Day: August 29, 2023

A global operation led by the FBI has dismantled one of the most notorious cybercrime tools used by criminals to infect computers, launch ransomware attacks and steal sensitive data.

The FBI and its international partners disrupted the Qakbot infrastructure and seized nearly $9 million in cryptocurrency in illicit profits during the Friday operation, officials announced on Tuesday.

Qakbot, a sophisticated botnet and malware that infected more than 700,000 computers around the world, wreaked havoc for nearly 15 years.

The malicious software, also known as Qbot, enabled hackers to launch ransomware attacks and extort millions of dollars from victims.

The botnet first emerged in 2008 as a tool to steal banking credentials but evolved over time to become a powerful weapon for cybercriminals.

Martin Estrada, the U.S. attorney for the Central District of California, and Don Alway, the FBI assistant director in charge of the Los Angeles field office, announced the operation at a news conference in Los Angeles.

Estrada called the operation “the largest U.S.-led financial and technical disruption of a botnet infrastructure.”

“Qakbot was the botnet of choice for some of the most infamous ransomware gangs, but we have now taken it out,” he said.

Law enforcement agencies from France, Germany, the Netherlands, the United Kingdom, Romania and Latvia took part in the operation, code-named Duck Hunt.

Law enforcement officials described Qakbot as a “backbone malware” that supported a vast cybercrime ecosystem. It was advertised and sold on underground cybercrime forums, some of which have been taken down by the FBI.

Hackers used the botnet and other malware to launch ransomware attacks on U.S. critical sectors such as hospitals, schools, police departments and local governments. The attacks disrupted services and cost millions of dollars.

“Stopping cybercrime is a matter of national security,” Estrada said

Qakbot’s reach was global.

“We assess that there are millions of victims,” a senior FBI official said during a background call with reporters. “Virtually every country in the world has a victim there.”

To disrupt Qakbot, the FBI seized the botnet’s command and control servers and rerouted its traffic to servers controlled by the FBI. Users of infected computers were in turn asked to download a file created by law enforcement that would uninstall Qakbot malware.

The operation was part of a new broader “proactive” strategy by U.S. law enforcement to disrupt cybercriminals and the networks that support them, the FBI official said.

“This is part of our overarching strategy to put consistent pressure on the adversary,” the official said.

Officials declined to say if any arrests have been made in connection with Qakbot, saying the investigation into the malware is ongoing.

Meanwhile, the U.S. State Department’s Rewards for Justice program announced a new reward of up to $10 million for information on anyone who, under a foreign government’s direction, targets U.S. critical infrastructure with cyberattacks.

Cyber security firm Check Point Research said Qakbot was operated by Eastern European cybercriminals.

The bot was the “most prevalent malware” in the world, affecting 11% of corporate computer networks in the world, Check Point Research said.

In a statement, Sergey Shykevich, threat intelligence manager at the company, lauded the FBI operation but said it “remains to be seen whether it was a full takedown or whether the operators will be back.”

Cybercrime is expected to cost the world $8 trillion in 2023, according to Cybersecurity Ventures, which researches the global cyber economy.
…

Meta on Tuesday said it purged thousands of Facebook accounts that were part of a widespread online Chinese spam operation trying to covertly boost China and criticize the West.

The campaign, which became known as “Spamouflage,” was active across more than 50 platforms and forums including Facebook, Instagram, TikTok, YouTube and X, formerly known as Twitter, according to a Meta threat report.

“We assess that it’s the largest, though unsuccessful, and most prolific covert influence operation that we know of in the world today,” said Meta Global Threat Intelligence Lead Ben Nimmo.

“And we’ve been able to link Spamouflage to individuals associated with Chinese law enforcement.”

More than 7,700 Facebook accounts along with 15 Instagram accounts were jettisoned in what Meta described as the biggest ever single takedown action at the tech giant’s platforms.

“For the first time we’ve been able to tie these many clusters together to confirm that they all go to one operation,” Nimmo said.

The network typically posted praise for China and its Xinjiang province and criticisms of the United States, Western foreign policies, and critics of the Chinese government including journalists and researchers, the Meta report says.

The operation originated in China and its targets included Taiwan, the United States, Australia, Britain, Japan, and global Chinese-speaking audiences. 

Facebook or Instagram accounts or pages identified as part of the “large and prolific covert influence operation” were taken down for violating Meta rules against coordinated deceptive behavior on its platforms.

Meta’s team said the network seemed to garner scant engagement, with viewer comments tending to point out bogus claims.

Clusters of fake accounts were run from various parts of China, with the cadence of activity strongly suggesting groups working from an office with daily job schedules, according to Meta.

‘Doppelganger’ campaign

Some tactics used in China were similar to those of a Russian online deception network exposed in 2019, which suggested the operations might be learning from one another, according to Nimmo.

Meta’s threat report also provided analysis of the Russian influence campaign called Doppelganger, which was first disrupted by the security team a year ago.

The core of the operation was to mimic websites of mainstream news outlets in Europe and post bogus stories about Russia’s war on Ukraine, then try to spread them online, said Meta head of security policy Nathaniel Gleicher.  

Companies involved in the campaign were recently sanctioned by the European Union.

Meta said Germany, France and Ukraine remained the most targeted countries overall, but that the operation had added the United States and Israel to its list of targets.

This was done by spoofing the domains of major news outlets, including The Washington Post and Fox News.

Gleicher described Doppelganger, which is intended to weaken support of Ukraine, as the largest and most aggressively persistent influence operation from Russia that Meta has seen since 2017.
…

Cameroon officials say a fifth case of polio was reported in the capital, Yaounde, this week, despite the launching of a new polio vaccination campaign in the central African country and its neighbors. Health officials are increasing surveillance and encouraging parents, many of whom still resist vaccination programs, to have their children inoculated. 

Cameroon’s health ministry says that five cases of type-2 poliovirus variants were discovered in the central African state’s capital, Yaounde, this week.  

The Cameroon government says sequencing results indicate the virus belongs to the NIE-ZAS-1 group that circulates in Niger, Chad, Cameroon and Nigeria.

The five cases constitute a national public health emergency given the high risk of the virus spreading very fast in the ongoing rainy season, according to the government.

Alma Mpiki is a pediatrician at Cameroon’s health ministry. She said to stop the spread of the disease as soon as possible the government of Cameroon has increased efforts to vaccinate all children under the age of five.

“There are still sporadic cases (of polio), that is why even though we are beginning to move towards the injectable form of the vaccines, we still continue to give the oral vaccination which is helpful and more efficient in protecting children,” she said.

Alma said the government is sending caravans to markets and communities to ask civilians to make sure all children are vaccinated.

Poliomyelitis is a highly infectious disease that is caused when the polio virus invades the nervous system of an infected person. The World Health Organization says polio has no cure and can cause paralysis and even death. 

The outbreak was reported three months after the launch of Africa’s largest polio vaccination campaign since 2020.

Cameroon health officials say they joined the massive inoculation exercise to reach out to children whose parents were refusing to take the children to hospitals for inoculation because of fear of the coronavirus.

Tchockfe Shalom Ndoula is the permanent secretary of Cameroon’s Expanded Vaccination Program.

Tchokfe said the inoculation exercise launched in May was a combined effort by Cameroon, Chad, the Central African Republic and Niger to immunize a total 21 million children under the age of five. He said before this week’s outbreak in Cameroon, 14 type-2 poliovirus infections were detected in sub-Saharan African countries.

Tchocfe said one case was detected in Niger, six confirmed cases were reported in Chad, and seven more in the Central African Republic since January.

Cameron’s health ministry says more than three million children in the country have been inoculated against polio since May. 
…

The tech industry is rushing to unlock the potential of artificial intelligence, and AI hackathons — daylong collaborations using the technology to tackle real-world problems — are increasing in popularity. From the state of Washington, Natasha Mozgovaya has more.
…

The blood thinner Eliquis and popular diabetes treatments including Jardiance are among the first drugs that will be targeted for price negotiations in an effort to cut Medicare costs.

President Joe Biden’s administration on Tuesday released a list of 10 drugs for which the federal government will take an unprecedented step: negotiating drug prices directly with the manufacturer.

The move is expected to cut costs for some patients but faces litigation from the drugmakers and heavy criticism from Republican lawmakers. It’s also a centerpiece of the Democratic president’s reelection pitch as he seeks a second term in office by touting his work to lower costs for Americans at a time when the country has struggled with inflation.

The diabetes treatments Jardiance from Eli Lilly and Co. and Merck’s Januvia made the list, along with Amgen’s autoimmune disease treatment Enbrel. Other drugs include Entresto from Novartis, which is used to treat heart failure.

“For many Americans, the cost of one drug is the difference between life and death, dignity and dependence, hope and fear,” Biden said in a statement. “That is why we will continue the fight to lower healthcare costs — and we will not stop until we finish the job.”

Biden plans to deliver a speech on health care costs from the White House later Tuesday. He’ll be joined by Vice President Kamala Harris.

The drugs on the list announced Tuesday accounted for more than $50 billion in Medicare prescription drug costs between June 1, 2022, and May 31, according to the Centers for Medicare and Medicaid Services, or CMS.

Medicare spent about $10 billion in 2020 on Eliquis, according to AARP research. The drug treats blood clots in the legs and lungs and reduces the risk of stroke in people with an irregular heartbeat called atrial fibrillation.

The announcement is a significant step under the Inflation Reduction Act, which Biden signed last year. The law requires the federal government for the first time to start negotiating directly with companies about the prices they charge for some of Medicare’s most expensive drugs.

More than 52 million people who either are 65 or older or have certain severe disabilities or illnesses get prescription drug coverage through Medicare’s Part D program, according to CMS.

About 9% of Medicare beneficiaries age 65 and older said in 2021 that they did not fill a prescription or skipped a drug dose due to cost, according to research by the Commonwealth Fund, which studies health care issues.

The agency aims to negotiate the lowest maximum fair price for drugs on the list released Tuesday. That could help some patients who have coverage but still face big bills such as high deductible payments when they get a prescription.

Currently, pharmacy benefit managers that run Medicare prescription plans negotiate rebates off a drug’s price. Those rebates sometimes help reduce premiums customers pay for coverage. But they may not change what a patient spends at the pharmacy counter.

The new drug price negotiations aim “to basically make drugs more affordable while also still allowing for profits to be made,” said Gretchen Jacobson, who researches Medicare issues at Commonwealth.

Drug companies that refuse to be a part of the new negotiation process will be heavily taxed.

The pharmaceutical industry has been gearing up for months to fight these rules. Already, the plan faces several lawsuits, including complaints filed by drugmakers Merck and Bristol-Myers Squibb and a key lobbying group, the Pharmaceutical Research and Manufacturers of America, or PhRMA.

PhRMA said in a federal court complaint filed earlier this year that the act forces drugmakers to agree to a “government-dictated price” under the threat of a heavy tax and gives too much price-setting authority to the U.S. Department of Health and Human Services.

PhRMA representatives also have said pharmacy benefit managers can still restrict access to drugs with negotiated prices by moving the drugs to a tier of their formulary — a list of covered drugs — that would require higher out-of-pocket payments. Pharmacy benefit managers also could require patients to try other drugs first or seek approval before a prescription can be covered.

Republican lawmakers also have blasted the Biden administration for its plan, saying companies might pull back on introducing new drugs that could be subjected to future haggling. They’ve also questioned whether the government knows enough to suggest prices for drugs.

CMS will start its negotiations on drugs for which it spends the most money. The drugs also must be ones that don’t have generic competitors and are approved by the Food and Drug Administration.

CMS plans to meet this fall with drugmakers that have a drug on its list, and government officials say they also plan to hold patient-focused listening sessions. By February 2024, the government will make its first offer on a maximum fair price and then give drugmakers time to respond.

Any negotiated prices won’t take hold until 2026. More drugs could be added to the program in the coming years.
…

Toyota said Tuesday it has been hit by a technical glitch forcing it to suspend production at all 14 factories in Japan.

The world’s biggest automaker gave no further details on the stoppage, which began Tuesday morning, but said it did not appear to be caused by a cyberattack.

The company said the glitch prevented its system from processing orders for parts, resulting in a suspension of a dozen factories or 25 production lines on Tuesday morning.

The company later decided to halt the afternoon shift of the two other operational factories, suspending all of Toyota’s domestic plants, or 28 production lines.

“We do not believe the problem was caused by a cyberattack,” the company said in a statement to AFP.

“We will continue to investigate the cause and to restore the system as soon as possible.”

The incident affected only Japanese factories, Toyota said.

It was not immediately clear exactly when normal production might resume. 

The news briefly sent Toyota’s stocks into the red in the morning session before recovering.

Last year, Toyota had to suspend all of its domestic factories after a subsidiary was hit by a cyberattack.

The company is one of the biggest in Japan, and its production activities have an outsized impact on the country’s economy.

Toyota is famous for its “just-in-time” production system of providing only small deliveries of necessary parts and other items at various steps of the assembly process.

This practice minimizes costs while improving efficiency and is studied by other manufacturers and at business schools around the world, but also comes with risks.

The auto titan retained its global top-selling auto crown for the third year in a row in 2022 and aims to earn an annual net profit of $17.6 billion this fiscal year.

Major automakers are enjoying a robust surge of global demand after the COVID-19 pandemic slowed manufacturing activities.

Severe shortages of semiconductors had limited production capacity for a host of goods ranging from cars to smartphones.

Toyota has said chip supplies were improving and that it had raised product prices, while it worked with suppliers to bring production back to normal. 

However, the company was still experiencing delays in the deliveries of new vehicles to customers, it added.
…

An 8-centimeter worm has been found alive in the brain of a woman in Australia, and researchers say it is the first time the parasite has ever been discovered in humans.

The worm was extracted from the patient’s brain during surgery in the Australian capital, Canberra, in June 2022.

The extraordinary case has been documented in the latest edition of the journal Emerging Infectious Diseases.

The red 8-centimeter-long worm was alive and wriggling when it was pulled from the patient’s brain.  Scientists believe it could’ve been there for up to two months before it was extracted.  

Sanjaya Senanayake, an associate professor of medicine at the Australian National University and an infectious disease physician at Canberra Hospital was one of the researchers involved in the case.

He described to VOA the moment the surgeon made the unexpected discovery.

“She and everyone (in) that operating theatre got the shock of their life when she took some forceps to pick up an abnormality and the abnormality turned out to be a wriggling, live 8-centimeter light red worm,” he said.  “Even if you take away the yuk factor, this is a new infection never documented before in a human being.” 

The 64-year-old Australian patient had complained of stomach pains, diarrhea and depression.  She was admitted to the hospital in January 2021.  A scan later revealed an abnormality in her brain. 

In June 2022, she underwent a biopsy at Canberra Hospital, and the parasite was found. 

Senanayake warns that the case highlights the increased danger of diseases and infections being passed from animals to people.

“These new infections are appearing and most of them have come from the animal world and entered the human world, and this is another one of them, and just shows as a human population burgeons, we move closer and encroach on animal habitats,” he said. “That domestic, wild animal, wild flora and human interaction is going to lead to more of these novel infections appearing.” 

The research team suspects larvae, or juvenile parasites, were also present in other organs in the woman’s body, including the lungs and liver. 

The research team included scientists and infectious diseases, immunology and neurosurgical doctors from the Australian National University, CSIRO, the national science agency, the University of Melbourne and the University of Sydney.

The patient is reported to be recovering well.

The roundworm is usually found in carpet pythons, which are common in Australia.  It’s thought the non-venomous snake might have shed the parasite via its feces into grass or plants touched by the patient in the Australian state of New South Wales.
…

OpenAI on Monday said it was launching a business version of ChatGPT as its artificial intelligence sensation grapples with declining usership nine months after its historic debut.

ChatGPT Enterprise will offer business customers a premium version of the bot, with “enterprise grade” security and privacy enhancements from previous versions, OpenAI said in a blog post.

The question of data security has become an important one for OpenAI, with major companies, including Apple, Amazon and Samsung, blocking employees from using ChatGPT out of fear that sensitive information will be divulged.

“Today marks another step towards an AI assistant for work that helps with any task, is customized for your organization, and that protects your company data,” OpenAI said.

The ChatGPT business version resembles Bing Chat Enterprise, an offering by Microsoft, which uses the same OpenAI technology through a major partnership.

ChatGPT Enterprise will be powered by GPT-4, OpenAI’s highest performing model, much like ChatGPT Plus, the company’s subscription version for individuals, but business customers will have special perks, including better speed.

“We believe AI can assist and elevate every aspect of our working lives and make teams more creative and productive,” the company said.

It added that companies including Carlyle, The Estée Lauder Companies and PwC were already early adopters of ChatGPT Enterprise.

The release came as ChatGPT is struggling to maintain the excitement that made it the world’s fastest downloaded app in the weeks after its release.

That distinction was taken over last month by Threads, the Twitter rival from Facebook-owner Meta.

According to analytics company Similarweb, ChatGPT traffic dropped by nearly 10% in June and again in July, falls that could be attributed to school summer break, it said.

Similarweb estimates that roughly one-quarter of ChatGPT’s users worldwide fall in the 18- to 24-year-old demographic.

OpenAI is also facing pushback from news publishers and other platforms — including X, formerly known as Twitter, and Reddit — that are now blocking OpenAI web crawlers from mining their data for AI model training.

A pair of studies by pollster Pew Research Center released on Monday also pointed to doubts about AI and ChatGPT in particular.

Two-thirds of the U.S.-based respondents who had heard of ChatGPT say their main concern is that the government will not go far enough in regulating its use.

The research also found that the use of ChatGPT for learning and work tasks has ticked up from 12% of those who had heard of ChatGPT in March to 16% in July.

Pew also reported that 52% of Americans say they feel more concerned than excited about the increased use of artificial intelligence.
…