Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyberhackers. Show all posts
Youtube
Amazon Audible ClearFake Cyber Security CyberCrime Cyberhackers CyberThreat Google Youtube

Amazon and Audible Face Scrutiny Amid Questionable Content Surge

 


The Amazon online book and podcast services, Amazon Music, and Audible have been inundated by bogus listings that attempt to trick customers into clicking on dubious "forex trading" sites, Telegram channels, and suspicious links claiming to offer pirated software for sale. It is becoming increasingly common to abuse Spotify playlists and podcasts to promote pirated software, cheat codes for video games, spam links, and "warez" websites. 

To spam Spotify web player results into search engines such as Google, threat actors can inject targeted keywords and links in the description and title of playlists and podcasts to boost SEO for their dubious online properties. In these listings, there are playlist names, podcast description titles, and bogus "episodes," which encourage listeners to visit external links that link to places that might cause a security breach. 

A significant number of threat actors exploit Google's Looker Studio (formerly Google Data Studio) to boost the search engine ranking of their illicit websites that promote spam, torrents, and pirated content by manipulating search engine rankings. According to BleepingComputer, one of the methods used in the SEO poisoning attack is Google's datastudio.google.com subdomain, which appears to lend credibility to the malicious website. 

Aside from mass email spam campaigns, spammers are also using Audible podcasts as another means to spread the word about their illicit activities. Spam can be sent to any digital platform that is open to the public, and no digital platform is immune to that. In cases such as those involving Spotify or Amazon, there is an interesting aspect that is, one would instinctively assume that the overhead associated with podcasting and digital music distribution would deter spammers, who would otherwise have to turn to low-hanging fruit, like writing spammy posts to social media or uploading videos that have inaccurate descriptions on YouTube. 

The most recent instance of this was a Spotify playlist entitled "Sony Vegas Pro 13 Crack...", which seemed to drive traffic to several "free" software sites listed in the title and description of the playlist. Karol Paciorek, a cybersecurity enthusiast who spotted the playlist, said, "Cybercriminals exploit Spotify for malware distribution because Spotify has become a prominent tool for distributing malware. Why? Because Spotify's tracks and pages are easily indexed by search engines, making it a popular location for creating malicious links.". 

The newest business intelligence tool from Google, Looker Studio (formerly, Google Data Studio) is a web-based tool that allows users to make use of data to create customizable reports and dashboards allowing them to visualize and analyze their data. A Data Studio application can, and has been used in the past, to track and visualize the download counts of open source packages over some time, such as four weeks, for a given period. There are many legitimate business cases for Looker Studio, but like any other web service, it may be misused by malicious actors looking to host questionable content on illegal domains or manipulate search engine results for illicit URLs. 

Recent SEO poisoning campaigns have been seen targeting keywords related to the U.S. midterm election, as well as pushing malicious Zoom, TeamViewer, and Visual Studio installers to targeted sites.  In advance of this article's publication, BleepingComputer has reached out to Google to better understand the strategy Google plans to implement in the future.

Firstory is a new service launched in 2019 that enables podcasters to distribute their shows across the globe, and even connect with audiences, thereby empowering them to enjoy their voice! Firstory is open to publishing podcasts on Spotify, but it acknowledges that spam is an ongoing issue that it is increasingly trying to address, as it focuses on curtailing it as much as possible. 

Spam accounts and misleading content remain persistent challenges for digital platforms, according to Stanley Yu, co-founder of Firstory, in a statement provided to BleepingComputer. Yu emphasized that addressing these issues is an ongoing priority for the company. To tackle the growing threat of unauthorized and spammy content, Firstory has implemented a multifaceted approach. This includes active collaboration with major streaming platforms to detect and remove infringing material swiftly. 

The company has also developed and employed advanced technologies to scan podcast titles and show notes for specific keywords associated with spam, ensuring early identification and mitigation of potential violations. Furthermore, Firstory proactively monitors and blocks suspicious email addresses commonly used by malicious actors to infiltrate and disrupt digital ecosystems. By integrating technology-driven solutions with strategic partnerships, Firstory aims to set a higher standard for content integrity across platforms. 

The company’s commitment reflects a broader industry imperative to protect users and maintain trust in an ever-expanding digital landscape. As digital platforms evolve, sustained vigilance and innovation will be essential to counter emerging threats and foster a safer, more reliable online environment.
Read more »
Technology
Android Cyberattacks CyberCrime Cyberhackers Cybersecurity Cyberthreats Google GPS Technology

Improving GPS Technology with Insights from Android Phones

 


The effect of navigation apps drifting off course may be caused by a region 50-200 miles overhead called the ionosphere, which is a region of the Earth’s atmosphere that is responsible for such drifts. There are various levels of free electrons in this layer that, under certain conditions, can be extremely concentrated, thereby slowing down the processing of GPS signals when they are travelling between satellites and devices. 

A delay, like a delay that would occur from navigating through a crowded city street without being able to get to your place of work on time, is a major contributor to navigation system errors. As reported in Nature this week, a team of Google researchers demonstrated they had been able to use GPS signal measurements collected from millions of anonymous Android mobile devices to map the ionosphere by using GPS data from those devices. 

There are several reasons why a single mobile device signal cannot tell researchers so much about the ionosphere with only one device, but this problem is minimized when there are many other devices to compare with. Finally, the researchers have been able to use the vast network of Android phones to map out the ionosphere in an extremely precise way, matching or exceeding the accuracy of monitoring stations, using the huge network of Android phones. This technique was far more accurate in areas like India and Central Africa, compared to the accuracy of listening stations alone, where the Android technique was used. 

The total electron content (TEC) referred to as ionospheric traffic is a measure of the number of electrons in the ionosphere used within a cellular telephone network. Satellites and ground stations are used to measure this amount of electrons in the ionosphere. These detection tools are indeed effective, but they are also relatively expensive and difficult to build and maintain, which means that they are not used as commonly in developing regions of the world. 

The fact that monitoring stations are not accessible equally leads to disparities in the accuracy of the global ionospheric maps. However, Google researchers did not address one issue. They chose to use something that more than half of the world's population already possessed: mobile phones. In an interview with Popular Science, Google researcher Brian Williams discussed how changes in the ionosphere have been hindering GPS capabilities when working on Android products.

If the ionosphere were to change shortly, this may undermine GPS capabilities. Aside from contributing to scientific advances, he sees this project as an opportunity to improve accuracy and provide a more useful service to mobile device users regularly.  Rather than considering ionosphere interference with GPS positioning as an obstacle, the right thing to do is to flip the idea and imagine that GPS receiver is an instrument to measure the ionosphere, not as an obstacle," Williams commented.

The ionosphere can be seen in a completely different light by combining the measurements made by millions of phones, as compared to what would otherwise be possible." Thousands of Android phones, already known as 'distributed sensor networks', have become a part of the internet. GPS receivers are integrated into most smartphones to measure radio signals beamed from satellites orbiting approximately 1,200 miles above us in medium Earth orbit (MEO).

A receiver determines your location by calculating the distance from yourself to the satellite and then using the distance to locate you, with an accuracy of approximately 15 feet. The ionosphere acts as a barrier that prevents these signals from travelling normally through space until they reach the Earth. In terms of GPS accuracy errors, many factors contribute to the GPS measurement error, including variables like the season, time of day, and distance from the equator, all of which can affect the quality of the GPS measurement. 

There is usually a correctional model built into most phone receivers that can be used to reduce the estimated error by around half, usually because these receivers provide a correctional model.  Google researchers wanted to see if measurements taken from receivers that are built into Android smartphones could replicate the ionosphere mapping process that takes place in more advanced monitoring stations by combining measurements taken directly from the phone. 

There is no doubt that monitoring stations have a clear advantage over mobile phones in terms of value per pound. The first difference between mobile phones and cellular phones is that cellular phones have much larger antennas. Also, the fact that they sit under clear open skies makes them a much better choice than mobile phones, which are often obscured by urban buildings or the pockets of the user's jeans.

In addition, every single phone has a customized measurement bias that can be off by several microseconds depending on the phone. Even so, there is no denying the fact that the sheer number of phones makes up for what they are lacking in individual complexity.  As well as these very immediate benefits, the Android ionosphere maps are also able to provide other less immediate benefits. According to the researchers, analyzing Android receiving measurements revealed that they could detect a signal of electromagnetic activity that matched a pair of powerful solar storms that had occurred earlier this year. 

According to the researchers, one storm occurred in North America between May 10 and 11, 2024. During the time of the peak activity, the ionosphere of that area was measured by smartphones and it showed a clear spike in activity followed by a quick depletion once again. The study highlights that while monitoring stations detected the storm, phone-based measurements of the ionosphere in regions lacking such stations could provide critical insights into solar storms and geomagnetic activity that might otherwise go unnoticed. This additional data offers a valuable opportunity for scientists to enhance their understanding of these atmospheric phenomena and improve preparation and response strategies for potentially hazardous events.

According to Williams, the ionosphere maps generated using phone-based measurements reveal dynamics in certain locations with a level of detail previously unattainable. This advanced perspective could significantly aid scientific efforts to understand the impact of geomagnetic storms on the ionosphere. By integrating data from mobile devices, researchers can bridge gaps left by traditional monitoring methods, offering a more comprehensive understanding of the ionosphere’s behaviour. This approach not only paves the way for advancements in atmospheric science but also strengthens humanity’s ability to anticipate and mitigate the effects of geomagnetic disturbances, fostering greater resilience against these natural occurrences.
Read more »
Privacy
Cyberattacks CyberCrime Cyberhackers Cybersecurity CyberThreat Data Leak Microsoft Power Pages Misconfiguration Privacy

Data Leak Reported Due to Power Pages Misconfiguration


 

The Power Pages platform from Microsoft offers users an easy-to-use, low-code platform that enables them to build data-driven websites with only a little bit of programming knowledge or experience. In both the public and private sectors, companies large and small rely on this tool to facilitate the collection and analysis of data that can assist them with all manner of problems that may arise from customers or citizens seeking information to solve a problem. 

There may be other issues regarding these web pages, such as the possibility of leaks of sensitive information for their respective organizations as well if the settings for these web pages are not set up properly.  According to cybersecurity researchers, a new vulnerability has been discovered in Microsoft Power Pages that stems from misconfigured access controls within websites built with this platform that can expose sensitive data. 

If the vulnerability resulted in millions of sensitive business records being exposed to unauthorized users, this could pose a serious security risk for affected organizations as a result. It is an application service platform, that is based on the Power Platform, and offers developers a low-code platform that can be used to build externally facing websites on top of Microsoft's infrastructure without a lot of coding. 

To guarantee a layer of access control, the Power Pages system uses a layered approach when it comes to writing a custom website. A site's permissions can be configured from a table level, a column level, or a column-level. Despite these risks, misconfigurations of these settings can unintentionally expose sensitive data to the public internet when businesses misconfigure these settings.  Organizers can expose more columns to the Web API than are necessary, thereby increasing the potential attack surface of their applications. 

According to Aaron Costello, AppOmni's chief of SaaS security research, Power Pages users have to pay more attention to the software's security settings to ensure their information is protected, especially given the product's popularity. It was announced earlier this year that websites that are created using Power Pages have over 250 million users every month, according to a statement from Microsoft.  Several AppOmni and Microsoft 365 customers are now using AppOmni Insights to assist with the detection of these kinds of exposures and to provide subsequent remediation guidance if such exposures are found. 

For a detailed understanding of how these kinds of vulnerabilities can arise, it is worthwhile to first understand the platform's RBAC model and how Power Pages are constructed. In contrast to traditional custom web development, Power Pages has the following main advantages: out-of-the-box (OOB) role-based access control (RBAC), the option of using Microsoft's Dataverse as the database automatically and the ease of a drag-and-drop interface, which is made possible by prebuilt components, which greatly reduces the need for custom code in the design of the web site. 

Affording too many permissions to roles like "Anonymous Users" (non-authenticated visitors) and "Authenticated Users" (authenticated visitors) may expose an organization to potential data leaks, which may not have been anticipated. It is worth noting that Microsoft's customers have the option of easily deploying these data-driven web applications. However, if these applications are mismanaged from a security perspective, they may have a heavy cost to pay for their security. This data is primarily made up of internal organization files as well as sensitive personal information regarding both users from inside the organization and those who register on the website and are registered to either organization. 


PII was recovered from most of these cases and consisted of full names, email addresses, phone numbers, and addresses for the home, in the majority of cases.  The information of over 1.1 million NHS employees was leaked by a large shared business service provider to the NHS, with many parts of the data including email addresses, telephone numbers, and even the addresses of the employees' homes, and this was being done without the employee's knowledge. 

In this particular case, the findings were fully disclosed responsibly and have been resolved since then. A lack of understanding of the access controls in Power Pages, as well as insecure custom code implementations are the main reasons for these data leaks. With excessive permissions given to unauthenticated users, any user may be able to extract records from the database if they have access to the readily available Power Page APIs available on the web. 

A Power Pages site also allows users to generate accounts and become authenticated with the help of APIs once they have registered. Users from outside of the company can also be granted global access for reading operations on the system. Researchers identified that the absence of column-level security in Microsoft Power Pages could enable unauthorized individuals to access sensitive data without restrictions. Additionally, it was noted that users often fail to replace sensitive information with masked strings, further exacerbating security vulnerabilities. 

In response, Microsoft has implemented multiple safeguards within the backend of Power Pages and Power Platform Apps. These measures include warning banners across all Power Platform admin console pages, as well as prominent alerts and warning icons on the table permissions configuration page of Power Pages. These updates aim to help administrators identify and address potentially risky configurations. This incident underscores the importance of proactive security practices in safeguarding sensitive data. Organizations utilizing Power Pages are encouraged to review and strengthen their configurations to mitigate risks and enhance overall security.
Read more »
CyberThreat
Black Friday Consumer Protection Cyber Security CyberCrime Cyberhackers CyberThreat

Consumer Protection in Focus Amid Black Friday in South Africa

 


November 29 is the date when Black Friday offers will be available, marking the beginning of the Christmas shopping season for many consumers. There is a lot of speculation that scammers will increase their game in the coming days, which gives it even more reason to be aware of the signs of threatening phoney texts. As the critical Black Friday and festive season periods approach, the retail industry in South Africa is showing signs of resilience, according to the latest State of the Retail Nation report produced by NIQ South Africa. 

The report examines the industry's expectations over the upcoming period. A recent warning from Standard Bank alerted South Africans to the fact that scams are on the rise as Black Friday approaches, with criminals increasingly using persuasive tactics to attract people's attention.  Even though there have been no studies on how Black Friday will affect the local economy, it appears to have the potential to generate R88 billion of economic activity in South Africa in 2024.  

