Tag Archive for: higher

More malware, less ransomware in higher ed

/in


Cybercriminals are humans, and as such, their whims, preferences and practices are subject to change. In 2020 and 2021, across sectors and regions, they appeared to prefer ransomware over other kinds of malware attacks, and government was their top malware target, according to new report from SonicWall.

But in 2022, cybercriminals altered their patterns. In this new threat landscape across industries and regions, ransomware attacks decreased (by 21 percent), though malware attacks over all increased (by 2 percent, after three years of decline), according to the report. Also, educational institutions were their top malware target.

Malware—a portmanteau of “malicious software”—is a general term that refers to software used to gain access to a system for the purposes of compromising, damaging or destroying a device, network or data. Malware may include viruses (software designed to spread from one computer to another), spyware (software designed to gather a user’s data without their knowledge), keyloggers (software that records a computer’s keystrokes) and many other nefarious applications.

Most Popular

Ransomware is another type of malware. In a ransomware attack, a criminal locks down and encrypts a user’s files. The attacker then demands money for the files to be unlocked.

Digging deeper into the data, the idea that global ransomware attacks were down may be misleading when considered in isolation, according to the researchers, as 2021 had been a high outlier year for ransomware attacks. When that outlier is omitted, ransomware attacks have been rising since 2018.

In any case, a strong majority of those who spend their days guarding computer networks perceive that malware attacks, including ransomware, remain persistent threats, according to SonicWall’s 2022 threat mind-set survey. In the survey, both were deemed top threats by a majority of respondents.

In higher education, malware attacks rose, though not as dramatically as in the K-12 sector. Ransomware attacks in higher education fell in 2022, which is especially noteworthy given the staggering increase of such attacks targeting K-12.

Cybercriminals often target known…

Source…

Higher Wages of War: A Look at the Private Military-Industrial Complex

/in


For more crisp and insightful business and economic news, subscribe to
The Daily Upside newsletter.
It’s completely free and we guarantee you’ll learn something new every day.

In 400 BC, Artaxerxes II was set to take over the Persian throne, but his younger brother, Cyrus, said “Over my dead body.”

Oh, how right he was.

With the promise of riches, Cyrus created the Ten Thousand, a large band of Greek soldiers-for-hire he would use to try to usurp his brother. While the Ten Thousand were victorious at the Battle of Cunaxa near modern-day Baghdad, Cyrus died that day, leaving the group without a leader, thousands of miles from home, and out of a job.

These days, such royal familial squabbles would more likely play out on the Twittersphere than on the battlefield. But one aspect of warfare from Cyrus’ era that endures is the mercenary – or private military contractor, as we call them today.

Outfits like Constellis, Aegis, and the Wagner Group have breathed new life into one of the oldest professions in the world, putting the value of the global private military market at more than $250 billion.

History Repeats Itself
PMCs and mercenaries have been standard military practice pretty much since the Ten Thousand:

  • When Alexander the Great invaded Asia with his Macedonian army in 334 BC, he also hired mercenaries from what is now modern day Albania, Bulgaria, and Turkey.
  • Though it’s an economic powerhouse these days (bank failures aside), Switzerland used to be one of the poorest countries in the world, forcing natives to look abroad for work. The Swiss Guard – those blue and orange-clad pope protectors – began as a group of mercenaries fighting in the Italian Wars during the 15th and 16th centuries.
  • The British crown hired roughly 30,000 German Hessians to fight in the American Revolution. King George III paid the German state of Hesse-Kassel the equivalent of about 13 years of tax revenue for their services.

Unsurprisingly, hired swords and guns weren’t big on moral values. They’d fight your war as long as you were paying, but when that was all over, they’d go rob merchants on trade routes, ransack a village, or hold a city hostage because their allegiances lay with the highest…

Source…

GPT-4 kicks AI security risks into higher gear

/in


Join top executives in San Francisco on July 11-12, to hear how leaders are integrating and optimizing AI investments for success. Learn More

As Arthur C. Clarke once put it, any sufficiently advanced technology is “indistinguishable from magic.”

Some might say this is true of ChatGPT, too — including, if you will, black magic. 

Immediately upon its launch in November, security teams, pen testers and developers began discovering exploits in the AI chatbot — and those continue to evolve with its newest iteration, GPT-4, released earlier this month. 

“GPT-4 won’t invent a new cyberthreat,” said Hector Ferran, VP of marketing at BlueWillow AI. “But just as it is being used by millions already to augment and simplify a myriad of mundane daily tasks, so too could it be used by a minority of bad actors to augment their criminal behavior.”

Event

Transform 2023

Join us in San Francisco on July 11-12, where top executives will share how they have integrated and optimized AI investments for success and avoided common pitfalls.

 


Register Now

Evolving technologies, threats

In January, just two months after launch, ChatGPT reached 100 million users — setting a record for the fastest user growth of an app. And as it has become a household name, it is also a shiny new tool for cybercriminals, enabling them to quickly create tools and deploy attacks. 

Most notably, the tool is being used to generate programs that can be used in malware, ransomware and phishing attacks. 

BlackFog, for instance, recently asked the tool to create a PowerShell attack in a “non-malicious” way. The script was generated quickly and was ready to use, according to researchers. 

CyberArk, meanwhile, was able to bypass filters to create polymorphic malware, which can repeatedly mutate. CyberArk also used ChatGPT to mutate code that became highly evasive and difficult to detect. 

And, Check Point Research was able to use ChatGPT to create a convincing spear-phishing attack. The company’s…

Source…

How Does K-12, Higher Education Fare In A Ransomware Attack?

/in


Ransomware is a high concern for universities, colleges and K-12 schools and districts. But, globally, education may face a somewhat more promising picture than other sectors, according to a recent Sophos report that surveyed 31 countries. Respondents included 5,600 IT professionals, of which 730 were from education organizations.

Worldwide, 64 percent of organizations in higher education and 56 percent in lower education suffered ransomware attacks in 2021 — less than the 66 percent global average, Sophos found. Schools also were less likely to see an increase in threats: 57 percent of organizations across sectors said 2021 brought a greater volume of cyber attacks, while just 53 percent of higher ed and 47 percent of lower ed said the same.

Lack of consistent reporting requirements prevents a precise picture of trends in the U.S., said Amy McLaughlin, cybersecurity subject matter expert for the Consortium of School Networking (CoSN), a K-12 professional association and advocacy group. Still, “a good number” of K-12 school districts she’s worked with have experienced at least a small-level ransomware incident.


“And even if a district hasn’t actually experienced a bigger ransomware event, they all know somebody who has,” McLaughlin told Government Technology*.

In higher ed, ransomware tends to be opportunistic and financially motivated, said Kim Milford, executive director of the Research and Education Networks Information Sharing and Analysis Center (REN-ISAC), which serves higher education and research institutions.

Since January 2022, REN-ISAC saw more than 20 ransomware attacks against U.S. higher education that were significant enough to make the news, and many more likely went unannounced, Milford told GovTech. Notable ransomware groups conducted several of these: BlackCat (reportedly behind attacks on Florida International University and the University of North Carolina A&T), LockBit (allegedly also responsible for attacking Italy’s tax agency and a Canadian town) and Vice Society (which allegedly struck Austria’s Medical University of Innsbruck in June).

Elusive Cyber Staff

Limited funds…

Source…