Petya Malware Brings New Wave of Cyber-Attacks Across Europe, U.S.

Today’s topics include a new malware called Petya based on a leaked software exploit that's attacking computers across Europe; the EU's record fine against Google over its shopping search dominance; Cisco System's new hardware and software offerings to support growing Internet of Things; and HackerOne's report of a significant rise in bug bounties. 

European companies and government agencies are reporting a widespread attack by a ransomware program that arrives in email and uses a leaked software exploit to infect users’ systems, according to multiple accounts on June 27.

The attack appears to be a year-old ransomware threat, known as Petya, created originally in 2016, but updated to use the EternalBlue exploit, which is an attack program leaked by the ShadowBrokers as part of the cache of code allegedly stolen from the National Security Agency.

Numerous companies across Europe reported their information systems had been impacted by the attack, including UK-based advertising and public relations firms WPP plc, Ukraine's state-run power company Ukrenergo, Russian oil producer Rosneft and global transport company Maersk.

On June 27, the European Commission slapped Google with a record $2.7 billion fine for abusing its search engine dominance to promote its own comparison-shopping site over that of rivals.

The Commission has given Google 90 days to change the manner in which it displays links to rival sites in search engine results or face additional penalty payments of up to 5 percent of parent company Alphabet's daily worldwide revenues.

Margrethe Vestager, the European Commissioner for competition who spearheaded the investigation of Google's business practices in the EU said Google's practice of promoting its own comparison-shopping site is illegal under EU antitrust rules. In a statement Google disagreed with the decision and said it is considering an appeal.

The focus for Cisco Systems officials during the Cisco Live event in Las Vegas this week has been on reinventing enterprise networks to make them more open, automated and better equipped them to handle workloads presented by cloud computing, mobility, big data and the internet of things.

The company unveiled an updated version of its Cisco Jasper Control Center IoT connectivity platform, which brings advanced features around traffic security and segmentation along with support for low-power connected devices.

In addition, Cisco officials launched Kinetic, an IoT operations platform designed to make it easier for companies to pull data from their connected devices, analyze it and then take actions based on the results.

Bug bounty platform vendor HackerOne published its 28-page 2017 Hacker-Powered Security report June 27, providing insight into the current state of the bug bounty marketplace.

Among the top-line findings in the report is that the average bug bounty paid for a critical vulnerability is now $1,923. Through the bug bounty platform, vendors benefit from HackerOne's community of researchers that look for security vulnerabilities and are rewarded financially when they report them.

While the average bounty for a critical vulnerability in 2017 is $1,923, there is a high-degree of industry variability in the top amounts paid out by vendors. The top bounty awards on the HackerOne platform is $30,000 which is paid by technology vendors. In contrast, the top bounty award from healthcare vendors is only $3,000.