Connect with us

Featured

ShadowPad attacks supply chain companies

Published

on

Kaspersky Labs has identified ShadowPad, a backdoor virus planted in server management software that allows attackers to download further malicious modules or steal data.

Kaspersky Lab experts have discovered a backdoor planted in a server management software product used by hundreds of large businesses around the world. When activated, the backdoor allows attackers to download further malicious modules or steal data. Kaspersky Lab has alerted NetSarang, the vendor of the affected software, and it has promptly removed the malicious code and released an update for customers.

ShadowPad is one of the largest known supply-chain attacks. Had it not been detected and patched so quickly, it could potentially have targeted hundreds of organisations worldwide.

In July, 2017 Kaspersky Lab’s Global Research and Analysis (GReAT) team was approached by one of its partners – a financial institution. The organisation’s security specialists were worried about suspicious DNS (domain name server) requests originating on a system involved in the processing of financial transactions. Further investigation showed that the source of these requests was server management software produced by a legitimate company and used by hundreds of customers in industries like financial services, education, telecoms, manufacturing, energy, and transportation. The most worrying finding was the fact that the vendor did not mean for the software to make these requests.

Further Kaspersky Lab analysis showed that the suspicious requests were actually the result of the activity of a malicious module hidden inside a recent version of the legitimate software. Following the installation of an infected software update, the malicious module would start sending DNS-queries to specific domains (its command and control server) at a frequency of once every eight hours. The request would contain basic information about the victim system (user name, domain name, host name). If the attackers considered the system to be “interesting”, the command server would reply and activate a fully-fledged backdoor platform that would silently deploy itself inside the attacked computer. After that, on command from the attackers, the backdoor platform would be able to download and execute further malicious code.

Following the discovery, Kaspersky Lab researchers immediately contacted NetSarang. The company reacted fast and released an updated version of the software without the malicious code.

So far, according to Kaspersky Lab research, the malicious module has been activated in Hong Kong, but it could be lying dormant on many other systems worldwide, especially if the users have not installed the updated version of the affected software.

While analysing the tools techniques and procedures used by the attackers, Kaspersky Lab researchers came to the conclusion that some similarities exist that point to PlugX malware variants used by the Winnti APT, a known Chinese-speaking cyberespionage group. This information, however, is not enough to establish a precise connection to these actors.

“ShadowPad is an example of how dangerous and wide-scale a successful supply-chain attack can be. Given the opportunities for reach and data collection it gives to the attackers, most likely it will be reproduced again and again with some other widely used software component. Luckily NetSarang was fast to react to our notification and released a clean software update, most likely preventing hundreds of data stealing attacks against its clients. However, this case shows that large companies should rely on advanced solutions capable of monitoring network activity and detecting anomalies. This is where you can spot malicious activity even if the attackers were sophisticated enough to hide their malware inside legitimate software,” said Igor Soumenkov, security expert, Global Research and Analysis Team, Kaspersky Lab.

NetSarang Statement

“To combat the ever-changing landscape of cyberattacks NetSarang has incorporated various methods and measures to prevent our line of products from being compromised, infected, or utilised by cyberespionage groups. Regretfully, the Build release of our full line of products on July 18th, 2017 was unknowingly shipped with a backdoor which had the potential to be exploited by its creator.

The security of our customers and user base is our highest priority and ultimately, our responsibility. The fact that malicious groups and entities are utilising commercial and legitimate software for illicit gain is an ever-growing concern and one that NetSarang, as well as others in the computer software industry, is taking very seriously.

NetSarang is committed to its users’ privacy and has incorporated a more robust system to ensure that never again will a compromised product be delivered to its users. NetSarang will continue to evaluate and improve our security not only to combat the efforts of cyber espionage groups around the world but also in order to regain the trust of its loyal user base.”

All Kaspersky Lab products detect and protect against the ShadowPad malware as “Backdoor.Win32.ShadowPad.a”.

Kaspersky Lab advises users to update immediately to the latest version of the NetSarang software, from which the malicious module has been removed, and to check their systems for signs of DNS queries to unusual domains. A list of the command server domains used by the malicious module can be found in the Securelist blogpost, which also includes further technical information on the backdoor.

Featured

Why your first self-driving car ride will be in a robotaxi

Autonomous driving will take longer than we expect, and involve less ownership than the industry would like, writes Intel’s AMNON SHASHUA

Published

on

As we all watch automakers and autonomous tech companies team up in various alliances, it’s natural to wonder about their significance and what the future will bring. Are we realizing that autonomous driving technology and its acceptance by society could take longer than expected? Is the cost of investing in such technology proving more than any single organization can sustain? Are these alliances driven by a need for regulation that will be accepted by governments and the public or for developing standards on which manufacturers can agree?

