The day after: world-wide cyberattack has companies and institutions scrambling

What is it?
Attackers, using a tool allegedly stolen from the U.S. National SecurityAgency, took advantage of flaws in Microsoft Windows systems to spread malware around the world on Friday. The “ransomware” encrypts files, effectively hijacking computer systems, and demands money, in the form of bitcoin, in exchange for decrypting them. Microsoft Corp. had issued a fix, or patch, for the flaw on March 14.

How big is it?
Kaspersky Lab, an antivirus vendor, said it has tracked 45,000 instances of the attack, dubbed WannaCry, in 74 countries around the world, mostly in Russia. Other hot spots include Ukraine, India and Taiwan. Computer security experts say, however, the virus’s spread has been contained by the actions of a private security researcher who found a “kill switch” inside the virus.

Who has been hit?
Victims include Britain’s National Health Service, FedEx Corp., car makers Nissan Motor Co. and Renault SA, Germany’s biggest train operator as well as Russian banks. China state media reported early Saturday that some gas stations and universities have been affected.

Has anyone paid the ransom?
It is impossible to say. Screenshots of affected computers indicate hackers are asking for as little as $300 in bitcoin from affected users. The chief data officer at Telefónica, a Spanish telecom provider hit by the virus, said in a personal blog post that a bitcoin account associated with the attackers shows they haven’t “achieved much real impact.” That account had received only 25 payments by midafternoon Saturday in Europe. It is very likely though that the attackers used many accounts. U.K. Home Secretary Amber Rudd told the British Broadcasting Corp. that the government has advised the NHS not to pay.

https://apple.news/AKF-mEQ9GTWGfgHb8_ke9bA

WannaCry

A cyber-attack that hit organisations worldwide including the UK’s National Health Service was “unprecedented”, Europe’s police agency says.
Europol also warned a “complex international investigation” was required “to identify the culprits”.
Ransomware encrypted data on at least 75,000 computers in 99 countries on Friday. Payments were demanded for access to be restored.
European countries, including Russia, were among the worst hit.
Although the spread of the malware – known as WannaCry and variants of that name – appears to have slowed, the threat is not yet over.
Europol said its cyber-crime team, EC3, was working closely with affected countries to “mitigate the threat and assist victims”.
In the UK, a total of 48 National Health trusts were hit by Friday’s cyber-attack, of which all but six are now back to normal, according to the Home Secretary Amber Rudd.
The attack left hospitals and doctors unable to access patient data, and led to the cancellation of operations and medical appointments.
Who else has been affected by the attack?
Some reports say Russia has seen more infections than any other country. Banks, the state-owned railways and a mobile phone network were hit.
Russia’s interior ministry said 1,000 of its computers had been infected but the virus was swiftly dealt with and no sensitive data was compromised.
In Germany, the federal railway operator said electronic boards had been disrupted; people tweeted photos of a ticket machine.
France’s carmaker Renault was forced to stop production at a number of sites.
Other targets have included:
■ Large Spanish firms – such as telecoms giant Telefonica, and utilities Iberdrola and Gas Natural
■ Portugal Telecom, a university computer lab in Italy, a local authority in Sweden
■ The US delivery company FedEx
■ Schools in China, and hospitals in Indonesia and South Korea
Coincidentally, finance ministers from the G7 group of leading industrial countries had been meeting on Friday to discuss the threat of cyber-attacks.
They pledged to work more closely on spotting vulnerabilities and assessing security measures.
Read more:
‘I was the victim of a ransom attack’
Who has been hit by the NHS cyber attack?
Explaining the global ransomware outbreak
A hack born in the USA?
How did it happen and who is behind it?
The malware spread quickly on Friday, with medical staff in the UK reportedly seeing computers go down “one by one”.
NHS staff shared screenshots of the WannaCry programme, which demanded a payment of $300 (£230) in virtual currency Bitcoin to unlock the files for each computer.
The infections seem to be deployed via a worm – a program that spreads by itself between computers.
Most other malicious programs rely on humans to spread by tricking them into clicking on an attachment harbouring the attack code.
By contrast, once WannaCry is inside an organisation it will hunt down vulnerable machines and infect them too.
It is not clear who is behind the attack, but the tools used to carry it out are believed to have been developed by the US National Security Agency (NSA) to exploit a weakness found in Microsoft’s Windows system.
This exploit – known as EternalBlue – was stolen by a group of hackers known as The Shadow Brokers, who made it freely available in April, saying it was a “protest” about US President Donald Trump.
A patch for the vulnerability was released by Microsoft in March, which would have automatically protected those computers with Windows Update enabled.
Microsoft said on Friday it would roll out the update to users of older operating systems “that no longer receive mainstream support”, such Windows XP (which the NHS still largely uses), Windows 8 and Windows Server 2003.
The number of infections seems to be slowing after a “kill switch” appears to have been accidentally triggered by a UK-based cyber-security researcher tweeting as @MalwareTechBlog.
But in a BBC interview, he warned that it was only a temporary fix. “It is very important that people patch their systems now because there will be another one coming and it will not be stoppable by us,” he said.
‘Accidental hero’ – by Chris Foxx, technology reporter
The security researcher known online as MalwareTech was analysing the code behind the malware on Friday night when he made his discovery.
He first noticed that the malware was trying to contact an unusual web address but this address was not connected to a website, because nobody had registered it.
So, every time the malware tried to contact the mysterious website, it failed – and then set about doing its damage.
MalwareTech decided to spend £8.50 ($11) and claim the web address. By owning the web address, he could also access analytical data. But he later realised that registering the web address had also stopped the malware trying to spread itself.
“It was actually partly accidental,” he told the BBC.
Blogger halts ransomware ‘by accident’

CI Begins Preparing For Proposed Engineering Program

A university on the South Coast is preparing for a new engineering program it hopes to have in place within the next two years.Cal State Channel Islands in Camarillo proposed to launch an engineering program last summer. University officials say they’re still awaiting final approval from the CSU Chancellor’s Office, but they expect to get a green light soon.