Based on Capital Connect's findings, South Africa's wholesale, retail, and fuel sectors will contribute a total of R88 billion in additional economic value to the economy in November 2024. The Bureau of Market Research has conducted a study that shows that the Black Friday sales in South Africa will spur R22 billion in increased direct sales this year, with a further R28 billion in indirect economic impact on the country. 

There is expected to be an additional economic value of over R88 billion for the South African economy due to the growing interest of customers in Black Friday sales taking place in November 2024 in this country's wholesale, retail, and fuel sectors. Based on the results of a research report published by the Bureau of Market Research on behalf of fintech Capital Connect. 

During the holiday shopping season this year, retailers in South Africa will likely produce R22 billion in additional direct revenue as a result of Black Friday, and R28 billion in indirect economic impacts as a result of it. Further, the wholesale industry is expected to gain additional sales of R32.1 billion, while fuel sales are expected to increase by R6.2 billion as well.  

As a result of the study, consumers seem to be more interested in Black Friday in 2024 than in the previous three years (2021-2023). The result of this is expected to push retail sales in November 2024 to a value of approximately R136 billion, up 17.3% when calculated in nominal terms from the R116.1 billion of retail sales recorded in November 2023. 

After a long period of economic stagnation and retail stagnation, the positive outlook for Black Friday 2024 suggests that the tide is turning for South African retailers after a long period of economic stagnation and retail stagnation," said Steven Heilbron, CEO of Capital Connect, which is part of Lesaka Technologies, a Nasdaq- and JSE-listed company.  Several factors have contributed to a better economic outlook, including a marked reduction in load-shedding, the introduction of the Two-Pot Retirement System, a reduction in interest rates, and a decrease in inflation. 

There is a rising trend in consumer confidence that will give an advantage to innovative retailers with the right product mix and promotions."  In this year's challenging retail climate, Black Friday sales will provide a welcome boost to retailers who have struggled to operate. The formal retail sector, on the other hand, is predicted to show real growth of only 1.4% in 2024 with an increase of just 0.6%. In a study conducted by Standard Bank, it was revealed that scams are widespread in Gauteng, where 38% of cases were reported. KwaZulu-Natal had 18%, while the Western Cape had 15%.  

In his statement, Rathogwa noted that the bank has begun noticing some concerning trends around Black Friday, including an increase in the amount of social media fraud, which has been particularly persuasive.  It is still a significant threat that deceptive emails are sent by fraudsters purporting to be emails from legitimate companies, such as retailers, streaming services, and banks, to mislead users.  Several emails contain links to fake websites that are designed to collect sensitive information, such as login details and passwords.  

The scammers also make use of luring strategies to entice the recipient into clicking on links that they believe are malicious, as well as offering rewards to the first few buyers. As well as this particular tactic, more and more fraudsters are also using social media accounts to promote offers that are heavily discounted, and sometimes even free. This type of scam is increasingly common.  A scam artist creates a page on Facebook, builds a fan base, and posts false reviews trying to entice the public to buy.

Upon engaging an interested buyer, the conversation switches to WhatsApp to discuss details about the buyer's bank account, courier service, and so on.  Upon making the payment and providing proof to the police, the victim's social media pages and phone numbers will have disappeared from the Internet. Whenever a deal seems too good to be true, it most likely is. Be careful if someone puts a lot of pressure on users to make a quick payment to secure a deal. Rathogwa also warned customers to watch out for fake websites that often look exactly like legitimate retailers" he added.  

To protect against Black Friday scams, experts advise consumers to take several precautions while shopping online or in-store. Shoppers should confirm the authenticity of a purchase before proceeding by buying only from trusted and verified sources. Carefully reviewing transaction details and ensuring that any One-Time Pin (OTP) generated corresponds to the specific transaction is critical. Verifying beneficiary account details before making electronic transfers is also recommended, with tools such as Standard Bank’s Account Verification Service offering an added layer of security. 

It is equally important for individuals to manage the security of their devices. Any unused, sold, lost, or stolen devices should be delinked from online banking profiles immediately, and banks should be notified without delay if a device is misplaced. Furthermore, shoppers are encouraged to report any suspicious activity to their financial institutions. 

Rathogwa emphasizes the importance of scrutinizing web addresses for typos or subtle alterations, as scammers frequently create fraudulent websites that mimic legitimate retailers. Such vigilance can help safeguard personal and financial information during the shopping season.
Read more »
UMI
AI technology Apple CyberCrime Cyberhackers Cybermedia Cybersecurity CyberThreat iOS iPhone Users Privacy reboot Software Updates UMI

Reboot Revolution Protecting iPhone Users

 


Researchers at the University of Michigan (UMI) believe that Apple's new iPhone software has a novel security feature. It presents that the feature may automatically reboot the phone if it has been unlocked for 72 hours without being unlocked. 

As 404 Media reported later, a new technology called "inactivity reboot" was introduced in iOS 18.1, which forces devices to restart if their inactivity continues for more than a given period.  Aside from the Inactivity Reboot feature, Apple continues to enhance its security framework with additional features as part of its ongoing security enhancements. Stolen Data Protection is one of the features introduced in iOS 17.3. It allows the device to be protected against theft by requiring biometric authentication (Face ID or Touch ID) before allowing it to change key settings. 

There are various methods to ensure that a stolen device is unable to be reconfigured easily, including this extra layer of security. With the upcoming iOS 18.2 update, Apple intends to take advantage of a feature called Stolen Data Protection, which is set to be turned off by default to avoid confusing users. However, Apple plans to encourage users to enable it when setting up their devices or after a factory reset to maintain an optimal user experience. 

As a result, users will be able to have more control over the way their personal information is protected. Apple has quietly introduced a new feature to its latest iPhone update that makes it even harder for anyone to unlock a device without consent—whether they are thieves or law enforcement officers. With this inactivity reboot feature, Apple has made unlocking even more difficult for anyone. When an iPhone has been asleep or in lock mode for an extended period, a new feature is introduced with iOS 18.1 will automatically reboot it in addition to turning it off. 

A common problem with iPhones is that once they have been rebooted, they become more difficult to crack since either a passcode or biometric signature is required to unlock them. According to the terms of the agreement, the primary objective of this measure is to prevent thieves (or police officers) from hacking into smartphones and potentially accessing data on them. There is a new "inactivity reboot" feature included in iOS 18 that, according to experts who spoke to 404 Media, will restart the device after approximately four days of dormancy if no activity is made.

A confirmation of this statement was provided by Magnet Forensics' Christopher Vance in a law enforcement group chat as described in Magnet Forensics' Christopher Vance, who wrote that iOS 18.1 has a timer which runs out after a set amount of time, and the device then reboots, moving from an AFU (After First Unlock) state to a BFU (Before First Unlock) state at the end of this timer. According to 404 Media, it seems that the issue was discovered after officers from the Detroit Police Department found the feature while investigating a crime scene in Detroit, Michigan.

When officers were working on iPhones for forensic purposes in the course of their investigation, they noticed that they automatically rebooted themselves frequently, which made it more difficult for them to unlock and access the devices. As soon as the devices were disconnected from a cellular network for some time, the working theory was that the phones would reboot when they were no longer connected to the network.  

However, there are actually much simpler explanations that can be provided for this situation. The feature, which AppleInsider refers to as an inactivity reboot, is not based on the current network connection or the state of the battery on the phone, which are factors that may affect the reboot timer. The reboot typically occurs after a certain amount of time has elapsed -- somewhere around 96 hours in most cases.  Essentially, the function of this timer is identical to the Mac's hibernation mode, which is intended to put the computer to sleep as a precaution in case there is a power outage or the battery is suddenly discharged. 

