Connect with us

Biz & IT

Hackers target oil producers as they struggle with a record glut of crude

Published

on

As the world’s top oil producers prepared for a weeklong meeting earlier this month to plan a response to slumping prices of crude, espionage hackers commenced a sophisticated spearphishing campaign that was concentrated on US-based energy companies. The goal: install a notorious trojan that siphoned their most sensitive communications and data.

Setting the campaign apart, the emails were mostly free of the typos, broken grammar, and other sloppiness that are typical phishes. The emails also reflected a sender who was well-acquainted with the business of energy production. A barrage of emails that started on March 31, for instance, purported to come from Engineering for Petroleum and Process Industries, a real Egyptian state oil company.

Not your father’s spear-phishing

The sender invited the recipient to submit a bid for equipment and materials as part of a real ongoing project, known as the Rosetta Sharing Facilities Project, on behalf of Burullus, a gas joint venture that’s half-owned by another Egyptian state oil company. The email, which was sent to about 150 oil and gas companies over a week starting on March 31, attached two files that masqueraded as bidding conditions, forms, and a request for proposal. The relatively small number of emails demonstrates a narrow targeting of the carefully crafted campaign. By contrast, many phishing non-discriminately send tens of thousands emails.

The spear-phish in the campaign that began on March 31.
Enlarge / The spear-phish in the campaign that began on March 31.

Bitdefender

“To someone in the oil & gas industry, who has knowledge about these projects, the email and the information within might seem sufficiently convincing to open the attachments,” researchers from security firm Bitdefender wrote in a post published on Tuesday.

The most-targeted companies were located in Malaysia, the United States, Iran, South Africa, and Oman.

Bitdefender

A second campaign started on April 12. It sent an email asking recipients to complete a document known as a Estimated Port Disbursement Account needed for the chemical and oil tanker named MT Sinar Maluku. Not only was that a real vessel registered under the Indonesian flag, it had left its port on April 12 and was expected to reach its destination two days later. The email was sent to 18 companies, 15 of which were shipment companies in the Philippines.

“This email serves as another example of the length to which attackers will go to get their facts straight, make the email seem legitimate, and specifically target a vertical.

Pandemic-induced glut

The campaigns are likely an attempt to gain closely guarded information about the current negotiations between Russia, Saudi Arabia, and other oil producers struggling with a glut of crude resulting from the coronavirus pandemic. Bitdefender said this is hardly the first time companies in this industry have been targeted. The security firm has been tracking a run of cyber attacks on energy companies over the past year. Since September, the number has increased every month and reached a peak in February with more than 5,000. There have been more than 13,000 attacks this year.

Both of the recent campaigns deliver files that install Agent Tesla, a malware-as-a-service offering that charges various prices based on different licensing models. The trojan, which has been available since 2014, has a variety of capabilities, including capabilities involving “stealth, persistence and security evasion techniques that ultimately enable it to extract credentials, copy clipboard data, perform screen captures, form-grabbing, and keylogging functionality, and even collect credentials for a variety of installed applications.”

Companies in the US were targeted the most, followed by the UK, Ukraine, and Latvia.

The geographical distribution.
Enlarge / The geographical distribution.

“What’s interesting is that, until now, it has not been associated with campaigns targeting the oil & gas vertical,” Bitdefender researchers added.

The campaign provides a reminder that, despite the growing awareness of phishing attacks, they remain one of the most effective ways for attackers to gain a foothold in targeted companies. Even when phishing emails contain misspellings, grammatical mistakes, and other flaws, recipients often rightly assume those are the results of senders writing in a second language. Phishes as well crafted as these ones stand an even better likelihood of success.

Continue Reading

Biz & IT

Nvidia AI plays Minecraft, wins AI conference award

Published

on

Enlarge / MineDojo’s AI can perform complex tasks in Minecraft.

