Featured Article: Emotnet: A Million Bucks per Incident

In the light of a reported recent victory by Europol in trying to stop the particularly dangerous Emotet malware, we look at what it is, how it is spread, and how to try and guard against it.

What Is Emotet?

Emotet is a computer malware program, believed to be Russian in origin, that was originally developed in the form of a banking Trojan. It was first detected in 2014 when customers of German and Austrian banks were affected by the Trojan.  Emotet is a bot/zombie meaning that it is malware which checks back to command-and-control servers operated by cybercriminals and as such, can be given more new instructions on what to do next.

Spread
Emotet has traditionally been spread in the first place via infected word documents in emails (phishing) using a number of different lures over time to trick the recipient into clicking on the infected link.  Past email campaigns have included invoices, shipping notices and information about COVID-19.

According to Kaspersky, Emotet is able to continue spreading by using ‘Outlook harvesting’, whereby the Trojan reads emails from users already affected and creates its own (deceptively real) emails, containing an infected Word document with a malicious link, that appears legitimate and personal and stand out from ordinary spam emails. Emotet is then able to send these phishing emails to stored contacts like friends, family members, and work colleagues.

Bots / Zombies That Check Back and Can Be Used as part of a ‘Botnet’.

The infrastructure that has been created by victims who have downloaded Emotet’s bots/zombie malware can mean that a cyber-criminal can choose to use a group of zombie computers as part of a whole botnet i.e., a number of internet-connected devices, each of which is running one or more bots, to launch a variety of different attacks.  This is because once a computer has become infected it is added to the Emotet botnet which uses the particular computer as a downloader for other threats. 

When a device is infected (e.g. due to someone clicking on the link in the infected Word document sent via email), a botnet of Emotet infected machines is used to penetrate associated systems using brute-force attacks (DDoS, mass spam emails, click fraud in adverts and more). Emotet then delivers modules to extract passwords from local apps and spreads sideways to other computers on the same network as well as stealing entire email threads to be reused for spam campaigns. Emotet can also be used to provide Malware-as-a-Service (MaaS) to other malware groups to rent access to the Emotet-infected computers.

Danger

There are several factors that have made Emotet a particularly dangerous threat.  These include:

– It is polymorphic. This means that its code changes a little every time it is accessed. In this way, it is able to keep evading anti-virus programs.

– The fact that it continually adds infected devices to an ever-growing botnet (Emotnet) and checks back for more instructions means that it is essentially a growing infrastructure that can be repeatedly exploited by cybercriminals, as and when they wish.

– As of February last year, researchers (Binary Search) discovered that Emotet can attack Wi-Fi networks, then scan all wireless networks nearby and use a password list to try and gain access to those networks and the devices on them.  This gives it incredible potential spreading power.

– The extent of the damage that it causes and its spread means that the clean-up operation for Emotet is very expensive.  For example, in the US, the Department of Homeland Security estimates that the cost of the clean-up for Emotet attacks is estimated at around one million US dollars per incident.

What To Do and Checking

The Japanese CERT (Computer Emergency Response Team) has published a tool called EmoCheck which claims to be able to detect the kinds of typical character strings that are associated with a Trojan like Emotet.  This tool can be downloaded from the JPCERTCC Github: https://github.com/JPCERTCC/EmoCheck

If a computer is infected with Emotet, security experts suggest informing those in your personal circle about the infection (due to the email contact threat), isolating the computer from the network, using a separate device to change all login data for all accounts (email accounts, web browsers) and then cleaning all computers connected to the network, one by one, using an antivirus.

Protection

Although there is no 100 per cent guaranteed way to protect against a constantly changing polymorphic Trojan like Emotet, there are some measures that can be taken to minimise infection risk.  These include:

– Keep up to date with all computer and security updates and make sure that anti-virus software is up to date.

– Make sure that your data is being regularly backed up to a secure location.

– Only use very strong passwords and don’t share them between different accounts.

– Set the computer to display file extensions by default, thereby allowing possible detection of dubious files, e.g. self-extracting zipped executable files (.exe).

Recent Developments

Europol claims that because of co-ordinated action between itself and Eurojust (the European Union Agency for Criminal Justice Cooperation in the Hague) it has managed to seriously disrupt the Emotet infrastructure, thereby seriously reducing the threat.  Europol says that a collaborative effort between authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada, and Ukraine means that investigators have taken control of the Emotet infrastructure thereby disrupting “one of most significant botnets of the past decade”.

Google’s Record Advertising and Cloud Sales Due To Pandemic

Alphabet Inc’s (Google’s) quarterly sales for its advertising and cloud businesses exceeded expectations to hit record levels, helped by the pandemic driving retail and clients online.

Figures

Google’s advertising business, which includes YouTube, made up 81 per cent of Alphabet’s record $56.9 billion in quarterly sales (fourth quarter).  This represented a massive 23 per cent rise on one year ago. Also, Alphabet’s cloud sales were $3.83 billion, or $13.1 billion for the full year. This represents a 46 per cent rise from 2019 figures. These increased sales have meant a $17 billion increase in Alphabet’s cash in 2020 (up to $137 billion), and news of the big sales figures prompted an 8 per cent jump in Alphabet’s share price.

Why?

Several analysts have noted that the lockdown over the Christmas-period was one of the reasons why many advertisers, including many of those who had been hard hit by the pandemic, returned to Google, and put more of their budgets into online advertising with Google as a way to reach their audience who had pretty much retreated online. 

Also, with the news that vaccines had been developed and with some hope in sight, sectors such as travel started to advertise again to get future bookings, thereby fuelling Google’s ad sales even more.

Another interesting reason for Google’s fourth-quarter ad sales growth, particularly in the U.S., where the traditional TV audience has become particularly fragmented and more than 100m people now watch YouTube on their TV screens, was a move by advertisers to reach those people by consumer brands.

Cloud Division

Although Google’s results showed that its cloud division as a whole made an operating loss of $1.24 billion, there appears to be a feeling that this is a longer-term initiative for Google and there is a plus side in the form of a backlog of cloud business at the end of the year of $30bn which is still more than three times the amount there was at the end of last year.

Costs and Threats

Alphabet has had some high costs in recent years such as its licensing programming for YouTube, operating its data centres and stocking consumer products plus Alphabet also now faces the threat of a generally shrinking lead over the global internet advertising market as it faces competition from the likes of Amazon.com and Alibaba.

What Does This Mean For Your Business?

These figures relate to the last quarter of last year and appear to reflect how, with lockdown restrictions in place over Christmas, advertisers decided to spend more to advertise online as many consumers simply turned to online shopping.  Also, the figures reflect (particularly in the US) companies trying to reach a fragmented audience by spending more on YouTube advertising, and show how brands such as travel brands started advertising online again knowing that vaccines could mean that the next year’s holidays would be back on.  In general, the big spend on online advertising with Google reflects how at the end of last year consumers were still relying heavily online for all parts of their buying processes and companies needed (as they still do to a large extent) to advertise more online in order to reach them.

Amazon AI Cameras Prompt “Mobile Surveillance” Privacy Row

The fact that Amazon has started using AI-powered cameras in delivery vans that constantly record footage of drivers has led to accusations of mobile corporate surveillance.

Cameras

The Driveri combined video recording and AI cameras have been introduced to the cab of Amazon delivery vans to record drivers with the stated intention of helping to improve driving.  The system has four separate HD cameras comprising of a road-facing view, a driver-facing view and two side views. The system films/records all the time but only uploads footage if one of 16 different factors (safety triggers) is observed.  For example, this could be drowsiness, speeding or sharp braking.

The system can also issue verbal warnings to drivers based upon the detection of certain safety triggers.  For example, it has been reported that a driver yawning prompts the system to pull over and take a break for 15 minutes.

The system has no audio or live-view functionality, and the drivers can turn off the cameras facing them only while their vehicle is stopped.  As soon as the vehicle moves, however, this starts the cameras working again.

The Footage

The footage from the cameras is sent to Amazon’s last-mile trust and safety team to be shared and used for coaching by the driver’s Delivery Service Partner (DSP) program, and also for any investigations (e.g. theft or property damage).

Amazon Says…

Amazon says that the cameras are intended to support drivers in being safer on the road and in being able to better handle incidents if they happen, thereby being able to “set up drivers for success”.

Critics Say…

Critics, on the other hand (of which there are many), have generally made the point that the cameras represent an unwelcome form of surveillance and invasion of privacy for the drivers and for the wider public. 

For example, digital rights advocacy group ‘Fight for the Future’ Tweeted “Amazon’s plan to install artificial intelligence-powered cameras on its fleet of thousands of delivery vehicles amounts to the largest expansion of corporate surveillance in human history. We’ll be launching a campaign this week to stop this nightmare.”   Evan Greer of Fight For the Future Tweeted that “every Amazon vehicle will now also be an Amazon surveillance camera. And right now there are essentially no laws in place to govern what Amazon can do with all that footage once they collect it” and that “Basically this means any time you see an Amazon delivery vehicle in your neighbourhood, it will be watching and recording you. The potential for abuse is staggering. This turns every single Amazon delivery vehicle into a mobile surveillance machine. Orwellian is an understatement.”

Also, the Director of the UK’s Big Brother Watch privacy group, Silkie Carlo, has been quoted as saying that “Amazon’s appetite for surveillance knows no bounds. This intrusive, constant monitoring of employees creates an oppressive, distrustful, and disempowering work environment that completely undermines workers’ rights”.  The GMB union have also expressed similar concerns about the use of the cameras and there have been reports that Amazon Drivers in a private Reddit group have expressed fears about what could happen to them if they made driving mistakes that were noted by the cameras.

Tips

Amazon has also been on the negative side of the news over a Federal Trade Commission (FTC) complaint in the US, alleging that Amazon’s Flex program took almost $62 million in tips from its drivers between 2016 and 2019.

What Does This Mean For Your Business?

For Amazon, using cameras to film drivers to improve performance and settle disputes may seem like a practical solution but there is clearly a great deal of suspicion and a lack of trust about Amazon and its motives among privacy groups, unions, drivers, and others.  Rights such as privacy, together with not having to feel like big brother is always watching you, is something that most workers value.  Amazon, however, is a very large and powerful company that has become even more powerful during the pandemic and it is clearly going to become much more difficult and costly for workers, unions, rights/privacy groups and others to stand up to Amazon and hold them to account, particularly when, even though the story represents bad PR, it is unlikely to hit Amazon sales.  Nevertheless, this kind of story is extremely negative and is likely to attract public sympathy even if it doesn’t affect their loyalty and now it remains to be seen how Amazon will respond in rolling out this program that sounds like something it had committed to going ahead with.

‘Custom Neural Voice’ Available From Microsoft

Microsoft has announced the general availability of a one-of-a-kind customised, synthetic voice for brands, generated using Custom Neural Voice, the Text-to-Speech (TTS) feature of Speech in Azure Cognitive Services.

What Is It?

The Custom Neural Voice from Microsoft uses deep neural networks and a powerful base model built with speech data from many different speakers to create a Neural “text-to-speech” (TTS) model that is able to learn the way phonetics are combined in natural human speech rather than using classical programming or statistical methods. The result is a very natural sounding voice.

Microsoft is now inviting a customer to apply to be approved to use it, or developers can now add TTS capabilities to their apps by creating an Azure Speech instance and selecting from over 200 pre-built TTS and Neural TTS voices across 54 languages/locales.

Benefits

The benefit of this synthetic voice system is that it does not require a large volume of voice data to produce a fluent, natural sound because of the extra power of the deep neural networks and base model. Users can, therefore, expect to be able to build realistic voices with just a small number of training audios and companies can spend a fraction of the effort traditionally needed to prepare training data while at the same time increasing the naturalness of the synthetic speech output when compared to traditional training methods.

Why Have A Brand Voice?

According to Microsoft, we are now in a world where voice-based interactions are increasingly becoming the norm and, therefore, “your voice is your brand”. Microsoft says that a recognisable digital brand voice can help customers connect with a brand in new ways.

Microsoft points out that it has received interest in customised synthetic brand voices from a range of businesses across the Media and Entertainment, Telecom, Automobile, Education, and Hospitality sectors.  Examples of where/how a brand voice can be used include usage for apps, on a website (customer service chatbots), in videos, on the telephone (centre operations combined with conversational AI), on a range of devices (e.g. phones, speakers, TV/cable boxes), in cars as a key interaction point with customers, smart voice assistants, in online learning materials and audio books, for public service announcements (stations, airports and venues), or as assistive technology to help with accessibility.

What Does This Mean For Your Business?

Bots are commonplace these days and as Microsoft’s announcement demonstrates, the technology to quickly create a realistic ‘brand voice’ and the opportunities for companies to use one are now much more common and widespread.  Realistic, AI-powered voices can be really helpful to companies that want to scale-up customer service without huge expense, plus it is a flexible tool that can help companies to re-enforce their brand in a very modern way.  Giving people access to the power of their deep neural networks and base model means that for companies wanting to use Microsoft’s synthetic voice (which companies can apply to do here https://techcommunity.microsoft.com/t5/azure-ai/build-a-natural-custom-voice-for-your-brand/ba-p/2112777) can a get a really professional sounding brand voice together much more quickly for a fraction of the effort than if they used other traditional methods.  Making this technology available, albeit by application, means that many more, smaller businesses can now seriously consider having their own realistic-sounding voice/bot. The pace at which this kind of technology is developing is good news for all kinds of companies looking to use this as an element of their service in the near future.

Tech Tip – PDFs From Almost Anything

PDFs are really useful files for sharing and printing and one good thing about Windows 10 is that it enables you to make a pdf out of almost anything.  Here’s how:

– From any Windows 10 app, use the Print command.

– In the Print dialogue box, select Microsoft Print to PDF as the destination printer. 

– Adjust the other option to suit e.g., orientation, virtual page size.

– Select Print, specify the name and location of the final document and then click Start to create the pdf.