Connect with us





IT’S NOT EVERY day that security researchers discover a new state-sponsored hacking group. Even rarer is the emergence of one whose spyware has 80 distinct components, capable of strange and unique cyberespionage tricks—and who’s kept those tricks under wraps for more than five years.

In a talk at the Kaspersky Security Analyst Summit in Singapore Wednesday, Kaspersky security researcher Alexey Shulmin revealed the security firm’s discovery of a new spyware framework—an adaptable, modular piece of software with a range of plugins for distinct espionage tasks—that it’s calling TajMahal. The TajMahal framework’s 80 modules, Shulmin says, comprise not only the typical keylogging and screengrabbing features of spyware, but also never-before-seen and obscure tricks. It can intercept documents in a printer queue, and keep track of “files of interest,” automatically stealing them if a USB drive is inserted into the infected machine. And that unique spyware toolkit, Kaspersky says, bears none of the fingerprints of any known nation-state hacker group.

“Such a large set of modules tells us that this APT is extremely complex,” Shulmin wrote in an email interview ahead of his talk, using the industry jargon—short for advanced persistent threat—to refer to a sophisticated hackers who maintain long-term and stealthy access to victim networks. “TajMahal is an extremely rare, technically advanced and sophisticated framework, which includes a number of interesting features we have not previously seen in any other APT activity. Coupled with the fact that this APT has a completely new code base—there are no code similarities with other known APTs and malware—we consider TajMahal to be special and intriguing.”

It’s remarkable how long TajMahal remained undetected.

Kaspersky says it first detected the TajMahal spyware framework last fall, on only a single victim’s network: The embassy of a Central Asian country whose nationality and location Kaspersky declines to name. But given the software’s sophistication, Shulmin says TajMahal has likely been deployed elsewhere. “It seems highly unlikely that such a huge investment would be undertaken for only one victim,” he writes. “This suggests that there are either further victims not yet identified, or additional versions of this malware in the wild, or possibly both.”

Those initial findings may indicate a very cautious and discreet state-sponsored intelligence-gathering operation, says Jake Williams, a former member of the National Security Agency’s elite Tailored Access Operations hacking group. “The extensibility of it requires a large developer team,” Williams notes. He points out also that the ability to avoid detection and the single known victim suggest extreme care in targeting, stealth, and operation security. “There’s all kinds of stuff here that screams opsec and very regimented tasking.”

Shulmin says Kaspersky hasn’t yet been able to connect TajMahal, named for a file the spyware uses to move stolen data off a victim’s machine, to any known hacker groups with the usual methods of code-matching, shared infrastructure, or familiar techniques. Its Central Asian target doesn’t exactly provide any easy clues as to the hackers’ identities either, given the vagueness of that description and the countries with sophisticated hacker teams with Central Asian interests, including China, Iran, Russia and the US. Nor has Kaspersky determined how the hackers behind TajMahal gain initial access to a victim network. But they do note that the group plants an initial backdoor program on machines, which the hackers labelled Tokyo. That backdoor uses the tool PowerShell, often exploited by hackers, to allow the intruders to spread their compromise, connect to the a command-and-control server, and plant TajMahal’s much more multifunctional payload spyware, labelled by the hackers as Yokohama, with its dozens of distinct modules.1

Yokohama’s Swiss Army-style versatility is what stood out most to Kaspersky’s researchers. While it includes many of the usual, powerful capabilities of state-sponsored spies, it also has some more idiosyncratic features: When a USB drive is plugged into an infected PC, it scans its contents and uploads a list of them to the command-and-control server, where the spies behind TajMahal can decide which files they want to exfiltrate. If the USB drive has been removed by the time the hackers have made up their minds, TajMahal can automatically monitor the USB port for the same drive to pull off that file, and upload it the next time it appears. The spyware has other modules that allow it to flag files that have been burned to a CD, or put into a printer queue.

While none of those features are particularly flashy, they signal a careful adversary taking pains to discern which files among the vast and messy contents of a victim’s computer might be worth stealing. “One would not print information, save it to a USB stick, or burn it onto a CD if this information was not important in some way,” Shulmin says.

Considering its sophistication and eclectic features, it’s remarkable how long TajMahal remained undetected. The Central Asian embassy victim, Kaspersky says, had been compromised since at least 2014. But the compile times of various elements of TajMahal—the time stamps that indicate when a piece of it was programmed—indicate it was active both before and long after that date. Some modules dated back to 2013, while others dated as recently as 2018.

“Somehow, it has stayed under the radar for over five years. Whether this is due to relative inactivity or something else is another intriguing question,” Shulmin writes. “It is a reminder to the cybersecurity community that we never really have full visibility of everything that is going on in cyberspace.”

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.





Need a managed WordPress plan? Start here…

Getting started with WordPress doesn’t have to be expensive, after all the 15-year old WordPress is free (and open source). Even the cheapest shared hosting plan usually comes with a one-click WordPress installer, allowing the greenest of blogging newbies to have their first post ready in less than 60 seconds (we tried it).

Managing a blog over time is much more challenging, though. You’ll need to find your own themes and plugins. And also keep them, and WordPress itself, up-to-date (although you can even get that done automatically).

Blogs are often targeted by malware, so it’s important you have some way to detect and remove any threats, and you’ll want regular backups to help get a broken blog working again.

If you don’t have the time or technical experience for all that, you might prefer to buy a managed WordPress plan, and have the hosting company handle all the technical bits for you.

The host will often import your previous WordPress blog, if you have one. Usually you’ll get some preinstalled themes and plugins to simplify customization. There should at least be an option to automatically update the site, a security service like SiteLock will be on hand to keep your blog malware-free, and we would expect 24/7 support from a team with real WordPress knowledge.

The best hosts go even further, optimizing their servers to boost WordPress performance, and sometimes throwing in extras like a content delivery network(CDN) to deliver great speeds worldwide (hopefully).

There’s a long list of hosting companies offering managed WordPress plans, but we’ve picked out five of the best to point you in the right direction. Whether you’re a first-time user or a big business, there’s something for you here, and with prices starting at around a pound per month, it’s well worth taking the time to find out more.

These are the best WordPress hosting services of 2018

1. Bluehost

Best professional-level host

WP Standard


WP Enhanced


WP Premium


Optimized low-level setup
Many powerful extras
Not cheap

Budget WordPress hosting can have a lot of appeal, but it usually won’t deliver the features, performance or reliability that high traffic sites need. If you’re the demanding type, opting for a premium hosting plan will give you much better results.

Bluehost has created its own VPS-based architecture to deliver optimum WordPress performance via NGINX, a custom PHP-FPM setup and intelligently allocated resources through KVM hypervisor. (If you’re not a hosting geek, this just means Bluehost has taken the time to optimize the low-level setup of its platform for WordPress, rather than simply making do with a standard configuration.)

The company doesn’t waste time by pretending to offer ‘unlimited’ resources, and instead tells you exactly what you’re going to get. For the WP Standard plan, this means 30GB storage, 1TB bandwidth, and key resources – 2GB RAM, two CPU cores – which are allocated to you, and not shared with anyone else.

Premium features include SiteLock Pro to keep your website malware-free, SiteLock CDN to optimize performance, a dedicated IP, and the ability to manage multiple sites with the excellent ManageWP.

This isn’t cheap, with even the baseline Standard plan costing $19.99 (£14.30) a month for the initial term, rising to $39.99 (£28.60) afterwards. But you are getting a lot for your money, and if you’re more interested in power than price, Bluehost has even more available.

The top-of-the-range Ultimate plan, for instance, gives you four CPU cores, 8GB RAM, 240GB storage and a monster 4TB bandwidth. SiteLock Enterprise handles all your security and CDN needs, and there’s a wildcard SSL thrown in. Ultimate costs $49.99 (£35.70) a month initially, $129.99 (£93) after that, but that’s a fair price for this spec, and Bluehost offers a 30-day money-back guarantee if you feel the service doesn’t deliver.

2. Tsohost

Best for UK customers

TSOHost Personal


TSOHost Startup


TSOHost Business


Great value pricing
24/7 support on basic plan
Not much in the way of extras

Managed WordPress packages can often feel overpriced. Many hosts charge significant premiums for impressive sounding claims – optimized servers, malware scanning – that are difficult to evaluate or confirm.

The UK-based Tsohost isn’t interested in any of that, instead focusing on providing the core WordPress essentials at a very fair price.

The baseline Personal plan gives you a free domain name, will migrate your existing site, includes Let’s Encrypt SSL support and has no limits on bandwidth. You get daily backups and can restore any of the last 30 days with a click. There’s 24/7 support via ticket and email, and phone and live chat is available from 7am to midnight.

There are some limits. You only get five 200MB mailboxes, and the plan restricts you to 500MB storage and 25,000 page views a month. But it’s hard to complain about a plan which costs only ~$1.99(£1.49) a month paid annually, or ~$1.79(£1.34) if you pay for two years upfront.

If that’s just too underpowered, opting for the Startup plan gets you 15GB of storage, 100 mailboxes, and up to 100,000 page views over a maximum of three websites. That’s significantly more capable, yet still very reasonably priced at ~$5.1(£3.82) a month.

The  ~$11.71(£8.78) a month Business plan supports 50GB storage, 500,000 page views and a hundred 1GB mailboxes, and the eCommerce plan ~$31.99(£23.98) lifts the limits to 100GB, 1,000,000 page views and unlimited 10GB mailboxes.

Tsohost doesn’t offer all the frills and extras you’ll get with some products. There’s no talk of SiteLock malware protection, optimized WordPress add-ons or a custom CDN. But it’s hard to complain at this price, and Tsohost is still delivering a capable service with more than enough power for smaller sites.

3. InMotion Hosting

Best host for choice of plans

InMotion WP-1000S


InMotion WP-2000S


InMotion WP-3000S


Low-end plans have key features
Reliable hosting provider
Not the cheapest host

Most web hosts offer only a few WordPress plans, and even these might be set up to point you in a particular direction. You’ll often see an underpowered plan, an overpriced one, and a special deal on the mid-range plan they really want you to buy. That makes it easy to decide, but it also limits your upgrade options if your site grows over time.

InMotion Hosting is unusual in offering six WordPress plans, covering everything from small personal blogs to resellers and big business. Figuring out which is the best product for you will take a little more thought, but at least there’s room to upgrade – or downgrade – if your circumstances change.

Better still, InMotion hasn’t artificially limited the low-end plans by removing key features. Even the baseline WP-1000S plan – which costs $6.99 (£5) a month initially, $8.99 ($6.40) on renewal – gives you 40GB storage, unlimited bandwidth and email addresses, preinstalled WordPress, SSL, backups, automatic updates, SiteLock security, cPanel site management, and extras like BoldGrid and WP-CLI. The only significant issue is InMotion’s suggestion that the plan works best for blogs with up to 20,000 monthly visits, and even that won’t be a problem for many smaller sites.

Upgrading your plan gets you some extras – premium themes and plugin subscriptions, a dedicated IP address, support for hosting more sites – but it’s mostly about giving you more resources. For example, the top-of-the-range WP-6000S plan supports 1,200,000 monthly visitors across up to 20 sites for $114.99(£82) a month initially (1-year plan), $142.99 (£102) on renewal.

There are cheaper deals around, but in previous reviews we’ve found InMotion to be reliable, professional and honest, and any price premium is likely to be worth paying. You don’t have to take our word for it, though – an exceptional 90-day money-back guarantee gives you plenty of opportunity to find out for yourself.

4. 1&1

Best host for the novice

1&1 Managed WP Basic


1&1 Managed WP Plus


1&1 Managed WP Unlimited


Very tempting price for first year
SSL and free domain
24/7 support including phone

Web giant 1&1 seems to have a hosting product for every possible need, and WordPress is no exception. Novice users can try out its service for a nominal $1.40(£0.99)  a month over the first year ($7 or £4.99 afterwards), yet the plan still outperforms many competitors.

The bundled 50GB of storage means you won’t be running out of space in a hurry, for example. There are no bandwidth or visitor limits, and you can set up as many email accounts as you need.

1&1 offers the core WordPress management functions that you would expect: a setup wizard, preinstalled plugins, automatic updates and 24/7 support (including by telephone).

All this is built on a capable platform – NGINX, PHP 7.2, OPcache, up to 2GB RAM guaranteed – to enhance your blog’s performance.

There’s SSL included and even a free domain thrown in, which is ridiculously good value at this price.

If you’re a WordPress novice, it might be worth taking out the plan for an initial year, claiming your free domain and taking the time to learn how the blog works. When you time is up, renew if you’re happy, or if you’re not, use your knowledge and experience to find a better plan.

1&1 isn’t just about newbies, though: there’s value for more demanding users, too. In particular, the Unlimited plan has no limits on websites, storage space, the number of databases (1GB max), visitors, email or SFTP accounts. Bonus features include a CDN and SiteLock malware scanning, and the price looks good at $9.80(£6.99)  a month for the first year, $14(£9.99)  on renewal.

5. HostGator

Best all-rounder host

HostGator Starter Plan


HostGator Standard Plan


HostGator Business Plan


Free site migration
Automatic malware detection and removal
CDN benefits

Choosing the best WordPress hosting package can seem like a complicated business, with a stack of low-level details and issues to consider. But it doesn’t have to be that way. If you don’t have special requirements then opting for a reliable web hosting company will get you capable mid-range products that can handle everything most users need.

HostGator generally delivers powerful hosting plans for a fair price, and its managed WordPress range is no exception. Its Starter product may only cost $5.95 (£4.25) for three years, $9.95 (£7.10) afterwards, but you still get a free site migration, an SSL certificate, automatic malware detection and removal, unlimited email addresses and unmetered storage and bandwidth, and it can handle up to 100,000 visits a month.

Ramping up to the high-end Business plan gets you more CPU power, support for up to three sites and 500,000 visits a month, yet still costs only $9.95 (£7.10) a month initially  (first three years), $22.95 (£16.40) a month afterwards.

Smart caching and a CDN are on hand to enhance your website’s performance, 24/7 support helps keep your site up and running, and surprise bonus features include free domain privacy to protect from identity theft and reduce annoying spam.

We’ve had good experiences with HostGator’s service, but if you’re not so lucky, there’s a generous 45-day money-back guarantee. As with other hosting companies, this won’t cover any domain registration fees, but it’s still a better deal than you’ll often find elsewhere.

You might also want to check out our other hosting guides:





Source: Tech Radar

Continue Reading





Although digitisation offers a potential way back from the slowdown of productivity growth, its benefits will require a strengthening of aggregate demand, write Jacques Bughin, Hans-Helmut Kotz, and Jan Mischke in Vox.

Labour productivity growth remains near historic lows in the US and much of Western Europe. While growth in labour productivity has been slowing since the 1960s in many of these countries, the recent two-percentage point average drop, partly preceding and partly following the Global Crisis, is particularly troubling.

Many competing explanations have been put forward for this deterioration. They include the role of mismeasurement (Byrne et al. 2016, Syverson 2016, Hatzius et al. 2016), financial crisis-related effects (such as weak balance sheets, credit constraints, zombie firms, and capital misallocation), or weak aggregate demand and rising uncertainty (Adler et al. 2017, Borio et al. 2016, Gopinath et al. 2017, McGowan et al. 2017). Structural shifts also feature prominently as contributing factors, including the significantly reduced pace of technological innovation (Gordon 2016), the maturation of global supply chains (Adler et al. 2017), a shift to services (Turner 2017), changing industry structure and dynamics (Andrews et al. 2016, Decker et al. 2016, Haltiwanger 2012, Grullon et al. 2016), secular stagnation, and a structural savings glut (Summers 2016).

In a recent report that we co-authored, we try to pinpoint which explanations matter most in the productivity growth slowdown during the period after the financial crisis (Remes et al. 2018).

The productivity decline: Half weak demand, half maturing ICT boom from the 1990s

While many elements play a role, looking at the big picture, we find that about half of the recent drop in productivity growth is from weak demand, particularly in Europe (Remes et al. 2018). The other half, and a more significant factor in the US, was the waning of the productivity boom that began in the mid-1990s with the first information and communications technology (ICT) revolution, also supporting the subsequent phase of restructuring and offshoring (see Figure 1).

Figure 1 Contribution to the decline in productivity growth, 2010-2014 vs. 2000-2004

Despite unusually strong employment growth, capital expenditures remained lacklustre (see Figure 2). Given an environment of low demand as well as ample capacity, there was no reason to boost investment. In particular, expenditures for equipment and structures fell significantly (while, notably, it kept growing in intangibles). This is especially evident in Spain, the UK, and the US – the three countries with the biggest real estate boom prior to the crisis. For example, investment in structures – including by companies as well as household investment in residential real estate – fell 23% and 26% between 2007 and 2009 in the US and the UK, respectively, in real terms. While gross investment as a share of GPD has been slowly inching up during the recovery, mediocre demand perspectives mean that, from a firm perspective, there is no incentive to add to the stock of existing equipment. Capital intensity growth is still at the weakest rate since WWII. And longer term, a pronounced shift in investment to faster-lived (and ever less expensive) software and other intangibles has additionally contributed to a decline in net fixed capital formation rates. Net capital accumulation, as a share of GDP, fell by more than 4 percentage points (2010-14 average versus 1985-89) in most countries analysed. In that context, it did not help that, in particular, public sector investment in core infrastructures has been scaled back, too. In fact, in some countries we actually find long-lasting net public sector disinvestment, which will translate into increased maintenance costs down the road. From the perspective of firms, this means higher user costs of capital. France, Germany, Italy, Spain, Sweden, the UK, and the US all experienced a longer-term decline of between 0.5 and 1 percentage points in public investment between the 1980s and early 2000s, and it has been roughly flat (or even decreasing) since then.

Figure 2 Capital intensity growth

The lack of a robust demand perspective has been a key constraint on firms’ propensity to invest (see Figure 3). We have found from our global surveys of business that 47% of companies that are increasing their investment budgets are doing so because of an increase in expected demand. Concurrently, uncertainty plays a pronounced role in holding back investment, theoretically raising hurdle rates (the required return on equity). On the other hand, financial constraints – access to and costs of funds – apparently, at least amongst our sample of firms, do not feature highly.[1] Across our industry sectors, we find that weak sales in the wake of the financial crisis was a key factor holding back capital expenditures. At the same time, when demand started to recover protractedly, most industries had ample capacity and room to expand without needing to add to existing equipment and structures.

Figure 3 Gross fixed capital formation

In addition to holding back investment, weak demand has also dragged productivity growth down through economies of scale effects. In finance, for example, productivity-growth declined – particularly in Spain, the UK, and the US – due to contractions in lending volumes (banks’ output), which banks were unable to fully offset with staff cuts due to labour as a quasi-fixed input (for example, to support branch networks and IT infrastructure). In the same vein, the utilities sector, which has seen flattening demand due to substantial efforts at increasing energy efficiency as well as declining economic activity during the crisis, was similarly not able to downsize labour. The need to support electricity distribution and the grid infrastructure requires a minimum amount of labour input.

We find a third way that demand has hurt productivity growth: through the changing structure of consumption baskets. For example, consumer preferences boosted productivity growth in both the auto and retail sectors from the mid-1990s to the mid-2000s, through a shift to higher value-per-unit, more effective-to-produce goods. In the meantime, that trend has slowed. In the early 2000s, the German and US auto sectors experienced a trend of customers purchasing SUVs and premium vehicles (i.e. higher value-added products). This boosted productivity growth by 0.4–0.5 percentage points in the auto sector during that period. That trend has slowed in both countries, which might be welcome for environmental reasons. Similarly, in retail, we estimate that consumers shifting to higher-value goods (e.g. higher-value wines or other premium products) contributed 45% to the 1995–2000 retail productivity growth increase in the US. This subsequently waned, also dragging down productivity growth.

A positive baseline future (2% a year in the next 10 years) if leakages are contained

The reasons behind the recent decline in productivity growth suggest that they are not entirely structural – as the financial crisis after-effects continue to dissipate, we expect productivity growth to recover (quasi-mechanically) from current lows across sectors and countries. On top of this, the good news is that our sector analysis reveals significant potential to boost productivity growth from a continuation of more typical productivity opportunities (such as operational efficiency gains), though mostly from the diffusion of digital technologies – themselves relying on the first ICT boom. Overall, we estimate that the productivity-boosting opportunities could be about 2% per year over the next ten years in Europe and the US, with the main part (60%) coming from the diffusion of digital opportunities.

However, leakages may challenge the realisation of this ‘digitised demand’ potential. While we found that weak demand hurt productivity growth in the aftermath of the financial crisis, looking ahead, there is concern that some demand drags may be more structural – or secular – than purely crisis-related. Broad-based income growth has diverged from productivity growth for a long while now. A declining labour share of income and a rising trend in income inequality have been eroding median wage growth. Moreover, the rapidly rising costs of housing exert a dampening effect on consumer purchasing power. It appears increasingly difficult to make up for weak consumer spending (of largely liquidity-constrained households) via higher investment. Of course, that very investment is influenced, first and foremost, by aggregate demand. In addition, rising returns on investment discourage capital expenditures relative to dividends. Demographic trends may further diminish investment needs through an ageing population having less need for residential and infrastructure investment. These demand drags are occurring while interest rates –endogenously reflecting expected mediocre growth perspectives – are hovering near the zero lower bound. All of this holds back the pace at which capital per worker increases, impacts company incentives to innovate, and thus puts a structural damper on productivity growth. In a low-pressure economy, the virtuous circle does not get under way.

The potential from digitisation may not materialise fully, and may further amplify demand leakages. First, as we have learned from previous technology revolutions, it often takes time for technological diffusion to translate into productivity (Oulton 2002). Given the disruptive nature of digitisation (Bughin and van Zeebroeck 2017), the adjustment costs are possibly higher with digital technologies than previously thought, and might significantly weigh on total added value; for example, we find that cannibalisation of incumbent revenues by new digital players put material pressure on nominal demand.

Second, digitisation may exacerbate demand effects, especially if the diffusion of digital technologies concentrates less on innovation than on pure technical automation that would compress the labour share of income and increase income inequality, by hollowing out middle-class jobs and polarising the labour market into ‘superstars’ versus the rest. Unless displaced labour can find new, highly productive (and thus high-wage) occupations, workers may end up in low-income occupations that, in a self-reinforcing manner, create a further drag on demand, limiting average productivity growth.

Thus, whether or not the productivity option is taken advantage of will decisively depend on policies to promote sustained demand, and thereby investment growth, while unlocking the innovation benefits of digitisation. Steps to do so include:

  • Focusing public sector expenditures on infrastructure and education (Woetzel et al. 2016);
  • Allowing for a substantial purchasing power of low-income consumers (with the highest propensity to consume);
  • Unlocking private business and residential investment, including by lowering uncertainty and reforming land markets; and
  • Supporting worker training (i.e. permanent education) to ensure that periods of transition do not disrupt incomes.

The productivity option holds out the promise of a big payoff. It would return advanced economies to robust economic health and promote widespread prosperity for years to come.








Source:  Vox.

Continue Reading


139 Facts about Instagram One Should Be Aware of in 2017




Continue Reading


%d bloggers like this: