Connect with us

Business

Scale, details of massive Kaseya ransomware attack emerge – CP24 Toronto's Breaking News

Published

 on


BOSTON (AP) – Cybersecurity teams worked feverishly Sunday to stem the impact of the single biggest global ransomware attack on record, with some details emerging about how the Russia-linked gang responsible breached the company whose software was the conduit.

An affiliate of the notorious REvil gang, best known for extorting $11 million from the meat-processor JBS after a Memorial Day attack, infected thousands of victims in at least 17 countries on Friday, largely through firms that remotely manage IT infrastructure for multiple customers, cybersecurity researchers said. They reported ransom demands of up to $5 million.

The FBI said in a statement Sunday that it was investigating the attack along with the federal Cybersecurity and Infrastructure Security Agency, though “the scale of this incident may make it so that we are unable to respond to each victim individually.”

President Joe Biden suggested Saturday the U.S. would respond if it was determined that the Kremlin is at all involved. He said he had asked the intelligence community for a “deep dive” on what happened.

The attack comes less than a month after Biden pressed Russian President Vladimir Putin to stop providing safe haven to REvil and other ransomware gangs whose unrelenting extortionary attacks the U.S. deems a national security threat.

A broad array of businesses and public agencies were hit by the latest attack, apparently on all continents, including in financial services, travel and leisure and the public sector – though few large companies, the cybersecurity firm Sophos reported. Ransomware criminals break into networks and sow malware that cripples networks on activation by scrambling all their data. Victims get a decoder key when they pay up.

The Swedish grocery chain Coop said most of its 800 stores would be closed for a second day Sunday because their cash register software supplier was crippled. A Swedish pharmacy chain, gas station chain, the state railway and public broadcaster SVT were also hit.

In Germany, an unnamed IT services company told authorities several thousand of its customers were compromised, the news agency dpa reported. Also among reported victims were two big Dutch IT services companies – VelzArt and Hoppenbrouwer Techniek. Most ransomware victims don’t publicly report attacks or disclose if they’ve paid ransoms.

CEO Fred Voccola of the breached software company, Kaseya, estimated the victim number in the low thousands, mostly small businesses like “dental practices, architecture firms, plastic surgery centers, libraries, things like that.”

Voccola said in an interview that only between 50-60 of the company’s 37,000 customers were compromised. But 70% were managed service providers who use the company’s hacked VSA software to manage multiple customers. It automates the installation of software and security updates and manages backups and other vital tasks.

Experts say it was no coincidence that REvil launched the attack at the start of the Fourth of July holiday weekend, knowing U.S. offices would be lightly staffed. Many victims may not learn of it until they are back at work on Monday. The vast majority of end customers of managed service providers “have no idea” what kind of software is used to keep their networks humming, said Voccola,

Kaseya said it sent a detection tool to nearly 900 customers on Saturday night.

John Hammond of Huntress Labs, one of the first cybersecurity firms to sound the alarm on the attack, said he’d seen $5 million and $500,000 demands by REVil for the decryptor key needed to unlock scrambled networks. The smallest amount demanded appears to have been $45,000.

Sophisticated ransomware gangs on REvil’s level usually examine a victim’s financial records – and insurance policies if they can find them – from files they steal before activating the data-scrambling malware. The criminals then threaten to dump the stolen data online unless paid. It was not immediately clear if this attack involved data theft, however. The infection mechanism suggests it did not.

“Stealing data typically takes time and effort from the attacker, which likely isn’t feasible in an attack scenario like this where there are so many small and mid-sized victim organizations,” said Ross McKerchar, chief information security officer at Sophos. “We haven’t seen evidence of data theft, but it’s still early on and only time will tell if the attackers resort to playing this card in an effort to get victims to pay.”

Dutch researchers said they alerted Miami-based Kaseya to the breach and said the criminals used a “zero day,” the industry term for a previous unknown security hole in software. Voccola would not confirm that or offer details of the breach – except to say that it was not phishing.

“The level of sophistication here was extraordinary,” he said.

When the cybersecurity firm Mandiant finishes its investigation, Voccola said he is confident it will show that the criminals didn’t just violate Kaseya code in breaking into his network but also exploited vulnerabilities in third-party software.

It was not the first ransomware attack to leverage managed services providers. In 2019, criminals hobbled the networks of 22 Texas municipalities through one. That same year, 400 U.S. dental practices were crippled in a separate attack.

One of the Dutch vulnerability researchers, Victor Gevers, said his team is worried about products like Kaseya’s VSA because of the total control of vast computing resources they can offer. “More and more of the products that are used to keep networks safe and secure are showing structural weaknesses,” he wrote in a blog Sunday.

The cybersecurity firm ESET identified victims in least 17 countries, including the United Kingdom, South Africa, Canada, Argentina, Mexico, Indonesia, New Zealand and Kenya.

Kaseya says the attack only affected “on-premise” customers, organizations running their own data centers, as opposed to its cloud-based services that run software for customers. It also shut down those servers as a precaution, however.

Kaseya, which called on customers Friday to shut down their VSA servers immediately, said Sunday it hoped to have a patch in the next few days.

Active since April 2019, REvil provides ransomware-as-a-service, meaning it develops the network-paralyzing software and leases it to so-called affiliates who infect targets and earn the lion’s share of ransoms. U.S. officials say the most potent ransomware gangs are based in Russia and allied states and operate with Kremlin tolerance and sometimes collude with Russian security services.

Cybersecurity expert Dmitri Alperovitch of the Silverado Policy Accelerator think tank said that while he does not believe the Kaseya attack is Kremlin-directed, it shows that Putin “has not yet moved” on shutting down cybercriminals.

AP reporters Eric Tucker in Washington, Kirsten Grieshaber in Berlin, Jari Tanner in Helsinki and Sylvie Corbet in Paris contributed to this report.

Adblock test (Why?)



Source link

Continue Reading

Business

Canada posts surprise $3.2B trade surplus in June as oil exports surge – CBC.ca

Published

 on


Canada’s trade surplus swung to its widest point since 2008 in June as exports of products like oil surged while imports shrank.

Statistics Canada reported Thursday that exports surged by 8.7 per cent to $53.8 billion. Energy led the way with exports rising by 22 per cent to $11.3 billion. That’s the largest amount since March of 2019.

Cars and car parts were also up, by 14.9 per cent, as were metal and non-metallic minerals, which rose by 12.7 per cent.

All in all, Canada exported $4.3 billion more goods and services to the world in June than it did the previous month. That’s the biggest monthly increase on record, if 2020’s volatile numbers are stripped out.

While Canada was shipping more goods and services to the rest of the world, it was also buying less.

Imports fell one per cent to $50.5 billion as consumer goods fell by 3.7 per cent.

“This category was weighed down by a decline in clothing, footwear and accessories, which Statcan noted was in part due to restrictions in some parts of the country and port disruptions in Asia related to COVID-19 outbreaks,” TD Bank economist Rishi Sondhi said.

Imports of cars and car parts, meanwhile, fell by 3.8 per cent.

One type of good that Canada imported a lot more of, however, was vaccines. Imports of vaccines rose by 74.5 per cent in the month to $745 million. That’s 21 times higher than the amount of vaccines that Canada was importing the same month a year ago, before the country’s COVID-19 vaccination effort ramped up.

U.S. exports surge even more

Almost all of Canada’s trade surplus came from dealings with the U.S.

Canada posted a surplus of $8.3 billion with the U.S. for the month. With the rest of the world, however, Canada continues to have a trade deficit, although that deficit shrank to $5.1 billion, resulting in a total trade surplus of $3.2 billion.

“Canada’s merchandise trade balance has posted surpluses in four of the first six months of the year, boosted by strong demand arising from U.S. re-openings and the rise in commodity prices,” Bank of Montreal economist Shelley Kaushik said.

“Looking ahead, expect imports to recover as the economy reopens, while still-strong energy prices and U.S. growth should continue to support exports.”

Adblock test (Why?)



Source link

Continue Reading

Business

COVID-19 booster shot might be needed by winter, Moderna says as study continues – Global News

Published

 on


Moderna Inc. said on Thursday its COVID-19 shot was about 93 per cent effective through six months after the second dose, showing hardly any change from the 94 per cent efficacy reported in its original clinical trial.

However, it said it still expects booster shots to be necessary ahead of the winter season as antibody levels are expected to wane. It and rival Pfizer Inc and BioNTech SE have been advocating a third shot to maintain a high level of protection against COVID-19.

During a second-quarter earnings call, Moderna CEO Stephane Bancel said that the company would not produce more than the 800 million to 1 billion doses of the vaccine that it has targeted this year.


Click to play video: 'White House says U.S. prepared to provide COVID-19 boosters if needed'



0:54
White House says U.S. prepared to provide COVID-19 boosters if needed


White House says U.S. prepared to provide COVID-19 boosters if needed

“We are now capacity constrained for 2021, and we are not taking any more orders for 2021 delivery,” he said.

Moderna shares fell 3.6 per cent to around $403.87 in pre-market trading after closing at $419.05 on Wednesday.

The Moderna data compares favorably to that released by Pfizer and BioNTech last week in which they said their vaccine’s efficacy waned around six per cent every two months, declining to around 84 per cent six months after the second shot.

Read more:
Germany, France will give COVID-19 vaccine boosters despite WHO call for pause

Both the Moderna and Pfizer-BioNTech vaccines are based on messenger RNA (mRNA) technology.

“Our COVID-19 vaccine is showing durable efficacy of 93 per cent through six months, but recognize that the Delta variant is a significant new threat so we must remain vigilant,” Bancel said.

The comment comes as public health officials across the world debate whether additional doses are safe, effective and necessary even as they grapple with the fast-spreading Delta variant of the coronavirus.

Meanwhile, Pfizer is planning to seek authorization for a third shot later this month, and some countries like Israel have begun or plan to start administering a booster shot to older or vulnerable people.


BOOSTER CANDIDATES

Separately, Moderna said its studies of three different booster candidates induced robust antibody responses against variants, including the Gamma, Beta and Delta variants.

It said neutralizing antibody levels following the boost approached those observed after the second shot.

For this year, Moderna has signed vaccine contracts worth $20 billion in sales. It has agreements for $12 billion in 2022, with options for another roughly $8 billion in sales and expects to produce between 2 billion and 3 billion doses next year.

Read more:
Pfizer claims third vaccine dose increases protection against COVID-19 Delta variant

The company, however, has not been able to keep pace with the much larger Pfizer, which expects to manufacture as many as 3 billion doses this year and 2021 sales to top $33.5 billion.

Moderna’s vaccine was authorized for emergency use in adults in the United States in December and has since been cleared for emergency or conditional use in adults in more than 50 countries.

The company expects to finish its submission for full approval with the U.S. Food and Drug Administration this month.

Read more:
Canada doesn’t need vaccine boosters yet, but planning for possibility: Tam

It posted second-quarter sales of $4.4 billion, slightly above expectations of $4.2 billion drawn from 10 analysts polled by Refinitiv. Its COVID-19 shot is the firm’s first authorized product and sales were just $67 million a year earlier.

Moderna earned $2.78 billion, or $6.46 a share, beating quarterly expectations of $5.96 a share.

(Reporting by Michael Erman in New Jersey and Manas Mishra in Bengaluru; editing by Kirsten Donovan, Edwina Gibbs and Arun Koyyur)

© 2021 Reuters

Adblock test (Why?)



Source link

Continue Reading

Business

U.S. President Biden seeks to boost fuel economy to thwart Trump rollback – CTV News

Published

 on


DETROIT —
The Biden administration wants automakers to raise gas mileage and cut tailpipe pollution between now and model year 2026, and it has won a voluntary commitment Thursday from the industry that electric vehicles will comprise up to half of U.S. sales by the end of the decade.

The moves are big steps toward U.S. President Joe Biden’s pledge to cut emissions and battle climate change as he pushes a history-making shift in the U.S. from internal combustion engines to battery-powered vehicles. They also reflect a delicate balance to gain both industry and union support for the environmental effort, with the future promise of new jobs and billions in new federal investments in electric vehicles.

The administration on Thursday announced there would be new mileage and anti-pollution standards from the Environmental Protection Agency and Transportation Department, part of Biden’s goal to cut U.S. greenhouse gas emissions in half by 2030. It said the auto industry had agreed to a target that 40% to 50% of new vehicle sales be electric by 2030.

Both the regulatory standards and the voluntary target will be included in an executive order that Biden plans to sign later Thursday.

The standards, which have to go through the regulatory process including public comments, would reverse fuel economy and anti-pollution rollbacks done under President Donald Trump. At that time, the increases were reduced to 1.5% annually through model year 2026.

Still, it remained to be seen how quickly consumers would be willing to embrace higher mileage, lower-emission vehicles over less fuel-efficient SUVs, currently the industry’s top seller. The 2030 EV targets ultimately are nonbinding, and the industry stressed that billions of dollars in electric-vehicle investments in legislation pending in Congress will be vital to meeting those goals.

Only 2.2% of new vehicle sales were fully electric vehicles through June, according to Edmunds.com estimates. That’s up from 1.4% at the same time last year.

The White House didn’t release information on the proposed annual mileage increases late Wednesday, but Dan Becker, director of the safe climate campaign for the Center for Biological Diversity, said an EPA official gave the numbers during a presentation on the plan.

The official said the standards would be 10% more stringent than the Trump rules for model year 2023, followed by 5% increases in each model year through 2026, according to Becker. That’s about a 25% increase over the four years.

Last week, The Associated Press and other news organizations reported that the Biden administration was discussing weaker mileage requirements with automakers, but they apparently have been strengthened. The change came after environmental groups complained publicly that they were too weak to address a serious problem.

Transportation is the single biggest U.S. contributor to climate change. Autos in the U.S. spewed 824 million tons (748 million metric tons) of heat-trapping carbon dioxide in 2019, about 14% of total U.S. emissions, according to the EPA.

The voluntary deal with automakers defines an electric vehicle as plug-in hybrids, fully electric vehicles and those powered by hydrogen fuel cells.

Environmental groups said the administration should move faster.

“This proposal helps get us back on the road to cleaning up tailpipe pollution,” said Simon Mui of the Natural Resources Defense Council. “But given how climate change has already turned our weather so violent, it’s clear that we need to dramatically accelerate progress.”

Scientists say human-caused global warming is increasing temperatures, raising sea levels and worsening wildfires, droughts, floods and storms globally.

“We urgently need to cut greenhouse gas pollution, and voluntary measures won’t cut it,” Becker said.

Several automakers already have announced similar electric vehicle sales goals to those in the deal with the government. Last week, for instance, Ford’s CEO said his company expects 40% of its global sales to be fully electric by 2030. General Motors has said it aspires to sell only electric passenger vehicles by 2035. Stellantis, formerly Fiat Chrysler, also pledged over 40% electrified vehicles by 2030.

The Trump rollback of the Obama-era standards would require a projected 29 mpg in “real world” stop-and-start driving by 2026. It wasn’t clear what the real world mileage would be under the Biden standards. Under Obama administration rules, it would have increased to 37 mpg.

Automakers said they would work toward the 40% to 50% electric vehicle sales goal.

“You can count on Toyota to do our part,” said Ted Ogawa, the company’s North America CEO.

General Motors, Stellantis and Ford said in a joint statement that their recent electric-vehicle commitments show they want to lead the U.S. in the transition away from combustion vehicles.

They said the change is a “dramatic shift” from the U.S. market today, and can only happen with a policies that include incentives for electric vehicle purchases, adequate government funding for charging stations and money to expand electric vehicle manufacturing and the parts supply chain.

The United Auto Workers union, which has voiced concerns about being too hasty with an EV transition because of the potential impact on industry jobs, did not commit to endorsing a 40% to 50% EV target. But UAW said it stands behind the president to “support his ambition not just to grow electric vehicles but also our capacity to produce them domestically with good wages and benefits.”

Under a shift from internal combustion to electric power, jobs that now involve making pistons, fuel injectors and mufflers will be supplanted by the assembly of lithium-ion battery packs, electric motors and heavy-duty wiring harnesses.

Many of those components are now built overseas, such as China. Biden has made the development of a U.S. electric vehicle supply chain a key part of his plan to create more auto industry jobs.

“We are in a global competition for who gets to make the clean cars of the future, and President Biden’s leadership means that we’ll develop that manufacturing and those supply chains right here in America,” said Sen. Tom Carper, D-Del., who chairs the Senate Environment and Public Works Committee.

In a bipartisan infrastructure bill awaiting Senate passage, there is US$7.5 billion allocated for grants to build charging stations, about half of what Biden originally proposed. He wanted $15 billion for 500,000 stations, plus money for tax credits and rebates to entice people into buying electric vehicles.

The Alliance for Automotive Innovation, a large industry trade group, said it will work with the administration to reach zero carbon emissions from transportation. But it said the best opportunity for environmental benefits will come after 2026 as more electric vehicles are sold.

The industry, it said, will invest more than $300 billion in electrification by 2025, producing 130 electric models by 2026. Only about 50 are available today.

——

Associated Press writers Hope Yen and Seth Borenstein in Washington contributed to this report

Adblock test (Why?)



Source link

Continue Reading

Trending