The answers are likely a bit of each, which makes it a timely opportunity to review the big picture and share our view of where Intel and Mobileye stand in this landscape.

Three Aspects to Auto-Tech-AI

There are three aspects to automotive-technology-artificial intelligence (auto-tech-AI) that are unfolding:

  1. Advanced driver-assistance systems (ADAS)
  2. Robotaxi ride-hailing as the future of mobility-as-a-service (MaaS)
  3. Series-production passenger car autonomy

With ADAS technologies, the driver remains in control while the system intervenes when necessary to prevent accidents. This is especially important as distracted driving grows unabated. Known as Levels 0-2 as defined by the Society of Automotive Engineers (SAE), ADAS promises to reduce the probability of an accident to infinitesimal levels. This critical phase of auto-tech-AI is well underway, with today’s penetration around 22%, a number expected to climb sharply to 75% by 2025.1

Meanwhile, the autonomous driving aspect of auto-tech-AI is coming in two phases: robotaxi MaaS and series-production passenger car autonomy. What has changed in the mindset of many companies, including much of the auto industry, is the realization that those two phases cannot proceed in parallel.

Series-production passenger car autonomy (SAE Levels 4-5) must wait until the robotaxi industry deploys and matures. This is due to three factors: cost, regulation and geographic scale. Getting all factors optimized simultaneously has proven too difficult to achieve in a single leap, and it is why many in the industry are contemplating the best path to achieve volume production. Many industry leaders are realizing it is possible to stagger the challenges if the deployment of fully autonomous vehicles (AVs) aims first at the robotaxi opportunity.

Cost: The cost of a self-driving system (SDS) with its cameras, radars, lidars and high-performance computing is in the tens of thousands of dollars and will remain so for the foreseeable future. This cost level is acceptable for a driverless ride-hailing service, but is simply too expensive for series-production passenger cars. The cost of SDS should be no more than a few thousand dollars – an order of magnitude lower than today’s costs – before such capability can find its way to series-production passenger cars.

Regulation: Regulation is an area that receives too little attention. Companies deep in the making of SDSs know that it is the stickiest issue. Beside the fact that laws for granting a license to drive are geared toward human drivers, there is the serious issue of how to balance safety and usefulness in a manner that is acceptable to society.

It will be easier to develop laws and regulations governing a fleet of robotaxis than for privately-owned vehicles. A fleet operator will receive a limited license per use case and per geographic region and will be subject to extensive reporting and back-office remote operation. In contrast, licensing such cars to private citizens will require a complete overhaul of the complex laws and regulations that currently govern vehicles and drivers.

The auto industry is gradually realising that autonomy must wait until regulation and technology reach equilibrium, and the best place to get this done is through the robotaxi phase.

Scale: The third factor, geographic scale, is mostly a challenge of creating high-definition maps with great detail and accuracy, and of keeping those maps continuously updated. The geographic scale is crucial for series-production driverless cars because they must necessarily operate “everywhere” to fulfil the promise of the self-driving revolution. Robotaxis can be confined to geofenced areas, which makes it possible to postpone the issue of scale until the maturity of the robotaxi industry.

When the factors of cost, regulation and scale are taken together, it is understandable why series-production passenger cars will not become possible until after the robotaxi phase.

As is increasingly apparent, the auto industry is gravitating towards greater emphasis on their Level 2 offerings. Enhanced ADAS – with drivers still in charge of the vehicle at all times – helps achieve many of the expected safety benefits of AVs without bumping into the regulatory, cost and scale challenges.

At the same time, automakers are solving for the regulatory, cost and scale challenges by embracing the emerging robotaxi MaaS industry. Once MaaS via robotaxi achieves traction and maturity, automakers will be ready for the next (and most transformative) phase of passenger car autonomy.

The Strategy for Autonomy

With all of this in mind, Intel and Mobileye are focused on the most efficient path to reach passenger car autonomy. It requires long-term planning, and for those who can sustain the large investments ahead, the rewards will be great. Our path forward relies on four focus areas:

  • Continue at the forefront of ADAS development. Beyond the fact that ADAS is the core of life-saving technology, it allows us to validate the technological building blocks of autonomous vehicles via tens of new production programs a year with automakers that submit our technology to the most stringent safety testing. Our ADAS programs – more than 34 million vehicles on roads today – provide the financial “fuel” to sustain autonomous development activity for the long run.
  • Design an SDS with a backbone of a camera-centric configuration. Building a robust system that can drive solely based on cameras allows us to pinpoint the critical safety segments for which we truly need redundancy from radars and lidars. This effort to avoid unnecessary over-engineering or “sensor overload” is key to keeping the cost low.
  • Build on our Road Experience Management (REM)™ crowdsourced automatic high-definition map-making to address the scale issue. Through existing contracts with automakers, we at Mobileye expect to have more than 25 million cars sending road data by 2022.
  • Tackle the regulatory issue through our Responsibility-Sensitive Safety (RSS) formal model of safe driving, which balances the usefulness and agility of the robotic driver with a safety model that complies with societal norms of careful driving.

