F-Secure Labs’ latest white paper highlights CozyDuke as part of an ongoing series of Advanced Persistent Threats targeting governments and other large organizations.
Delhi, India– April 30, 2015: A new malware analysis from F-Secure Labs points to CozyDuke as a continuing menace facing governments and other large organizations. CozyDuke is an Advanced Persistent Threat (APT) toolkit that uses combinations of tactics and malware to compromise and steal information from its targets, and the new analysis links it to other APTs responsible for a number of high profile attacks.
According to the analysis, CozyDuke shares command and control resources with the prominent MiniDuke and OnionDuke APTs. F-Secure Labs has attributed several high-profile attacks to these APT platforms, including malicious attacks against people using a Russian Tor exit node, and targeted attacks against NATO and a number of European government agencies.* CozyDuke utilizes much of the same infrastructure as these other platforms and employs components with encryption algorithms similar to those used by OnionDuke, linking the same technology to different campaigns.
“All of these threats are related to one another and share resources, but they’re built a little bit differently to make them more effective against particular targets”, says F-Secure Security Advisor Sean Sullivan. “The interesting thing about CozyDuke is that it’s being used against a more diverse range of targets. Many of its targets are still Western governments and institutions, but we’re also seeing it being used against targets based in Asia, which is a notable observation to make”.
CozyDuke and its associates are believed to originate from Russia**. The attackers establish a beachhead in an organization by tricking employees into doing something such as opening an attachment in an e-mail that distracts users with a decoy file (like a PDF or a video), allowing CozyDuke to infect their system without being noticed. Attackers can then perform a variety of tasks by using different payloads compatible with CozyDuke, and this can let them gather passwords and other sensitive information, remotely execute commands, or intercept confidential communications.
Sullivan acknowledges there’s not yet sufficient evidence to definitively conclude what the attackers’ true identities and motives are, but he is quite confident that they are the same people responsible for attacks attributed to OnionDuke and MiniDuke. “CozyDuke has actually been around since 2011, but it’s something that’s been developing so it keeps on changing. This tells us that a group or groups have been investing time and money to nurture these tools, so figuring out what they’re after now is really what we need to be focusing on”.
The white paper also notes that CozyDuke checks for cyber security software before establishing its infection, and certain types of software can cause it to abandon the attack. The white paper, penned by F-Secure Threat Intelligence Analyst Artturi Lehtiö, is free and available for download from F-Secure’s website.
AXIS A8004-VE Network Video Door Station is an open IP-based door station for two-way communication, high-definition video and remote entry control. It is an ideal complement to any surveillance installation and offers new levels of security for effective identification and entry control.
“Axis has a proven track record of bringing product innovation to the security and surveillance market. With AXIS A8004-VE we will provide our customers with an easy to install video door station that extends the capabilities of the security system. AXIS A8004-VE allows our customers to quickly and easily identify and communicate with persons at the door and securely let them in. This is a perfect complement to any surveillance system and as easy to install as any network camera,” said Peter Lindström, Director of New Business at Axis Communications.
AXIS A8004-VE is a weather- and vandal-proof video door station suitable for both indoor and outdoor installations. The door station comes with a high-performing intercom function that provides clear and echo-free two-way speech with visitors and an integrated HDTV camera with WDR and excellent low-light performance. The unit offers reliable 24/7 identification of visitors even in the most challenging environments. Power over Ethernet allows for installation with a single network cable and provides sufficient power to support and control most standard door locks directly from the unit.
For small- to mid-sized installations, such as retail stores and offices,
AXIS A8004-VE will help improve security of the premises and simplify everyday operations. The door station makes it possible to communicate and identify visitors and enables remote entry control from an IP-desk phone, a mobile device or directly in a Video Managment System (VMS).
For enterprise installations, such as airports or larger industries where integration of different systems such as video surveillance, access control, IP telephony are needed, AXIS A8004-VE is based on open standards and Application Programming Interfaces (APIs). By being fully compliant with ONVIF, VAPIX and SIP the product is easy to integrate with other systems. This enables Axis’ Application Development Partners to provide solutions that meet specific customer requirements.
“Genetec’s vision to offer customers a holistic approach to security management that includes video surveillance, access control and SIP-based communications through our Security Center software, coupled with the seamless integration of the AXIS A8004-VE Network Video Door Station, will ensure end users attain a greater level of situational awareness. Not only will they be able to respond to incoming calls while viewing live video from AXIS A8004-VE, but they will also be able to take action from a single unified interface, such as unlocking a door or locking down a facility” said Jimmy Palatsoukas Senior Manager, Product Marketing, Genetec.
The product will be supported in AXIS Camera Station 4.20 planned for launch in May and AXIS Video Hosting System (AVHS). Video management software from Axis’ Application Development Partners such as Aimetis, Genetec, Honeywell, Milestone and SeeTec will have full support for AXIS A8004-VE.
Further features of the AXIS A8004-VE Network Video Door Station include:
• Acoustic echo cancelation and noise reduction
• Multiple inputs and outputs for remote control of doors-locks and other equipment
• Support for third party mobile application for identification and remote entry
Software developers try on Apple watch
Software developers who tried on an Apple Watch for the first time on Friday predicted a rush of new apps over the next few months, particularly in areas including health and messaging. Developers, who had been limited to using software simulators of the watch, discovered new possibilities.
Ross Cohen, chief operating officer of BeenVerified.com, which makes a caller ID app for the watch, said he only realized on Friday that the watch goes on and off automatically as you raise or lower your wrist. The simulator did not have a microphone, leaving some developers to guess how well it could hear. Having the watch on hand will speed development, said Danielle Keita-Taguchi, marketing analyst at Y Media Labs, which has designed apps for companies like American Express, EMC and eBay.
“A lot of Fortune 500 companies really want to leverage this new technology quickly,” she said. “Health, transportation and social media will be the three main industries that will utilize the Apple Watch.” Tracking firm App Annie counted 3,061 total apps supporting Apple Watch on Friday. Some 10 per cent were games. Productivity apps were 8 per cent and lifestyle and health/fitness each accounted for 7 per cent. Ride-hailing service Uber had an app, as did sports network ESPN, microblogging platform Twitter, photo sharing service Instagram, tune-identifier Shazam and the Outlook email app from Microsoft Corp.
Infosys to buy US digital commerce firm Kallidus Inc for $120 million
InfosysBSE -5.95 % has agreed to buy Kallidus Inc, a US-based digital and mobile commerce solutions provider, for about $120 million in its second significant acquisition in the last three months. The acquisition price, which amounts to about Rs 750 crore in cash, includes a deferred component and retention bonuses, India’s second largest software firm said on Friday. The San Francisco headquartered Kallidus, which operates under the brand name Skava, provides ecommerce solutions like mobile websites, apps, digital catalogues and social commerce offerings through its platform. It could bring in a mix of service and license revenues to Infosys along with nearly 250 employees.
“This is a good move to take Infosys to the next level because they are not going to get much organic growth from here. Everybody in the industry has been talking about slowing growth,” said Deepak Shenoy, founder of financial analytics firm Capital Mind. Nine months since former SAP executive Vishal Sikka took over as CEO of Infosys, the company has made a push towards newer technologies and hasn’t been conservative in using its growing cash reserve. In February, Infosys had bought Israeli automation technology company Panaya for $200 million, or about Rs 1,250 crore, in cash. At the end of March 2015, Infosys had Rs 32,585 crore of cash and cash equivalents.
E-commerce companies flood Internet with ads
Thejesh GN, a Bangalore-based technologist, does not have a Facebook app on his phone, often browses on incognito mode and has installed a tool that detects and blocks spy ads and trackers. All this is to escape from the pervasive ads that have now begun to invade his online presence. But Thejesh knows it’s of little use. Given the proliferation of ecommerce companies in India, the barrage of ads are unlikely to stop. “It’s an everyday fight. There is no way to get rid of all these ads,” said Thejesh, cofounder of data science community Datameet. Thejesh represents a growing population of Internet users who are becoming aware of the risks that come with their online habits – specifically, having each data point of their everyday lives collected by companies and tech startups. This includes an individual’s IP address, browser type, pages viewed, and the date and time of use. On mobile, the data collected could be more elaborate and accurate – including a user’s location, device type and contact list.
Where does all this data go? Some are sold to brands via ad networks, and others are used by companies to streamline the ads shown to specific users. In India there are no rules or guidelines explicitly regulating online behavioural advertising, and thus it is not clear what practices different companies and internet service providers (ISPs) undertake, what information is collected, how the information is used, how long the info the information is stored for, and what access law enforcement has to this information, the Center for Internet and Society said in a report titled ‘Consumer Privacy’.
Siddharth Shankar, a student of statistics from Patna University, who is also learning ethical hacking, is of the view that few people care about privacy in India. “Their simple reply: What will they do with our data?” said Shankar, who takes steps similar to Thejesh to protect his privacy online. More people seem to be waking up to the fact that privacy is important and that ads are intrusive. Of the 50 million users who block ads using AdBlock Plus, about 1.2 million are from India. AdBlock Plus, a mobile and browser tool, recently won a case against two publishers in Germany who wanted it to stop blocking ads on their websites.
During the first nine months of his tenure as the CEO and MD, Vishal Sikka has made a few glaring changes. Some are hard to miss – giving up the habit of being the first to declare the quarterly results among the top IT players and to shift the results announcement timing from early in the morning to well into the afternoon.
Others are more subtle – improving employee engagement through more transparent recognition of efforts and to reward shareholders more often with higher dividends and bonus shares.And, while investors will fret over the company’s poorer than expected quarterly performance – the stock fell by 6% on Friday after the revenue dropped sequentially by 2.6% to $2,159 million in the fourth quarter against the expectation of a near flat growth – Sikka seems to be well on his way to achieve the goal to start reporting better growth than peers once again by 2017.
For starters, Sikka has achieved something during the fourth quarter that was missing since the past few quarters. The difference between the employees who joined the company during the quarter and those who quit, known as attrition, fell to a nine quarter low of 7,922 after reaching a high of 10,627 in the June 2014 quarter. Soon after assuming charge, Sikka had promoted nearly 5,000 employees in August 2014 in a bid to curb attrition.
The second important factor is that the company has been able to retain the operating margin (EBIT margin) in a band of 24-26% after reporting wild swings two years ago. In addition, the margin improved by 190 basis points to 25.9% in FY15 from the previous year. This was without much help from the topline, which grew by just 5.6% in dollar terms compared with a much faster 11.6% growth in FY14. The improved margin reflects higher operating efficiency thereby giving more legroom to invest for future growth amid decelerating revenue.
VC fund mulls to step up investments in India's software sector
US-based New Enterprise Associates (NEA), which raised $3.1 billion last week in the world’s largest venture capital fund, is looking to step up investments in India after going slow over the last two or three years. The VC fund, which has backed startups such as Groupon and online storage service Box in the US, has said that it will look to sharpen its focus on technology related themes.
“Over the last few years, when India was going through its worst crisis, we were very selective, but we will be much more open now,” Bala Deshpande, senior MD at NEA told ET. NEA, which raised over $2.5 billion in committed capital for the fourth consecutive time, has invested about $300 million in India till now from its previous two funds and has already started investing from the new fund, with a $10 million infusion in FirstCry. The firm set up its In dia office over seven years ago and has since then built up a portfolio of over a dozen companies.
Ramco Systems provides aviation solutions to Malaysia Airlines
Malaysia Airlines has deployed a full suite of aviation solutions by an Indian IT firm to provide maintenance, repair and overhaul support for over 145 aircraft, improving efficiency and enabling airworthiness. Ramco SystemsBSE -4.76 %, headquartered in Chennai, achieved the deployment in a record time span of 11 months. The process will further improve efficiency and enable continuous airworthiness, thereby reducing aircraft on-ground time, the company said. The suite includes solutions for maintenance and engineering, procurement, advanced planning and optimisation, advanced reliability and Loadable Software Aircraft Parts. The IT firm has equipped some 300 Malaysia Airlines engineers system-wide to access a future-ready enterprise software that allows them to automate or streamline many engineering functions, simplify compliance checks, and improve inventory management and hangar maintenance, said the airline. By using bar code-enabled features and automation, the national carrier of Malaysia is now able to dramatically reduce time taken to move spares from suppliers to warehouses and hangars worldwide, said Ramco. Billing and compliance with multiple regulator functions will enable Malaysia Airlines to improve efficiency and scale-up its maintenance, repair and overhaul business to address third-party airlines worldwide. By July this year, another 800 airline engineering and operational staff will be connected to the Ramco platform.
Will help Brightleaf develop next-generation semantic intelligence engine
Pune based global consulting and solutions integration company, Nihilent today announced its agreement to partner with Massachusetts headquartered Brightleaf Solutions, Inc. in developing Brightleaf’s new, advanced platform for legal document abstraction.
With 1,500 employees world-wide, Nihilent, has deep expertise in data analytics and natural language processing, and is uniquely positioned to co-develop Brightleaf’s solution. Nihilent has been certified with ISO 9001:2008 and is benchmarked at CMMI DEV L5, with an in-house team of Sigma Black belts, Lean specialists, and High Maturity Level Appraisers. The company operates in a wide range of business verticals including BFSI, Supply Chain and Logistics, Mobile Computing and Telecommunications, Media and Entertainment, Government and State-run Enterprises, Technology and related services, Healthcare, Small and Medium Enterprises (SMEs).
“Brightleaf complements our other relationships in U.S.-based technology startups, particularly in the areas of analytics and business intelligence.” stated Minoo Dastur, President and COO of Nihilent. “They have identified an emerging source of important business data, legal documents, that allows enterprise clients to better understand their constituents: customers, vendors, and partners. Delivering valuable insights is a core component of Nihilent’s services.”
According to Samir Bhatia, CEO of Brightleaf Solutions “We’re thrilled to be a Nihilent partner company. Together, we’ve defined the architecture for Brightleaf’s new automated abstraction platform. The development team has been assembled, and it includes some very high level, senior Nihilent architects and technical staff. We are planning delivery for Q1 2015.”
Nihilent is one of the leading companies offering solutions that aid data driven decision making. In legal document abstraction, accessing the commercial terms, legal provisions, and obligations across thousands of legal contracts yield important information about a corporation’s operations. Brightleaf uses advanced semantic intelligence software to analyze many thousands of disparate, text-based contract files to abstract and distill all the key attributes into an easily searchable, structured database.
Texas Instruments Incorporated (TI) (NASDAQ: TXN) today announced 16 of the company’s more than 10,000 suppliers will receive its annual Supplier Excellence Award (SEA), the company’s highest level of supplier recognition, for delivering outstanding products, service and support. The recipients were selected based on a variety of attributes, including cost, environmental and social responsibility, technology, responsiveness, assurance of supply and quality.
“As a global semiconductor company focused on Analog and Embedded Processing, TI is committed to designing, manufacturing, testing and selling technologies that change the way people live their lives. Our most critical suppliers, like the 2014 SEA winners, are essential to our success,” said Rob Simpson, vice president of TI Worldwide Procurement and Logistics. “Along with our more than 100,000 customers, we expect world-class performance and execution from our suppliers. These winners have demonstrated outstanding commitment and ability to support and provide value to TI.”
The 16 SEA recipients – along with the products or services they provide to TI – are:
· ASM America, Inc. – Wafer fab equipment and spares: Epi
· Axcelis Technologies – Wafer fab equipment and spares: implanters and ashers
· BASF SE – Chemicals
· DB SCHENKER – Transportation
· DISCO Corporation – Assembly equipment, spares, and indirect material
· Golin – Public relations and media relations agency services
· Kyocera America, Inc. – DLP ceramic substrates
· NGK SPARK PLUG CO., LTD. – Rigid substrates
· Phoenix Silicon International Corporation – Thin back grind and back metal processing
· Siltronic – Silicon wafers
· Soliton Technologies – Engineering services
· Sumitomo Bakelite Co., Ltd. – Mold compound
· Talent 101, Inc. – Staffing services
· TOKYO OHKA KOGYO CO., LTD. – Resist and developer
· Toppan Photomasks, Inc. – Photomasks
· United Test and Assembly Center Ltd. – Assembly and test services
For more information regarding the winners, visit wpl.ext.ti.com.
India Electronics and Semiconductor Association (IESA), the premier industry body representing the Indian Electronic System Design & Manufacturing (ESDM) industry today announced its new Executive Council (EC) for the year 2015-16.
Mr. Vinay Shenoy, Vice President & Managing Director, Infineon Technologies India Pvt. Ltd. has taken over the role of Chairman for 2015-16, he was the Vice Chairman for 2014-15. Mr. K. Krishnamoorthy, Managing Director, Rambus Chip Technologies (I) Pvt. Ltd., would be the new Vice Chairman of IESA and Mr. Santhanakrishnan Raman, Managing Director, LSI India R&D Pvt. Ltd., an Avago Technologies Company will serve as the new Treasurer.
Vinay has more than two decades of experience in Indian Semiconductor and Electronics Industries. He has been associated with the sector since its nascent stages. His experience spans across Telecom, Digital Broadcasting and Consumer Electronics markets. In the past, he has worked with some of the major players in India’s semiconductors and Electronics such as Texas Instruments, NXP, Philips Electronics and SemIndia at senior levels.
The newly elected Executive Council members are Mr. Ashwini Aggarwal, Director – Govt. Affairs, Applied Materials India Pvt. Ltd., Mr. Guru Ganesan, President & Managing Director, ARM Embedded Technologies Pvt. Ltd. and Mr. Vikram Labhe, Sr. Managing Director, India, PMC –Sierra India (P) Ltd.
Mr. Ashok Chandak, Senior Director, Global Sales and Marketing at NXP Semiconductors, who was the previous Chairman at IESA would continue on the Executive Council in his capacity as Advisor. Other members who continue to be on the Council are Mr. Ganesh Guruswamy, MD, SanDisk India, Mr. Jaswinder Ahuja, MD, Cadence Design Systems, Ms. Kumud Srinivasan, President, Intel India, and Dr. Satya Gupta, Founder and CEO, Concept2Silicon Systems.
M N Vidyashankar, President, India Electronics and Semiconductor Association (IESA) said, “There have been a host of significant developments in the ESDM sector and we thank Ashok Chandak who has played a pivotal role in aligning IESA’s agenda with the government and industry. We welcome Vinay Shenoy as the new chairman and look forward to collaboratively work towards building a fabulous ESDM eco-system and stronger platform for entrepreneurs and industry players. We can proudly state that India today has the best ‘Policy environment for the Electronics sector’ than any other country.”
Speaking on his appointment, Vinay Shenoy, Vice President & Managing Director, Infineon Technologies India Pvt. Ltd. said, “I humbly accept this great honour to serve India’s semiconductor and electronics industry body as IESA’s chairman. India’s ESDM sector has been undergoing tremendous transformation over the past few years and 2014 was a milestone year in terms of setting the right policy environment in place. 2015-16 will be key in translating those policy benefits into real action and bringing large scale investments. At the helm of IESA, I look forward to work with the Government, Industry players, Academia and all other stake-holders to take India’s ESDM sector to new heights.”
IESA has been instrumental in putting forward favourable policies for electronics and semiconductor ecosystem. The industry body has been committed towards building global awareness for the Indian ESDM industry and supporting its progress through focused initiatives. IESA has been aggressively working towards government initiatives like ‘Make in India’ and ‘Digital India’ and has partnered with international associations like TEEMA, TCA and SSIA to bring high value growth in India’s ESDM sector. The executive council will continue working towards achieving the vision laid down collectively by the association member community.
Lenovo, the world’s largest PC maker and an emerging PC Plus leader, announced the introduction of Deal Registration System (DRS) – DRS 2.0, an easy-to-use platform that builds a direct online connection between Lenovo and its commercial business partners. This initiative aims to equip the partner with updated information, provide exclusivity and reduce the turn-around time from client identification to closure of business.
DSR 2.0 is a free platform and can be accessed on any web browser and mobile handsets. The platform builds on the first version of the platform DSR 1.0 that was launched last year and adds several features that not only increase functionality, speed and transparency but also provide a lag-free engagement. Once registered on to the platform, a partner can avail a plethora of benefits from best deals on a prospective client, streamline the process by exclusively locking in the client with Lenovo and have free access to CRM solutions.
Commenting on the launch, Nitin Garg, Channel Head, Commercial Business Segment, Lenovo India said, “We at Lenovo are strongly committed to our partners and strive towards strengthening our relationship with them. DRS 2.0 is yet another endeavour from Lenovo to ensure its partners receive the best possible opportunity. With this launch, we not only make our engagement with our partners seamless but also empower them and provide them with a tangible edge in their business.”
DSR 2.0 provides three distinct benefits to partners once they register onto the platform.
1. Best deals: Once a participating partner registers the details of the prospective deal, they have access to best rates and deals for the opportunity, thus increasing their probability to win with Lenovo.
2. Clarity of business: A registered partner gets to lock-in a prospective client on the platform for a period of 90 days, provided the same client is not already locked-in. During this period, Lenovo will offer all the necessary support related to the client only to that registered partner.
3. CRM Support: A key addition is the free access to the CRM solution within DRS 2.0, helping partners maintain records, review transactions and access detailed chronological data.
For Lenovo, channel partners form a crucial component to business growth. To help build, strengthen and sustain their relationship with this community, Lenovo has designed this platform. Through DRS 2.0 Lenovo will be able to expand its partner ecosystem and grow its business.
Cyber attacks to fall in 2015
The volume of cyber attacks are expected to decline in 2015, but will become more sophisticated with such intrusions targeting specific sectors like healthcare, says the cyber security solutions firm Websense.
According to Websense’s cybersecurity predictions for 2015, as mobile apps are using auto-login capability these devices will face more attacks from cyber criminals for more credential-stealing or authentication attacks that can be used at a later date.
“The nature of cyber attacks is changing with criminals going for personally identifiable information (PII), which can be used at a later date. Such attacks are expected to escalate as we go ahead,” Websense Manager Sales Ajay Dubey told .PII is an information that can be used to uniquely identify, contact or locate a single person.Cybercriminals are using PII to get answers to security questions that are used to verify a user’s identity. Also they keep this information with them and use it at a later date or also try to use the victim’s profile to get personal information of their contacts, family or friends, he added.
The report states that healthcare sector will see a rise in data stealing attack campaigns as the records hold a treasure trove of PII that can be used in a multitude of attacks and various types of fraud.”In an environment still transitioning millions of patient records from paper to digital form, many organisations are playing catch-up when it comes to the security challenge of protecting personal data. As a result, cyber-attacks against this industry will increase.” it added.
The report further said with auto-login capability of mobile apps, mobile devices will increasingly be targeted for broader credential-stealing or authentication attacks to be used at a later date.
New artificial intelligence software boosts web searches
Scientists have created an artificial intelligence software that uses photos to locate documents on the Internet with far greater accuracy than ever before. The new system, which was tested on photos and is now being applied to videos, shows for the first time that a machine learning algorithm for image recognition and retrieval is accurate and efficient enough to improve large-scale document searches online. The system developed by researchers at Dartmouth College, Tecnalia Research and Innovation and Microsoft Research Cambridge, uses pixel data in images and potentially video – rather than just text – to locate documents.
It learns to recognise the pixels associated with a search phrase by studying the results from text-based image search engines. The knowledge gleaned from those results can then be applied to other photos without tags or captions, making for more accurate document search results.
“Images abound on the Internet and our approach means they’ll no longer be ignored during document retrieval,” said Associate Professor Lorenzo Torresani, co-author of the study.”Over the last 30 years, the Web has evolved from a small collection of mostly text documents to a modern, gigantic, fast-growing multimedia dataset, where nearly every page includes multiple pictures or videos. When a person looks at a Web page, she immediately gets the gist of it by looking at the pictures in it,” said Torresani.
Prev1...456Next Page 5 of 6