Tens of thousands of Microsoft users reported serious service disruptions affecting the company’s flagship office suite products in early June, leaving them unable to access essential remote-work tools like Outlook email and One-Drive file-sharing apps.
The cause of the sporadic service disruptions, which Reuters reported lasted more than two hours, were initially unclear, according to the company’s tweets at the time. But now, the software company has identified a cause of the outages: a distributed denial-of-service (DDoS) attack executed by “Anonymous Sudan,” a cybercriminal group with alleged Russian ties.
Microsoft attributed the service outages during the week of June 5 to the cybercriminal group in a statement on its website Friday. Slim on details, the post said the attacks “temporarily impacted availability” of some services. The company also said the attackers were focused on “disruption and publicity” and likely used rented cloud infrastructure and virtual private networks to bombard Microsoft servers from so-called botnets of zombie computers around the globe.
The Microsoft post linked the attackers to a group known as “Storm-1359,” using a term it assigns to groups whose affiliation it has not yet established. However, a Microsoft representative told the Associated Press that the group dubbed Anonymous Sudan was behind the attacks.
Microsoft said there was no evidence any customer data was accessed or compromised. The company did not immediately respond to CBS MoneyWatch’s request for comment.
Not sophisticated
While DDoS attacks are mainly a nuisance, making websites unreachable without penetrating them, security experts say they can disrupt the work of millions of people if they successfully interrupt popular tech services.
“DDoS is significant in terms of consumer usage, [meaning] you can’t get into a website, but it’s not a sophisticated attack,” Gil Messing, chief of staff at software and security firm Check Point, told CBS MoneyWatch.
Since the attack, Microsoft has taken several steps to guard against future DDoS attacks, including “tuning” its Azure Web Application Firewall, which serves as a line of defense against potential attacks, the company said in its statement.
Microsoft will need such precautions to ward off future attackers, who may be emboldened by the success of Anonymous Sudan’s attack, Steven Adair, president of cybersecurity firm Volexity, told CBS MoneyWatch.
“It looks like [Anonymous Sudan’s] DDoS efforts were met with a small level of success and that has gained quite a bit of attention,” Adair said. “It could spawn copycat attempts, but we are hoping this is not the case.”
BOSTON — In early June, sporadic but serious service disruptions plagued Microsoft’s flagship office suite — including the Outlook email and OneDrive file-sharing apps — and cloud computing platform. A shadowy hacktivist group claimed responsibility, saying it flooded the sites with junk traffic in distributed denial-of-service attacks.
Initially reticent to name the cause, Microsoft has now disclosed that DDoS attacks by the murky upstart were indeed to blame.
But the software giant has offered few details — and did not immediately comment on how many customers were affected and whether the impact was global. A spokeswoman confirmed that the group that calls itself Anonymous Sudan was behind the attacks. It claimed responsibility on its Telegram social media channel at the time. Some security researchers believe the group to be Russian.
Microsoft’s explanation in a blog post Friday evening followed a request by The Associated Press two days earlier. Slim on details, the post said the attacks “temporarily impacted availability” of some services. It said the attackers were focused on “disruption and publicity” and likely used rented cloud infrastructure and virtual private networks to bombard Microsoft servers from so-called botnets of zombie computers around the globe.
Microsoft said there was no evidence any customer data was accessed or compromised.
While DDoS attacks are mainly a nuisance — making websites unreachable without penetrating them — security experts say they can disrupt the work of millions if they successfully interrupt the services of a software service giant like Microsoft on which so much global commerce depends.
It’s not clear if that’s what happened here.
“We really have no way to measure the impact if Microsoft doesn’t provide that info,” said Jake Williams, a prominent cybersecurity researcher and a former National Security Agency offensive hacker. Williams said he was not aware of Outlook previously being attacked at this scale.
“We know some resources were inaccessible for some, but not others. This often happens with DDoS of globally distributed systems,” Williams added. He said Microsoft’s apparent unwillingness to provide an objective measure of customer impact “probably speaks to the magnitude.”
Microsoft dubbed the attackers Storm-1359, using a designator it assigns to groups whose affiliation it has not yet established. Cybersecurity sleuthing tends to take time — and even then can be a challenge if the adversary is skilled.
Pro-Russian hacking groups including Killnet — which the cybersecurity firm Mandiant says is Kremlin-affiliated — have been bombarding government and other websites of Ukraine’s allies with DDoS attacks. In October, some U.S. airport sites were hit. Analyst Alexander Leslie of the cybersecurity firm Recorded Future said it’s unlikely Anonymous Sudan is located as it claims in Sudan, an African country. The group works closely with Killnet and other pro-Kremlin groups to spread pro-Russian propaganda and disinformation, he said.
Edward Amoroso, NYU professor and CEO of TAG Cyber, said the Microsoft incident highlights how DDoS attacks remain “a significant risk that we all just agree to avoid talking about. It’s not controversial to call this an unsolved problem.”
He said Microsoft’s difficulties fending of this particular attack suggest “a single point of failure.” The best defense against these attacks is to distribute a service massively, on a content distribution network for example.
Indeed, the techniques the attackers used are not old, said U.K. security researcher Kevin Beaumont. “One dates back to 2009,” he said.
Serious impacts from the Microsoft 365 office suite interruptions were reported on Monday June 5, peaking at 18,000 outage and problem reports on the tracker Downdetector shortly after 11 a.m. Eastern time.
On Twitter that day, Microsoft said Outlook, Microsoft Teams, SharePoint Online and OneDrive for Business were affected.
Attacks continued through the week, with Microsoft confirming on June 9 that its Azure cloud computing platform had been affected.
On June 8, the computer security news site BleepingComputer.com reported that cloud-based OneDrive file-hosting was down globally for a time.
Microsoft said at the time that desktop OneDrive clients were not affected, BleepingComputer reported.
BOSTON — In early June, sporadic but serious service disruptions plagued Microsoft’s flagship office suite — including the Outlook email and OneDrive file-sharing apps — and cloud computing platform. A shadowy hacktivist group claimed responsibility, saying it flooded the sites with junk traffic in distributed denial-of-service attacks.
Initially reticent to name the cause, Microsoft has now disclosed that DDoS attacks by the murky upstart were indeed to blame.
But the software giant has offered few details — and did not immediately comment on how many customers were affected and whether the impact was global. A spokeswoman confirmed that the group that calls itself Anonymous Sudan was behind the attacks. It claimed responsibility on its Telegram social media channel at the time. Some security researchers believe the group to be Russian.
Microsoft’s explanation in a blog post Friday evening followed a request by The Associated Press two days earlier. Slim on details, the post said the attacks “temporarily impacted availability” of some services. It said the attackers were focused on “disruption and publicity” and likely used rented cloud infrastructure and virtual private networks to bombard Microsoft servers from so-called botnets of zombie computers around the globe.
Microsoft said there was no evidence any customer data was accessed or compromised.
While DDoS attacks are mainly a nuisance — making websites unreachable without penetrating them — security experts say they can disrupt the work of millions if they successfully interrupt the services of a software service giant like Microsoft on which so much global commerce depends.
It’s not clear if that’s what happened here.
“We really have no way to measure the impact if Microsoft doesn’t provide that info,” said Jake Williams, a prominent cybersecurity researcher and a former National Security Agency offensive hacker. Williams said he was not aware of Outlook previously being attacked at this scale.
“We know some resources were inaccessible for some, but not others. This often happens with DDoS of globally distributed systems,” Williams added. He said Microsoft’s apparent unwillingness to provide an objective measure of customer impact “probably speaks to the magnitude.”
Microsoft dubbed the attackers Storm-1359, using a designator it assigns to groups whose affiliation it has not yet established. Cybersecurity sleuthing tends to take time — and even then can be a challenge if the adversary is skilled.
Pro-Russian hacking groups including Killnet — which the cybersecurity firm Mandiant says is Kremlin-affiliated — have been bombarding government and other websites of Ukraine’s allies with DDoS attacks. In October, some U.S. airport sites were hit. Analyst Alexander Leslie of the cybersecurity firm Recorded Future said it’s unlikely Anonymous Sudan is located as it claims in Sudan, an African country. The group works closely with Killnet and other pro-Kremlin groups to spread pro-Russian propaganda and disinformation, he said.
Edward Amoroso, NYU professor and CEO of TAG Cyber, said the Microsoft incident highlights how DDoS attacks remain “a significant risk that we all just agree to avoid talking about. It’s not controversial to call this an unsolved problem.”
He said Microsoft’s difficulties fending of this particular attack suggest “a single point of failure.” The best defense against these attacks is to distribute a service massively, on a content distribution network for example.
Indeed, the techniques the attackers used are not old, said U.K. security researcher Kevin Beaumont. “One dates back to 2009,” he said.
Serious impacts from the Microsoft 365 office suite interruptions were reported on Monday June 5, peaking at 18,000 outage and problem reports on the tracker Downdetector shortly after 11 a.m. Eastern time.
On Twitter that day, Microsoft said Outlook, Microsoft Teams, SharePoint Online and OneDrive for Business were affected.
Attacks continued through the week, with Microsoft confirming on June 9 that its Azure cloud computing platform had been affected.
On June 8, the computer security news site BleepingComputer.com reported that cloud-based OneDrive file-hosting was down globally for a time.
Microsoft said at the time that desktop OneDrive clients were not affected, BleepingComputer reported.
BOSTON — In early June, sporadic but serious service disruptions plagued Microsoft’s flagship office suite — including the Outlook email and OneDrive file-sharing apps — and cloud computing platform. A shadowy hacktivist group claimed responsibility, saying it flooded the sites with junk traffic in distributed denial-of-service attacks.
Initially reticent to name the cause, Microsoft has now disclosed that DDoS attacks by the murky upstart were indeed to blame.
But the software giant has offered few details — and did not immediately comment on how many customers were affected and whether the impact was global. A spokeswoman confirmed that the group that calls itself Anonymous Sudan was behind the attacks. It claimed responsibility on its Telegram social media channel at the time. Some security researchers believe the group to be Russian.
Microsoft’s explanation in a blog post Friday evening followed a request by The Associated Press two days earlier. Slim on details, the post said the attacks “temporarily impacted availability” of some services. It said the attackers were focused on “disruption and publicity” and likely used rented cloud infrastructure and virtual private networks to bombard Microsoft servers from so-called botnets of zombie computers around the globe.
Microsoft said there was no evidence any customer data was accessed or compromised.
While DDoS attacks are mainly a nuisance — making websites unreachable without penetrating them — security experts say they can disrupt the work of millions if they successfully interrupt the services of a software service giant like Microsoft on which so much global commerce depends.
It’s not clear if that’s what happened here.
“We really have no way to measure the impact if Microsoft doesn’t provide that info,” said Jake Williams, a prominent cybersecurity researcher and a former National Security Agency offensive hacker. Williams said he was not aware of Outlook previously being attacked at this scale.
“We know some resources were inaccessible for some, but not others. This often happens with DDoS of globally distributed systems,” Williams added. He said Microsoft’s apparent unwillingness to provide an objective measure of customer impact “probably speaks to the magnitude.”
Microsoft dubbed the attackers Storm-1359, using a designator it assigns to groups whose affiliation it has not yet established. Cybersecurity sleuthing tends to take time — and even then can be a challenge if the adversary is skilled.
Pro-Russian hacking groups including Killnet — which the cybersecurity firm Mandiant says is Kremlin-affiliated — have been bombarding government and other websites of Ukraine’s allies with DDoS attacks. In October, some U.S. airport sites were hit. Analyst Alexander Leslie of the cybersecurity firm Recorded Future said it’s unlikely Anonymous Sudan is located as it claims in Sudan, an African country. The group works closely with Killnet and other pro-Kremlin groups to spread pro-Russian propaganda and disinformation, he said.
Edward Amoroso, NYU professor and CEO of TAG Cyber, said the Microsoft incident highlights how DDoS attacks remain “a significant risk that we all just agree to avoid talking about. It’s not controversial to call this an unsolved problem.”
He said Microsoft’s difficulties fending of this particular attack suggest “a single point of failure.” The best defense against these attacks is to distribute a service massively, on a content distribution network for example.
Indeed, the techniques the attackers used are not old, said U.K. security researcher Kevin Beaumont. “One dates back to 2009,” he said.
Serious impacts from the Microsoft 365 office suite interruptions were reported on Monday June 5, peaking at 18,000 outage and problem reports on the tracker Downdetector shortly after 11 a.m. Eastern time.
On Twitter that day, Microsoft said Outlook, Microsoft Teams, SharePoint Online and OneDrive for Business were affected.
Attacks continued through the week, with Microsoft confirming on June 9 that its Azure cloud computing platform had been affected.
On June 8, the computer security news site BleepingComputer.com reported that cloud-based OneDrive file-hosting was down globally for a time.
Microsoft said at the time that desktop OneDrive clients were not affected, BleepingComputer reported.
Senior government officials are racing to limit the impact of what’s believed to be a global cyberattack affecting U.S. federal agencies and allies, including NATO member countries.
The Cybersecurity and Infrastructure Security Agency (CISA) confirmed in a statement Thursday that it was providing support to several federal agencies “that have experienced intrusions affecting their [file transfer] applications.”
“We are working urgently to understand impacts and ensure timely remediation,” the statement continued.
Anne Neuberger, deputy national security advisor for cyber and emerging technology for the National Security Council, told CBS News Thursday that the hackers “compromised a vulnerability in a widely used software” that companies worldwide use “to move large files.”
“They’ve (the hackers) started releasing some of the data that was stolen as part of their work to extort these companies,” Neuberger said. “We strongly encourage anyone who was a user of the software to, of course, patch, lock down their systems.”
One cybersecurity expert characterized the breach as one of the largest theft and extortion events in recent history. Victims include Johns Hopkins University, the University of Georgia, the BBC and British Airways.
Cybersecurity experts say the hacking gang has been active since at least 2014 and is believed to operate from Russia with the tacit approval of Moscow’s intelligence services. CISA Director Jen Easterly identified the hackers as CLOP Ransomware.
“They’re basically taking data and looking to extort it,” Easterly said.
Brett Callow, a cyber threat analyst with Emsisoft, told CBS News that there were 47 confirmed victims so far, “plus a number of as yet unidentified U.S. government agencies.” He added that CLOP claimed “hundreds of organizations have been impacted.”
Late Thursday afternoon, a senior CISA official declined to identify which government agencies had been affected, but noted that the Energy Department had issued a statement indicating it had reported an incident to CISA. The official also said that at this time, there is no indication that any of the military branches or the intelligence community were impacted.
Further, no federal agencies have so far received extortion demands and no federal data has been leaked, the official said.
Many organizations had already patched the vulnerability before the cyber actors were able to intrude, according to CISA.
CLOP works by seizing sensitive data and holding it for ransom, threatening “after 7 days your data will start to be published.” It’s exploiting a vulnerability in a software program called MoveIt Transfer, which is widely used to transfer data.
A CISA analyst note described CLOP as a ransomware variant that uses a double extortion ransomware strategy. The cybercriminal gang steals the information before encrypting it and then demands a ransom to head off the leaking of that information on CLOP’s ransomware site.
At this point, Easterly says the government is “focused specifically on the federal agencies that may be impacted” and is “working hand-in-hand with them to mitigate the risk.”
“We understand there are businesses, though, around the world,” she added.
Researcher Bret Callow says victims also include banks and credit unions.
The FBI and CISA warned last week that in late May, a ransomware gang began exploiting a vulnerability in a the file-sharing software MoveIt Transfer.
The FBI declined to comment, but referred CBS News to the security advisory about MoveIt, which also encouraged private sector partners to implement recommended measures to protect themselves from the ransomware and to report any suspicious cyber activity to local FBI offices and CISA.
— Nicole Sganga and Robert Legare contributed to this report.
The Department of Energy and several other federal agencies were compromised in a Russian cyber-extortion gang’s global hack of a file-transfer program popular with corporations and governments, but the impact was not expected to be great, Homeland Security officials said Thursday.
But for others among what could be hundreds of victims from industry to higher education — including patrons of at least two state motor vehicle agencies — the hack was beginning to show some serious impacts.
Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, told reporters that unlike the meticulous, stealthy SolarWinds hacking campaign attributed to state-backed Russian intelligence agents that was months in the making, this campaign was short, relatively superficial and caught quickly.
“Based on discussions we have had with industry partners … these intrusions are not being leveraged to gain broader access, to gain persistence into targeted systems, or to steal specific high value information— in sum, as we understand it, this attack is largely an opportunistic one,” Easterly said.
“Although we are very concerned about this campaign and working on it with urgency, this is not a campaign like SolarWinds that presents a systemic risk to our national security or our nation’s networks,” she added.
A senior CISA official said neither the U.S. military nor intelligence community was affected. Energy Department spokesperson Chad Smith said two agency entities were compromised but did not provide more detail.
Known victims to date include Louisiana’s Office of Motor Vehicles, Oregon’s Department of Transportation, the Nova Scotia provincial government, British Airways, the British Broadcasting Company and the U.K. drugstore chain Boots. The exploited program, MOVEit, is widely used by businesses to securely share files. Security experts say that can include sensitive financial and insurance data.
Louisiana officials said Thursday that people with a driver’s license or vehicle registration in the state likely had their personal information exposed. That included their name, address, Social Security number and birthdate. They encouraged Louisiana residents to freeze their credit to guard against identity theft.
The Oregon Department of Transportation confirmed Thursday that the attackers accessed personal information, some sensitive, for about 3.5 million people to whom the state issued identity cards or driver’s licenses.
The Cl0p ransomware syndicate behind the hack announced last week on its dark web site that its victims, who it suggested numbered in the hundreds, had until Wednesday to get in touch to negotiate a ransom or risk having sensitive stolen data dumped online.
The gang, among the world’s most prolific cybercrime syndicates, also claimed it would delete any data stolen from governments, cities and police departments.
The senior CISA official told reporters a “small number” of federal agencies were hit — declining to name them — and said “this is not a widespread campaign affecting a large number of federal agencies.” The official, speaking on condition of anonymity to discuss the breach, said no federal agencies had received extortion demands and no data from an affected federal agency had been leaked online by Cl0p.
U.S. officials “have no evidence to suggest coordination between Cl0p and the Russian government,” the official said.
The parent company of MOVIEit’s U.S. maker, Progress Software, alerted customers to the breach on May 31 and issued a patch. But cybersecurity researchers say scores if not hundreds of companies could by then have had sensitive data quietly exfiltrated.
“At this point, we are seeing industry estimates of several hundred of victims across the country,” the senior CISA official said. Federal officials encouraged victims to come forward, but they often don’t. The U.S. lacks a federal data breach law, and disclosure of hacks varies by state. Publicly traded corporations, health care providers and some critical infrastructure purveyors do have regulatory obligations.
The cybersecurity firm SecurityScorecard says it detected 2,500 vulnerable MOVEit servers across 790 organizations, including 200 government agencies. It said it was not able to break down those agencies by country.
The Office of the Comptroller of the Currency in the Treasury Department uses MOVEit, according to federal contracting data. Spokeswoman Stephanie Collins said the agency was aware of the hack and has been monitoring the situation closely. She said it was “conducting detailed forensic analysis of system activity and has not found any indications of a breach of sensitive information.” She would not say how the agency uses the file-transfer program.
The hackers were actively scanning for targets, penetrating them and stealing data at least as far back as March 29, said SecurityScorecard threat analyst Jared Smith.
This is far from the first time Cl0p has breached a file-transfer program to gain access to data it could then use to extort companies. Other instances include GoAnywhere servers in early 2023 and Accellion File Transfer Application devices in 2020 and 2021.
The Associated Press emailed Cl0p on Thursday asking what government agencies it had hacked. It did not receive a response, but the gang posted a new message on its dark web leak site saying: “We got a lot of emails about government data, we don’t have it we have completely deleted this information we are only interested in business.”
Cybersecurity experts say the Cl0p criminals are not to be trusted to keep their word. Allan Liska of the firm Recorded Future has said he is aware of at least three cases in which data stolen by ransomware crooks appeared on the dark web six to 10 months after victims paid ransoms.
—
AP reporters Sara Cline in Baton Rouge, Louisiana, Eugene Johnson in Seattle and Nomaan Merchant and Rebecca Santana in Washington contributed to this report.
Opinions expressed by Entrepreneur contributors are their own.
Imagine a home filled with sophisticated locks, CCTV cameras, and a state-of-the-art security system. Yet, the owner leaves the back door wide open. This is precisely what’s happening in the world of corporate cybersecurity. As organizations fret over the potential risks of remote work, new research suggests the real dangers lurk within the office itself. That finding from a groundbreaking study from the Farmer School of Business at Miami University is definitely a surprise to me and my clients who I help transition to hybrid and remote work, and it will inform some valuable conversations going forward.
The unexpected benefits of remote work on cybersecurity
The Farmer School of Business researchers discovered that remote workers exhibit a higher level of cybersecurity awareness and take more security-related precautions than their in-office counterparts (forthcoming in the July issue of Computers & Security). That’s right — working from home might actually make employees more vigilant when it comes to cybersecurity. In my emailed interview with the author Joseph K. Nwankpa, he told me “When we surveyed remote workers, we expected the results to reveal cybersecurity complacency, but surprisingly, the survey revealed remote cyber vigilance.”
This surprising outcome can be attributed to the so-called “Peltzman Effect” and the complacency framework, which the study draws upon to explore how remote working may trigger a moral hazard regarding employee cybersecurity awareness and security-based precaution-taking. Remote employees tend to feel a heightened sense of responsibility for their own cybersecurity, while office workers often become complacent, trusting their companies to handle cyber threats on their behalf.
Imagine being on a cruise ship with an impeccable safety record. You might feel so secure that you skip the safety drill and neglect to learn the location of the lifeboats. This is the complacency effect in action. Office workers, surrounded by the perceived safety of their company’s cybersecurity measures, may be less likely to follow best practices and take necessary precautions.
The study cites prior research that reveals how employees working within the corporate office and boundaries trust their firms to develop, maintain and update security countermeasures to mitigate cybersecurity threats and risks. As a result, these employees are not apt or mindful of security threats and concerns, leading to constrained cybersecurity awareness.
On the other hand, remote workers, like sailors navigating stormy seas, understand that they must be constantly vigilant. This heightened awareness leads them to take more security-based precautions, ultimately keeping their company’s digital assets safer.
Indeed, the human element of security is enhanced through a switch to remote work. Thus, Nwankpa stated “Our study found that working from the office within corporate firewalls and security boundaries induced employees to exhibit risky cybersecurity behavior, such as diminished cybersecurity awareness and precaution-taking. However, switching to remote work made employees feel insecure, leading to heightened cybersecurity awareness and cybersecurity precautionary measures.”
The pivotal role of information security policy compliance
The study also found that information security policy compliance played a significant role in remote workers’ heightened cybersecurity awareness. This suggests that companies must prioritize and enforce their security policies to ensure that all employees, whether in the office or at home, are adequately prepared to handle cyber threats.
The research model used in the study examined the impact of remote working on security-based precaution-taking and the role of cybersecurity awareness in the relationship between remote working and security-based precaution-taking. The data collected from 203 remote workers across the U.S. provided strong support for the research model, indicating that remote working is positively associated with cybersecurity awareness and security-based precaution-taking.
Furthermore, the study reveals that as remote workers gain cybersecurity awareness, they are more likely to apply security-based precaution measures. This reinforces the idea that fostering cybersecurity awareness among remote workers can lead to better protection of organizational information assets against threats.
Remote Work: A potential solution to cybersecurity woes
Contrary to popular belief, the findings of this study demonstrate that remote work can actually improve cybersecurity. Companies can leverage this knowledge to their advantage, promoting remote work arrangements and fostering a culture of vigilance and cybersecurity responsibility among their employees.
One way to achieve this is by understanding the relationship between cybersecurity awareness and security-based precaution-taking. By focusing on this relationship, organizations can clarify how and when remote working can create positive cybersecurity behavior among end-users, as suggested by the study.
Organizations should not shy away from embracing remote work arrangements, as the study reveals that these can lead to better cybersecurity outcomes. By fostering a culture of trust, personal responsibility, and cybersecurity awareness among remote employees, companies can empower their workforce to take the necessary precautions and maintain a high level of vigilance, ultimately leading to a more secure digital environment.
The importance of training and employee engagement
To further enhance cybersecurity in a remote work setting, organizations should invest in comprehensive training programs that cover both technical and behavioral aspects of cybersecurity. By making employees aware of the potential threats and risks, as well as providing them with the tools and knowledge needed to protect themselves and the company, businesses can significantly reduce their vulnerability to cyberattacks.
In addition, organizations should actively engage their remote employees and encourage open communication about cybersecurity issues. By involving employees in the decision-making process and addressing their concerns, companies can create a sense of ownership and shared responsibility for the organization’s cybersecurity.
Reevaluating Cybersecurity Strategies for a Hybrid Workforce
As the business world moves towards a more hybrid workforce, with a mix of office-based and remote employees, it is crucial for organizations to reevaluate their cybersecurity strategies. Companies must consider the unique challenges and opportunities presented by remote work and adapt their policies and practices accordingly.
This may involve updating security protocols, implementing new technologies, and rethinking the traditional office-centric approach to cybersecurity. By embracing the unexpected benefits of remote work and adapting to the evolving digital landscape, organizations can create a more secure and resilient future.
The groundbreaking study from the Farmer School of Business at Miami University opens the door for further research into the distinctions between remote and office work and their implications on cybersecurity. Future research could explore how different remote work arrangements, such as hybrid models or fully remote workforces, may impact cybersecurity awareness and precaution-taking behavior among employees.
Moreover, researchers could investigate the role of various factors, such as organizational culture, leadership, and technology, in shaping employees’ cybersecurity behavior in both remote and office environments. This would provide valuable insights to help organizations develop more effective strategies for managing cybersecurity in an increasingly connected and remote world.
Cognitive Biases and their Impact on Cybersecurity
Cognitive biases can significantly influence how employees perceive and respond to cybersecurity threats, both in remote and office settings. By understanding the impact of these biases, organizations can tailor their cybersecurity strategies to address these psychological factors and promote more effective security behaviors among their workforce. Let’s explore two specific cognitive biases that may impact cybersecurity in the context of remote work and office environments: the status quo bias and the optimism bias.
The status quo bias refers to the tendency for people to prefer maintaining their current state or situation, even when change could potentially bring about benefits or improvements. In the context of cybersecurity, employees working in a corporate office environment may be more prone to the status quo bias, as they might assume that their organization’s existing security measures are sufficient to protect them from cyberthreats.
This complacency can lead to a lack of personal responsibility and a decreased likelihood of adopting new security behaviors or updating existing practices. The Farmer School of Business study highlights this issue, revealing that employees working in corporate offices often trust their organizations to handle cybersecurity threats and, as a result, may neglect their own role in safeguarding company data and assets.
To counteract the status quo bias, organizations should continuously emphasize the evolving nature of cyber threats and the importance of individual responsibility in maintaining security. Encouraging employees to stay updated on the latest security best practices and providing regular training on new threats can help keep cybersecurity at the forefront of their minds and reduce the impact of the status quo bias.
The optimism bias refers to the inclination of individuals to underestimate the likelihood of negative events occurring, while overestimating the probability of positive outcomes. In the context of remote work and cybersecurity, the optimism bias may manifest as office-based employees believing that they are less likely to fall victim to cyberattacks than their remote counterparts.
This overconfidence may lead office-based workers to overlook potential security risks and neglect precautionary measures, such as adhering to company security policies. The Farmer School of Business study supports this assumption by showing that remote workers are more likely to have a higher level of cybersecurity awareness and take more security-related precautions than those working in an office.
To mitigate the effects of optimism bias, organizations should provide remote employees with clear and realistic information about the cybersecurity risks associated with remote work. Sharing real-life examples of cyberattacks targeting office-based as well as remote workers and emphasizing the importance of personal responsibility can help raise awareness and encourage employees to be more vigilant.
Conclusion
The study from the Farmer School of Business at Miami University serves as a wake-up call for organizations to rethink their approach to cybersecurity in the age of remote work. By embracing the benefits of remote work, fostering a culture of cybersecurity awareness, and adapting their strategies to the evolving digital landscape, companies can ensure the protection of their valuable digital assets and navigate the treacherous waters of the cyber world with confidence.
The United Nations says attackers killed one U.N. peacekeeper and seriously injured eight others in Mali’s northern Timbuktu region, an area where extremists continue to operate
UNITED NATIONS — Attackers killed one U.N. peacekeeper and seriously injured eight others Friday in Mali’s northern Timbuktu region, an area where extremists continue to operate, the United Nations said.
The peacekeepers were part of a security patrol that was targeted first by an improvised explosive device and then by direct fire in the town of Ber, U.N. spokesman Stephane Dujarric said.
The United Nations joins the head of the U.N. peacekeeping mission in Mali, El-Ghassim Wane, in srongly condemning the attack, Dujarric said.
Mali has been ruled by a military junta since a 2020 coup against an elected president, Ibrahim Boubacar Keita. It has faced destabilizing attacks by armed extremist groups linked to al-Qaida and the Islamic State group since 2013.
In 2021, France and its European partners engaged in the fight against extremists in Mali’s north withdrew from the country after the junta brought in mercenaries from Russia’s Wagner Group.
The United States warned Mali’s military government in April that it would be “irresponsible” for the United Nations to continue deploying its more than 15,000 peacekeepers unless the western African nation ends restrictions, including on operating reconnaissance drones, and carries out political commitments toward peace and elections in March 2024.
The warning came as the U.N. Security Council considers three options proposed by Secretary-General António Guterres for the peacekeeping mission’s future: increase its size, reduce its footprint, or withdraw troops and police and turn it into a political mission. Its current mandate expires on June 30.
Dujarric said the peacekeeper killed on Friday was the ninth to die in Mali this year.
“This tragic loss is a stark reminder of the risks that peacekeepers in Mali and other places around the world face while tirelessly working to bring stability and peace to the people of Mali,” he said.
An Israeli hospital says a woman critically wounded in a 2001 suicide bombing at a Jerusalem restaurant has died
Israeli shoppers pass by the newly re-opened Sbarro pizzeria Monday Sept. 24, 2001, where a Palestinian suicide bomber blew himself up last Aug. 9, 2001 killing 15 people in Jerusalem. An Israeli hospital says a woman critically wounded in a 2001 suicide bombing at a Jerusalem restaurant has died. Her death marked the sixteenth fatality from that attack. (AP Photo/Elizabeth Dalziel)
The Associated Press
JERUSALEM — An Israeli woman critically wounded in a 2001 suicide bombing at a Jerusalem restaurant has died, an Israeli hospital said Thursday. Her death marks the sixteenth fatality from that attack.
Hana Nachenberg was 31 at the time and was dining with her 3-year-old daughter when the blast occurred, Israeli media reported. She was in a coma for nearly 22 years until she died on Wednesday, reports said. Her daughter was not hurt in the attack.
On Aug. 9, 2001, a Palestinian bomber walked into a Jerusalem pizzeria and blew himself up. The attack remains one of the most infamous in the Israeli-Palestinian conflict and it came at a time of surging violence between the sides during the second Palestinian intifada or uprising.
Aftershocks of the attack, which wounded dozens, still make news today. The family of an Israeli-American girl killed in the attack is waging a campaign to press Jordan, a close American ally, to send a woman convicted of aiding the attacker to the United States for trial.
Ahlam Tamimi was convicted of choosing the target and guiding the bomber there and was sentenced by Israel to 16 life sentences. Israel released her in a 2011 prisoner swap with the Hamas militant group and she was sent to Jordan, where she lives freely and has been a familiar face in the media.
The U.S. has charged Tamimi with conspiring to use a weapon of mass destruction against Americans. Her name was added to the FBI’s list of Most Wanted Terrorists.
The APWG.EU Technical Summit and Researchers Sync-Up 2023 (Tech 2023) will convene cybercrime researchers and industry responders from across the globe to confront the cybercrime onslaught that today threatens commerce and culture in most every polity on earth
CAMBRIDGE, Mass., May 25, 2023 (Newswire.com)
– The APWG.EU Technical Summit and Researchers Sync-Up 2023 (Tech 2023) on June 21 & 22, 2023, at Technological University Dublin, will convene cybercrime researchers and industry responders from across the globe to confront the cybercrime onslaught that today threatens commerce and culture in most every polity on earth.
The APWG.EU’s 2023 program will expand its conference portfolio from peer-reviewed cybercrime-related research papers to include an expanded second-day chalk-talk session – the Researchers Sync-Up – that will review vital, long-horizon research projects in motion and will posit important R&D efforts that need to be mounted to establish the tools, metrics and infrastructure required to forestall the pervasive and, possibly, irreversible criminalization of cyberspace.
APWG.EU Director of Research Dr. Agusti Solanas said, “Research to fight cybercrime has to be multidisciplinary, and the Sync-Up session will be the agora where researchers from all over the world will share their ideas to foster collaboration amongst a variety of fields.”
APWG.EU Tech Summit and Researchers Sync-Up will present state-of-the-art research into cybercrime investigations, forensic techniques and infrastructure defense against cyber-attacks and manipulation. The program’s topic spaces will feature innovations in cryptocurrency cybercrime tools and response approaches; research into the technical, legal, political, social and psychological aspects of fraud and fraud prevention; and case studies into new and emerging cybercrime attack methods.
This year’s Researchers Sync-Up is a moderated session in which leading investigators and interdisciplinary innovators will present their long-term cybercrime research objectives and discuss: Why is this research needed? What is lacking to interrogate this important but as yet unexplored research dimension? Sync-Up enables big ideas to find the investigators with the tools, the will and the data to drive cybercrime research into the future. Interaction, discussion, and multidisciplinary collaborations will be fostered. Focus areas for Sync-Up include but are not limited to: metrics and categorization schema; data exchange and data logistics challenges; and uncharted behavioral questions in cybercrime research.
Dr. Solanas, recently appointed chair of European Cybersecurity Organization Subworking group 6.2 (Digital Transformation in Verticals) and Subworking group 6.3 (Data & Economy), is reviewing Sync-Up talk proposals personally with APWG.EU program managers and consulting advisors. Investigators with proposals to share can reach Dr. Solanas at: asolanas@apwg.eu
Tech 2023 will look into the many new and emerging challenges facing cybersecurity, the most common and predictable cyberthreats, and incident responses at any scale. Tech 2023 presenters and delegates will review the development of response paradigms and resources for counter-cybercrime managers and forensic professionals in both the private and public sectors. As always, the program’s managers and presenters will look out for opportunities for building bridges of cooperation and collaboration.
Presenters will review case studies of national and regional economies that have come under attack, and illustrate some examples of successful transnational forensic investigation cooperation. At the same time, Tech 2023 will explore possible models for consultation and collaboration against e-crime, and examine the available resources for cybercrime response and forensic enterprises in general.
APWG.EU Tech Summit and Researchers Sync-Up 2023 will take place in Dublin, Ireland, June 21 & 22, 2023, at the campus of Technological University Dublin. (Central Quad – TU Dublin – Grangegorman Lower, Dublin 7, D07 ADY7, Ireland)
CALL FOR PAPERS
APWG.EU Technical Summit and Researchers Sync-Up 2023 is a two-day event focused on electronic crime with a research and interdisciplinary programme consisting of invited keynotes, interactive panels, and chalk-talk sessions. The event’s objective is to bring together academic researchers from multiple disciplines, industry security practitioners, government representatives, and law enforcement officials to discuss and exchange ideas, experiences and lessons learned while combating cybercrime from a polyhedric perspective.
This year’s programme includes a chalk-talk lab session “the Researchers’ Sync-Up”. Sync-Up is a moderated chalk-talk where leading investigators and interdisciplinary innovators discuss their next five years of cybercrime research. Why is this research needed? What is lacking to commit to this direction? Sync-Up enables big ideas to find the investigators with the tools, will and data to drive cybercrime research into the future. Interaction, discussion, and multidisciplinary collaborations will be fostered. Focus areas for Sync-Up include but are not limited to: metrics and categorization schema; data exchange and data logistics challenges; and uncharted behavioral questions in cybercrime research.
IMPORTANT DATES:
Papers submission: May 1, 2023
Notification of Acceptance/Rejection: May 21, 2023
Authors registration: May 28, 2023
Conference data: June 21-22, 2023
Articles’ topics may include, but are not limited to:
Electronic crime research and innovation
Cryptocurrency and related cybercrime, tools, and responses
Artificial Intelligence in Cybercrime and its prevention
Case studies of current attack methods, including phishing, malware, rogue antivirus programs, pharming, crimeware, botnets, and other emerging techniques.
Technical, legal, political, social and psychological aspects of electronic crime and its prevention.
Malware, botnets, cybercriminal/phishing gangs, or money laundering.
Cybersecurity in specific markets: financial services, e-commerce, health, energy & supplies.
Techniques to avoid detection, tracking and take-down; proactive ways to counteract such techniques.
Designing and evaluating user interfaces with fraud and network security in mind.
Behavioral aspects of cybercrime resilience and susceptibility in ICT users.
Best practices for detecting and preventing damage to critical internet infrastructure.
The economics of online crime.
Approaches and/or research to measure the impacts of cybercrime
AUTHORS’ GUIDANCE
Tech Summit has adopted the CEUR publication format. Submissions should be in English, in PDF format with all fonts embedded, formatted using the CEUR template. The CEUR-template for APWG.EU Tech / Researchers can be found here: CEUR-Template-2col.docx (live.com) The overleaf page can be found here: https://www.overleaf.com/project/5e76702c4acae70001d3bc87
Papers should be prepared in two-column format described in the template above
Submissions should be anonymized, excluding author names, affiliations and acknowledgements. Authors’ own work should be referred to in the third person.
Committee members are not required to read the appendices, and papers should be intelligible without them.
Submissions must be original and unpublished.
Authors of accepted papers must present them and register at the event.
Submission Types
Regular papers: max 12 pages of practical and/or theoretical content describing advances in the fight against Electronic Crime and any of the topics listed in the CFP.
Short papers/Posters: max 6 pages of practical and/or theoretical content describing unfinished, ongoing research with preliminary (not yet conclusive) results.
Position papers: max 6 pages with content where authors discuss their opinions on Electronic Crime related fields. Discussion on regulations, policies, draft standards, and similar topics to foster discussion are welcome.
Researchers Sync-Up Chalk-talk papers: max 4 pages with research ideas for principal investigators and motivated researchers willing to explore collaborations and looking for synergies in Electronic Crime related fields. Interdisciplinary proposals are particularly welcome. These papers are aimed at fostering collaboration, discussing groundbreaking ideas, and forging lasting research collaborations amongst the attendees.
About the APWG.eu: The APWG.eu, established in 2013 as the Anti-Phishing Working Group European Foundation, is an industry association focused on unifying the global response to cybercrime. The organization provides a forum for responders and managers of cybercrime to discuss phishing and cybercrime issues, to consider potential technology solutions, to access data logistics resources for cybersecurity applications, to cultivate the university research community dedicated to cybercrime research, and to advise government, industry, law enforcement and treaty organizations on the nature of cybercrime.
Losses from digital theft have doubled over the past two years, according to the FBI. Sharyn Alfonsi shows how cyber scammers are using AI, apps and social engineering to target seniors.
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.
More Americans than ever rely on alarm systems, gates or doorbell cameras to help protect their families. But statistically, you are now more likely to be the victim of theft online than a physical break in at home.
A new report from the FBI reveals that Americans lost more than $10 billion last year to online scams and digital fraud.
People in their 30s – who are among the most connected online – filed the most complaints. But we were surprised to learn the group that loses the most money to scammers… is seniors.
Tonight, we will show you how cyber con artists are using artificial intelligence, widely-available apps and social engineering to target our parents and grandparents.
Susan Monahan: It’s like a death in the family, almost.
Tamara Thomas: Well, she worked so hard, you know.
Susan Monahan: For my money. I sure have.
Susan Monahan and her daughter, Tamara, are talking about how the 81-year-old was conned out of thousands of dollars in what law enforcement calls a “grandparent scam.”
Tamara Thomas and her mother Susan Monahan
60 Minutes
Sharyn Alfonsi: Tell me about the call that you got.
Susan Monahan: There was a young adult on the line saying, “Grandma, I– I need your help,” in a frantic voice, scared, saying– “I was driving and suddenly there was a woman stopped in front of me. She’s pregnant, and I hit her.” And “they’re gonna take me to jail,” and, and, “Grandma, please don’t call my mom and dad, because I don’t want them to know.” And I said, “Brandon, it doesn’t sound like you.” He said, “Oh, I have a cold, Grandma.”
Sharyn Alfonsi: You think it’s your grandson?
Susan Monahan: I do. And he said, “Grandma, a friend of mine has an attorney that we can, that we can use, and that we can do something about me going to jail.” And I said, “Yes, of course.”
Monahan said the scammer – pretending to be a helpful attorney – got on the line. It was June of 2020, during the pandemic, and he promised to keep her grandson out of jail, if she could get $9 thousand for bail to him quickly.
Sharyn Alfonsi: What other instructions were you given?
Susan Monahan: I needed to make an envelope that was addressed to this certain judge, that he was gonna coordinate this through, and write on there and they gave me the name, the address, and everything else for this envelope.
Sharyn Alfonsi: Did it sound pretty legitimate?
Susan Monahan: Oh, absolutely. He had the legalese.
Monahan is a tax preparer – with an MBA. The scammer kept her on the phone as she rushed to the bank.
Sharyn Alfonsi: What’d he say?
Susan Monahan: He said, “when you go there, make sure you tell them that it’s for home improvements, ’cause they might question the fact that you’re withdrawing $9,000.”
Minutes after Monahan got home with the cash… a courier showed up to take it. This is video from the doorbell camera. You can hear Monahan on the phone with the scammer as she hands off the money.
Susan Monahan: He said to move your butt ’cause they’re on a deadline.
Courier: OK, have a great day.
She says as soon as the courier left and the adrenaline left her body… she was filled with a sick feeling she’d been scammed.
Tamara Thomas: It’s just devastating.
Sharyn Alfonsi: What did they do to your mom? Beyond the money, beyond taking $9,000 from her?
Tamara Thomas: Well, it’s your livelihood. I’m sorry. It just gets you, like, in your gut.
The Federal Trade Commission reports scams like these… skyrocketed 70% during the pandemic when seniors, home alone, went online to shop or keep in touch with family.
Ester Maestre, Ron Attig, Steve Savage, Judy Attig (left-right) talk about digital theft.
60 Minutes
Sharyn Alfonsi: How much money were you scammed out of?
Ester Maestre: $11,300.
Steve Savage: $14,000.
Judy Attig: $7,600.
Judy Attig and her husband Ron, a retired ironworker, were victims of the same “grandparent scam” as Susan Monahan. That’s the view from their doorbell camera… as the same courier took off with $7,600 of their savings.
Sharyn Alfonsi: $7,600 hits hard.
Ron Attig: Oh yeah–
Judy Attig: Well, that was for, you know, if we wanted to go on a trip or something. It was terrible. I was a mess.
Steve Savage, a retired scientist, was scammed when he opened a fake email from the Geek Squad.
Steve Savage: The email said that, “Your bank account is being charged $399 for another year.” And I’m like, “Wait a minute, I don’t remember it being anywhere close to that.”
The customer service number went to a scammer posing as a representative of the company. Savage was duped out of $14 thousand.
Ester Maestre was scammed too. The retired nurse says an alarm sounded on her iPad with a message to call “tech support.” She did.
Ester Maestre: He said that, “last night between 4 and 9 p.m. your bank account has been hacked.”
Sharyn Alfonsi: And your heart probably stopped.
Ester Maestre: Oh, you know, I felt so nervous. But he said, “I am going to transfer you to another guy who’s a security at Chase Bank.”
That fake bank employee told her hackers might be able to access her bank account and instructed her to immediately withdraw money and deposit it into a new account for safe keeping. Maestre did and lost $11 thousand.
Sharyn Alfonsi: And have you been able to recover any of your money?
Ester Maestre: Nothing.
Sharyn Alfonsi: Nothing.
Ester Maestre: I’m the one that pulled the money out of the bank, so I won’t be reimbursed.
Sharyn Alfonsi: If your house gets broken into, you call the police. If this happens–
Scott Pirrello: There’s no one to call.
Scott Pirrello, a deputy district attorney who runs San Diego’s Elder Justice Task Force, walks with Sharyn Alfonsi.
60 Minutes
Scott Pirrello is a deputy district attorney who runs San Diego’s Elder Justice Task Force and connected us to the victims you just heard from. He says studies show only one in every 20 seniors who’ve been scammed, report it. Often, they’re embarrassed.
Scott Pirrello: Most people who have not experienced this think, “Well, these people must have dementia or Alzheimer’s.” It’s not the case. Our victims are sharp as a tack. We had a woman, 66 years old, she came home, she got a message on her computer from Microsoft and the message said that she had a virus on her computer. And then that virus had somehow infected her financial accounts. Within a matter of weeks this victim had lost $800,000.
Sharyn Alfonsi: Oh my gosh.
Scott Pirrello: The scariest part of these scams is that these victims have no recourse. They’re left bewildered.
Sharyn Alfonsi: What typically happens?
Scott Pirrello: The seniors that have the courage to report that this has happened are being told that, “I’m sorry, there’s nothing we could do.” And that is the reality, that a local police detective in Kansas City doesn’t have the reach to go investigate a case that’s being operated from the Caribbean, or from Nigeria, or Ghana.
