Tag: model | Page 3

Extortion Economics: Ransomware’s New Business Model

September 26, 2022/in Internet Security

Did you know that over 80% of ransomware attacks can be traced to common configuration errors in software and devices? This ease of access is one of many reasons why cybercriminals have become emboldened by the underground ransomware economy.

And yet, many threat actors are working within a limited pool of ransomware groups. Although ransomware is a headline-grabbing topic, it’s ultimately being driven forward by a relatively small and interconnected ecosystem of players. The specialization and consolidation of the cybercrime economy has fueled ransomware as a service (RaaS) to become a dominant business model — enabling a wider range of criminals to deploy ransomware regardless of their technical expertise. This, in turn, has forced all of us to become cybersecurity defenders.

When Microsoft is developing threat intelligence, we don’t just rely on open forum monitoring and ransomware claims to identify emerging cybercrime trends. We also observe end-to-end events as they occur. This has allowed us to identify patterns in cybercriminal activity and turn cybercrime into a preventable disruption to business. Once businesses can address the problems and network gaps that industrialized tools rely on to succeed, they can better strengthen their cybersecurity position. Here are some of our top tips.

Understanding how RaaS works

Before you can defend against ransomware, you must first know how it operates. Ransomware is not targeted. Instead, ransomware takes advantage of existing security compromises in order to gain access to internal networks. Cybercriminals have adopted a maximum-efficiency approach when it comes to ransomware. In the same way that businesses hire gig workers to cut down on costs, cybercriminals have turned to renting or selling their ransomware tools for a portion of the profits rather than performing the attacks themselves.

This flourishing RaaS economy allows cybercriminals to purchase access to ransomware payloads and data leakage as well as payment infrastructure. What we think of as ransomware “gangs” are in reality RaaS programs like Conti or REvil, used by the many different actors who switch between RaaS programs and…

Source…

Rock Art Detection with an ML Model – OpenGov Asia

June 29, 2022/in Internet Security

With the rapid advancement of global technology development, the Hong Kong Applied Science and Technology Research Institute (ASTRI) is engaging more enterprises in the cooperation and common development of “industry, academia and research”, ASTRI has, thus, launched the “IPs and Service Offerings for Technology Start-ups and SMEs”, selected 20 innovative technological companies from varying categories of entry services, including 8 hardware, 6 software and 6 consulting service companies, with the entry price of HK$50,000 to HK$150,000.

ASTRI focuses on transferring technology to the industry, transforming it into commodities, developing high-quality and affordable patents, information and communication technologies, and creating important and far-reaching influence. In cooperation with research institutions, enterprises and academia, ASTRI researches important technologies that the industry pays attention to, and assists enterprises to enhance their competitiveness.

The relevant scientific research projects selected have a wide range of content, mainly to solve company evaluation, technology and network security issues, writing, electronic technology and electricity issues and more. Private institutions in Hong Kong can contact relevant professionals and engineers at ASTRI for assistance and enquiries.

Hong Kong’s scientific research has undergone many years of development. However, many start-ups, and even small and medium-sized enterprises that have been rooted in Hong Kong for many years striving to improve the field of technology, have been paying high fees for the solutions to technical problems.

Until now, no platform provided cost-effective solutions for them, and their business needs were not understood. Thus, the support provided via the “IPs and Service Offerings for Technology Start-ups and SMEs” caters to the needs of enterprises and is expected to help the industry to solve their difficulties.

Since its establishment 22 years ago, ASTRI has provided different innovative technology software, hardware or technical support to various government departments, public organizations and many private enterprises in Hong Kong, contributing to the smooth…

Source…

Tesla Model 3, Model Y’s keyless entry system can be compromised, shows hacker

May 17, 2022/in Computer Security

A cybersecurity researcher noted that tinkering with Tesla’s keyless entry system relies on Bluetooth Low Energy (BLE) protocol.

By : HT Auto Desk
|
Updated on:
17 May 2022, 07:27 AM

While Tesla’s keyless entry system may be one of its most convenient features, it also has a loophole. A cybersecurity researcher has demonstrated to Bloomberg how the technology can be compromised, allowing thieves to unlock and drive off with certain models of electric vehicles from Tesla. According to Sultan Qasim Khan, principal security consultant at security firm NCC Group, hackers can redirect communications between a car owner’s mobile phone, or key fob, and the car, especially in case of Tesla Model 3 and Model Y.

Outsiders can fool the keyless entry system into thinking the owner is located physically near the vehicle. Khan, however, clarified that the hack is not specific to Tesla but he demonstrated the hack on one Tesla’s car models. He stated that the result of his tinkering with Tesla’s keyless entry system relies on Bluetooth Low Energy (BLE) protocol.

(Also read | Tesla puts India entry plan on hold after deadlock on EV tariffs: Sources)

However, there is no evidence that thieves have actually used the hack to improperly access Tesla vehicles. The researcher further noted that to fix the issue, the carmaker would need to alter its hardware and change its keyless entry system. The revelation comes after another security researcher, David Colombo, revealed a way of hijacking some functions on Tesla vehicles, such as opening and closing doors and controlling music volume.

During the demonstration to Bloomberg, Khan conducted a so-called relay attack, in which a hacker uses two small hardware devices that forward communications. To unlock the car, he placed one relay device within roughly 15 yards of the Tesla owner’s smartphone or key fob and a second, plugged into his laptop, near to the car.

The technology utilized custom computer code that Khan had designed for Bluetooth development kits, which are sold online for less than $50. The hardware needed, in addition to the custom software, costs roughly $100, and can also be…

Source…

NowSecure’s Brian Reed: Agencies Need Continuous Monitoring Model to Protect Mobile App Portfolios

December 1, 2021/in Mobile Security

Brian Reed, chief mobility officer at NowSecure, said government agencies should have programs in place to facilitate continuous monitoring of mobile applications to detect and address vulnerabilities that could pose security risks to employees and data.

Reed wrote that agencies should commit to ensuring the security of mobile apps and establish mission data protections and access restrictions.

He called on agencies to conduct a thorough review of employees’ access to mission-oriented apps by developing “profile differences based on levels of device control and authority versus mission requirements.”

Agencies should come up with a vetting program for mobile apps, which Reed said involves three stages. The initial stage calls for organizations to develop an inventory of all the devices and apps on the network and the second phase requires the establishment of a process for assessing new applications. The last stage focuses on continuous monitoring of every mobile app’s new version once it is launched.

“By understanding and addressing the risks associated with mobile apps, agencies can support employee productivity with mobile tools while protecting mission data on the device, in the apps and over the network,” Reed noted.

He cited NowSecure’s automated software offering and how it helps agencies perform continuous app monitoring to safeguard their app portfolios.

Source…

Tag Archive for: model