Tag Archive for: Presents

According to Researchers, Google’s Bard Presents a Ransomware Threat / Digital Information World

/in


The introduction of AI is revolutionary in and of itself. But with such a rapidly evolving technology accessible to common folks, the chances of users exploiting it for unethical and fraudulent purposes are high. Google’s AI chatbot, Bard, is reported to willingly produce harmful phishing emails when given prompts. By tweaking the wording of those prompts in a specific manner, Bard even can generate basic ransomware code. Check Point, a cybersecurity firm, stated that Bard has gone beyond its competitor, ChatGPT when it comes to cybersecurity.

In light of recent worries regarding the potential misuse of OpenAI’s large-language model in generating harmful programs and threats, Check Point conducted a research proceeding with absolute caution. ChatGPT has enhanced security measures in comparison to Google’s Bard, which has yet to reach that level of security.

Check Point’s researchers gave both ChatGPT and Bard identical prompts. Upon querying for phishing emails were refused by both AI programs. But the findings showcased the difference between both AI programs — ChatGPT explicitly stated that engaging in such activities was considered fraudulent, Bard, on the other hand, claimed that it could not fulfill the request. Furthermore, results showed that ChatGPT continued to decline their request when prompted for a particular type of phishing email, while Bard began providing a well-written response.

However, both Bard and ChatGPT firmly refused when Check Point prompted them both to write a harmful ransomware code. They both declined no matter what, despite their attempts at tweaking the wording a bit by telling the AI programs that it was just for security purposes. But it didn’t take the researchers that long to get around Bard’s security measures. They instructed the AI model to describe common behaviours performed by ransomware, and results showed that Bard had spurted out an entire array of malicious activities in response.

Subsequently, the team went further to append the list of ransomware functions generated by the AI model. They asked it to provide a code to do certain tasks, but Bard’s security was foolproof and claimed it could not proceed with such a…

Source…

Cyber engineering, computer science team publishes a paper and presents research on popular app vulnerabilities

/in


Hacking a safety app netted a Louisiana Tech University Computer Science graduate student a publishing credit, a trip to Hawaii, and the opportunity to present the research at an international conference.

Louisiana Tech Cyber Engineering alumnus and current MS Computer Science and CyberCorps ®: Scholarship for Service student Jonah Fitzgerald (‘22), along with fellow Cyber Engineering program alumni Thomas Mason (‘22) and Brian Mulhair (‘22), discovered a vulnerability in the Louisiana Department of Health COVID Defense contact tracing app that allows hackers to attack neighboring devices.

As seniors researching a paper assignment for Dr. William Bradley Glisson’s Computer Science 448/543, Cyber Engineering 404 “Reverse Engineering” class, the team discovered the symptoms history share feature of the app could be modified to send a malicious link via email, WIFI, and nearby share systems. The team was able to demonstrate two attacks using the link: They were able to harvest credentials by redirecting users to a fake page resembling the My.LA.Gov page and installing an Android app on the target phone to access all the information in that phone.

With additional guidance from Glisson, the team improved their results, presented the research to Glisson’s Cybersecurity Information Technology Exploration Research Group, and submitted the paper to the conference.

Fitzgerald then had the opportunity to travel to Ka’anapali Beach on the island of Maui to present the team’s findings at the 56th Hawaii International Conference on System Sciences “Internet and the Digital Economy” track and “Cybercrime” mini-track.

“I wanted to get involved with this research because I felt I could make a meaningful contribution to improving mobile app security and fighting the COVID-19 pandemic,” Fitzgerald said. “I feel that my Tech education in cyber engineering prepared me for success in solving these types of problems by rapidly learning new concepts like reverse engineering and tackling tough challenges in cybersecurity and computer science.”

Fitzgerald, who is continuing his graduate education with Louisiana Tech and is a member of the Louisiana Tech Research…

Source…

Quantum Computing Attacks Still Years Off, but “Hack Now Decrypt Later” Presents Immediate Cyber Risk

/in


Quantum computing attacks, which are feared to utterly break modern encryption on the internet, are still about a decade from being viable. They are widely seen as an inevitability, however, and that has not stopped attackers from preparing well in advance. A new poll from Deloitte finds there is an immediate and significant cyber risk from “harvest now decrypt later” (HNDL) attacks, in which attackers steal encrypted information and simply sit on it until quantum computing advances make it trivial to crack.

Among other findings, a little over half of the IT professionals surveyed say that their organizations are presently at risk of HNDL attacks. But fewer than half are presently on top of their analysis of this emerging cyber risk, and about 11% say there will need to be a cyber incident (the point at which it is far too late) before their leadership will be driven to do something about the threat.

Seemingly distant cyber risk already in the early exploitation stages

The Deloitte poll included the input of over 400 IT professionals working at organizations that are actively considering the benefits of quantum computing, though not necessarily the new level of cyber risk that accompanies it. Only a little over 26% said that they have completed a risk assessment at this point. 18% have plans to do it this year, and 16% say that they will do it in the next two to five years. 13% say they either do not plan to do it for more than five years or have no intention of doing it at all.

Roughly the same amount of organizations that plan to perform a cyber risk assessment well before quantum computing is expected to become a threat, a little over half of all respondents, also feel that HNDL is an immediate threat to their organization. 21% do not feel it is a threat, and 28% do not know.

What would push some of the more reluctant organizations to take quantum computing threats seriously? 27% of respondents said that it would take regulatory pressure. 20% believe leadership will have to be convinced to demand change, 15% think change will be sparked if competitors are observed doing it, and 11% said it would take nothing less than getting hit with a quantum computing attack to move the…

Source…

A blockchain expert explains how North Korea’s $625 million crypto hack presents a new national security threat — and why it marks a shift in the global ‘digital battlefield’

/in


  • North Korea’s huge crypto hack marks a new era in cybersecurity threats.
  • “If there was ever a doubt that hacks were not tied to national security, that’s been resolved,” a blockchain expert told Insider.

US authorities this week tied North Korean hackers to the historic $625 million Axie Infinity crypto swindle, with the massive hack signifying the emergence of a new type of national security threat, according to a blockchain expert.

On Thursday, the US Treasury Department added an Ethereum wallet address to its sanction list after the wallet facilitated transfers for more than $86 million of the stolen funds.

The hacking outfits Lazarus and APT38, both linked to North Korea, were behind the theft, the FBI said in a statement, and the funds are generating revenue for Kim Jong Un’s regime.

Ari Redbord, head of legal and government affairs at blockchain research firm TRM, says the attack shows that even a nation as isolated as North Korea can participate in new-age cyber-warfare.

“Over the last few years many hacks have been perpetrated by North Korea,” Redbord told Insider. “But the magnitude of this one shows things have moved from small exploits to true national security concerns. It’s staggering — bank robbery at the speed of the internet.”

For years, North Korean actors have been responsible for cyberattacks, including a high-profile hit against Sony in 2014. But groups like Lazarus have grown increasingly sophisticated and ambitious.

Meanwhile, businesses within the nascent crypto sector are still finding their footing when it comes to cybersecurity, which makes them vulnerable to hacking groups which are continuously honing their tactics.

“North Korea realized a hack against an online retailer was one thing, but going after crypto exchanges is a more effective way to fund destabilizing activity at a very low cost to them,” Redbord said.

The country was an early adopter of cryptocurrency money laundering, he added, and there’s no sign it’s bad actors will slow their efforts since it’s proven to be extremely profitable.

What’s more, Redbord noted that social engineering attacks, such as the Axie Infinity infiltration, are becoming more advanced.

These hacks aren’t a…

Source…