Category Archives: Internet Security
Global Internet security Market Size and Forecast | International … – Reedley Exponent
New Jersey, United States Verified Market Research has recently published a research report titled, Global Internet security Market Insight, Forecast To 2030 assessing various factors impacting its trajectory. The Global Internet security market report offers a high-quality, accurate, and comprehensive research study to equip players with valuable insights for making strategic business choices. The research analysts have provided deep segmental analysis of the Global Internet security market on the basis of type, application, and geography. The vendor landscape is also shed light upon to inform readers about future changes in the market competition. As part of competitive analysis, the report includes detailed company profiling of top players of the Global Internet security market. Players can also use the value chain analysis and Porters Five Forces analysis offered in the report for strengthening their position in the Global Internet security market.
Leading players of the Global Internet security market are analyzed taking into account their market share, recent developments, new product launches, partnerships, mergers or acquisitions, and markets served. We also provide an exhaustive analysis of their product portfolios to explore the products and applications they concentrate on when operating in the Global Internet security market. Furthermore, the report offers two separate market forecasts one for the production side and another for the consumption side of the Global Internet security market. It also provides useful recommendations for new as well as established players of the Global Internet security market.
Get Full PDF Sample Copy of Report: (Including Full TOC, List of Tables & Figures, Chart) @https://www.verifiedmarketresearch.com/download-sample/?rid=5846
Key Players Mentioned in the Global Internet security Market Research Report:
International Business Machine (IBM) Corp., Hewlett Packard, Microsoft Corp., Cisco System Inc., Intel Corporation (McAfee Inc.), Symantec Corporation, Trend Micro, Kaspersky Lab, Dell (SonicWall Inc.). Symantec and IBM.
Global Internet securityMarket Segmentation:
Internet Security Market, By Type
Hardware Software Services
Internet Security Market, By Technology
Authentication Cryptography Access Control Technology Content Filtering
Internet Security Market, By Application
BFSI Retail Manufacturing Education IT & Telecommunications Government Aerospace, defense & intelligence Others
All of the segments studied in the research study are analyzed on the basis of BPS, market share, revenue, and other important factors. Our research study shows how different segments are contributing to the growth of the Global Internet security market. It also provides information on key trends related to the segments included in the report. This helps market players to concentrate on high-growth areas of the Global Internet security market. The research study also offers separate analysis on the segments on the basis of absolute dollar opportunity.
The authors of the report have analyzed both developing and developed regions considered for the research and analysis of the Global Internet security market. The regional analysis section of the report provides an extensive research study on different regional and country-wise Global Internet security markets to help players plan effective expansion strategies. Moreover, it offers highly accurate estimations on the CAGR, market share, and market size of key regions and countries. Players can use this study to explore untapped Global Internet security markets to extend their reach and create sales opportunities.
Inquire for a Discount on this Premium Report@ https://www.verifiedmarketresearch.com/ask-for-discount/?rid=5846
What to Expect in Our Report?
(1) A complete section of the Global Internet security market report is dedicated for market dynamics, which include influence factors, market drivers, challenges, opportunities, and trends.
(2) Another broad section of the research study is reserved for regional analysis of the Global Internet security market where important regions and countries are assessed for their growth potential, consumption, market share, and other vital factors indicating their market growth.
(3) Players can use the competitive analysis provided in the report to build new strategies or fine-tune their existing ones to rise above market challenges and increase their share of the Global Internet security market.
(4) The report also discusses competitive situation and trends and sheds light on company expansions and merger and acquisition taking place in the Global Internet security market. Moreover, it brings to light the market concentration rate and market shares of top three and five players.
(5) Readers are provided with findings and conclusion of the research study provided in the Global Internet security Market report.
Key Questions Answered in the Report:
(1) What are the growth opportunities for the new entrants in the Global Internet security industry?
(2) Who are the leading players functioning in the Global Internet security marketplace?
(3) What are the key strategies participants are likely to adopt to increase their share in the Global Internet security industry?
(4) What is the competitive situation in the Global Internet security market?
(5) What are the emerging trends that may influence the Global Internet security market growth?
(6) Which product type segment will exhibit high CAGR in future?
(7) Which application segment will grab a handsome share in the Global Internet security industry?
(8) Which region is lucrative for the manufacturers?
For More Information or Query or Customization Before Buying, Visit @ https://www.verifiedmarketresearch.com/product/global-internet-security-market-size-and-forecast-to-2025/
About Us: Verified Market Research
Verified Market Research is a leading Global Research and Consulting firm that has been providing advanced analytical research solutions, custom consulting and in-depth data analysis for 10+ years to individuals and companies alike that are looking for accurate, reliable and up to date research data and technical consulting. We offer insights into strategic and growth analyses, Data necessary to achieve corporate goals and help make critical revenue decisions.
Our research studies help our clients make superior data-driven decisions, understand market forecast, capitalize on future opportunities and optimize efficiency by working as their partner to deliver accurate and valuable information. The industries we cover span over a large spectrum including Technology, Chemicals, Manufacturing, Energy, Food and Beverages, Automotive, Robotics, Packaging, Construction, Mining & Gas. Etc.
We, at Verified Market Research, assist in understanding holistic market indicating factors and most current and future market trends. Our analysts, with their high expertise in data gathering and governance, utilize industry techniques to collate and examine data at all stages. They are trained to combine modern data collection techniques, superior research methodology, subject expertise and years of collective experience to produce informative and accurate research.
Having serviced over 5000+ clients, we have provided reliable market research services to more than 100 Global Fortune 500 companies such as Amazon, Dell, IBM, Shell, Exxon Mobil, General Electric, Siemens, Microsoft, Sony and Hitachi. We have co-consulted with some of the worlds leading consulting firms like McKinsey & Company, Boston Consulting Group, Bain and Company for custom research and consulting projects for businesses worldwide.
Contact us:
Mr. Edwyne Fernandes
Verified Market Research
US: +1 (650)-781-4080UK: +44 (753)-715-0008APAC: +61 (488)-85-9400US Toll-Free: +1 (800)-782-1768
Email: sales@verifiedmarketresearch.com
Website:- https://www.verifiedmarketresearch.com/
More:
Global Internet security Market Size and Forecast | International ... - Reedley Exponent
A History of Ransomware and the Cybersecurity Ecosystem – Security Intelligence
The number and complexity of cybersecurity tools have grown at a dizzying pace in recent decades. As cyber threats like ransomware became more numerous and complex, antivirus and threat management tools expanded to meet these challenges. Security experts now often find themselves with too many choices and a market too rich with options. Choosing, running and training on these tools can become a problem.
From the first computer worm to ransomware, lets review the evolution of cyber threats and the expanding cybersecurity ecosystem.
With no public internet, computer security in the early days focused mainly on passwords protecting computer systems one at a time. Even 60 years later, passwords remain a foundation of a healthy cybersecurity practice.
In the 1970s, an ethical coder created a program called Creeper, a worm that moved from system to system, leaving a message behind on the ARPANET. (ARPANET was the Advanced Research Projects Agency Network, an arm of the U.S. Department of Defense and the forerunner of todays internet.) A colleague of the Creeper programmer created a program to destroy it called Reaper. It found and deleted the virus, creating the first antivirus program. These were the first virus and antivirus programs, but that didnt remain true for long.
In the late 1980s, the Morris Worm, a self-replicating malware program, served as a wake-up call to the industry. Designed to demonstrate a known vulnerability, it slowed down the internet and caused widespread damage. The Morris Worm clarified the need to hold back a growing threat landscape and gave rise to the first firewall. Firewalls slowly emerged from labs in the late 1980s, but the firewall industry would take off in the next decade.
In 1987, the first true commercial antivirus solution came out from the German company G Data Software for Atari systems. McAfee was also founded that year and launched VirusScan. Several more antivirus products followed.
The 1980s began with no real commercial cybersecurity products. They ended with several firewall projects and antivirus products on the market, and the trend would only continue.
The history of the worldwide web began in 1989, and its spread in the early 1990s made the internet mainstream. The decade started with fewer than 3 million internet users and ended with around 281 million. With millions of people putting their personal and financial information online, cyber criminals emerged to exploit it.
In the 1990s, cybersecurity tools focused on perimeter protection firewalls and intrusion prevention systems as well as antivirus software. Firewalls transitioned from lab projects to commercial products, with the second generation coming out of AT&T Bell Labs, which called their technology Circuit Level Gateway. This introduced the first stateful firewall, a firewall that monitors the complete state of active network connections. In 1994, Check Point launched Firewall-1, which was a milestone among commercial firewall solutions by offering a popular and easy-to-administer cybersecurity tool that used a graphical user interface.
With a firewall, packet filters could protect a safe internal network by hunting for known malicious traffic. These steadily became more refined and varied, but the basic concept stayed the same. Building a moat around corporate networks and applications was the method of the era.
The first virtual private network (VPN) was developed inside Microsoft in 1996 to extend the protection of the firewall to remote users dialing in with modems. It would later be used broadly for both security and privacy, enabling remote user activity to be hidden from internet service providers and public Wi-Fi. The technologies underlying VPN products Internet Protocol Security (IPSec), Internet Key Exchange (IKE ) and, by the end of the decade, Layer 2 Tunneling Protocol (L2TP) vastly improved VPN security as products spread.
Many of the attack types spreading widely today, like ransomware (the first instance of which happened via floppy disk in 1989), emerged as a more widely used technique in the mid-2000s. During this time GPCode, TROJ.RANSOM.A, Archiveus, Krotten, Cryzip, MayArchive and other new ransomware attacks emerged. Ransomware became more attractive to threat actors with the rise of difficult-to-trace cryptocurrencies. Malware posing as antivirus became a major point of social engineering around ransomware attacks.
After 2000, the concept of the SOC (security operations center) came into vogue, an all-hands-on-deck control center featuring a room full of specialists monitoring and stopping security events across the whole enterprise. In the case of smaller teams, a Managed Security Service could accomplish this job. Either way, they probably used a security information and event management (SIEM) platform. This approach was an early attempt to deal with overcomplexity in both attack variants and security tools.
A SIEM is a collection of software systems that find, analyze and display data from devices, software and logging systems, or external sources. Today more than 60 companies sell SIEM solutions.
The SIEM idea has been more recently replaced by the emergence of real-time security intelligence platforms aimed to prevent problems like ransomware rather than find them after the fact. These use big data analytics to discover trends.
This kind of control room approach to cybersecurity could involve thousands of different solutions and products. They not only deal with a wide range of attack types but also with a wide range of solutions.
Next-generation firewalls emerged in 2008 and proliferated in the 2010s. Driven by Palo Alto Networks, these firewalls used application-aware packet filtering, user-based access control (regardless of the systems IP address or device type), built-in IPS filtering and other advanced techniques that proved powerful when combined. By the end of the decade, there would be hundreds of firewall solutions.
The ransomware worm WannaCry emerged in 2017, spreading virally and demanding Bitcoin payment. During this decade, cybersecurity tools got way more modern, using network behavioral analysis and web application firewalls.
We start the new decade paralyzed by choice. Every security solution, starting with passwords and including firewalls, antivirus and antimalware, VPNs, two-factor authentication solutions, biometric tools, encryption products, hardware-based security, enterprise key management, container and Kubernetes security, confidential computing and many more, began as single solutions. More providers emerged, more solutions emerged and the tool landscape became more complex.
We find ourselves where market size itself is a security threat. The time and energy it takes to evaluate and choose from the incredible variety of solutions has become a significant investment, and the mastery and training of these solutions is another challenge altogether.
The proliferation of threats and solutions is unlikely to change. So for todays cybersecurity and the battle against ransomware, the focus is on solutions that bring order to the chaos. Threats will continue to evolve at a faster pace and solutions must evolve with them. The next historic milestones for the cybersecurity ecosystem will be cloud-based tools paired with artificial intelligence and intelligent automation to target ransomware and todays other threats.
Learn why IBM Security is recognized as a leader in managed security services, combining AI, threat intelligence and response to deliver better security outcomes.
Freelance Technology Writer
Continue Reading
Here is the original post:
A History of Ransomware and the Cybersecurity Ecosystem - Security Intelligence
Why is it so rare to hear about Western cyber-attacks? – BBC
23 June 2023
Image source, Crowdstrike
Cyber security firm Crowdstrike illustrates the biggest hacker threats with cartoons
A cyber-attack that took over iPhones at a Russian technology company is being blamed on US government hackers. Could the attack, and the response from the Russian government, be rewriting the narrative of who the good guys and bad guys are in cyber-space?
Camaro Dragon, Fancy Bear, Static Kitten and Stardust Chollima - these aren't the latest Marvel film superheroes but the names given to some of the most feared hacking groups in the world.
