Home » Entries posted by MATT OBRIEN AP Technology Writer

Smart Eye Deputy CEO Rana el Kaliouby talks automotive AI

Smart Eye Deputy CEO Rana el Kaliouby talks automotive AI

Rana el Kaliouby co-founded and led Boston startup Affectiva, which uses artificial intelligence and computer vision to analyze mood and emotionBy MATT O’BRIEN AP Technology WriterJuly 27, 2021, 7:52 PM• 5 min readShare to FacebookShare to TwitterEmail this articleRana el Kaliouby co-founded and led Boston startup Affectiva, which uses artificial intelligence and computer vision to analyze mood and emotion.Now she’s got a new job as deputy CEO of Smart Eye, after the Swedish eye-tracking company bought Affectiva for $73.5 million in June.The auto industry is the prime market for el Kaliouby and competitors like Australia-based Seeing Machines. Carmakers are bracing for new safety rules and standards around the world that could require dashboard cameras to detect dangerous driver behavior, especially in vehicles that are partly driving themselves but still need human attention.El Kaliouby says that’s just the beginning of where in-car AI systems are going. This interview has been edited for length and clarity.Q: Ten years from now, a family’s in a car. What might your technology be doing on their trip?A: OK, family’s in the car. You’ve got two kids in the back seat. First of all, the kids are fighting. The car knows that and can see that mom, who’s driving, is getting frustrated, a little mad, distracted. The car intervenes by recommending content for the kids — or through a conversational interface, mediating a game between the kids. They play for a little. They fall asleep. The car can see that so the lights dim and the music or movie turns off. Then the car realizes mom is exhausted and also starting to doze off, so it gets into this chatty mode to reengage her. And then mom leaves the car, forgets the child is in there, and gets a text message that says, “Oh, you may have forgotten Little Baby Joe!’ I’m making this up on the fly. It can basically personalize the whole cabin experience — music, lighting, temperature, based on knowing who’s inside the car and what they’re doing.Q: What is Affectiva bringing to Smart Eye, and vice versa?A: Smart Eye is a 22-year-old company. What they’ve been focused on the past couple years — and they are the undisputed market leader — is driver monitoring. They’re able to very accurately determine where a person is looking and they also monitor eye behavior. They can identify when a driver is distracted or drowsy. They’ve been contracted by 13 global automakers. Affectiva spun out of MIT 12 years ago and our focus is humanizing technology by bringing emotional intelligence to machines. We project there’s going to be an evolution in driver monitoring to everything that’s happening inside the vehicle. What are their mood and emotions? What activities are they engaged with? You become the eyes and ears of the car.Q: How do you detect someone’s mood or emotions?A: We do a lot of facial analysis but we’ve expanded to do a lot of body “keypoint” tracking so we can detect what people are actually doing — are you slouched in the car? Are you agitated? We monitor all of that.Q: What about someone’s face will tell you they’re panicked?A. There are expressions of fear. You can also start tracking other vital signs, like your heart rate or heart rate variability, breathing rate, via an optical sensor. That’s a direction we’re headed. It’s not at all ready for prime time but it’s something Affectiva and Smart Eye are exploring. And once you know a person’s baseline, you can find out if they are deviating from that baseline and the car can flag that.Q: How do you protect against concerns you can misread someone’s emotion or mood based on race, gender, neurodiversity?A: This is one of the things Affectiva’s really bringing to the table. It’s something we’ve been super intentional about. It starts with the diversity of the data. If you’re training an algorithm using middle-aged white men, that’s what it’s going to learn. The training set is critical and it’s everything from racial and ethnic diversity to diversity of facial appearances — maybe people are wearing glasses or hijabs or have beards. We’re partnering with synthetic data companies to augment our data sets and fill in the gaps. The second thing is, how do you validate the accuracy of the algorithms? If you just look at high-level accuracy, it might be hiding biases that exist in specific subpopulations. We dissect the data to make sure no bias is creeping in. And finally, the diversity of the team is how you overcome these blind spots.Q: What about the privacy of people who don’t want to be analyzed or watched in the car?A: In automotive, the good news is none of the data gets recorded. You do all the processing on the fly and make an inference, say, if the driver is drowsy. The car will hopefully respond to keep the driver safe. I think there needs to be a lot of consumer communication and transparency about what exactly the sensor is doing. I imagine there will be scenarios where you can switch it off. But if it’s a safety consideration, like your semi-autonomous vehicle needs to know if you are paying attention so it can transfer control back and forth, I imagine you may not be allowed to turn it off.

Smart Eye Deputy CEO Rana el Kaliouby talks automotive AI

Smart Eye Deputy CEO Rana el Kaliouby talks automotive AI

Rana el Kaliouby co-founded and led Boston startup Affectiva, which uses artificial intelligence and computer vision to analyze mood and emotionBy MATT O’BRIEN AP Technology WriterJuly 26, 2021, 1:10 PM• 5 min readShare to FacebookShare to TwitterEmail this articleRana el Kaliouby co-founded and led Boston startup Affectiva, which uses artificial intelligence and computer vision to analyze mood and emotion.Now she’s got a new job as deputy CEO of Smart Eye, after the Swedish eye-tracking company bought Affectiva for $73.5 million in June.The auto industry is the prime market for Kaliouby and competitors like Australia-based Seeing Machines. Carmakers are bracing for new safety rules and standards around the world that could require dashboard cameras to detect dangerous driver behavior, especially in vehicles that are partly driving themselves but still need human attention.El Kaliouby says that’s just the beginning of where in-car AI systems are going. This interview has been edited for length and clarity.Q: Ten years from now, a family’s in a car. What might your technology be doing on their trip?A: OK, family’s in the car. You’ve got two kids in the back seat. First of all, the kids are fighting. The car knows that and can see that mom, who’s driving, is getting frustrated, a little mad, distracted. The car intervenes by recommending content for the kids — or through a conversational interface, mediating a game between the kids. They play for a little. They fall asleep. The car can see that so the lights dim and the music or movie turns off. Then the car realizes mom is exhausted and also starting to doze off, so it gets into this chatty mode to reengage her. And then mom leaves the car, forgets the child is in there, and gets a text message that says, “Oh, you may have forgotten Little Baby Joe!’ I’m making this up on the fly. It can basically personalize the whole cabin experience — music, lighting, temperature, based on knowing who’s inside the car and what they’re doing.Q: What is Affectiva bringing to Smart Eye, and vice versa?A: Smart Eye is a 22-year-old company. What they’ve been focused on the past couple years — and they are the undisputed market leader — is driver monitoring. They’re able to very accurately determine where a person is looking and they also monitor eye behavior. They can identify when a driver is distracted or drowsy. They’ve been contracted by 13 global automakers. Affectiva spun out of MIT 12 years ago and our focus is humanizing technology by bringing emotional intelligence to machines. We project there’s going to be an evolution in driver monitoring to everything that’s happening inside the vehicle. What are their mood and emotions? What activities are they engaged with? You become the eyes and ears of the car.Q: How do you detect someone’s mood or emotions?A: We do a lot of facial analysis but we’ve expanded to do a lot of body “keypoint” tracking so we can detect what people are actually doing — are you slouched in the car? Are you agitated? We monitor all of that.Q: What about someone’s face will tell you they’re panicked?A. There are expressions of fear. You can also start tracking other vital signs, like your heart rate or heart rate variability, breathing rate, via an optical sensor. That’s a direction we’re headed. It’s not at all ready for prime time but it’s something Affectiva and Smart Eye are exploring. And once you know a person’s baseline, you can find out if they are deviating from that baseline and the car can flag that.Q: How do you protect against concerns you can misread someone’s emotion or mood based on race, gender, neurodiversity?A: This is one of the things Affectiva’s really bringing to the table. It’s something we’ve been super intentional about. It starts with the diversity of the data. If you’re training an algorithm using middle-aged white men, that’s what it’s going to learn. The training set is critical and it’s everything from racial and ethnic diversity to diversity of facial appearances — maybe people are wearing glasses or hijabs or have beards. We’re partnering with synthetic data companies to augment our data sets and fill in the gaps. The second thing is, how do you validate the accuracy of the algorithms? If you just look at high-level accuracy, it might be hiding biases that exist in specific subpopulations. We dissect the data to make sure no bias is creeping in. And finally, the diversity of the team is how you overcome these blind spots.Q: What about the privacy of people who don’t want to be analyzed or watched in the car?A: In automotive, the good news is none of the data gets recorded. You do all the processing on the fly and make an inference, say, if the driver is drowsy. The car will hopefully respond to keep the driver safe. I think there needs to be a lot of consumer communication and transparency about what exactly the sensor is doing. I imagine there will be scenarios where you can switch it off. But if it’s a safety consideration, like your semi-autonomous vehicle needs to know if you are paying attention so it can transfer control back and forth, I imagine you may not be allowed to turn it off.

