Monday, January 27, 2020


It’s too easy suck money out of… well, anyone with money.
Average Cost To Recover From Ransomware Skyrockets To Over $84,000
According to a new report from Coveware, a typical total now stands at $84,116. That’s a little over double the previous figure of $41,198.
It’s not just the result of cybercriminals demanding steeper ransoms, though that’s certainly one factor. Others include hardware replacement and repair costs, lost revenues, and, in some incidents, damage to the victim’s brand.
Generally speaking, these costs all increase sharply in relation to the sophistication and duration of the attack.
There’s a new risk associated with ransomware infection that could make recovery even more expensive. Cybercriminals are no longer content to encrypt their victims’ data and demand payment for its decryption.
Now they’re downloading copies of those files and threatening to release them publicly if the ransom isn’t paid. Coveware notes that “this new complication brings forth the potential costs of 3rd party claims as a result of the data breach.”


(Related)
8 cities that have been crippled by cyberattacks - and what they did to fight them
As more of our everyday lives move online, the risks of hackers compromising personal information and shutting down necessary resources are only increasing.
There were at least 104 ransomware attacks against administrative systems in schools and governments over the course of 2019, according to cybersecurity company Recorded Future.




A timely backgrounder.
NSA Shares Guidance on Mitigating Cloud Vulnerabilities
The U.S. National Security Agency (NSA) has published advice on mitigating cloud vulnerabilities. While the advice is primarily designed for government agencies and departments, it nevertheless contains good advice for any commercial organization considering or embarking on -- or already deployed in -- a cloud environment.
The document (PDF ) provides four basic sections: an overview of the basic components usually delivered by cloud service providers (CSPs); an explanation of the concept of shared responsibility; an analysis of the primary cloud threat actors; and an analysis and description of the main cloud vulnerabilities and their mitigations. The last section provides the bulk of the document.




A slide for my lectures?
Cartoon: The History of Privacy




Is “anti-AI bias” a thing?
If a novel was good, would you care if it was created by artificial intelligence?


(Related) We know they can generate short texts…
Deepfake Bot Submissions to Federal Public Comment Websites Cannot Be Distinguished from Human Submissions
Abstract: The federal comment period is an important way that federal agencies incorporate public input into policy decisions. Now that comments are accepted online, public comment periods are vulnerable to attacks at Internet scale. For example, in 2017, more than 21 million (96% of the 22 million) public comments submitted regarding the FCC’s proposal to repeal net neutrality were discernible as being generated using search-and-replace techniques [1]. Publicly available artificial intelligence methods can now generate “Deepfake Text,” computer-generated text that closely mimics original human speech. In this study, I tested whether federal comment processes are vulnerable to automated, unique deepfake submissions that may be indistinguishable from human submissions. I created an autonomous computer program (a bot) that successfully generated and submitted a high volume of human-like comments during October 26-30, 2019 to the federal public comment website for the Section 1115 Idaho Medicaid Reform Waiver.
Results summary: The bot generated and submitted 1,001 deepfake comments to the public comment website at Medicaid.gov over a period of four days. These comments comprised 55.3% (1,001 out of 1,810) of the total public comments submitted. Comments generated by the bot were often highly relevant to the Idaho Medicaid waiver application, including discussion of the proposed waiver’s consequences on coverage numbers, its impact on government costs, unnecessary administrative burdens, and relevant personal experience. Finally, in order to test whether humans can distinguish deepfake comments from other comments submitted, I conducted a survey of 108 respondents on Amazon’s Mechanical Turk. Survey respondents, who were trained and assessed through exercises in which they distinguished more obvious bot versus human comments, were only able to correctly classify the submitted deepfake comments half (49.63%) of the time, which is comparable to the expected result of random guesses or coin flips. This study demonstrates that federal public comment websites are highly vulnerable to massive submissions of deepfake comments from bots and suggests that technological remedies (e.g., CAPTCHAs) should be used to limit the potential of abuse…”




Perspective.
CMA lifts the lid on digital giants
The UK Competition and Markets Authority (CMA) interim report has found that:
    • Last year, Google accounted for more than 90% of all revenues earned from search advertising in the UK, with revenues of around £6 billion
    • In the same year, Facebook accounted for almost half of all display advertising revenues in the UK, reaching more than £2 billion
Big’ is not necessarily ‘bad’ and these platforms have brought very innovative and valuable products and services to the market. But the CMA is concerned that their position may have become entrenched with negative consequences for the people and businesses who use these services every day. A lack of real competition to Google and Facebook could mean people are already missing out on the next great new idea from a potential rival. [Rival to Google or Facebook? Bob] It could also be resulting in a lack of proper choice for consumers and higher prices for advertisers that can mean cost rises for goods and services such as flights, electronics and insurance bought online. The market position of Google and Facebook may potentially be undermining the ability of newspapers and other publishers to produce valuable content as their share of revenues is squeezed by large platforms…”




Perspective. I did not expect this!
In U.S. Library Visits Outpaced Trips to Movies in 2019
Gallup – “Visiting the library remains the most common cultural activity Americans engage in, by far. The average 10.5 trips to the library U.S. adults report taking in 2019 exceeds their participation in eight other common leisure activities. Americans attend live music or theatrical events and visit national or historic parks roughly four times a year on average and visit museums and gambling casinos 2.5 times annually. Trips to amusement or theme parks (1.5) and zoos (.9) are the least common activities among this list… Men and woman report doing most activities at about the same rate, but there are a few key differences:
    • Women report visiting the library nearly twice as frequently as men do, 13.4 to 7.5 visits.
    • Men are more likely than women to visit casinos, attend sporting events and visit national or historical parks…”




Protecting my students.
FBI warns of spoofed websites and hiring scams that target your wallet
Here comes the nasty part. After you get the job, the cybercriminals send you an email with the employment contract, along with a couple of requests. “In order to appear legitimate, the criminals send victims an employment contract to physically sign, and also request a copy of the victims’ driver’s licenses, Social Security numbers, direct deposit information, and credit card information,” reads the FBI’s announcement.
The announcement also warns that, “Criminals may also tell victims they need to pay upfront for background checks or screenings, job training, start-up equipment, or supplies. In many cases, victims are told they will be reimbursed in their first paycheck. Once they get money, criminals stop communicating with their victims.”



No comments: