Connect with us

Technology

Stuxnet: a New Era in Global Security

Published

on

Stuxnet was a malware which affected an Iranian nuclear facility (along with couple of other industrial sites across the world). It was found in 2010 but it took quite a while to actually discover it. What is particular about it is the fact that it crossed the line between cyber and physical domain, showing that it was possible to use a code to damage a critical infrastructure.  Before it, a general debate in national / global security on how a critical infrastructure can be targeted and damaged through the information system has only been theoretical.  After Stuxnet it was evident that cyberspace could be exploited and used to launch cyberattacks in order to cause physical damage. So what actually happened?

On June 17, 2010 Sergey Ulazin from a small security company in Belarus received a help-request for technical support from a customer in Iran. Arbitrary BSODs (a stop error after a system crash) and computer reboots were reported. After careful examination and a regular check for system malfunction, it was discovered that a malware infection was probably involved (The Man Who Found Stuxnet – Sergey Ulasen in the Spotlight). Having a stealthy nature and strange payload, it was later named Stuxnet, according to the file-name found in the code. A computer worm infected at least 14 industrial sites in Iran along with the uranium-enrichment plant in Natanz.

It carried genuine digital certificates (they guarantee that you can trust a file) from recognized companies, and it was well-developed and direct. The malware was able to determine the target it was looking for. In case, it was not, it did nothing and moved on to another system. This “fingerprinting of the control systems” proved that it was not just an average malicious program, but a targeted malware that meant to destroy.

Although Stuxnet relied on a physical person to install it (via USB flash drive), the worm spreads on its own between computers with Windows operating system. It affects other machines, regardless of the connection to the Internet though a local computer network. It could also infect other USB flash drives and jump into other computers through it. Moreover, it proliferates very quickly.

Once the worm infects a system, it waits, checking if necessary parameters are met. As soon as they are, it activates a sequence that causes industrial process to self-destruct. Symantec, a software company that provides cyber security software and services, conducted a thorough analysis of Stuxnet and found that Iran, Indonesia and India were the most affected countries in the early days of infection. The nuclear facility at Natanz was one of the most affected.

Furthermore, the principle is that this malware identifies a target, then records the data and finally decides what normal operations are. After this, it plays pre-recorded data on the computers of the personnel so that they think that the centrifuges are running normally, when in fact they are not. In the end, it erases itself from the system so that it cannot be traced and/or found.

The International Atomic Energy Agency inspected the Natanz facility and confirmed (International Atomic Energy Agency (2010)) that the centrifuges were malfunctioning and producing less than 20% of enriched uranium. However, at that time, the reason for that was unknown. The most detailed damage assessment came later from the Institute for Science and International Security in Washington. It claimed that Stuxnet destroyed 984 centrifuges. However, Iran has not provided such a number, and the IAEA failed to give precise information on the damage.

Stuxnet crossed this line where a code infects software or digital programs, what it actually did, it affected the physical equipment. This has brought a new technological revolution. Before, viruses were used by cyber pranksters and minor rowdies to cause a system to crash on computers of innocent victims. But state-to-state attacks and a cyberwar were not discussed and were not thought of, as it was something out of science fiction scenarios. Stuxnet has changed this perception, and opened a new era in global security.

A former chief of industrial control systems cyber security research said that Stuxnet was “the first view of something … that doesn’t need outside guidance by a human – but can still take control of your infrastructure. This is the first direct example of weaponized software, highly customized and designed to find a particular target.” It is not hard to imagine that similar malicious programs can be developed in the future and used to achieve a military and/or political goal.

Many believe that the cyberattacks on Iran nuclear facility were meant to slow down Iran nuclear program. However, enrichment recovered within a year, and did not permanently damage nuclear program. Some experts also say that it had no effect on nuclear program whatsoever and the whole situation around Stuxnet was over-hyped by the media. Others are also saying that evidence on the malware has been inconclusive and Stuxnet may have, in fact, helped in speeding up Iranian nuclear program. The media reaction towards cyberattacks may have been exaggerated because of the secrecy around cyber issues but in end Stuxnet has made a good story.

As to the parties involved, the attack was not tied to a specific name and/or a country. Yet, it widely believed to be launched by U.S. and Israel. The sophistication of the program required considerable amount of resources, including extensive financial support and skilled specialists. This is why many security companies and experts agree on attributing the complex malware to one or more states. Among them is Kaspersky Lab, a multinational cyber security company, who says that the attack was launched with a specific motivation in mind. The attackers wanted to access industrial control systems which monitor and control infrastructure and processes of the facility. (Similar systems are used in power plants, communication systems, airports, and even military sites). Moreover, such an attack required significant amount of intelligence data so Kaspersky Lab is convinced that it was likely supported by a nation state.

Although the identity of the attacker is still unknown, many experts in international politics believe that the attack was clearly politically-motivated and aimed to slow down the development of Iran’s nuclear program. The United States and Israel both deny their involvement in Stuxnet, however, some leaked information (WikiLeaks, CBC interview with a former CIA director Michael Hayden etc.) suggests that the claims might have some credibility. Regardless the claims made, it is important to highlight that no country officially declared that it launched an offensive cyberattack.

All in all, Stuxnet has revolutionized the way we look at malicious digital programs and boosted a debate about cyber tools used for political purpose. After all, we are living in a highly digitalized world where we are dependent on technology. Military is no exception. Digital technologies are widely being incorporated into military planning and operations. Modern nuclear and conventional weapons systems rely and depend on information systems for launching, targeting, command and control, including technologies that govern safety and security. It is clear that future military conflicts will all include a digital aspect and cyber technologies. Stuxnet was just an early version of software that could potentially destroy an industrial site, specifically a nuclear facility. If malware actually achieved its goals, consequences would have been disastrous and could cause an international crisis.

 After all, as experts once have said, “Major concern is no longer weapons of mass destruction, but weapons of mass disruption” (Cetron and Davies, 2009).

Specialist in global security and nuclear disarmament. Excited about international relations, curious about cognitive, psycho- & neuro-linguistics. A complete traveller.

Continue Reading
Comments

Health

The technological advances in physical and occupational physiotherapy that you should know about

Published

on

Technology has reached all areas of human life to help us carry out various tasks and to make everyone’s lives easier in different ways. These advances are also in medicine and in the different therapeutic treatments that are used to improve various ailments. Learn what the most advanced methods are and how you can use them.

Health is the most precious thing for every person; extreme care must be taken to ensure the correct functioning of the body. There are many ways and procedures aimed at treating various conditions and helping to stay healthy, which have been significantly enhanced thanks to advances in technology.

The area of physiotherapy is one of those that has taken the best advantage of technological advances, and it has raised the quality and effectiveness of its therapies and procedures to levels never before experienced. Thanks to them, physical and occupational physiotherapy has improved substantially and is increasingly valued for the treatment of various health cases.

Physiotherapy programs for physical rehabilitation

Currently, there are various physical therapy software programs that help patients recover and improve their physical functionality quite efficiently. There is advanced software, with a wide range of physical exercises based on virtual reality, which are designed to promote the progressive and effective recovery of those who find themselves in the need to use them.

Digital physical rehabilitation software includes analytical and functional exercises, which can be used in the rehabilitation of neurological patients, in the recovery of musculoskeletal injuries, in the prevention of falls, in programs against premature ageing and even with children that suffer these types of ailments.

Advantages of using software in physiotherapy

Physiotherapy computer programs are health products, specially designed by professionals, specifically for clinical use. They offer many advantages, among which the following stand out:

  • Enjoy the therapy sessions: the gamification that can be achieved with new technologies applied to physiotherapy turns the sessions into truly fun moments, which increases the patient’s motivation and their active participation in performing the corresponding exercises.
  • Rehabilitation quantification: all kinematic parameters, such as joint ranges, measurement of the base of support, centre of gravity, number, and characteristics of steps, among others, can be consulted in detail at any time during the therapy. Additionally, they can generate detailed clinical reports on each patient, which can be printed or exported in PDF format.
  • Remote sessions: technological advances have reached such high levels that they now open the possibility of applying remote sessions to the patient, thanks to the corresponding home exercise program software for physical therapy designed for this purpose. In this way, treatment can be reinforced with home sessions, which are also monitored and allow remote management, even from the centre itself. This has greatly benefited patients that have mobility problems.

Physical therapy home exercise programs are digital tools that help therapists and patients develop personalised exercise plans from the comfort of their homes. They provide a wide variety of benefits and features that improve rehabilitation and accelerate recovery.

Physiotherapists can decide with which patients and how to develop the digital physical rehabilitation exercises available to them, which can be personalised and adapted according to the needs of each patient.

Occupational therapy software programs

The occupational therapy software programs offer a multitude of resources and tools for therapists and patients, including simulations of everyday tasks, virtual activities to improve fine motor skills, time management strategies, and hand-eye coordination exercises, among others.

One of the main resources used is related to immersive virtual rehabilitation, which allows training various functions of the hand and different movements of the upper extremities that workers perform in their corresponding tasks. To do this, virtual reality and specialised programs are used that simulate environments similar to those they face on a daily basis in their jobs.

These occupational therapy software programs also include patient progress monitoring and assessment tools. They are digital solutions that improve the efficiency of occupational therapy by providing interactive virtual environments and resources tailored to the individual needs of each patient.

Personalization of rehabilitation programs

An important advantage offered by technological advances in this area is the possibility of having personalized rehabilitation programs, which therapists can use to adapt treatments to each patient’s purposes and abilities.

The personalization of rehabilitation programs substantially improves the effectiveness of treatments by addressing the unique needs of each patient. Additionally, this rehabilitation software provides useful resources to monitor and adjust as patients progress in their recovery.

This capacity for adaptation and personalization favours a firmer rehabilitation and speeds up the return to normal functionality of the treated people.

It is a feature that offers various benefits, such as the possibility of applying more individualised approaches, which guarantees that the exercises are safe, effective, and appropriate to promote recovery, and the optimization of results, as they are exercises designed specifically to meet each patient’s needs. .

They also generate greater motivation and adherence, by considering the interests, preferences, and goals of each individual treated, and help prevent additional injuries, since the exercises are adapted to the individual capabilities and limitations of each person.

In conclusion, physical and occupational therapy software has transformed the way rehabilitation is performed on people today. They are digital tools with a wide variety of features that improve the efficiency and personalization of treatments, tailoring the perfect exercise routine for each patient’s needs.

They cover various areas, from home exercise programs to creating personalized exercise plans, facilitating faster and more effective recovery for patients. But, these advances do not stop and aim to continue towards levels that cannot even be imagined, so we can count on an even more promising future in this important area of health.

Do not think about it anymore, if you are suffering from any ailment that could benefit from remote therapy, or know of someone that does, check this software today and see how your life can easily improve thanks to the help of the experts behind them. Your health will thank you.

Continue Reading

Technology

What are spamtraps and how to get them off your mailing list for good?

Published

on

There is a silent enemy that many companies face and that focuses directly on the contact list. It is spamtraps. These are emails that are meant to catch spammers, but negatively influence mass mailings. Today we are going to find out why, and we are going to assess some actions that are easy to do to get them out of the way.

Mailing lists are generally formed by people who are interested in using a product or service of a company and who subscribe voluntarily. However, it can happen that an email appears normal-looking, but it is a spammer detector. When an email is sent to these addresses, they block it, causing a negative impact on the reputation of the brand that sent it.

Spamtraps are traps for emails, in short. They do not belong to any real person, and their only function is to block the sender of the email and mark him or her as a spammer. In this way, the brand is affected, even if the content sent has nothing to do with spam. These exist on all existing email platforms, such as Gmail or Yahoo.

Characteristics of spam traps

Although there is no simple way to find out which of the emails on your list are spamtraps, you can assess some characteristics that lead to the most frequent spamtraps. Here we can see elements such as:

  • No direct relation to a person: people generally put their names when creating their emails. Although this does not happen in 100% of cases, it could be an important factor to consider if you see some emails made up of meaningless letters and numbers, for example.
  • Emails with generic names: Generic names are not a good sign, even though many companies use them as a means of communication. To separate those that are real from those that are not, it is possible to check the domain of which the emails are part. For example, there may be emails in a list that start with the word sales@XXXXXX. What completes the part of the X’s will tell us what the chances are that it is a spamtrap. In any case, be aware that it is very unlikely that a company will subscribe to a newsletter using this type of email.
  • Abandoned emails: Technology has come a long way in recent times, and this has led to the use of new ways of communicating. Nowadays, it is very unlikely that there are people who subscribe to a list with a Hotmail email address. It is therefore essential to check, if you have one, that it is not an abandoned email that can be used with ISPs because they are no longer in use.
  • Misspelled emails: This is a very common situation that occurs, especially when double confirmation is not used. In this case, it is possible that a person enters the mailing list with a misspelled entry and then the result is an email that ends, for example, in @gml.com. You have to be very careful with these. The recommendation is to always run the confirmation to ensure that it is a real and operational address.

Actions to take to verify spamtraps on the mailing list

Now that we have an idea of what we can look for in the list and target what looks the most suspicious, we can define a series of actions to take in order to detect whether the list is clean or whether there are any harmful elements present.

The first thing to do is to review your entire contact list. This can be a tedious task when you have a large number of subscribers, but it is worth the effort. If in this first step you got several suspicious emails, you should flag them to check their behaviour in the following points.

Then, it will be time to evaluate the results of the email marketing campaigns sent previously. In these campaigns, you will get a history of very interesting data that will tell you how many people generally open the emails, those who do not, etc. The important thing here is to assess whether the values shown in the history are more or less constant or have suffered a significant decrease in recent days. If this is the case, it could be due to spamtraps.

It is common for these problems to become apparent when a number of new users join the list. It is possible that among them there is an email that works as a spam trap. The simplest solution to recognize if this is the problem is to perform a segmentation and send an email to the members of this new list and verify the results.

Finally, you will need to check if the domain you are using is on the block list. This is an essential step to know if you really have a problem or not. Doing this on a regular basis is key to avoiding problems.

Segmentation as a working strategy

Working with email marketing software that allows the segmentation of the mailing list is a benefit that will remove problems later and, of course, spamtrap detection is one of them. Thanks to segmentation, it will be possible to create groups of users to whom certain campaigns are sent and evaluate the response they have.

Mailrelay is the best option in this regard because it offers the possibility to segment and also to validate the statistics. With the statistics you can measure the percentage of clicks that were made and that can give us an important guide, since this is an action that can only be performed by real people.

Nowadays, there are already robots capable of opening emails that arrive at your server, so the open rate is no longer a valuable statistic in this regard.

After you are clear about which contact segments are performing well, you can continue to work with them as normal and separate those that are not performing well to validate them later. It is better to keep fewer subscribers than to risk having your domain blocked and losing your entire list.

Continue Reading

Business

9 Ways to Keep Technology from Slowing Down Your Business

Published

on

There’s no doubt that technology has made our lives easier. We can now do things we never thought possible, like communicating with people all over the world in an instant or order items from the comfort of our own homes. However, with great power comes great responsibility- and for business owners, this means making sure that technology doesn’t slow you down. Here are nine ways to keep your business running at full speed.

Make a Plan

Technology can be unpredictable, so it’s important to have a plan in place in case of any malfunctions. This includes having backups of your data and creating disaster recovery plans in case of emergencies.

Stay Updated

Keep your software up-to-date, as well as your operating system and hardware. Outdated software can cause compatibility issues and make your devices run slower.

Use the Right Tools

Using the right tools for the job is essential when it comes to technology. If you’re using an outdated program or device, chances are there’s a better, faster option out there that will suit your needs. Even shortcuts are important tools, like automatic cache cleaner for Mac users in your company. 

Create Standards

Creating standards for how employees use technology can help keep things running smoothly. This means establishing guidelines on passwords, data storage, backups, and any other procedures related to technology usage at work. 

Get Help

If you don’t have the resources internally then, it’s crucial to get help from someone who knows what they’re doing. This can be a tech-savvy friend or coworker, an IT professional if your budget allows for it, or even just reading articles online about how best to use specific devices/software programs.

Invest in New Equipment

Upgrading equipment regularly will help keep things running smoothly and make sure that there aren’t any compatibility issues with new software releases. It also ensures employees always know what tools are available when needed without having them search through piles of old files looking for something specific like an outdated version of Microsoft Word or Excel that won’t work with the latest operating system they’re trying to install on their computer.

Create a Backup Plan

Having multiple backups of your data makes it easy to recover files after an emergency situation like a power outage, hard drive crash, or (heaven forbid) a hacking, so you can get back up and running as soon as possible without losing any valuable information.

Train Employees

It’s vital for employees who use technology regularly at work, such as those in IT departments, customer service positions, etcetera – to have training sessions on how best to utilize whatever type of device/software program they’ll be using daily. This will help them avoid making mistakes which could lead to major problems down the line if left unchecked by management personnel. Allowing users time off from duties during these training sessions will also ensure they’re not distracted while learning new skills that may be required on some projects within their company.

Keep Your Data Secure

 Keeping your data secure is essential to any business, and this means more than just backing it up regularly or installing antivirus software. For example, it’s important for companies who deal with sensitive information about clients/customers, etcetera – take steps such as encrypting emails containing personal details before sending them out across networks which can sometimes have vulnerabilities (e.g., open Wi-Fi). You should also train employees on how best to utilize whatever type of device/software program they’ll be using daily so there will never again be confusion over what needs doing when dealing with confidential files work.

Continue Reading

Trending