Nvidia

A paper describing MineDojo, Nvidia’s generalist AI agent that can perform actions from written prompts in Minecraft, won an Outstanding Datasets and Benchmarks Paper Award at the 2022 NeurIPS (Neural Information Processing Systems) conference, Nvidia revealed on Monday.

To train the MineDojo framework to play Minecraft, researchers fed it 730,000 Minecraft YouTube videos (with more than 2.2 billion words transcribed), 7,000 scraped webpages from the Minecraft wiki, and 340,000 Reddit posts and 6.6 million Reddit comments describing Minecraft gameplay.

From this data, the researchers created a custom transformer model called MineCLIP that associates video clips with specific in-game Minecraft activities. As a result, someone can tell a MineDojo agent what to do in the game using high-level natural language, such as “find a desert pyramid” or “build a nether portal and enter it,” and MineDojo will execute the series of steps necessary to make it happen in the game.

Examples of tasks that MineDojo can perform.

Examples of tasks that MineDojo can perform.

Nvidia

MineDojo aims to create a flexible agent that can generalize learned actions and apply them to different behaviors in the game. As Nvidia writes, “While researchers have long trained autonomous AI agents in video-game environments such as StarCraft, Dota, and Go, these agents are usually specialists in only a few tasks. So Nvidia researchers turned to Minecraft, the world’s most popular game, to develop a scalable training framework for a generalist agent—one that can successfully execute a wide variety of open-ended tasks.”

Nvidia

The award-winning paper, “MINEDOJO: Building Open-Ended Embodied Agents with Internet-Scale Knowledge,” debuted in June. Its authors include Linxi Fan of Nvidia and Guanzhi Wang, Yunfan Jiang, Ajay Mandlekar, Yuncong Yang, Haoyi Zhu, Andrew Tang, De-An Huang, Yuke Zhu, and Anima Anandkumar of various academic institutions.

You can see examples of MineDojo in action on its official website, and the code for MineDojo and MineCLIP is available on GitHub.

Continue Reading

Biz & IT

European Parliament DDoSed after declaring Russia a sponsor of terrorism

Published

on

Enlarge / An iteration of what happens when your site gets shut down by a DDoS attack.

The European Parliament website was knocked offline for several hours on Wednesday by a distributed denial-of-service (DDoS) attack that started shortly after the governing body voted to declare the Russian government a state sponsor of terrorism.

European Parliament President Roberta Metsola confirmed the attack on Wednesday afternoon European time, while the site was still down. “A pro-Kremlin group has claimed responsibility,” she wrote on Twitter. “Our IT experts are pushing back against it & protecting our systems. This, after we proclaimed Russia as a State-sponsor of terrorism.”

While this post was being reported and written, the website became available again and appeared to work normally.

The pro-Kremlin group Metsola referred to is likely the one known as Killnet, which emerged at the start of Russia’s invasion of Ukraine and has posted claims of DDoS attacks in countries supporting the smaller nation. Targets have included police departments, airports, and governments in Lithuania, Germany, Italy, Romania, Norway, and the United States.

Shortly after Wednesday’s attack against the European Parliament started, Killnet members took to a private channel on Telegram to post screenshots showing the European Parliament website was unavailable in 23 countries. Text accompanying the images made a homophobic remark directed at the legislative body.

The outage occurred shortly after the parliament overwhelmingly voted to declare the Kremlin a sponsor of terrorism.

Members of the European Parliament “highlight that the deliberate attacks and atrocities committed by Russian forces and their proxies against civilians in Ukraine, the destruction of civilian infrastructure and other serious violations of international and humanitarian law amount to acts of terror and constitute war crimes,” the declaration stated. “In light of this, they recognize Russia as a state sponsor of terrorism and as a state that ‘uses means of terrorism.’”

The resolution was adopted with 494 votes in favor, and 58 against. There were 44 abstentions.

