Serveria – data centers & hosting Top secret servers Sun, 11 Feb 2018 19:17:03 +0000 en-US hourly 1 23 million Germans victimized by cybercrimes in 2017, study says Sun, 11 Feb 2018 19:17:03 +0000 Cybercrime claimed as many as 23 million victims in Germany over the course of 2017, equivalent to some 38 percent of all adults who are regularly online, the U.S. computer security company Norton by Symantec said on Tuesday.

The company put the total damage caused at almost 2.2 billion euros ($2.7 billion).

Identity theft, followed by attacks with ransom software and credit card fraud, were the main crimes, Norton said.

The company undertakes an annual study of cybercrime, taking in 20 countries in 2017. Worldwide, 978 million users suffered criminal damage.

The study found “astonishing parallels” in the victims, most of whom were average uses who were relatively skilled, but showed “a certain carelessness” when online.

“Many people behave with dangerous carelessness,” Norton manager Nick Shaw said.

According to the study, 7 percent of German users were hit by ransomware, where their own data are blocked and a ransom is demanded its release.

According to Norton, around one in 10 of these victims paid up. Norton advises computer users to back up their data.

“Giving in to the demands of hackers merely helps the attackers,” he said, while there was no guarantee that the data would be restored.


Keylogging Malware Infects More Than 5,000 WordPress Sites Thu, 14 Dec 2017 21:45:55 +0000 The domain has been taken down after infecting thousands of WordPress sites with cryptocurrency mining and keylogging malware posing as script from trusted web services, according to a Sucuri blog post. The malware had infected at least 5,492 WordPress sites, SC Magazine reports.

The keylogging malware was added to malware distributed from fake Cloudflare website which Sucuri wrote a blog about in April. It captures data entered by users, potentially including login and payment information. The malicious code is given away by two long hexadecimal parameters, which are the keyloggers, following URLs, which are fake, according to the report.

Sucuri noted the obfuscation tricks being used by a CoinHive JavaScript Monero miner in another recent blog post, including the use of non-decimal notation for the host name, a fake jQuery name, and names related to Google Analytics.

The script resides in the function.php file of the WordPress theme, and both scripts were found on many sites by Sucuri, but it was not clear that they were present on all 5,492.

“You should remove the add_js_scripts function and all the add_action clauses that mention add_js_scripts,” advises Sucuri Senior Malware Researcher Denis Sinegubko. “Given the keylogger functionality of this malware, you should consider all WordPress passwords compromised so the next mandatory step of the cleanup is changing the passwords (actually it is highly recommended after any site hack).”


Internet Freedom Under Global Attack: Report Sun, 19 Nov 2017 16:59:18 +0000 Internet freedom has declined for a seventh consecutive year, with manipulation of democratic processes through social media, restrictions on VPNs, attacks on netizens and journalists, mobile connectivity shutdowns, and other worrying trends, according to the 2017 Freedom on the Internet report.

Freedom House released the annual report with contributions from the Internet Society (ISOC) on Tuesday. The report examines internet freedoms in 65 countries representing 87 percent of all internet users, and shows internet freedoms declining in 32 of the countries since June 2016, with the most notable declines observed in Ukraine, Egypt, and Turkey.

Thirty countries have organized clandestine propaganda arms of online “opinion shapers,” according to the report, and disinformation projects impacted elections in at least 17 countries in the past year. The report also finds that internet freedoms are often pressured by elections, as also indicated by its Internet Freedom Election Monitor project, which assesses countries risk to internet freedom.

Beyond the increasing sophistication behind government attempts to control dialogue on the internet, restricting access by shutting down entire networks or blocking specific platforms and services has also increased, as 19 tracked countries experienced at least one network shutdown.

“Governments are now using social media to suppress dissent and advance an antidemocratic agenda,” said Sanja Kelly, director of the Freedom on the Net project. “Not only is this manipulation difficult to detect, it is more difficult to combat than other types of censorship, such as website blocking, because it’s dispersed and because of the sheer number of people and bots deployed to do it.”

