It is mind-boggling that, despite the world being warned, the past week’s ransomware attack almost took down a country’s healthcare system. ARTHUR GOLDSTUCK reports.
If the world didn’t know what ransomware was before, the incessant global headlines of the past week have provided an instant education.
The healthcare system in the United Kingdom was almost brought down by the WannaCry virus, which locks and encrypts computer files, rendering entire networks useless until a ransom is paid. The National Health Service had staff working overtime, not on patient care, but on using paper systems to manage patient information.
IT security company Kaspersky Lab defines ransomware as “a type of malware that severely restricts access to a computer, device or file until a ransom is paid by the user”. It can be installed through deceptive links in an email message, instant message or website, and can encrypt important files with a password.
Kaspersky Lab has detected at least 45 000 WannaCry (also known as WannaCrypt) infection attempts in 74 countries. While most have been in Russia, an animated map of infections published online by the New York Times (See http://bit.ly/wannaRSA) shows that targets were hit in every South African city.
Kaspersky explains that the ransomware infects victims by exploiting a Microsoft Windows vulnerability described and fixed in a Microsoft Security Bulletin in March 2017. The exploit is called Eternal Blue, and was stolen from the American National Security Agency (NSA) by a hacking gang going by the name of Shadowbrokers.
“Once inside the system, the attackers install a rootkit, which enables them to download the software to encrypt the data. The malware encrypts the files. A request for $600 in Bitcoin is displayed along with the wallet – and the ransom demand increases over time.”
Kaspersky is hoping to develop a decryption tool similar to those created for previous ransomware attacks, and available at noransom.kaspersky.com.
It should not have come to this, however. When the Windows vulnerability was revealed two months ago, it came with warnings that ransomware attacks and other cyber exploits were certain to follow. All Windows users were advised to update their software immediately, and IT administrators were advised to download and install the latest security patches. Users of the latest Microsoft operating system, Windows 10, were safe, as it did not contain the vulnerability.
Two months later, hospitals in the UK and elsewhere, along with businesses, public transport systems and even police stations globally, found themselves in crisis mode as their systems were brought down. By a known and well-publicised vulnerability.
It’s little wonder that scorn has been poured on UK Home Secretary Amber Rudd’s claim that there were “good preparations in place by the NHS to make sure they were ready for this sort of attack”. Guardian technology columnist Charles Arthur wrote that underfunding of the NHS “made the events of the past few days a disaster waiting to happen”.
In truth, it’s an ongoing disaster. As Arthur reports, between mid-2015 and the end of 2016, 88 of the UK’s 260 NHS trusts had been hit by ransomware.
In South Africa, it’s also an ongoing threat. Numerous individuals – particularly older users – have fallen for scammers supposedly phoning from Microsoft to say they have detected a virus on the user’s computer.
For some reason, the most suspicious of old-timers become like gullible children when receiving a call about their computers from a stranger. It does not cross their minds for a moment that the giant Microsoft is not about to phone an individual user about an issue on their system.
They are then persuaded to open a specific web address, download a piece of software and open it. Which instantly locks down their computer, and encrypts all files. They are told that, if they don’t pay a specific ransom amount by a given date, all the contents of their computer will be deleted.
Unfortunately, there is no Windows patch for gullibility. However, the same thing can happen via any number of exploits. In most cases, it is a result if clicking on a link or attachment in an email from a stranger.
The methods are going to keep evolving, and the trickery will keep getting more sophisticated.
“People in ransomware are thinking like business people,” said Ton Maas, digital coordinator of the Dutch National Police, during Kaspersky Lab’s annual Cyber Security Weekend in Malta last year. In 2015, he personally arrested two young ransomware creators, brothers who were conducting the business in their parents’ home.
“In this case, they were both the coders and the distributors,” said Maas. “Usually, you start with the coder, who offers code to distributors, who then target end-users. You even get code specifically written for the distributor, on request.
“The distributors buy the codes and earn their own money, but sometimes have to pay a percentage back to the coder. It is also possible to have a service contract, paying a fixed amount a month, so if you have problems and want to change something in the code, the coder will do it for you. You can call this ransomware-as-a-service.”
Kasperksy Lab’s 2016 Corporate IT security Risks Survey, presented at the Malta event, revealed that 20 per cent of businesses across the world experienced a ransomware attack in the previous 12 months. In South Africa, 19 per cent of businesses had come under attack.
The Lab helped the Dutch police track down the hackers responsible for a ransomware program called CoinVault, which added a new element: if victims did not pay immediately, the ransom “fee” steadily increased. That exact approach has now been taken by the WannaCry creator.
For now, WannaCry appears to be contained, but that is merely a respite in an escalating crisis. Expect worse. Far worse.
When will we stop calling them phones?
If you don’t remember when phones were only used to talk to people, you may wonder why we still use this term for handsets, writes ARTHUR GOLDSTUCK, on the eve of the 10th birthday of the app.
Do you remember when handsets were called phones because, well, we used them to phone people?
It took 120 years from the invention of the telephone to the use of phones to send text.
Between Alexander Graham Bell coining the term “telephone” in 1876 and Finland’s two main mobile operators allowing SMS messages between consumers in 1995, only science fiction writers and movie-makers imagined instant communication evolving much beyond voice. Even when BlackBerry shook the business world with email on a phone at the end of the last century, most consumers were adamant they would stick to voice.
It’s hard to imagine today that the smartphone as we know it has been with us for less than 10 years. Apple introduced the iPhone, the world’s first mass-market touchscreen phone, in June 2007, but it is arguable that it was the advent of the app store in July the following year that changed our relationship with phones forever.
That was the moment when the revolution in our hands truly began, when it became possible for a “phone” to carry any service that had previously existed on the World Wide Web.
Today, most activity carried out by most people on their mobile devices would probably follow the order of social media in first place – Facebook, Twitter, Instagram and LinkedIn all jostling for attention – and instant messaging in close second, thanks to WhatsApp, Messenger, SnapChat and the like. Phone calls – using voice that is – probably don’t even take third place, but play fourth or fifth fiddle to mapping and navigation, driven by Google Maps and Waze, and transport, thanks to Uber, Taxify, and other support services in South Africa like MyCiti, Admyt and Kaching.
Despite the high cost of data, free public Wi-Fi is also seeing an explosion in use of streaming video – whether Youtube, Netflix, Showmax, or GETblack – and streaming music, particularly with the arrival of Spotify to compete with Simfy Africa.
Who has time for phone calls?
The changing of the phone guard in South Africa was officially signaled last week with the announcement of Vodacom’s annual results. Voice revenue for the 2018 financial year ending 31 March had fallen by 4.6%, to make up 40.6% of Vodacom’s revenue. Total revenue had grown by 8.1%, which meant voice seriously underperformed the group, and had fallen by 4% as a share of revenue, from 2017’s 44.6%.
The reason? Data had not only outperformed the group, increasing revenue by 12.8%, but it had also risen from 39.7% to 42.8% of group revenue,
This means that data has not only outperformed voice for the first time – as had been predicted by World Wide Worx a year ago – but it has also become Vodacom’s biggest contributor to revenue.
That scenario is being played out across all mobile network operators. In the same way, instant messaging began destroying SMS revenues as far back as five years ago – to the extent that SMS barely gets a mention in annual reports.
Data overtaking voice revenues signals the demise of voice as the main service and key selling point of mobile network operators. It also points to mobile phones – let’s call them handsets – shifting their primary focus. Voice quality will remain important, but now more a subset of audio quality rather than of connectivity. Sound quality will become a major differentiator as these devices become primary platforms for movies and music.
Contact management, privacy and security will become critical features as the handset becomes the storage device for one’s entire personal life.
Integration with accessories like smartwatches and activity monitors, earphones and earbuds, virtual home assistants and virtual car assistants, will become central to the functionality of these devices. Why? Because the handsets will control everything else? Hardly.
More likely, these gadgets will become an extension of who we are, what we do and where we are. As a result, they must be context aware, and also context compatible. This means they must hand over appropriate functions to appropriate devices at the appropriate time.
I need to communicate only using my earpiece? The handset must make it so. I have to use gesture control, and therefore some kind of sensor placed on my glasses, collar or wrist? The handset must instantly surrender its centrality.
There are numerous other scenarios and technology examples, many out of the pages of science fiction, that point to the changing role of the “phone”. The one thing that’s obvious is that it will be silly to call it a phone for much longer.
MTN 5G test gets 520Mbps
MTN and Huawei have launched Africa’s first 5G field trial with an end-to-end Huawei 5G solution.
The field trial demonstrated a 5G Fixed-Wireless Access (FWA) use case with Huawei’s 5G 28GHz mmWave Customer Premises Equipment (CPE) in a real-world environment in Hatfield Pretoria, South Africa. Speeds of 520Mbps downlink and 77Mbps uplink were attained throughout respectively.
“These 5G trials provide us with an opportunity to future proof our network and prepare it for the evolution of these new generation networks. We have gleaned invaluable insights about the modifications that we need to do on our core, radio and transmission network from these pilots. It is important to note that the transition to 5G is not just a flick of a switch, but it’s a roadmap that requires technical modifications and network architecture changes to ensure that we meet the standards that this technology requires. We are pleased that we are laying the groundwork that will lead to the full realisation of the boundless opportunities that are inherent in the digital world.” says Babak Fouladi, Group Chief Technology & Information Systems Officer, at MTN Group.
Giovanni Chiarelli, Chief Technology and Information Officer for MTN SA said: “Next generation services such as virtual and augmented reality, ultra-high definition video streaming, and cloud gaming require massive capacity and higher user data rates. The use of millimeter-wave spectrum bands is one of the key 5G enabling technologies to deliver the required capacity and massive data rates required for 5G’s Enhanced Mobile Broadband use cases. MTN and Huawei’s joint field trial of the first 5G mmWave Fixed-Wireless Access solution in Africa will also pave the way for a fixed-wireless access solution that is capable of replacing conventional fixed access technologies, such as fibre.”
“Huawei is continuing to invest heavily in innovative 5G technologies”, said Edward Deng, President of Wireless Network Product Line of Huawei. “5G mmWave technology can achieve unprecedented fiber-like speed for mobile broadband access. This trial has shown the capabilities of 5G technology to deliver exceptional user experience for Enhanced Mobile Broadband applications. With customer-centric innovation in mind, Huawei will continue to partner with MTN to deliver best-in-class advanced wireless solutions.”
“We are excited about the potential the technology will bring as well as the potential advancements we will see in the fields of medicine, entertainment and education. MTN has been investing heavily to further improve our network, with the recent “Best in Test” and MyBroadband best network recognition affirming this. With our focus on providing the South Africans with the best customer experience, speedy allocation of spectrum can help bring more of these technologies to our customers,” says Giovanni.