Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 171

Officials Warn of Cyberattacks on Hospitals as Virus Cases Spike

Hundreds of American hospitals are being targeted in cyberattacks by the same Russian hackers who American officials and researchers fear could sow mayhem around next week’s election.

The attacks on American hospitals, clinics and medical complexes are intended to take those facilities offline and hold their data hostage in exchange for multimillion-dollar ransom payments, just as coronavirus cases spike across the United States.

“We expect panic,” one hacker involved in the attacks said in Russian during a private exchange on Monday that was captured by Hold Security, a security company that tracks online criminals.

FBI warns ransomware assault threatens US healthcare system

BOSTON (AP) — Federal agencies warned that cybercriminals are unleashing a wave of data-scrambling extortion attempts against the U.S. healthcare system designed to lock up hospital information systems, which could hurt patient care just as nationwide cases of COVID-19 are spiking.

In a joint alert Wednesday, the FBI and two federal agencies warned that they had “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” The alert said malicious groups are targeting the sector with attacks that produce “data theft and disruption of healthcare services.”

The cyberattacks involve ransomware, which scrambles data into gibberish that can only be unlocked with software keys provided once targets pay up. Independent security experts say it has already hobbled at least five U.S. hospitals this week, and could potentially impact hundreds more.

Ex-US cyber command chief: Enemies using AI is ‘existential threat’

Certain cyber-artificial intelligence attacks could pose an existential threat to the US and the West, former US cyber command chief, Maj.-Gen. (ret.) Brett Williams said on Tuesday.

Speaking as part of Cybertech’s virtual conference, Williams said, “artificial intelligence is the real thing. It is already in use by attackers. When they learn how to do deepfakes, I would argue this is potentially an existential threat.”

Russia Hacks Into U.S. Power Plants, But Nuclear Reactors Should Be Impervious

But what about nuclear? Are we at risk of cyber-induced meltdowns or releases of radiation?

No.

Fortunately, while the Russians may be able to disrupt electricity transmission in general, and electricity generation from many power plants like natural gas and wind farms, they can’t hack into nuclear power plant operations. Nuclear plants are still mostly analog and not connected to the Internet.

The Internet of Things brings a web of promises and perils to the smart grid, experts say

‚The innocuous microwave on a shelf in a laboratory at the U.S. Department of Energy’s Pacific Northwest National Laboratory (PNNL) in Richland, Wash., is anything but ordinary.

“Weird,” is how Penny McKenzie, a cybersecurity engineer at the laboratory, describes the device.

The microwave arrived at PNNL with the capability to be controlled through a connected to the internet, a connection McKenzie and her colleagues declined when they plugged it into the wall.

The Deck Is Not Rigged: Poker and the Limits of AI

Tuomas Sandholm, a computer scientist at Carnegie Mellon University, is not a poker player—or much of a poker fan, in fact—but he is fascinated by the game for much the same reason as the great game theorist John von Neumann before him. Von Neumann, who died in 1957, viewed poker as the perfect model for human decision making, for finding the balance between skill and chance that accompanies our every choice. He saw poker as the ultimate strategic challenge, combining as it does not just the mathematical elements of a game like chess but the uniquely human, psychological angles that are more difficult to model precisely—a view shared years later by Sandholm in his research with artificial intelligence.

“Poker is the main benchmark and challenge program for games of imperfect information,” Sandholm told me on a warm spring afternoon in 2018, when we met in his offices in Pittsburgh. The game, it turns out, has become the gold standard for developing artificial intelligence.

Tall and thin, with wire-frame glasses and neat brow hair framing a friendly face, Sandholm is behind the creation of three computer programs designed to test their mettle against human poker players: Claudico, Libratus, and most recently, Pluribus. (When we met, Libratus was still a toddler and Pluribus didn’t yet exist.) The goal isn’t to solve poker, as such, but to create algorithms whose decision making prowess in poker’s world of imperfect information and stochastic situations—situations that are randomly determined and unable to be predicted—can then be applied to other stochastic realms, like the military, business, government, cybersecurity, even health care.

Adversarial Machine Learning Threat Matrix

Microsoft, in collaboration with MITRE research organization and a dozen other organizations, including IBM, Nvidia, Airbus, and Bosch, has released the Adversarial ML Threat Matrix, a framework that aims to help cybersecurity experts prepare attacks against artificial intelligence models.

With AI models being deployed in several fields, there is a rise in critical online threats jeopardizing their safety and integrity. The Adversarial Machine Learning (ML) Threat Matrix attempts to assemble various techniques employed by malicious adversaries in destabilizing AI systems.

AI models perform several tasks, including identifying objects in images by analyzing the information they ingest for specific common patterns. The researchers have developed malicious patterns that hackers could introduce into the AI systems to trick these models into making mistakes. An Auburn University team had even managed to fool a Google LLC image recognition model into misclassifying objects in photos by slightly adjusting the objects’ position in each input image.

Researchers find huge, sophisticated black market for trade in online ‘fingerprints’

Security on the internet is a never-ending cat-and-mouse game. Security specialists constantly come up with new ways of protecting our treasured data, only for cyber criminals to devise new and crafty ways of undermining these defenses. Researchers at TU/e have now found evidence of a highly sophisticated Russian-based online marketplace that trades hundreds of thousands of very detailed user profiles. These personal ‘fingerprints’ allow criminals to circumvent state-of-the-art authentication systems, giving them access to valuable user information, such as credit card details.

Our online economy depends on usernames and passwords to make sure that the person buying stuff or transferring money on the internet, is really the person they are saying. However, this limited way of authentication has proven to be far from secure, as people tend to reuse their passwords across several services and websites. This has led to a massive and highly profitable illegal trade in user credentials: According to a recent estimate (from 2017) some 1.9 billion stolen identities were sold through underground markets in a year’s time.

It will come as no surprise that banks and other have come up with more complex authentication systems, which rely not only on something the users know (their password), but also something they have (e.g. a token). This process, known as multi-factor authentication (MFA), severely limits the potential for cybercrime, but has drawbacks. Because it adds an extra step, many users don’t bother to register for it, which means that only a minority of people use it.