Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 199

For as smart as artificial intelligence systems seem to get, they’re still easily confused by hackers who launch so-called adversarial attacks — cyberattacks that trick algorithms into misinterpreting their training data, sometimes to disastrous ends.

In order to bolster AI’s defenses from these dangerous hacks, scientists at the Australian research agency CSIRO say in a press release they’ve created a sort of AI “vaccine” that trains algorithms on weak adversaries so they’re better prepared for the real thing — not entirely unlike how vaccines expose our immune systems to inert viruses so they can fight off infections in the future.

Read more | >

A hacking group linked to the Russian government has been attempting to breach the U.S. power grid, Wired reports.

Security experts from the non-profit group the Electric Information Sharing and Analysis Center (E-ISAC) and security firm Dragos tracked the hackers — and warn that the group has been probing the grid for weaknesses, searching for ways that they could access U.S. systems.

Even though there are no signs that the group has succeeded in accessing the power grid, the attacks still have experts worried. And that’s partly because of the history of this particular hacking group: Xenotime, who created the infamous Triton malware. In late 2017, Triton attacked critical infrastructure such as the industrial control systems used in power plants, and it could have been used to cause massive destruction through tampering with power plant controls. That lead it to be labeled the “world’s most murderous malware.”

Read more | >

Again, it’s all good stuff, essentially what I would hope for out a next-gen Deus Ex, but it’s still a little difficult to judge these elaborate upgrade trees without actually getting the opportunity to move through them at the intended pace. From what we can see, it’s plenty deep: there is the opportunity to build a hacking-fluent cyber ninja, and I’m going to guess that a good chunk of people playing this game are going to go that route.

‘Cyberpunk 2077’ is clearly stretching the limits of what’s possible on Xbox One and PS4.

Read more | >

Almost every day, news headlines announce another security breach and the theft of credit card numbers and other personal information. While having one’s credit card stolen can be annoying and unsettling, a far more significant, yet less recognized, concern is the security of physical infrastructure, including energy systems.

“With a credit card theft, you might have to pay $50 and get a new credit card,” says Stuart Madnick, the John Norris Maguire Professor of Information Technologies at the Sloan School of Management, a professor of engineering systems at the School of Engineering, and founding director of the Cybersecurity at MIT Sloan consortium. “But with infrastructure attacks, real physical damage can occur, and recovery can take weeks or months.”

A few examples demonstrate the threat. In 2008, an alleged blew up an oil pipeline in Turkey, shutting it down for three weeks; in 2009, the malicious Stuxnet computer worm destroyed hundreds of Iranian centrifuges, disrupting that country’s nuclear fuel enrichment program; and in 2015, an attack brought down a section of the Ukrainian power grid—for just six hours, but substations on the grid had to be operated manually for months.

Read more

Ben-Gurion University of the Negev (BGU) cyber security researchers have developed a new attack called Malboard evades several detection products that are intended to continuously verify the user’s identity based on personalized keystroke characteristics.

The new paper, “Malboard: A Novel User Keystroke Impersonation Attack and Trusted Detection Framework Based on Side-Channel Analysis,” published in the Computer and Security journal, reveals a sophisticated attack in which a compromised USB automatically generates and sends malicious keystrokes that mimic the attacked user’s behavioral characteristics.

Keystrokes generated maliciously do not typically match human typing and can easily be . Using artificial intelligence, however, the Malboard attack autonomously generates commands in the user’s style, injects the keystrokes as malicious software into the keyboard and evades detection. The keyboards used in the research were products by Microsoft, Lenovo and Dell.

Read more

Low tech sometimes is really good because when systems can be exploited then basically you see that no tech is sometimes best.

Election Systems & Software has championed electronic voting machines in the US. Now it has had a change of heart about the need for paper records of votes.

Cyber threats: Over half a million electronic machines are used in big US elections. Many produce paper copies of votes that can be used to audit electronic results, but some don’t. That’s a problem because security experts have shown that machines can be hacked.

The news: Tom Burt, Election Systems & Software’s chief executive, said in an op-ed in the political newspaper Roll Call that it will no longer sell paperless voting machines as the primary voting device in jurisdictions. Burt also called on Congress to make paper backups mandatory for all electronic votes cast, and to require all voting equipment suppliers to submit their machines to robust cybersecurity testing.

Read more