For years, these elite cyber teams have been tracked from hack to hack, stealing secrets and causing disruption allegedly under orders from their governments.
And cyber-security companies have even created cartoon images of them.
Camaro Dragon - Checkpoint's latest illustration for an alleged Chinese group hacking European foreign affairs workers
With dots on a world map, marketeers at these companies regularly warn customers about where these "advanced persistent threats" (APTs) are coming from - usually Russia, China, North Korea and Iran.
But parts of the map remain conspicuously empty.
So why is it so rare to hear about Western hacking teams and cyber-attacks?
A major hack in Russia, unearthed earlier this month, might provide some clues.
Defenders under attack
From his desk overlooking the Moscow Canal, the cyber-security worker watched as strange pings began to register on the company wi-fi network.
Dozens of staff mobile phones were simultaneously sending information to strange parts of the internet.
But this was no ordinary company.
Kaspersky HQ, in Moscow
This was Russia's biggest cyber company Kaspersky, investigating a potential attack on its own employees.
"Obviously our minds turned straight to spyware but we were pretty sceptical at first," chief security researcher Igor Kuznetsov says.
"Everyone's heard about powerful cyber tools which can turn mobile phones into spying devices but I thought of this as a kind of urban legend that happens to someone else, somewhere else."
After painstaking analysis of "several dozen" infected iPhones, Igor realised their hunch had been right - they had indeed unearthed a large sophisticated surveillance-hacking campaign against their own staff.
The type of attack they had found is the stuff of nightmares for cyber defenders.
The hackers had invented a way to infect iPhones simply by sending an iMessage that automatically deletes itself once the malicious software is injected into the device.
"Wham, you're infected - and you don't even see it," Igor says.
'Reconnaissance operation'
The victims' entire phone contents were now being pinged back to the attackers at regular intervals. Messages, emails and pictures were shared - even access to cameras and microphones.
Keeping to Kaspersky's long-standing rule of not pointing fingers, Igor says they are not interested in from where this digital espionage attack was launched.
"Bytes don't have nationalities - and anytime a cyber-attack is blamed on a certain country, then it's done with an agenda," he says.
But the Russian government is less concerned about that.
On the same day Kaspersky announced its discovery, Russian security services put out an urgent bulletin saying they had "uncovered a reconnaissance operation by American intelligence services carried out using Apple mobile devices".
The Russian cyber-intelligence service made no mention of Kaspersky but claimed "several thousand telephone sets" belonging to both Russians and foreign diplomats had been infected.
The bulletin even accused Apple of actively helping in the hacking campaign. Apple denies it was involved.
The alleged culprit - the United States National Security Agency (NSA) - told BBC News it had no comment.
Igor insists Kaspersky did not coordinate with the Russian security services and the government's bulletin took them by surprise.
The NSA has elite hackers working for the US
Some in the cyber-security world will be surprised by this - the Russian government had appeared to be issuing a joint announcement with Kaspersky, for maximum impact, the kind of tactic increasingly used by Western countries to expose hacking campaigns and loudly point fingers.
And this announcement was swiftly and predictably followed by a chorus of agreement from America's allies in cyber-space - the UK, Australia, Canada and New Zealand - known as the Five Eyes.
China's response was a rapid denial saying the story was all part of a "collective disinformation campaign" from the Five Eyes countries.
Chinese Foreign Ministry official Mao Ning added China's regular response: "The fact is the United States is the empire of hacking."
'Targeting China'
But now, like Russia, China seems to be adopting a more aggressive approach to calling out Western hacking.
And that warning came with a statistic from Chinese company 360 Security Technology - it had discovered "51 hacker organisations targeting China".
The company did not respond to requests for comment.
Last September, China also accused the US of hacking a government-funded university responsible for aeronautics and space research programmes.
'Fair play'
"China and Russia have slowly figured out the Western model for cyber exposure is incredibly effective and I think we are seeing a shift," Rubrik Zero Labs head and former cyber intelligence worker Steve Stone says.
"I'll also say I think that's a good thing. I have zero issue with other countries revealing what Western countries are doing. I think it's fair play and I think it's appropriate."
Many brush off the Chinese charge of the US being the empire of hacking as hyperbole - but there is some truth in it.
According to the International Institute for Strategic Studies (IISS), the US is the only tier-one cyber power in the world, based on attack, defence and influence.
The paper's lead researcher, Julia Voo, has also noticed a shift.
"Espionage is routine for governments and now it's so often in the form of cyber-attacks - but there's a battle of narrative going on and governments are asking who is behaving responsibly and irresponsibly in cyber-space," she says.
And compiling a list of APT hacking groups and pretending there are no Western ones is not a truthful depiction of reality, she says.
UK hackers operate from Government Communications Headquarters (GCHQ), in Cheltenham
"Reading the same reports about hacking attacks from only one side adds to a general ignorance," Ms Voo says.
"A general education of the public is important, because this is basically where a lot of tensions between states are going to be playing out in the future."
"It's not super-detailed but more than other countries," she says.
'Data bias'
But the lack of transparency could also stem from cyber-security companies themselves.
Mr Stone calls it a "data bias" - Western cyber-security companies fail to see western hacks, because they have no customers in rival countries.
But there could also be a conscious decision to put less effort into some investigations.
"I don't doubt that there's likely some companies that may pull the punch and hide what they may know about a Western attack," Mr Stone says.
But he has never been part of a team that deliberately held back.
Image source, Crowdstrike
Static Kitten is the name given to an Iranian government-sponsored hacking group
Lucrative contracts from governments such as the UK or US are a major revenue stream for many cyber-security companies too.
As one Middle Eastern cyber-security researcher says: "The cyber-security intelligence sector is heavily represented by Western vendors and greatly influenced by their customers' interests and needs."
The expert, who asked to remain anonymous, is one of more than a dozen volunteers regularly contributing to the APT Google Sheet - a free-to-view online spreadsheet tracking all known instances of threat-actor activities, irrespective of their origins.
It has a tab for "Nato" APTs, with monikers such as Longhorn, Snowglobe and Gossip Girl, but the expert admits it is pretty empty compared with tabs for other regions and countries.
'Less noise'
He says another reason for the lack of information on Western cyber-attacks could be because they are often stealthier and cause less collateral damage.
"Western nations tend to conduct their cyber operations in a more precise and strategic manner, contrasting with the more aggressive and broad attacks associated with nations like Iran and Russia," the expert says.
"As a result, Western cyber operations often yield less noise."
The other aspect to a lack of reporting could be trust.
It is easy to brush off Russian or Chinese hacking allegations because they often lack evidence.
But Western governments, when they loudly and regularly point the finger, rarely, if ever, provide any evidence either.
Continue reading here:
Why is it so rare to hear about Western cyber-attacks? - BBC
DOJ Falters on Prosecution of Cybercrimes Due to Unequal … – IPWatchdog.com
Without prior Congressional review or a legislative amendment, the DOJs selective enforcement of a key Federal statute neither provides risk mitigation to the industry facing billions of dollars of losses nor deters industrial espionage and cyber theft, which are rampant.
Recent policy announcements by the U.S. Department of Justice (DOJ) regarding the selective prosecution under the Computer Fraud and Abuse Act of 1986 (CFAA) has had the unintended consequence of alerting cyber criminals that the DOJ cannot walk and chew gum at the same time.
The CFAA, a landmark 1986 legislation, prohibits accessing a computer without authorization or in excess of authorization. Enacted in the aftermath of press coverage of high-profile criminal hacking incidents, heightened national security threats from rogue foreign actors, and a finding that traditional theft and trespass statutes were ill-suited to address cybercrimes, the CFAA imposed criminal penalties, including fines and imprisonment, granting the FBI and the Justice Department the authority to investigate and prosecute. The CFAA further provides private civil causes of action for individuals or entities harmed by the perpetrators unauthorized access.
Since then, the CFAA has been amended by Congress multiple times, including via the USA Patriot Act, and each time the law expanded its definition of criminalized computer acts and broadened its jurisdiction to include any internet-enabled electronic device, including computers and cell phones, due to the interstate nature of most Internet communication.
The CFAA prohibitions broadly apply to hacking for malicious purposes (i.e., breaking in with stolen passwords to steal data or encrypted files), to insider threats where employees who have authorized access to a certain portion of their employers computer gain unauthorized access to other portions of the same computer, and to former employees who gain access to their work computers after access is revoked upon termination of employment.
TheU.S.SupremeCourtinVanBurenv. UnitedStates, 14 S.Ct 1648 (2021) ended the decades long split in federal circuit courts rulings on the definition of unauthorized access and access in excess of authorization with a finding that the burden of authorized access or access in excess of authorization rests on the employer to restrict access and establish security protocols to regulate access; an employee exercising permissible access does not lose access if the purpose of that access is not as intended by the employer. However, the enforceability of unauthorized access or access in excess of authorization is strengthened by the Supreme Court decision where access had been definitively terminated or restricted by the employer.
Contrary to the extensive statutory guidelines and case law precedents, the DOJ has recently announced that the Department will not charge defendants in certain types of exceeds authorization cases based on the theory that a defendants authorization to access a particular file, database, folder, or user account was conditioned by a contract, agreement, or policy, with the narrow exception of contracts, agreements, or policies that entirely prohibit defendants from accessing particular files, databases, folders or user accounts on a computer in all circumstances. The DOJ further states that defendants will not be charged where authorization to access a computer, or a particular area on a computer, was automatically withdrawn under the terms of a contract or other written document once the user did something, or some other particular condition was met.
The DOJs prosecutorial discretion, exercised in this policy directive, appears to be overbroad and vague. Without prior Congressional review or a legislative amendment, the DOJs selective enforcement of a key Federal statute neither provides risk mitigation to the industry facing billions of dollars of losses nor deters industrial espionage and cyber theft, which are rampant. Twin cases, one in the real estate industry (CREXi) and a second in the entertainment industry (Ticketmaster), conspicuously illustrate the DOJs unequal application of the CAs mandate despite their similarity in fact pattern.
In both cases, the fact pattern conforms to the type of without authorization cases that the DOJ has specifically identified for prosecution in its policy directive: Unlike the exceeds authorization cases, which the DOJ has directed it will only prosecute for the narrow exception of contracts, agreements, or policies that entirely prohibit defendants from accessing particular files, databases, folders, or user accounts on a computer in all circumstances, the DOJ has provided no such limiting guidance for without authorization cases. Inexplicably, the DOJ chose to bring criminal charges in one case (Ticketmaster), while the other case (CREXi) has languished in court for three years.
CoStarGroupetal.v.CommercialReal EstateExchange,Inc. is a civil case pending in the Central District Court of California Court in Los Angeles for alleged theft of intellectual property for the purpose of developing a competing business. The complaint alleges that defendant Commercial Real Estate Exchange, Inc. (CREXi} employees accessed CoStars subscription database without permission; CREXis former account executives hacked into CoStars password protected database by using passwords issued to CoStar customers, and then downloaded CoStars broker directories to build a clone directory on CREXi, using the stolen data to generate customer leads. The complaint specifies that at least one of theCREXi executives involved, the head of its New York office, used credentials to which he had never had any entitlement. According to the complaint, two of the other executives used a former employers credentials after they left to work for CREXi.
In a second case with a similar fact pattern, which was before the Eastern District of New York, in Brooklyn, the DOJ intervened with criminal charges against the defendant, Ticketmaster, because its employees repeatedly - and illegally accessed a competitors computers without authorization using stolen passwords to unlawfully collect business intelligence. Ticketmaster agreed to pay a criminal penalty of $10 million in exchange for deferred prosecution and a compliance and ethics program designed to prevent and detect violations of the Computer Fraud and Abuse Act and other applicable laws, and to prevent the unauthorized and unlawful acquisition of confidential information belonging to its competitors.
According to William Sweeney, FBI Assistant Director-in-Charge assigned to the Ticketmaster case; When employees walk out of one company and into another, its illegal for them to take proprietary information with them. Ticketmaster used stolen information to gain an advantage over its competition, and then promoted the employees who broke the law. This investigation is a perfect example of why these laws exist to protect consumers from being cheated in what should be a fair marketplace. Should the same standard not apply to the CoStarcase?
EvenundertheDOJsnewandundulyrestrictivepolicy,the alleged accesstoCoStarsdatabase by theheadof CREXisNewYork office was reportedly never authorizedunder any circumstances. Indeed, even the two CREXi executives who purportedly used credentials issued to their former employers pose a problem, as said credentials would have been revoked upon their separation from the company. And, arguably, even that point need not be reached as no authorization existed for any CREXi employee in the first place.
In any event, given the lack of prosecution for this seemingly plain lack of authorization for CREXIs New York office heads database access, it is clear that the DOJs new unduly restrictive approach to exceeds authorization cases is having a chilling effect on prosecutions of the other type cases where no authorization existed at all. In short, the pernicious impact of the DOJs new policy regarding selective prosecutions under the Computer Fraud and Abuse Act of 1986 (CFAA) appears to be stymieing even those prosecutions that on their face fall outside its overly narrow restrictions.
In mid-May, the DOJ announced criminal charges including export violations, smuggling, and theft of trade secrets, in connection with the Disruptive Technology Strike Force, which it co-leads with the Department of Commerce, to counterefforts by hostile nation-states such as Russia and China to illicitly acquiring sensitive U.S. technology. Once again, the DOJs prosecutorial discretion, exercised in this policy directive involving rogue foreign actors, appears to be overbroad and vague, and with an unequal application of CFAA mandates in cases with a similar fact pattern.
The DOJ, in two of the five criminal cases, charged former software engineers for stealing software and hardware source code from U.S. tech companies to sell to China. In the Central District of California, a senior software engineer wasarrested and charged with theft of trade secrets for allegedly stealing source code used in meteorology software, used insmart automotive manufacturing equipment, which the defendant then allegedly marketed to multiple Chinesecompanies. In the Northern District of California, a citizen of the Peoples Republic of China (PRC) and former Apple engineer is charged with allegedly stealing thousands of documents containing the source code for software and hardware.
In the CREXi case, which similarly involves theft of an American companys intellectual property and trade secrets by offshore agents in India, the DOJ has failed to consider intervening with criminal charges against the defendant, CREXi. According to the CoStar complaint, CREXi not only has substantial financial backing from venture capital firms, including Industry Ventures, Jackson Square Ventures, Freestyle Capital, and TenOneTen Ventures, but the company has also used its Indian vendors to steal CoStars intellectual property. Three of its vendor companies are facing court proceedings in India.
Duringa timeof escalating cybersecurity threats,both domesticand foreign, theDOJsfailure to fullyenforce the mandates of theCFAA as intended byCongress anddecided bycase law precedent weakens thelaws broad legal protections against industrial espionage and cyber theft of intellectualproperty and trade secrets.
Image Source: Deposit PhotosImage ID: 68350515Author: stevanovicigor
View original post here:
DOJ Falters on Prosecution of Cybercrimes Due to Unequal ... - IPWatchdog.com
Scamming the scammers: New AI fake victims to disrupt criminal … – Macquarie University
A new AI-driven system has created convincing fake victims in the form of multi-lingual chatbots who waste the time of scam callers, in a quest to put a dent in the estimated $55 billion people lose each year to thieves.
Keep talking: the new platform uses voice clones to keep scammers on the line in fake conversations with AI chatbots.
Named Apate, after the Greek goddess of deception, the system will scam the scammers, using convincing voice clones to conduct conversations with real scammers.
Phone scams are run by organised crime groups and currently only a tiny fraction of the criminals are caught, and the money is rarely recovered, says Professor Dali Kaafar, Executive Director of Macquarie Universitys Cyber Security Hub.
The idea came to Professor Kaafar while having lunch with his family, when a scammer called. He put on an entertaining pretence, keeping his kids laughing - and keeping the scammer on the line for 40 minutes.
I realised that, while I had wasted the scammers time so they couldnt get to vulnerable people, which was the point - that was also 40 minutes of my own life I wouldnt get back, Professor Dali says.
Then I started thinking about how we could automate the whole process, and use Natural Language Processing to develop a computerised chatbot that could have a believeable conversation with the scammer, he says.
Professor Kaafar says his team now has patents pending for this highly-effective technology.
We are excited about the potential for this new technology to actively break the scam-calling business model and make it unprofitable, he says.
The hugely lucrative global phone scam trade is growing each year, and the ACCC estimates Australians lost over 3.1 billion to scammers in 2022.
Professor Kaafar says despite telecommunications providers blocking well over half a billion scam calls since 2020, Australians are still flooded with these calls and the tiny fraction that get through can wreak havoc on victims.
Phone scams are on the rise globally for a few reasons, he says.
Disruptors: Cyber security innovators Michal Kepkowski, Ian Wood, Nardine Basta and Professor Dali Kaafar have developed new voice technology bots designed to stop scammers stealing money from victims all over the world.
Technology like voice-over-internet protocol (VOIP) makes it easy and cheap for cyber-criminals to mask their location, pretending to call from any number.
Meanwhile on the technology front, it is hard and expensive to update the telecommunications infrastructure and protocols to improve authentication of the calls.
Financially, it's a high-gain, low-cost ratio for scammers, the practice is very lucrative and a relatively low-risk criminal activity - and it's pretty hard for victims to recover this money.
Partnering with communications providers will be the key to making this new technology really effective.
These conditions attract growing numbers of scammers who specialise in playing on human emotions and fears.
"The business model of scammers relies on making a large profit from a small number of victims; only a small percentage of the thousands of calls they make each week are successful, says Professor Kaafar.
Our model ties them up, wastes their time and reduces the number of successful scams, he says. We can disrupt their business model and make it much harder for them to make money."
The team from the Macquarie University Cyber Security Hub began by analysing scam phone calls and pinpointing the social engineering techniques scammers use on their victims, using machine learning techniques and natural language processing to identify typical scam scripts'.
They then trained chatbots on a dataset of real-world scam conversations from recordings of scam calls to transcripts of scam emails, and chat logs from social media platforms so the bot can generate its own conversations resembling those of real-world scam calls.
Professor Kaafar says advances in Natural Language Processing (NLP) and AI human voice cloning have allowed them to develop AI agents that are capable of fluent speech, and can adopt a particular persona and stay on track in a conversation, being convincingly consistent in their responses.
The conversational AI bots we have developed can fool scammers into thinking they are talking to viable scam victims, so they spend time attempting to scam the bots, Professor Kaafar says.
These bots can be trained in any language or accent and because phone scams are a global challenge, this technology can be deployed anywhere in the world.
The team is now trialling the chat bots on live scam calls, redirecting calls intended for victims to their testing prototype, an always-on honeypot with a wide range of personas.
Keep talking: Professor Dali Kaafar, pictured, and the cyber security team hope their new scam-fighting bots will keep scammers on the line for up to 40 minutes and also help identify the latest phone scams so banks can warn customers.
Weve put these dirty numbers all around the internet, getting them into some spam apps, or publishing them on webpages and so on, to make them more likely to receive scam calls," Professor Kaafar says.
We found the bots react pretty nicely to some tricky situations that we were not expecting to get away with, with scammers asking for information that we didnt train the bots for but the bots are adapting, and coming up with very believeable responses.
"The bots are continually learning how to drag the calls out to meet their primary objective: keeping scammers on the line longer. "
The current deployment of Apate bots are already averaging five minutes, and the aim is to get them to 40 minutes.
The scam-fighting bots also contribute to threat intelligence timely information that is gathered about current phone scams and their targets; this helps organisations such as major banks, retailers and government bodies warn customers.
Professor Kaafar says the team is in conversation with a number of telecommunications providers and says they are open to a number of commercial partnerships.
Partnering with communications providers will be the key to making this really effective, Professor Kaafar says.
We see this as having huge potential globally; if we can redirect many of those spam calls that providers are currently blocking, and send the scammers to Apate bots, tying up their time as much as we can, the whole industry will no longer be viable.
"I suggest the ultimate meta-scenario might see scammers adopting AI themselves, training their own scam chatbots which are then diverted into speaking to chatbots owned by the telecommunications providers.
If scam chatbots end up talking to scam-defending chatbots instead of stealing money from real people Id take that as a big win!
Apate is partially funded by the National Intelligence Office under theNational Intelligence and Security Discovery Research Grants program.
Professor Dali Kaafar is theExecutive Director of Macquarie Universitys Cyber Security Hub in the Faculty of Science and Engineering, Macquarie University.
See original here:
Scamming the scammers: New AI fake victims to disrupt criminal ... - Macquarie University
Blue Springs Man Sentenced to 27 Years for Conspiracy to Produce … – Department of Justice
KANSAS CITY, Mo. A Blue Springs, Mo., man who watched online as a 7-year-old girl was raped and sexually abused was sentenced in federal court today for his role in a conspiracy to produce child pornography.
Justin W. Hardin, 46, was sentenced by U.S. District Judge Stephen R. Bough to 27 years and three months in federal prison without parole. The court also sentenced Hardin to spend the rest of his life on supervised release following incarceration.
On Feb. 2, 2023, Hardin pleaded guilty to one count of conspiracy to produce child pornography, two counts of receiving child pornography over the internet, one count of distributing child pornography over the internet, and one count of possessing child pornography.
According to court documents, investigators identified an individual who was posting photos and videos of his sexual abuse and rape of a 7-year-old girl online. Hardin engaged in numerous chats with this individual on Google Hangouts between Aug. 1 and Sept. 3, 2019. During the chats, Hardin viewed in real time the individuals sexual abuse and rape of the child victim. In addition, Hardin asked the individual to write Abbi Dillon (Hardins online screen name) on the childs body while the abuse was occurring.
On Sept. 11, 2019, law enforcement officers seized Hardins Apple iPhone. A forensic evaluation found evidence of the receipt and distribution of child pornography, as well as images of the sexual abuse of the 7-year-old victim.
The individual who sexually assaulted the child victim was sentenced in another jurisdiction to 25 years imprisonment for aggravated indecent liberties with a child and 155 months for rape, to be served consecutively.
This case was prosecuted by Assistant U.S. Attorney Catherine A. Connelly. It was investigated by Homeland Security Investigations and the Western Missouri Cybercrimes Task Force.
Project Safe Childhood
This case was brought as part of Project Safe Childhood, a nationwide initiative launched in May 2006 by the Department of Justice to combat the growing epidemic of child sexual exploitation and abuse. Led by the United States Attorneys' Offices and the Criminal Division's Child Exploitation and Obscenity Section, Project Safe Childhood marshals federal, state, and local resources to locate, apprehend, and prosecute individuals who sexually exploit children, and to identify and rescue victims. For more information about Project Safe Childhood, please visit http://www.usdoj.gov/psc . For more information about Internet safety education, please visit http://www.usdoj.gov/psc and click on the tab "resources."
Originally posted here:
Blue Springs Man Sentenced to 27 Years for Conspiracy to Produce ... - Department of Justice
Former Jail Contractor Sentenced To More Than 17 Years For … – Department of Justice
Jacksonville, Florida U.S. District Judge Brian J. Davis has sentenced Brandon Paul Smolinski (36, Middleburg) to 17 years and 6 months in federal prison for distribution of child sexual abuse materials. His prison term is to be followed by 10 years of supervised release. The court also ordered Smolinski to pay $33,500 in restitution to the victims of his offense. Smolinski had pleaded guilty on March 22, 2023.
According to court documents, the Putnam County Sheriffs Office (PCSO) initiated an investigation after receiving information about five files of child sexual abuse material (CSAM) being sent over a social media application by a user. PCSOs investigation revealed that the files were sent from within the Putnam County Jail and traced the social media account to that of Smolinski, who was working for a transportation company that does work inside of the Putnam County Jail. The company provided Smolinskis work schedule and confirmed that he was working in the Putnam County Jail on the dates and times the files were shared from within the facility.
PCSO contacted the Clay County Sheriffs Office (CCSO) to request assistance at Smolinskis residence in Middleburg and CCSO discovered additional information that the internet service at Smolinskis residence was also used to upload files of CSAM using the same social media application. Detectives from PCSO and CCSO approached Smolinski in the parking lot at the Putnam County Jail. During an interview with the detectives, Smolinski stated that he worked in the jail for approximately six months. He further said that he worked the nightshift, and even though no one was supposed to bring their phones into the jail tower, he brought his phone and used it to log onto the secure Wi-Fi at the Putnam County Jail.
Smolinski admitted to having the social media application used to distribute the files of CSAM. When shown particular files of CSAM distributed from his account, Smolinski acknowledged having seen the files and that they depicted children, estimating that one of the children being sexually abused in a video appeared young, 10 years old. Smolinski said he would save a video shared with him via chat groups on the app, and then would flip the videos around and re-send them out. When asked if he knew what he was doing was wrong, Smolinski replied, Oh yes, 100% wrong. Smolinski said he had been involved viewing and distributing CSAM for several years.
During a forensic review of Smolinskis iPhone, law enforcement discovered multiple files of CSAM, including a file sent to Person A on June 27, 2022. Also, on Smolinskis phone were several chat messages between Smolinski and Person A, during which they talked about exploiting children. Within the messages, Smolinski said his favorite age was 8-9-10-14. Somewhere in there, but Im not picky.
