Millions of devices are still connected to the PlugX malware, despite its creators abandoning it months ago, experts have warned.
Cybersecurity analysts Sekoia managed to obtain the IP address associated with the malware’s command & control (C2) server, and observed connection requests over a six-month period.
During the course of the analysis, infected endpoints attempted 90,000 connection requests every day, amounting to 2.5 million connections in total. The devices were located in 170 countries, it was said. However, just 15 of them made up more than 80% of total infections, with Nigeria, India, China, Iran, Indonesia, the UK, Iraq, and the United States making up the top eight.
Still at risk
While at first it might sound like there are many infected endpoints around the world, the researchers did stress that the numbers might not be entirely precise. The malware’s C2 does not have unique identifiers, which messes with the results, as many compromised workstations can exit through the same IP address.
Furthermore, if any of the devices use a dynamic IP system, a single device can be perceived as multiple ones. Finally, many connections could be coming in through VPN services, making country-related statistics moot.
PlugX was first observed in 2008 in cyber-espionage campaigns mounted by Chinese state-sponsored threat actors, the researchers said. The targets were mostly organizations in government, defense, and technology sectors, located in Asia. The malware was capable of command execution, file download and upload, keylogging, and accessing system information. Over the years, it grew additional features, such as the ability to autonomously spread via USB drives, which makes containment today almost impossible. The list of targets also expanded towards the West.
However, after the source code leaked in 2015, PlugX became more of a “common” malware, with many different groups, both state-sponsored and financially-motivated, using it, which is probably why the original developers abandoned it.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
We’re approaching that time of the year that everyone dreads – the switch to Daylight Savings Time and the loss of a precious hour in bed that comes with it – and naturally people are asking whether it’s time to ditch daylight savings.
As my learned colleague explains in the article linked above, there’s a whole stack of evidence to suggest that changing the clocks back and forth every year is a truly terrible idea, and the people seem to agree with the experts, with most in favor of sticking to a year-round standard time.
Sounds like a done deal, right? Sadly I’m here to tell you why it’s not going to happen. At least, not any time soon.
Permanent DST in the USA
Here’s the thing: the USA has already tried shifting to permanent DST, and it didn’t work out so well. Back in January 1974, President Richard Nixon enacted year-round DST as a two-year energy-saving experiment in response to the 1973 oil crisis. It was a popular move at first, with 79 per cent of Americans supporting it when surveyed in December 1973.
It didn’t take very long for the public mood to change, however; by February 1974 only 42 per cent were still in favor of the switch. The main reason? The increased danger of traffic accidents involving children going to school on dark winter mornings. The two-year experiment only lasted until October 1974, when the clocks went back as usual.
British Standard Time
The same concerns brought about the end of a similar experiment in the UK a few years earlier. Between 1968 and 1971 the British government introduced British Standard Time, time-shifting the whole country to DST all year round. The move resulted in an increase in road casualties in the morning, but it also transpired that there was a much greater decrease in evening road casualties. This decrease was skewed, however, by the introduction of new laws on drink-driving around the same time.
Ultimately it was the small increase in children getting injured on their way to school that led to the end of this experiment. However, the switch to darker winter mornings also made life harder for farmers and other workers who relied more on daylight to do their jobs effectively.
(Image credit: Getty Images)
Despite this, even in mid-winter half of the population was in favor of remaining on BST; that said, in Scotland 61 per cent wanted to go back to GMT. And this raises an important point: how hard you’re hit by permanent DST depends on just how far north (or south) you are.
For people in the north of Scotland during the British Standard Time experiment, in the middle of winter the sun wasn’t rising until 10am, which is a horribly late start to the day. Where I live in the West of England, the sunrise would have been 9.15am, and I don’t think having an extra hour of daylight while at work would have been much of a compensation.
And I have to say, in the US you have it pretty easy by comparison (except perhaps in Alaska. Sorry, Alaska), because you’re a lot further south. Even then, you’d still be looking at kids having to walk to school on dark winter mornings in most states (even Florida), and even if the overall result was fewer road accidents in total, an uptick in accidents involving children because of a switch to permanent DST would be a hard pill to swallow.
Keep changing the clocks
Obviously I’m talking about switches to DST here, while many are arguing instead for a move to standard time year-round. That has its own drawbacks, though: the sun setting earlier, meaning winter evenings are as dark and long as ever, and rising earlier in the mornings, which would mean a much greater need for blackout curtains in the summer months.
An eventual switch to permanent DST or standard time isn’t an impossibility – more of the world has abandoned it than currently uses it, and there’s a whole swathe of equatorial countries that have never had the need for DST – but the potential risks involved in switching mean that despite the clear benefits, there’s not much appetite for actually doing it.
(Image credit: Getty/pcess609)
Numerous states have voted in favor of permanent DST, but switching hinges on Congress changing federal law to allow them to do this. However while the Sunshine Protection Act for permanent DST passed the Senate in 2022, it failed in the House; it was reintroduced in 2023 but hasn’t made any progress. And it doesn’t help that while there’s a definite mood for a single year-round time, there’s disagreement over whether that time should be daylight savings or standard time, which is proving to be a major hurdle for the Sunshine Protection Act. Ultimately it’s a lot easier to muddle along with what we have, than to effect a change that’ll be unpopular with some.