Firm hacked to spread ransomware had previous security flaws

Firm hacked to spread ransomware had previous security flaws

For 21 years, the software company Kaseya labored in relative obscurity — at least until cybercriminals exploited it in early July for a massive ransomware attack that snarled businesses around the world and escalated U.S.-Russia diplomatic tensions.But it turns out that the recent hack wasn’t the first major cybersecurity problem to hit the Miami-based company and its core product, which IT teams use to remotely monitor and administer workplace computer systems and other devices.“It feels a little like déjà vu,” said Allie Mellen, a security analyst at Forrester Research.In 2018, for instance, hackers managed to infiltrate Kaseya’s remote tool to run a “cryptojacking” operation, which channels the power of afflicted computers to mine cryptocurrency — often without its victims noticing. It was a less harmful breach than the recent ransomware attack, which was impossible to miss since it crippled affected systems until their owners paid up. But it similarly relied on Kaseya’s Virtual System Administrator product, or VSA, as a vehicle to get access to the companies that rely on it.A 2019 ransomware attack also rode into computers through another company’s add-on software component to the Kaseya VSA, causing more limited damage than the recent attack. Some experts have tied that earlier assault to some of the same hackers who later formed REvil, the Russian-language syndicate blamed for the latest attack.And in 2014, Kaseya’s own founders sued the company in a dispute over responsibility for a VSA security flaw that allowed hackers to launch a separate cryptocurrency scheme. The court case does not appear to have been previously reported outside of a brief 2015 mention in a technical blog post. At the time, the founders denied responsibility for the vulnerability, calling the company’s charges against them a “bogus assertion.”Nearly all of Kaseya’s security problems have as their root cause well-understood coding vulnerabilities that should have been addressed earlier, said cybersecurity expert Katie Moussouris, the founder and CEO of Luta Security.“Kaseya needs to shape up, as does the entire software industry,” she said. “This is a failure to incorporate the lessons the bugs were teaching you. Kaseya, like a lot of companies, is failing to learn those lessons.”Many of the attacks relied at least in part on what’s known as SQL injection, a technique hackers use to inject malicious code into web queries. It’s an old technique that Mellen said has been considered a “solved problem” in the cybersecurity world for a decade.“It points to a chronic product security issue in Kaseya’s software that remains unaddressed seven years later,” she said. “When organizations choose to brush over security challenges, the incidents continue, and, as in this case, get worse.”Kaseya has noted that it’s long been a target because many of its direct customers are “managed-services providers” that host IT infrastructure for hundreds, if not thousands, of other businesses.“In the business we’re in, and the number of endpoints we manage around the world, as you might expect, we take security extremely seriously,” Ronan Kirby, president of the company’s European operations, said at a Belgian cybersecurity conference Thursday. “You attack a company, you get into the company. You attack a service provider, you get into all their customers. You get into Kaseya, that’s a very different proposition. So obviously we’re an attractive target.”Kaseya declined to answer questions from The Associated Press about the previous hacks or the legal dispute involving its founders.Mark Sutherland and Paul Wong co-founded Kaseya in California in 2000. They had previously worked together on a project protecting the email accounts of U.S. intelligence workers at the National Security Agency, according to an account on the company’s website.But more than a year after selling Kaseya in June 2013, court records show that Sutherland, Wong and two other former top executives sued the company to recoup $5.5 million in stock buybacks they said they were unfairly denied.At the heart of the dispute was an attack by hackers who used Kaseya’s VSA as a conduit to deploy Litecoin mining malware that secretly hijacks a victim computer’s power to make money for the hacker by processing cryptocurrency payments.Kaseya publicly disclosed the attacks in a March 2014 notice to customers. Privately, it was blaming the company’s previous leadership for not warning about “serious vulnerabilities” in Kaseya’s software. It sought to deprive them of the final $5.5 million of the acquisition price to compensate for the loss of business and damaged reputation.The founders, in turn, blamed the new leadership for scaling back on coding expertise and eliminating a “hotfix” system for rapidly fixing bugs, according to the lawsuit from Sutherland, Wong, former CEO Gerald Blackie and former Chief Operating Officer Timothy McMullen.They also argued that the SQL injection technique used by the hackers was highly common and “inherent in any computer code” that uses the SQL programming language.“Ensuring that each and every piece of database access code is immune to SQL injection is essentially impossible,” said their lawsuit. Mellen and Moussouris both rejected that assertion.“That is a bold statement and provably false,” Moussouris said. “It highlights the fact they lacked the security knowledge and sophistication to protect their users.”None of the plaintiffs or their lawyers responded to requests for comment. They agreed to dismiss the case in December 2013, just a month after they filed it. It’s not clear how it was settled. Kaseya is privately held.LinkedIn profiles for Sutherland and Wong list them as retired. Blackie went on to become CEO of another Miami-based provider of remote-control software, Pilixo, where he was joined by McMullen. Pilixo didn’t return a request for comment.New vulnerabilities affecting Kaseya’s VSA — including the one exploited by the REvil ransomware gang — were discovered this year by a Dutch cybersecurity research group that says it confidentially warned Kaseya in early April. “In the wrong hands, these vulnerabilities could lead to the compromise of large numbers of computers managed by Kaseya VSA,” the Dutch Institute for Vulnerability Disclosure said in a blog post last week explaining the timeline of its actions.Some of those Kaseya fixed by May, including another SQL injection flaw, but the Dutch group said others were still unpatched when ransomware started hitting hundreds of businesses in early July. Kaseya has said up to 1,500 businesses have been compromised as a result of the attack. Kaseya on Sunday rolled out patches to the vulnerabilities used in the REvil attack.With Kaseya in the spotlight, a cybersecurity responder assisting clients stricken by the July 2 ransomware attack discovered what he called a glaring Kaseya security omission: a vulnerability in a public-facing customer portal that had been identified in 2015 but left unpatched.Alex Holden of Hold Security said he notified Kaseya and that the portal was quickly taken down. But the vulnerability troubled him, he said, because it granted unauthenticated users access to a configuration file that is highly protected on Microsoft web servers — one that often contains passwords and can grant access to core functions.Moussouris said there’s a pattern of ransomware syndicates going after easily detectable software flaws.“It’s collective technical debt around the world and the ransomware gangs are technical debt collectors,” she said. “They’re coming after organizations like Kaseya” and others that haven’t invested in better security.———This article has been corrected to note that news of a court case involving Kaseya and its founders was previously described in a 2015 technical blog post.———AP technology reporter Frank Bajak contributed to this article.

Firm hacked to spread ransomware had previous security flaws

Firm hacked to spread ransomware had previous security flaws

For 21 years, the software company Kaseya labored in relative obscurity — at least until cybercriminals exploited it in early July for a massive ransomware attack that snarled businesses around the world and escalated U.S.-Russia diplomatic tensions.But it turns out that the recent hack wasn’t the first major cybersecurity problem to hit the Miami-based company and its core product, which IT teams use to remotely monitor and administer workplace computer systems and other devices.“It feels a little like déjà vu,” said Allie Mellen, a security analyst at Forrester Research.In 2018, for instance, hackers managed to infiltrate Kaseya’s tool in 2018 to run a “cryptojacking” operation, which channels the power of afflicted computers to mine cryptocurrency — often without its victims noticing. It was a less harmful breach than the recent ransomware attack, which was impossible to miss since it crippled affected systems until their owners paid up. But it similarly relied on Kaseya’s Virtual System Administrator product, or VSA, as a vehicle to get access to the companies that rely on it.A 2019 ransomware attack also rode into computers through another company’s add-on software component to the Kaseya VSA, causing more limited damage than the recent attack. Some experts have tied that earlier assault to some of the same hackers who later formed REvil, the Russian-language syndicate blamed for the latest attack.And in 2014, Kaseya’s own founders sued the company in a dispute over responsibility for a VSA security flaw that allowed hackers to launch a separate cryptocurrency scheme. The court case does not appear to have been previously reported outside of a brief 2015 mention in a technical blog post. At the time, the founders denied responsibility for the vulnerability, calling the company’s charges against them a “bogus assertion.”Nearly all of Kaseya’s security problems have as their root cause well-understood coding vulnerabilities that should have been addressed earlier, said cybersecurity expert Katie Moussouris, the founder and CEO of Luta Security.“Kaseya needs to shape up, as does the entire software industry,” she said. “This is a failure to incorporate the lessons the bugs were teaching you. Kaseya, like a lot of companies, is failing to learn those lessons.”Many of the attacks relied at least in part on what’s known as a SQL injection, a technique hackers use to inject malicious code into web queries. It’s an old technique that Mellen said has been considered a “solved problem” in the cybersecurity world for a decade.“It points to a chronic product security issue in Kaseya’s software that remains unaddressed seven years later,” she said. “When organizations choose to brush over security challenges, the incidents continue, and, as in this case, get worse.”Kaseya has noted that it’s long been a target because many of its direct customers are “managed-services providers” that host IT infrastructure for hundreds, if not thousands, of other businesses.“In the business we’re in, and the number of endpoints we manage around the world, as you might expect, we take security extremely seriously,” Ronan Kirby, president of the company’s European operations, said at a Belgian cybersecurity conference Thursday. “You attack a company, you get into the company. You attack a service provider, you get into all their customers. You get into Kaseya, that’s a very different proposition. So obviously we’re an attractive target.”Kaseya declined to answer questions from The Associated Press about the previous hacks or the legal dispute involving its founders.Mark Sutherland and Paul Wong co-founded Kaseya in California in 2000. They had previously worked together on a project protecting the email accounts of U.S. intelligence workers at the National Security Agency, according to an account on the company’s website.But more than a year after selling Kaseya in June 2013, court records show that Sutherland, Wong and two other former top executives sued the company to recoup $5.5 million in stock buybacks they said they were unfairly denied.At the heart of the dispute was an attack by hackers who used Kaseya’s VSA as a conduit to deploy “Litecoin” mining malware, which secretly hijacks a victim computer’s power to make money for the hacker by processing new cryptocurrency payments.Kaseya publicly disclosed the attacks in a March 2014 notice to customers. Privately, it was blaming the company’s previous leadership for not warning about “serious vulnerabilities” in Kaseya’s software. It sought to deprive them of the final $5.5 million of the acquisition price to compensate for the loss of business and damaged reputation.The founders, in turn, blamed the new leadership for scaling back on coding expertise and eliminating a “hotfix” system for rapidly fixing bugs, according to the lawsuit from Sutherland, Wong, former CEO Gerald Blackie and former Chief Operating Officer Timothy McMullen.They also argued that the SQL injection technique used by the hackers was highly common and “inherent in any computer code” that uses the SQL programming language.“Ensuring that each and every piece of database access code is immune to SQL injection is essentially impossible,” said their lawsuit. Mellen and Moussouris both rejected that assertion.“That is a bold statement and provably false,” Moussouris said. “It highlights the fact they lacked the security knowledge and sophistication to protect their users.”None of the plaintiffs or their lawyers responded to requests for comment. They agreed to dismiss the case in December 2013, just a month after they filed it. It’s not clear how it was settled. Kaseya is privately held.LinkedIn profiles for Sutherland and Wong list them as retired, with Sutherland also growing wine grapes. Blackie went on to become CEO of another Miami-based provider of remote-control software, Pilixo, where he was joined by McMullen. Pilixo didn’t return a request for comment.New vulnerabilities affecting Kaseya’s VSA — including the one exploited by the REvil ransomware gang — were discovered this year by a Dutch cybersecurity research group that says it confidentially warned Kaseya in early April. “In the wrong hands, these vulnerabilities could lead to the compromise of large numbers of computers managed by Kaseya VSA,” the Dutch Institute for Vulnerability Disclosure said in a blog post last week explaining the timeline of its actions.Some of those Kaseya fixed by May, including another SQL injection flaw, but the Dutch group said others were still unpatched when ransomware started hitting hundreds of businesses in early July. Kaseya has said up to 1,500 businesses have been compromised as a result of the attack. Kaseya on Sunday rolled out patches to the vulnerabilities used in the REvil attack.Moussouris said there’s a pattern of ransomware syndicates going after easily detectable software flaws.“It’s collective technical debt around the world and the ransomware gangs are technical debt collectors,” she said. “They’re coming after organizations like Kaseya” and others that haven’t invested in better security.———This article has been corrected to note that news of a court case involving Kaseya and its founders was previously described in a 2015 technical blog post.

Ransomware attack before holiday leaves companies scrambling

Ransomware attack before holiday leaves companies scrambling

Businesses around the world rushed Saturday to contain a ransomware attack that has paralyzed their computer networks, a situation complicated in the U.S. by offices lightly staffed at the start of the Fourth of July holiday weekend.It’s not yet known how many organizations have been hit by demands that they pay a ransom in order to get their systems working again. But some cybersecurity researchers predict the attack targeting customers of software supplier Kaseya could be one of the broadest ransomware attacks on record.It follows a scourge of headline-grabbing attacks over recent months that have been a source of diplomatic tension between U.S. President Joe Biden and Russian President Vladimir Putin over whether Russia has become a safe haven for cybercriminal gangs.Biden said Saturday he didn’t yet know for certain who was responsible but suggested that the U.S. would respond if Russia was found to have anything to do with it.“If it is either with the knowledge of and or a consequence of Russia then I told Putin we will respond,” Biden said. “We’re not certain. The initial thinking was it was not the Russian government.”Cybersecurity experts say the REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attack that targeted the software company Kaseya, using its network-management package as a conduit to spread the ransomware through cloud-service providers.“The number of victims here is already over a thousand and will likely reach into the tens of thousands,” said cybersecurity expert Dmitri Alperovitch of the Silverado Policy Accelerator think tank. “No other ransomware campaign comes even close in terms of impact.”The cybersecurity firm ESET says there are victims in least 17 countries, including the United Kingdom, South Africa, Canada, Argentina, Mexico, Kenya and Germany.In Sweden, most of the grocery chain Coop’s 800 stores were unable to open because their cash registers weren’t working, according to SVT, the country’s public broadcaster. The Swedish State Railways and a major local pharmacy chain were also affected.Kaseya CEO Fred Voccola said in a statement that the company believes it has identified the source of the vulnerability and will “release that patch as quickly as possible to get our customers back up and running.”Voccola said fewer than 40 of Kaseya’s customers were known to be affected, but experts said the ransomware could still be affecting hundreds more companies that rely on Kaseya’s clients that provide broader IT services.John Hammond of the security firm Huntress Labs said he was aware of a number of managed-services providers — companies that host IT infrastructure for multiple customers — being hit by the ransomware, which encrypts networks until the victims pay off attackers.“It’s reasonable to think this could potentially be impacting thousands of small businesses,” said Hammond, basing his estimate on the service providers reaching out to his company for assistance and comments on Reddit showing how others are responding.At least some victims appeared to be getting ransoms set at $45,000, considered a small demand but one that could quickly add up when sought from thousands of victims, said Brett Callow, a ransomware expert at the cybersecurity firm Emsisoft.Callow said it’s not uncommon for sophisticated ransomware gangs to perform an audit after stealing a victim’s financial records to see what they can really pay, but that won’t be possible when there are so many victims to negotiate with.“They just pitched the demand amount at a level most companies will be willing to pay,” he said.Voccola said the problem is only affecting its “on-premise” customers, which means organizations running their own data centers. It’s not affecting its cloud-based services running software for customers, though Kaseya also shut down those servers as a precaution, he said.The company added in a statement Saturday that “customers who experienced ransomware and receive a communication from the attackers should not click on any links — they may be weaponized.”Gartner analyst Katell Thielemann said it’s clear that Kaseya quickly sprang to action, but it’s less clear whether their affected clients had the same level of preparedness.“They reacted with an abundance of caution,” she said. “But the reality of this event is it was architected for maximum impact, combining a supply chain attack with a ransomware attack.”Supply chain attacks are those that typically infiltrate widely used software and spread malware as it updates automatically.Complicating the response is that it happened at the start of a major holiday weekend in the U.S., when most corporate IT teams aren’t fully staffed.That could also leave those organizations unable to address other security vulnerabilities, such a dangerous Microsoft bug affecting software for print jobs, said James Shank, of threat intelligence firm Team Cymru.“Customers of Kaseya are in the worst possible situation,” he said. “They’re racing against time to get the updates out on other critical bugs.”Shank said “it’s reasonable to think that the timing was planned” by hackers for the holiday.The U.S. Chamber of Commerce said it was affecting hundreds of businesses and was “another reminder that the U.S. government must take the fight to these foreign cybercriminal syndicates” by investigating, disrupting and prosecuting them.The federal Cybersecurity and Infrastructure Security Agency said in a statement that it is closely monitoring the situation and working with the FBI to collect more information about its impact.CISA urged anyone who might be affected to “follow Kaseya’s guidance to shut down VSA servers immediately.” Kaseya runs what’s called a virtual system administrator, or VSA, that’s used to remotely manage and monitor a customer’s network.The privately held Kaseya is based in Dublin, Ireland, with a U.S. headquarters in Miami.REvil, the group most experts have tied to the attack, was the same ransomware provider that the FBI linked to an attack on JBS SA, a major global meat processor forced to pay a $11 million ransom, amid the Memorial Day holiday weekend in May.Active since April 2019, the group provides ransomware-as-a-service, meaning it develops the network-paralyzing software and leases it to so-called affiliates who infect targets and earn the lion’s share of ransoms.U.S. officials have said the most potent ransomware gangs are based in Russia and allied states and operate with Kremlin tolerance and sometimes collude with Russian security services.Alperovitch said he believes the latest attack is financially motivated and not Kremlin-directed.However, he said it shows that Putin “has not yet moved” on shutting down cybercriminals within Russia after Biden pressed him to do so at their June summit in Switzerland.Asked about the attack during a trip to Michigan on Saturday, Biden said he had asked the intelligence community for a “deep dive” on what happened. He said he expected to know more by Sunday.———AP reporters Frank Bajak in Boston, Eric Tucker in Washington and Josh Boak in Central Lake, Michigan contributed to this report.

Ransomware attack before holiday leaves companies scrambling

Ransomware attack before holiday leaves companies scrambling

Businesses are rushing to contain a ransomware attack that has paralyzed their computer networks, a situation complicated in the U.S. by offices lightly staffed at the start of the Fourth of July holiday weekendBy MATT O’BRIEN AP Technology WriterJuly 3, 2021, 6:06 PM• 4 min readShare to FacebookShare to TwitterEmail this articleBusinesses rushed Saturday to contain a ransomware attack that has paralyzed their computer networks, a situation complicated in the U.S. by offices lightly staffed at the start of the Fourth of July holiday weekend.In Sweden, most of the grocery chain Coop’s 800 stores were unable to open because their cash registers weren’t working, according to SVT, the country’s public broadcaster. The Swedish State Railways and a major local pharmacy chain were also affected.Cybersecurity experts say the REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attack that targeted a software supplier called Kaseya, using its network-management package as a conduit to spread the ransomware through cloud-service providers.Kaseya CEO Fred Voccola said in a statement that the company believes it has identified the source of the vulnerability and will “release that patch as quickly as possible to get our customers back up and running.”John Hammond of the security firm Huntress Labs said he was aware of a number of managed-services providers — companies that host IT infrastructure for multiple customers — being hit by the ransomware, which encrypts networks until the victims pay off attackers.“It’s reasonable to think this could potentially be impacting thousands of small businesses,” said Hammond, basing his estimate on the service providers reaching out to his company for assistance and comments on Reddit showing how others are responding.Voccola said fewer than 40 of Kaseya’s customers were known to be affected, but the ransomware could still be affecting hundreds more companies that rely on Kaseya’s clients that provide broader IT services.Voccola said the problem is only affecting its “on-premise” customers, which means organizations running their own data centers. It’s not affecting its cloud-based services running software for customers, though Kaseya also shut down those servers as a precaution, he said.The company added in a statement Saturday that “customers who experienced ransomware and receive a communication from the attackers should not click on any links — they may be weaponized.”Gartner analyst Katell Thielemann said it’s clear that Kaseya quickly sprang to action, but it’s less clear whether their affected clients had the same level of preparedness.“They reacted with an abundance of caution,” she said. “But the reality of this event is it was architected for maximum impact, combining a supply chain attack with a ransomware attack.”Supply chain attacks are those that typically infiltrate widely used software and spread malware as it updates automatically.Complicating the response is that it happened at the start of a major holiday weekend in the U.S., when most corporate IT teams aren’t fully staffed.That could also leave those organizations unable to address other security vulnerabilities, such a dangerous Microsoft bug affecting software for print jobs, said James Shank, of threat intelligence firm Team Cymru.“Customers of Kaseya are in the worst possible situation,” he said. “They’re racing against time to get the updates out on other critical bugs.”Shank said “it’s reasonable to think that the timing was planned” by hackers for the holiday.The federal Cybersecurity and Infrastructure Security Agency said in a statement that it is closely monitoring the situation and working with the FBI to collect more information about its impact.CISA urged anyone who might be affected to “follow Kaseya’s guidance to shut down VSA servers immediately.” Kaseya runs what’s called a virtual system administrator, or VSA, that’s used to remotely manage and monitor a customer’s network.The privately held Kaseya is based in Dublin, Ireland, with a U.S. headquarters in Miami.REvil, the group most experts have tied to the attack, was the same ransomware provider that the FBI linked to an attack on JBS SA, a major global meat processor, amid the Memorial Day holiday weekend in May.Active since April 2019, the group provides ransomware-as-a-service, meaning it develops the network-paralyzing software and leases it to so-called affiliates who infect targets and earn the lion’s share of ransoms.The Brazil-based meat company said it paid the equivalent of a $11 million ransom to the hackers, escalating calls by U.S. law enforcement to bring such groups to justice.

Microsoft debuts Windows 11, first major update in 6 years

Microsoft debuts Windows 11, first major update in 6 years

Microsoft has unveiled the next generation of its Windows software, called Windows 11, that has a new “start menu” and other featuresBy MATT O’BRIEN AP Technology WriterJune 24, 2021, 6:27 PM• 3 min readShare to FacebookShare to TwitterEmail this articleREDMOND, Wash. — Microsoft has unveiled the next generation of its Windows software, called Windows 11, that has sleeker visual features and is more open to third-party apps.The newest version of Microsoft’s flagship operating system announced Thursday will be a successor to today’s Windows 10, which the company introduced in 2015.In a challenge to rival Apple, the company also announced that it won’t force app developers to pay fees to Microsoft for using its app store; and that Google’s popular Android apps will run on its new system.Windows 11 is expected to become available later this year on new computers and other devices and as a free update for those with Windows 10. It includes a host of cosmetic upgrades, such as a new Start button, a revamped task bar and sounds, and under-the-hood features designed to boost speed and efficiency.While opening more doors to third-party developers, it also further entrenches Microsoft’s workplace chatting tool Teams by making it easier to contact people when starting up.Forrester analyst J.P. Gownder said the aesthetic, user-friendly improvements reflect CEO Satya Nadella’s promise to build products that people will “love,” not tolerate, though Gownder questioned whether Windows 11 is truly a new generation of software. The fact that it is built on the same core code base as Windows 10 might actually be a good thing, he added, because it could avoid the technical glitches that plagued the release of Windows Vista in 2007.Microsoft’s virtual announcement event was itself affected by technical difficulties Thursday, forcing the company to recommend some viewers watch it on Twitter instead.When it launched Windows 10 six years ago, Microsoft was hoping that the new operating system would help it rebuild loyalty among users who were increasingly relying on tablets, smartphones and other devices.Windows has been a PC workhorse for decades. Its first version launched in 1985, offering computer novices a “graphical user interface” so they could click on icons and menus with a mouse button rather than simply type commands into a blank screen.It’s been a core part of Microsoft’s business ever since, though its influence waned as PC sales declined with the rise of smartphones.Microsoft said it would allow developers to bypass the payments system in its app store if they have their own commerce engine.That could create problems for Apple, which has faced government scrutiny over its app store and a legal battle from Epic, the maker of the popular Fortnite game, which contends Apple has been gouging app makers by charging commissions ranging from 15% to 30% for in-app transactions because it forbids other options on its iPhone, iPad and iPod.“I believe this will be problematic for Apple in its antitrust dealings,” said tech analyst Patrick Moorhead. “Apple charging 30% in its store and Microsoft charging 0% and 15% if you use its commerce engine. Global antitrust units are currently scrutinizing Apple on this very point.”Moorhead said the easier access to third-party apps, combined with the better user interface promised with Windows 11, could help Microsoft get a stronger hold in the premium tablet market, now dominated by the iPad.

Page 1 of 212