Internet access was also limited in at least 14 countries in attempts to reduce content manipulation. In one example, Ukraine blocked services based in Russia following a disinformation campaign by Russian agents, blocking both the social network and search engine most commonly used in Ukraine.

Governments in the Philippines and Turkey have reportedly used “astroturfing” (faking grassroots movements) on a large scale to increase the appearance of support for their policies.

“When trying to combat online manipulation from abroad, it is important for countries not to overreach,” Kelly said. “The solution to manipulation and disinformation lies not in censoring websites but in teaching citizens how to detect fake news and commentary. Democracies should ensure that the source of political advertising online is at least as transparent online as it is offline.”

The report also details attacks on internet privacy and press freedoms, including the implementation of laws that provide authorities with “back doors” to break encryption in at least six countries: China, Russia, Hungary, Thailand, Vietnam, and the United Kingdom.

China was the worst internet freedom abuser for the third consecutive year, according to the report, followed by Syria and Ethiopia.


Cyberattacks Cost Big Businesses $1.3 Million in 2017 Mon, 25 Sep 2017 16:02:08 +0000 The cost of cyberattacks on large businesses in North America increased to an average of $1.3 million in 2017, according to research released this week by Kaspersky Labs.

The report IT Security: cost-center or strategic investment? shows the share of global IT budgets going to security rose from 17 percent (16 percent in North America) in 2016 to 20 percent this year (18 percent in North America), indicating an increase in the perceived importance of IT security.

Kaspersky said that spending increased across businesses of all sizes as a reflection of businesses starting to consider IT security as a strategic investment. While they increased as a share of overall IT budgets, global IT security spending actually dropped dramatically, according to Kaspersky, from $25.5 million in 2016 to $13.7 million this year.

That would seem to suggest that global IT budgets overall fell from an average of $150 million last year to a mere $68.5 million this year – a shocking development if true. Gartner forecasts global IT spending will increase by 2.4 percent from 2016 to 2017.

Kaspersky found that globally, cyberattacks cost an average of $992,000 for large businesses in 2017, up from $861,000 in 2016, and cost SMBs $87,800 this year, up from $86,500 last year, according to a blog post.

“While cybersecurity incidents involving third parties prove to be harmful to businesses of all sizes, their financial impact on a company has the potential to result in twice as much damage,” Alessio Aceti, head of the enterprise business division at Kaspersky Lab said. “This is because of a wider global challenge – with threats moving fast, but businesses and legislation changing slowly. When regulations like GDPR become enforceable and catch up with businesses before they manage to update their policies, the fines for non-compliance will further add to the bill.”

The increasing complexity of IT infrastructure is the top factor driving budget increases at North American companies in 2017, according to the report, whereas in 2016 it was new business activities and expansion.

The largest cost associated with data breaches at North American businesses is additional staff wages ($207,000), far beyond the cost of loss of business and employing external professionals ($21,000 each).

The company also announced the launch of the Kaspersky IT Security Calculator to help businesses make informed IT security decisions.

The report comes amid controversy for Kaspersky, as its products were banned from U.S. government use last week following a statement by the Department of Homeland Security expressing concern with the ability of the Russian government to pressure the company to leverage elevated privileges to access customer computers.


Russian parliament bans use of proxy Internet services, VPNs Sat, 22 Jul 2017 19:34:04 +0000 Russia’s parliament has outlawed the use of virtual private networks, or VPNs, and other Internet proxy services, citing concerns about the spread of extremist materials.

The State Duma on Friday unanimously passed a bill that would oblige Internet providers to block websites that offer VPN services. Many Russians use VPNs to access blocked content by routing connections through servers outside the country.

The lawmakers behind the bill argued that the move could help to enforce Russia’s ban on disseminating extremist content online.

The bill has to be approved at the upper chamber of parliament and signed by the president before it comes into effect.

Russian authorities have been cracking down on Internet freedoms in recent years. Among other things they want Internet companies to store privacy data on Russian servers.

by The Associated Press

CIA Firmware Hacked Popular Wireless Routers Since 2007 Sun, 25 Jun 2017 20:36:56 +0000 For the past decade, the CIA has been able to infiltrate scores of models of wireless routers, gaining access to connected devices from which agents could copy Internet traffic, steal passwords or redirect unwitting users to other sites.

Existence of the so-called “Cherry Blossom” firmware modification program is alleged in the latest dump of purportedly top secret CIA cyber exploits from WikiLeaks, dubbed “Vault 7.”

The CIA has never publicly acknowledged the programs nor authenticated the Vault 7 documents.

Among the companies whose wireless routers have reportedly been compromised are Motorola, Linksys, Dell, Netgear, US Robotics, Belkin, Asus, Buffalo, DLink and Senao.

“The Cherry Blossom (CB) system provides a means of monitoring the Internet activity of and performing software exploits on targets of interest,” the WikiLeaks documents state. “In particular, CB is focused on compromising wireless networking devices, such as wireless (802.11) routers and access points…to achieve these goals.”

Cherry Blossom relies on implanting altered versions of the products’ firmware, either by intercepting the physical product between the manufacturer and the retailer or – remotely – during operations posing as wireless upgrades.

“This technique does not require physical access but typically does require an administrator password,” the documents state.

“Some exploitation tools…have been created to determine passwords for devices of interest,” the instructions go on. “If the device is using wireless security (e.g., WEP or WPA), then these credentials are required as well.”

The firmware can also be delivered to devices that do not allow for firmware upgrades over wireless links.

“To workaround this issue, ‘Wireless Upgrade Packages’ have been created for a few devices of interest,” according to the manual. “In some cases, the Wireless Upgrade Package also can determine the administrator password.”

The latest documents, entitled “Cherry Bomb: Cherry Blossom User’s Manual,” indicates the program was started Jan. 9, 2006, with help from the Stanford Research Institute International.

For cases requiring a more sophisticated delivery method, there’s “Claymore,” which includes all of the above features, plus additional wrinkles.

“Claymore can run in a mobile environment (i.e. on a laptop) or in a fixed environment with a large antenna for longer ranges,” the documents state.

An implanted device is known as a “FlyTrap” and communicates via beacon with a CIA-controlled server known as CherryTree (CT).

“The CT will respond with a Mission that tasks the FlyTrap to search for target emails, chat users, or MAC addresses in the network traffic passing through the device,” the documents state.

An operator can monitor data about the progress of the exploit, launch missions or perform system administrator tasks via a browser interface called “Cherry Web.”

“FlyTrap can also setup VPN tunnels to a CherryBlossom-owned VPN server to give an operator access to clients on the FlyTrap’s WLAN/LAN for further exploitation,” the documents state. “The CherryTree logs Alerts to a database, and, potentially distributes Alert information to interested parties (via Catapult).”


WordPress Fixes Security Flaw that Opened Users to Content Injection Attacks Sun, 05 Feb 2017 09:34:25 +0000 WordPress waited to disclose a REST API Endpoint bug that made sites using WordPress 4.7 and 4.7.1 vulnerable to content injection attacks in order to protect the sites while a security fix was rolled out in WordPress 4.7.2, according to a blog post published Wednesday by WordPress Core Contributor Aaron Campbell.

Sucuri security researcher Marc-Alexandre Montpas alerted the WordPress Security Team of the vulnerability on Jan. 20, who worked with Sucuri to coordinate the disclosure with patching efforts.

“Due to this type-juggling issue, it is then possible for an attacker to change the content of any post or page on a victim’s site,” Montpas wrote in a blog post to the Sucuri site. “From there, they can add plugin-specific shortcodes to exploit vulnerabilities (that would otherwise be restricted to contributor roles), infect the site content with an SEO spam campaign, or inject ads, etc.”

Montpas also pointed out that depending on site plugins, attackers could also execute PHP code through the vulnerability. The researcher praised the WordPress team for handling the situation “extremely well.”

In the interim between the original disclosure by Sucuri to WordPress and the public disclosure, WordPress hosting providers and firewall providers including Sucuri, SiteLock, CloudFlare, and Incapsula were informed. Akamai was also informed, and monitored internet traffic for possible attempts to exploit the vulnerability, noting Wednesday that it had found none.

“We believe transparency is in the public’s best interest,” Campbell wrote. “It is our stance that security issues should always be disclosed. In this case, we intentionally delayed disclosing this issue by one week to ensure the safety of millions of additional WordPress sites.”


Space: the Ultimate Network Edge Tue, 18 Oct 2016 21:17:39 +0000 A breakthrough technology developed initially for defense purposes and later commercialized for civilian use is a familiar cadence. One of the most recent examples is free-space optics – a way to use lasers instead of fiber-optic cables to transmit data.

Wide adoption of self-driving cars is on the horizon; industrial manufacturers are quickly moving toward a world where not only every machine on the factory floor communicates with a server somewhere through a network, but every piece of equipment they sell does the same, for the duration of its useful life. From connected homes to cheap smartphones in everybody’s pockets, skyrocketing growth in the number of network-connected devices coupled with advances in optical technology are driving fundamental changes in the way global network infrastructure is designed.

A whole new internet backbone is being built, consisting of intercontinental submarine cables, capable of handling unprecedented amounts of bandwidth, 5G wireless networks, and satellites that beam data down to earth using lasers. This backbone is being designed to bring connectivity to places that either didn’t have it before, or didn’t have anywhere close to the amount of bandwidth they will soon need. It is enabling a lot of data to come in from the edge of the network rather than outward, from centralized computing hubs.

Ihab Tarazi, CTO at Equinix, the world’s largest data center provider, says we’re witnessing the beginning of the next wave of investment in global connectivity driven by the need to collect data at the edge. The company has been talking about this trend for some time, but it hasn’t been clear, until now, how exactly this new global backbone will take shape. “The pieces are finally becoming clear,” he says.

Enabling the Internet of Things from Space

Tarazi believes a company Equinix recently partnered with is implementing one of those pieces. Laser Light Communications is planning to launch a “constellation” of eight to 12 laser-enabled satellites – called HALO – that will circle the planet and together with terrestrial networks create a hybrid high-capacity network capable of bringing connectivity literally anywhere in the world. “This one is about massive global coverage,” he says.

Equinix data centers, places where the bulk of the world’s networks interconnect, will be the primary hubs for distributing data coming from space onto terrestrial networks and vice versa. Each of those hubs will be equipped with three “ground nodes” – 4 feet in diameter, 6 feet tall, 1,000 pounds heavy – and each ground node will have three laser heads, so it can “see” three different satellites, Robert Brumley, CEO of Laser Light, explains.

The interconnection hubs will not be the only buildings equipped with ground nodes. Laser Light will also deploy them directly in places where data originates, such as corporate campuses. That’s an example of the edge Tarazi is talking about. A financial services firm, for example, or a Hollywood studio, will be able to beam data directly to Medium Earth Orbit – that’s where Laser Light’s satellites will reside – for instant transfer to a bank in Singapore or a video editing outsourcer in Bangalore.

Major cloud and content companies, some of whom recently started investing directly in new submarine cable construction projects to improve global reach, are also potential customers. These are companies like Microsoft, Google, Amazon, Facebook, or Netflix. Traditional telcos, such as Telefonica or Vodafone, could use Laser Light’s services as another way to connect to regional long-haul networks.

Another important type of ground-node location will be submarine cable landing stations. “Cable landing sites are points of aggregation and disaggregation,” Brumley says, meaning landmass networks converge at these points to transfer data across the oceans and pick up data traveling the other way to distribute it to its countless destinations on dry land.

Data will travel at 100 Gigabit per second between ground nodes and satellites and at 200 Gigabit per second from satellite to satellite – about 100 times faster than radio links used in satellite communication today.

laser light network diagram

This diagram shows an example of how Laser Light’s satellites will be interconnected with ground nodes and with each other. Click to enlarge. (Source: Laser Light slide deck)

AI to Route Data Packets Around Clouds

US Department of Defense, as well as American, European, and Japanese space agencies have been developing free-space optics technology for decades, and Laser Light is making what is probably the first effort to commercialize it at global scale. “This is the first company we know of in that category,” Tarazi says.

The Reston, Virginia-based startup’s parent company is Marble Arch Partners (formerly Pegasus Holdings), which specializes in commercializing military technologies for global markets and vice versa, adapting commercial tech for military use.

On the ground, Laser Light’s network will include dozens of SD WANs located in major metros throughout the world. SD WANs, or Software-Defined Wide Area Networks, are enterprise-grade WANs enabled by software that’s disaggregated from hardware it runs on, making them more agile and easy to automate. They are an emerging alternative to WANs that rely on proprietary and expensive, tightly integrated hardware-software bundles networking vendors have sold for decades.

With free-space optics technology around for some time now, and with carriers already starting to deploy SD WANs, the real technological innovation Laser Light is bringing to the table is the software that will manage its global network. “It’s not only the coolest thing that we’re doing, but it’s also going to be the most important thing that we will have done,” Brumley says.

One of the biggest barriers to implementing free-space optics is weather, and Laser Light’s plan is to build a network operating system that will literally route traffic around clouds, which interfere in beaming data between Earth’s surface and its orbit. “Lasers have challenges when it comes to atmosphere,” he explains.

If you are located in Emeryville, California, for example, and it’s a cloudy day in the Bay Area, the system will not send the signal directly to Emeryville. Instead, it may drop it down further south, say in Sacramento, where the sky is clear and from where the data will be routed along terrestrial fiber to its intended recipient by the SD WAN.

Rather than simply tracking the weather in real-time, the system will use a machine learning model, trained over several years with weather data, to predict the best routes automatically. Laser Light recently received a US patent for the concept and is currently talking to vendors that may be interested in writing the software. It will “probably the most disruptive part of our program, because it’s really converging predictive analytics with software-define networks and ever changing atmospheric conditions,” Brumley says.

New Breed of Enterprise Networks Emerging

Building the network OS, the SD WANs, the satellites, and, crucially, raising money to fund it all, are parts of the execution phase Laser Light has now entered, following about three years of design and development. To date, the startup has been funded by its parent company.

Some of the elements are already under contract, including satellite payloads and ground nodes at network interconnection points, Brumley says, with the company waiting for the funding to execute those contracts.

Equinix’s Tarazi thinks there’s little doubt that the market for the type of service Laser Light is planning to provide is there. The question, he says, is how big that market will end up being. Will it be limited to places that are extremely underserved by terrestrial fiber, or will there be broader use cases? “It’s not a question of if people will use it,” he says.

There are potentially convincing use cases for companies that are now investing in the new breed of enterprise networks to enable distributed infrastructure for the Internet of Things. They are combining their own backbones with their own wireless spectrum for last-mile device connectivity and lots of edge computing nodes that aggregate device data. Any company that needs to push lots of data from lots of connected devices through its network will benefit from a service like Laser Light’s, which would provide many more network access options.

It is clear that new technologies will be needed to enable more data to come in from network edges, and, while he believes Laser Light is the first to make an attempt to make commercial free-space optics at global scale a reality, Tarazi thinks there will be more players using this and other kinds of tech that will change the way global networks are architected. “I think there will be more than one company,” he says. “It’s just the beginning of it.”


NGINX Gains Market Share in August’s Web Server Survey Sat, 27 Aug 2016 18:36:46 +0000 Netcraft’s August 2016 Web Server Survey, released this week, shows significant losses in market share for Apache, while NGINX boosted its market share nearly across the board.

Part of the boost for NGINX comes from the Tengine web server it powers for Chinese ecommerce giant Taobao, which gained over 200,000 active websites between them in the latest Netcraft Web Server Survey.

Microsoft made major gains in the total number of sites served, while Apache fell in the total number of sites served as well as active sites and web-facing computers.

Active sites using Tengine increased by 120,000 (7.3 percent), and NGINX gained 80,000 (0.2 percent). NGINX also gained the largest number of web-facing computers for the month, with 24,000, while Apache lost 107,000 (3.8 percent), despite gaining with web hosting providers, largely due to a drop in the number of consumer network attached storage (NAS) devices in use.

The launch of the open source, security-focused NGINX Plus Release 10 this week could further boost the company’s market share. The R10 version comes with a ModSecurity web application firewall (WAF), among other new features. While the NGINX project was launched in 2002, NGINX Inc. has only been selling products since 2013. R10 marks the third server release this year for the company.

“In today’s digital environment, a security breach is incredibly costly for any organization – both in lost revenue and damaged reputation. Consumers expect organizations to keep their information safe, and simply cannot allow themselves to be susceptible to major security incidents,” Gus Robertson, CEO of NGINX said in a statement. “With Web Application Firewall support and added security features in NGINX Plus we are providing additional tools to help customers keep their applications and data protected.”

NGINX has customer base has doubled over the past year to about 1,000 commercial customers, The New Stack reports, but the company intends to become a billion dollar company in the next 8 to 10 years. NGINX is focussed on growing its share of the market for enterprise and mid-market companies with mission-critical websites after receiving an $8 million investment in April.

More than 11,000 sites are already using Microsoft IIS 10.0, according to Netcraft, and almost all are using Windows Server 2016, although the server’s official launch is scheduled for the Ignite conference in September.

NGINX surpassed 28 percent of the top million busiest sites last month, while Apache, Microsoft, and Google all lost ground.


Slow Waning of the Enterprise Data Center, in Numbers Sat, 25 Jun 2016 06:46:49 +0000 While enterprise data centers aren’t going away completely any time soon, the amount of money companies are investing in these facilities and the IT gear they house is declining quickly. More and more workloads are moving to the cloud or into facilities operated by data center providers of various kinds, while corporate IT budgets, with a few exceptions, are flat or declining.

The latest data center industry survey by the Uptime Institute shows that the shift of enterprise IT workloads from corporate data centers to various versions of outsourced infrastructure is happening faster than previously expected. Survey data from previous years “suggested that the shift to cloud computing would be gradual for conservative enterprise IT organizations,” authors of the report on the latest survey wrote. “However, this year’s data indicate that those assumptions may be incorrect.”

About 1,000 data center operators and IT practitioners responded to the survey. They were split about equally between executives, IT management, and IT facilities staff.

Here are the key numbers from the Uptime Institute Data Center Industry Survey 2016:

71%: Estimated percentage of all IT assets currently sitting in enterprise data centers.

20%: Estimated percentage of all IT assets currently sitting in colocation data centers.

9%: Estimated percentage of all IT assets currently deployed in the cloud.

50%: Portion of enterprise IT budgets that have been either flat or shrinking over the last five years. Only about 10 percent have seen their budgets increase meaningfully, while the rest have seen modest increases.

55%: Portion of enterprise server footprints that have been either flat or shrinking over the last five years.

~50%: Portion of enterprise IT shops that said they were planning to cut spending on Hewlett Packard Enterprise and Dell equipment this year. HP Proliant and Dell PowerEdge are the two most critical server platforms in enterprise IT. Some of the spending will be redirected to converged hardware platforms. (451 Research, Uptime’s sister company)

30%: Portion of companies that said they would cut spending on HP Enterprise servers by more than 50% this year. (451 Research)

~50%: Percentage of senior executives who expect the majority of their IT workloads will be hosted in colocation data centers or in the cloud. Of them, 70 percent say this will happen over the next four years, and 23 percent say it will happen by next year.