Trend Micro reports on Microsoft discovering polymorphic malware ‘Dexphot’ that affected 80,000 Windows systems

For over a year, Microsoft has been monitoring a malware strain they named “Dexphot” that has been infecting Windows devices since October last year, Trend Micro revealed in a recent post. The malware used computer resources to mine cryptocurrency and profit from the attack. It reached its peak in June 2019, infecting almost 80,000 computers before gradually decreasing over the next months because of Microsoft’s intervention.

Despite the typical malware payload, Microsoft claimed that monitoring the Dexphot gave them insight into not only on how the malware worked but also the techniques that cybercriminals currently use.

This was largely because of the way Dexphot behaved over the course of last year, as noted by Microsoft. The simple payload was delivered through complex techniques that were constantly updated by the malicious actors behind the malware strain.

Microsoft found that the Dexphot malware strain was dropped by another malware known as ICLoader, which is unknowingly installed on a user’s system as part of software bundles. Dexphot was found downloaded and installed in Windows systems that were infected by ICLoader.

While Microsoft Defender Advanced Threat Protection’s pre-execution detection engines blocked Dexphot in most cases, behavior-based machine learning models provided protection for cases where the threat slipped through. Given the threat’s persistence mechanisms, polymorphism, and use of fileless techniques, behavior-based detection was a critical component of the comprehensive protection against this malware and other threats that exhibit similar malicious behaviors.

Microsoft Defender ATP data shows the effectiveness of behavioral blocking and containment capabilities in stopping the Dexphot campaign. Over time, Dexphot-related malicious behavior reports dropped to a low hum, as the threat lost steam.

Dexphot used legitimate system processes for its malicious activities. It used legitimate Windows apps such as msiexec.exe, unzip.exe, rundll32.exe, schtasks.exe, and powershell.exe to decrypt its data files. Using such tools allows Dexphot to evade detection, as the system would consider its activities as normal processes.

In addition, the decrypted files contained three executable files which are never written on filesystem. They remain on memory. This means Dexphot also used fileless techniques.

Dexphot instead laces the first two executable files into other legitimate system processes like svchost.exe or nslookup.exe. These are monitoring services that maintain Dexphot components. Finally, it replaces setup.exe contents with its third executable, a cryptocurrency miner.

Microsoft saw that Dexphot switched miners throughout their monitoring, using both programs like XMRig and JCE.

Microsoft noted that Dexphot was a malware strain that was not likely to garner much attention for its common payload. However, it does paint a good picture of the techniques that had been pervasive throughout this year, namely living off the land and fileless techniques.

Trend Micro’s most recent security roundup reported that threat actors have been increasingly living off the land. In fact, detections for fileless threats was 18 percent higher during the first half of 2019 compared to the total count for 2018.

Remaining vigilant and wary of similar cases as Dexphot can help in defending against fileless threats moving forward. Organizations would need to consider solutions like behavioral indicators and traffic monitoring to defend against the unique challenges that fileless threats present.

Trend Micro's Smart Protection Suites deliver several capabilities like high-fidelity machine learning and web reputation services that minimize the impact of persistent, fileless threats. 

Trend Micro Apex One protection employs a variety of threat detection capabilities, notably behavioral analysis that protects against malicious scripts, injection, ransomware, memory and browser attacks related to fileless threats. Additionally, the Apex One Endpoint Sensor provides context-aware endpoint investigation and response (EDR) that monitors events and quickly examines what processes or events are triggering malicious activity. 

The Trend Micro Deep Discovery solution has a layer for email inspection that can protect enterprises by detecting malicious attachments and URLs. Deep Discovery can detect remote scripts even if it is not being downloaded in the physical endpoint.

ABI Research recognises blockchain innovators kicking up a storm in decentralized cloud

ABI Research has identified the 15 hot tech innovators in the space that are already kicking up a storm in the cloud space: 0Chain, ælf, Ankr, DFINITY, Ethernity, Edge, Filecoin, iExec, Internxt, Golem, PPIO, Oasis Labs, Sia, Sonm, and Storj. Together, these startups have amassed over $600 million in funding in the last three years, through VCs and token sales (initial coin offerings).

Traditional centralized cloud computing has become a consolidated market with heavy-weight incumbents making penetration by new market entrants difficult. As a result, the offerings are high-priced and often locked into other cloud services from the same provider. Further, the complex nature of cloud configuration and the centralization aspect has made data security an emerging risk. 

Over the last few years, the decentralized cloud market has emerged with the goal to displace public cloud service providers with cheaper, more secure blockchain-based compute and storage alternatives. 

“The technology being built promises significant cost benefits over traditional offerings from existing cloud services, with containers, blockchain, and trusted computing being leveraged for security as well as simplicity. As the startups launch their mainnets and commercial offerings, the cloud market is likely to undergo significant upheaval,” says Michela Menting, Digital Security Research Director at ABI Research.

The technology leveraged is relatively new and untested, with founding developers looking to improve on existing blockchain technologies used in applications like Bitcoin. 

“The startups in the space are developing the infrastructure and the networks to be more power-efficient and scalable, as well as more resistant to common blockchain vulnerabilities such as 51 percent attacks, consensus delays, selfish mining, smart contract, and Denial of Service,” Menting added. “Critically, they are set to give traditional cloud providers a run for their money by offering significantly lower price points for cloud services. They are achieving this by leveraging a network of peers to offer spare computing power and storage capacity in exchange for token-based incentives.”

These findings are from ABI Research’s Hot Tech Innovators: Decentralized Cloud Computing and Storage report. This report is part of the company’s Blockchain & DLT research service, which includes research, data, and ABI Insights. 

Hot Tech Innovators reports focus on companies at the forefront of transformational innovation, particularly those that are younger and less well-known than the incumbents, at the technological forefront of their markets, developing new business models, destabilizing the current market and prime acquisition targets.

Ericsson’s Cloud Packet Core strengthens SK Telecom’s 5G network; improves network performance, user experience

Ericsson was selected to deliver a Cloud Packet Core for SK Telecom’s 5G network. Ericsson’s Cloud Packet Core, part of the company’s Cloud Core portfolio, helps service providers to smoothly migrate to 5G Core (5GC) stand-alone architecture.

Ericsson’s Cloud Packet Core is at the business end of mobile broadband and IoT networks. It creates value, visibility and control of traffic and applications by determining the optimal quality of a service, then enforcing it through appropriate policy.

Building on virtual Evolved Packet Core (EPC) applications, Ericsson is dedicated to supporting customers on a smooth evolution from EPC to dual mode core operations, 5G EPC and 5GC. The company offers flexibility, fast time to market and efficiency in operations. 

On the way, Ericsson Cloud Packet Core - which supports over 100 commercial virtual EPC customer networks - provides a variety of use cases. Some of these are brand-new and are enabled by this new technology, while others are currently evolving use cases with a new level of automation and speed. 

Modernizing and managing capacity growth, adding sites, and migrating to datacenters. From complete virtual EPC and user management deployed in a single COTS server for thousands of users to traditional large-scale MBB operations with more than 10 million subscribers in tier 1 carriers.

The Cloud Packet Core portfolio supports network slicing already in 4G. This allows for multiple logical networks to be created on top of a commonly shared physical infrastructure and acts as a step towards a 5G Core architecture. 

The network evolution from EPC to 5G core plays a central role in creating a powerful network platform that is capable of being exposed and automated for service providers. This means service providers extract more value and become contributors to existing and emerging ecosystems. 

“By utilizing Ericsson’s Cloud Packet Core network solution, which realizes simplified network operations, we will unleash the full potential of new 5G-enabled use cases with greater efficiency,” said Jung Chang-kwan, vice president and head of infra engineering group, SK Telecom.

“This deal, and the opportunity to work with SK Telecom’s Network Functions Virtualization Infrastructure (NFVI), has put us in the ideal position to further strengthen their 5G network,” said Jan Karlsson, senior vice president and head of digital services, Ericsson. “Delivering our Cloud Packet Core solution will positively impact SK Telecom’s network operations and will reinforce Ericsson’s position as a leader in 5G core.”

SK Telecom switched on its commercial 5G network in December 2018 after selecting Ericsson as one of its primary 5G vendors. Previously, Ericsson provided radio access network (RAN) products, including mid-band massive MIMO.

Atos announces new Workplace as a Service offering for optimal employee experience with Google Cloud

Atos announces its new Workplace as a Service | Google Edition, part of its Atos Digital Workplace solutions, to provide enterprise customers with a way of enhancing the employee workplace experience, through greater choice for users and a boost to productivity. 

With Atos Digital Workspace, users combine skills, from advisory to consulting and design thinking through to business and vertical solutions, including applications to the digital workplace platform. It offers complete solution to customers, with its end-to-end workspace transformation, helping customers’ address their employees’ needs with no compromise on security.

As part of its partnership with Google Cloud, Atos is offering a unique integrated and secure package including the supply and support of Chromebooks with Atos’ Circuit software, as well as Google’s G Suite, supported with setup, migration and management services.

G Suite and Chromebooks, used together, provide an enhanced user experience, which is consistent across all devices and apps, enabling workforces to be more productive and engaged, while security and compliance are built-in and reinforced with a ‘zero trust’ security framework, which requires strict ID verification for every person and device trying to access resources, in order to prevent data breaches.

The offering is available in a subscription-based model, delivered by Atos, with self-service, automation and virtual agents embedded, so businesses can both optimize costs and at the same time transform the way people collaborate thereby increasing productivity.

G Suite is a set of apps such as Gmail, Docs, Drive, Calendar, and Hangouts, which are designed with real-time collaboration and machine intelligence to bring people together and help them work smarter and safer.

Circuit, the Atos unified communications and collaboration cloud solution, provides easy-to-use, powerful team collaboration capabilities and can be used in combination with existing communication platforms and business apps, such as G Suite.

“At Atos, we’re proud to support our customers in providing a secure and innovative workplace environment in which people and businesses are engaged and effective,” said Eric Grall, senior executive vice president and head of global operations and infrastructure & data management at Atos. “Our new Workplace as a Service offering provides enterprise customers with greater choice and a complete package to deliver an optimal employee experience and enhanced productivity.” 

“The cloud can transform the way people collaborate and get work done,” said Kevin Ichhpurani, corporate vice president, global ecosystem at Google Cloud. “This new service from Atos provides customers with a streamlined path to adopt a cloud-native approach to collaboration and productivity with G Suite and Chromebooks. We are delighted to partner with Atos to bring these capabilities to customers.”

Intel opposes Qualcomm’s appeal in US District Court; files brief supporting FTC

Intel files a brief supporting the Federal Trade Commission (FTC) and opposing Qualcomm’s appeal of the judgment rendered in May against Qualcomm by the United States District Court, Northern District of California. 

The District Court found that “Qualcomm’s licensing practices have strangled competition in the CDMA and premium LTE modem chip markets for years, and harmed rivals, OEMs and end consumers.” The District Court also found that Qualcomm’s conduct “unfairly tends to destroy competition itself.”

Intel agrees with the District Court’s findings. Intel suffered the brunt of Qualcomm’s anticompetitive behavior, was denied opportunities in the modem market, was prevented from making sales to customers and was forced to sell at prices artificially skewed by Qualcomm. 

Qualcomm would have you believe that its position in the market today — as the last surviving U.S. supplier of premium modem chips — is due to its “ingenuity and business acumen,” and that its rivals in the market failed simply because “they did not offer good enough chips at low enough prices.” This is simply not true.

Instead, as detailed in the District Court’s opinion and in our brief, Qualcomm maintained its monopoly through a brazen scheme carefully crafted and implemented over many years. This scheme consists of a web of anticompetitive conduct designed to allow Qualcomm to coerce customers, tilt the competitive playing field and exclude competitors, all the while shielding itself from legal scrutiny and capturing billions in unlawful gains.

The victims were Qualcomm’s own customers (original equipment manufacturers or OEMs), the long list of competitors it forced out of the modem chip market, including Intel, and ultimately consumers. 

Intel fought for nearly a decade to build a profitable modem chip business, and invested billions, hired thousands, acquired two companies and built innovative products that eventually made their way into Apple’s iPhones, including the most recently released iPhone 11. 

But when all was said and done, Intel could not overcome the artificial and insurmountable barriers to fair competition created by Qualcomm’s scheme and was forced to exit the market this year.

“As I have pointed out before, the District Court’s decision finding Qualcomm violated the antitrust laws comes on the heels of governmental entities around the globe reaching the same conclusion,” wrote Steven R. Rodgers is executive vice president and general counsel at Intel, in a post. “As a result of its anticompetitive practices, Qualcomm has been fined nearly $1 billion in China, $850 million in Korea, $1.2 billion by the European Commission and $773 million in Taiwan (later reduced in settlement). The FTC, however, did not seek monetary relief. Instead, it sought injunctive relief to prevent Qualcomm from continuing to engage in its unlawful conduct.”

Among other things, the District Court prohibited Qualcomm from continuing to implement the central component of its scheme, its coercive “no license, no chips” (NLNC) policy. Under the policy, Qualcomm cuts off handset OEMs’ purchases of modem chips unless they enter into a patent license agreement on Qualcomm’s terms. These onerous, one-sided terms enable Qualcomm to artificially lower the price of its modems while simultaneously inflating customers’ costs of using modem chips manufactured by competitors, like Intel, by charging royalties as large as the price of the modems themselves. 

The District Court concluded that the NLNC policy, together with other anticompetitive behavior on Qualcomm’s part, unlawfully distorted and, in fact, destroyed the competitive playing field.

The world benefits from fair competition in the wireless technology market. Given the importance of wireless technology to the future of connected computing, including the revolutionary promise of 5G, we strongly support the efforts of the FTC and other law enforcement agencies to require Qualcomm to obey the laws and compete on a level playing field.

“We hope our amicus brief will help in clarifying the full extent of the harm that Qualcomm’s unlawful behavior has caused and will continue to cause if left unchecked,” Stevans added.

AutoStore delivers flexible, high-density storage solution enabling retailers to deliver products to consumers in record time

AutoStore, vendor of high-density storage with an existing robotic cube-based, automated storage and retrieval system that has transformed the logistics and delivery process for businesses across the globe. The system has evolved to accommodate the increasing demands on retailers to change and stock inventory at speed and deliver goods to consumers within same-day or several hour timeframes.

Consumers are demanding more choices and are more willing to change brand allegiance to get better value and service. To remain competitive, retailers, whether big box or independent, require a presence across multiple channels – stores, online, social networking and mobile. Same-day delivery and immediate local-store pick-up are no longer perks for online shoppers, they are expectations.

Micro-fulfilment presents one of the largest challenges for business owners and retailers to not only store ever-changing inventory within a warehouse, but to ensure the warehouses are close enough to consumers. Managing fulfilment of consumer goods and groceries from regional distribution centres does not accommodate customised needs of consumers, nor can it sustain cost efficiency.

AutoStore provides a solution for the future of logistics and warehousing with micro-fulfilment at the retail store level. The pioneering Cube Storage Automation system offers the densest product/inventory storage solution in existence, where up to 15,000 SKUs can be stored within 604 sq meters. 

Modular in design, the system can be configured to fit different store ceiling heights and obstacles and suits a range of environments – from back-of-house of a grocery retailer to retail spaces for consumer products.

The AutoStore system contains a three-dimensional aluminum grid structure with self-supporting crates that are moved to pick stations by independently operating robots, providing swift and accurate movement of orders. Each robot has two sets of wheels that enable it to move along perpendicular axes, and this makes it possible for all robots to reach any position, and any crate on the grid independently – providing near 100 percent system availability.

For customers who would prefer to collect their items, AutoStore's pick-up points play a critical role in maintaining high-volume throughout for output workstations. Online orders can be consolidated in less than 10 minutes and confirmed in the system for customers to collect at any time. Orders can be retrieved from the system in just a few minutes, and customers can choose their preferred option to collect pre-picked orders, whether in-store or for home delivery.

“AutoStore delivers the flexibility and scalability needed for streamlining automated fulfillment of online orders, which is absolutely critical to accommodate increasingly higher numbers of SKUs, and seasonal spikes in ordering," said Karl Johan Lier, CEO and president of AutoStore. "It gives retailers the flexibility to make more targeted decisions about where they believe automated micro-fulfilment will be most beneficial."

Qualstar releases prototype enterprise class library offering with Sony Imaging

Qualstar Corp., provider of data storage systems, has developed a prototype enterprise class library solution with Sony Imaging Products & Solutions.

The highly scalable enterprise class library solution leverages Qualstar’s expertise and experience in designing efficient robotic-based storage systems. Utilizing Sony’s Optical Disc Archive Generation 3 technology, a single library will scale from 4.7 PB up to 50 PB. It can scale out to multi-library cluster configurations capable of managing hundreds of petabytes of archive data.

“Today’s supercomputing environments need high capacity, scalable data storage solutions to archive data for a longer period of time,” said Arun Vaishampayan, Qualstar’s vice president of global sales. “Sony’s Optical Disc Archive Generation 3 storage platform fulfills the needed requirements of this market.”

“We are delighted with the progress of this project,” said Steven N. Bronson, CEO of Qualstar. “We believe the jointly developed product will serve the needs of our valued customers and open new markets for optical devices.”