This case was investigated by the Putnam County Sheriffs Office, the Clay County Sheriffs Office, and Homeland Security Investigations (HSI), and the Northeast Florida INTERCEPT Task Force. It was prosecuted by Assistant United States Attorney Ashley Washington and former United States Attorney Kelly Karase.
It is another case brought as part of Project Safe Childhood, a nationwide initiative launched in May 2006 by the Department of Justice to combat the growing epidemic of child sexual exploitation and abuse. Led by the United States Attorneys Offices and the Criminal Division's Child Exploitation and Obscenity Section, Project Safe Childhood marshals federal, state, and local resources to locate, apprehend, and prosecute individuals who sexually exploit children, and to identify and rescue victims. For more information about Project Safe Childhood, please visit http://www.usdoj.gov/psc. For more information about internet safety education, please visit http://www.usdoj.gov/psc and click on the tab resources.
Read more:
Former Jail Contractor Sentenced To More Than 17 Years For ... - Department of Justice
The Importance of Cybersecurity Education – Cyber Kendra
Table of ContentsThere are several threats in existence in the world. Yet, not all these dangers are directly physical. Many threats exist in cyberspaces. As such, these persistent problems necessitate the need for cybersecurity education.
In an era defined by rapid technological advancements and an increasingly interconnected world, the significance of cybersecurity education cannot be overstated. The digital landscape presents numerous opportunities, but it also exposes individuals, organizations, and even nations to significant risks.
Cyber threats continue to evolve and grow in complexity, making it crucial for individuals to understand the importance of cybersecurity and acquire the necessary skills to protect themselves and others.
To understand the need to study internet security, this article highlights reasons for security on the internet. Acquiring this knowledge is essential in the fight against hackers and other malicious elements who consistently find new ways to propagate harm.
There are several benefits of learning cybersecurity. Below are some you should consider.
Although a lot of information is in the public domain, not every detail should be accessible to every person. Some details may not be suitable for the public, especially:
Therefore, protecting these details is essential as these contents are continuous targets for cybercriminals. Many hackers try to break digital firewalls, aiming to cause financial loss, reputational damage, identity theft, or national security compromise. With adequate internet security education, these threats can be significantly reduced.
There are lots of digital assets that require protection on the internet. These properties may include cryptocurrencies, NFTs, intellectual property, and creative work. Bad actors frequently cause data breaches and ransomware attacks, which can lead to the destruction of these assets. Acquiring the knowledge of cybersecurity tips and best practices can protect your properties from damage.
Although you may be physically detached from people, the internet is not as safe as you think. Things that happen in cyberspaces can lead to real-life problems. For example, many individuals' encounters with stalkers begin online. After finding personal details about their victims, many of these stalkers transition to physical confrontation.
If you are unaware of a problem, you would not know the importance of seeking protection. As such, internet security education helps increases awareness by highlighting the dangers hackers and other bad actors pose.
In addition, it presents ways people can effectively protect their information and digital assets, even if they are a student. Similarly, you can safeguard your grades by researching find someone to write my paper for me. Buying papers from a reliable online platform ensures you receive unique and qualitative content.
Your digital platform requires passwords, updates, and other security adjustments. Therefore, acquiring cybersecurity education helps you maintain digital hygiene through regular software updates, password management, safe email access, and secure browsing. Adhering to these practices helps protect your information and reduces the chances of cyber-attacks.
Learning about the need for cybersecurity and hoping it is implemented can completely change your mindset. It should help you cultivate an analytical, critical, and careful approach to technologies, which enables you to make appropriate decisions, anticipate threats, evaluate risks, and manage problems. Acquiring this mindset should positively impact your personal and professional life.
As most human activities require technology, the need for cybersecurity continues to increase. More employers are looking for internet security experts. Even in non-technical roles, businesses and institutions prefer hiring individuals with the right mindset on cybersecurity. As such, being proficient in this field makes you employable. If you decide to take this field as a career path, you have several options to choose from. Any way you take allows you to make a meaningful contribution to the public.
As cyberspace changes, you must continue to educate yourself about emerging threats and solutions as follows.
Cybersecurity education is crucial as it helps you protect information and safeguard digital assets. Also, it ensures safety online and offline. It increases your vigilance and awareness and enhances digital hygiene. It helps develop the required mindset and improves career opportunities. On the other hand, it helps you to advance your cybersecurity knowledge continuously.
About the Author
Mary Herd works as a programmer. She is also an online educator and tutor. Therefore, Mary frequently writes educational content related to programming and edtech solutions.
See original here:
The Importance of Cybersecurity Education - Cyber Kendra
The Role of AI in Strengthening Online Security: Trends and … – St. Lucia News Online
Since the early days of the internet, security and safety were priorities. A few decades ago, it was easy to handle tasks tied to S&S. There was less risk, and rarely who even thought about protecting themselves online. Things have changed. Today there are more threats than ever. Cybercriminals, hackers, and identity thieves are lurking in every corner of the web. Luckily, how we can protect ourselves has improved too. Today, more than ever, in every department of our lives, we rely on artificial intelligence.
AI has drastically improved the quality of our lives, and were not only talking about our online lives. AI has penetrated every pore of our society. So, the one question arrived pretty soon: How can artificial intelligence help us to feel and be more protected on the internet? Are there any trends and innovations in this department? Of course, there are. In this article, we are going to discuss the role of AI in strengthening online security. There are a few departments where artificial intelligence is already making strides. Lets discuss it.
Dont get us wrong. We, as humans, also learn over time. We gain experience, learn more, learn better and faster, and improve over time. But AI does it on a whole other level. We cant compare. AI is much more adept at recognizing real threat lines, deviating them from bugs and normal events, and can thoroughly analyze and create new data. This advantage the AI has can be seen from the recent rise of fake follower bots on celebrity social media accounts. ExpressVPNs research shows these bots are completely AI-generated and can potentially manipulate public opinion, posing a significant challenge to online trust and authenticity. They are very sophisticated, making it hard for an average person to spot.
However, when it comes to cybersecurity, the remarkable capabilities of AI enable it to react quickly, stopping and preventing threats. Hackers and cybercriminals are fast, and they learn too, but with AI on our side and its capability to learn and process information, they will find it harder and harder to parry artificial intelligence in the future. The cope under which it does it cant be compared to anything human-like. Due to the above-mentioned traits, AI can immediately react to stopping and preventing threats.
Hackers and cybercriminals have a lot of work on their hands. They work every day to find new ways to penetrate our security. That is what they do. In the past, it was easier to make breaches as human-made security often faced new and never before seen threats. Hackers are crafty, and with every new attack and virus, they show the world their innovative ways. Today, thanks to the presence of artificial intelligence, this will be harder and harder. AI is capable of recognizing and neutralizing unknown threats. Only a few years ago, some of the threats artificial intelligence handles with ease now would go undetected and cause massive security breaches and data loss.
One of AIs biggest innovations is its ability to process tons of data. The level at which it is capable of processing data wasnt seen ever before with any computer. Just take ChatGPT as an example. This AI is only a few months old and is already garnering millions of users, and is undergoing constant changes and updates. Users take its data, fill it with new, create content, and make it explore further. In no time, it will be able to browse the web and control the accessible data we have online. In fact, 76% of enterprises prioritized AI and machine learning in their IT budgets in 2021. All of this was made possible by its unparalleled ability to process data, learn on the spot, and be more adept with every passing moment at dealing with any issue put in front of it. This is what makes it such a great addition to the world of online security.
Imagine a guard that never sleeps. That is AI for you. In terms of online security, every hour, every minute, and every second matters. A data breach can occur at any moment. After all, we live in time zones, and when you sleep, a cybercriminal might be wide awake. With AI, what youll receive is monitoring without interruptions. When it comes to cyber security, this matters. It matters a lot. It is the first step in every preventive action we might take. Its ability to learn and recognize threats humans wouldnt make it an ideal partner. Cyber security experts will make better and better tools for preventing crimes in the future, all based on the work AI is doing today. What was just a pipe dream and a thing of Sci-Fi films only a few years back is a reality today. Incredible!
For a long time, when humans dealt with security, it was all about repetitive functions. We have devised a system and ways to protect ourselves both in real life and online. It was all about respecting the doctrine and sticking to the plan. When security moved online, we were still hanging onto the old rules and established principles of protection. While theyve worked for a while, with time, the human mind will become complacent. Threats that are easy to be identified will start slipping through the system. This is where AI steps in. It doesnt get complacent. It never sleeps. When it comes to repetitive, duplicate processes, it will not slip. It will never believe that everything is in order. In this department, it doesnt only do a good job; it does it much better than its human counterparts.
Security is no different than everyday life. Some tasks need to be completed, which are dull and time-consuming but necessary nonetheless. When the human is employed with tasks like this, it will consume more and more of its time each time youre doing it. With artificial intelligence, time-wasting is brought to a minimum. It is capable of eradicating all time-consuming tasks and focusing on dealing with real threats.
Ai is here and is here to stay. The best part is that its here to protect. You should be glad and appreciate it. Cyber security is posing a bigger threat than ever for all of us, and having real-time protection that never sleeps and does its work seamlessly and with mistakes is a good partner to have.
More:
The Role of AI in Strengthening Online Security: Trends and ... - St. Lucia News Online
How To Easily Fix Avast Not Working on Mac – The Mac Observer
As Mac owners, we often hear about the importance of security software in protecting our data and privacy. Avast is a popular antivirus software choice for Mac owners, but what happens when it is not working anymore? In this article, we will explore the issues you may encounter with Avast on Mac and solutions for resolving them.
Yes, Avast does work on Macs. It is a well-known antivirus program designed to protect computers from malware and other security threats. Avast offers a range of products for Mac, including Avast Security for Mac which provides protection against viruses, ransomware, and other malware threats, and Avast Premium Security which adds additional features like Wi-Fi intruder alerts and ransomware protection.
If you find that Avast is not working on your Mac, there may be a compatibility issue between the version of macOS you are running and the version of Avast installed. Heres how to update your macOS and Avast:
After updating macOS, check if Avast is working properly.
Apple has often been known to suggest that its macOS is secure and does not necessarily require an antivirus. However, in reality, no system is immune to threats. An additional layer of security is never a bad idea. As the number of Mac users grows, so does the interest of cybercriminals in targeting this platform. Moreover, even your iPhone and iPad can use an extra layer of protection.
While Avast is a reputable antivirus program, it is not the only option for Mac users. One notable alternative worth considering is Intego Internet Security. The antivirus is built exclusively for Mac, which means that its developers focus solely on Mac security. This specialization allows Intego to offer features finely tuned to the macOS environment.
Intego Internet Security offers a suite of tools, including VirusBarrier (antivirus protection), NetBarrier (firewall), and Washing Machine (system optimization tool). This provides comprehensive protection from viruses, malware, and unauthorized network access, and helps optimize your Mac for peak performance.
Intego is often praised for its low impact on system performance. This is particularly important for Mac users, as one of the attractions of using a Mac is its smooth and responsive user experience.
Time needed:2 minutes.
If updating macOS doesnt resolve the issue, you may need to reinstall Avast:
Once reinstalled, Avast should now work correctly.
While Macs are known for their robust security features, its essential to remain vigilant and take extra precautions. Avast is an excellent choice for keeping your Mac safe. However, like any software, issues can arise. Keeping macOS and Avast updated ensures compatibility and that your Mac is protected against the latest security threats. For further reading, we recommend checking out the best USBantivirus softwarethat you can use to scan to ensure that the USB drives that you use are safe and free of any viruses.
Avast for Mac does include a firewall feature in its premium offering, Avast Premium Security. The firewall monitors all network traffic and helps in blocking unauthorized access to your Mac. It acts as a barrier between your computer and the internet, controlling what can enter and leave your network.
The debate about the safety of MacBooks compared to Windows PCs has been ongoing for years. MacBooks have historically been considered safer due to the macOS operating system being less targeted by malware authors compared to Windows. This is partially because there are more Windows users, making it a more attractive target for cybercriminals. However, Macs are not immune to malware and other cyber threats. Over the years, the gap between the security of Mac and Windows has narrowed, and both systems are vulnerable to attacks if not properly protected.
Macs tend to have a reputation for being harder to hack compared to Windows computers. This is due to a combination of factors including macOS being built on Unix, which has some inherent security features, and Apples strict control over its software ecosystem. However, this does not mean that Macs are impervious to attacks.
Excerpt from:
How To Easily Fix Avast Not Working on Mac - The Mac Observer