Structure News: Are you prepared to pay a ransom for your data?

This week, we'll talk about the race to find a solution to ransomware.   Where Every Day Is Independence Day July 1st, 2016 / by Tom Krazit This week, we'll talk about the race to find a solution to ransomware, the search for what lies behind Moore's Law, and the need for standards in hardware security. BIG PICTURE Ransomware is scary. Unlike other information security threats, ransomware is deeply personal, threatening not just the loss of important data but embarrassment and sometimes genuine fear that data will become public. Small wonder then that these attacks are becoming more commonplace and more brazen; as Ars Technica noted in two posts this week, one scammer made $45,000 in just three weeks, and another is actually taunting victims while providing detailed instructions -- customer service, really -- on how to turn money into bitcoin. While this has been a problem for a while, ransomware could explode as the more sophisticated scammers find ways to target larger companies and demand more money for the safe return of critical data. Just this week, Circle Sport-Levine Family Racing, which competes on the NASCAR circuit, revealed that it had been successfully attacked with ransomware that the organization wound up solving by simply paying the attacker who encrypted their data. It’s easy to understand why they paid: time was an issue as an important race drew near, the value of the data was estimated at $2 million, and the attacker only asked for 500 bucks. The team even got a new sponsor out of it: Malwarebytes, which helped the team in the aftermath. It’s likely the racing team would have paid far more to ensure it could compete on the NASCAR circuit, which is a billion-dollar business. So what happens when attackers start targeting lucrative but under-the-radar businesses, like medium-size banks and financial institutions that often lack the expertise and resources to defend themselves as well as multinational corporations? Many will likely pay to keep the breaches secret (which countless companies probably have already done), arming the better attackers with more resources to improve their techniques. This is one of those reminders that it’s high time to increase the amount of information shared between companies who have been affected by this growing threat, which Circle Sport-Levine Family Racing chose to do with its NASCAR counterparts. Those behind ransomware are counting on shame to prevent their victims from pooling enough information with law enforcement to figure out who is behind these attacks, and right now, they’re winning. STRUCTURE NEWS SETTLING ON STANDARDS FOR HARDWARE SECURITY AT STRUCTURE SECURITY We’ve added some great speakers in the past week for Structure Security, scheduled for September 27th and 28th at the Golden Gate Club in San Francisco. One session I’m particularly excited about is our hardware security panel, which will feature Marc Canel of ARM (pictured), Alex Gantman of Qualcomm, and Steve Grobman of Intel. We’ll be talking about the need for common ground when it comes to labeling hardware security features, hopefully kicking off a push for standardization around those terms. Register for Structure Security here, and more information can be found here. INDUSTRY NEWS ALCHEMY CAN’T SAVE MOORE’S LAW Last week I highlighted some of The Next Platform’s coverage of the International Supercomputing Conference, but this later caught my eye: an Intel engineer frankly discussing the coming end of Moore’s Law in public, which would have put you on double-secret probation back in the day. This recap of Joshua Fryman’s talk in Germany is worth your time if you’ve been wondering where the next chapter in high-performance chip-making will take us. AMAZON’S FIRST INDIAN AWS DATA CENTERS LAUNCH IN MUMBAI The thousands of Amazon Web Services customers in India will now have access to a data center within the borders of the country. Venturebeat reports that the new data centers should help improve performance and satisfy local laws about data storage. CLEVER ATTACK USES THE SOUND OF A COMPUTER’S FAN TO STEAL DATA This is kind of amazing: Security researchers at Ben-Gurion University have figured out how to use the sound of cooling fans on machines disconnected from the internet in order to steal small amounts of data. There are a few hoops to jump through, as Wired details, but it seems like a feasible technique in the hands of extremely sophisticated hackers. HIGH-SEVERITY BUGS IN 25 SYMANTEC-NORTON PRODUCTS IMPERIL MILLIONS If you were affected by this vulnerability, you probably updated your systems already, but worth noting that Symantec disclosed flaws in 25 security products this week. Ars Technica notes that it’s another reminder that security products can themselves cause security problems, and this one is particularly scary because it doesn’t require a user to click on something in order to activate the worm. TESLA DRIVER KILLED IN CRASH WITH AUTOPILOT ACTIVE, NHTSA INVESTIGATING While it might not be as dangerous as trying to drive on 101 in Silicon Valley, the road to fully autonomous cars is still going to be dangerous. The Verge reports on the news that Tesla’s Autopilot feature failed to prevent the crash of a Tesla Model S into a tractor-trailer that it apparently didn’t notice crossing a highway, killing the driver. DO THIRD-PARTY VENDORS HAVE A BULLSEYE ON THEIR BACKS? Outsourcing non-core business functions, especially in the cloud software era, is standard-operating procedure for an awful lot of companies. But each provider you bring into your organization can create security issues that you’ll have to deal with, according to CSO, and many companies don’t pursue security service-level agreements with as much zeal as they do uptime agreements. QUOTE OF THE WEEK The next entrepreneur who’s 22 years old, graduating from a technical university in Germany may, instead of moving to London to do their Fintech startup, decide to go to Berlin instead.” — Toby Cappel, co-founder, Mosaic     RT @juliettepowell: Deep thoughts on deep learning: my chat w @AndrewYNg on #AI for business & humans https://t.co/KT036kW85g tx @Structure…3:13PM How Thinking Like a Computer Makes Security Stronger – Jeanette Wing from Microsoft Research #structuresecurity https://t.co/iB4wHId9sh11:45AM The #structuresecurity early bird rate takes flight at midnight on July 4th, grab a ticket now https://t.co/iB4wHId9sh12:05PM   Click here to unsubscribe from this list. Our mailing address is: Structure 405 El Camino Real, #215 Menlo Park, CA 94025 Add us to your address book Copyright (C) 2016 Structure All rights reserved. Forward this email to a friend. Update your profile.