DDoS attacks typically harness the bandwidth of hundreds, thousands, and in some cases, millions of computers infected with malware. After coming into their control, the attackers cause them to bombard a target site with more traffic than they can accommodate, forcing them to deny service to legitimate users. Traditionally, DDoS has been among the crudest forms of attack because it relies on brute force to silence its targets.

Over the years, DDoSes have become more advanced. In some cases, the attackers can increase the bandwidth by as much as a thousand-fold using amplification methods, which send data to a misconfigured third-party site, which then returns a much larger amount of traffic to the target.
Another innovation has been designing attacks that exhaust the computing resources of a server. Rather than clogging the pipe between the website and the would-be visitors—the way more traditional volumetric DDoSes work—packet-per-second attacks send specifc types of compute-intensive requests to a target in an attempt to bring the hardware connected to the pipe to a standstill.

Metsola said the DDoS attacks on the European Parliament were “sophisticated,” a word that’s often misused to describe DDoSes and hacks. She provided no details to corroborate that assessment.

Continue Reading

Biz & IT

Apple iPhone factory workers clash with police in China

Published

on

Enlarge / Workers walk outside Hon Hai Group’s Foxconn plant in Shenzhen, China, in 2010.

Violent worker protests have erupted at the world’s largest iPhone factory in central China as authorities at the Foxconn plant struggle to contain a COVID-19 outbreak while maintaining production ahead of the peak holiday season.

Workers at the factory in Zhengzhou shared more than a dozen videos that show staff in a standoff with lines of police armed with batons and clad in white protective gear. The videos show police beating workers, with some bleeding from their heads and others limping away from chaotic clashes.

Beijing’s strict zero-COVID regime has posed big challenges for the running of Foxconn’s Zhengzhou plant, which typically staffs more than 200,000 workers on a large campus in the city’s suburbs.

Wednesday’s unrest will heighten investor concerns about supply chain risk at Apple, with more than 95 percent of iPhones produced in China.

Problems at the plant earlier this month led Apple to cut estimates for high-end iPhone 14 shipments and to issue a rare warning to investors over the delays.

Two workers at the Foxconn factory said the protests broke out on Wednesday morning after Apple’s manufacturing partner attempted to deny bonuses promised to new workers put into quarantine before being sent to assembly lines.

“Initially they just went into the plant seeking an explanation from executives, but they [the executives] didn’t show their faces and instead called the police,” said one of the workers.

Another worker said there was growing discontent over the factory’s continued inability to curb a COVID outbreak, tough living conditions, and fear among staff that they would test positive.

Foxconn said the company would work with employees and the government to prevent further violent acts.

The company said it had always fulfilled its contracts and would continue to “communicate and explain” that to new staff. It said reports that the company had mixed COVID positive workers with those not yet infected were untrue.

Videos show workers flipping over carts on the Foxconn campus, charging into the factory’s offices and bashing a COVID testing booth. Live streams from the scene on Wednesday afternoon showed groups of workers milling about in a courtyard between buildings. Some workers were livestreaming the protests on social media until censors stepped in to cut off the broadcasts.

“The Foxconn situation raises concern for China’s leaders because it challenges the narrative of being a reliable supplier,” said Shan Guo at Plenum China Research. “It’s clear workers are not happy being locked down,” she said.

Foxconn has been working with the local government in Henan province, where the plant is located, to repopulate its assembly lines with new workers after a mass staff exodus late last month spurred by conditions at the plant.

Local officials have been tasked with helping send workers to the plant, which is a big taxpayer and was responsible for 60 percent of the province’s exports in 2019.

Ivan Lam, an analyst at Counterpoint Research, said Foxconn had already been shifting iPhone 14 production away from the Zhengzhou factory amid the COVID problems. He estimated the Zhengzhou plant’s share of total iPhone 14 production was down to about 60 percent today from about 80 percent before the outbreak began.

Apple did not immediately respond to requests for comment.

© 2022 The Financial Times Ltd. All rights reserved. Please do not copy and paste FT articles and redistribute by email or post to the web.

Continue Reading

Trending