How bad is ransomware? One insurer has dropped coverage for extortion payments.

The AXA Group logo is seen Feb. 21, 2019, at the company’s 2018 annual results presentation in Paris. The global insurance company said May 6, 2021, that it will stop writing cyber-insurance policies in France that reimburse customers for ransomware extortion payments. (Thibault Camus/AP)


The Linux Foundation’s demands to the University of Minnesota for its bad Linux patches security project

To say that Linux kernel developers are livid about a pair of University of Minnesota (UMN) graduate students playing at inserting security vulnerabilities into the Linux kernel for the purposes of a research paper “On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits” is a gross understatement. 

Greg Kroah-Hartman, the Linux kernel maintainer for the stable branch and well-known for being the most generous and easy-going of the Linux kernel maintainers, exploded and banned UMN developers from working on the Linux kernel. That was because their patches had been “obviously submitted in bad faith with the intent to cause problems.” 

The researchers, Qiushi Wu and Aditya Pakki, and their graduate advisor, Kangjie Lu, an assistant professor in the UMN Computer Science & Engineering Department of the UMN then apologized for their Linux kernel blunders. 

That’s not enough. The Linux kernel developers and the Linux Foundation’s Technical Advisory Board via the Linux Foundation have asked UMN to take specific actions before their people will be allowed to contribute to Linux again. We now know what these demands are.

The letter, from Mike Dolan, the Linux Foundation’s senior VP and general manager of projects, begins:

It has come to our attention that some University of Minnesota (U of MN) researchers appear to have been experimenting on people, specifically the Linux kernel developers, without those developers’ prior knowledge or consent. This was done by proposing known-vulnerable code into the widely-used Linux kernel as part of the work “On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits”; other papers and projects may be involved as well. It appears these experiments were performed without prior review or approval by an Institutional Review Board (IRB), which is not acceptable, and an after-the-fact IRB review approved this experimentation on those who did not consent.

This is correct. Wu and Lu opened their note to the UMN IRB by stating: “We recently finished a work that studies the patching process…


How bad can they get and how do you fight a cyberwar?

On the morning of June 27, 2017, it seemed as if Ukraine had slipped back in time and into the wrong century – almost nothing worked. Not the ATMs, the trains, the airports, the television stations. Even the radiation monitors at the old Chernobyl nuclear plant were down.

Ukraine, in the midst of a long and undeclared war with Russia, had been hit by mysterious blackouts before but this was eating through computer networks at a terrifying pace, turning screens dark across the country. And it seemed to be spreading further than intended, out through Europe and around the globe, paralysing hospitals and companies from London to Denver, even the Cadbury chocolate factory in Tasmania, and bringing swathes of the world’s shipping to a halt. By the time the culprit – a wild variant of malicious computer code (or worm) known as NotPetya – was stopped hours later, it had looped back into Russia, where it originated, and racked up about $US10 billion ($12.9 billion) in damage worldwide, making it the most expensive cyber attack to date.

No one died but the world had been given a glimpse of a new reality, beyond cyber espionage or sabotage. This was cyberwar. With modern life more connected than ever, you could unplug a nation before you’d even fired a shot.

Today, cyber weapons feature in the opening moments of most countries’ war plans, but they are deployed in peacetime, too, and the line between espionage, vandalism and outright attack is far from clear.

In 2016, the Australian government broke its relative silence on the cyber threat, revealing for the first time that Australia was actively engaged in cyberwarfare (against the terrorist group Islamic State in Syria and Iraq) and warning of a coming “cyber storm”. The army’s newest head of Information Warfare, Major General Susan Coyle, says it is now seeing an “exponential growth” in the range and sophistication of cyber weapons. Top companies and universities have been mined for personal data or found their networks suddenly paralysed; even Parliament itself has been infiltrated. But Coyle says Australia’s cyber forces are being rapidly trained to meet the…


Bad Bot Report 2021: The Pandemic of the Internet

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

The 8th Annual Bad Bot Report is now available from Imperva. Created using data from Imperva’s Threat Research Lab, it provides a comprehensive look at the bad bot landscape and the impact that this malicious traffic has across multiple industries.

Bad bot traffic amounted to 25.6 percent of all website traffic in 2020. This means that a record-breaking quarter of all internet traffic originated from bad bots last year.

Bad Bod Report Fig 1

Key findings from the 2021 Bad Bot Report:

Bad bot traffic now accounts for a quarter of all internet traffic. Increasing by 6.2 percent from the previous year, bad bot traffic now represents no less than a quarter of all internet traffic. Good bot traffic has risen 16 percent from last year, amounting to 15.2 percent of all traffic. Astoundingly, regardless of the increase in human traffic due to the global pandemic, human traffic decreased by 5.7 percent from last year to 59.2 of all traffic.

Telecom and ISPs were hit the hardest by bad bots. The bad bot problem is a cross industry one. Due to the wide variety of nefarious activities bad bots are capable of, such as account takeover using credential stuffing, to scraping of proprietary data, Grinchbots and more, their targets are varied, too. The top 5 industries with the most bad bot traffic include Telecom & ISPs (45.7%), Computing & IT (41.1%), Sports (33.7%), News (33%), and Business Services (29.7%).

Moderate and sophisticated bad bots still constitute the majority of bad bot traffic. Categorized as Advanced Persistent Bots or APBs, these accounted for 57.1 percent of bad bot traffic in 2020. These are plaguing websites and often avoid detection by cycling through random IP addresses, entering through anonymous proxies, changing their identities, and mimicking human behavior.

Bad bots have taken a liking to mobile identities. While Chrome remains a favorite identity for bad bots to impersonate, its overall share significantly dropped in 2020. Mobile clients like Mobile Safari, Mobile Chrome and others accounted for 28.1 percent of all bad bot requests in 2020. This is a significant increase compared to last year’s 12.9 percent.

Bad bots often originate from the same country they…