Saturday, September 21, 2019


Social engineering works best on employees who have never heard the term.
Toyota Subsidiary Loses $37 Million Due to BEC Scam
… By now, BEC attacks are common all over the world, and are used primarily to target finance and accounting departments. In this case, the BEC scam was simple: a third-party hacker posing as a business partner of the Toyota subsidiary sent emails to members of the finance and accounting department, requesting that funds be sent for payment into a specific bank account controlled by the hacker.
… According to Colin Bastable, CEO of Lucy Security, Toyota should have been on the lookout for just such a scam: “This is the third acknowledged attack on Toyota this year – Australia in February, Japan in March and now the Zavantem, Belgium European HQ of Toyota Boshoku. Once is happenstance, twice is co-incidence but three attacks looks like enemy action.” In fact, says Bastable, “It’s reasonable to assume that Toyota’s global infrastructure has been compromised to some extent.




Cheaper than recovery from zero, but insurance is clearly a positive indicator for hackers.
Stratford cyberattack costs $75K in bitcoin
The city of Stratford agreed to pay an attacker more than $75,000 worth of Bitcoin in exchange for decryption keys to unlock its information systems following an April cyber attack.
… The city said it has submitted a cyber insurance claim, which should foot most of the bill. The city's deductible is $15,000.
The cyber attack happened on April 14, after an attacker installed malware on six physical servers and two virtual ones. The city didn't return to normal business operations until April 29.
… The city said it has since beefed up its security measures to prevent another attack from happening. [A very common reaction. Bob]




Good rules are enforceable. Not so good rules are wishes.
5 simple rules to make AI a force for good
1. CREATE AN FDA FOR ALGORITHMS
2. OPEN UP THE BLACK BOX OF AI FOR ALL TO SEE
3. VALUE HUMAN WISDOM OVER AI WIZARDRY
4. MAKE PRIVACY THE DEFAULT
5. COMPETE BY PROMOTING, NOT INFRINGING, CIVIL RIGHTS




Perspective. What can we copy?
How the Air Force has reorganized its cyber staff
The service announced Sept. 18 a new information warfare focused organization called 16th Air Force that combines cyber, intelligence, surveillance and reconnaissance, electronic warfare and information operations.
The Air Force also recently rebranded its main communications arm essentially separating traditional IT functions from cyber warfare under the deputy chief of staff for ISR.
While the service had previously previewed the document prior to its official publication, Jamieson provided additional details of the plan. The document itself is classified, but the Air Force passed out an unclassified version that fit on a single tri-fold pamphlet.
The strategy lays out seven areas the service wants to pursue, including:
  • Human capital, meaning the Air Force has to be able to recruit, retain and develop talent in the cyber domain
  • Offensive cyber operations
  • Defensive cyber operations
  • War fighter communications, which includes building a global and resilient command and control grid
  • Emerging technology
  • ISR for and from cyber operations
  • Partnerships




Nothing new beyond journalist taking note.
Silicon Valley is terrified of California’s privacy law. Good.
In a little over three months, California will see the widest-sweeping state-wide changes to its privacy law in years. California’s Consumer Privacy Act (CCPA) kicks in on January 1 and rolls out sweeping new privacy benefits to the state’s 40 million residents — and every tech company in Silicon Valley.
California’s law is similar to Europe’s GDPR. It grants state consumers a right to know what information companies have on them, a right to have that information deleted and the right to opt-out of the sale of that information.



No comments: