Weekly Axis Of Easy #23
In this issue:
- Facebook feed change will leave independent news out in the cold
- Baby *do* Fear The Reaper: new botnet bigger than Mirai
- BadRabbit Ransomware spreading from Eastern Europe
- TD Whistleblower: Bank offshoring work & data without customers knowledge
Does your organization depend on unpaid traffic from Facebook? Perhaps from content you write that gets shared a lot? Better start working on a “Plan B” as Facebook tests a new algorithm in six countries (Eastern Europe and Sri Lanka) where all unpaid posts get moved to a secondary tab called “Explore newsfeed” while your main feed will contain only posts from friends and promoted (paid) content.
“Utterly devastating” are the early results. Independent news publishers, citizens outreach groups and NGOs in the test beds are seeing their traffic plunge 60% to 80% literally overnight.
I’ve written about this as far back as 2007, cautioning around the temptation to build an entire model around somebody else’s 800 lb gorilla. When you do, you literally exist at the whim of the gorilla. But in the age of gigantic social networks and pervasive search engine reach, how do you minimize your dependancy on them? This is one of the main themes I’ll be covering in the Guerrilla Capitalism newsletter. (That, and bitcoin 🙂
Security researchers have been following the growth of a new Internet of Things botnet, dubbed “Reaper”. While researchers dispute the current size of the botnet (early reports were at 1 million, Arbor Networks says 10,000 to 20,000); they have identified as many as 2 million vulnerable devices that are online and prone to being roped into the botnet. Where Mirai targeted IoT devices with stupid default passwords, Reaper uses a suite of 9 known IoT security vulnerabilities discovered in the past month.
Recall it was Mirai brought about one of the worst DNS outages ever about a year ago when it knocked Dynect right off the internet.
MIT Technology Review reports of a new ransomware strain originating out of Eastern Europe. Dubbed “BadRabbit”, the strain encrypts the files of infected systems and demands a 0.05 BTC (currently about $380 CAD) for the decryption key, and the ransom increases after 40 hours.
All the more reason to have backups, and if you already have backups, backup the backups. We’ll have more to say about this shortly (can anybody say “easyBackup”?)
A whistleblower at TD, one of Canada’s “big 4” banks, is warning that the bank is employing offshore workers in India to process fraud claims. The workers have access to customers personal data such as social insurance numbers, credit and banking details. The whistleblower alleges that TD is camouflaging this by reverting the process back to Canada if a call to the customer is required, originating the call from a Canadian agent instead of the offshore worker handling the case. She has released details via “Go Public” and filed a complaint with the Canadian Privacy Commissioner.