At Intel and Mobileye, we are all-in on the global robotaxi opportunity. We are developing technology for the entire robotaxi experience – from hailing the ride on your phone, through powering the vehicle and monitoring the fleet. Our hands-on approach with as much of the process as possible enables us to maximize learnings from the robotaxi phase and be ready with the right solutions for automakers when the time is right for series-production passenger cars.

On the way, we will help our partners deliver on the life-saving safety revolution of ADAS. We are convinced this will be a powerful and historic example of the greatest value being realized on the journey.

Professor Amnon Shashua is senior vice president at Intel Corporation and president and chief executive officer of Mobileye, an Intel company.

1Wolfe Research 2019.

Continue Reading

Featured

Sea of Solitude represents mental health issues through gaming

It’s a game that provides a tasteful visual representation of mental health issues. BRYAN TURNER dives into the Sea of Solitude.

Published

on

Disclaimer: This review is based on four hours of gameplay.

Sea of Solitude, the latest adventure game by Jo-Mei Games and EA Games, takes a sobering look at loneliness. It represents this loneliness visually, using light and dark environmental changes, as well as creatures players must encounter. The main character, Kay, must make it through the sea without finding herself trapped in a sea of loneliness. She meets fantastical creatures along her journey, and she must help them solve their challenges while keeping herself in a sane environment.

The game is systematic in the way it represents its important aspects. It starts with a striking visual art style and a soft storyline, which gives characters a chance to absorb the beauty of the game. As one gets a hang of the controls and used to the art style, the story kicks it up a few notches to reveal the harrowing backstories of the creatures that reside in the sea Kay must travel.

In particular, it features a creature that keeps flying away from Kay. This was frustrating because the previous chapter of the game presents a backstory for the creature that was not only devastating to the main character, but also to the player. Once Kay meets this creature, players must be ready to cry. It’s a brilliantly crafted story and hats off to Jo-Mei Games for being great storytellers.

Cornelia Geppert, CEO of Jo-Mei Games, told EA: “Sea of Solitude centres on the essence of loneliness and tugs on the heartstrings of its players by mirroring their own reality. It’s by far the most artistic and personal project I’ve ever created, written during a very emotional time in my life. Designing characters based on emotions was a deeply personal achievement for our team and we’re so excited for players to soon experience Kay’s powerful story of self-discovery and healing.”

Generally, I steer clear of games that are metaphors about mental health issues because they tend to be crass in how they address mental health. Sea of Solitude is quite different because of its level of relatability. Other games about mental health tend to be about a specific disorder that not many people experience, while loneliness is something that so many of us experience. Additionally, the representation of how loneliness affects Kay in the real world is sharp but tasteful. The combination of relatability and respectful representation is what makes the game’s story so brilliant.

Another great aspect of this game is the music scoring. It uses sound and the absence of sound very carefully to invoke the right feelings expected from players. The game wouldn’t be as good with the sound off and subtitles on, so future players are recommended to turn up the volume or put on headphones.

The game is long for an indie game, at around three or four hours of gameplay until the end is reached. Several sources say there is a hidden ending, so players can look out for that in a second playthrough.

The game’s story isn’t perfect, though. The eventual sameness of creature encounters is a little disappointing. This may be down to the expectation of being extremely devastated by all the stories of the creatures, especially when one is less than devastated by the subsequent stories. One of the most affecting creature stories was also presented at the beginning of the game, which set the bar very high for the rest of the creatures.

One creature, in particular, tries very hard to have the greatest emotional impact, but this comes across as blunt and dampens the meaning of what it was supposed to represent.

While I didn’t mind sharp representation, the perception of themes like bullying, estrangement, and suicidal thoughts may vary in appropriateness from player to player. Prospective players with existing painful mental health issues should consult gameplay videos, like the one below, before purchasing the game, to gauge appropriateness.

Overall, the game is incredible at connecting with what it is to be human and what it means to be lonely. Dealing with issues as physical creatures is a great touch, as the main character tends to resolve the problems of the creature by understanding what the problems mean.

Continue Reading

Trending

Copyright © 2019 World Wide Worx