Original article from LesAffaires (french)

The massive cyber attack that hit businesses Tuesday around the world is similar to that caused in May by the ransomware WannaCry, but appears “more sophisticated,” Europol said Wednesday.

“There are clear resemblances to the WannaCry attack, but it also seems to be an attack with more sophisticated capabilities, to exploit a series of weaknesses,” the head of the WannaCry agency said in a statement. European police force, Rob Wainwright.

On May 12, “Wannacry” had affected hundreds of thousands of computers around the world, paralyzing in particular the British health services and factories of the French car manufacturer Renault.

According to Europol, Tuesday’s attack was caused by an improved version of Petya’s ransomware, which has been in circulation since 2016.

“This shows how cybercrime is evolving and, once again, reminds companies of the importance of taking responsible cybersecurity measures,” Wainwright added.

The new wave of ransomware attacks started on Tuesday in Ukraine and Russia has contaminated thousands of computers worldwide, disrupting critical and multinational infrastructures. The damage was relatively moderate and the threat seemed to be contained on Wednesday.

Loss of confidence in digital?

The multiplication of cyber attacks, similar to the one that affects the world since Tuesday, highlights to the general public the risk inherent in an increasingly connected economy.

“This is going to happen again and again because digital transformation is not taken seriously, which can have an impact on public confidence in digital,” said Dmitry Bagrov, CEO of the US DataArt for the UK.

The global cyber attack on ransomware, started Tuesday in Ukraine and Russia, however seemed contained on Wednesday but recalls the vulnerability of critical infrastructures.

As the economy gets more digitized, the opportunities for attack are increasing for cybercriminals who take advantage of a lack of adaptation of certain companies, to the trouble to harmonize systems from different eras.

At the same time, in the face of rising risk, insurers, such as Axa, are seeing “stronger demands for guarantees from companies and sectors that may have felt less concerned before the recent attacks”.

“If you look at the ransomware WannaCry (which has swept around the world in May, note), it has only concerned 400,000 computers on more than two billion machines, it is a very low percentage, Bringing things to their proper perspective, “says Vincent Maret, partner and cyber security officer for KPMG.

In the opinion of the experts, no company questions its digital transition, since the subject becomes a decisive element of differentiation.

“SMEs have understood the model of digital transformation and the benefits of services available through the cloud. Overall, security is widely assured and the subjects that remain to be dealt with are not of this order “, explains Michaël Bittan, partner and responsible for cyber risk management activities at Deloitte.

Possible financial impact

The actual consequences of this cyberattack are for the time being difficult to estimate. Corporate communications on this subject are carried out with all the more precaution.

FedEX said on Wednesday it did not record any customer data theft during the massive cyber attacks against multinationals, including its European subsidiary TNT Express, but does not exclude financial consequences.

“No breach in the data (of TNT customers) has taken place,” said the US logistics group, which also indicates that no other subsidiaries have been affected by this piracy.

Faced with the continued disruption Wednesday of TNT Express operations, FedEx says it has put in place measures to allow a return to normal as soon as possible.

While customers’ data seems to have been preserved, FedEx does not rule out the fact that this piracy is cutting its profits.

“We can not estimate at this time the financial impact of this disruption of services but there would be a material impact,” warns the company.

We presented a host of survey findings regarding vital internet trends in a previous article. We hope you found it useful!

Yet at our core, we want our readers up-to-date on the latest information regarding vpn use and data security. So, this article assimilates many of the most up-to-date survey findings involving these topics and more.

Data Privacy

2016 is proving to be a watershed year in terms of public focus on data privacy issues. These issues have

Data Privacy vs National Security

In a troubling development for privacy advocates, the majority of Americans thought Apple should have unlocked the San Bernardino terrorist’s iPhone.

This reflects a general trend. Americans are currently worried their government isn’t doing enough on the cyber front to deal with terrorism.

Rising Concerns about Businesses and Data Use

More than 95% of Americans surveyed in a recent poll said they were either somewhat concerned or very concerned about how companies use their data.

Ad Blocking Continues to Grow

Internet giants like Apple and Google contend that they collect customer data to customize ads for their users. However, the data shows internet users are growing so frustrated with ads that they are employing ad blockers in record numbers.

