Tag Archives: cyber-attacks

28 October 2023
1 Comment
AI, Security

AI’s Dark Role in Cybersecurity

Reading Time: 4 minutes

Artificial intelligence, often hailed as the technological marvel of our age, has indisputably revolutionised the world as we know it. Its applications span across industries, from healthcare to finance, augmenting human capabilities and unleashing unprecedented potential. However, much like the legendary double-edged sword, AI possesses a dual nature. On one side, it brings numerous benefits, but on the other, it has the capacity to be wielded for despicable purposes. In this post, we will delve into the shadowy realm where AI’s immense power is harnessed, not for progress, but for peril.

AI-Based Threats

Artificial intelligence possesses a dark side in the realm of cybersecurity. AI-based threats leverage this technology to orchestrate malicious activities. These threats include AI-driven malware capable of adapting and evading detection such us AI-generated phishing attacks that deceive even the vigilant, and deepfake content used for social confusion, all representing the perilous side of AI’s capabilities. We should look into this topic to gain awareness of the potential threats and prepare for them.

Phishing Attacks

Phasing attacks are the most popular form of cyber attacks. It is estimated that more than 3.4 billion emails are sent every day, but with use of AI they can be taken on a new dimension. AI-driven phishing attacks involve the use of advanced algorithms to create highly convincing and personalised (language, writing style, culture, etc.) deceptive content. These sophisticated campaigns are designed to trick individuals into divulging sensitive information or taking harmful actions, making them even more challenging to detect and defend against.

Sabotaging AI

Numerous companies have either adopted AI into their operations or are in the process of doing so. It’s increasingly likely that AI will become a standard component for the majority, if not all, of companies in the near future. But this also makes AI a new target of interest for hackers, as they seek to manipulate data or inject false information that can compromise the integrity of AI-driven operations. By infiltrating AI systems, attackers could potentially exploit vulnerabilities to feed incorrect or malicious data, leading to skewed decision-making, financial losses, and reputational damage for companies relying on these technologies. As AI continues to advance, the importance of safeguarding against such manipulations becomes paramount in ensuring the reliability of AI-powered solutions.

AI Chats Recommendations

Another potential security risk involves AI-generated recommendations. When users ask AI-powered chatbots for webpage suggestions or package to solve a specific coding problem, they should exercise caution, as the responses provided by AI can frequently be outdated or don’t even exist anymore. Hackers take advantage of this by creating links or packages under links generated by AI. Once users search for specific answer they click on these fake links or install the deceptive packages, unknowingly exposing their systems to a variety of threats, including malware, spyware, or ransomware. This tactic capitalises on the trust users place in chatbots, making it essential for individuals and organisations to exercise caution and verify the authenticity of any recommendations received through these AI-driven interfaces to avoid falling victim to cyberattacks.

AI-Generated Fake Content

AI-Generated Fake Content represents a growing threat in the realm of disinformation and cyber manipulation. Hackers with malicious intent can exploit AI to create highly convincing videos and other multimedia content featuring well-known figures, such as CEOs or public figures. By harnessing the vast amounts of publicly available data, including speeches, interviews, and images, hackers can craft convincing, but entirely fabricated, messages or appearances. These fraudulent materials can be used for a variety of nefarious purposes, such as market manipulation or spreading disinformation. For instance, a hacker may create a video in which a CEO appears to announce a groundbreaking product or event, causing a surge in stock prices before the fraud is exposed. Similarly, they can flood social media platforms with posts or comments promoting fake news about wars, politicians, or other sensitive topics. The speed and scale of AI-generated content can make it challenging for individuals and organizations to discern the authenticity of the information, leaving them vulnerable to potential financial losses or reputational damage.

Conclusion

In the age of AI, we are witnessing the remarkable transformation of industries and the vast potential of artificial intelligence. However, we’ve also uncovered its darker side, where AI can be weaponised for malicious purposes. From AI-based cyber threats to the spread of fake content, the risks are real, and they can have profound consequences. To safeguard our digital landscape, it’s imperative that we prioritize data security and enact robust protective measures.

While we’ve discussed several ways hackers can misuse AI, it’s essential to remember that AI technology is ever-evolving, and we may encounter unforeseen challenges. We must prepare for the unknown, maintain vigilance, and advocate for strong government regulations to ensure the ethical and responsible use of AI. Striking a balance between innovation and security will be the key to harnessing the full potential of this transformative technology while mitigating the risks it may pose. In an age where AI’s reach continues to expand, we must always hope for the best but be prepared for the worst.

Sources:

  1. https://aag-it.com/the-latest-phishing-statistics/#:~:text=Yes%2C%20phishing%20is%20the%20most,emails%20are%20sent%20every%20day.
  2. https://www.reuters.com/technology/ai-being-used-hacking-misinfo-top-canadian-cyber-official-says-2023-07-20/
  3. https://www.infoworld.com/article/3699256/malicious-hackers-are-weaponizing-generative-ai.html
  4. https://vulcan.io/blog/ai-hallucinations-package-risk#h2_1
  5. https://www.csoonline.com/article/651125/emerging-cyber-threats-in-2023-from-ai-to-quantum-to-data-poisoning.html#:~:text=According%20to%20that%20report%2C%20hackers,and%20more%20specifically%20generative%20AI.
  6. https://ipvnetwork.com/ai-cyber-attacks-the-growing-threat-to-cybersecurity-and-countermeasures/

AI generator use:
Chat GPT- 3.5

Tagged ,
19 October 2023
2 Comments
Bez kategorii

Cybersecurity in the Age of Ransomware Attacks

Reading Time: 3 minutes
A man holding a smartphone with graphics displaying credit cards, password logins and more in red and blue lights
https://securityintelligence.com/articles/a-history-of-ransomware-and-the-cybersecurity-ecosystem/

AI technology is developing unstoppable. In nowadays it’s important to have a high cybersecurity which will provide company’s data protection from being stolen by others. Businesses are facing an ever-expanding threat that endanger their data, operation, and financial well-being – ransomware attacks. The number of ransomware attacks increased as well in frequency and sophistication. They are targeting all kinds of companies on different fields trying to still valuable data. To navigate this evolving menace, it is essential that companies are understanding the dynamics of ransomware and have knowledge about improving their cybersecurity. It’s crucial to implement comprehensive strategies to defend against it.

The Ransomware Epidemic

In recent years we can notice that ransomware attacks are happening often, becoming increasingly prevalent. Attackers are using sophisticated tactics to encrypt valuable company information and data, infiltrate systems.

https://www.dni.gov/files/NCSC/documents/supplychain/Ransomware_Threats_and_Impact_to_Industry.pdf

Protecting Your Business

Companies should implement strict safety features because of the ransomed attacks that are a common thing in nowadays. Therefore, below I want to present some key strategies to consider: 

  1. Regular backups: Do a regular and safe data backup at best on external drives. Later in case of a ransomware attack that clean, safe backup information can save your business from losing everything or paying huge money for getting data back.
  2. Multi-Layered Security: Invest in a comprehensive cybersecurity security, connecting firewalls, systems detecting attacks and control (IDC) to improve the company security. 
  3. Incident Response Plan: Make sure that you have a clear incident response strategy which in case of an attack will specify what to do immediately. It might be for example isolating compromised systems or providing law enforcement. Good idea is to contact cybersecurity professionals’ contact information.
  4. Employee Training: It is important that all faculties are educated about the danger of phishing emails and other ways that valuable data might be stolen from us. Not being aware might link to vulnerabilities.
  5. Vendor and Supply Chain Assessment: Ensure that the supply chain in your company is fully secured and the suppliers are up to date. If there is a gap somewhere it means that somewhere might be weak spots that could be potentially exploited for example in ransomware attacks. 
  6. Collaboration: Make sure you are up to date with the latest cyber and some trends. Find colleagues in different companies with whom you can collaborate and share information, so you can pass on important knowledge to each other to stay strong in your company’s cybersecurity through joint efforts.

Conclusion

Ransomware is a growing danger which every business should be aware of. It doesn’t matter how big the size or industry is because the attacks are the same for all of them. However, the greatest threat is human unawareness on this topic because the technology is developing constantly it is super hard to catch up with everything all the time. Artificial intelligence’s job is to try to find gaps in human ignorance causing making mistakes without awareness. We can’t fix it, so the only solution is to have in the company at least one high-improving cybersecurity. Usually, the cost of buying good prevention is still often significantly lower than in case we would have to recover data from a successful attack. Stay vigilant, stay secure, and protect your business from the ever-present ransomware threat.

Sources:

https://www.linkedin.com/pulse/ransomware-growing-threat-businesses-brown-bsc-hons-msc-cissp

https://fintechmagazine.com/articles/how-fintechs-can-combat-the-growing-ransomware-threat

https://www.hikvision.com/us-en/newsroom/blog/2023/07/Ransomware-The-Growing-Threat-and-4-Tips-to-Protect-Your-Business/

https://www.fbi.gov/how-we-can-help-you/safety-resources/scams-and-safety/common-scams-and-crimes/ransomware

https://www.dni.gov/files/NCSC/documents/supplychain/Ransomware_Threats_and_Impact_to_Industry.pdf

Chat GPT

Images:

https://securityintelligence.com/articles/a-history-of-ransomware-and-the-cybersecurity-ecosystem/

https://www.dni.gov/files/NCSC/documents/supplychain/Ransomware_Threats_and_Impact_to_Industry.pdf

Tagged ,
30 January 2023
4 Comments
Bez kategorii

Cyber-Attack on JD Sports: 10 Million Customers’ Information Potentially Compromised

Reading Time: 2 minutes

A fashion retailer, JD Sports, has recently announced that a cyber-attack has potentially compromised the personal and financial information of 10 million of its customers. The attack, which occurred between November 2018 and October 2020, targeted online orders made by customers of its JD, Size?, Millets, Blacks, Scotts and Millets Sport brands.

The company has taken the necessary steps to respond to the incident and is working with cybersecurity experts to investigate and review its security measures. JD Sports has also notified the Information Commissioner’s Office about the breach and is advising affected customers to be vigilant of potential scams. The information that may have been accessed by hackers includes names, billing and delivery addresses, phone numbers, order details, and the last four digits of payment cards.

JD Sports says it holds limited data and has no reason to believe that account passwords were accessed. However, the company is still advising its customers to be aware of potential fraud and phishing attacks and to report any suspicious or unusual communication purporting to be from JD Sports or any of its group brands.

The JD Sports Chief Financial Officer, Neil Greenhalgh, stated that “Protecting the data of our customers is an absolute priority for JD.” He added that the company is continuing with a full review of its cybersecurity in partnership with external specialists following this incident.

In today’s digital age, cyber-attacks are becoming more and more common, and companies must be proactive in protecting their customers’ information. JD Sports is taking the right steps in response to this attack and should be commended for its efforts in ensuring the security of its customers’ data.

In conclusion, it’s crucial for companies to have proper cybersecurity measures in place to protect their customers’ information. The JD Sports incident serves as a reminder to all companies to be diligent in their efforts to secure their systems and data. Customers should also take steps to protect their personal and financial information by being vigilant of potential scams and reporting any suspicious activity.

Source: https://www.theguardian.com/business/2023/jan/30/jd-sports-cyber-attack-customers-data-jd-size-millets-blacks

Tagged ,
21 March 2021
Leave a comment
Bez kategorii

Sodinokibi: The Crown Prince of Ransomware

Reading Time: 2 minutes

Sodinokibi, also known as REvil (short for Ransomware Evil) is a ransomware threat group gaining more and more notoriety. Similar to some other ransomware families, REvil is what is called a Ransomware-as-a-Service (RaaS). Ransomware-as-a-Service is where a group of people maintain the code and another group, known as affiliates, spread the ransomware. Such RaaS models allow affiliates to distribute REvil ransomware in various ways, such as phishing campaigns or by uploading tools and scripts allowing them to execute the ransomware in the internal network of a victim. 

Sodinokibi hacks organizations by infecting them with a file blocking virus, which encrypts files after infection and discards a ransom request message. In the message, Sodinokibi explains that the victim needs to pay a ransom in bitcoins or else the files will be leaked. 

The group recently made headlines when they targeted Acer, a Taiwanese electronics company. On March 19th 2021, Acer was the subject of a hacker attack. The attackers, who are the REvil group, demanded the biggest known ransom to date in the history of cyber-attacks – $50 million. The hackers gave Acer until the 28th of March to pay the ransom, or all the stolen data will be released to the public. As of March 20th, Acer did not acknowledge that they were the victim of a security breach. 

Acer data leak on REvil ransomware site
Acer data leak on REvil ransomware site

The malware first surfaced in 2019, when it was discovered that in Oracle’s WebLogic server a serious flaw was noticed – a remote code execution bug which was remotely exploitable without authentication. This was an unusual attack from the side of the hackers, as it directly utilized the vulnerability of the server – and as researchers suggests, such attacks are typically executed with the involvement of user interactions, e.g., the act of opening an attachment to an email message or clicking on a malicious link. 

Sodinokibi has subsequently targeted organizations such as celebrity law firm Grubman Shire Meiselas & Sacks, foreigner currency exchange giant Travelex, Brown Forman Corp. (the owner of the Ritz Hotel in London) and as of recently Acer. 

REvil ransomware funcionalities

REvil is gaining momentum and notoriety, which is evident in the way the hacking group decided to target the tech giant Acer. This cyber security breach is worth following, as the repercussions for Acer may be substantial. This unfortunate event for Acer should also serve as a reminder to all internet users that cyber security attacks keep getting more refined and complex, and that substantial security measures should always be kept in place. 

References

https://www.bleepingcomputer.com/news/security/computer-giant-acer-hit-by-50-million-ransomware-attack/

https://www.infradata.pl/en/resources/what-is-revil-ransomware/

https://threatpost.com/revil-claims-ransomware-attacks/164739/

https://www.theverge.com/2021/3/20/22341642/acer-ransomware-microsoft-exchange-revil-security

Tagged , , , ,
25 November 2018
4 Comments
Bez kategorii

The new, best way to deal with cyber-attacks?

Reading Time: 4 minutesDarktrace autonomous AI-system finds out about any digital threats, before they get severe.

Information leaks happen almost every day in the Internet. Meanwhile most of the engineers try to find a way to prevent hackers from getting into the digital systems, some of them noticed that it might be better to do it the other way around. In 2013 with that idea in mind, Darktrace has been created.

A group of former MI5 agents joined forces with Cambridge mathematicians with a mission in mind to develop a new tool to fight cyber-attacks. Interestingly enough, they decided to use AI to make that happen. As their philosophy states ‘Pit the machines against the machines to keep your data safe.‘.

So how does it really work and why is it effective? Frankly, it is quite simple. Darktrace connects their software with company’s system. From that moment, the AI starts monitoring all the activities that occur within the digital infrastructure. Furthermore, it is learning how does the company operate.

Well, you may now ask yourself a question why is it all for? With all of the data accumulated, Dartktrace’s software can now easily detect any instances of unusual activities or deviations. This is called unsupervised learning, a very rare type of machine learning, that doesn’t require any information from us humans, to know what to look for.  This really revolutionized the market, because before that we used supervised learning, which is quite the opposite. In that case we had to provide data to the AI in order to allow it to learn about the threats and problems that may occur. Although it works fine in most of the cases, it has its flaws too. The main problem is that it is useless when unknown threats appear. That’s where Darktrace has the advantage.

Darktrace software here just neutralized an anomalous, dangerous behaviour

For example, in 2017 the software was introduced to one of the Las Vegas casinos. Although the company states, that their AI usually is not really useful within first days of working due to its learning process taking at least a week, just after its start, it registered some unusual activities. It turned out, that their recently installed fish tank, which had electronic sensors connected to the servicing company, had transferred over 10GB of data to an external device, which did not belong to the company. After some digging they have found the hacker all the way in Finland.

As Dawn Song, a cybersecurity and machine-learning expert at the University of California, Berkeley stated “the whole system is as secure as its weakest link” and that is the great example of that.

An example of how Darktrace interface looks like.

What also accumulates to their superiority over the market is the accessibility. Their software is really easy to use and to see through. They also provide consultations, if anyone from the IT department encounters any problems with the software. Although co-chief executive Poppy Gustafsson said that they do not want to focus on that part of service “We don’t do consulting” she said “Our tech is not just about detecting cyber threat but also to autonomously respond.”.

Also interesting is the fact that the whole idea was inspired by human body. In one of the interviews, the co-CEO of the company, Nicole Eagan said “It’s very much like the human body’s own immune system,” and moreover  “As complex as it is, it has this innate sense of what’s self and not self. And when it finds something that doesn’t belong—that’s not self—it has an extremely precise and rapid response.”

This start-up has been performing incredibly ever since it was created. In March 2015 they were evaluated at 80M dollars. Only three years later in September 2018 they are valued at over 1,65 billion dollars. This rapid growth is was mainly accelerated by Mike Lynch and his Venture Fund, Invoke Capital. He owns right now over 40% of the company making him the shareholder with the highest ownership.

Although right now it may seem for you, as if this is a perfect software and solution to cyber-crime, it has its flaws too. Some IT workers had reported that this AI-based system, continuously reports multiple deviations throughout the day, to the point when they had to stop checking the alerts, just because it was a waste of their time. Furthermore, Darktrace’s plans for their customer are not cheap at all, which can make them less desirable.

Frankly, I would say that even though it will help bigger companies to eliminate some threats, especially from the inside, it is nowhere near the perfect solution yet.

What do you think about this start-up? Are AI-based systems the solution to our problem with cyber-crime? Let me know in the comments.

 

 

Reference list:

  1. Leslie, I. (2018, June 15). You used to build a wall to keep them out, but now hackers are destroying you from the inside.
    https://www.wired.co.uk/article/darktrace-insider-threats-hackers-security
  2. Ram, A. (2018, October 10). Inside Darktrace, the UK’s $1.65bn cyber security start-up.
    https://www.ft.com/content/2fa5bade-cb09-11e8-9fe5-24ad351828ab
  3. null. (null). Cyber-Security SEIM | IDS. https://msp-partner.com/darktrace/
  4. Clifford, A. (2018, August 7). How billion-dollar start-up Darktrace is fighting cybercrime with A.I. .
    https://www.cnbc.com/2018/08/07/billion-dollar-start-up-darktrace-is-fighting-cybercrime-with-ai.html
  5. Hao, K. (2018, November 16). The rare form of machine learning that can spot hackers who have already broken in.
    https://www.technologyreview.com/s/612427/the-rare-form-of-machine-learning-that-can-spot-hackers-who-have-already-broken-in/
  6. Darktrace. (null). Company Overview. https://www.darktrace.com/en/overview/

 

Tagged , , ,