Subterms
Image: Getty/Luis Alvarez Microsoft is expanding its cybersecurity suite, Microsoft 365 Defender, with AI-based capabilities which can automatically detect and disrupt cyberattacks like ransomware attacks and business email compromise (BEC) campaigns by quickly identifying and switching off the accounts or services being exploited by attackers. In Depth: These experts are racing to protect AI from hackers. […] More
Shutterstock While some of us have always worked remotely, the pandemic forced entire employee rosters to move online to keep businesses alive. Organizations had to rapidly pivot to digital environments and manage their teams through virtual meetings and apps. For many employees, however, the move to remote work improved their productivity and work-life balance. As […] More
Data belonging to customers of The Good Guys have been compromised in a security breach involving the Australian retailer’s former third-party supplier, My Rewards. Formerly known as Pegasus Group Australia, My Rewards also confirmed the breach in a statement Thursday, revealing that preliminary investigations pointed to an “unauthorised access” to its systems in August 2021, which led to the data compromise. This meant that personally identifiable information, including names, email addresses, and phone numbers, likely had been made publicly available, the company said, noting that all its data were stored in Australia.My Rewards added that its IT systems currently had not suffered any breach and would work with the relevant authorities. including the Australian Federal Police, regarding the breach. In its own statement Thursday, The Good Guys said it was notified of the breach this month and that its own IT systems were not involved. It previously worked with My Rewards to provide reward services for its Concierge members, some of whom would have set up My Rewards account that required a password. And while optional, customers’ dates of birth also might have been provided. Compromised data did not include financial or identity document details, such as credit card, driver’s licence, or passport information. The Good Guys said affected customers would be contacted about the breach. It added that My Rewards accounted linked to its Concierge benefits programme were closed and the former third-party vendor no longer held any personal data of its members. “The Good Guys is extremely disappointed that My Rewards, a former services provider, has experienced this breach and we apologise for any concern that this may cause,” the Australian retailer said. Commenting on the breach, BlueVoyant’s Asia-Pacific Japan vice president Sumit Bansal noted that the incident as well as last year’s Medibank breach involved third-party vendors, serving as a reminder for businesses to scrutinise their suppliers and other third parties involved in their supply chain. “These companies are far from the only ones to be negatively impacted by a breach related to a third party, and most likely will not be the last,” Bansal said. Citing the security vendor’s recent study, he noted that 97% of Asia-Pacific organisations had been negatively impacted by a breach in their supply chain. Almost 40% said they would not know if a third party had security vulnerabilities. The finding revealed a challenge with monitoring such risks, he said. “Digital supply chains are made of vendors, suppliers, and other third parties with network access. As organisations’ own internal cybersecurity becomes stronger, a third party may have weaker security,” he added. “To help prevent breaches, organisations should first make sure they know which third parties they use or have used in the past, and what data and network access they may have.””Organisations should only provide employees and third-parties with access to the data needed for their role. This helps to control what data can be accessed in the event of a breach. They should also put policies in place to prevent third parties from retaining data after their services are no longer used.”Australia-based Jacuqeline Jayne, who is KnowBe4’s Asia-Pacific security awareness advocate, further noted that the compromised data could be used to facilitate social engineering attacks, even if personal financial information were not leaked. The data could be manipulated to create phishing email messages that looked legitimate and be used to redirect payments or collect more sensitive information from targeted victims, Jayne said. “Because many victims will assume an email or text message containing legitimate information about previous orders would be trustworthy, it can make it much easier for a social engineering attack to be successful,” she said. “Victims of this [The Good Guys] data loss should be very cautious when it comes to future communications and they should pay close attention to any links in messages or requests for more information.”The Australian government in November passed a legislation to increase financial penalties for data privacy violators, pushing up maximum fines for serious or repeated breaches to AU$50 million ($32.34 million), from its current AU$2.22 million, or three times the value of any benefit obtained through the data misuse, or 30% of the company’s adjusted turnover in the relevant period, whichever is greater. RELATED COVERAGE More