Summary of these Data Privacy Statistics

Taken together, these charts demonstrate the increasing need of both consumers and businesses to focus on cybersecurity even more than they already do.

This focus will be complicated, however, by an increasingly polarized political environment both in the U.S. and around the world.

After all, it’s up to governments to make and enforce data protection laws. At the same time, many of these governments are actively seeking legal means to violate data protection measures.

VPN Use

Of course, VPN use and data privacy have strong correlations. By accessing a separate server for internet use, VPNs make it much more difficult for hackers and/or 3rd parties to track online activities. The following charts examine the current state of VPN use around the globe.

Top Markets for VPN Use

Asia and the Middle East continue to dominate the VPN market.

VPN Use Frequency

The majority of people who employ a VPN do so at least once a week.

Anonymous Browsing

Anonymous browsing is a major reason for VPN use, especially in Saudi Arabia, India, and Vietnam.

Accessing Netflix

Another main driver for VPN use is access to streaming content. For example, almost 30% of all VPN users accessed Netflix in a given month.

Summary of VPN Use Stats

The market for internet privacy continues to grow, led by the same global regions as recent years. In addition, access to streaming content continues to be a major motivator for VPN users, despite the claims of Netflix that they represent a small section of its overall user base.

Cyber Crime

Cyber crimes continue to evolve. As shown in the following charts, the amount of breaches remains high and the challenges for both consumers and businesses to protect against evolving threats are manifold.

Data Breaches

The most recent numbers show a continuing trend of increased data breaches around the world.

Online Privacy Threats

According to the U.S. government, identity theft is the largest cyber crime concern in the U.S.

Cyber Crime and Number of Household Devices

The threat of cyber crimes against individual consumers increases dramatically as the number of household devices rises.

Cyber Crime Fears Create Major Online Behavior Changes

The threat of identity theft and other cyber crimes has caused almost 30% of all U.S. Internet users to avoid conducting financial transactions online at one time or another during 2015.

Cyber Crime Against Businesses and Organizations

For businesses and professional organizations, the threat of cyber crimes far out-distances their preparedness to deal with an attack. In fact, 63% of businesses do not have a fully operable incidence response plan.

The Challenges of Protecting Online Privacy

There are a myriad of reasons why data privacy protection often fails.

The Zero-Day Vulnerability

The threat of zero-day vulnerabilities has grown 125% since 2013. In this type of attack, hackers discover, launch, and exploit an attack on the same day, well ahead of any security measure even detecting a problem.

Ransomeware Continues to Evolve

Recent years have seen a major shift in the way hackers launch ransomeware attacks. In 2008, it was done almost exclusively by misleading apps. In 2015, however, the primary method is crypto-ransomware.

Crypto-ransomware compromises the endpoint through:

– Spam
– Direct download
– Malvertising
– Malware and botnets

Summary of Cyber Crime Stats

With threats such as zero-day vulnerabilities and ransomeware attacks growing more powerful and sophisticated, consumers’ online behaviors will continue to be adversely affected. Additionally, as more households acquire more devices, the risk for successful attacks will increase.

Sources:
https://www.vpnmentor.com/blog/vpn-use-data-privacy-stats
http://www.kpcb.com/internet-trends
https://www.globalwebindex.net/blog
https://www.globalwebindex.net/blog/1-in-5-are-weekly-vpn-users/29-of-vpn-users-accessing-netflix
https://www.globalwebindex.net/blog/1-in-5-are-weekly-vpn-users
https://www.globalwebindex.net/blog/topic/vpn
https://www.globalwebindex.net/blog/15-for-15-generation-v
https://pagefair.com/blog/2015/ad-blocking-report/
http://www.druva.com/blog/the-state-of-data-privacy-in-2015-infographic/
http://www.pwc.com/gx/en/services/advisory/consulting/forensics/economic-crime-survey/cybercrime.html
http://www.pewresearch.org/fact-tank/2016/02/19/americans-feel-the-tensions-between-privacy-and-security-concerns/
http://www.people-press.org/2016/02/22/more-support-for-justice-department-than-for-apple-in-dispute-over-unlocking-iphone/
https://www.ntia.doc.gov/blog/2016/lack-trust-internet-privacy-and-security-may-deter-economic-and-other-online-activities
https://www.symantec.com/security-center/threat-report

A ransomware alert has been issued by the US and Canada to ensure that individuals and organizations are aware of the threat posed by this type of malicious software.

