Connect with us

Tech

An ambitious plan to tackle ransomware faces long odds

Published

on

An ambitious plan to tackle ransomware faces long odds

Miragec | Getty Images

Schools, hospitals, the City of Atlanta. Garmin, Acer, the Washington, DC, police. At this point no one is safe from the scourge of ransomware. Over the past few years, skyrocketing ransom demands and indiscriminate targeting have escalated, with no relief in sight. Today a recently formed public-private partnership is taking the first steps toward a coordinated response.

The comprehensive framework, overseen by the Institute for Security and Technology’s Ransomware Task Force, proposes a more aggressive public-private response to ransomware, rather than the historically piecemeal approach. Launched in December, the task force counts Amazon Web Services, Cisco, and Microsoft among its members, along with the Federal Bureau of Investigation, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, and the United Kingdom National Crime agency. Drawing from the recommendations of cybersecurity firms, incident responders, nonprofits, government agencies, and academics, the report calls on the public and private sector to improve defenses, develop response plans, strengthen and expand international law enforcement collaboration, and regulate cryptocurrencies.

wired logo

Specifics will matter, though, as will the level of buy-in from government bodies that can actually effect change. The US Department of Justice recently formed a ransomware-specific task force, and the Department of Homeland Security announced in February that it would expand its efforts to combat ransomware. But those agencies don’t make policy, and the United States has struggled in recent years to produce a truly coordinated response to ransomware.

“We need to start treating these issues as core national security and economic security issues, and not as little boutique issues,” says Chris Painter, a former Justice Department and White House cybersecurity official who contributed to the report as president of the Global Forum on Cyber Expertise Foundation. “I’m hopeful that we’re getting there, but it’s always been an uphill battle for us in the cyber realm trying to get people’s attention for these really big issues.”

Thursday’s report extensively maps the threat posed by ransomware actors and actions that could minimize the threat. Law enforcement faces an array of jurisdictional issues in tracking ransomware gangs; the framework discusses how the US could broker diplomatic relationships to involve more countries in ransomware response, and attempt to engage those that have historically acted as safe havens for ransomware groups.

“If we’re going after the countries that are not just turning a blind eye, but are actively endorsing this, it’ll pay dividends in addressing cybercrime far beyond ransomware,” Painter says. He admits that it won’t be easy, though. “Russia is always a tough one,” he says.

Some researchers are cautiously optimistic that if enacted the recommendations really could lead to increased collaboration between public and private organizations. “Larger task forces can be effective,” says Crane Hassold, senior director of threat research at the email security firm Agari. “The benefit of bringing the private sector into a task force is that we generally have a better understanding of the scale of the problem, because we see so much more of it every day. Meanwhile, the public sector is better at being able to take down smaller components of the cyberattack chain in a more surgical manner.”

The question, though, is whether the IST Ransomware Task Force and new US federal government organizations can translate the new framework into action. The report recommends the creation of an interagency working group led by the National Security Council, an internal US government joint ransomware task force, and an industry-led ransomware threat hub all overseen and coordinated by the White House.

“This really requires very decisive action at multiple levels,” says Brett Callow, a threat analyst at the antivirus firm Emsisoft. “Meanwhile frameworks are all well and good, but getting organizations to implement them is an entirely different matter. There are lots of areas where improvements can be made, but they are not going to be overnight fixes. It’ll be a long, hard haul.”

Callow argues that strict prohibitions on ransomware payments could be the closest thing to a panacea. If ransomware actors couldn’t make money off of the attacks, there would be no incentive to continue.

That solution, though, comes with years of baggage, especially given that critical organizations like hospitals and local governments may want the option of paying if dragging out an incident could disrupt basic services or even endanger human life. The framework stops short of taking a stand on the question of whether targets should be allowed to pay, but it advocates expanding resources so victims have alternatives.

While a framework offers a potential path forward, it does little to help with the urgency felt by ransomware victims today. Earlier this week, the ransomware gang Babuk threatened to leak 250 gigabytes of data stolen from the Washington Metropolitan Police Department—including information that could endanger police informants. No amount of recommendations will defuse that situation or the countless others that play out daily around the world.

Still, an ambitious, long-odds proposal is better than none at all. And the incentive to address the ransomware mess will only become greater with each new hack.

This story originally appeared on wired.com.

Continue Reading
Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Tech

Former Blizzard and Epic veterans raise $5M for Lightforge Games

Published

on

Former Blizzard and Epic veterans raise $5M for Lightforge Games

Join Transform 2021 this July 12-16. Register for the AI event of the year.


When game companies become successful, they tend to breed offspring. That’s the case with veterans of Blizzard Entertainment and Epic Games, who have raised $5 million to open a new studio called Lightforge Games.

The new studio is based near Epic Games in Raleigh, North Carolina, and its quest is to change how role-playing games are made. The team is developing a new cross-platform, social video game where players have the power to create worlds and tell stories with freedom.

CEO Matt Schembari said in an interview with GamesBeat that the company is hiring people for remote jobs.

“Our blended DNA from both Blizzard and Epic extends to the entire studio at this point,” Schembari said. “About a year ago, a bunch of us got together and have been operating quietly, building up the company and our early game prototypes. We’re testing and validating crazy game ideas that we have been coming up with.”

While he isn’t talking about the game yet, Schembari said the game will be highly social and creative and it will run across multiple platforms.

“We love experiences where players can come together and build worlds together, create stories together, tell stories together, where they’re able to have this kind of emergent gameplay. Telling stories together is really the part that we’re most focused on,” he said. “We really believe that there’s no barrier between creation and play. It’s not user-generated content in the classic sense of you create something and then you publish it and people can download it. It’s a different kind of model than just UGC.”

The funding came from Galaxy Interactive, NetEase Games, Dreamhaven, Maveron, 1UP Ventures, and angel investors from the gaming and tech industries.

One of the surprises is that Dreamhaven is another game startup itself, started by former Blizzard president Mike Morhaime and Amy Morhaime. In a statement, Mike Morhaime said that Lightforge is creating a game in a space with a lot of potential and he is excited about the team’s vision.

Above: Lightforge’s team

Image Credit: Lightforge

Schembari has 20 years of experience and he shipped games played by millions as former lead engineer at Blizzard and director of user interface at Epic Games, where he led the Fortnite platform team.

Other founders include Dan Hertzka, Nathan Fairbanks, Glenn Rane, and Marc Hutcheson. Hertzka is engineering director and he led a team at Fortnite that added the client social layer to the battle royale game. Fairbanks has been games for 13 years and has worked on titles such as Fortnite, Star Wars: The Old Republic, and Elder Scrolls Online. He is serving as studio director. Rane is art director and he has worked on World of Warcraft, Hearthstone, and Diablo Immortal. Hutcheson is product director and he has 18 years of experience in marketing and publishing games such as World of Warcraft, StarCraft II, Overwatch, Diablo III, Fortnite, and Hearthstone.

Lightforge has a total of 11 people and is on the verge of hiring three more. The team brings decades of experience from Epic, Blizzard, Riot, Bioware, and Zenimax Online and have shipped top games such as Fortnite, World of Warcraft, Diablo 3, Star Wars: The Old Republic, Hearthstone, the StarCraft 2 trilogy, Overwatch, Elder Scrolls Online, and more.

Lightforge is an all-remote studio where employees can work and live nearly anywhere. Schembari said that his startup received multiple offers and went with Galaxy Interactive as the lead investor because of their understanding about games and online communities.

“We are all remote and have been since the very beginning and this is something that was really important to us,” Schembari said. “One of our values is to really think about embracing empathy with everything we do. And, in particular, in the case of being all remote. We’ve all lived the experience that one of the most disruptive things you can do to someone’s life is to ask them to relocate for a job. And that was something that we really just strongly didn’t want to do. We are now at a point both technologically and culturally where you can totally work remotely.”

GamesBeat

GamesBeat’s creed when covering the game industry is “where passion meets business.” What does this mean? We want to tell you how the news matters to you — not just as a decision-maker at a game studio, but also as a fan of games. Whether you read our articles, listen to our podcasts, or watch our videos, GamesBeat will help you learn about the industry and enjoy engaging with it.

How will you do that? Membership includes access to:

  • Newsletters, such as DeanBeat
  • The wonderful, educational, and fun speakers at our events
  • Networking opportunities
  • Special members-only interviews, chats, and “open office” events with GamesBeat staff
  • Chatting with community members, GamesBeat staff, and other guests in our Discord
  • And maybe even a fun prize or two
  • Introductions to like-minded parties

Become a member

Continue Reading

Tech

Amazon’s SaaS Boost tool addresses dev challenges

Published

on

AWS SaaS Boost

Join Transform 2021 this July 12-16. Register for the AI event of the year.


Amazon today open-sourced Amazon Web Services (AWS) SaaS Boost, an open source tool that helps software developers migrate their existing solutions to software-as-a-service (SaaS) delivery models. Amazon says that SaaS Boost — which launched in preview at AWS Re:Invent 2020 — has the potential to offload development efforts by supporting app transformations to SaaS, freeing up developers to focus on other aspects.

SaaS apps are constantly evolving. Many of them use industry-standard protocols and interface with other products, but they all need certain foundational capabilities to onboard users, provision infrastructure, and surface key metrics. These functions are critical for enabling SaaS providers to scale. However, if every company invested in building these capabilities, it’d take resources — slowing down the time to market.

To address this challenge, AWS SaaS Boost provides functionality including tenant isolation, data partitioning, monitoring, metering, and billing. According to Amazon, the focus is on creating an environment that brings together all the elements of a ready-to-use SaaS architecture, removing much of the heavy lifting commonly associated with migrating a solution to a SaaS model.

Unifying data across disparate sources is one key feature in AWS SaaS Boost. Between 60% and 73% of all data within corporations is never analyzed for insights or larger trends, a Forrester survey found. The opportunity cost of this unused data is substantial, with a Veritas report pegging it at $3.3 trillion by 2020. That’s perhaps why organizations have taken an interest in technologies like AWS SaaS Boost that help to ingest, understand, organize, share, and act on data from multiple environments.

Data challenges

According to Gartner, creating a‌n architecture‌ ‌that helps‌ ‌operationalize data‌ ‌pipelines‌ ‌is one‌ ‌of‌ ‌the‌ ‌major‌ ‌trends‌ ‌for‌ ‌2021. Organizations want to make better use of their data, but most lack a mature strategy. Indeed, surveys show that data’s business impact is limited by challenges in lifecycle management.

Recognizing this, Amazon designed AWS SaaS Boost to be adaptable to the needs of individual projects and organizations. The management and core services of SaaS Boost were built using a serverless application model, with a dashboard where users can configure the ports, domains, compute settings, databases, file systems, and billing options unique to their apps.

New tenants are introduced to the AWS SaaS Boost environment through an onboarding process that collects a tenant’s configuration options and launches an automation. From there, AWS SaaS Boost provisions tenants with separate subdomains that are used to route them to their architectures. The specific resources that apps will need are set up automatically, so that when new versions of the apps are uploaded, SaaS Boost can deploy the updates to all tenants.

Above: A portion of the SaaS Boost onboarding process.

Image Credit: Amazon

On the analytics side, SaaS Boost includes a collection of tenant-focused graphs that can be used to analyze trends. Beyond this, the tool enables integration with preprovisioned infrastructure that can aggregate and surface custom metrics views.

In a blog post, AWS worldwide partner solution architecture Adrian De Luca said that the goal is to “build a vibrant community of developers using AWS SaaS Boost” for production workloads. “We’d like to [encourage] contributors [to donate] code to enhance and optimize … features. As the project matures, we plan to invite other maintainers to take active roles in determining the project’s direction,” he wrote. “Throughout the preview period with developers all over the world, we received interest from large industry-leading software companies who want to offer their traditional products in an easier way, startups who want to build new products with it, and systems integrators modernizing enterprise software on behalf of customers.”

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Continue Reading

Tech

Hidden Leaf Games raises $3.2 million on a MOBA gambit called Fangs

Published

on

Hidden Leaf Games is making a 3v3 MOBA.

Hidden Leaf Games is making a three-vs.-three multiplayer online battle arena (MOBA) game called Fangs. They have raised $3.2 million.Read More3P8UNcLPZCo

Continue Reading

Trending