Preparing
my Computer Security students for their future…
Business-Critical
Systems Increasingly Hit by Ransomware: Verizon 2018 DBIR
Ransomware
has become the most prevalent type of malware and it has increasingly
targeted business-critical systems, according to Verizon’s 2018
Data Breach Investigations Report (DBIR).
The
11th edition of the DBIR is based on data provided to Verizon by 67
organizations, and it covers more than 53,000 incidents and over
2,200 breaches across 65 countries.
According
to Verizon, ransomware was found in 39% of cases involving malware.
Experts believe ransomware has become so prevalent due to the fact
that it’s easy to deploy
— even for less skilled cybercriminals — and the risks and costs
associated with conducting an operation are relatively small for the
attacker.
Cybercriminals
have increasingly started using ransomware to target mission-critical
systems, such as file servers and databases, which causes more damage
to the targeted organization compared to only desktop systems getting
compromised.
(Related)
Critical
Infrastructure Threat Is Much Worse Than We Thought
Adversaries
Most Likely Want to Acquire a “Red Button” Capability That Can be
Used to Shut Down the Power Grid
Last
October the United States Computer Emergency Readiness Team (US-CERT)
published
a technical alert on advanced persistent threat (APT) activity
targeting energy and other critical infrastructure sectors.
Recently, it was updated
with new information uncovered since the original report, and
there are some interesting revelations this time around.
… The
boldest revelation is the decisive manner in which the unspecified
“threat actors” are explicitly identified. There is no
equivocation; what was once believed to be an amorphous “threat
actor” has now been identified as the “Russian Government”.
A
question for my students: Is the nominal increase in ‘ease of use’
worth the potential cost of reduced security?
You won't
have to sign for credit card purchases much longer
For all of the
progress
the US has made in payment technology, it still clings to the
past when it comes to credit card payments. You
still have
to sign for many in-person purchases, which is downright backwards in
an era of chip-based cards and digital tokens. And the financial
industry is finally ready to kiss them goodbye. As of later in
April, four of the biggest credit card networks (AmEx, Discover,
Mastercard
and
Visa) will
no
longer require signatures for these credit card transactions.
It's up to retailers to decide whether or not to ditch handwritten
approvals. As the
New York Times noted, though, it's
doubtful many retailers will keep up the tradition.
Should the watch have called an ambulance? ...the
cops? Sounded an alarm? Tip for evil doers: Always take the watch!
Smart watch
data helps Australian police close murder case
Australian police determined time of death in a
murder case and other relevant information by carefully analyzing
data
collected
by the victim’s Apple smartwatch.
Lets me discuss ‘standing’ and the future of
self-driving cars?
Philip Yannella of Ballard Spahr writes:
Plaintiff lawyers’ continued search for
damage theories to assert in claims arising from a data breach – or
fear of a breach – received a potential setback this week when
Chief Judge Michael Reagan of the United States District Court for
the Southern District of Illinois permitted Fiat Chrysler and Harmon
International to seek an interlocutory appeal of the court’s
earlier ruling in Flynn
v. Fiat Chrysler US that class plaintiffs had standing to
bring their “car hacking” claims in federal court. The ruling
comes just one month before the scheduled start of trial. Fiat
Chrysler and Harmon moved for an appeal after the Ninth Circuit ruled
in a similar case, Cahen
v. Toyota Motor Corp, that plaintiffs did not have standing
to pursue diminution in value damages against Toyota based
on a fear that the vehicles were susceptible to hacking.
More Analytics than Architecture.
Model-Based
Structure: Key to Success in a Data-Driven World
… Modeling involves predictive and
prescriptive analytics, also known as "advanced analytics,"
said Doug Henschen, principal analyst at
Constellation
Research.
"You're creating models to predict out into
the future what's likely to happen," he told the E-Commerce
Times, "and with business context, how you might react to that
prediction to get to a better outcome."
Companies have been adding third-party data such
as demographic, psychographic, weather and industry data, to account
for outside influences and get to more accurate models, Henschen
said.
They've begun using machine learning and deep
learning approaches that create models based on the data itself as
data stockpiles have grown.
Consider it a playground for geeks.
IBM lures
developers with AI and machine learning projects
IBM recently launched a series of projects for
developers to access open source code and services to build AI and
machine learning applications. The vendor wants to democratize these
technologies, so they can be easily accessed and consumed by
developers in open source communities and within the enterprises,
said Angel Diaz, IBM's vice president of developer advocacy and
technology, who oversees the vendor's developer outreach.
IBM has expanded the focus of its
Center
for Open-Source Data and AI Technologies in San Francisco –
formerly the Spark Technology Center – to cover the enterprise AI
lifecycle, which examines the gamut of AI and machine learning
technologies with an initial focus on deep learning, Diaz said at the
IBM
Think 2018 conference last month.
… MAX is an open source ecosystem for data
scientists and AI developers to share and consume models that use
machine
learning engines, such as
TensorFlow,
PyTorch
and
Caffe2,
Diaz said. It also provides a standard approach to classify,
annotate, and deploy these models for prediction and inferencing.
Developers can customize the models in IBM's new Watson Studio AI
application development platform. Additionally, developers can train
and deploy MAX models for production workloads that use Watson
Studio, such as internet-of-things applications, said Guido Jouret,
chief digital officer at
ABB.
(Related)
Turning
Social Media From a Problem Into a Solution
… Darwin Ecosystem is one of a new class of
companies that is artificial intelligence-centric. In this case, it
uses the IBM Watson platform to analyze handwriting to determine
personality types and changes in personality.
One of the interesting things it did during the
last election was to
analyze
the candidates. It even created a
dynamic
graph so you could look at each key personality trait
individually.
One of the interesting findings was that, over
time, the personality differences between Clinton and Trump seemed to
converge, while Sanders remained largely the same.
Perspective. Good bots vs. bad bots?
Bots in the
Twittersphere
An estimated
two-thirds of tweeted links to popular websites are posted by
automated accounts – not human beings
Perspective. Does this ensure that no one will
ever catch them?
Amazon
spent nearly $23 billion on R&D last year — more than any other
U.S. company
Just in case this doesn’t make the news today.
Congress
releases Mark Zuckerberg's prepared testimony ahead of Wednesday's
hearing
(Related) Look! We’re already doing something!
(Since it isn’t costing us anything.)
Facebook
Launches New Initiative to Help Scholars Assess Social Media’s
Impact on Elections
Today, Facebook is announcing a new initiative to
help provide independent, credible research about the role of social
media in elections, as well as democracy more generally. It
will be funded by the Laura and John Arnold Foundation,
Democracy Fund, the William and Flora Hewlett Foundation, the John S.
and James L. Knight Foundation, the Charles Koch Foundation, the
Omidyar Network, and the Alfred P. Sloan Foundation.
At the heart of this initiative will be a group of
scholars who will:
For my know-it-all students.
Something for my website builders?
JuxtaposeJS
- Create Side-by-Side Comparison Frames
JuxtaposeJS
is a free tool for making and hosting side-by-side comparisons of
images. The tool was designed to help people see before and after
views of a location, a building, a person, or anything else that
changes appearance over time. JuxtaposeJS will let you put the
images into a slider frame that you can embed into a webpage where
viewers can use the slider to reveal more or less of one of the
images.
JuxtaposeJS
is relatively easy to use. You don't need to register on the site in
order to use the tool. Go to the site and click "Make a
Juxtapose." That link will direct you to fill in the template
with links to the two images that you want to compare (the images
must be hosted online and publicly viewable). After adding your
images you can add labels and credits where necessary. Click the
publish button to get the embed code for your JuxtaposeJS interactive
frame.
[I saw
this story and knew I had to track down this technique: