Tag Archive for: percent

A New Attack Reveals Everything You Type With 95 Percent Accuracy

/in


Of course, generative AI tools are the talk of the security industry this year. And Microsoft is no exception. In fact, since 2018, the company has had an AI red team that attacks AI tools to find vulnerabilities and help prevent them from behaving badly.

Outside of Black Hat and Defcon coverage, we detailed the ins and outs of the data privacy that HIPPA provides people in the US, and explained how to use Google’s new “Results About You” tool to get your personal information removed from search results.

But that’s not all. Each week, we round up the security news that we didn’t cover in depth ourselves. Click on the headlines to read the full stories. And stay safe out there.

Your keyboard may be exposing your secrets without you even knowing it. Researchers in the UK developed a deep-learning algorithm that can figure out what a person is typing just by listening to keystrokes. In a best-case scenario (for an attacker, that is), the algorithm is 95 percent accurate. The researchers even tested it over Zoom and found it performed with 93 percent accuracy.

Now, if you’re thinking the researchers tested the attack on the noisiest mechanical keyboard they could find, you’d be wrong. They performed their tests on a MacBook Pro. And the attack doesn’t even require fancy recording equipment—a phone’s microphone works just fine. Someone who successfully carries out the attack could use it to learn a target’s passwords or snoop on their conversations. These kinds of acoustic attacks aren’t new, but this research shows they’re getting frighteningly accurate and easier to pull off in the wild.

A series of data breaches rocked the United Kingdom this week. On August 8, the Electoral Commission, the independent body responsible for overseeing elections and regulating political finances, revealed a cyberattack had exposed the data of 40 million voters to hackers. The organization has been unable to determine whether data was taken; however, it says that full names, emails, phone numbers, home addresses, and data provided during contact with the body could be impacted. “The attack has not had an impact on the electoral process,” the commission said. (Elections are run…

Source…

58 percent of malware families sold as a service are ransomware

/in


58 percent of malware families sold as a service are ransomware.jpg

The Kaspersky Digital Footprint Intelligence team presented a new study that reveals ransomware as the most widespread Malware-as-a-Service (MaaS) over the past seven years. The study is based on research conducted on 97 malware families been distributed on the dark web and other resources. Additionally, the researchers found that cybercriminals often lease infostealers, botnets, loaders, and backdoors to carry out their attacks.

Malware-as-a-Service (MaaS) is an illicit model of business involving the leasing of software to carry out cyberattacks*.* Typically, clients of such services are offered a personal account through which they can control the attack, as well as technical support. It lowers the initial threshold of expertise needed by would-be cybercriminals. 

Ransomware to be the most popular Malware-as-a-Service 

Kaspersky’s experts examined various malware families’ sale volumes, as well as mentions, discussions, posts, and search ads on the darknet and other resources regarding MaaS to identify the most popular types. The leader turned out to be ransomware, or malicious software that encrypts data and demands to payment for decryption. It accounted for 58 percent of all families distributed under the MaaS model between 2015 and 2022. The popularity of ransomware can be attributed to its ability to generate higher profits in a shorter space of time than other types of malware.

Cybercriminals can “subscribe” to Ransomware-as-a-service (RaaS) for free. Once they become partners in the program, they pay for the service after the attack happens. The payment amount is determined by a percentage of the ransom paid by the victim, typically ranging from 10 percent to 40 percent of each transaction. However, entering the program is no simple task, as it entails meeting rigorous requirements.

Infostealers accounted for 24 percent of malware families distributed as a service over the analyzed period. These are malicious programs designed to steal data such as credentials, passwords, banking cards and accounts, browser history, crypto wallets data, and more. 

Infostealer services are paid through a subscription model. They are priced between 100 and 300 U.S. dollars per…

Source…

Ransomware Recovery More Than 90 Percent Complete

/in


(TNS) — Dallas’ head of information technology says the city has almost fully restored its system after a ransomware attack four weeks ago.

Chief Information Officer Bill Zielinski told The Dallas Morning News that the city estimates being “more than 90% complete” in restoring IT systems and services since the cyberattack.

“Following the initial attack on May 3, the city has worked with its cyber response vendors and IT service providers to review, clean, rebuild and restore city computers and servers to normal operations,” he said.


Zielinski didn’t give a timeline on when the system would be fully restored. The city in mid-May said the recovery process could take several more weeks or months to complete.

The scope of the attack, the amount of work the city has done, and what’s left is still unclear as of Thursday. City officials have cited the criminal investigation as the main reason to not fully explain the incident, and Dallas’ communications director emailed the mayor and City Council members Wednesday urging them to stick to telling inquiring residents and media that an investigation is ongoing and that updates will be shared “as appropriate.”

Ransomware is often used to extort money from organizations by threatening to block access to files or release confidential information unless money is paid. The city hasn’t given any information about a potential ransom and has maintained that there is no evidence any personal information from employees or residents have been leaked.

Royal, the group suspected to be behind the cyberattack, on May 19 threatened to publicly release data stored by the municipal government. It doesn’t appear that has happened as of Thursday.

The city said several servers were compromised with ransomware early May 3 and that it intentionally took others offline to prevent the bad software from spreading. It led to several departments being hampered and some city services being unavailable, such as residents being unable to pay their water bills online or not being able to report non-emergency complaints via the city’s 311 app.

Catherine Cuellar, the city’s…

Source…

RANSOMWARE attacks increased by 105 percent globally in 2021

/in


Ransomware Attacks
Ransomware Attacks

The world also saw an alarming 105% surge in ransomware cyberattacks last year according to the 2022 Cyber Threat Report released by SonicWall, an internet cybersecurity company.

The attacks, according to the report, were designed to cripple people or businesses by making their computer systems unusable until they pay money or “ransom.”

Governments worldwide saw a scary 1,885% increase in ransomware attacks, and the health care industry alone faced a 755% increase in those attacks in 2021,

Ransomware also rose 104% in North America, just under the 105% average increase worldwide, according to the report.

It’s still unclear why there was such a dramatic leap. The increase in ransomware was linked to the rise in remote work and company employees working outside their office networks.

Meanwhile, it is suspected that some individual companies that pay ransomware demands could also be perpetuating that behavior.

“Ransomware operators are profit driven,” Dmitriy Ayrapetov, the VP of platform architecture at SonicWall, was quoted as saying. “As long as there is a profit they will continue to bring in new players, actors, etc. And of course, on the other side, a lack of security or a lack of preparation allows for this to continue.”

High-profile attacks 

Last year, ransomware attacks hit supply chains, causing widespread system downtime, economic loss, and reputational damage, according to the report.

JBS USA, the world’s largest meat supplier, was attacked and paid an $11 million ransom in May 2021 in Bitcoin to prevent further disruption, according to CNET. The FBI attributed the attack on JBS to REvil, a Russian-speaking ransomware gang, NPR reported.

How to prevent cyberattacks:

Be vigilant about patching

One simple solution to prevent ransomware attacks is to diligently “patch” and keep your software up-to-date. Patching is when you update your computer software regularly.

“Everything that everybody uses today in the digital economy and digital society is software. All software has ongoing updates that can be applied,” Ayrapetov told Fortune. “When you run an old version of…

Source…