Tag Archive for: effective

How Effective Are Government Sanctions Against Ransomware

/in


How Effective Are Government Sanctions Against Ransomware

As ransomware attacks reach an all-time high, with 46% of them directed against American individuals and organizations, sanctions have become an important weapon for the government to fight back.

The US government imposed sanctions on Mikhail Mahteev — a Russian cybercriminal on the FBI’s most-wanted list.

Mahteev has been accused of being a “prolific ransomware affiliate” carrying out cyberattacks both in the US and abroad. The sanctioning of ransomware attackers is meant to protect victims from extortion, but it is a double-edged sword. Companies that pay ransom to sanctioned individuals and groups end up on the receiving end of the consequences.

The Downside of Sanctions

While it’s true that sanctions make it more difficult for cybercriminals to operate, they are far from being the perfect solution. A number of factors make it hard to effectively sanction ransomware groups, and there are still ways these groups can work around the sanctions. Besides, it’s ultimately the victims who face the consequences, which can range from hefty fines to criminal prosecution.

The tactic is meant to bar American victims from paying ransomware extortionists, but the only way it can be enforced is by penalizing victims who violate the sanctions.

A lot of ransomware actors like Mahteev are based in Russia — a country with a reputation for allowing hackers to operate freely, especially against Western targets.

There isn’t much the US government can do against such cybercriminals to enforce the sanctions effectively.

Besides, the way sanctions work makes them a less-than-ideal solution for tackling the ransomware threat, too. Imposed by the U.S.

Treasury’s Office of Foreign Assets Control (OFAC), these sanctions make it unlawful for individuals and businesses in the US to transact with sanctioned entities like Mahteev.

Experts also fear that such sanctions could potentially encourage opposite reactions. Victim organizations violating the sanctions by making ransomware payments to sanctioned entities or countries, even unknowingly, might not notify authorities of the incident out of fear of prosecution.

This would lead to a lot of ransomware attacks going…

Source…

Are Voice Authentication Security Systems Effective? Deepfake Attack Poses Alarming Threat

/in


Computer scientists from the University of Waterloo have made a concerning discovery regarding the effectiveness of voice authentication security systems. 

They have identified a method of attack that can successfully bypass these systems with an alarming success rate of up to 99% after only six attempts.

COLOMBIA-AVIATION-BIOMETRIC-MIGRATION-SYSTEM-EL DORADO-FEATURE

(Photo : JUAN BARRETO/AFP via Getty Images)
Passengers use BIOMIG, the new biometric migration system, at El Dorado International Airport in Bogota on June 2, 2023. Colombian Migration launched a new biometric migration system for foreigners.

Deepfake Voiceprints

Voice authentication has become increasingly popular in various security-critical scenarios, such as remote banking and call centers, where it allows companies to verify the identity of their clients based on their unique “voiceprint.”

During the enrollment process of voice authentication, individuals are required to replicate a designated phrase, which is then used to extract and store a distinct vocal signature or voiceprint on a server. 

In subsequent authentication attempts, a different phrase is utilized, and the extracted characteristics are compared against the stored voiceprint to ascertain access.

However, the researchers at the University of Waterloo have found that voiceprints can be manipulated using machine learning-enabled “deepfake” software, which can generate highly convincing copies of someone’s voice using just a few minutes of recorded audio. 

Hence, developers introduced “spoofing countermeasures” to differentiate between human-generated speech and machine-generated speech.

The research team have created a method that bypasses these spoofing countermeasures, enabling them to deceive most voice authentication systems within only six attempts. 

They have identified the markers in deepfake audio that expose its computer-generated nature and have created a program to take out these markers, rendering the fake audio indistinguishable from real recordings.

During a evaluation conducted on Amazon Connect’s voice authentication system, the researchers accomplished a 10% success rate within a brief four-second attack, which escalated to over 40% in under thirty…

Source…

Report finds Census Bureau lacks ‘effective cybersecurity posture’ after red team hack

/in



A new inspector general report details how government-contracted hackers managed to gain covert access to Census Bureau systems in a simulated attack against the federal agency.

Source…

Managing Remote Work: 7 Tips for Creating Effective Employer Policies | Fisher Phillips

/in


The COVID-19 pandemic resulted in unprecedented change for the workplace after stay-at-home orders, isolation and quarantine requirements, and accommodation requests resulted in many employees temporarily working from home. Employers and employees alike recognized certain benefits of remote work arrangements, which led many business leaders to explore hybrid and permanent remote work policies. While remote work arrangements are not practical for every job or desired by every employer, when such arrangements are embraced and become embedded into company policy, employers need to ensure they are taking proper precautions. Below are seven tips that employers should consider when implementing remote work policies.

  1. Create a Written Remote Work Policy

    You should consider creating a written policy establishing the criteria and guidelines for working remotely. Will all employees and roles be eligible? Identify the roles that are critical to your business operations and determine whether those individuals can carry out their jobs while working remotely. Set performance standards and expectations from the start, and include policies on security and data protection, safety, and expectations about equipment and materials.

  2. Review Rules on Expense Reimbursement

    Be sure that your pay practices for all employees – those who work onsite and those who work remotely – comply with the applicable federal and state wage and hour laws. In some states, such as California, employers must ensure all business expenses that are “reasonable” and “necessary” to perform the job remotely are reimbursed. At least ten states – California, Illinois, Iowa, Massachusetts, Montana, New Hampshire, New York, North Dakota, Pennsylvania, and South Dakota − and the District of Columbia have enacted laws requiring employers to reimburse employees for certain remote work expenses.

    Even if the applicable state does not require reimbursement, failure to reimburse could lead to allegations of federal wage and hour violations for those paid at or near the minimum wage. For example, under the Fair Labor Standards Act (FLSA), employers generally don’t have to reimburse employees for work-related…

Source…