More stories

  • in

    US and Bulgarian authorities disrupt NetWalker ransomware operation

    Image: McAfee, ZDNet
    Law enforcement agencies from Bulgaria and the US have disrupted this week the infrastructure of NetWalker, one of 2020’s most active ransomware gangs.

    Bulgarian officials seized a server used to host dark web portals for the NetWalker gang, while officials in the US indicted a Canadian national who allegedly made at least $27.6 million from infecting companies with the NetWalker ransomware.
    The seized servers were used to host pages where victims of NetWalker attacks were redirected to communicate with the attackers and negotiate ransom demands.
    The same server also hosted a blog section where the NetWalker gang would leak data they stole from hacked companies, and which refused to pay the ransom demand — as a form of revenge and public shaming.

    Image: ZDNet
    Details about the Canadian national indicted today are not yet available beyond his name and residence — Sebastien Vachon-Desjardins, of Gatineau.
    Vachon-Desjardins is currently believed to be an “affiliate,” a person who rented the ransomware code from the NetWalker creator.
    This type of business is called Ransomware-as-a-Service, or RaaS, and is a common setup employed by many ransomware gangs today.

    Prior to today’s takedown, NetWalker operated through topics posted on several underground forums by a user named Bugatti. This user advertised the ransomware’s features and looked for “partners” (aka affiliates) that would breach corporate networks, steal data to be used as leverage during negotiations, and install the ransomware to encrypt files.
    If victims paid, Bugatti and the affiliate would split the ransom payments according to a pre-negotiated agreement.
    According to US authorities, NetWalker has impacted at least 305 victims from 27 different countries, including 203 in the US.

    Image: Chainalysis
    A report from McAfee published in August 2020 claimed the NetWalker ransomware operation earned more than $25 million from ransom payments from March to July 2020 alone — a number that has gone up, as the gang continued to operate until today’s takedown.
    In a report published today, blockchain analysis firm Chainalysis updated that figure to more than $46 million for the entire 2020, putting NetWalker in the year’s top 5 grossing ransomware strains, next to Ryuk, Maze, Doppelpaymer, and Sodinokibi.

    Image: Chainalysis
    The same Chainalysis report also claims that Vachon-Desjardins also worked as an affiliate for other ransomware gangs, such as Sodinokibi, Suncrypt, and RagnarLocker.
    Besides charging the Canadian natioanl, the US DOJ also said it also managed to seize $454,530.19 in cryptocurrency believed to be linked to ransom payments made by three past NetWalker victims.
    The NetWalker disruption also comes on the same day that Europol and its partners announced a takedown of the Emotet botnet. More

  • in

    When you need more ports on your laptop or tablet, do this

    Working from home likely means you’re working on some form of laptop or tablet, and if it was made in the last couple of years, one thing’s for sure: It doesn’t have near enough ports to connect all of the accessories we’ve all come to rely on to get our jobs done. 

    In the last year, we’ve all been a bit deprived of different things, but we don’t have to be port constrained on our laptops. While I wish we didn’t have to use docks and hubs to address these deficiencies, I am not sure I would want to go back to the good old days when these laptops weighed five pounds, and you would break your back carrying them.
    However, because there are so many USB versions, many end-users can be confused about the underlying technology and what they need to improve their connectivity with their laptops and tablets. Let’s see if we can clear some of this up.
    The evolution of Universal Serial Bus (USB)
    Universal Serial Bus 1.0 was introduced by the USB Implementer’s Forum in January 1996 — that’s exactly 25 years ago. With that introduction, we got the USB-A connector, as well. It’s the rectangular-shaped receptacle, a one-way keyed connector that we all know. It’s also the connector that we use for thumb drives and device connectivity on legacy PCs and all kinds of peripherals and consumer electronics over two decades. It’s in our cars. It’s everywhere.
    USB 1.0
    Jan. 15, 1996
    Full Speed (12Mbit/s),
    Low Speed (1.5Mbit/s)

    Initial release
    USB 1.1
    August 1998
    Full Speed (12Mbit/s),
    Low Speed (1.5Mbit/s)

    USB 2.0
    April 2000
    High Speed (480Mbit/s)
    Significant speed improvements
    USB 3.0
    November 2008
    Superspeed USB (5Gbit/s)
    Also referred to as USB 3.1 Gen 1 and USB 3.2 Gen 1 × 1
    USB 3.1
    July 2013
    Superspeed+ USB (10Gbit/s)
    Includes new USB 3.1 Gen 2, also named USB 3.2 Gen 2 × 1 in later specifications
    USB 3.2
    August 2017
    Superspeed+ USB dual-lane (20Gbit/s)
    Includes new USB 3.2 Gen 1 × 2 and Gen 2 × 2 multi-link modes
    August 2019
    40Gbit/s (2-lane)
    Includes new USB 4 Gen 2 × 2 (64b/66b encoding) and Gen 3 × 2 (128b/132b encoding) modes and introduces USB 4 routing for tunnelling of USB3.x, DisplayPort 1.4a and PCI Express traffic and host-to-host transfers, based on the Thunderbolt 3 protocol

    The USB-C connector used with USB 3.x, 4.x, and Thunderbolt devices (left), versus the legacy USB-A connector (right), used for USB 1.x and USB 2.x devices.
    (Image: Jason Perlow/ZDNet)
    When that standard was introduced, USB 1.x had a maximum transfer rate of 12Mbps. Over the years, that increased to 480Mbps with USB 2.0 and 5Gbps on USB 3.x and, recently, 40Gbps on USB 4. The massive increase in bandwidth has allowed for things like computer monitors, ethernet cards, Wi-Fi adapters, and all sorts of other things to be connected to a PC without having to open it up and use up slots. Remember those?
    When USB 3.1 was introduced in 2013/2014, we also saw a new connector, the USB-C connector. That’s the small, reversible oval connector that we all now know and love. It is used primarily on Android smartphones, some iPad models, and PC and Mac laptops. But it’s making its way onto all kinds of consumer electronics.
    The port deficiency problem on modern laptops
    Currently, many laptops only have a USB-C connector on them. The biggest offender here is Apple’s MacBooks since the company has been very aggressive about ripping out ports over the years. Still, they are not the only ones. Companies like Dell, Lenovo, HP, and Microsoft have all been making their products thinner and streamlined. We are getting fewer ports from them due to a desire to make everything light and wirelessly connected.

    You’ll only get two USB-C/Thunderbolt 3/USB 4 ports on a 2020 M1 MacBook Pro.
    Jason Cipriani/ZDNet

    Apple’s current generation of x86 MacBooks has four USB-C connectors, and its latest M1 MacBooks only have two. Each of these connectors can function as a USB 3.0/4.0 port with a transfer rate of 20Gbps and as a Thunderbolt 3 port. 
    Thunderbolt, a standard created by Intel, is even faster. It can transfer data at up to 40Gbps. That means you could conceivably connect things like external graphics processors to a laptop with one of these ports if the operating system supports it. Or a high-speed 10Gbps network adapter, for example, if you were one of those people who need to transfer huge data files, like someone working in special effects or a video-editing studio.
    But there’s also DisplayPort
    DisplayPort is a digital display interface developed by a consortium of PC and chip manufacturers, and it was standardized by VESA, the Video Electronics Standard Association, in 2006. So, this was before the USB-C connector. It’s a special 20-pin connector. You’ve probably seen it: It resembles a big rectangle with a notch cut out of it. Virtually all of the desktop monitors you can buy now have DisplayPort connectors on them, in addition to the HDMI or the DVI connectors you normally find on older monitors. 

    USB-C-to-DisplayPort cable.
    (Image: Jason Perlow/ZDNet)
    To output to a DisplayPort-equipped external monitor, you either need an HDMI-to-DisplayPort cable, a DisplayPort-to-DisplayPort cable, or a USB-C-to-DisplayPort cable. But you are probably thinking what I am thinking: If you want to connect two monitors to a MacBook or a PC laptop, you will have to eat up a bunch of USB-C ports on that laptop. That’s not already counting the USB-C cable used for USB PD to power the laptop. So, before you know it, you’re lucky to have one spare port left. That doesn’t leave room for a mouse, a keyboard, or anything else; you’d better hope you have Bluetooth stuff to connect to it.
    On a PC laptop with a DisplayPort or USB 4 interface, you can do what is referred to as DisplayPort daisy-chaining. That allows you to use a single USB-C port to connect to multiple external monitors, provided your monitors have both DisplayPort input and output ports. There is an upper limit of five monitors with DisplayPort using a daisy chain — but at a lower resolution. You can connect one 4K/5K monitor per chain.

    However, on a MacBook, the OS doesn’t support a daisy chain, so you will need a USB-C port dedicated to each monitor, which gets us to docking stations and hubs.
    Laptop and tablet hubs of all kinds
    The good news is that on Mac and PC laptops that support USB-C, USB 4, Thunderbolt 3, and Thunderbolt 4, one cable coming out of the laptop can be split into a lot of ports using a hub or docking station. 
    Docking stations are becoming not only popular for use with laptops but also on tablets like the iPad. They allow you to connect different types of devices, not just USB-C or USB-A devices — many hubs include gigabit Ethernet, SD card, headphone, and audio jacks, and dedicated DisplayPort connectors. They also can power your laptop with as much as 94 watts, delivered by USB PD, so they have their own power bricks as well.
    Jason Cipriani’s Picks
    Jason Cipriani, my Jason Squared co-host, is partial to the Belkin Thunderbolt 3 Dock Pro. He uses it with his M1 MacBook Pro and his 2018 iPad Pro. It’s pricey, at $250, but that’s par for the course for Thunderbolt docks. It has 85W upstream charging, allowing you to charge your laptop through the dock Ports: (2) Thunderbolt 3, (1) USB-A 3.1, (1) USB-C 3.1, (4) USB-A 3.0, (1) DisplayPort, (1) SD card, (1) 3.5mm Audio in/out, and (1) Gigabit Ethernet. 

    Jason Cipriani likes the Belkin Thunderbolt 3 Dock Pro.
    (Image: Jason Perlow/ZDNet)
    Another hub he uses is the HyperDrive 6-in-1 USB-C hub. Even though it’s designed for the iPad Pro and iPad Air, he’s been able to use it with his MacBook Pro and the Surface Pro X to connect to an external monitor and use the SD card features. It’s $90. 
    Lastly, he uses Apple’s USB-C Digital AV adapter that adds a USB-C port, USB-A port, and an HDMI connection. It’s minimal and easy to move between desks or setups but lacks all the extra ports that other hubs have, like the HyperDrive. It’s $70. 
    My Picks
    Until recently, I have been a heavy user of the CalDigit TS3 plus, a Thunderbolt 3 dock designed for MacBooks. It was considered the premier one on the market about two years ago, and it goes for about $300. It has a dedicated DisplayPort and seven USB ports, as well as Ethernet and audio ports. Caldigit has also recently introduced some newer USB-C models and dual dedicated DisplayPort or dual HDMI interfaces.
    Currently, I have been using the Kensington SD5700T, which I recently reviewed. This one has four Thunderbolt 4/USB 4 ports. It is designed for the latest M1 MacBooks and PCs and delivers up to 90W of power to the laptop. I only have one Thunderbolt cable coming out of the Mac, which is powering the computer and is driving two DisplayPort monitors, Ethernet, and a whole mess of USB peripherals. It also costs about $300. Kensington has a bunch of other models, depending on what price point you’re targeting.

    The Hubble for iPad Air/Pro by Fledging.
    I also recently got this Hubble dock for iPad, made by Fledging, which I am using on my 12.9-inch iPad Pro. This thing is a real beauty and was just introduced at CES 2021. It has an HDMI connector for doing screen mirroring with a monitor or a TV set, in case you wanted to use this for watching movies in your living room or use Apple Fitness Plus, an SD card slot. It also has a dedicated USB-C port and USB-A port for connecting external peripherals, that missing audio jack, plus a USB-C charge passthrough. It’s made out of metal, which matches your iPad’s color, and it acts as both a case and a stand. So, really, you could turn your iPad into a desktop computer with this thing if you wanted. It costs $99/$110 and works on the 12.9-inch and 10.9-inch iPad Pro and the latest 11-inch iPad Air models.
    There are countless other options available. Ed Bott, my ZDNet colleague, has a thorough roundup of USB-C/Thunderbolt docks you can check out.

    ZDNet Recommends More

  • in

    Authorities plan to mass-uninstall Emotet from infected hosts on March 25, 2021

    Law enforcement officials in the Netherlands are in the process of delivering an Emotet update that will remove the malware from all infected computers on March 25, 2021, ZDNet has learned today.

    The update was made possible after law enforcement agencies from across eight countries orchestrated a coordinated takedown this week to seize servers and arrest individuals behind Emotet, considered today’s largest malware botnet.
    While servers were located across multiple countries, Dutch officials said that two of three of Emotet’s primary command and control (C&C) servers were located inside its borders.
    Dutch police officials said today they used their access to these two crucial servers to deploy a boobytrapped Emotet update to all infected hosts.
    According to public reports, also confirmed by ZDNet with two cyber-security firms that have historically tracked Emotet operations, this update contains a time-bomb-like code that will uninstall the Emotet malware on March 25, 2021, at 12:00, the local time of each computer.

    Last chance to audit networks
    “The technical disruption that the Dutch police detailed in their press release, if it works as they described, will effectively reset Emotet,” Binary Defense senior director Randy Pargman told ZDNet today in an online chat.
    “It forces the threat actors behind it to start over and attempt to rebuild from scratch, and it gives IT staff at companies around the world a chance to locate and remediate their computers that have been infected,” Pargman added.

    Currently, the Europol takedown prevents the Emotet gang from selling access to Emotet-infected computers to other malware gangs, a tactic the Emotet gang has been known for doing.
    But Emotet hosts where cybercrime gangs have already bought access remain at risk.
    Pargman is now urging companies to take advantage of this time window until March 25 to investigate internal networks for the presence of the Emotet malware and see if other gangs used it to deploy other threats.
    After Emotet uninstalls itself on March 25, such investigations will be harder to carry out.
    Arrests in Ukraine
    Since ZDNet’s early coverage of the Emotet takedown, Ukrainian police officials have also come out to announce they arrested two individuals who they believe were tasked with keeping Emotet’s servers up and running.
    A video of the arrests and apartment searches is available below.
    [embedded content] More

  • in

    New Google cloud service aims to bring zero trust security to the web

    Google has announced general availability of BeyondCorp Enterprise, a new security service from Google Cloud based on the principle of designing networks with zero trust. 

    As US security companies come to terms with the SolarWinds supply chain hack, Google and Microsoft are talking up their capabilities in the cloud around zero trust. 
    Microsoft last week urged customers to adopt a “zero trust mentality” and abandon the assumption that everything inside an IT network is safe and now Google has launched the BeyondCorp Enterprise service based around the same concept. 
    “Zero trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location (i.e., local area networks versus the internet) or based on asset ownership (enterprise or personally owned),” explains the National Institute of Standards and Technology (NIST).  
    “Authentication and authorization (both subject and device) are discrete functions performed before a session to an enterprise resource is established.”
    BeyondCorp Enterprise replaces BeyondCorp Remote Access, a cloud service Google announced in April in response to remote working due to the COVID-19 pandemic and the heightened need for virtual private network (VPN) apps. 
    The service allowed employees to securely access their company’s internal web apps from any device and location. Google has been using BeyondCorp for several years internally to protect employee access to apps, data, and other users. 

    “BeyondCorp Enterprise brings this modern, proven technology to organizations so they can get started on their own zero trust journey. Living and breathing zero trust for this long, we know that organizations need a solution that will not only improve their security posture, but also deliver a simple experience for users and administrators,” said Sunil Potti VP of Google Cloud Security. 
    As Microsoft highlighted last week, the three main attack vectors in the SolarWinds attack were compromised user accounts, compromised vendor accounts, and compromised vendor software. These can be significantly mitigated by zero trust principles, such as restricting privileged access to accounts on that need them and enabling multi-factor authentication. It’s encouraging organizations to use Azure Active Directory for identity and access management versus on-premise identity management systems. 
    Google’s main weapon in the fight against sophisticated attackers is Chrome through which it’s promising easy “agentless support”. Chrome has over two billion users, so it has scale too. 
    Then there’s Google’s network with 144 network edge locations across 200 countries and territories, which helps back up its distributed denial of service (DDoS) protection service. 
    Google is encouraging organizations to use the Google Identity-Aware Proxy (IAP) to manage access to apps running in Google Cloud. 
    The pandemic and the SolarWinds hack has made security a bigger value proposition for companies like Microsoft and Google. For the first time, Google parent Alphabet on February 2 will break out cloud revenue as a separate reporting segment starting with its Q4 2020 results.
    Other key security highlights for Chrome under the BeyondCorp Enterprise service include threat protection to prevent data loss and exfiltration and malware infections from the network to the browser; phishing protection; continuous authorization; segmentation between users and apps and between apps and other apps; and management of digital certificates. 
    BeyondCorp Enterprise lets admins check URLs in real-time and scan files for malware; create rules for what types of data can be uploaded, downloaded or copied and pasted across sites; and track malicious downloads on company-issued devices and monitor whether employees enter passwords on known phishing sites. 

    SolarWinds Updates More

  • in

    Robot delivers the dough on college campuses

    Back in May of last year I wrote that the pandemic would set the tone for a new autonomous food and grocery delivery paradigm. With a funding announcement and news of expansion from one of the dominant players in the space, that’s very much coming to pass.
    Starship Technologies, which makes a six-wheel delivery robot and has innovated a novel adoption strategy targeting college campuses and other controlled environments, just announced $17M in new funding (bringing the company’s total funding to over $100M). Starship is also expanding its delivery services to two new campuses: UCLA and Bridgewater State University in Massachusetts. 
    “Completing one million deliveries is a milestone that everyone at Starship is celebrating,” says Ahti Heinla, Co-founder and CEO of Starship Technologies. “We are delivering a fully commercial service operating 24-7 across five different countries now doing thousands of deliveries a day and millions of autonomous miles per year. This scale puts Starship on par with the biggest companies in the self-driving car market when it comes to miles travelled in the last year alone. We’re proud to be offering a crucial service that is now becoming part of everyday life for millions of people.”
    The pandemic has created an opportunity across the delivery ecosystem as consumer demand shifts more rapidly than expected toward online orders. Autonomous delivery services, which use either autonomous mobile robots or self-driving vehicles to execute deliveries, have been shifting their sales pitch to meet the moment, emphasizing the benefits of contactless delivery and touting as-a-service options that extend delivery capabilities to mom & pops. 
    Starship is probably the best known of the delivery robot developers. In addition to offering delivery services on college campuses, where regulatory requirements are easier to navigate than many municipalities, the company recently rolled out its robot food delivery service in Fairfax City, VA, touting the access it’s given residents to food and grocery delivery during the pandemic. The company has also offered free delivery for healthcare workers.
    Meanwhile, Starship has aggressively expanded on college campuses, where it can strike deals with administrators to deploy its delivery services on behalf of on-campus dining options. The campuses can tout their cutting edge technology adoption while Starship gets a powerful testbed for its service and technology as it builds a regulatory case for wider rollout in cities around the world.
    UCLA partnered with Starship to offer autonomous delivery from restaurants like Blaze Pizza, Bruin Buzz, Lu Valle, and Southern Lights. Bridgewater State University is  providing delivery from campus restaurants including Starbucks Cafe and Bears Den.

    The additional funding comes at a time of increasing interest in the autonomous delivery industry. Contactless delivery has proved to be one of the most reliable ways to protect vulnerable populations and enable social distancing during the COVID-19 pandemic, which is of particular importance on college campuses.
    “Over the last few years there has been a growing interest for food deliveries on campus, and our new partnership with Starship Technologies has come at the perfect time,” says Cindy Bolton, Associated Students UCLA Director of Food Operations. “The new service is an excellent alternative to traditional delivery, especially as we continue to confront the challenges of COVID-19. By using delivery robots, ASUCLA Restaurants can serve more essential workers and students on the UCLA campus.”
    The Starship service utilizes an iOS and Android app that enables users to choose food or drink items and then drop a pin where they want their delivery to be sent. An interactive map tracks the robot’s position, and once it arrives customers unlock a secure compartment via the app. 
    It remains to be seen whether the Starship robots will pledge Greek or stay independent. More

  • in

    National Crime Agency warns novice and veteran traders alike of rise in clone company scams

    A warning has been issued by UK watchdogs of a rise in clone company scams targeting those looking for investment opportunities to recover financially from COVID-19.

    On Wednesday, the UK’s National Crime Agency (NCA) and Financial Conduct Authority (FCA) issued an alert to the public concerning “clone company” scams which appear to be claiming not only novice investors but also veteran players in the market.
    The FCA says that these forms of scams are on rise, with increased rates reported since the UK went into its first lockdown during March 2020. 
    In total, investors have lost over £78 million ($107m), a figure which is likely to continue to rise. Average losses are reported as £45,242 per victim, according to Action Fraud research.
    Clone company investment scams go beyond typical phishing emails or dubious social media links promising an immediate return on your cash. Fraudsters use the same name, address, and Firm Reference Number (FRN) issued to authorized investment companies by the FCA and then during phishing, social media, and cold-call messages they send sales materials containing links to legitimate company websites. 
    However, the masquerade only goes so far: once trust is established, investors are hoodwinked into parting with funds intended for the legitimate company, only for their money to go straight into the coffers of scam artists. 
    It may not seem all that different from typical phishing campaigns, but this form of investment fraud technique is not as well-known as it should be. In an FCA survey, 75% of investors said they felt confident enough to spot a scam — but 77% did not know or were unsure of what a clone investment company was. 

    “A clone firm scam can target anyone, they are usually smart fraudsters who often present opportunities which look very tempting indeed,” commented Watchdog presenter Matt Allwright. “When considering your next investment, make sure you only ever use the details listed on the FCA Register, and think about getting impartial advice before going ahead.”
    The NCA recommends that traders reject all unsolicited investment offers whether made online, through social media, or through the phone, and to check both the FCA Register and warning list — as well as any telephone numbers associated with entities — before signing up for financial products. It is also worth seeking independent advice before taking the plunge in a new investment opportunity. 
    Clone company scams that dupe even seasoned investors can be difficult to detect, but this is not the only form of financial fraud that has exploded online since the start of the pandemic. 
    Earlier this month, Interpol warned of a flurry of investment scams taking over dating applications. “Matches” work to obtain a potential victim’s trust and then begin to peddle a fake investment opportunity, encouraging them to join and promising to help them on their way to make a fortune. 
    Once the victim has parted with their cash, the match vanishes and they are locked out of their fake ‘investment’ account. 
    Previous and related coverage
    Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

  • in

    AT&T Q4 2020: Consumers flock to HBO Max, but COVID recovery is far from reality

    AT&T has reported Q4 2020 earnings shored up by an expanding subscriber base, but COVID-19 is still disrupting the company’s operations and leaving an indelible mark on the books. 

    On Wednesday, the Dallas, Texas-based telecoms giant published its fourth-quarter financial results (statement) (.PDF).
    AT&T reported consolidated revenues of $45.7 billion and a net loss attributable to common stock of $13.9 billion or -$1.95 per share. Adjusted EPS earnings are $0.75 per share including “asset impairments, an actuarial loss on benefit plans, merger-amortization costs and other items.”
    “The company did not adjust for COVID-19 impacts of ($0.08): $0.01 incremental cost reductions and ($0.09) of estimated revenues,” AT&T added.
    AT&T’s third-quarter earnings were $0.39 per share (adjusted EPS $0.76) on revenues of $42.3 billion. 
    However, the firm continues to enjoy subscriber growth. Over Q4 2020, 800,000 postpaid phone net adds, 1.2 million postpaid net adds, close to six million total domestic wireless net adds, and 273,000 AT&T Fiber net adds were reported. AT&T said that it experienced a 617,000 net loss over the quarter when it comes to premium TV services.
    Total domestic and international HBO and HBO Max subscribers have now reached 41 million and close to 61 million, respectively. HBO Max activations alone accounted for 17.2 million subscribers as of the end of the quarter.

    Operating loss was reported as $10.7 billion in comparison to $5.3 billion last quarter. AT&T says “non-cash asset impairments in the quarter and the impact of lower revenues” have contributed to this figure.
    When adjusted for non-cash asset impairments, operating income was $7.8 billion in comparison to $9.2 billion in Q4 2019. AT&T’s latest reported operating income margin was 17.1%.
    Free cash flow is now pegged at $7.7 billion. Net debt declined by $1.6 billion.
    For the full 2020 financial year, AT&T revenue totaled $171.8 billion, a drop from $181.2 billion in 2019. 
    “The COVID-19 pandemic impacted revenues across all businesses, particularly WarnerMedia and domestic wireless service revenues, which were pressured from lower international roaming,” the company says. “Declines at WarnerMedia included lower content and advertising revenues, in part due to COVID-19.”
    Revenues in domestic TV services and legacy wireline solutions decline, but sales in domestic wireless equipment and both strategic and managed services “partly offset” these losses, according to AT&T. 
    Operating expenses over the year were $165.4 billion (2019: $153.2 billion), operating income in 2020 was $6.4 billion, down 77.1% year-over-year — but with adjustments, operating income for FY 2020 is recorded as $34.1 billion versus $38.6 billion in FY 2019.
    Net loss over 2020 attributable to common stock is $5.4 billion, or $0.75 per share. 
    In 2021, AT&T expects a free cash flow of at least $26 billion, as well as a full-year dividend payout ratio in the 50%’s. Consolidated revenue growth is expected to be in the range of one percent and gross capital investment is pegged at roughly $21 billion, with $18 billion in capital expenditure. 
    “We ended the year with strong momentum in our market focus areas of broadband connectivity and software-based entertainment,” said John Stankey, AT&T CEO. “By investing in our high-quality wireless customer base, we had our best full-year of postpaid phone net adds in a decade and our second lowest postpaid phone churn ever. Our fiber broadband net adds passed the one million mark for the year. And the release of Wonder Woman 1984 helped drive our domestic HBO Max and HBO subscribers to more than 41 million, a full two years faster than our initial forecast.”

    Previous and related coverage
    Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

  • in

    Emotet: The world's most dangerous malware botnet was just disrupted by a major police operation

    The world’s most prolific and dangerous malware botnet has been taken down following a global law enforcement operation that was two years in planning.
    Europol, the FBI, the UK’s National Crime Agency and others coordinated action which has resulted investigators taking control of the infrastructure controlling Emotet in one of the most significant disruptions of cyber-criminal operations in recent years.

    see also

    Best VPN services
    Virtual private networks aren’t essential only for securing your unencrypted Wi-Fi connections in coffee shops and airports. Every remote worker should consider a VPN to stay safe online. Here are your top choices in VPN service providers and how to get set up.
    Read More

    Emotet first emerged as banking trojan in 2014 but evolved into one of the most powerful forms of malware used by cyber criminals.
    SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)    
    Emotet establishes a backdoor onto Windows computer systems via automated phishing emails that distribute Word documents compromised with malware. Subjects of emails and documents in Emotet campaigns are regularly altered to provide the best chance of luring victims into opening emails and installing malware – regular themes include invoices, shipping notices and information about COVID-19.
    Those behind the Emotet lease their army of infected machines out to other cyber criminals as a gateway for additional malware attacks, including remote access tools (RATs) and ransomware.
    It resulted in Emotet becoming what Europol describes as “the world’s most dangerous malware” and “one of the most significant botnets of the past decade”, with operations like Ryuk ransomware and TrickBot banking trojan hiring access to machines compromised by Emotet in order to install their own malware.

    The takedown of Emotet, therefore, represents one of the most significant actions against a malware operation and cyber criminals in recent years.
    “This is probably one of the biggest operations in terms of impact that we have had recently and we expect it will have an important impact,” Fernando Ruiz, head of operations at Europol’s European Cybercrime Centre (EC3) told ZDNet. “We are very satisfied.”
    A week of action by law enforcement agencies around the world gained control of Emotet’s infrastructure of hundreds of servers around the world and disrupted it from the inside.
    Machines infected by Emotet are now directed to infrastructure controlled by law enforcement, meaning cyber criminals can no longer exploit machines compromised and the malware can no longer spread to new targets, something which will cause significant disruption to cyber-criminal operations.
    “Emotet was our number one threat for a long period and taking this down will have an important impact. Emotet is involved in 30% of malware attacks; a successful takedown will have an important impact on the criminal landscape,” said Ruiz.
    “We expect it will have an impact because we’re removing one of the main droppers in the market – for sure there will be a gap that other criminals will try to fill, but for a bit of time this will have a positive impact for cybersecurity,” he added.
    The investigation into Emotet also uncovered a database of stolen email addresses, usernames and passwords. People can check if their email address has been compromised by Emotet by visiting the Dutch National Police website.
    SEE: Cybersecurity: This ‘costly and destructive’ malware is the biggest threat to your network
    Europol is also working with Computer Emergency Response Teams (CERTs) around the world to help those known to be infected with Emotet.
    In order to help protect against malware threats like Emotet, Europol recommends using anti-virus tools along with fully updated operating systems and software – so cyber criminals can’t exploit known vulnerabilities to help deliver malware. It’s also recommended that users are trained in cybersecurity awareness to help identify phishing emails.
    The Emotet takedown is the result of over two years of coordinated work by law enforcement operations around the world, including the Dutch National Police, Germany’s Federal Crime Police, France’s National Police, the Lithuanian Criminal Police Bureau, the Royal Canadian Mounted Police, the US Federal Bureau of Investigation, the UK’s National Crime Agency, and the National Police of Ukraine.
    The investigation into Emotet, and identifying the cyber criminals responsible for running it, is still ongoing.