The alert, from the Department of Homeland Security (DHS) and the Canadian Cyber Incident Response Centre (CCIRC), comes on the back of what seems to be a proliferation of ransomware attacks.

They said that it is now apparent to cybercriminals that this particular approach is remarkably “profitable”, resulting in not only a general increase in the number of attacks, but also in the number of ransomware variants.

“In 2013, more destructive and lucrative ransomware variants were introduced, including Xorist, CryptorBit, and CryptoLocker,” the official statement highlighted.

“Some variants encrypt not just the files on the infected device, but also the contents of shared or networked drives.

“These variants are considered destructive because they encrypt users’ and organizations’ files, and render them useless until criminals receive a ransom.”

Both security organizations drew attention to Locky – recently analyzed by ESET’s Diego Perez – which has been especially prolific as of late.

This variant, described as “destructive”, is delivered through spam emails, which include corrupted Microsoft Office documents (as an attachment).

Once downloaded, the trojan gets to work, encrypting files without the victim at first being aware. It is only when they receive a demand for a ransom that they realise what has happened.

“Infections can be devastating to an individual or organization, and recovery can be a difficult process that may require the services of a reputable data recovery specialist,” stated the DHS and CCIRC in their alert.

In spite of this, their advice is to never pay, something that WeLiveSecurity’s editor in chief, Raphael Labaca Castro, has previously noted.

Speaking last year, the information security expert explained that in doing so, you are, in effect, “supporting cybercrime activities”. Additionally, there is no guarantee that files or devices will be decrypted.

“Remember, this is not a service, they are cybercriminals,” he went on to say. “[And] even if you pay, you are not going to be ‘whitelisted’ so you could get infected again so it’s not a real solution for the future either.

“Prevention is the most important tool against Ransomware, since the infection can be usually cleaned afterwards but not always the information restored.”

A former Metro Vancouver resident has pleaded guilty in California to hacking into the computer networks of major U.S. defence contractors and sending stolen military data to China.

Chinese citizen Su Bin, who is also known as Stephen Su and Stephen Subin, was arrested on the U.S. charges in Richmond two years ago and launched an unsuccessful B.C. Supreme Court battle against his extradition.

U.S. officials announced Wednesday that Bin, 50, appeared in a Los Angeles courtroom after a plea agreement had been reached.

When he is sentenced in July, he could face five years in prison and a $250,000 U.S. fine.

In the agreement, Bin admitted to conspiring with two people in China from October 2008 to March 2014 to gain unauthorized access to protected computer networks in the U.S., including computers belonging to the Boeing Company in Orange County, California.

Bin was able “to obtain sensitive military information and to export that information illegally from the United States to China,” the agreement states.

Some of the stolen information related to military technical data, including data relating to the C-17 strategic transport aircraft and certain fighter jets produced for the U.S. military.

“Protecting our national security is the highest priority of the U.S. Attorney’s Office, and cybercrime represents one of the most serious threats to our national security,” U.S. Attorney Eileen Decker said after Bin’s plea. “The innovative and tireless work of the prosecutors and investigators in this case is a testament to our collective commitment to protecting our nation’s security from all threats.”

She said the guilty plea demonstrates “that these criminals can be held accountable no matter where they are located in the world and that we are deeply committed to protecting our sensitive data in order to keep our nation safe.”

Bin admitted that he would email his co-conspirators with targets he wanted them to hack. The China-based hackers then sent him detailed file listings they had accessed during the hacks so Bin could pick which files and folders he wanted stolen.

Once Bin had the stolen files, he translated some of them into Chinese.

U.S. authorities said that Bin and his accomplices also wrote reports about “the information and technology they had acquired by their hacking activities, including its value, to the final beneficiaries of their hacking activities.”

Bin’s plea agreement says that he and partners “intentionally stole included data listed on the United States Munitions List contained in the International Traffic in Arms Regulations.”

And Bin also admitted that he engaged in the crime for money and specifically sought to profit from selling the data the he and his conspirators illegally acquired.

Assistant Attorney General John Carlin said Bin “admitted to playing an important role in a conspiracy, originating in China, to illegally access sensitive military data, including data relating to military aircraft that are indispensable in keeping our military personnel safe.”

He said his division “remains sharply focused on disrupting cyber threats to the national security, and we will continue to be relentless in our pursuit of those who seek to undermine our security.”

Bin is the owner and manager of Lode-Tech, a Chinese-based company focused on aviation technology with an office in Canada.

At the time of his arrest in June 2014, Bin had permanent resident’s status in Canada. He told a B.C. judge that he owned a Vancouver home then worth $1.8 million and said both his children were born in Canada.

Throughout his court appearances in B.C., his wife and Chinese government officials sat in the public gallery.

On March 11, 2013, Thomas Donilon, President Obama’s national-security adviser, gave a speech at the Asia Society on Manhattan’s Upper East Side. Much of it was boilerplate: a recitation of the administration’s policy of “rebalancing its global posture” away from the battles of the Middle East and toward the “dynamic” region of Asia-Pacific as a force for growth and prosperity.

But about two-thirds of the way through the speech, Donilon broke new diplomatic ground. After listing a couple of “challenges” facing U.S.-China relations, he said, “Another such issue is cybersecurity,” adding that Chinese aggression in this realm had “moved to the forefront of our agenda.”

American corporations, he went on, were increasingly concerned “about sophisticated, targeted theft of confidential business information and proprietary technologies through cyber-intrusions emanating from China on an unprecedented scale.”

Then Donilon raised the stakes higher. “From the president on down,” he said, “this has become a key point of concern and discussion with China at all levels of our governments. And it will continue to be. The United States will do all it must to protect our national networks, critical infrastructure, and our valuable public and private-sector property.”

The Obama administration, he said, wanted Beijing to do two things: first, to recognize “the urgency and scope of this problem and the risk it poses—to international trade, to the reputation of Chinese industry, and to our overall relations”; second, to “take serious steps to investigate and put a stop to these activities.”

The first demand was a borderline threat: Change your ways or risk a rupture of our relations. The second was an attempt to give Chinese leaders a face-saving way out, an opportunity for them to blame the hacking on hooligans and “take serious steps” to halt it.

In fact, Donilon and every other official with a high-level security clearance knew that the culprit  in these intrusions was no gang of freelance hackers, but rather the Chinese  government itself—specifically, the Second Bureau of the Third Department of the People’s Liberation Army’s General  Staff, also known as PLA Unit 61398, which was headquartered in a white, 12-story office building on the outskirts of Shanghai.

Since the start of his presidency, Obama had raised the issue repeatedly but quietly—in part to protect intelligence sources and methods, in part because he wanted to improve relations with China and figured a confrontation over cyber theft would impede those efforts. His diplomats brought it up, as a side issue, at every one of their annual Asian-American “strategic and economic dialogue” sessions. On none of those occasions did the Chinese delegates bite. To the extent they replied at all, they agreed that the international community must put a stop to this banditry; if an American diplomat brought up China’s own involvement in hacking, they waved off the accusation.

On February 18, a few weeks before Donilon’s speech, Mandiant, a leading computer-security firm with headquarters in Alexandria, Virginia, published a 60-page report identifying PLA Unit 61398 as one of the world’s most prodigious cyber hackers. Over the previous seven years, the report stated, the Shanghai hackers had been responsible for at least 141 successful cyber intrusions in 20 major industrial sectors, including defense contractors, waterworks, oil and gas pipelines, and other critical infrastructures. On average, these hackers lingered inside a targeted network for a full year—in one case, for four years and 10 months— before they were detected. During one particularly unimpeded operation, they filched 6.5 terabytes of data from a single company in a 10-month period. The company also shared an advance copy of the report with The New York Times, which ran a long front-page story summarizing its contents.

China’s foreign affairs ministry denounced the allegation as “irresponsible,”  “unprofessional,” and “not helpful for the resolution of the relevant problem,”  adding, in the brisk denial that its officials had always recited in meetings with American diplomats, “China resolutely opposes hacking actions.”

In fact, however, the Chinese had been hacking, with growing profligacy, for more than a decade. A senior U.S. intelligence official had once muttered at an NSC meeting that at least the Russians tried to keep their cyber activity secret; the Chinese just did it everywhere, out in the open, as if they didn’t care whether anyone noticed.

As early as 2001, in an operation that American intelligence agencies dubbed Titan Rain, China’s cyber-warriors hacked into the networks of several Western military commands, government agencies, defense corporations, and research labs, using techniques reminiscent of the Russians’ Moonlight Maze operation.

Around the same time, the Third Department of the PLA’s General Staff, which later created Unit 61398, adopted a new doctrine that it called “information confrontation.” Departments of “information-security research” were set up in more than 50 Chinese universities. By the end of the decade, the Chinese army had begun extensively training its soldiers in hacking techniques; one training scenario had the PLA hacking into U.S. Navy and Air Force command-control networks in an attempt to impede their response to an occupation of Taiwan. The United States military had been conducting similar exercises for years, under the rubric ‘Information Warfare.’ The Chinese were now following suit.

By 2006, various cyber bureaus of the Chinese military were hacking into a vast range of enterprises worldwide. The campaign began with a series of raids on defense contractors, notably a massive hack of Lockheed Martin, where China stole tens of millions of documents on the company’s F-35 Joint Strike Fighter aircraft. None of the files were classified, but they contained data and blueprints on cockpit design, maintenance procedures, stealth technology, and other matters that could help the Chinese counter the plane in battle or build their own F-35 knockoff (which they eventually did).

Colonel Gregory Rattray, a group commander in the Air Force Information Warfare Center (which had recently changed its name to the Air Force Information Operations Center), was particularly disturbed—not only by the scale of China’s cyber-raids, but also by the passivity of American corporations. Rattray was an old hand in the field: He had written his doctoral dissertation on information warfare at the Fletcher School of Law and Diplomacy, worked on Richard Clarke’s staff in the early years of George W. Bush’s presidency, then, after Clarke  resigned, stayed on as the White House director of cybersecurity.

In April 2007, Rattray summoned several executives from the largest U.S. defense contractors  and informed them that they were living in a new  world. The intelligence estimates that pinned the cyber attacks on China were highly classified, so for one of his briefing slides, Rattray coined a term to describe the  hacker’s actions: “APT,” for  advanced persistent  threat. (The term caught on; six years later, Kevin Mandia, the CEO of Mandiant, titled his report APT1.)

The typical Chinese hack started off with a spear-phishing email to the target company’s employees. If just one employee clicked the email’s attachment, the computer would download a webpage crammed with malware, including a “Remote Access Trojan,” known in the trade as a RAT. The RAT opened a door, allowing the intruder to roam the network, acquire the privileges of a systems administrator, and extract all the data he wanted.

They did this with economic enterprises of all kinds: banks, oil and gas pipelines, waterworks, health-care data managers—sometimes to steal secrets, sometimes to steal money, sometimes  for motives that couldn’t be ascertained.

McAfee, the anti-virus firm that discovered and tracked the Chinese hacking operation, called it Operation Shady RAT. Over a five-year period ending in 2011, when McAfee briefed the White House and Congress on its findings, Shady RAT stole data from more than 70 entities—government agencies and private firms—in 14 countries. The affected nations included the United States, Canada, several nations in Europe, and more in Asia, including many targets in Taiwan—but, tellingly, none in the People’s Republic of China.

President Obama didn’t need McAfee to tell him about China’s cyber spree; his intelligence agencies were filing similar reports. But the fact that a commercial anti-virus firm had tracked so much of the hacking, and released such a detailed report, made it hard to keep the issue locked up in the closet of diplomatic summits. The companies that were hacked would also have preferred to stay mum—no point upsetting customers  and stockholders—but the word soon spread, and they reacted by pressuring the White House to do something. Largely because, after all these decades of analyses and warnings, many of them still didn’t know what to do themselves.

This was the setting that forced Obama’s hand. After another Asia security summit, where his diplomats once again raised the issue and the Chinese once again denied involvement, he told Donilon to deliver a speech that brought the issue out in the open. The Mandiant report—which had been published three weeks earlier—upped the pressure and accelerated the timetable, but the dynamics were already in motion.

One passage in Donilon’s speech worried some mid-level officials, especially in the Pentagon. Characterizing cyber offensive raids as a violation of universal principles, even as something close to a cause for war, Donilon declared, “The  international community cannot afford to tolerate any such activity from any country.”

The Pentagon officials scratched their heads: “any such activity from  any country?” The United States engaged in this activity, too, and everyone knew it.

The targets were different, though: American intelligence agencies weren’t stealing foreign companies’ trade secrets or blueprints, much less their cash. In NSC meetings on the topic, White House aides argued that this distinction was important: Espionage for national security was an ancient, acceptable practice, but if the Chinese wanted to join the international economy, they had to respect the rights  of property, including  intellectual property.

But other officials at these meetings wondered if there really was a difference. The NSA was hacking into Chinese networks to help defeat them in a war; China was hacking into American networks mainly to help enrich its economy. What made one form of hacking permissible and the other form intolerable?

Even if the White House aides had a point (and the Pentagon officials granted that they did), wasn’t the administration flirting with danger by going public with this criticism? Wouldn’t it be too easy for the Chinese to release their own records, revealing that the U.S. was hacking them, too, and thus accuse the Americans of hypocrisy? Part of what the U.S. was doing was defensive: penetrating Chinese networks in order to follow the Chinese hacking into U.S. systems. On a few occasions, the manufacturing secrets that the Chinese stole weren’t real secrets at all; they were phony blueprints that the NSA had planted on certain sites.

But, to some extent, these cyber operations were offensive in nature: The United States was penetrating Chinese networks to prepare for battle, to exploit weaknesses and exert leverage, just as the Chinese were doing—just as every major power had always done in various realms of warfare.

In May, Donilon flew to Beijing to make arrangements for a summit between President Obama and his Chinese counterpart, Xi Jinping. Donilon made it clear that cyber would be on the agenda and that, if necessary, Obama would let Xi in on just how much U.S. intelligence knew about Chinese practices. The summit was scheduled to take place in Rancho Mirage, California, at the estate of the late media tycoon Walter Annenberg, on Friday and Saturday, June 7 and 8, 2013.

On June 6, The Washington Post and The Guardian reported, in huge front-page stories, that in a highly classified program known as PRISM, the NSA and Britain’s GCHQ had long been mining data from nine Internet companies, usually under secret court orders—and that, through this and other programs, the NSA was collecting telephone records of millions of American citizens. These were the first of many stories, published over the next several months by the Guardian, thePost, Der Spiegel, and eventually others, based on a massive trove of beyond-top-secret documents that the NSA systems administrator Edward Snowden had swiped off his computer.

The timing of the leak, coming on the eve of the Obama-Xi summit, was almost certainly happenstance—Snowden had been in touch with the reporters for months—but the effect was devastating. Obama brought up Chinese cyber theft; Xi took out a copy of the Guardian. From that point on, the Chinese retort to all American accusations on the subject shifted from “We don’t do hacking” to “You do it a lot more than we do.”

Hackers using tactics and tools previously associated with Chinese government-supported computer network intrusions have joined the booming cyber crime industry of ransomware, four security firms that investigated attacks on U.S. companies said.

Ransomware, which involves encrypting a target’s computer files and then demanding payment to unlock them, has generally been considered the domain of run-of-the-mill cyber criminals.

But executives of the security firms have seen a level of sophistication in at least a half dozen cases over the last three months akin to those used in state-sponsored attacks, including techniques to gain entry and move around the networks, as well as the software used to manage intrusions.

“It is obviously a group of skilled of operators that have some amount of experience conducting intrusions,” said Phil Burdette, who heads an incident response team at Dell SecureWorks.

Burdette said his team was called in on three cases in as many months where hackers spread ransomware after exploiting known vulnerabilities in application servers. From there, the hackers tricked more than 100 computers in each of the companies into installing the malicious programs.

The victims included a transportation company and a technology firm that had 30 percent of its machines captured.

Security firms Attack Research, InGuardians and G-C Partners, said they had separately investigated three other similar ransomware attacks since December.

Although they cannot be positive, the companies concluded that all were the work of a known advanced threat group from China, Attack Research Chief Executive Val Smith told Reuters.

The ransomware attacks have not previously been reported. None of the companies that were victims of the hackers agreed to be identified publicly.

Asked about the allegations, China’s Foreign Ministry said on Tuesday that if they were made with a “serious attitude” and reliable proof, China would treat the matter seriously.

But ministry spokesman Lu Kang said China did not have time to respond to what he called “rumors and speculation” about the country’s online activities.

The security companies investigating the advanced ransomware intrusions have various theories about what is behind them, but they do not have proof and they have not come to any firm conclusions.

Most of the theories flow from the possibility that the Chinese government has reduced its support for economic espionage, which it pledged to oppose in an agreement with the United States late last year. Some U.S. companies have reported a decline in Chinese hacking since the agreement.

Smith said some government hackers or contractors could be out of work or with reduced work and looking to supplement their income via ransomware.

It is also possible, Burdette said, that companies which had been penetrated for trade secrets or other reasons in the past were now being abandoned as China backs away, and that spies or their associates were taking as much as they could on the way out. In one of Dell’s cases, the means of access by the team spreading ransomware was established in 2013.

The cyber security experts could not completely rule out more prosaic explanations, such as the possibility that ordinary criminals had improved their skills and bought tools previously used only by governments.

Dell said that some of the malicious software had been associated by other security firms with a group dubbed Codoso, which has a record of years of attacks of interest to the Chinese government, including those on U.S. defense companies and sites that draw Chinese minorities.

PAYMENT IN BITCOIN

Ransomware has been around for years, spread by some of the same people that previously installed fake antivirus programs on home computers and badgered the victims into paying to remove imaginary threats.

In the past two years, better encryption techniques have often made it impossible for victims to regain access to their files without cooperation from the hackers. Many ransomware payments are made in the virtual currency Bitcoin and remain secret, but institutions including a Los Angeles hospital have gone public about ransomware attacks.

Ransomware operators generally set modest prices that many victims are willing to pay, and they usually do decrypt the files, which ensures that victims will post positively online about the transaction, making the next victims who research their predicament more willing to pay.

Security software companies have warned that because the aggregate payoffs for ransomware gangs are increasing, more criminals will shift to it from credit card theft and other complicated scams.

The involvement of more sophisticated hackers also promises to intensify the threat.

InGuardians CEO Jimmy Alderson said one of the cases his company investigated appeared to have been launched with online credentials stolen six months earlier in a suspected espionage hack of the sort typically called an Advanced Persistent Threat, or APT.

“The tactics of getting access to these networks are APT tactics, but instead of going further in to sit and listen stealthily, they are used for smash-and-grab,” Alderson said.

(Reporting by Joseph Menn in San Francisco; Additional reporting by Megha Rajagopalan in BEIJING; Editing by Jonathan Weber and Clarence Fernandez)

Superfast quantum computers could transform the world of finance, advocates say.

In a world where how fast you can assimilate and analyse data, then act on it, makes the difference between profit and loss, computing speed is key.

This is why banks, insurance firms and hedge funds invest millions on technology to give them an edge when trading and to offset human error.

Quantum computers, that owe more to quantum mechanics than electronics, promise to be exponentially more powerful than traditional computers, holding out the tantalising prospect of near-perfect trading strategies and highly accurate forecasting and risk assessments.

“Financial services is a data-rich environment,” says Kevin Hanley, director of design at the Royal Bank of Scotland (RBS). “Time is money and the ability to process data fast could have a huge potential benefit for our customers.”

---

Quantum computing in a nutshell

Classical computing relies on binary digits or bits – ones and zeros representing on/off, true/false states.

Quantum computing, on the other hand, features qubits, which can be both 0 or 1 at the same time – a state known as superposition. It all goes back to Schrodinger’s cat, but that’s another story….