So, they’ve begun the planning process for a program focused on mechatronics, which is a combination of mechanical and electrical engineering.

“The animation of mechanical devices by software” said Michael Soltys, chair of the Computer Science Department, which mechatronics will be housed under.

He said few engineering programs have an emphasis in this field.“We’re thinking of starting mechatronics with small robotic mobility, like drones, like underwater robots. Robots that move, that walk, that drive,” he said.

The university has begun hiring faculty and designing courses. The goal is to start the engineering program in the fall of 2018 with 24 students.

Source: South Coast University Begins Preparing For Proposed Engineering Program | KCLU

Rasputin whips out large intimidating tool, penetrates uni, city, govt databases – new claim • The Register

SQL injection has been around since databases first appeared on the internet. When a web app allows anyone to pass data straight into database queries without that input being rendered safe through sanitization and filtering, that’s a SQLi vulnerability right there. This kind of bug can be exploited to command the database to do things – such as cough up all of its contents – that the web application should prevent from happening.

Source: Rasputin whips out large intimidating tool, penetrates uni, city, govt databases – new claim • The Register

Rebuild our defenses for the information age – AEI

The Defense Department still uses 8-inch floppy disks and computers from the 1970s to coordinate nuclear forces, according to a report last year from the Government Accountability Office. Many of the Pentagon’s communications systems are so vulnerable to sabotage that the Army and Navy regularly practice fighting without them. Satellites can be shot down by missiles or have their sensors dazzled by lasers. Their ground links can be jammed or hacked.

Dale Hayden, a senior researcher at the Air Force’s Air University, told an audience of aerospace experts earlier this month that proliferation of antisatellite technology has put America’s communications networks at risk. “In a conflict, it will be impossible to defend all of the space assets in totality,” he said. “Losses must be expected.”

It has never been easier for America’s adversaries—principally Russia and China, but also independent nonstate actors—to degrade the U.S. military’s ability to fight and communicate. Senior military officials have expressed grave doubts about the security of the Pentagon’s information systems and America’s ability to protect the wider commercial virtual infrastructure.

Source: Rebuild our defenses for the information age – AEI

A new paper on normalization of inconsistency indicators

A new paper: On normalization of inconsistency indicators in pairwise comparisons, by W.W. Koczkodaj, J.-P. Magnot, J. Mazurek, J.F. Peters, H. Rakhshani, M. Soltys, D. Strzałka, J. Szybowski and A. Tozzi.

Abstract: In this study, we provide mathematical and practice-driven justification for using [0,1] normalization of inconsistency indicators in pairwise comparisons. The need for normalization, as well as problems with the lack of normalization, are presented. A new type of paradox of infinity is described.

The paper can be found here: https://arxiv.org/abs/1702.07205v2

Mechatronics: The Highest-Paid Engineering Degree

Google’s self-driving cars. IBM’s “Dr. Watson.” The Jet Propulsion Laboratory’s Mars 2020 Rover.Behind these huge technological leaps is mechatronics, an interdisciplinary field that mixes a wide array of engineering disciplines—mechanical, electrical, computer and software.

According to the National Association of Colleges and Employers’ (NACE) “Class of 2015 First-Destination Survey,” mechatronics engineering majors were the highest-paid class of 2015 engineering graduates among those who received a bachelor’s degree.

Channel Islands is mentioned at the end of this article:

CSU Channel Islands will be the latest California State University campus to implement a mechatronics engineering program, which is planned to begin in September 2018. It was created in response to the demand for mechatronics engineers in Ventura County.

As a Hispanic-serving institution (HSI) and with a student body that’s more than 50 percent female, the new program will also focus on increasing access to engineering for historically underrepresented students in science, technology, engineering and mathematics (STEM), says Michael Soltys, Ph.D., professor and chair of the computer science program.

Source: Mechatronics: The Highest-Paid Engineering Degree

Your Late-Night Emails Are Hurting Your Team

Around 11 p.m. one night, you realize there’s a key step your team needs to take on a current project. So, you dash off an email to the team members while you’re thinking about it.

No time like the present, right?

Wrong. As a productivity trainer specializing in attention management, I’ve seen over the past decade how after-hours emails speed up corporate cultures — and that, in turn, chips away at creativity, innovation, and true productivity.

If this is a common behavior for you, you’re missing the opportunity to get some distance from work — distance that’s critical to the fresh perspective you need as the leader. And, when the boss is working, the team feels like they should be working.

via Your Late-Night Emails Are Hurting Your Team – HBR.