Bruce Draper bought a new car recently. The car has all the latest technology, but those bells and whistles bring benefits — and, more worryingly, some risks. “It has all kinds of AI going on in there: lane assist, sign recognition, and all the rest,” Draper says, before adding: “You could imagine all that sort of thing being hacked — the AI being attacked.”It’s a growing fear for many — could the often-mysterious AI algorithms, which are used to manage everything from driverless cars to critical infrastructure, healthcare, and more, be broken, fooled or manipulated? What if a driverless car could be fooled into driving through stop signs, or an AI-powered medical scanner tricked into making the wrong diagnosis? What if an automated security system was manipulated to let the wrong person in, or maybe not even recognize there was ever a person there at all? As we all rely on automated systems to make decisions with huge potential consequences, we need to be sure that AI systems can’t be fooled into making bad or even dangerous decisions. City-wide gridlock or essential services being interrupted could be just some of the most visible problems that could result from the failure of AI-powered systems. Other harder-to-spot AI system failures could create even more problems.During the past few years, we’ve placed more and more trust in the decisions made by AI, even if we can’t understand the decisions that are reached. And now the concern is that the AI technology we’re increasingly relying on could become the target of all-but-invisible attacks — with very visible real-world consequences. And while these attacks are rare right now, experts are expecting a lot more will take place as AI becomes more common. “We’re getting into things like smart cities and smart grids, which are going to be based on AI and have a ton of data here that people might want to access — or they try to break the AI system,” says Draper.”The benefits are real, but we have to do it with our eyes open — there are risks and we have to defend our AI systems.”Draper, a program manager at Defense Advanced Research Projects Agency (DARPA), the research and development body of the US Department of Defense, is in a better position to recognize the risk than most. He’s spearheading DARPA’s Guaranteeing AI Robustness Against Deception (GARD) project, which aims to ensure that AI and algorithms are developed in a way that shields them from attempts at manipulation, tampering, deception, or any other form of attack.”As AI becomes commonplace, it becomes used in all kinds of industries and settings; those all become potential parts of an attack surface. So, we want to give everyone the opportunity to defend themselves,” he says.Fooling AI even if you can’t fool humansConcerns about attacks on AI are far from new but there is now a growing understanding of how deep-learning algorithms can be tricked by making slight — but imperceptible — changes, leading to a misclassification of what the algorithm is examining.”Think of the AI system as a box that makes an input and then outputs some decision or some information,” says Desmond Higham, professor of numerical analysis at University of Edinburgh’s School of Mathematics. “The aim of the attack is to make a small change to the input, which causes a big change to the output.”For example, you might take an image that a human would recognize as a cat, make changes to the pixels that make up the image, and confuse the AI image-classification tool into thinking it’s a dog.”This isn’t just a random perturbation; this imperceptible change wasn’t chosen at random.”
Desmond Higham
This recognition process isn’t an error; it happened because humans specifically tampered with the image to fool the algorithm — a tactic that is known as an adversarial attack.”This isn’t just a random perturbation; this imperceptible change wasn’t chosen at random. It’s been chosen incredibly carefully, in a way that causes the worst possible outcome,” warns Higham. “There are lots of pixels there that you can play around with. So, if you think about it that way, it’s not so surprising that these systems can’t be stable in every possible direction.” More
Image: Getty/10’000 Hours Remote working brings benefits for employees, but by working from outside the company’s internal network there’s also the added threat that employees are left more vulnerable to cyberattacks. And if hackers can compromise a remote employee by stealing their corporate username and password, or infecting their computer with malware, it could become […] More
Getty Images/Tim Mason Hardware is replaceable, data isn’t. It’s 2023 and it still surprises me how many people don’t give any consideration to backing up their important data until it’s too late. Also: Optimize Mac Storage can make your files go poof. Ask me how I know And yet it’s super easy to do a data […] More
Image: Getty/SOPA Images Google is working on improving the cybersecurity of Android smartphones and tablets by hardening the defenses of the entire ecosystem at the firmware level. Firmware is the computer software behind the configuration and control of a device’s hardware. Because of this status, firmware is often the first code that runs when a […] More
Image: June Wan/ZDNET Samsung has said it is rolling out a new feature for Galaxy smartphones and tablets that can protect against a new kind of cyber threat that allows attackers to hack your phone just by sending an image. Attackers trigger zero-click exploits by sending a message containing an image. You don’t even need […] More
