to get around patches (operating system updates that often include security updates). Many security firms are already aware of WannaCry in past forms and most are looking at this one right now to see how it might be stopped.

Several cybersecurity firms said WannaCry exploits a vulnerability in Microsoft and that Microsoft patched this in March. People don’t always install updates and patches on their computers, and so this means vulnerabilities can remain open a lot longer and make things easier for hackers to get in.

It exploited a vulnerability in the Windows operating system believed to have been developed by the National Security Agency, which became public last month. It was among a large number of hacking tools and other files that a group known as the Shadow Brokers released on the internet. Shadow Brokers said that they obtained it from a secret NSA server.

The identity of Shadow Brokers is unknown, though many security experts believe the group that surfaced in 2016 is linked to the Russian government.

The NSA and Microsoft did not immediately respond to requests for comment.

your ad here

Store Allows Customers to Play Guitars Even if They Don’t Buy Them

Across the U.S., there are stores where people can play a musical instrument even if they have no intention of buying it. VOA’s Yahya Albarzinji spoke with music enthusiasts at one such store in the Washington suburb of Fairfax, Virginia.

your ad here

Is Human Behavior Impeding Self-Driving Cars?

Most technology experts agree that self-driving cars will soon finish the testing phase and enter the commercial market, probably as taxis and delivery vehicles. But some of them wonder if the cars’ artificial brains will be able to cope with the human propensity to bend the traffic rules. VOA’s George Putic reports.

your ad here

What You Need to Know About Ransomware

An aggressive wave of cyberattacks hit companies and public institutions around the globe Friday, causing international havoc and bringing many services to a standstill. Computers were locked up and users’ files held for ransom when dozens of countries were hit in a cyberextortion attack that targeted hospitals, companies and government agencies.

What is ransomware?

Ransomware is a type of malware that attempts to extort a computer user for money. In some cases, the ransomware encrypts certain files and holds them hostage. In other cases, as happened Friday, it locks a user out of their entire computer system until a ransom is paid. Some ransomware that encrypts files increases the stakes after a few days, demanding more money and threatening to delete files altogether.

Steps of ransomware infection

A ransomware infection usually takes these five steps.

1. The user downloads malware from an infected website or email.

2. The initial malware hijacks the user’s browser and redirects it to a malicious site.

3. Part of the malware, called an exploit kit, looks for vulnerabilities in the user’s system.

4. Once a vulnerability is found, a malicious payload is downloaded onto the victim’s computer.

5. Then the malware calls home with sensitive data from the user’s computer. In the case of ransomware, the malware attempts to extort the user for money.

The ransomware program that spread Friday is not just malware, it is also a worm. This means that the malware gets into a computer and looks for other computers to try and spread itself as far as possible.

Do ransomware attacks generate money for the hackers?

Yes, they can. A hospital system in Los Angeles paid about $17,000 earlier this year following an attack that blocked hospital employees from using email and other forms of electronic communication by using encryption to lock them out of the system. The hackers even set up a help line to answer questions about paying the ransom.

Security industry experts say such attacks are becoming more prevalent, but are rarely made public.

How is the NSA involved?

The hackers appear to have used a technique that was discovered by the National Security Agency and was leaked online in April by a group calling itself the Shadow Brokers.

The malware is exploiting a flaw in Microsoft software. Microsoft created a patch to fix the flaw earlier this year, but not all businesses have updated their operating systems.

Who carried out the attack?

Investigators are pursuing information, but have not said if they have any strong leads. Officials say they believe the attack is the work of criminals and not a foreign government. The original hacking tool was apparently stolen from the NSA and leaked online by the Shadow Brokers, but officials do not know who that group is or whether they carried out this attack.

How to keep your computer safe

Microsoft released a patch in March that fixes the specific vulnerability exploited in this attack. The U.S. Department of Homeland Security is urging people to take three steps.

1. Update your systems to include the latest patches.

2. Do not click on or download unfamiliar links or files in emails.

3. Back up your data to prevent possible loss.

your ad here