Investigators have also traced scams to Europe, Southeast Asia and Canada.
To combat them, San Diego’s Elder Justice Task Force has taken a new approach. Investigators collect every local fraud case, then, collaborate with federal authorities to connect them.
Scott Pirrello: If we have a victim that lost $12,000 here in San Diego, there is without question, dozens of other victims to the same scam and millions of dollars in losses. And then once we identify that the scam is part of something much larger, then we can deliver that to our federal partners with the reach to go around the country. Because these are networks. These are transnational, organized, criminal networks.
In 2021, Pirrello helped the FBI bring down a network of criminals who stole millions of dollars from elderly victims.
Remember those doorbell videos from the grandparents scam? The courier, a 22-year-old Californian, was the starting point for the FBI’s case. She’s serving time for her role but the FBI says the scams ringleaders, two Bahamian-nationals, based in Florida… fled the country before they could be arrested.
Ethical hacker Rachel Tobac is CEO of Social Proof Security
60 Minutes
Rachel Tobac: If you don’t know how a criminal thinks, then you really don’t know how you can protect yourself online.
Rachel Robac is what’s called an “ethical hacker.” She studies how these criminals operate.
Rachel Tobac: So ethical hackers, we step in and show you how it works.
Tobac is the CEO of Social Proof Security, a data protection firm that advises Fortune 500 companies, the military and private citizens on their vulnerabilities. We hired her to show us how easy it is to use information found online to scam someone. We asked her to target our unsuspecting colleague, Elizabeth.
Tobac found Elizabeth’s cellphone number on a business networking website. As we set up for an interview, Tobac called Elizabeth but used an AI-powered app to mimic my voice… and ask for my passport number.
Elizabeth: Yes, yes, yes I do have it. OK, ready? It’s…
Tobac played the AI-generated voice recording for us…. to reveal the scam.
AI Voice: Elizabeth, sorry, I need my passport number because the Ukraine trip is on. Can you read that out to me?
Rachel Tobac: Does that sound familiar?
Elizabeth: Yes. And I gave her– wow.
Rachel Tobac: I have–
Elizabeth: I was duped–
Rachel Tobac: –your passport–
Elizabeth: –sitting over there.
Sharyn Alfonsi: What did it say on your phone?
Elizabeth: Sharyn.
Sharyn Alfonsi: How did you do that?
Rachel Tobac: So I used something called a spoofing tool to actually be able to call you as Sharyn.
Elizabeth: Oh, so I was hacked, and I failed, failed the hacking–
Sharyn Alfonsi: No.
Rachel Tobac: But everybody would get tricked with that. Everybody would. It says Sharyn. “Why would I not answer this call? Why would I not give that information, right?”
Tobac showed us how she took clips of me from television, and put it into an app… that cloned my voice. It took about five minutes.
Sharyn Alfonsi: I am a public person. My voice is out there. Could a person who’s not a public person like me be spoofed as easily?
Rachel Tobac: Anybody can be spoofed. And oftentimes attackers will go after people, they don’t even know who these people are. But they just know this person has a relationship to this other person. And they can impersonate that person enough just by changing the pitch and the modulation of their voice that, I believe that’s my nephew and I need to really wire that money.
Tobac says hackers no longer need to infiltrate computers through a back door. She says 95% of hacks today happen after a user clicks on a text, a link, or gives personal information over the phone.
Sharyn Alfonsi: You were able to hack my colleague Elizabeth, who is a tech-savvy millennial. What does that tell you?
Rachel Tobac: Anybody can be hacked. Anybody can fall for what Elizabeth fell for. In fact, when I do that type of attack, every single time, the person falls for it.
She said hackers… armed with basic information, like a relative’s name found online… or an app that can mimic a voice or change the caller ID … can create a convincing story.
Rachel Tobac: If you were to receive a phone call, a text message, an email, and it’s asking for something sensitive, urgent, or with fear, that’s when the alarm bells have to go off in your head. They want me to give something to them. I’m gonna take a beat, and I’m gonna check that this person is who they say they are. I call it being politely paranoid.
Sharyn Alfonsi: Politely paranoid.
Rachel Tobac: Be politely paranoid.
Tobac has worked as a consultant for Aura…a Boston-based technology company that created software to protect the identity, passwords, finances and personal data for entire families in one app.
Hari Ravichandran: Here you can see a full footprint of everything that’s happening inside the family.
Sharyn Alfonsi and Hari Ravichandran
60 Minutes
Hari Ravichandran is the CEO of Aura… he says their software can re-route scam calls away from grandparents.
Hari Ravichandran: If the parent is getting a call, and we are identifying using AI that the call is a potential scam call, then they can route that call to me.
Sharyn Alfonsi: Does this stop the call from getting in?
Hari Ravichandran: It does. It, so–
Sharyn Alfonsi: So it just blocks the call?
Hari Ravichandran: When the call comes in, it will have a recording that says, “Let me know who you are: What’s your intent?” if it’s an unknown person. If it’s a known person that’s already in your contacts, it’ll go right through.
Ravichandran says AI is also used to monitor finances and alert users of problems in real time.
Hari Ravichandran: If I see a charge from my mom for $10 at Starbucks, that feels OK. But if there’s a $500 charge from Starbucks, something’s off kilter. So we try to figure out with AI, contextually, what’s different. But if something’s off pattern, then you can look at that, and say, “OK. Well, something’s off here. I need to go take care of this.”
San Diego Deputy District Attorney Scott Pirrello says more help is needed from law enforcement and the banking and retail industries to protect seniors. The FBI reports over the past two years, the losses from digital theft have doubled.
Scott Pirrello: The trends and– and the data are horrifying. We have the senior population is growing exponentially every year. We have this dynamic of under-reporting and then we have the technology coming. People are convinced that AI is playing a part in maybe pretending it’s the grandchild’s voice. We’re all just next on the conveyor belt and we all need to do a better job.
FBI statement:
The FBI is proud of the work accomplished through the Elder Justice Task Force and the brave victims willing to speak out. Help us protect our seniors by reporting elder fraud incidents to ic3.gov.
Produced by Oriana Zill de Granados and Emily Gordon. Broadcast associate, Elizabeth Germino. Edited by Robert Zimet.
The Philadelphia Inquirer has experienced the most significant disruption to its operations in 27 years due to what the newspaper calls a cyberattack
PHILADELPHIA — The Philadelphia Inquirer experienced the most significant disruption to its operations in 27 years due to what the newspaper calls a cyberattack.
The company was working to restore print operations after a cyber incursion that prevented the printing of the newspaper’s Sunday print edition, the Inquirer reported on its website.
The news operation’s website was still operational Sunday, although updates were slower than normal, the Inquirer reported.
Inquirer publisher Lisa Hughes said Sunday “we are currently unable to provide an exact time line” for full restoration of the paper’s systems.
“We appreciate everyone’s patience and understanding as we work to fully restore systems and complete this investigation as soon as possible,” Hughes said in an email responding to questions from the paper’s newsroom.
The attack was first detected when employees on Saturday morning found the newspaper’s content-management system was not working.
The Inquirer “discovered anomalous activity on select computer systems and immediately took those systems off-line,” Hughes said.
The cyberattack has caused the largest disruption to publication of Pennsylvania’s largest news organization since a massive blizzard in January 1996, the Inquirer reported.
The cyberattack precedes a mayoral primary election scheduled for Tuesday. Hughes said the operational disruption would not affect news coverage of the election, although journalists would be unable to use the newsroom on election night.
Hughes said other Inquirer employees will not be allowed to use offices through at least Tuesday, and the company was looking into coworking arrangements for Tuesday, the Inquirer reported.
An investigation was ongoing into the extent and specific targets of the attack, and the company has contacted the FBI, Hughes said.
The FBI in Philadelphia declined to comment in response to questions from Inquirer journalists, the newspaper reported.
The Philadelphia Inquirer has experienced the most significant disruption to its operations in 27 years due to what the newspaper calls a cyberattack
PHILADELPHIA — The Philadelphia Inquirer experienced the most significant disruption to its operations in 27 years due to what the newspaper calls a cyberattack.
The company was working to restore print operations after a cyber incursion that prevented the printing of the newspaper’s Sunday print edition, the Inquirer reported on its website.
The news operation’s website was still operational Sunday, although updates were slower than normal, the Inquirer reported.
Inquirer publisher Lisa Hughes said Sunday “we are currently unable to provide an exact time line” for full restoration of the paper’s systems.
“We appreciate everyone’s patience and understanding as we work to fully restore systems and complete this investigation as soon as possible,” Hughes said in an email responding to questions from the paper’s newsroom.
The attack was first detected when employees on Saturday morning found the newspaper’s content-management system was not working.
The Inquirer “discovered anomalous activity on select computer systems and immediately took those systems off-line,” Hughes said.
The cyberattack has caused the largest disruption to publication of Pennsylvania’s largest news organization since a massive blizzard in January 1996, the Inquirer reported.
The cyberattack precedes a mayoral primary election scheduled for Tuesday. Hughes said the operational disruption would not affect news coverage of the election, although journalists would be unable to use the newsroom on election night.
