Tag Archive for: Mind

Inside the Mind of the Hacker: Report Shows Speed and Efficiency of Hackers in Adopting New Technologies

/in


The application of artificial intelligence is still in its infancy, but we are already seeing one major effect: the democratization of hacking.

The annual Bugcrowd report, Inside the Mind of a Hacker 2023, examines the attitudes held and methods used by the Bugcrowd pool of bug hunters. This year, the report focuses on the effect and use of artificial intelligence (AI) by hackers.

It also provides valuable insight into how malicious hackers will employ AI. For now, this is centered around the use of LLM GPTs, such as ChatGPT. There are numerous ‘specialist’ GPTs appearing, but for the most part they are wrappers around the GPT4 engine. ChatGPT remains the primary tool of hackers.

Seventy-two percent of Bugcrowd’s hackers do not believe AI will ever replicate their human creativity. Despite this, 64% already use AI in their hacking workflow, and a further 30% plan to do so in the future. “I agree completely with the majority that [AI] will not replace the security researchers/hacker,” says Timothy Morris, chief security advisor at Tanium. “Hacking requires skill (AI has that) but also creativity that comes from understanding context (AI does not have that). While AI may get better over the years, I don’t see it as a replacement.”

Nevertheless, it is the combination of human creativity with AI workflow support that is changing the face of hacking – and while that is good in the hands of ethical hackers, it is concerning in the hands of malicious hackers.

According to the report, which analyzed roughly 1,000 survey responses from hackers on the Bugcrowd Platform, hackers are already using and exploring the potential of AI in many different areas. The top use cases are currently automating tasks (50%), analyzing data (48%), identifying vulnerabilities (36%), validating findings (35%), conducting reconnaissance (33%), categorizing threats (22%), detecting anomalies (22%), prioritizing risks (22%), and training models (17%). 

To achieve these ends, hackers have been treating AI as just another tool in their toolset. The first requirement is to understand the tool, and the second is to learn how to use it. With ChatGPT, this falls into two categories –…

Source…

Inside the mind of a cybercriminal: do digital law breakers have a personality type?

/in


Antisocial, loner, computer addicted — malicious hackers have long been labeled with these stereotypes by the public. While movies and popular culture may paint a simple, unflattering portrait of the average cybercriminal, a scientific approach to the question found a more nuanced and complex picture, with many actors exhibiting skills and traits that would be considered positive or even admirable in other contexts.

A recent study led by Marleen Weulen Kranenbarg, assistant professor of criminology at Vrije University in Amsterdam, sheds new light on the specific personal characteristics of digital offenders by comparing a sample of 261 cybercrime suspects with that of offline offenders. The study found that cyber offenders have a higher level of diligence, conscientiousness, and self-regulation but scored low on modesty, fearfulness, flexibility, and aesthetic appreciation.

Studying the specific mindsets and psychological proclivities of cybercriminals may be worth the effort in part because, as the study notes, online crime continues to steadily rise as other forms of offline crime become less and less frequent. Further, online crime differs from offline crime in important ways that may shape the behavior of both cybercriminals and their victims.

“Cyberspace is a unique context in which interactions have a different nature than in the offline world. For example, offenders and victims do not need to have physical contact in cyberspace, which may lower the threshold for committing cybercrimes,” the study notes. “Additionally, cyberspace may require specific skills or characteristics that offline crimes do not. This begs the question whether decades of consolidated knowledge about offender characteristics still apply to this comparatively novel category of offenders.”

For example, studies of criminals in the physical space show that many tend to focus on short-term rewards, have lower levels of education, exhibit poor self-regulation and have higher rates of alcohol and drug use. What little research there has been on cybercriminals tend to show that these individuals are better at self-regulating their behavior, are more diligent and less willing to experiment with drugs…

Source…

NATO, with Russian hackers in mind, takes hard look at cyber strategy

/in


The core concept behind NATO is a simple one: attack one member of the bloc, and all will respond. But while that logic worked during the Cold War, does it make sense to rely exclusively on it in cyberspace?

Western strategists are increasingly saying no. Last year, the alliance quietly announced that a series of lower-level cyberattacks could, cumulatively, be a tripwire for the pact’s mutual self-defense. The move marked a sea change in NATO cyber strategy, and sparked questions about how best to bolster NATO cyber defenses – and if offense, of a sort, might be part of the solution, too.

Why We Wrote This

NATO has based its security policy on deterrence, via a mutual defense pact among members. But its strategists are rethinking that approach when it comes to the digital battlefield.

In crafting NATO’s new cyber strategy, senior security and intelligence officials for the alliance say they were informed by a series of “increasingly destructive” cyberattacks by Russian and Chinese actors over the last few years.

What the incursions had in common was that, though damaging, they fell below the threshold of armed attack. It was increasingly evident, too, that the alliance needed to be more “proactive” in cyberspace, said NATO Assistant Secretary-General David van Weel.

That could mean using “hunt forward” teams of hackers like those the United States has, who defang threats before they have a chance to cause damage.

Brussels

Article 5 is the linchpin of the NATO pact, putting adversaries on notice that an attack against one is an attack against all. Founded on the Cold War logic of deterrence, the idea is that no aggressor will strike for fear of certain retaliation from combined NATO forces.

But with modern warfare expanding to virtual battlefields, NATO strategists are overhauling their cyber tactics. That means rethinking the concept of deterrence, as well as what constitutes a cyberattack that triggers Article 5: a crucial issue amid tensions between Russia and NATO-supported (though nonmember) Ukraine.

Since 2019 it has been clear that a large-scale cyberattack on a member could trigger Article 5. But…

Source…

Top Nine Things to Keep in Mind| APN News

/in


Previous story:

Mahmood Ahmadu led OIS wins Corporate Visionary Leadership Award,at the FORBES Best of Africa Awards, organized by FORBES and FIN International

How to Prevent Ransomware Attacks: Top Nine Things to Keep in Mind

Published on August 15, 2021

By Renee Tarun, Deputy CISO/ Vice President Information Security, Fortinet

Ransomware attacks have become a massive problem for almost every industry and every organization size. In the U.S., federal officials have called it one of the biggest threats currently facing the nation. During the last year, criminals have attacked schools, shipping agencies, healthcare organizations, medical trials, and more. Given the impact these attacks can have on organizations everywhere, security professionals need to secure their systems, networks and software in new ways.

What is a Ransomware Attack?

Ransomware is a specific type of malware that holds data hostage in exchange for a ransom. As an attack methodology, it has the potential to cause severe damage. Phishing emails are a common delivery method, but ransomware can also be spread through drive-by downloading, which is when a user visits a website that’s infected. Advanced attacks take seconds to compromise endpoints, and ransomware attacks take seconds to damage your systems and infrastructure. That’s why it’s critical to ensure your organization is prepared. As attacks grow in sophistication, the impact of ransomware goes beyond financial losses and the productivity loss associated with systems going down.

Attempted attacks and data breaches are inevitable, and no organization wants to be forced to decide between paying a ransom and losing important data. Fortunately, those aren’t the only two options. The best option is to keep from being forced into that decision in the first place. This approach requires a layered security model that includes network, endpoint, application, and data-center controls powered by proactive global threat intelligence. With that in mind, here are nine things to consider to give your organization the best chance of avoiding ransomware attacks.

Top Nine Things to Keep in Mind to Avoid Ransomware Attacks

1. Email gateway security and…

Source…