Connect with us

Uncategorized

Four new hacking groups have joined an ongoing offensive against Microsoft’s email servers

Published

on

A Chinese government-linked hacking campaign revealed by Microsoft this week has ramped up rapidly. At least four other distinct hacking groups are now attacking critical flaws in Microsoft’s email software in a cyber campaign the US government describes as “widespread domestic and international exploitation” with the potential to impact hundreds of thousands of victims worldwide.

Beginning in January 2021, Chinese hackers known as Hafnium began exploiting vulnerabilities in Microsoft Exchange servers. But since the company publicly revealed the campaign on Tuesday, four more groups have joined in and the original Chinese hackers have dropped the pretense of stealth and increased the number of attacks they’re carrying out. The growing list of victims includes tens of thousands of US businesses and government offices targeted by the new groups. 

“There are at least five different clusters of activity that appear to be exploiting the vulnerabilities,” says Katie Nickels, who leads an intelligence team at the cybersecurity firm Red Canary that is investigating the hacks. When tracking cyberthreats, intelligence analysts group clusters of hacking activity by the specific techniques, tactics, procedures, machines, people, and other characteristics they observe. It’s a way to track the hacking threats they face. 

Hafnium is a sophisticated Chinese hacking group that has long run cyberespionage campaigns against the United States, according to Microsoft. They are an apex predator—exactly the sort that is always followed closely by opportunistic and smart scavengers.

Activity quickly kicked into higher gear once Microsoft made their  announcement on Tuesday. But exactly who these hacking groups are, what they want, and how they’re accessing these servers remain unclear. It’s possible that the original Hafnium group sold or shared their exploit code or that other hackers reverse engineered the exploits based on the fixes that Microsoft released, Nickels explains.

“The challenge is that this is all so murky and there is so much overlap,” Nickels explains. “What we’ve seen is that from when Microsoft published about Hafnium, it’s expanded beyond just Hafnium. We’ve seen activity that looks different from tactics, techniques, and procedures from what they reported on.” 

By exploiting vulnerabilities in Microsoft Exchange servers, which organizations use to operate their own email services, hackers are able to create a web shell—a remotely accessible hacking tool that easily enables backdoor access and control of the infected machine—which allows them to control the compromised server over the internet and then pivot to steal data from throughout their target’s network. The web shell means that even though Microsoft has issued fixes for the flaws—which only 10% of Exchange customers had applied by Friday, according to the company—the adversary still has backdoor access to their targets. 

Applying Microsoft’s software fixes is a crucial first step but the total clean up effort is going to be much more complicated for many potential victims, especially when the hackers moved freely to other systems on the network.

“We are working closely with CISA [the Cybersecurity and Infrastructure Security Agency], other government agencies, and security companies, to ensure we are providing the best possible guidance and mitigation for our customers,” a Microsoft spokesperson says. “The best protection is to apply updates as soon as possible across all impacted systems. We continue to help customers by providing additional investigation and mitigation guidance. Impacted customers should contact our support teams for additional help and resources.” 

With multiple groups now attacking the vulnerabilities, the hacks are expected to disproportionately impact organizations that can least afford to defend against them, like small businesses, schools, and local governments, said former US cybersecurity official Chris Krebs. 

“Why, though?” Krebs asked on Twitter. “Is this a flex in the early days of the Biden admin to test their resolve? Is it an out of control cybercrime gang? Contractors gone wild?”

With potentially hundreds of thousands of victims worldwide, this Exchange hacking campaign has impacted more targets than the SolarWinds hack that the US government is currently struggling to clean up. But, as with the SolarWinds hack, numbers aren’t everything: The Russian hackers behind SolarWinds were highly disciplined and went after specific high-value targets even though they had potential access to many thousands.

The same is true here: Even if the total numbers are alarming, all compromises are not catastrophic. 

“All of these are not created equal,” Nickels says. “There are vulnerable Exchange servers where the door is open but we don’t know if an adversary has gone through it. There are slightly compromised servers, maybe a web shell is dropped but nothing beyond that. Then there is the other end of the spectrum where adversaries had follow-on activity and moved to other systems.”

It’s rare for the White House to comment on cybersecurity issues but the Biden administration has had cause to talk a lot about hacking in its first two months in office due to the SolarWinds hack and now this latest incident.

“We are concerned that there are a large number of victims and are working with our partners to understand the scope of this,” White House press secretary Jen Psaki said during a Friday afternoon press conference. “Network owners also need to consider whether they have already been compromised and should immediately take appropriate steps.”

Continue Reading
Comments

Uncategorized

Pakistan temporarily blocks social media

Published

on

Pakistan has temporarily blocked several social media services in the South Asian nation, according to users and a government-issued notice reviewed by TechCrunch.

In an order titled “Complete Blocking of Social Media Platforms,” the Pakistani government ordered Pakistan Telecommunication Authority to block social media platforms including Twitter, Facebook, WhatsApp, YouTube, and Telegram from 11am to 3pm local time (06.00am to 10.00am GMT) Friday.

The move comes as Pakistan looks to crackdown against a violent terrorist group and prevent troublemakers from disrupting Friday prayers congregations following days of violent protests.

Earlier this week Pakistan banned the Islamist group Tehrik-i-Labaik Pakistan after arresting its leader, which prompted protests, according to local media reports.

An entrepreneur based in Pakistan told TechCrunch that even though the order is supposed to expire at 3pm local time, similar past moves by the government suggests that the disruption will likely last for longer.

Though Pakistan, like its neighbor India, has temporarily cut phone calls access in the nation in the past, this is the first time Islamabad has issued a blanket ban on social media in the country.

Pakistan has explored ways to assume more control over content on digital services operating in the country in recent years. Some activists said the country was taking extreme measures without much explanations.

Continue Reading

Uncategorized

Oxbotica raises $13.8M from Ocado to build autonomous vehicle tech for the online grocer’s logistics network

Published

on

Ocado, the UK online grocer that has been making strides reselling its technology to other grocery companies to help them build and run their own online ordering-and-delivery operations, is making an investment today into what it believes will be the next chapter of how that business will grow: it is taking a £10 million ($13.8 million) stake in Oxbotica, a UK startup that develops autonomous driving systems.

Ocado is treating this as a strategic investment to develop AI-powered, self-driving systems that will work across its operations, from vehicles within and around its packing warehouses through to the last-mile vehicles that deliver grocery orders to people’s homes. It says it expects the first products to come out of this deal — most likely in closed environments like warehouses rather than open streets — to be online in two years.

“We are excited about the opportunity to work with Oxbotica to develop a wide range of autonomous solutions that truly have the potential to transform both our and our partners’ CFC [customer fulfillment centers] and service delivery operations, while also giving all end customers the widest range of options and flexibility,” said Alex Harvey, chief of advanced technology at Ocado, in a statement.

The investment is coming as an extension to Oxbotica’s Series B that it announced in January, bringing the total size of the round — which was led by bp ventures, the investing arm of oil and gas giant bp, and also included BGF, safety equipment maker Halma, pension fund HostPlus, IP Group, Tencent, Venture Science and funds advised by Doxa Partners — to over $60 million.

The timing of the news is very interesting. It comes just one day (less than 24 hours in fact) after Walmart in the US took a stake in Cruise, another autonomous tech company, as part of recent $2.75B monster round.

Walmart owns one of Ocado’s big competitors in the UK, ASDA; and Ocado has made its first forays into the US, by way of its deal to power Kroger’s online grocery business, which went live this week, too. So it seems that competition between these two is heating up on the food front.

More generally, there has been a huge surge in the world of online grocery order and delivery services in the last year. Earlier movers like online-only Ocado, Tesco in the UK (which owns both physical stores and online networks), and Instacart in the US have seen record demand, but they have also been joined by a lot of competition from well-capitalized newer entrants also keen to seize that opportunity, and bringing different approaches (next-hour delivery, smaller baskets, specific products) to do so.

In Ocado’s home patch of Europe, other big names looking to extend outside of their home turfs include Oda (formerly Kolonial); Rohlik out of the Czech Republic (which in March bagged $230 million in funding); Everli out of Italy (formerly called Supermercato24, it raised $100 million); Picnic out of the Netherlands (which has yet to announce any recent funding but it feels like it’s only a matter of time given it too has publicly laid out international ambitions). Even Ocado has raised huge amounts of money to pursue its own international ambitions. And that’s before you consider the nearly dozens of next-hour, smaller bag grocery delivery plays.

A lot of these companies will have had a big year last year, not least because of the pandemic and how it drove many people to stay at home, and stay away from places where they might catch and spread the Covid-19 virus.

But now, the big question will be how that market will look in the future as peoples go back to “normal” life.

As we pointed out earlier this week, Ocado has already laid out how demand is lower, although still higher than pre-pandemic times. And indeed, the new-new normal (if we can call it that) may well see the competitive landscape tighten some more.

That  could also be one reason why companies like Ocado are putting more money into working on what might be the next generation of services: one more efficient and run purely (or at least mostly) on technology.

The rationale of forking out big for autonomous tech, which is still largely untested and very, very expensive technology, to save money is a long-term play. Logistics today accounts for some 10% of the total cost of a grocery delivery operation. But that figure goes up when there is peak demand or anything that disrupts regularly scheduled services.

My guess is also that with all of the subsidized services that are flying about right now, where you see free deliveries or discounts on groceries to encourage new business — a result of the market getting so competitive — those logistics have bled into being an even bigger cost.

So it’s no surprise to see the biggest players in this space looking at ways that it might leverage advances in technology to cut those costs and speed up how those operations work, even if it’s just a promise of discounts in years, not weeks. Of course investors might see it otherwise if that doesn’t go to plan.

In addition to this collaboration with Oxbotica, Ocado continues to seek further investments and/or partnerships as it grows and develops its autonomous vehicle capabilities.

Notably, Oxbotica and Ocado are not strangers. They started to work together on a delivery pilot back in 2017. You can see a video of how that delivery service looks here:

 

“This is an excellent opportunity for Oxbotica and Ocado to strengthen our partnership, sharing our vision for the future of autonomy,” said Paul Newman, co-founder and CTO of Oxbotica, in a statement. “By combining both companies’ cutting-edge knowledge and resources, we hope to bring our Universal Autonomy vision to life and continue to solve some of the world’s most complex autonomy challenges.”

But as with all self-driving technology — incredibly complex and full of regulatory and safety hurdles — we are still fairly far from full commercial systems that actually remove people from the equation completely.

“For both regulatory and complexity reasons, Ocado expects that the development of vehicles that operate in low-speed urban areas or in restricted access areas, such as inside its CFC buildings or within its CFC yards, may become a reality sooner than fully-autonomous deliveries to consumers’ homes,” Ocado notes in its statement on the deal. “However, all aspects of autonomous vehicle development will be within the scope of this collaboration. Ocado expects to see the first prototypes of some early use cases for autonomous vehicles within two years.”

We’re speaking to Ocado and Oxbotica shortly and will update this post with more from that.

Continue Reading

Uncategorized

All the tech crammed into the 2022 Mercedes-Benz EQS

Published

on

Mercedes-Benz lifted the final veil Thursday on its flagship EQS sedan after weeks of teasers, announcements and even a pre-production drive that TechCrunch participated in. The company peeled off the camouflage of the EQS — the electric counterpart to the Mercedes S Class — and revealed an ultra-luxury and tech-centric sedan.

The exterior is getting much of the attention today; but it’s all of the tech that got ours from the microsleep warning system and 56-inch hyperscreen to the monster HEPA air filter and the software that intuitively learns the driver’s wants and needs. There is even a new fragrance called No.6 MOOD Linen and is described as “carried by the green note of a fig and linen.”

“There is not one thing because this car is 100 things,” Ola Kaellenius, the chairman of the board of management of Daimler AG and head of Mercedes-Benz, told TechCrunch in an interview the morning of the EQS launch. “And it’s those 100 little things that make the difference and that makes a Mercedes, a Mercedes.”

Mercedes is betting that the tech coupled with performance and design will attract buyers. This is a high-stakes game for Mercedes. The German automaker is banking on a successful rollout of the EQS in North America that will erase any memory of its troubled — and now nixed — launch of the EQC crossover in the United States.

Quick nuts and bolts

Before diving into the all the techy bells and whistles, here are the basics. The EQS is the first all-electric luxury sedan under the automaker’s new EQ brand. The first models being introduced to the U.S. market will be the EQS 450+ with 329 hp and the EQS 580 4MATIC with 516 hp. Mercedes didn’t share the price of these models. It did provide a bevy of other details on its performance, design and range.

The EQS that will be available in the U.S. has a length that is a skosh over 17 feet, precisely 205.4 inches long, which is the Goldilocks equivalent to the Mercedes S Class variants.

Mercedes-EQS

Mercedes EQS 580 4MATIC

The vehicle has a co-efficient drag of 0.202, which sneaks below Tesla’s Model S and the upcoming Lucid Motors Air, making its the most aerodynamic production car in the world. All EQS models have an electric powertrain at the rear axle. The EQS 580 4MATIC also has an electric powertrain at the front axle, giving it that all-wheel drive capability. The EQS generates between 329 hp and 516 hp, depending on the variant. Mercedes said a performance version is being planned that will have up to 630 hp. Both the EQS 450+ and the EQS 580 4MATIC have a top speed of 130 miles per hour. The EQS 450+ will have a 0 to 60 mph acceleration time of 5.5 seconds while its more powerful sibling will be able to achieve that speed in 4.1 seconds.

The EQS will have two possible batteries to choose from, although Mercedes has only released details of one. The heftiest configuration of the EQS has a battery with 107.8 kWh of usable energy content that can travel up 478 miles on a single charge under the European WLTP estimates. The EPA estimates, which tend to be stricter, will likely fall below that figure.

The vehicle can be charged with up to 200 kW at fast charging stations with direct current, according to Mercedes. At home or at public charging stations, the EQS can be charged with AC using the on-board charger.

Now onto some of the technological highlights within the vehicle.

ADAS

There are loads of driver assistance features in the EQS, which are supported by a variety of sensors such as ultrasound, camera, radar and lidar that are integrated into the vehicle. Adaptive cruise, the ability to adjust the acceleration behavior, lane detection and automatic lane changes as well as steering assist helps the driver to follow the driving lane at speeds up to 130 mph are some of the ADAS features. The system also recognizes signposted speed limits, overhead frameworks and signs at construction zones and includes warnings about running a stop sign and a red light.

Another new feature is the micro-sleep warning function, which becomes active once the vehicle reaches speeds over 12 mph. This feature works by analyzing the driver’s eyelid movements through a camera on the driver’s display, which is only available with MBUX Hyperscreen.

There are several active assist features that will intervene if needed. An active blind spot assist can give a visual warning of potential lateral collisions in a speed range from around 6 mph to 124 mph. However, if the driver ignores the warnings and still initiates a lane-change, the system can take corrective action by one-sided braking intervention at the last moment if the speed exceeds 19 mph, Mercedes said. The feature remains active even while parked and will warn against exiting if a vehicle or cyclist is passing nearby.

There is also an active emergency stop assist feature that will brake the vehicle to a standstill in its own lane if the sensors and software recognizes that the driver is no longer responding to the traffic situation for a longer period. The brakes are not suddenly applied. If the driver is unresponsive, it begins with an acoustic warning and a visual warning appears in the instrument cluster. Those warnings continue as the vehicle starts to slowly decelerate. Hazard lights are activated and the driver’s seatbelt is briefly tensioned as a haptic warning. The final step is what Mercedes describes as a “short, strong brake jolt” as an additional warning followed by the car decelerating to a standstill, with an optional single lane change if necessary.

Mercedes is also offering the option of DRIVE PILOT, which is an SAE Level 3 conditional automated driving system feature. This would allow hands free driving. Regulations in Europe prevent that level of automation to be deployed in production vehicles on public roads. However,  Kallenius told media in Germany on Thursday that the company is on “on the verge of trying to certify the first volume production car Level 3 system in Germany in the second half of this year,” Automotive News Europe reported.

The car that learns

Many of the technological gee-whiz doodads in the EQS tie back to an underlying AI that is designed to learn the driver’s behavior. That is achieved through software and a dizzying number of sensors. Mercedes said that depending on the equipment, the EQS will have up to 350 sensors that are used to record distances, speeds and accelerations, lighting conditions, precipitation and temperatures, the occupancy of seats as well as the driver’s blink of an eye or the passengers’ speech.

The sensors capture information, which is then processed by electronic control units (computers) and software algorithms then take over to make decisions. TechCrunch automotive reviewer Tamara Warren noticed the vehicle’s ability to learn her preference during a half day with the EQS.

Mercedes ran through a number of examples of how these sensors and software might work together, including an optional driving sound that is interactive and reacts to different parameters such as position of the accelerator pedal, speed or recuperation.

The intuitive learning is mostly apparent through interactions with the MBUX infotainment system, which will proactively show the right functions for the user at the right time. Sensors pick up on change in the surroundings and user behavior and will react accordingly. Mercedes learned from data collected from the first-generation MBUX, which debuted in the 2019 Mercedes A Class, and found most of the use cases fall in the Navigation, Radio/Media and Telephone categories.

That user data informed how the second-generation MBUZ, and specifically the one in the EQS, is laid out. For instance, the navigation app is always in the center of the visual display unit.

2022_Mercedes_EQS__79

Image Credits: Mercedes-Benz

The MBUX uses a natural language processing and so drivers can always use their voice to launch a radio station or control the climate. But Mercedes is really pushing the EQS’ intuitive learning capabilities. This means that as a driver uses the vehicle, items that might be typically buried in the menu will appear up front, or offered up depending on the time or even location of the vehicle.

“The car gets to know you as a person and your preferences and what you do,” said Kaellenius. “It’s almost like it serves up the option that you want to do next, before you even think about it you get.”

“You get a pizza delivered before you even get hungry,” Kaellenius said, jokingly. “That phenomenal in terms of intuition.”

According to Mercedes there are more than 20 other functions such as birthday reminders that are automatically offered with the help of artificial intelligence when they are relevant to the customer. These suggestion modules, which are displayed on the zero-layer interface, are called “Magic Modules.” Here is how it might work: if the driver always calls a particular friend ore relative on the way home on certain evenings, the vehicle will deliver a suggestion regarding this particular call on this day of the week and at this time. A business card will appear with their contact information and – if this is stored – their photo, Mercedes said. All the suggestions from MBUX are coupled with the logged-in profile of the user. This means that if someone else drives the EQS on that same evening, with their own profile logged-in, this recommendation is not displayed.

If a driver always listens to a specific radio program on their commute home, this suggestion will be displayed or if they regularly use the hot stone massage, the system will automatically suggest the comfort function in colder temperatures.

This also applies to the vehicle’s driving functions. For example, the MBUX will remember if the driver has a steep driveway or passes over the same set of speed bumps entering their neighborhood. If the vehicle approaches that GPS position, the MBUX will suggest raising the chassis to offer more ground clearance.

Health and wellness

Remember those sensors? There’s a way for drivers to take it a step further and link their smartwatch — Mercedes-Benz vivoactive 3, the Mercedes-Benz Venu or another compatible Garmin — to the vehicle’s so-called energizing coach. This coach responds to the user’s behavior and will offer up one of several programs such as “freshness,” “warmth,” “vitality,” or “joy” depending on the individual. Via the Mercedes me App, the smartwatch sends vital data of the wearer to the coach, including pulse rate, stress level and sleep quality. The pulse rate recorded by the integrated Garmin wearable is shown in the central display.

What does this all mean in practice? Depending on the user’s wants and the AI system’s understanding of what he or she wants, the lighting, climate, sound and seating might change. This is, of course, all integrated with the voice assistant ‘Hey Mercedes’ so drivers can simply make a statement to trigger the program they want.

If the driver says “I am stressed,” the Joy program will be launched. If the driver says “I’m tired,” they are then prompted to take a break the Vitality program.

Mercedes S Class owners might already be familiar with these options, although the automaker notes that EQS builds on the system. There are now three new energizing nature programs called forest glade, sounds of the sea and summer rain as well as training and tips options. Each program launches different and immersive sounds, which created in consultation with the acoustic ecologist Gordon Hempton. For instance, “forest glade” will deliver a combination of birdsong, rustling leaves and a gentle breeze. The program is rounded off by warm music soundscapes and subtle fragrance.

Sounds of the Sea will produce soft music soundscapes, wave sounds and seagull sounds. Blasts of air from the air conditioning system completes the effect. Meanwhile “summer rain” offers up sounds of raindrops on leafy canopies, distant thunder, pattering rain and ambient music soundscapes.

2022_Mercedes_EQS__64

Image Credits: Mercedes-Benz

For those long drives which require a break, Mercedes added a power nap feature. Once power nap is selected (and no never when driving), the program runs through three phases: falling asleep, sleeping, and waking up. The driver’s seat moves into a rest position, the side windows and panorama roof sunshade are close and the air ionization is activated. Soothing sounds and the depiction of a starry sky on the central display support falling asleep, according to Mercedes. Once it is time to wake up, a soundscape is activated, a fragrance is deployed and a brief active massage and seat ventilation begins. The seat raises and the sunshade in the roof liner opens.

Voice

As mentioned before the “Hey Mercedes” voice assistant uses natural language processing and can handle an array of requests. Mercedes said the assistant can now do more and certain actions such as accepting a phone call can be made without the activation keyword “Hey Mercedes.” The assistant can now explain vehicle functions.

The assistant can also recognize vehicle occupants by their voices. There is in fact individual microphones placed at each seating area within the vehicle. Once they have been learned, the assistant can access personal data and functions for that specific user.

The voice assistant in the EQS can also be operated from the rear, according to Mercedes.

These personal profiles are stored in the Cloud as part of “Mercedes me.” That means  the profiles can also be used in other Mercedes-Benz vehicles with the new MBUX generation. Security is built in and includes a PIN and then combines face and voice recognition to authenticate. This allows access to individual settings or verification of digital payment processes from the vehicle, the automaker said.

Screens and entertainment

Finally, yes the screens. All of the screens. The 56-inch hyperscreen gets the most attention, but there are screens throughout the EQS. What is important about them is how they communicate with each other.

The hyperscreen is actually three screens that sit under a common bonded glass cover and visually merge into one display. The driver display is 12.3 inches, the central display is 17.7 inches and front passenger display is 12.3 inches. The MBUX Hyperscreen is a touchscreen and also throws in haptic feedback and force feedback.

“Sometimes when I think about the first design and what we’ve actually done here, it’s like, ‘Are we mad to try to create a one meter 41 centimeters curved bonded glass, one piece in the car,” said Kaellenius. “The physical piece in its own right — It’s a piece of technological art.”

2022_Mercedes_EQS

Image Credits: Mercedes-Benz

A lot of attention was paid to the backseat because the EQS, like its S Class counterpart, are often used to chauffeur the owner. Mercedes won’t call this a rear-seat entertainment system and instead refers to it as multi seat entertainment system because everything is connected to each other.

Kaellenius explained that if a driver wants the two rear passengers to watch a different movie, a simple drag and swipe motion on the main screen will throw that new programming back to the rear. The passengers can also throw movies from left to right.

Continue Reading

Trending