Hughes said other Inquirer employees will not be allowed to use offices through at least Tuesday, and the company was looking into coworking arrangements for Tuesday, the Inquirer reported.
An investigation was ongoing into the extent and specific targets of the attack, and the company has contacted the FBI, Hughes said.
The FBI in Philadelphia declined to comment in response to questions from Inquirer journalists, the newspaper reported.
Opinions expressed by Entrepreneur contributors are their own.
In today’s digital age, small businesses face an ever-evolving threat from cybercriminals. And while many entrepreneurs believe their company is too small to be targeted, the reality is that no business is immune to attack. That’s why it’s crucial for small business owners to implement effective security measures such as Attack Surface Management (ASM) or Cyber Exposure Management to safeguard their assets and customer data from cyber threats.
In this article, we’ll explore what ASM is, its importance in today’s cyber landscape, best practices for implementation and what the future holds for this critical aspect of cybersecurity. So buckle up, and let’s dive into the world of ASM!
Attack surface management (ASM) is an essential cybersecurity concept that refers to the process of identifying and managing all points or areas in a system, network or application where an attacker could exploit vulnerabilities. The goal of ASM is to reduce the attack surface by minimizing potential entry points for cyber threats.
ASM involves assessing, monitoring and controlling security risks associated with various components such as hardware devices, software applications, databases, APIs and even human factors such as social engineering. It requires businesses to identify their digital assets, understand how they are connected with each other and assess their exposure to potential threats.
Effective ASM entails continuous risk assessment through vulnerability scans and penetration testing activities to ensure that your organization’s security posture remains robust against emerging threats. By adopting proactive ASM measures like patch management, access controls implementation and user education programs, small businesses can secure themselves against malicious actors who seek unauthorized access into sensitive data.
Attack surface management is a critical aspect of cybersecurity that every business should take seriously if they want to remain protected in today’s constantly evolving threat landscape.
Understanding the cyber landscape
In today’s digital age, the cyber landscape is constantly evolving and becoming increasingly complex. With the proliferation of technology comes a greater risk of cyber threats, making it essential for businesses to have a strong understanding of this environment.
One aspect of the cyber landscape that small business owners should be aware of is the variety and sophistication of attacks. Cybercriminals are continually developing new methods to breach security measures and access sensitive information. From phishing scams to malware attacks, businesses face a multitude of potential threats.
Another key factor in understanding the cyber landscape is recognizing that no organization is immune from attack. Small businesses may assume they are not at risk because they do not hold as much data or financial resources as larger corporations. However, any business can be targeted by attackers seeking to exploit vulnerabilities in their systems.
It’s also important for small business owners to understand that cybersecurity requires ongoing vigilance and attention. Implementing security measures once does not guarantee protection over time since attackers will continue searching for ways into your system.
Keeping up with industry developments regarding cybersecurity risks can help keep your company safe against continuously changing threat landscapes.
In summary, understanding the complexities within an ever-changing cyberspace environment helps small business owners recognize emerging threats early on while implementing proactive steps towards addressing them before impact occurs.
Importance of attack surface management in small businesses
Small businesses are often the target of cyber attacks because they usually have limited security measures in place. Attackers find it easier to breach their systems, steal sensitive information and cause significant damage. This is where attack surface management comes into play.
By implementing effective attack surface management practices, small businesses can identify potential vulnerabilities and take necessary actions to mitigate them before attackers exploit them. It involves analyzing all the possible ways that an attacker could gain access to a company’s resources or data and putting measures in place to reduce these risks.
Attack surface management helps small businesses stay ahead of emerging threats by continuously monitoring their systems for any potential weaknesses or gaps in their security posture. It also assists them in identifying outdated software, misconfigured devices, unsecured endpoints and other areas that pose a threat.
Small business owners must prioritize attack surface management as part of their cybersecurity strategy. By doing so, they can minimize the risk of cyber attacks and protect themselves from financial losses, reputational damage and legal liabilities that come with such incidents.
Best practices for attack surface management
To effectively secure your small business, it is crucial to implement attack surface management practices. Consider these best practices:
Firstly, regularly perform vulnerability scans and penetration testing to identify potential weaknesses in your systems and networks. By doing so, you can proactively stay ahead of potential attackers. This action can be automated by implementing an Attack Surface Management or Cyber Exposure Management product.
Secondly, restrict employee access to sensitive information, and implement a robust password policy across all accounts.
Thirdly, ensure that all software is up-to-date with the latest security patches and updates. Outdated software can create vulnerabilities that cybercriminals can exploit.
Fourthly, implement two-factor authentication wherever possible, which provides an extra layer of security beyond just passwords.
It’s also essential to educate your employees on cybersecurity best practices such as avoiding suspicious emails or links and avoiding public Wi-Fi networks. Doing so can reduce the risk of attacks.
By implementing these best practices for attack surface management in your small business, you can significantly reduce the risk of cyber attacks and keep sensitive data safe from harm.
The future of attack surface management (ASM) is quickly evolving as technology continues to advance and cyber threats become more sophisticated. To keep up with these changes, businesses need to adapt their strategies for identifying and mitigating risks.
One major trend in the future of ASM is automation. As attacks become more complex, automated tools can help identify vulnerabilities and reduce the time it takes to remediate them. This will allow businesses to stay ahead of potential breaches while minimizing disruption to day-to-day operations.
Another important aspect of ASM’s future is a focus on risk assessment. With so many different types of devices connected to networks, it’s essential that companies have an accurate understanding of their overall security posture. Risk assessments help organizations prioritize which areas they should address first and allocate resources accordingly.
The rise of cloud computing has introduced new challenges for ASM. Businesses must ensure that all aspects of their cloud infrastructure are secure — from public-facing applications down to backend systems controlling access rights or storage permissions.
As the threat landscape continues to evolve at lightning speed, those companies that invest in the latest ASM technologies and practices will be best positioned for long-term success in securing their business against cyber attacks.
As technology continues to evolve rapidly, so will the cyber landscape. Small business owners should stay informed about new threats and solutions that arise to keep up with these changes. It is crucial for them to invest time and resources in securing their business from potential cyber attacks.
The importance of attack surface management cannot be overstated as it provides a robust defense system against various types of malicious activities carried out over the internet. By adopting these best practices mentioned above, you can ensure your company stays protected from any potential harm posed by hackers or other malicious actors online.
Hospitals have become an increasingly common target for cybercriminals in recent years, and the aftermath can be costly and life-threatening for patients.
Annual ransomware attacks on hospitals more than doubled from 2016 to 2021, according to a new report published on the JAMA Network. The number of incidences jumped from 43 in 2016 to 91 in 2021. Of the targeted hospitals, 44% said their ability to deliver healthcare was impacted by the breach.
John Riggi, a senior adviser for cybersecurity and risk at the American Hospital Association, wrote in a report that “a ransomware attack on a hospital crosses the line from an economic crime to a threat-to-life crime.”
“Not only are cybercriminals more organized than they were in the past, they are often more skilled and sophisticated,” he wrote.
One affected hospital, Johnson Memorial Healthin Franklin, Indiana was targeted by the ransomware group “Hive,” and the hackers demanded $3 million in Bitcoin in October 2021, NPR reported.
After consulting with cybersecurity experts at the FBI, Johnson Memorial did not pay the ransom and instead disconnected its servers following the attack.
However, the hospital had to revert to more old-fashioned ways to carry out healthcare — including physically guarding the obstetrics unit where newborns are typically protected from unauthorized parties by security bracelets and nurses using Google translate to communicate with patients after remote translation technology was shut off after the attack.
The hospital’s chief operating officer, Rick Kester, told NPR that it took nearly six months to “resume normal operations.”
According to the Department of Justice, the Hive is responsible for over 1,500 cyberattacks since 2021 and has received more than $100 million in ransom payments. One of the affected hospitals also had to resort to analog methods to treat patients (similar to Johnson Memorial) and was unable to accept new patients immediately following the attack, the Department of Justice added.
For hospitals, the fear of being hacked isn’t just monetary — it puts patients’ lives at risk by derailing the technology necessary to carry out patient care.
“You ask many CEOs across the country, ‘What keeps you up at night?’ Of course, [they’re] talking about workforce, financial pressures, and they say, ‘The possibility of a cyberattack,’ Riggi told NPR.
DUBAI, United Arab Emirates — Iran executed an Iranian-Swedish dual national Saturday accused of masterminding a 2018 attack on a military parade that killed at least 25 people, one of several enemies of Tehran seized abroad in recent years amid tensions with the West.
Farajollah Cha’ab, also known as Habib Asyoud, had been a leader of the Arab Struggle Movement for the Liberation of Ahwaz, an Arab separatist movement that has conducted oil pipeline bombings and other attacks in Iran’s oil-rich Khuzestan province. That group had claimed the 2018 attack in its immediate aftermath.
Cha’ab’s execution comes as a Swedish court last year sentenced an Iranian to life in prison over his part in the 1988 mass executions in Iran at the end of its war with Iraq. Tehran, which has used prisoners as bargaining chips in negotiations with the West, reacted angrily to that sentence. Meanwhile, tensions also remain high between Iran and the West over its rapidly advancing nuclear program as well — and at least one more prisoner with Western ties faces a possible execution.
The Iranian judiciary’s Mizan news agency confirmed Cha’ab’s execution by hanging in a lengthy statement. It identified him as the leader of the militant group and alleged without providing evidence that he had ties to Swedish, Israelis and U.S. intelligence services. It accused his group of killing or wounding 450 people over the years, including multiple attacks on government offices and other sites.
It also included state television interviews with Cha’ab, a feature of many Iranian trials that activists long have described as coerced confessions.
It also for the first time clearly identified Iranian intelligence officers as being behind Cha’ab’s abduction, saying that its “unknown soldiers” captured him in Turkey in November 2019. Iran has used similar ruses to capture its enemies abroad, including the exiled journalist Ruhollah Zam who was executed in 2020.
Swedish Foreign Minister Tobias Billstrom condemned Cha’ab’s execution.
“The death penalty is an inhumane and irrevocable punishment, and Sweden, together with the rest of the (European Union), condemns its use under all circumstances,” he said in a statement.
The Oslo-based group Iran Human Rights separately condemned the execution, referring to Cha’ab’s closed-door trial as “grossly unfair.”
“This is an example of the Islamic Republic’s state terrorism,” said Mahmood Amiry-Moghaddam, the group’s director. “We expect that the EU and Swedish government show adequate reaction to the murder of their citizen. Killing a hostage must not be tolerated.”
Tensions already had escalated between Iran and Sweden over the life imprisonment of Hamid Noury, an Iranian convicted of committing grave war crimes and murder during the final phase of the Iran-Iraq war in the 1980s. The end of the war saw mass executions of an estimated 5,000 Iranian prisoners, including those from an exiled opposition group and others.
The 2018 attack in Iran targeted a military parade in Ahvaz in Khuzestan, the chaos captured live on state television. Militants disguised as soldiers opened fire, killing at least 25 people and wounding over 60 others in the deadliest attack to strike Iran in years. A spokesman for the separatist group claimed the assault shortly after in a televised interview. The Islamic State group also claimed the attack, though it offered factually incorrect details about the assault.
In recent months, Iran has carried out other executions after the months of unrest over the September death of 22-year-old Mahsa Amini following her arrest by the country’s morality police. In January, Iran executed a former high-ranking defense ministry official and dual Iranian-British national accused of spying.
Also facing a possible execution is an Iranian-German national who lived in California, a man Iran describes as planning a 2008 attack on a mosque that killed 14 people and wounded over 200 others, as well as other assaults through the little-known Kingdom Assembly of Iran and its Tondar militant wing. His family long has said he was captured by Iranian intelligence in Dubai.
Iran is one of the world’s top executioners.
___
Associated Press writer Nasser Karimi in Tehran, Iran, contributed to this report.
Opinions expressed by Entrepreneur contributors are their own.
Today’s cyber threat landscape is elaborate, fast-paced and continuously evolving. The complexity of such threats has raised the predictions that the total cost of cybercrime will exceed $8 trillion by the end of 2023. It includes, for example, the money stolen by cybercriminals, the subsequent investments in security tools and services, and the money spent on ancillary activities such as staffing, remediation, legal fees, fines and more.
So, why do many organizations still fail to see cyber hygiene or even cybersecurity as a boardroom priority, even in 2023? Many business leaders, especially small to medium-business leaders, fail to perceive themselves as targets. From their perspective, spending more on cybersecurity is a wasted effort, and those resources can be used elsewhere.
On average, companies worldwide only allocate around 12% of their IT budget to IT security! Thus, persuading the boardroom to invest in cyber hygiene can be challenging. However, while it is hard to implement and even harder to maintain, these habits, security practices and solutions help make the world safer. And that is where every organization needs to start.
Looking back at just a year, cyberattacks worldwide have shown a 38% increase in 2022 compared to 2021. The attack on the Australian health insurance provider Medibank, the data breach on the Los Angeles Unified School District (LAUSD) or even the social engineering hack on games company Rockstar are just a few of the thousands of data breaches happening all over the world.
Interestingly, these breaches, like most, could have been prevented with good cyber hygiene. Furthermore, the examples I chose demonstrate that attackers seem unconcerned with a company’s size, location or industry. Yet, even with cyber threats like data breaches, phishing scams and ransomware, cybersecurity investments fall short.
Over the last few years, we’ve made great strides in security, especially following the global pandemic. Still, a study conducted by Foundry shows that 9 out of 10 security experts still believe their organizations are not prepared to address the risks of a cyber-attack.
So, what can we do? Establishing a strong and resilient cybersecurity architecture demands deploying security measures on multiple fronts such as data, devices, employees and network. Any elementary security architecture must include solutions to enforce strong password policies, protect data in transit and at rest, identify and protect against attacks and regularly back-up mission-critical data. This seems excessive, especially considering how limited the budget is. Yet, acquiring as many tools as possible within your financial limits shouldn’t be your final objective. The most effective strategy results from selecting the appropriate collection of tools after carefully assessing one’s demands and the current level of security precautions. The solutions I’d suggest include the following:
Identity and access management (IAM) solutions to ensure the right user is linked to the right resources
Unified endpoint management (UEM) solutions for securing endpoints and managing, patching and updating operating systems and applications
Extended detection and response (XDR) or Endpoint detection and response (EDR) solutions to detect and mitigate new and existing vulnerabilities
Remote browser isolation (RBI) for a safer browsing experience
Firewall as a service (FWaaS) to protect the perimeter less network border
Additionally, a combined implementation of Zero Trust Network Access (ZTNA) or Software Defined–WAN (SD-WAN) can provide faster connections, improve latency and secure your remote workers.
Also, it would be wise to select solutions that already have established interconnections among them. This would offer more centralized and seamless access, thereby reducing the workload on your IT administrators and saving you from recruiting larger teams.
Alternatively, some vendors offer multiple tools in a combined package. For example, Cisco Umbrella offers RBI, SD-WAN, and much more, Hexnode provides IAM and UEM capabilities, and Okta gives you both ZTNA and IAM. Make sure to carefully examine such vendors and the integrations between them before finalizing your architecture. In my experience, customers have always preferred a consolidated approach because, economically or due to staffing, they can’t handle the complexity of multiple solutions.
We are all aware that the financial facet of any venture will inevitably be difficult. Assuming that the aspects mentioned above identify with your company’s objectives, the following query would most likely be regarding the return on investment. It might be challenging to locate the facts and data needed to identify the advantages of cybersecurity hygiene. I would suggest reviewing the financial implications of previous data breaches and comparing those numbers against the investment cost. You will discover that the latter dwarfs the former sum.
Another hurdle is the monotony associated with good security hygiene. A robust security architecture requires periodic observation, maintenance and upgrades. This is often a bit boring, especially for non-tech-savvy investors, entrepreneurs and leaders. Additionally, the repetitious nature might cause inaccuracy and personnel exhaustion. The only solution is to clearly communicate the necessities of cyber hygiene and make them understand that security is an ongoing process rather than a one-time stop. Also, using tools to automate tasks and setting reminders can help employees stay on track without it being a bother.
The recession bound to happen this year will surely put an even tighter hold on the already stretched budget. However, being the victim of a cyberassault during such trying times would be a far scarier reality. As business leaders, we must pay close attention to the hazards and repercussions of a cyberassault in our organization. Thankfully, many businesses are unwilling to face the risks associated with losing client data and having production or operations halted due to a system breach. If they do, it is either out of ignorance or a lack of a thorough understanding of the entire process.
A dozen senators are making a bipartisan appeal to President Joe Biden to reinvigorate the power of U.S. authorities to seize Iranian oil assets
ByCALVIN WOODWARD Associated Press
WASHINGTON — A dozen senators are making a bipartisan appeal to President Joe Biden to reinvigorate the power of U.S. authorities to seize Iranian oil assets under an enforcement program they say has been allowed to languish.
Despite existing sanctions, Iranian oil exports jumped 35% last year and proceeds are being used to sponsor attacks on U.S. citizens and service members as well as allies, the senators said in a letter to the president.
Brinkmanship at sea was on display Thursday when masked Iranian navy commandos seized a U.S.-bound oil tanker in the Gulf of Oman, one of several vessels it has taken as bargaining chips in negotiations with the West. Without providing evidence, Tehran said the tanker had run into an Iranian vessel.
Specifically, the senators, led by Republican Joni Ernst of Iowa and Democrat Richard Blumenthal of Connecticut — both from the Armed Services Committee — complain that the Homeland Security Department’s security investigations office has been constrained in seizure operations by lack of money.
Since the enforcement program started in 2019, the office has seized nearly $228 million in Iranian crude and fuel oil linked to the Islamic Revolutionary Guard Corps, designated as a terrorist organization by the U.S., the senators said in the letter sent this past week.
But they said the office has not recently been given money that is available under the Treasury Forfeiture Fund to conduct seizures of Iranian oil.
“It is unacceptable that a U.S. government program, which makes the United States and its allies safer, provides funds to remediate the victims of terrorism, and generates income for the United States in a cost-effective manner, has been allowed to languish,” the letter says.
The push is coming from a diverse group of senators, among them Republicans Ted Cruz of Texas and Lindsey Graham of South Carolina, and Democrats Joe Manchin of West Virginia and Ron Wyden of Oregon. The White House did not immediately respond to a request for comment.
