Ransomware, a cyber scourge that appears on the verge of intensifying, poses an increasingly dire threat to small- and medium-sized businesses (SMBs) in 2016.
In a ransomware attack, victims are prevented or limited from accessing their systems. Cyber criminals attempt to extort money by first using malware to encrypt the contents of a victim’s computer, then extracting a ransom in exchange for decrypting the data and allowing the victim to regain access.
Until now, most attacks have targeted consumers and, to a lesser extent, businesses working on Windows platforms.
That’s about to change. Security experts caution that small- and medium-sized business owners and users of non-Windows platforms can expect to be increasingly targeted in attacks that seek to extort money from them via sophisticated ransomware tools.
Experts say many of the malicious campaigns will likely be carried out by opportunistic attackers and newbie extorters trying to take advantage of inexpensive do-it-yourself ransomware kits that are beginning to become available in underground markets.
Estimates about the cost to victims from more widely used ransomware tools like CryptoWall and CryptoLocker range from tens to hundreds of millions of dollars.
Now, analysts are concerned that cyber criminals are on the verge of widening the scope of their attacks. Last month, researchers at security vendor Emsisoft analyzed Ransom32, a malware tool many believe is a harbinger of things to come on the ransomware front.
Fewer are immune to attack
“Ransom32 is one-of-a-kind in that it’s cross-platform, which alone increases the targets for the malware authors,” Guruswamy says. “Since the underlying Chromium interpreter is cross-platform, this allows Ransom32 to target users across all of the (operating systems) and devices in one go. This is the worrisome part.”
Significantly, the authors of the malware appear to have adopted a ransomware-as-a-service model in their distribution approach. Ransom32 is available via a hidden server on Tor to anyone with a bitcoin account.
The malware does not require any specific skills to operate, and it comes with a management interface that the attacker can use to customize ransom messages and specify the ransom amounts. The interface supports a feature that lets the authors of Ransom32 track how much money is being collected via the tool and lets the authors take a 25% cut from the total.
DIY kit for bad guys
Ransom32 is the second publicly disclosed ransomware in recent months that is being distributed as a do-it-yourself kit in the cyber underground. The first was Tox, a malware tool discovered by a researcher at Intel’s McAfee Labs that, like Ransom32, was distributed via Tor to anyone interested in launching a ransomware attack.
“Ransomware as a service is an increasing and worrisome trend,” says Fabian Wosar, a security researcher at Emsisoft. “Fortunately, most schemes are of poor quality, but the people writing these types of frameworks are learning.”
Each time a security vendor finds a weakness in a ransomware tool, the threat actors figure out what mistakes they are making and plug it immediately, Wosar says.
Going forward, expect to see the emergence of tools like Ransom32 and trends like ransomware-as-a-service pose a bigger threat for businesses, especially the small and medium ones, which generally don’t have the same resources that large companies have to defend themselves.
Lately, there have been an increasing number of reports about company servers being attacked directly through the Remote Desktop Protocol (RDP) that is used to remotely administer and manage systems.
SMBs have limited defenses
“Most SMBs don’t have the budget to employ their own in-house IT staff,” Wosar says. “As a result, a lot of them employ outside companies to take care of their IT infrastructure, and these companies often use remote control tools like RDP to administrate the network and server [remotely].”
One result is that a lot of SMBs are exposed to attacks that take advantage of weakly protected remote control interface to gain access to internal systems and data. Wosar says that in such situations it is just a matter of time before an attacker stumbles on a critical server and hijacks it for ransom.
Because the attackers typically gain access to the server itself, they also can turn off any security software that might be installed on it, and they become virtually undetectable in the process. All that is left behind is usually a note that informs the admin about the hack, with a means of communication to negotiate the price.
There already has been an increased interest from cyber criminals in specifically targeting companies, largely because of the potentially bigger payouts involved, says Christian Funk, who heads Kaspersky Lab’s global research and analysis team in Germany.
“A business is depending on its digital assets and, therefore, often more willing to pay the ransom,” Funk says. “There have been cases where cyber criminals noticed that a company has been successfully infected and, therefore, the criminals decided to charge up to eight times the original ransom. I suspect such methods, as well as targeted attacks, are likely to increase in future.”
This article was written by Third Certainty’s Jaikumar Vijayan.
I can’t stop thinking about algorithms. I am obsessed, and I want to tell you why.
Let’s be clear: I am not a data scientist. I am a guy who finds technology and applications of technology fascinating. I am not writing this for technology nerds. I am writing this for professionals who want a working knowledge of technology.
If you are reading this, then you understand computers. A computer is nothing more than rules programmed by a human. Those rules are then executed and create an output.
But algorithms are so much more; they are breathtaking. An algorithm is a computer writing its own rules and then creating output from those rules.
It’s easy to focus on the scary part of algorithms. In the Avengers movie, a super algorithm results in a machine – Ultron – bent on destroying the world. I will leave those scenarios to the Elon Musks of the world.
Algorithms are already being used in the insurance industry. Take a look at CoverHound or PolicyGenius; the algorithms behind these applications quote personal lines of insurance based on your needs.
How algorithms work (and why they are awesome)
Again, I am not a data scientist, but here is my simple explanation of how most if not all algorithms are created:
1. Create a seed set.
First, you identify a seed set, which is the core learning that is taught to the algorithm. Yes, that’s right, even a computer algorithm has to be taught something from a human! For example, with the Facebook algorithm, I’m almost certain that the algorithm was first fed a giant spreadsheet that contained information about individuals and how they were connected (you do know your data created Facebook, Google and every other big data company you can think of, right?).
2. Feed the seed set to the algorithm.
The algorithm then reads all of the information it is fed and starts making its own rules. For example, the Facebook algorithm may determine: “Oh, I see, Jimmy likes Teenage Mutant Ninja Turtles, and he is connected with Bobby from the same city, and Bobby also likes Teenage Mutant Ninja Turtles. I bet Jimmy also knows Steve from the same city who also has a love for Donatello. They should connect.”
3. A human reviews the results.
A human (see, you are still needed!) then reviews the output of the application of the algorithm rules. In the Facebook example, a human might determine if Jimmy and Steve should actually connect on Facebook. Maybe they are part of rival gangs, and the algorithm didn’t recognize this. The human would then add this data to the spreadsheet and feed it back to the algorithm.
4. The algorithm rules are improved based on new input.
The algorithm creates rules to account for the new information. “Don’t connect rival gang members even if they live in the same city and like the Teenage Mutant Ninja Turtles.”
5. Steps three and four continue indefinitely.
Now stop for a second and think about all the rules that are built up in your head about people you connect with. Maybe you prefer to hang out with people who brew beer or read Harry Potter. There are literally hundreds of millions of personal preferences that human beings use to associate with people.
What if you could store all of those preferences and use them to connect people?
Algorithms are good for insurance workers
Now think about your work and all the stuff you know and all of the stuff your colleagues know. What if all of that information could be fed into an algorithm and used to create rules. You could then use those rules to more quickly do your work.
But what happens if software starts doing repetitive tasks previously done by humans? I believe humans find new ways to be productive. And, I believe history supports my theory. But that’s a blog post for another day.
I will leave you with two questions.
What repetitive tasks do you despise?
Wouldn’t it be great if you could offload these tasks to a computer?
Two thirds of employees in industrialized countries use a computer on a daily basis. One in five interact with a computer at least 3/4 of the total work-time1. This usage of the technology ushered in an epidemic of work related ailments known as musculoskeletal disorders (MSDs). They are also known as repetitive motion disorder (RMD), repetitive motion injury (RMI), repetitive strain injury (RSI), ergonomic related disorder (ERD) and cumulative trauma disorder (CTD).
Though these disorders may as yet not be household terms, the patent effects of substantial computer use reveal themselves in terms of increased morbidity and declining productivity. In short, in the absence of ergonomic practices, employee efficiency in the American workplace takes a substantial hit.
In fact, according to the United States Bureau of Labor and Statistics (Chart 1), the prevalence rates for these types of disorders increased 1200% from 1982 to 1994 for all standard industry codes; however, those who employed good ergonomic safety management strategies enjoyed a 27% decline through 2000. Even though the rate reached a plateau for office or knowledge workers (computer workers) the wane may have occurred as a result of skewed interventions (e.g., training, workspace design and layout, equipment and accessories, work organization, etc.)2.
In addition, according to the Liberty Mutual Workplace Safety Index, injuries due to repetitive motion disorders from using computers were the #4 cause of work injuries in 2001 and 2002. The bottom line? A $2.8 billion price tag in 2002 for haphazard ergonomics3.
The Good News
According to OSHA, work related musculoskeletal disorders are the most prevalent, most expensive, and most preventable injuries in the American workplace today 4. The Center for Disease Control and Prevention's Injury Control Division reveals that injuries follow the same principles as infectious diseases and are just as predictable and therefore, just as preventable5.
Historical Sketch Of Computer Usage
Twenty years ago, computer workstations typically adjusted easily; however, they were relatively uncomfortable. Over time, they have morphed into rather complex devices with myriad levers and buttons that allow an uneducated user too many options for damage. Position (user may sit or stand), chair interfaces that move in multiple directions, numerous viewing angles of the monitor and fancy keyboard constructions that are split in half and look like accordions supply bells and whistles that may end up delivering harm unless organizations provide training. For those in the know, today's desktop computer were not necessarily designed to cooperate with the body; the user's natural alignment and paths of motion need not become contorted or required to engage in movements that never were designed to become repetitive nor prolonged. Modern fixed computer workstations beg accommodation to the body's motion flow.
Unfortunately, just when we are getting accustomed to our cubicles and other workstation environments, and are making gains in users' ergonomic awareness, some large computer companies have stopped making these computers and amazingly, are forecasting the death of the personal computer. Over the last 10 years, advances in technology have brought us a smorgasbord of new miniaturized devices or gadgets that provide us with faster communication — in essence what amounts to a handheld mobile computer workstation. Ironically, with this enhanced portability comes additional risk exposure for injury, particularly for the hands and neck.
These smaller devices foster awkward postures such as hands twisted into claws, and unnatural neck and shoulder angles — in short, resulting in increased discomfort and less than-efficient performance6. The root cause appears to be poor design — keyboarding areas, pointing devices (mouse) and a monitor-to eye interface that work together to produce a non-accommodating interactive work station. In particular, laptops (notebooks), tablets, I-phones and various PDAs unwittingly draw an unaware user into muscular and skeletal distortions.
Are the gadgets themselves to blame? Arguably, what is most important is the method by which we interact with them: the duration of exposure (how much is too much?), work organization and flow-process stress that occurs at less-than-optimal locations for usage. For example, many users must often conduct business in places such as coffee shops, airport waiting areas, planes, trains, and automobiles — places not designed for anyone to remain effectively postured.
Several primary physical risk and causation factors come into play between the computer user and all computer workstation environments, whether large or small. Three interfaces must be negotiated: the support interface (chair and floor), the manual interface (keyboard and mouse) and the monitor interface (distance from user, luminance, height). In addition to physical risk factors, behavioral variables commonly emerge: individual keyboarding and mousing techniques and style, excessive work pace without a break, prolonged sitting, and awkward forward head and wrist postures complicate the risk. What should be done about this trend?
The Spectrum Of Prevention
Fortunately, there are several easy-to-use methods to implement an effective ergonomics program. Once incorporated, they have prevention potential. A good ergonomics program can minimize computer-related musculoskeletal disorders by utilizing a more proactive and comprehensive approach to the potentially disabling conditions computer users in various workplace settings encounter. The answer lies in numbers.
It has been well documented that an integrated model of ergonomics safety management is critical for developing a healthy, effective workforce provided the company emphasizes a grassroots participatory approach in order to maximize collaboration and communication. The first step is to dedicate an ergonomic team. A successful group should comprise: an ergonomist, risk manager or loss control specialist, health service provider, company management representative (e.g., human resources, CFO, general manager, etc.), and a pre-designated employee ergonomics team trainer (leader)7.
This model efficiently capitalizes company resources and makes the best use of opportunities for surveillance and behavior change. It has been particularly effective in various organizations where the majority of employees consist of office and biotechnical workers typically tethered to their desktops 4-16 hours; all the while engaging in forceful/repetitive/awkward keyboarding and mousing whether interacting with desktop computers or hand-held devices. This extended risk exposure without appropriate rest cycles invites subsequent unwieldy neck and constrained back postures. The inevitable result? Discomfort at best or an actual recordable MSD at worst.
Nevertheless, these disorders have been shown to respond significantly to surveillance and behavioral change interventions such as job-task-specific ergonomics team training that provides information about strategies to maintain neutral work postures and movements when interacting with computers (Table 1).
Table 1: Team Intervention Recommendations
Have A Seat
While adjusting your chair, make sure that you are sitting on the seatpan.
Maneuver the backrest so it supports the low back curve and the shoulder blades at a 90 -105 degree angle (upright and lever should be located at very back of chair on the right or ratcheting it up and down for the Office Masters).
When keyboarding, recline to 120 degrees for surfing the net or telephoning and decline at 60 – 90 degrees for writing.
Use sit-to-stand options (available now for alternating 30 minutes standing and 30 minutes for sitting).
Watch Your Hands
While keyboarding/mousing, keep your arms, wrists and hands in a neutral work posture, as if playing a piano.
Avoid flexing wrists downward, sideways or extending upwards.
Place hands on lap or armrest when paused or resting.
Wrist rests are to be used when resting only!
Feast Your Eyes
Rest your eyes by placing hands in your lap for 30 seconds while looking away from your screen at another object 20 feet away. Repeat every ten minutes, as you really do deserve a break today … a small one now will give your body a big one later!
Ring A Bell
Consider installing software that reminds you to take short breaks every 10 -15 minutes. While seated, stretch hands, neck and shoulders using helps such as the ForgetMeNot Online Reminders that can be found at the following link www.remedyinteractive.com> (microbreaks).
Stretch Your Day
Get up from your desk or table and walk to the water cooler or perform some simple stretches near your workstation at least once every 50 minutes or so (macrobreaks) that can be found at the following link www.netergonomics.net (wallet-sized stretching cards).
Pay close attention to head posture. Draw an imaginary line so that it begins at the top of your head, extends over your ear to the shoulder, ending at the hip.
Head posture should be maintained suspended, like a puppet, with an imaginary line drawn from the top of head, over the ear, aligned directly over the shoulder and hip as viewed from the side. This avoids forward head posture or craning (for every inch the head moves over the shoulder, the neck bears 30 additional pounds of pressure per square inch … yikes!
No Foot Faults
Plant feet firmly on the floor at a 90-degree angle to the knees.
Avoid resting feet on the pedestals of the chair.
Order a footrest if you are less than 5'2″ or have a medical condition that elicits edema (swelling) in the legs/feet. See www.ergoanywhere.com.
Place your computer monitor/monitors directly in front of you at an arm's length away or 18 – 28 inches with the top of the screen or tool bar at your eye level.
Tilt the screen back 15 degrees, much like you would hold a book you are reading (unless you use bifocals/trifocals-then lower it slightly).
Make sure you have had an eye exam within the last year.
There are specialized accommodation products for mobile computer laptops, tablets, e-readers and smart phones found at www.ergovue.com that will make life a little easier while on the go!
Make It Happen
Communicate with clients in easy-to-understand messages.
Underscore the benefit to both the worker and the company that employs these practices.
Emphasize the long term effects of increased production, increased efficiency, and improved personal health.
Utilize specific and customized approaches such as the OccuCom Ergonomic Team Training Program package that is available at www.netergonomics.net, which also provides Cal-OSHA and Fed-OSHA compliance.
If your employees are experiencing any discomfort, have them contact their supervisor or designated ergonomics-team leader for a possible ergonomic evaluation of their workstations. Also, these same principles and practices will apply to employees with material-handling tasks of transferring mail, printed materials, folders, bins, etc. in the office area. Any employee whose tasks include lifting should be trained to use correct lifting postures, personal protective equipment, and employ stretching and strengthening recommendations for maintaining neutral work postures, especially in the wrists, shoulders, and low back.
Moreover, as ergonomists, health and safety professionals, human resources personnel, loss control and risk managers, and managers of various workplace settings, we must provide a solution to the question of how much exposure for those workers interacting with various computer devices is too much. Employees who must use a workstation are ever exposed to potential harm through extra strain or forces from the repetitive motions and awkward postures while keyboarding mousing, or staring at a monitor screen for hours on end. Further, we must be on the lookout for the important question in terms of what is good ergonomics vs. voodoo ergonomics. We must be adept at identifying the potential smokescreens of unsuccessful products and advice given to companies with real problems in their workplace. White collar environments are especially at risk for unqualified vendors … be careful out there when selecting an intervention program8.
1 Brandt, LP. Neck and shoulder symptoms and disorders among Danish computer workers. Scand J Work Environ Health 2004, 30:399-409.
2 Sherrod, C. Johnson, D. The modulation of upper extremity musculoskeletal disorders in a knowledge worker population with chiropractic care and ergonomics. ACC-RAC Washington, DC. Journal of Chiropractic Education, 58;2007.
3 Liberty Mutual Safety Index of 2002. Liberty Mutual Insurance Company Seminar. 2003.
4 Sherrod, C. The relationship between an ergonomics team training program and the compression of repetitive motion injuries in a bus operator population. ErgoCon Conference Proceedings, 4; 2000.
5 Cotton, P. Preventive medicine extends to injuries, too. Journal of American Medical Association 1990, 263:19-2097.
6 Korkki, P. So many gadgets, so many aches. New York Times. 2011; 12.
7 Sherrod, C. The relationship between an ergonomics team training program and the compression of repetitive motion injuries in a bus operator population. ErgoCon Conference Proceedings, 4; 2000.
8 Chong, I. Prioritize office workstation goals and watch out for voodoo ergonomics. Occupational Health and Safety. 1993, pg. 55-57.