It’s too easy suck money out of… well, anyone with money.
Average
Cost To Recover From Ransomware Skyrockets To Over $84,000
According
to a new
report from Coveware,
a typical total now stands at $84,116. That’s a little over double
the previous figure of $41,198.
It’s
not just the result of cybercriminals demanding steeper ransoms,
though that’s certainly one factor. Others include hardware
replacement and repair costs, lost revenues, and, in some incidents,
damage to the victim’s brand.
Generally
speaking, these costs all increase sharply in relation to the
sophistication and duration of the attack.
There’s
a new risk associated with ransomware infection that could make
recovery even more expensive. Cybercriminals are no longer content
to encrypt their victims’ data and demand payment for its
decryption.
Now
they’re downloading copies of those files and threatening
to release them
publicly if the ransom isn’t paid. Coveware notes that “this new
complication brings forth the potential costs of 3rd party claims as
a result of the data breach.”
(Related)
8
cities that have been crippled by cyberattacks - and what they did to
fight them
As
more of our everyday lives move online, the risks of hackers
compromising personal information and shutting down necessary
resources are only increasing.
There were at least 104 ransomware attacks against
administrative systems in schools and governments over the course of
2019, according to cybersecurity company Recorded
Future.
A
timely backgrounder.
NSA
Shares Guidance on Mitigating Cloud Vulnerabilities
The
U.S. National Security Agency (NSA) has published advice on
mitigating cloud vulnerabilities. While the advice is primarily
designed for government agencies and departments, it nevertheless
contains good advice for any commercial organization considering or
embarking on -- or already deployed in -- a cloud environment.
The
document (PDF
)
provides four basic sections: an overview of the basic components
usually delivered by cloud service providers (CSPs); an explanation
of the concept of shared responsibility; an analysis of the primary
cloud threat actors; and an analysis and description of the main
cloud vulnerabilities and their mitigations. The last section
provides the bulk of the document.
A
slide for my lectures?
Cartoon:
The History of Privacy
Is “anti-AI bias” a thing?
If a novel
was good, would you care if it was created by artificial
intelligence?
(Related) We know they can generate short texts…
Deepfake
Bot Submissions to Federal Public Comment Websites Cannot Be
Distinguished from Human Submissions
“Abstract:
The federal comment period is an important way that federal agencies
incorporate public input into policy decisions. Now that comments
are accepted online, public comment periods are vulnerable to attacks
at Internet scale. For example, in 2017, more than 21 million (96%
of the 22 million) public comments submitted regarding the FCC’s
proposal to repeal net neutrality were discernible as being generated
using search-and-replace techniques [1]. Publicly available
artificial intelligence methods can now generate “Deepfake Text,”
computer-generated text that closely mimics original human speech.
In this study, I tested whether federal comment processes are
vulnerable to automated, unique deepfake submissions that may be
indistinguishable from human submissions. I created an autonomous
computer program (a bot) that successfully generated and submitted a
high volume of human-like comments during October 26-30, 2019 to the
federal public comment website for the Section 1115 Idaho Medicaid
Reform Waiver.
Results
summary:
The bot generated and submitted 1,001 deepfake comments to the public
comment website at Medicaid.gov over a period of four days. These
comments comprised 55.3% (1,001 out of 1,810) of the total public
comments submitted.
Comments generated by the bot were often highly relevant to the
Idaho Medicaid waiver application, including discussion of the
proposed waiver’s consequences on coverage numbers, its impact on
government costs, unnecessary administrative burdens, and relevant
personal experience. Finally, in order to test whether humans can
distinguish deepfake comments from other comments submitted, I
conducted a survey of 108 respondents on Amazon’s Mechanical Turk.
Survey respondents, who were trained and assessed through exercises
in which they distinguished more obvious bot versus human comments,
were only able to correctly classify the submitted deepfake comments
half (49.63%) of the time, which is comparable to the expected result
of random guesses or coin flips. This study demonstrates that
federal public comment websites are highly vulnerable to massive
submissions of deepfake comments from bots and suggests that
technological remedies (e.g., CAPTCHAs) should be used to limit the
potential of abuse…”
Perspective.
CMA
lifts the lid on digital giants
- Last year, Google accounted for more than 90% of all revenues earned from search advertising in the UK, with revenues of around £6 billion
- In the same year, Facebook accounted for almost half of all display advertising revenues in the UK, reaching more than £2 billion
‘Big’
is not necessarily ‘bad’ and these platforms have brought very
innovative and valuable products and services to the market. But the
CMA is concerned that their position may have become entrenched with
negative consequences for the people and businesses who use these
services every day. A
lack of real competition to Google and Facebook could mean people are
already missing out on the next great new idea from a potential
rival.
[Rival
to Google or Facebook? Bob]
It could also be resulting in a lack of proper choice for consumers
and higher prices for advertisers that can mean cost rises for goods
and services such as flights, electronics and insurance bought
online. The market position of Google and Facebook may potentially
be undermining the ability of newspapers and other publishers to
produce valuable content as their share of revenues is squeezed by
large platforms…”
Perspective.
I did not expect this!
In
U.S. Library Visits Outpaced Trips to Movies in 2019
Gallup
–
“Visiting
the library remains the most common cultural activity Americans
engage in, by far.
The average 10.5 trips to the library U.S. adults report taking in
2019 exceeds their participation in eight other common leisure
activities. Americans attend live music or theatrical events and
visit national or historic parks roughly four times a year on average
and visit museums and gambling casinos 2.5 times annually. Trips to
amusement or theme parks (1.5) and zoos (.9) are the least common
activities among this list… Men and woman report doing most
activities at about the same rate, but there are a few key
differences:
- Women report visiting the library nearly twice as frequently as men do, 13.4 to 7.5 visits.
- Men are more likely than women to visit casinos, attend sporting events and visit national or historical parks…”
Protecting my students.
FBI warns
of spoofed websites and hiring scams that target your wallet
… Here
comes the nasty part. After you get the job, the cybercriminals send
you an email with the employment contract, along with a couple of
requests. “In order to appear legitimate, the criminals send
victims an employment contract to physically sign, and also request a
copy of the victims’ driver’s licenses, Social Security numbers,
direct deposit information, and credit card information,” reads the
FBI’s announcement.
The
announcement also warns that, “Criminals may also tell victims they
need to pay upfront for background checks or screenings, job
training, start-up equipment, or supplies. In many cases, victims
are told they will be reimbursed in their first paycheck. Once they
get money, criminals stop communicating with their victims.”
No comments:
Post a Comment