Wednesday, March 27, 2019

The current threat environment.
Steve Ranger reports:
The volumes of malware in general and ransomware in particular have increased again for the third year running, and as well as pumping out more attacks, cyber crooks are also altering their techniques.
Global malware volume is up for the third straight year, with security company SonicWall recording 10.52 billion malware attacks in 2018 via a network of one million sensors the company has deployed in its customers networks.
[…]
The company said that hackers are shifting their approach, switching from scripts and executables to hiding malware in PDFs and Office files: SonicWall found new malware variants hidden in 47,073 PDFs and 50,817 Office files in 2018. It also said it found that 19.2 percent of all malware attacks came across non-standard ports in 2018, an 8.7 percent year-over-year increase, which are thus harder to identify and block. While the levels of ransomware hitting the US increased significantly, some countries saw a decline in attacks – the UK and India saw 59 and 49 percent reductions in ransomware volume, respectively.
Read more on ZDNet.




Keeping track…
Norsk Hydro May Have Lost $40M in First Week After Cyberattack
In an update shared on Tuesday, the company said it’s too soon to provide precise information on the financial impact resulting from the cyberattack, but a rough estimate puts losses at between 300-350 million Norwegian crowns ($35 - $41 million). A majority of that amount represents losses in the Extruded Solutions area, which has been hit the hardest.
Hydro has a solid cyber risk insurance policy with recognized insurers, with global insurer AIG as lead,” the company stated. [Will they pay? Bob]
On Tuesday, Hydro reported a production rate of 70-80% in Extruded Solutions, including Extrusion Europe, Extrusion North America and Precision Tubing. However, the Building Systems unit is almost completely shut down. On Friday, the Extruded Solutions unit had been running at roughly 50% of normal capacity.




Should we run and hide? What would China want?
Google’s AI Work in China Spurs CEO Sitdown With Pentagon Brass
When Google’s boss sits down with a top U.S. military official on Wednesday, the conversation will likely center on Google’s presence in China – particularly a lab that may be more trouble for the company than it’s worth.
Sundar Pichai, chief executive officer of Alphabet Inc.’s Google, will meet in Washington D.C. with General Joseph Dunford, chairman of the Joint Chiefs of Staff, according to a person familiar with the situation. The internet giant extended the invitation after criticism from Dunford about Google’s artificial intelligence work in China, which he said "indirectly benefits the Chinese military."
Dunford cited an AI lab that Google opened in Beijing in late 2017. Less than two years later, the small office is causing a massive headache for Google, sitting at the locus of a collision between the company’s global ambitions and the U.S. military’s mounting unease over China’s technical might.




Should be fun to implement. (Includes a version in Colorado)
Mitch Herckis reports:
A broad coalition of 14 organizations representing state contractors and issue advocacy groups released an open letter Monday opposing legislation that has cropped up in over 30 state legislatures that, if passed, would require government contractors to purchase and install monitoring software.
While varying somewhat from state-to-state, the bills typically require the software to take very specific actions, such as screenshots of all “state-funded activity at least once every three (3) minutes” and logging of “keystroke and mouse event frequency.” The legislation also demands contractors store that data for years to come.
Read more on NextGov.
[From the article:
The legislation is being pushed by TransparentBusiness, which describes itself on its website as a New York-based software company. The company says its software is “designed to help our clients increase freelancer productivity, protect client budgets from overbilling, allow coordination and monitoring of their workforce, and provide real-time information on the cost and status of all tasks and projects.”
On its website, the company has described its hiring of lobbyists to push the contractor monitoring bills, as well as offering “model legislation” that can be adopted.




Ethics: ready or not.
Chris Burt writes:
The Biometrics Institute has launched a set of Ethical Principles for Biometrics at its annual U.S. conference in Washington, D.C. to address the gaps left by lagging legislation and regulation.
Chief Executive Isabelle Moeller asked an audience of 70 stakeholders from the biometrics community “Just because we can, should we?”
[…]
The group identified seven principles to enable anyone working in the biometrics industry to demonstrate a commitment to addressing the ethical issues raised by new technology, and biometrics in particular. The seven principles are:
ethical behavior, meaning to avoid actions which harm people and the environment beyond legal requirements;
ownership of the biometric and respect for individuals’ personal data, including recognition of partial ownership of biometric data by individuals;
serving humans, which entails accounting for public good, community safety and net benefit to individuals;
justice and accountability, which means accepting principles of openness, independent oversight, accountability, and the right of appeal and appropriate redress;
promoting privacy-enhancing technology;
recognizing dignity of individuals and families; and
equality, which entails preventing discrimination or systemic bias.

Read more on Biometric Update.




Podcast. The illogic of politics?
Why Breaking Up Big Tech Could Do More Harm Than Good
… “The single biggest fundamental problem with the Warren proposals is that they do not sort out who is being harmed and who is benefiting.”


No comments: