STE WILLIAMS

China has expanded its censorship tools to strip out images from chat messages in transit through its networks.

The new powers were inadvertently demonstrated on the country’s most common messaging services – WeChat and Weibo – following the death of Nobel Peace Prize winner Liu Xiaobo last week. The superpower’s Great Firewall was also able to clumsily disrupt photos and texts sent via Facebook’s WhatsApp service.

Netizens in China reported the immediate deletion or blocking of references to Liu Xiaobo, who died at a hospital in Jinzhou in the north west part of the country from liver cancer. He had been held as a political prisoner for over eight years, and the Chinese government refused a request for him to seek medical attention overseas.

Concerned that his death could lead to political protest, Chinese censors went into overdrive, using keywords to try to remove any mention or discussion of Xiaobo from WeChat, Weibo, and other Chinese services. A review of that censorship by the University of Toronto’s The Citizen Lab revealed a depth of sophistication and hitherto unknown censorship capabilities.

To be clear, we’re told that censors were able to peer into private conversations on Chinese services, and strip out any banned material as it moved from person to person. For foreign services, such as the encrypted WhatsApp, they were only able to block all large messages or simply firewall off whole systems in a ham-fisted way.

Regarding the Chinese chat portals, Citizen Lab reported this week that the Middle Kingdom’s expurgators had…

• The ability to discern and apply different blocking rules based on whether chats were one-to-one or to a group (groups chats were more heavily censored).
• The ability to understand context and apply differing degrees of censorship depending on how many and what types of blocked keywords were included in a message.
• The power to perform server-side blocking of messages, meaning that people didn’t even see messages intended for them.

But the most surprising new capacity was the ability to remove images in transit. Chinese users have grown used to having their images removed, and have learned a variety of techniques, including rotating images, as a way of passing its legion of censors. But images sent on messaging apps have typically made their way through and been deleted later.

Obviously concerned that pictures of Liu Xiaobo in a hospital bed could become widely shared, or even iconic, the authorities demonstrated their ability to intervene mid-transit and many images of the activist never made it beyond individuals’ phones.

“We found 74 images blocked on WeChat Moments, 26 blocked on group chat and 19 blocked on one-to-one chat,” The Citizen Lab reported. “These are the first tests in which we have found evidence of image censorship on WeChat’s one-to-one chat.”

The difference in numbers is directly connected to how large the public reach of each service is. “The blocking of images on one-to-one chat shows an effort to restrict content across semi-public and private chat functions, demonstrating the sensitivity of Liu Xiaobo’s death,” the researchers noted.

One of the banned images

The outlawed snaps include everything from pictures of Liu Xiaobo in hospital, to simplified cartoon-like images of him using his glasses as a frame of reference, to screengrabs showing censorship, to people commemorating him. In short, anything that appears to strike a chord and started being shared widely was immediately blocked, demonstrating both the depth and the resources applied to censoring citizens’ communications.

It is notable, however, that the Chinese government was only able to shoot down specific images on the chat apps based in China – strongly suggesting that the government has access to the company’s backend systems. When it came to Facebook’s end-to-end encrypted WhatsApp messaging service, the government reacted by simply blocking the sending of any and all images and video – presumably by stopping all attachments from being delivered rather than cracking and inspecting conversations. Some users reported that WhatsApp wasn’t working at all for them, but many reported that text messaging was working fine while all images were being dropped.

WhatsApp uses the strongly encrypted Signal protocol. Attachments, such as pics and videos, are scrambled and transferred via a blob store [PDF] – and it could be this process that the Great Firewall of China disrupted to stop photos getting through, rather than decrypting the contents.

In terms of keywords, Liu Xiaobo’s name in both English and Simplified Chinese were blocked online, as was mention of his wife Liu Xia. A strongly blocked phrase remains “Charter 08” – which was the manifesto he wrote back in 2008 arguing for political reform, and which led to his arrest and imprisonment. Others included “Nobel Peace Prize,” “liver cancer,” any reference to his death or condition and the phrase “wash the guilt.”

In the past six months, China has expanded its already extensive censorship systems to cover not just politically sensitive topics, but also issues that the central government does not approve of, including homosexuality and drug use.

Earlier this month, the government also started cracking down on “unlicensed” VPN services that many citizens have used for years to circumvent the online controls. VPN providers will now be expected to block a government-supplied list of websites and services if they wish to operate in the country. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/07/18/china_censorship_includes_images_in_transit/

Number of iOS devices running malicious apps more than tripled in three consecutive quarters, while infected Android devices remained largely flat, report shows.

iPhones and other devices running Apple’s iOS have seen a jump in malicious apps attacking them while Android malware infections have remained largely stable, according to a report released today by mobile security company Skycure.

Enterprise iOS devices scanned by Skycure found 0.65% had “high-severity” malicious apps running on them in the first quarter, up from 0.21% in the third quarter last year, according to Skycure’s Mobile Threat Intelligence report. Android, however, remained flat during this time period, Skycure noted.

“iOS is used on one of the more popular devices and that is where hackers are focusing and that is where the money is. A more affluent community tends to use the iPhone,” says Varun Kohli, Skycure’s vice president of marketing. An increase in sophistication of iOS exploits is also a contributor too, Kohli notes.

Source: Skycure

iOS vulnerabilities, meanwhile, have surged dramatically this year, reaching 192 exploitable flaws – far exceeding the 161 vulnerabilities discovered during all of 2016, the report notes. And iOS vulnerabilities are expected to hit 643 this year, a four-fold increase over the previous year, Skycure projects. Android, in comparison, is expected to post a slight dip to 500 from 523.

The report is based on results found from mobile devices Skycure scans from its enterprise customers and also consumers who download its free app. Symantec will soon be able to leverage this capability, given the industry titan recently revealed plans to snap up Skycure.

iOS users overwhelmingly are attentive in updating their software compared to Android users. Nearly 91.4% of iOS users have migrated to iOS 10, compared to the roughly 20.8% of Android users running Android 7, according to the report.

But the proactive OS updates are not preventing the rise in malware and other problems for iOS users.

“Even if it is more patched than Android, malware is only part of the problem,” Kohli says. He pointed to three other threats mobile devices face, including physical loss of the device, WiFi network attacks, and vulnerability exploits.

Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada, July 22-27, 2017. Click for information on the conference schedule and to register.

 

Some of the threats Skycure has run across that exploit iOS include the XcodeGhost campaign via the App Store, AceDeceiver malicious app that uses an Apple-approved certificate, and the Yispecter campaign that uses an app loaded from a third-party app store.

Related Content:

• New Attack Threatens Android For Work Security
• 20 Million Mobile Devices at High Risk of Attack, Study Finds
• One iPhone In Every Large Company Infected With Malware
• IoT Security Incidents Rampant and Costly

 

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET’s … View Full Bio

Article source: https://www.darkreading.com/cloud/apple-ios-malware-growth-outpaces-that-of-android-/d/d-id/1329378?_mc=RSS_DR_EDT

A zero-day vulnerability dubbed Devil’s Ivy is discovered in a widely used third-party toolkit called gSOAP.

Millions of IoT devices relying on widely used third-party toolkit gSOAP could face a zero-day attack, security firm Senrio disclosed Tuesday, which dubbed the vulnerability Devil’s Ivy.

Senrio, which made the discovery when researching Axis security cameras, found the flaw in the communications layer of gSOAP, an XML web services development tool. gSOAP allows devices to communicate with the Internet.

This tool has been downloaded more than 1 million times and Genivia, which manages gSOAP, counts Microsoft, IBM, Adobe, and Xerox as its customers, according to Senrio’s blog post.

When looking into the Axis security cameras, Senrio discovered the vulnerability could allow hackers to remotely execute code in the camera and intercept video feeds, reboot the device, and halt filming to allow a crime to go undetected.

Read more about the zero-day exploit here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/cloud/zero-day-exploit-surfaces-that-may-affect-millions-of-iot-users/d/d-id/1329380?_mc=RSS_DR_EDT

Security pros expect to see more incidents like the Dow Jones leak, which exposed customers’ personal information following a public cloud configuration error.

A data leak at Dow Jones Co. exposed the personal information of millions of customers after a public cloud configuration error. This marks the fifth major public cloud leak in the past several months after similar incidents affected Verizon, the WWE, US voter records, and Scottrade.

This mistake compromised millions of customers’ names, account information, physical and email addresses, and last four digits of credit card numbers. It also affected 1.6 million entries in Dow Jones Risk and Compliance, a collection of databases used by financial companies for compliance with anti-money laundering regulations.

All of this information was left exposed in an Amazon Web Services S3 bucket, which had its permission settings configured to let any AWS Authenticated User download data using the bucket’s URL. Amazon defines “authenticated user” as anyone who has a free AWS account, meaning the data was available to more than one million users.

Chris Vickery, director of cyber risk research at Upguard, discovered the information was accessible to AWS authenticated users under the subdomain “dj-skynet” on May 30, 2017. Upguard informed Dow Jones of the unprotected repository, which was secured on June 6.

Dow Jones has confirmed 2.2 million people were exposed. Based on the repository’s size and composition, Upguard “conservatively estimates” up to four million people could have been affected, though it states duplicated subscriptions may account for some of the difference.

The publisher has “no reason to believe” any of the data was stolen, a spokesperson reported to the WSJ. Exposed information did not include full credit card numbers or login information that could pose a “significant risk” to customers or require notification, he said.

Security experts anticipate an increase in these types of leaks as more businesses move their data to the cloud and adopt different cloud services. Upguard calls this “an all-too-common” story that unnecessarily leaves customer data vulnerable to exploitation. Even if no threat actors accessed Dow Jones’ data, it’s clear how they could have done so.

“It’s a problem we’ve seen since these public cloud providers began offering their services to organizations, but has become infinitely more complex now that many organizations operate multi-cloud environments of their own,” says Dome9 CEO Zohar Alon.

While he expects Amazon will add more controls for companies to understand their exposure, businesses are responsible for knowing how their information is available online. Businesses moving data to the cloud will need to invest in tools to monitor its accessibility.

“We are seeing a lot of the ‘I can do it myself’ mentality when talking to large enterprises,” Alon says. Many organizations try to develop their own security teams internally when they lack the expertise to secure their information from increasingly sophisticated threat actors.

“As more and more enterprises adopt public cloud, they need to be aware that the difference between having their information private, versus publicly exposed, is simply the click of a button,” says Jason Lango, CTO of Bracket Computing.

After all, he adds, the public cloud is designed for sharing. Many core Amazon services are built to put more information on the Internet. The Dow Jones leak could have been the simple mistake of someone who misunderstood authenticated users, but the problem is actually a lot bigger than people are giving it credit for.

“The problem of complexity, enabling security around cloud infrastructure goes beyond S3 into other data assets stored in the cloud,” Lango says. Things like application images, or data volume snapshots saved for backup purposes, can be shared easily among Amazon accounts.

He advises security admins to ensure S3 controls are set appropriately and encrypt all enterprise data in the public cloud. The only way to maintain control over information is by encrypting it, he says, and only allowing decryption under very specific circumstances.

IT teams should also be thinking about how to separate responsibilities between people who set security policies and those who deploy workloads or administer cloud applications. The goal should be to maximize public cloud usage while maintaining control over their assets, he notes.

“This type of exposure is going to happen more and more,” says Lango. “I believe we’re only seeing the tip of the iceberg … enterprise adoption of public cloud is still in its early stages.”

Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada, July 22-27, 2017. Click for information on the conference schedule and to register.

 

Related Content:

• AWS S3 Breaches: What to Do Why
• New IBM Mainframe Encrypts All the Things
• 7 Deadly Sins to Avoid When Mitigating Cyberthreats
• Verizon Suffers Cloud Data Leak Exposing Data on Millions of Customers

Kelly Sheridan is Associate Editor at Dark Reading. She started her career in business tech journalism at Insurance Technology and most recently reported for InformationWeek, where she covered Microsoft and business IT. Sheridan earned her BA at Villanova University. View Full Bio

Article source: https://www.darkreading.com/cloud/dow-jones-data-leak-results-from-amazon-aws-configuration-error/d/d-id/1329382?_mc=RSS_DR_EDT

Rapid7 has acquired Komand with plans to integrate its orchestration and automation technology into the Insights platform.

Rapid7 has acquired Komand, a security orchestration and automation company, to address the need for automation as security threats increase and environments become more complex, the organization reported today.

Komand’s technology will be integrated into the Rapid7 Insight platform, which will be expanded to orchestrate and automate across security and IT operations. This is intended to help security teams struggling with resources to automatically detect and respond to risks with fewer people.

Some sample use cases for the automation and orchestration tech include malware investigation and containment, chat operations for addressing routine questions, and risk remediation and patching.

“The complexity of today’s security and IT ecosystems have put security and IT operations teams at a significant disadvantage when they need to respond quickly,” said Lee Weiner, chief product officer at Rapid7, in a statement. “By developing contextualized automation technology, we’ll be able to cut back the time it takes to respond to an incident—when minutes can mean the difference between a minor issue and significant compromise or loss.”

Read more here about Rapid7 and its acquisition.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/vulnerabilities---threats/rapid7-buys-security-orchestration-and-automation-firm-komand/d/d-id/1329379?_mc=RSS_DR_EDT

Web browser extensions, plugins, and add-ons are popular, and with good reason: they can add functionality, enhance productivity and improve security for users.

Particle for Chrome, originally called YouTube Plus, allowed users to customize the YouTube UI – but then in May, the developer reported problems they were having with maintaining Particle’s development and posted their news on GitHub.

For those of you that haven’t been following the events around YouTube Plus lately, the extension was placed on EOL (end of life) support due to the new YouTube layout being drastically different than the classic layout – demanding a complete rework of the extension – and my limited time to spare for working on the extension. On top of that the extension was also banned from the Chrome webstore with no reason given, a situation which led me to move the extension to Opera and drop Chrome once the new extension version is finalized.

Fortunately I was able to finally find a way to work around the complexity that is the new YouTube layout and I am currently working from scratch on a new and modular version of the extension just for the new layout, but this will still be a slow process.

Unfortunately, with all of this happening in such a short period of time a mess was generated. Because the Opera add-on store did not accept the YouTube name in the extension I had to change it to Particle, but I was planning on using that name for the new version of the extension and now I have this name collision on the Opera side if I try to keep the same name for a different version. Another issue that has raised is the repository itself, it is called Particle as well, but it is being used for the YouTube Plus name.”

Then on July 11, Particle’s developer announced that the Chrome extension has changed ownership.

The extension has been sold, but only the Chrome extension. Everything else remains intact and on life support.

I was approached with a business proposal to either run ads on the extension or sell it. My first reply was that no matter what conclusion the business could lead to, the users would have to be informed prior to the change and unrelated feature changes would have to be opt-in by default.

On the same day, users of the Particle extension were asked for two new permissions, “read and change data on websites visited,” and “manage apps, extensions, and themes”. Security-minded users were understandably concerned.

To the developer’s credit, they did do some research on the organization that had offered to buy the Particle Chrome extension before they sold it. They said:

I did research the entity that contacted me and found no warning signs, which is why I decided to trust it at the end.

I was assured that their services are Google compliant and, to a certain extent, they are, from what I have seen in their code, but the current changes are way, way ad aggressive. The extension also warns users of the new changes, but not how I wanted. Asking for new permissions is not the same thing as explaining why those are being requested and what changes the extension would contain. Also turning off the support tab was not a good sign.

It appears that Particle’s buyer asked the developer about a user data collection function. The developer said there wasn’t one. That should have been a warning sign. Why should an extension that simply enables users to change a web service’s UI collect user data?

So Particle for Chrome is now adware.

Let this be a warning to web browser extension users. Choose your extensions carefully, and check them every so often to make sure they haven’t acquired functions that could be malicious, such as acquiring unnecessary data or serving unwanted ads. Assuring that you have no malicious extensions is easier if you only use a few of them, and a lot more difficult if you use a dozen or more. Plus, having a large number of extensions can noticeably slow down your web browser’s performance by using too much memory.

Let this also be a warning to well-intentioned extension developers: if you’re going to sell your code to another party, be extra careful to make sure that they respect your users and don’t intend to turn your work into malware.

Follow @NakedSecurity
Follow @kim_crawley

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/0Ez1kUllvuA/

Friday afternoon, you shake your colleague’s hand one last time as they walk out the door, and with their exit, they transition from colleague to ex-colleague. The ex-employee has severed their relationship with the company – or have they?

A recent survey conducted by One Login shows us the gap between intent and action remains wide for many when it comes to removing former employees from the company’s network. For the survey, they interviewed 500 US-based IT department employees (who were non-managers) with “responsibility for the creation and deletion of employee logins in-house, and either manages logins, or is responsible for their creation”.

What they found surprises few of us. A full 48% of the respondents “are aware” of ex-employees who retain access to the corporate infrastructure or portions of it after they have left. Some for a day, others for a week, and, according to One Login, the longest period between departure and removal of access identified to them by a respondent was “months”.

Why should you care?

While the vast majority of ex-employees move on and never look back, there is an active minority who do reach back into their former place of work and wreak havoc.

This was the case of Navarro Security who had one of its former employees, using off-the-shelf tools, destroy their company files, redirect the company website to a competitor, and sow doubt among customers and colleagues.

Then there was the tale of the Dutch developer who maintained administrative access to his clients e-commerce websites, long after this contract work was concluded. Yes, his clients failed to remove him from access, which he used the access to install back doors and harvest data. He successfully compromised 20,000 email accounts of both individuals and companies.

Or the case of Verelox, who had an ex-IT admin reached in and caused the Dutch hosting company many moments of high anxiety. It appeared he had destroyed data and cleaned servers (apparently backups saved the company that day).

And the icing on the cake? The survey showed a full 20% of the respondents have experienced data breaches by ex-employees.

How does this happen?

Manual deprovisioning isn’t easy. Sometimes it can take up to an hour to conclude (70%), and the longer an employee has been with an organization, the harder it becomes to remove all the corporate access (66%). This investment of time and energy required for deprovisioning provides us with ample incentive to bring automation to the task.

We read with regularity how far too many companies have seen employees harvest intellectual property before they leave to take with them for their next gig. Why make it easy for them to reach back in and get what they forgot? Timely deprovisioning is key.

In a perfect world, centralized credential authority for employee access would be in place, with the ability to instantaneously terminate an individual’s access with the push of the big red button. Companies small and large benefit from having an SIEM (security information and event management) solution in place to show when that ex-employee attempts to return. No company is immune, as size has no role in the world access control.

Follow @NakedSecurity
Follow @burgessct

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/Tc22EIMmEgg/

+Comment An Australian computer scientist working in Thailand has offered his contribution to Australia’s cryptography debate by creating a public-key crypto demonstrator in less than a day, using public APIs and JavaScript.

Brandis.io not a useful encryption implementation (the site itself says as much), but is a useful public education exercise.

By using the WebCryptoAPI, author Dr Peter Kelly has implemented end-to-end crypto in just 445 lines of JavaScript code.

As Kelly writes at GitHub, “Brandis does not implement encryption itself; instead, it relies on the Web Cryptography API provided by your browser, and simply exposes a user interface to this API that enables its use by non-programmers.”

Hence its smallness: the cryptography is already out there, in the form of straightforward calls to public APIs: there’s more JavaScript devoted to screen furniture than to generating public and private keys, or encrypting/decrypting the messages.

Dr Kelly’s Brandis.io crypto demonstrator

As Kelly told Vulture South: “I spent way more time on [the presentation] than I did on the crypto-using code. Picking a colour scheme took longer than writing the code for generating a public/private key pair.”

Kelly warns visitors to the site not to treat this as a messaging platform: “Brandis is primarily intended as a demonstration; it was put together in less than a day. For real-world usage, we recommend more established software such as GnuPG.”

By the way, if you decide to try Brandis.io, note that its current message size limit is 190 characters. Kelly’s investigating why that’s so. ®

+Comment: Vulture South notes that kelly’s efforts only addresses one part of the debate the Australian government ignited when its Attorney-General George Brandis fired the latest shot in what’s being colloquially called “CryptoWars 2”. The other half is device security.

A common critique levelled at those who resist the idea of governments undermining encryption (the so-called “war on mathematics”, highlighted when Prime Minister Malcolm Turnbull unhelpfully quipped that Australia’s laws will prevail over he laws of mathematics) is that they’ve got the wrong end of the stick, because messages could be recovered by means that don’t attack encrypted messages in transit, but rather while they’re at rest – for example, by recovering messages as stored on devices like iPhones or Androids.

First, it’s worth keeping in mind that the government itself drew attention towards strong encryption, with its complaint that singled out specific end-to-end encrypted applications, and its promise to get platform-makers to co-operate (as well as device vendors).

More importantly, however, the argument that an endpoint compromise is okay ignores history. Whether it’s the sloppy IoT security let the Mirai botnet hose big servers or the leaked NSA tools that let loose ransomware rampages, or the DNS Changer malware attack that began in 2006, there’s ample evidence of the danger posed by insecure endpoints.

“You can’t have security if you have insecure endpoints” was first expressed to this writer in the 1990s, and it’s still true. We can’t redirect concerns about weak cryptography by saying “you can still have strong crypto, if vendors will make weak devices”.

Even the NSA couldn’t keep device exploits secret, after all. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/07/17/encryption_with_apis_and_445_lines_of_js/

Analysis A study aiming to raise the profile of cyber insurance claims that cloud outages and ransomware outbreaks on the WannaCry scale could cost companies $81.7bn – more than natural disasters like 2012’s Hurricane Sandy. That’s an awful lot of money, but wait – before you fish out the wallet – how did the authors arrive at these numbers?

Cyence, a cyber-risk analytics platform, and Lloyd’s of London, the world’s largest insurance market, said they “collaborated with a team of economic modellers and experts from the cybersecurity and cyber insurance industries” in the hope that their findings will move the industry as a whole toward a “standardised approach of measuring cyber risk”.

The research process accounted for everything from commonly adopted technologies used across industries to non-technical factors that vary widely like people and processes. Additionally, underwriters from the Lloyd’s Market Association participated in a series of workshops to provide feedback and identify implications for the emerging cyber insurance industry.

Cyence reckons global losses from WannaCrypt will come out at $8bn compared to $850m from the NotPetya ransomware. Both outbreaks were enormously disruptive. However, Durex maker Reckitt Benckiser alone said it would take a $100m immediate hit from the combined effects of lost sales due to NotPetya and an Indian Sales tax.

Considering that NotPetya also affected shipping giant Maersk, advertising colossus WPP and US couriers FedEx, losses of $850m look low while the WannaCry figures appear inflated. “I don’t think there were more than 1m computers infected so this would mean an average cost of more than $8,000 per infected PC,” said Martijn Grooten‏, editor of industry journal Virus Bulletin. “Even with a long tail of a small number of infections that cost a lot, I find this figure rather implausible.”

Two months ago Cyence reportedly pegged WannaCry losses at $4bn, an estimate that had doubled by the end of May. Confusingly, Cyence itself suggested NotPetya might be bigger than WannaCry in the immediate aftermath of the attack earlier this month.

Estimating cyber losses is an inexact science, as El Reg has said before. How can anyone assess the global cost of cyber disruption when even individual victims are unsure about losses? The best you are going to get is an educated guesstimate dressed up as something definitive. Some experts argue it would be better for individual companies to focus on their own risk assessment.

David Emm, principal security researcher at Kaspersky Lab, commented: “These are big numbers, but they don’t mean much unless terms such as ‘serious cyber attack’ are quantified. How can we assess the global cost of an attack? It could mean anything from a temporary interruption of service to the takeover of customer systems – with very different costs.

“It’s important for companies to conduct their own risk assessment and develop a strategy that’s designed to secure corporate systems and mitigate the risk of an attack on those systems.”

Cyence and Lloyd’s said the report was “designed to deepen insurers’ and risk managers’ understanding of cyber risk exposure to improve portfolio exposure management, set appropriate limits and expand confidently into this quickly growing line of insurance”. Go figure. Lloyd’s estimates the global cyber risk market is worth between $3-3.5bn.

Protection against all threats is not a realistic goal so more clued-up businesses are adopting a risk-mitigation approach involving developing incident response capability as well as taking out cyber insurance.

The report ran the numbers on two devastating cyber calamities. In the first scenario, a group of “hacktivists” set out to disrupt cloud service providers’ infrastructure to draw attention to the environmental impacts of cloud-based businesses. The group inserts a malicious modification to an infrastructure’s code that can be exploited to trigger system-wide failures, leading to widespread service and business interruption. Cyence estimated global losses from such an event at $53bn in just two to three days.

In the second case, human error causes a zero-day vulnerability in widely used software to leak. Details are purchased on the dark web by criminals who develop exploits and target vulnerable businesses for financial gain. Cyence estimates losses from such an attack could work out at $28.7bn.

Only a small portion of these losses are currently insured, Cyence said. In the cloud services scenario, less than 20 per cent would be covered, while less than 10 per cent of the losses in the mass-vulnerability scenario would be covered. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/07/18/cyber_calamity_costs/

More roboats and autonomous flying machines will be tested around the Solent after a consortium of companies was handed £1.5m to set up a drone test range.

The idea is to use one of Britain’s most sheltered sea areas for testing robot boats and air vehicles. Nestled between Southampton and the Isle of Wight, the Solent has all the features of a busy sea area – big commercial ships, warships, weekend yacht sailors, high-speed hovercraft – while not being a million miles out to sea.

“The Solent area has a growing number of world-class organisations operating in the autonomy sector and we are excited to be working with ASV, Blue Bear, MES, SeeByte and the University of Southampton to launch this concept this week,” said the head of technology at BAE Systems’ Combat Systems division, Frank Cotton, in a canned quote.

It is anticipated that the full test service will go live later this year. A “secure maritime communications network” and a command and control centre using “the same technology BAE Systems provides to Royal Navy warships” will be at the heart of the testing centre.

James Scanlan, professor of design within engineering and the environment at the University of Southampton, said in a supporting canned quote: “The autonomous test range represents a huge step forward in being able to bring technology from the laboratory to realistic testing and exploitation.”

£457,000 of the funding for the test area comes from the Solent Local Enterprise Partnership.

As the UK’s commercial drone sector grows, finding enough space to safely test both the vehicles and their sensors is a challenge. Suppliers to the government have no problem with this – they just ask the MoD if they can borrow some of the vast chunks of the British Isles that are reserved for military training. The civilian sector, however, has had – until now – to make do with whatever areas it can find.

One of the firms involved in the test range, ASV Global, was featured on El Reg last summer. Though its current fleet is more “tele-operation” than true AI, in the words of its MD Dan Hook, the firm does reckon that, technologically, their craft are capable of circumnavigating Britain while being controlled from their HQ.

BAE Systems has also been looking for a slice of the roboat pie, as well as expanding into airborne drones. At the Royal Navy’s annual Unmanned Warrior exercise, the giant defence supplier turned up with a Pacific 950 rigid inflatable boat to which it had fitted autonomous navigation capability. The idea is to use roboats as a means of extending warships’ sensor capabilities and to reduce the risk to human life in operations such as mine clearance.

Not all went completely smoothly at Unmanned Warrior. At least one flying drone was lost overboard from a civilian testbed ship after its operator made a mistake during takeoff and accidentally commanded it to backflip into the icy waters of the Minch, off Scotland’s Atlantic coast. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/07/18/drone_testing_range_solent/