During the BFU state of the iPhone, all data on the iPhone belongs to the user and is fully encrypted, and is nearly impossible for anyone to access, except a person who knows the user's passcode to be able to get into the device. However, when the phone is in a state known as "AFU", certain data can be extracted by some device forensic tools, even if the phone is locked, since it is unencrypted and is thus easier to access and extract.  

According to Tihmstar, an iPhone security researcher on TechCrunch, the iPhones in these two states are also known as "hot" devices or "cold" devices depending on their temperature.  As a result, Tihmstar was making a point to emphasize that the majority of forensic firms are focusing on "hot" devices in an AFU state as they can verify that the user entered the correct passcode in the iPhone's secure enclave at some point. A "cold" device, on the other hand, is considerably more difficult to compromise because its memory can not be easily accessed once the device restarts, so there is no easy way to compromise it.

The law enforcement community has consistently opposed and argued against new technology that Apple has implemented to enhance security, arguing that this is making their job more difficult. According to reports, in 2016, the FBI filed a lawsuit against Apple in an attempt to force the company to install a backdoor that would enable it to open a phone owned by a mass shooter. Azimuth Security, an Australian startup, ultimately assisted the FBI in gaining access to the phone through hacking. 

These developments highlight Apple’s ongoing commitment to prioritizing user privacy and data security, even as such measures draw criticism from law enforcement agencies. By introducing features like Inactivity Reboot and Stolen Data Protection, Apple continues to establish itself as a leader in safeguarding personal information against unauthorized access. 

These innovations underscore the broader debate between privacy advocates and authorities over the balance between individual rights and security imperatives in an increasingly digitized world.
Read more »
Synthetic Data
CyberCrime Cyberhackers Cybersecurity CyberThreat Healthcare Privacy Synthetic Data

Reimagining Healthcare with Synthetic Data

 


It has been espoused in the generative AI phenomenon that the technology's key uses would include providing personalized shopping experiences for customers and creating content. Nonetheless, generative AI can also be seen to be having a very real impact on fields such as healthcare, for example. There is a tectonic shift in healthcare and life sciences, as technology is being implemented and data-driven systems are being integrated. 

A must-follow trend in this revolution is the burgeoning use of synthetic data, a breakthrough advancement poised to reshape how medical research is conducted, AI is developed, and patient privacy will be protected in the coming years. Data available in synthetic format is comparable to data available in real-world format (such as real fibers such as hemp). In the course of human evolution, humans have created synthetic products to achieve our goals and to develop new products that improve our lives in many different ways. 

It's widely known that synthetic fiber is used in clothing, rope, industrial equipment, automobiles, and many other places. It is because of the ability to create synthetic fiber that a wide range of products can be created that are needed in modern life. Healthcare is another area where synthetic data can have an impact similar to that of traditional data. Synthetic data is created based on real-world data using a data synthesizer. 

These synthesizers may leverage different methods to create synthetic data that have the same statistical and correlative properties as the original data; however, they are completely independent from the real-world data (1, 2). Notably, synthetic data do not contain any personal identifying information which ensures personal privacy and full compliance with privacy regulations such as the EU’s General Data Protection Regulation (GDPR). 

The use of high-fidelity synthetic data for data augmentation is an area of growing interest in data science, generating virtual patient cohorts, such as digital twins, to estimate counterfactuals in silico trials, allowing for better prediction of treatment outcomes and personalised medicine. Synthetic data allows clinicians to use prompts to generate a conversation between a patient with depression and a therapist where they are discussing the onset of symptoms. 

Healthcare providers can also use partially synthetic data, which takes a real-life transcript and has AI adjust it to remove personally identifiable information or private health information, while still telling a cohesive story. This data can then be used to train AI models to develop transcripts, training materials and so on. Regardless of whether the data is fully or partially synthetic, the data can (and often is) adjusted as needed with additional prompts until it reaches the desired result. Healthcare is subjected to a variety of privacy rules through HIPAA. 

Eliminating these privacy concerns is a primary reason Read feels synthetic data is valuable in training models. With synthetic data, healthcare providers don’t need to use real people’s data to train models. Instead, they can generate a conversation that is representative of a specific therapeutic intervention without involving anyone’s protected health information. As Read explains, “Synthetic data also makes it easy to calibrate what we’re looking for — like to generate different examples of how a healthcare provider could say something explicitly or implicitly. This makes it easier to provide different examples and tighten up the information we provide to AI models to learn from, ensuring that we can teach it the right data for providing training or feedback to real-world clinicians.” 

Synthetic data also democratizes the ability of different healthcare organizations to train and fine-tune their own machine learning models. Whereas previously, an organization might need to provide hundreds (or even thousands) of hours of transcribed sessions between patients and clinicians as well as other data points, synthetic data erases this barrier to entry. Synthetic data allows for models to learn and build out responses at a much faster rate — which also makes it easier for new players in healthcare to enter the field. 

As Read’s insights reveal, the use of AI and synthetic data isn’t going to replace clinicians’ value or decision-making authority. But with the help of synthetic data, AI can help push clinicians in the right direction to ensure that there is greater standardization and adherence to best practices. As more providers begin to utilize synthetic data to ensure they are following best practices in all patient interactions and to get feedback on their sessions, they can elevate the quality of care for all. A similar impact could also be felt in the healthcare sector by the use of synthetic data similar to how traditional data would. 

With the help of a data synthesizer, it is possible to create synthetic data based on real-world data. It has been shown that these synthesizers can leverage different methods to produce synthetic data which are capable of being compared to the original data, even if those properties cannot be extracted from the original data, but they are completely independent of real-world data (1, 2). A distinctive feature of synthetic data is the absence of any personal identifying information, which ensures that the data is completely private to the individual and complies with all needed privacy regulations, such as the General Data Protection Regulation (GDPR) of the European Union. 

As a result of increasing interest in data science, the use of high-fidelity synthetic data for data augmentation is becoming increasingly popular. To better predict treatment outcomes and tailor medical treatments for individual patients, digital twins, and virtual cohorts are used to estimate counterfactuals in silico trials, allowing better predictions of treatment outcomes. As a result of synthetic data, clinicians can generate a conversation between patients with depression and therapists to demonstrate how their symptoms began, and these prompts can be used to guide the conversation. 

Providers of healthcare can also use partially synthetic data, which is a combination of a real-life transcript and AI processing that removes any personally identifiable information or private health information, while still telling a coherent story. By using this data, it can then be developed into the types of transcripts, materials for training, etc, that are needed for creating transcripts. Whether the data being used is synthetic data or not, it can (and often is) manipulated or adjusted, as necessary, with additional prompts, until it reaches the result that is desired regardless of whether the data is synthetic or not. 

HIPAA is a sort of Federal law that imposes a variety of privacy rules on the healthcare industry. The fact that Synthetic Data is useful in training models is because it can eliminate these privacy concerns, according to Read. To train models based upon synthetic data, healthcare providers do not need to rely on real person-to-person information. This would allow them to generate a conversation in which they would represent a specific therapeutic intervention, without involving any protected health information of anybody involved in such a conversation. 

Moreover, Read explains, "Synthetic data also allows us to calibrate our search in a much easier way - like for example, generating examples of how a healthcare provider would be able to send an implicit or explicit message to an individual." Moreover, synthetic data democratizes the possibility of various healthcare organizations to train and refine their own artificial intelligence models by enabling them to use synthetic data. 


An organization might have previously been required to provide hundreds (or even thousands) of hours of transcribed sessions between patients and clinicians, along with other information points about these sessions, in order to offer this service, but with synthetic data, businesses are no longer required to do so. Using synthetic data, it is possible for models to learn and develop responses at much faster rates as well, making it easier for new players in healthcare to enter the field to learn and build on existing responses. 

In light of Read's insights, it's important to emphasize that AI and synthetic data are not going to replace clinicians' capabilities or their decision-making authority as Read identifies. By using synthetic data, however, AI has the potential to help clinicians in the right direction to ensure that better standards of care are observed and that best practices are followed. As healthcare providers increasingly adopt synthetic data, they gain a valuable tool for adhering to best practices in patient interactions and enhancing the overall quality of care.

By leveraging synthetic data, practitioners can simulate various clinical scenarios, ensuring their approaches align with industry standards and ethical guidelines. This technology also enables providers to receive constructive feedback on their patient sessions, helping to identify areas for improvement and fostering continuous professional development. The integration of synthetic data into healthcare workflows not only supports more consistent and informed decision-making but also elevates the standard of care delivered to patients across diverse settings. By embracing synthetic data, providers can drive innovation, improve outcomes, and contribute to a more efficient and patient-centered healthcare ecosystem.
Read more »
ransomware attacks
Cyber Attacks CyberCrime Cyberhackers Cybersecurity Cyberthreats Hospitals ransomware attacks

Cyberattack Impacts Georgia Hospital, Colorado Pathology Services

 


The number of hospitals that have been affected by ransomware, business email compromise, and other cyber threats is increasing across all sectors, from small community hospitals such as Memorial Hospital and Manor in Bainbridge, Georgia, to those with a large number of beds.  In his opening keynote address at the HIMSS Healthcare Cybersecurity Forum last week in Washington, D.C., Greg Garcia, executive director of the Health Sector Coordinating Council Cybersecurity Working Group, indicated that there is now an average of two data breaches conducted every day within the American health care system. 

People who work in hospitals and health systems are often targeted by cyber threat actors exploiting the basic vulnerabilities of their systems and taking advantage of the vulnerabilities. To illustrate these types of breaches, Kaiser Permanente, one of the country's largest health systems, said it had sent a notice Sunday to those in Southern California whose personal health data had been compromised as a result of unauthorized access to two email accounts of employees. 

The bad guys can also be skilled at exploiting their victim's vulnerability, with sophisticated social engineering techniques coupled with phishing attacks that focus on bots. As part of a cyber exploit, originally discovered earlier this month, Summit Pathology, an independent pathology service provider based in Colorado, had patient data associated with more than 1.8 million people exfiltrated from its system. 

In a report issued by Kaiser Permanente, it was reported that an unauthorised third party gained access to the email accounts of two employees and was able to view the health information of patients. As the U.S. grows and grows, ransomware, business email compromise, and other cyber threats are causing disruptions to care for millions of people across the nation, including small community hospitals such as Memorial Hospital and Manor in Bainbridge, Georgia, as well as the largest providers. 

A recent study conducted by the Health Sector Coordinating Council Cybersecurity Working Group found that the United States amounted to two data breaches per day on average, Greg Garcia, executive director of the ASHC Cybersecurity Working Group, said in his opening address at the HIMSS Healthcare Cybersecurity Forum, held in Washington, DC, last week. In many cases, cybercriminals target people who work in hospitals and health systems to exploit weaknesses in the system. A health system in Southern California posted a notice informing its members on Friday there was an issue about the security of health information that was discovered on September 3. 

A notice on the company's website advised that two of its employees' email accounts had been accessed by an unauthorized party, according to the notice. "Immediately following the discovery of this incident, Kaiser Permanente terminated the unauthorized access and immediately began investigating to determine the scope of the access." this statement was made by Kaiser Permanente. It was found that some protected health information about some patients were included in the email's contents after we validated them." 

According to the health system, although Social Security numbers and financial information were not involved, protected health information, such as first and last names, dates of birth, medical records numbers, and medical information, had the potential to be accessed and/or viewed by third parties. As part of Kaiser Permanente's maintenance of health system operations, affected individuals were contacted directly by the company, Kaiser Permanente said. There is evidence out there that on October 18, Summit Pathology of Loveland, Colorado, reported to the Department of HHS that there are 1,813,538, whose data had been breached in a hacking incident, in which their data has been compromised. 

 As outlined in the pathology services company's notice on its website, the impacted systems contained data such as names, addresses, medical billing and insurance information, certain medical information such as diagnosis, demographic information such as dates of birth, social security numbers, and financial information. There was an incident that occurred on or around April 18 when Summit announced it had noticed suspicious activity on its computer network and that it had taken the necessary steps to secure it, including contacting third parties to assist in the investigation. 

The affected healthcare entities have reported that they successfully identified files that unauthorized individuals may have accessed or acquired during the ransomware attack. In response to the incident, Summit conducted a thorough review of its internal policies and procedures. Following this review, they implemented additional administrative and technical safeguards to strengthen security and mitigate the risk of future attacks. 

On October 31, the Murphy Law Firm, based in Oklahoma City, stated its involvement in the case. The firm announced that it is pursuing a class action lawsuit and actively investigating claims related to the breach. According to Murphy Law Firm, Summit’s forensic investigation revealed that cybercriminals were able to infiltrate the organization's inadequately secured network, leading to unauthorized access to sensitive data files. The law firm is now seeking to hold Summit accountable for the potential data security lapses that may have enabled the breach.
Read more »
ransomware attacks
Columbus Data Breach CyberCrime Cyberhackers Cybersecurity CyberThreat Data Breach ransomware attacks

Columbus Data Breach Affects 500,000 in Recent Cyberattack

 


In July, a ransomware attack on Columbus, Ohio, compromised the personal information of an estimated 500,000 residents, marking one of the largest cyber incidents to affect a city in the United States in recent years. There has been great interest in the attack linked to the Rhysida ransomware group due to the extent of the data stolen as well as the controversy surrounding the city's response. 

The City of Columbus, the state capital of Ohio, has confirmed that hackers stole data from 500,000 residents during a ransomware attack in July, locking them out.  The City of Columbus confirmed in a filing with the state attorney general that a "foreign cyber threat actor" had infiltrated the city's network to access information about residents, including their names, dates of birth, addresses, ID documents, Social Security numbers, and bank accounts.  

With a population of 900,000 people, the city in Ohio has the largest population of any municipality in the state, with around half a million people affected by the flooding, but the exact number of victims has yet to be determined.  In a regulatory filing, the city revealed that it had "thwarted" a ransomware attack on July 18 of this year, which was the effect of disconnecting its network from the internet to thwart the attack. This attack has been claimed by the Rhysida ransomware group, which specializes in crypto-ransomware attacks.

Cybercriminals believed to be connected to Russian threat actors sought a ransom from Columbus in the initial stages of the attack, claiming that 6.5 TB of data was stolen by this group. It is alleged that Rhysida introduced 3.1 TB of data from this database to the dark web leak site after negotiations with the city failed. A significant data breach in the public sector has occurred within the last two years as a result of this exposure. 

 According to Rhysida, the ransomware gang, the attack occurred the same day. They claim they have stolen databases containing 6.5 TB of data, including information about staff credentials, video feeds from the city camera system, and server dumps, along with other sensitive data. There has been no increase in the amount of stolen data that is now being published on the dark web leak portal of the gang because they failed to extort the City. Some 45% of the stolen data includes 260,000 documents (3.1 TB) on this portal. 

There was no need to be concerned about the leak of the data because the data was "encrypted or corrupted" as the mayor of Columbus Andrew Ginther said in his statement to the Columbus media. As a result, David Leroy Ross (aka Connor Goodwolf) of the Security Research Group, a British security research company, refuted the Mayor's claim by sharing some samples of the leaked data with press outlets, which showed that it contained unencrypted personal information belonging to city employees, residents, and visitors. 

As of early August, Columbus had filed a lawsuit against security researcher David Leroy Ross, escalating the situation to a point where it became an extreme situation. In an announcement to the local media, Ross, who goes by the username "Connor Goodwolf", reported that residents' personal information had been uploaded on the dark web. According to the disclosure, Columbus officials had earlier claimed that only unusable, corrupted data had been stolen, which was contrary to the new disclosure.

The first cyber analysts to investigate the stolen data discovered a significant volume of sensitive files among them databases, password logs, cloud management files, employee payroll records, and even footage culled from city traffic cameras in the aftermath of Ross's revelations. In response to this attack, the city said it has committed to improving its cybersecurity protocols in the future to prevent similar attacks from happening again. 

In Columbus, a town of approximately 915,000 people, the Maine Attorney General's Office received a report from the city informing them that the breach may affect approximately 55% of its citizens. Those affected by this tragedy will receive two years of free credit monitoring and identity protection services as a gesture of goodwill from the city. The city of Columbus has been put under increasing public pressure to ensure that data is protected and transparent communications about the extent of the breach are made in light of rising public pressure. As a result of the City's lawsuit, Goodwolf is alleged to have spread stolen data illegally and negligently. 

There was a request for monetary damages with a request for a temporary restraining order and a permanent injunction, and the researcher was ordered to stop further dissemination of the leaked data to prevent future disclosures. It was decided in December 2011 that a temporary restraining order would be issued in Franklin County prohibiting Goodwolf from downloading and disseminating the data they stole from the City.

The City had previously claimed that the leaked data was useless, but as shown in breach notification letter samples filed with the Maine Attorney General's Office, despite its claims, it informed 500,000 people in early October that some of their financial and personal information had been stolen and published on the dark web by those who stole it. There has been a breach of the City information system, according to the breach notification letters, which include your personal information, including your first and last name, date of birth, address, bank account information, driver's license number, Social Security number, and other identifying information that may have been included as a result of the incident. 

Although the City has yet to find evidence of the misuse of its data, it warns those affected by this breach to keep a close eye on their credit reports and financial accounts to ensure no suspicious activity is taking place. It is now also offering 24 months of free 24 months of monitoring of credit and identity, provided by Experian IdentityWorks, as well as identity restoration services provided by Experian.
Read more »
Technology Updates
Accounts Cybercrime. Cybercriminal. Cyberthreats Cyberhackers Gmail Privacy Technology Updates

Gmail Under Attack: Secure a Backup Account

 


Having access to a Gmail account in the present world is rather dangerous because hackers create new ways of penetrating the account, even if it at times employs a 2FA security feature. While methods like passkey sign-ins and secure browsing have been adopted by Google, risks like session cookie theft remain a reality. Google Chrome users may encounter a pop-up alert stating, “Your password was exposed in a non-Google data breach” in their web browser. This alert notifies users of recent security breaches that may have compromised their account passwords. 

With 2.5 billion active users, Gmail is a prominent target for hackers aiming to compromise accounts and access sensitive information. Reports of sophisticated cyberattacks, including session cookie theft and two-factor authentication (2FA) bypassing, are rising. To safeguard email security, users are advised to consider proactive measures, such as setting up a secondary Gmail account, as waiting to act may increase vulnerability to 2FA-bypass attacks. For many, the risk of account compromise is a growing concern, as hackers employ session cookie-stealing tactics to bypass even the most robust 2FA protections. 

Cybercrime agencies strongly encourage enabling 2FA, yet cybercriminals continue to evolve methods for evading these safeguards. Google has made significant strides in enhancing security through features like secure pass-key sign-in across devices and safe browsing protections for Chrome users. The problem remains that attackers are now leveraging sophisticated tools to penetrate even Google's advanced encryption measures taken to prevent cookie theft, despite Google's efforts to protect its users. 

Even though a secondary Gmail account should not be used directly as a preventative measure against 2FA bypass attacks, it can still serve as a valuable backup in the event of a breach of users' primary Gmail accounts. There have been numerous discussions about this approach among users, such as those on the Gmail subreddit, where some users have shared their experiences of their accounts being compromised despite having 2FA enabled on their accounts. Creating a new Gmail account does not guarantee immunity from attacks, but it is one of the best ways to secure and protect any emails which are important and often irreplaceable. 

For this new account, it is suggested that users use different methods to ensure the maximum level of security. Set up 2FA, as an example, using a standalone authentication app instead of sending an SMS to the same phone number on which 2FA will be activated. As much as possible, link a user's new account to a different device or unique information if possible. Initially, users will have to set up a Gmail account that will allow them to forward their emails to this new account once they are all set up, but once this is done they will automatically receive a copy of their emails sent through their main Gmail account. 

Using this approach, they will be able to access their emails even if anything should happen to their primary email account. As an extra layer of security, consider signing up for Google's Advanced Protection Program to ensure that users' accounts are more secure, adding multiple security layers that make it more difficult for anyone to access the accounts without permission. In the case that a hacker does manage to gain access to a customer's primary Gmail account, having a backup account means that they will have to hack an account separately in case of a breach.

In the unlikely event that something untoward happens, it's a comforting safety net to fall back on. As there are no fees associated with setting up a second Google account, users could set up a second one using Gmail, a free web-based email account. For added security, users should take the following steps: first, sign out from any existing Google accounts, then go to the Google Account sign-in page and click on “Create Account” for added security.

To ensure maximum security, users should consider using a different device for the primary account, so that it will not be compromised if a single point of failure is found. Furthermore, it would be beneficial to choose a second-factor code generator rather than 2FA via SMS, such as an authentication app, which uses a unique code generator to generate users' second-factor code, thereby enhancing the security of their account. 

In conclusion, one of the best ways to further isolate a new account from potentially compromised accounts is to use varied personal information when establishing it. There is no dearth of web-based email platforms, but with Google's free web-based Gmail service, it is incredibly easy to set up separate accounts for each user. It is common for users to lose count of how many different apps they have on their phones, even though they only use two or three of them regularly. 

To ensure that this new account is as secure as possible and less likely to be compromised by a threat actor who succeeded in attacking the original account, either use a password tied to an entirely separate device or use two-factor authentication where users use a standalone app to generate the 2FA code rather than text messaging to the same number they used before. Users should try and fill in as much information as possible when setting up a new account to avoid making it less unique. Once the secondary email account has been established, the next step involves setting up a forwarding rule within the original Gmail account. 

By doing this, users can ensure that a copy of each email is automatically sent to the secondary account, providing a reliable backup in case the primary account is ever compromised. Implementing this backup method is a proactive way to safeguard important information against unexpected events. Although having email forwarding in place adds an extra layer of security, it’s important to note that, even if a malicious actor gains access to the original account, the secondary account remains secure as a standalone entity. Since the two accounts are independent of each other, each would need to be compromised separately for a complete breach to occur. This setup minimizes risks and provides an effective, manageable backup. 

In an era of increasingly sophisticated digital threats, proactively securing Gmail accounts has become a crucial task for individuals and organizations alike. Setting up a secondary account with distinct, robust security measures enhances protection and acts as a safeguard for sensitive data. Users who adopt additional defences—such as two-factor authentication (2FA) and other advanced security practices—are in a far better position to counteract potential cyberattacks. Today’s threat landscape demands a strategic approach to email security, where even the most secure accounts can face risks. Through these proactive steps, individuals create a resilient backup framework, ensuring their data remains accessible and protected regardless of evolving threats.
Read more »
Technology
CyberCrime Cyberhackers Cybersecurity CyberThreat iOS Devices LightSpy Technology

LightSpy Update Expands Surveillance on iOS Devices

 


It has been discovered that a newer version of LightSpy spyware, commonly used to target iOS devices, has been enhanced with the capability to compromise the security and stability of the device. LightSpy for macOS was first discovered by ThreatFabric, which published a report in May 2024 in which they described their findings with the malware. 

After a thorough investigation of the LightSpy client and server systems, the analysts discovered that they were using the same server to manage both the macOS and iOS versions of the program. IPhones are undeniably more secure than Android devices, however, Google has been making constant efforts to close the gap, so Apple devices are not immune to attacks. 

The fact that Apple now regularly alerts consumers when the company detects an attack, the fact that a new cyber report just released recently warns that iPhones are under attack from hackers who are equipped with enhanced cyber tools, and the fact that "rebooting an Apple device regularly is a good practice for Apple device owners" is a better practice. LightSpy is a program that many users are familiar with. Several security firms have reported that this spyware has already been identified on multiple occasions. 

The spyware attacks iOS, macOS, and Android devices at the same time. In any case, it has resurfaced in the headlines again, and ThreatFabric reports that it has been improved greatly. Among other things, the toolset has increased considerably from 12 to 28 plugins - notably, seven of these plugins are destructive, allowing them to interfere with the device's boot process adversely. The malware is being distributed by attack chains utilizing known security flaws in Apple iOS and macOS as a means of triggering a WebKit exploit. 

A file with an extension ".PNG" is dropped by this exploit, but this file, in fact, is a Mach-O binary that exploits a memory corruption flaw known as CVE-2020-3837 to retrieve next-stage payloads from a remote server. LightSpy comes with a component called FrameworkLoader, which in turn downloads the application's main module, the Core module, and the available plugins, which have increased from 12 to 28 since LightSpy 7.9.0 was released. 

The Dutch security company reports that after the Core starts up, it will perform an Internet connectivity check using Baidu.com domains and, upon checking those arguments, the arguments will be compared against those passed from FrameworkLoader, which will be used to determine the [command-and-control] data and working directory," the security company stated. This means that the Core will create subfolders for log files, databases, and exfiltrated data using the /var/containers/Bundle/AppleAppLit/working directory path. 

This plugin can collect a wide range of data, including Wi-Fi information, screenshots, location, iCloud Keychain, sound recordings, photos, browser history, contacts, call history, and SMS messages. Additionally, these plugins can be used to gather information from apps such as Files, LINE, Mail Master, Telegram, Tencent QQ, WeChat, and WhatsApp as well. In the latest version of LightSpy (7.9.0), a component called FrameworkLoader is responsible for downloading and installing LightSpy's Core module and its various plugins, which has increased in number from 12 to 28 in the most recent version. 

Upon Core's startup, it will query the Baidu.com domain for Internet connectivity before examining the arguments provided by FrameworkLoader as the working directory and command-and-control data to determine whether it can establish Internet connectivity. In the Core, subfolders for logs, databases, and exfiltrated data are made using the working directory path /var/containers/Bundle/AppleAppLit/ as a default path. 

Among the many details that the plugins can collect are information about Wi-Fi networks, screenshots, locations, iCloud Keychain, sound recordings, images, contacts, call history, and SMS messages, just to mention a few. The apps can also be configured to collect data from apps such as Files, LINE, Mail Master, Telegram, Tencent QQ, WeChat, and WhatsApp as well as from search engines. It should be noted that some of the recent additions to Google Chrome include some potentially damaging features that can erase contacts, media files, SMS messages, Wi-Fi settings profiles, and browsing history in addition to wiping contacts and media files. 

In some cases, these plugins are even capable of freezing the device and preventing it from starting up again once it is frozen. It has also been discovered that some LightSpy plugins can be used to create phony push alerts with a different URL embedded within them. Upon analyzing the C2 logs, it was found that 15 devices were infected, out of which eight were iOS devices. 

Researchers suspect that most of these devices are intentionally spreading malware from China or Hong Kong, and frequently connect to a special Wi-Fi network called Haso_618_5G, which resembles a test network and seems to originate from China or Hong Kong. It was also discovered during ThreatFabric's investigation that Light Spy contains a unique plugin for recalculating location data specific to Chinese systems, suggesting that the spyware's developers may live in China, as the information it contains appears to have been obtained from Chinese sources. 

LightSpy's operators heavily rely on "one-day exploits," and consequently they take advantage of vulnerabilities as soon as they become public information. Using ThreatFabric's recommendation as a guide to iOS users, they are advised to reboot their iOS devices regularly since LightSpy, since it relies on a "rootless jailbreak," can not survive a reboot, giving users a simple, but effective, means to disrupt persistent spyware infections on their devices. 

As the researchers say, "The LightSpy iOS case illustrates the importance of keeping system updates current," and advise users to do just that. "Terrorists behind the LightSpy attack monitor security researchers' publications closely, using exploits that have recently been reported by security researchers as a means of delivering payloads and escalating their privileges on affected devices." Most likely, the infection takes place through the use of lures, which lead to infected websites used by the intended victim groups, i.e. so-called watering holes on the Internet. 

For users concerned about potential vulnerability to such attacks, ThreatFabric advises a regular reboot if their iOS is not up-to-date. Although rebooting will not prevent the spyware from re-infecting the device, it can reduce the amount of data attackers can extract. Keeping the device restarted regularly provides an additional layer of defence by temporarily disrupting spyware's ability to persistently gather sensitive information.
Read more »
Technology
Artitifical Intelligence Bitfender CyberCrime Cyberhackers Cybersecurity CyberThreat Technology

Bitdefender's Perspective on Weaponized AI and Its Impact on Cybersecurity

 


Taking cybersecurity seriously is one of the biggest things users can do to protect their company from cyberattacks. While discussing with Bogdan "Bob" Botezatu, Director of Threat Research at Bitdefender, to get a deeper understanding of what is happening today, including the ever-growing role that Artificial Intelligence is playing in the criminal arena as well as in security.

It has been Botezatu's job to defend Bitdefender customer data from ransomware attacks, as well as to carry out research into IoT vulnerabilities for the past 20 years. He has worked in the cybersecurity industry during this time.  As a result of artificial intelligence, many people tend to envision a sci-fi world in which robots will be taking over human society and their daily routines as its known today. It's important to keep in mind that artificial intelligence is already here, improving everyday technologies like e-commerce, surveillance systems, and many others daily. 

It is a belief that cybercriminals prefer to target anyone, regardless of whether they can gain immediate financial gain from it. Rather, simply infecting someone's computer is of great importance, since having access to that device is very useful to them. Cybercriminals can take advantage of passwords held by them by renting these passwords to other cyber-criminal organizations to send spam or use them as proxies to disguise various illegal activities. 

Hackers can also use stolen identity and personal information to commit fraud. As a result of the rapid rise of artificial intelligence (AI) within the cyber security industry, great cybersecurity players like Bitdefender and bad actors are engaged in an arms race aimed at harming them.  In the context of the Internet of Things, Botezatu found that the growing number of devices connected to the Internet every year is introducing significant cybersecurity vulnerabilities. This essay explains how these devices, in many cases, serve as a liability for users, as many of the bugs they contain are regarded as purely user-centric.

It is widely acknowledged that individuals are at risk of network breaches due to insecure IoT devices, privacy breaches due to vulnerable video surveillance equipment, or even attacks on household items like thermostats that render the devices useless. There is not only the individual threat, but also the collective threat: compromised IoT devices can be incorporated into large botnets that are capable of launching distributed denial-of-service attacks (DDoS), disrupting critical infrastructures, and potentially jeopardizing the whole Internet ecosystem as a whole.

It is recommended that users safeguard all the devices they have connected to the computer through a cybersecurity solution, such as Bitdefender's Family Pack, which manages essential security functions for users, so they can focus on their regular activities without having to constantly monitor their computers. Further, he believes that it is extremely important to keep the software updated, especially those that address security issues because these updates are vital to the prevention of vulnerabilities that could be exploited by criminals to gain access to users. 

The lack of awareness continues to be an ongoing problem in 2024, despite an increase in awareness. This is contrary to what Botezatu describes as the continued prevalence of a lack of password hygiene, such as the practice of reusing passwords across accounts or using weak or compromised passwords. As a result of data breaches, criminals can use these stolen credentials to commit widespread attacks in which they try to gain access to numerous accounts using the stolen credentials. 

According to Botezatu, for each account, it is recommended to use a unique and complex password that can be changed regularly when possible to increase account security. Using tools such as Bitdefender's Password Manager, which simplifies the process of creating strong passwords, helps make it easier to use and remember them, and also helps with users' online security. He also emphasizes that all compatible accounts should be enabled with multi-factor authentication, which serves as an additional layer of protection to the account security in addition to multi-factor authentication. 

In the present day, cybercriminals use artificial intelligence to produce convincing synthetic media, which include deepfakes, which are videos or audio created to simulate the appearance and voice of a real person. A substantial amount of money is lost as a result of using such technology in scams, and Botezatu mentions that elderly individuals - who often have a limited understanding of technological advancements - are more susceptible to these kinds of scams than younger individuals. 

His approach in mitigating this threat is to encourage younger members of the family to play an active role in making sure they are educated about and protected from this threat. He recommends having discussions with seniors about common scams, such as cold calls designed to gain access to a device or account even if no false statements have been made, to protect them from fraud. Also, the development of "safe" communication rules, such as the agreement on a keyword that can be used to authenticate a caller, can help prevent impersonation attacks in the family and enhance trust between members. 

It has also been found that AI is useful for confirming the authenticity of users. In Behavioral Analytics, artificial intelligence is used to detect individuals from a group of people based on things such as how they use the keyboard or move the mouse, Botezatu explained. As a result of the use of these technologies, it is possible to detect deviations that may indicate malicious activity, including insider threats, compromised accounts, or unauthorized access to the system. In the end, the best way to protect against cyber-attacks is to combine powerful cybersecurity technology with user's own vigilance and active surveillance.
Read more »
Digital Arrest
Cyberattacks CyberCrime Cyberhackers Cyberscams. Cyber Fraud Cybersecurity Cyberthreats Digital Arrest

Cambodia-Based Cybercriminals Exploit Digital Arrest Scam on Indian Victims

 


Human traffickers, according to a report by India Today, are luring Indian citizens to Cambodia, offering them job opportunities, and then coercing them into committing thousands of dollars worth of online financial fraud and cyber crimes. A growing number of digital arrest frauds are being experienced in India, and the Home Ministry's Cyber Wing is identifying Singapore as one of the hotbeds of these scams, along with Cambodia, Myanmar, Vietnam, Laos, and Thailand, as other geographic locations where these scams can take place. 

The IPDRs (Internet Protocol Detail Records) of the digital arrest fraudsters, which India Today discovered through an investigation of their IPDRs, have revealed that their location is Cambodia, Myanmar, and Vietnam. Upon collecting the money from such scams, the money is then withdrawn from ATMs in Dubai and Vietnam, where it is then spent. A cybercriminal sitting in Cambodia, Myanmar, and Vietnam orders Indian SIM cards for their agents, who are located within those countries. 

It has been revealed that approximately 45,000 SIM cards have been sent to Cambodia and Myanmar as a result of the investigation. There was a few days delay before Indian agencies managed to deactivate the SIM cards. According to government data, approximately Rs 120.3 crore was lost by Indians to 'digital arrest fraud schemes' during the first quarter of 2024. 

Prime Minister Narendra Modi highlighted this fraud during his monthly radio address ‘Mann Ki Baat’ on Sunday (October 27), along with other scams that he claims to be dealing with. In the period from January 1 to April 30, this year, the National Cybercrime Reporting Portal registered 0.74 million complaints. This is an increase from 1.5 million complaints recorded in 2023 when there were 1.5 million complaints logged. 

A report by the Indian Express reported that 0.96 million complaints were filed in 2022, a significant increase over the 0.45 million filed in 2021, a statistic that indicates a trend of continued growth. An article published in May by the Chief Executive of the Indian Cybercrime Coordination Center (I4C), Rajesh Kumar, detailed the losses caused by cybercrime during this period. Mr. Kumar was able to provide a lot of information. The speaker stated that Indian citizens have lost Rs 120.3 crore to digital arrest scams, Rs 1,420.48 crore to trading scams, Rs 222.58 crore to investment scams, and Rs 13.23 crore to romance scams over last four years. 

The scam usually starts with fraudsters notifying potential victims that their package contains items that have been alleged to be illegal. It is also possible that the victims may be contacted via video call by individuals impersonating law enforcement officials who will demand payments to resolve the matter. As soon as the victim answers the phone, they will have to stay connected visually in what fraudsters call a 'digital arrest' until they comply with all the demands that are made on them.  

According to the I4C's analysis of data for the period from January to April 2024, nearly 46 percent of cyber frauds reported in India are likely to originate from Myanmar, Laos, and Cambodia, which is an estimated Rs 1,776 crore together for all types of frauds reported. A company founded by Akshat Khetan, the founder of AU Corporate Advisory & Legal Services, recently spoke about digital arrest frauds via the following quote: "These scams use fear tactics to intimidate individuals into compliance. Typically, they will pose as representatives from law enforcement or other government agencies to intimidate citizens into complying with their demands. 

The first step to protecting yourself against these deceptive practices is to make sure you have a thorough understanding of your basic legal rights: in the first place, no legitimate authority must demand immediate payments or personal information if your safety is threatened. A right to verify the identity of any official and to request properly documented information is a basic human right, not merely a formality.

As soon as the victims answer an unsolicited call, they hear that the caller has sent or will send packages that contain illegal goods, drugs, fake passports, or a combination of them. As an alternative, scammers may have called victims' friends and family and told them that the victim was involved in a crime that needs to be investigated. As soon as they monitored their victim's voicemail, they would go on to target them through a video call wearing uniforms, and pretending to be police officers, before demanding money to close their case. 

Indian authorities have uncovered extensive cybercriminal operations based in Cambodia, Myanmar, and Vietnam, where scammers are exploiting Indian SIM cards for large-scale digital fraud. With over ₹2,140 crore siphoned off in the past ten months, scammers primarily operate from call centers in Chinese-owned casinos in Cambodia, deploying tactics like “digital arrest fraud” to manipulate victims. In response, Indian agencies are enhancing international collaboration and public awareness efforts to counter these sophisticated cross-border scams and safeguard citizens against evolving cyber threats.
Read more »
Subscribe to: Posts (Atom)