Subatomic particles such as electrons, photons or ions can be made to behave in this mysterious way.

And because of this flexibility, qubits can do a lot more – a quantum computer could theoretically carry out trillions of calculations per second.

But these computers aren’t easy to build or operate. Quantum processors from one of the leading manufacturers in this field – D-Wave – need to be cooled to just above absolute zero (-273.15C). They also need to be free from any electromagnetic interference.

This makes them bulky and costly; D-Wave’s computers cost about $10m-15m.

Ironically they’re also a bit limited in the kinds of calculations they can currently do, and many observers are still sceptical about how fast they really are.

So it’s fair to say we’re still at the very early stages of quantum computing.

---

Goldman Sachs, RBS, Guggenheim Partners and Commonwealth Bank of Australia have all invested in quantum computing, with the aim of stealing a march on their competitors.

“This is interesting to the financial world because if you can find an algorithmic advantage to solve a problem, that can give you a great competitive advantage,” says Colin Williams, director of business development for D-Wave.

Google, Nasa, Lockheed Martin, the US Department of Energy and the University of Southern California have all used D-Wave’s systems so far.

Other tech companies, such as Cambridge Quantum Computing, QxBranch andRigetti, are also rushing to develop the hardware and software needed to make quantum computing a reality.

Longer-term visibility

Quantum computers could solve problems in a day that would take classical computers thousands of years to solve.

So in the world of investment, they could consider millions of different global investment scenarios and calculate which ones have the best chance of success over the long-term.

“We can build an optimal portfolio today, but tomorrow it won’t be optimal and needs to be rebalanced, which is expensive,” says Marcos Lopez de Prado, a senior managing director at Guggenheim Partners.

Quantum computers could, in theory, give investment firms much better visibility over the longer-term to make more accurate predictions and reduce this need to tinker with their portfolios, saving costs and possibly boosting profits.

“If you can predict the US dollar/Swiss franc exchange rate a tenth of a cent more reliably, then the value isn’t in the computer, it’s in the cost saving,” says Mr Williams.

Better forecasting could also reduce the prevalence of high-frequency trading, which has been accused of creating market volatility.

High-frequency traders have also been blamed for raising the costs of trading for ordinary investors by swooping into purchases nanoseconds before an interested party and reselling the stocks at a higher price.

Not so fast

So how soon will quantum computers be readily available?

D-Wave’s Mr Williams reckons businesses will have access to quantum computing functionality by 2018, whereas RBS’s Mr Hanley thinks it will be “five to 10 years before quantum computing comes of age”.

But this isn’t stopping financial institutions getting excited.

Blu Putnam, chief economist for the CME group – a US-based derivatives market – says quantum computing has led to a “mind-set change” where financial services “now seek out the nearly impossible to solve problems” in asset and risk management.

Before then, there is a lot of preparation to do.

Quantum computers can’t be interrogated in the same way as traditional computers. The algorithms – sets of complex mathematical rules – used for classical computing need to be reworked to fit into the quantum system.

And finding and training computer scientists to understand and use these systems effectively is another big challenge for the financial services industry.

But Mr Hanley says: “Rather than observe these changes from a distance or be last in the queue, I’d rather be at the front and have a seat at the board.”

Cracking the code

Quantum computing may offer potential benefits to the financial services industry, but it also poses risks.

Banks rely on encryption to keep their transactions and customer data secure. This involves scrambling and unscrambling data using keys made of very large numbers – tens, if not hundreds, of digits long.

A hacker would have to find the right key by trial and error and test it in order to unlock the data – a process that could take hundreds of years even with the most powerful of today’s supercomputers.

But quantum computers could crack the code with relative ease, potentially undermining the security of the entire global financial services industry.

Such a possibility leads Mr Lopez de Prado to fear that governments might outlaw quantum computers entirely.

“Governments could say they should be banned because otherwise there would be no secrets, but they can’t be un-invented.

“We need a new mathematical breakthrough that creates an unbreakable encryption,” he says.

Cryptographers are busy working on new algorithms to block attacks from future quantum computers and many believe this will be possible.

But the industry needs this breakthrough fast. The processing power of quantum computing is growing with each generation.