Connect with us

News

CYBERTHREATS INCREASING BUT SHIFTING, WITH RANSOMWARE ATTACKS DOWN 17 PERCENT

Published

on

Schaumburg, IL, USA (5 June 2018) —2017 was widely billed as the year of ransomware, but cyberthreats have moved in a new direction this year, according to ISACA’s State of Cybersecurity 2018 research.

Results show that 50 percent of the 2,366 security leaders surveyed have seen an increase in cyberattack volumes relative to last year. In addition, 80 percent of respondents said they are likely or very likely to be attacked this year—a statistic that remains unchanged from last year’s study.

But despite an increase in cyberattacks generally, ransomware attacks are significantly declining. Last year, 62 percent of respondents experienced a ransomware attack, compared to 45 percent this year—a 17-point drop. This is likely because organizations are significantly better prepared after last year’s WannaCry and NotPetya attacks. Eighty-two percent of respondents said that their enterprises now have ransomware strategies in place and 78 percent said they have a formal process—up 25-points from last year.

While these findings are positive, the data show that ransomware attacks may have been displaced by cryptocurrency mining, which is becoming more frequent. Cryptocurrency mining malware can operate without direct access to the file system, making them harder to detect—and as the prices of cryptocurrencies increase, the economics of cryptocurrency mining malware becomes better for the attacker.

Additionally, the three most common attack vectors remain unchanged from last year: phishing, malware and social engineering.

Active Defense Strategies Are Highly Effective, But Underutilized 
ISACA’s research also found that nearly 4 out of 10 respondents (39 percent) are not at all familiar or only slightly familiar with active defense strategies (e.g., honeypots and sinkholes). Of those who are familiar with active defense strategies, just over half are actually using them.

“This is a missed opportunity for security leaders and their organizations,” said Frank Downs, director of cybersecurity at ISACA. “ISACA’s research indicates that active defense strategies are one of the most effective countermeasures to cyberattacks. A full 87 percent of those who use them indicate that they were successful.”

Recommendations
The ISACA report suggests enterprises must be better prepared with focused attention on several areas, including:

  • Investing in talent—With attacks still on the rise, enterprises must continue to invest in finding, retaining and training skilled cyber security professionals.
  • Exploring further automation benefits—Enterprises should consider automation-driven strategies and tools for detection and to support recovery and response efforts.
  • Ensuring appropriate investment in security controls—With attack vectors (phishing, malware and social engineering) minimally changing, existing control types are still valid and useful. Enterprise investment and attention to security controls should increase in line with the frequency of these attack vectors.

Parts 1 and 2 of ISACA’s State of Cybersecurity Study can be downloaded free of charge at www.cybersecurity.isaca.org/state-of-cybersecurity.

 

 

 

 

Source: ISACA

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

News

GOOGLE HOME HUB SAYS NO TO SMART-HOME CAMERAS IN YOUR BEDROOM

Published

on

The new Google Home Hub sports a 7-inch touchscreen, a fabric-encased full-range speaker, a light sensor and two far-field microphones. But even more interesting is a hardware feature it doesn’t have.

The $149 device has no camera, so you can’t use it for video calls or taking photos.

While that omission at first blush may not seem like a big deal, it raises a handful of thorny questions about how many cameras and microphones people want to have in their connected homes and how much they trust giant tech companies to protect their data and privacy in their most intimate spaces.

The Home Hub, which Google introduced at its Made By Google product launch event Tuesday in Manhattan, is a mashup of a smart speaker and a tablet that’s often called a smart display. It uses the voice-powered Google Assistant to let you play YouTube videos, check your home security camera feeds and control connected smart-home devices like lights.

The device will go up against a growing list of competing smart displays, including the Amazon’s Alexa-powered Echo Show and Echo Spot, the new Facebook Portal, and the Google Assistant-powered JBL Link View and Lenovo Smart Display. All five of those devices include cameras for video chats.

The Hub comes out at time when tech companies are facing greater scrutiny for how they manage users’ data and how much of that information they keep. Just this week, Google shut down its unpopular Google+ social network after the company was forced to disclose a bug that put users’ data at risk. Earlier this year, Facebook sustained a torrent of criticism after the data of millions of people landed in the hands of consultancy Cambridge Analytica, which exploited the information for targeted election ads.

Simultaneously, many of these same companies are asking consumers to add more and more cameras, mics and sensors to control their homes.

So far, smart-home customers haven’t raised persistent concerns about these devices tracking them, instead focusing more on the convenience they can offer. But that dynamic has the potential to quickly change if there’s ever a major breach related to the audio, video and shopping data these electronics can track.

When the Hub comes out on Oct. 22, consumers will get to decide whether they want to make the Hub a bigger success than its many rival camera-toting smart displays. Whether they side more with the privacy of having no camera or the convenience of video features may signal what direction smart home technology will go in the future.

“It’s kind of less is more,” said GlobalData analyst Avi Greengart, who attended the Google event. “They’re omitting a piece of hardware that costs money and does raise some privacy implications.”

Google’s view on going camera-free

While Amazon in particular has pushed full-force into offering smart speakers with cameras, including those marketed for the bedroom, Google took a decidedly different approach with the Hub.

“For us, in general, it’s not about one product or another, just the word camera — hey, put a camera in your bedroom,” Mark Spates, Google’s product lead for smart speakers, said at Tuesday’s event. “It’s a comfort thing. For us, we wanted to make sure that you could use this anywhere in the home.”

Google wanted to give customers that option after finding that people put the Google Home Mini — its most popular smart speaker — in hallways, washrooms, bedrooms and everywhere else in their homes, he said. Looking to build on the Mini’s success and avoid limiting where the Hub can go, he said, Google opted to leave out a camera.

Diya Jolly, Google’s vice president of product management, added that the company saw an opportunity to offer a different kind of smart display, after several competing devices already offered a camera. She said Google was willing to explore adding a camera to a later version, but “we wanted to see how consumers reacted and how they liked” the new Hub.

“We wanted to give users a choice of not having a camera,” she said. “There are many other devices out there that have a camera, but none that doesn’t have a camera.”

amazon-echo-spot
A marketing picture from Amazon of the Echo Spot as a bedroom nightstand clock.Amazon

In stark contrast with the Hub, competing smart displays are heavily promoting their video capabilities. The new Facebook Portal was created especially for Facebook Messenger video calls, and Amazon’s Echo Show and Spot have been marketed for their video call functions. Amazon even included a “drop in” feature that lets people connect automatically with a Show or Spot if they’ve been approved to do so by the device’s owner.

Amazon also created another product called the Echo Look that’s marketed for your bedroom or closet. It uses a camera to take pictures of your outfit choices to give you AI-powered fashion advice. The Spot, too, is marketed as a replacement for your bedroom nightstand clock.

Privacy in focus

In a nod to privacy concerns, Facebook, JBL and Lenovo offer physical privacy shutters for their smart displays’ cameras. Amazon doesn’t, instead offering a button to disable the mic and camera on the Show and Spot.

“Customers have made millions of video calls this year alone, and they tell us that they love the ability to drop in from room to room within their homes or take a photo on our devices, which is why we believe the camera is important,” an Amazon spokeswoman said.

“We also built these devices with privacy in mind from the beginning,” she added, mentioning that when you press the microphone/camera off button, it cuts off power to both pieces of hardware. Also, a red light on the device is used to reinforce the fact that the mic and camera are off. “We will continue to learn from our customers and adapt our products to best meet their needs.”

facebook-portal-plus-messenger-chat-2306
Say hi to the Facebook Portal.James Martin/CNET

Following Facebook’s privacy blunders, the company took pains to emphasize the Portal’s privacy features, including the ability to turn off the mic and camera with one tap and the use of a passcode to unlock the screen.

Both Amazon and Facebook said they don’t record, store or listen to your calls through Facebook’s Portal or Amazon’s Alexa-powered devices.

JBL and Lenovo didn’t respond to requests for comment for this story.

By leaving out a camera Google avoids the privacy concerns raised by Amazon’s rival products and prevents a potentially messy video breach from ever happening. Amazon faced criticism for the Look, with one writer for Forbes suggesting its camera may someday be able to identify skin cancer or depression. Amazon strongly denied these claims.

“Amazon is trying something completely different,” Greengart said. “I don’t think it hurts Google to omit it, and for people that do want a camera, there are those options from Amazon and Google’s partners.”

Continue Reading

News

BING AND YAHOO ARE SUGGESTING OFFENSIVE SEARCHES

Published

on

Bing and Yahoo, which is powered by Bing, are both suggesting offensive content within their search features. How-To Geek spotted that Bing’s image search is serving up suggestions for related topics that contain racist terms, the sexualization of minors, and otherwise offensive content. The Verge then found that this problem extends to Yahoo: its homepage search box includes an autocomplete feature that populates racist phrases, and the results often prioritize the company’s Yahoo Answers posts that contain offensive material.

On Bing, the suggestions, called smart suggestion bubbles, appear in a line above the results after conducting an image search. Per How-To Geek’s screencaps, an example search for “Jews” on Bing Images gave smart suggestion bubbles like “dirty Jews,” and “evil Jews.” Clicking through one of those suggested searches recommended additional racist search terms.

Bing’s SafeSearch option is enabled by default, but it failed to block these offensive results. Turning SafeSearch off can deliver other offensive suggestions. Searching images on Bing for “black people are” with SafeSearch off returns suggested follow-up searches of “are stupid,” “are retarded,” and “monkeys.”

In some cases, the top images that are returned are also offensive. According to How-To Geek, the problem is prevalent in Bing’s video search as well. The Verge was able to replicate some of the results, but not all. The problem also extends to searches around other ethnicities.

How-To Geek says that Bing also recommended terms that sexualize minors. When searching for “gril,” Bing then suggested a search for “cute girl young 16.” Clicking through suggested searches for “little girl modeling provocatively,” “cute girls young 13,” and “cute girl young 10.”

These autocomplete suggestions don’t appear when making a regular search through bing.com. However, Bing also powers Yahoo’s search, and the same offensive suggestions that appear in Bing Images show up on Yahoo’s main page.

Additionally, since Yahoo appears to prioritize the community-driven question-and-answer website Yahoo Answers in its search results, the top result for an offensive search can come from an untrustworthy source. Upon searching the first auto-suggested phrase for “black people ar,” The Verge found that the top result is a Yahoo Answers page titled “Are Black People Born Stupid” that contains numerous racist comments. Yahoo then suggests a follow-up search, saying, “Also try: black people are stupid and violent.”

Other search engines like Google have had their brushes with inadvertently promoting offensive content. In 2016, Google addressed the very same issue of autocomplete suggesting “are Jews evil.” That same year, the company faced backlash when the top result for the query “did the Holocaust happen?” came from a white supremacist website. In response, Google changed its Search Quality Rater Guidelines in 2017 in order to tamp down on the spread of offensive or inaccurate search results. A few months later, Google came under fire again for highlighting an offensive meme in the search results for query “gender fluid.”

Google has outlined its policy on inappropriate content for autocomplete, along with a way to report violations. While Bing isn’t as forthcoming, a blog post from Bing in 2013 specifically states that its search auto-suggest tries to remove offensive content. “In addition to processing suggestions,” it says, “we are also running parallel algorithms that filter spam, detect adult or offensive content, check for spelling errors and classify the type of search you are attempting across categories.”

Last year, Bing added fact-checking labels to search results, and Microsoft (which owns and operates Bing) announced new AI features for Bing that are meant to, among other things, better recognize the content of images. The Verge has reached out to Microsoft for comment.

Continue Reading

News

ASTRONAUTS MAKE EMERGENCY LANDING AFTER RUSSIAN SOYUZ LAUNCH EXPERIENCES FAILURE

Published

on

A NASA astronaut and Russian cosmonaut had to make an emergency landing on Earth this morning, after the Russian Soyuz rocket carrying them into orbit experienced a failure during launch. The two crew members — astronaut Nick Hague and cosmonaut Alexey Ovchinin — safely landed on the ground in Kazakhstan less than an hour after liftoff and are in “good condition,” according to NASA.

The crew took off from the Baikonur Cosmodrome in Kazakhstan at 4:40AM ET. A few minutes after launch, Russia’s state space corporation Roscosmos said that there was a problem with the booster during the flight. The failure prompted the crew to make a ballistic reentry, when the Soyuz capsule enters Earth’s atmosphere at a steeper angle than normal. Rescue teams have reached the landing site and the crew is out of the Soyuz capsule.

Ballistic reentries can be intense for astronauts, because they experience higher G forces. With a normal Soyuz landing, crews riding in the vehicle usually pull around 4 Gs. That can double for ballistic reentries. In 2008, a Soyuz experienced a malfunction during landing, prompting a ballistic reentry that reached up to 8 Gs. “I saw 8.2 G’s on the meter and it was pretty, pretty dramatic,” former NASA astronaut Pegg Whitson, who was on the flight, said in a statement, according to Wired. “Gravity’s not really my friend right now and 8 G’s was especially not my friend. But it didn’t last too long.”

Roscosmos has announced that it is forming a state commission to investigate the failure. The Russian state corporation says it is already studying the data from the launch. However, Roscosmos said it would not hold a press conference today.

The failure could have significant repercussions for NASA’s human spaceflight program moving forward. It’s unlikely that Russia will launch a crewed Soyuz mission until it has figured out what exactly went wrong during this flight. However, the Soyuz is NASA’s only means of getting astronauts to the International Space Station at the moment. Two private US companies — SpaceX and Boeing — are developing vehicles to ferry NASA astronauts to and from the ISS as part of the Commercial Crew Program. However, the first crewed flights of that program are not slated to occur until summer next year at the earliest.

Developing…

Continue Reading
Advertisement

Trending