• Defending against Smudge Attacks

    Many modern devices that hold our personal and business information are touchscreen and hackers and thieves are always resourceful. The smudges left by your fingertips remain on the screen, marking out the likely numbers from the virtual keypad on your phone that you used to tap in your PIN. Soon after, the phone is lost or stolen and that malicious third party carries out a “smudge attack” – they look at the screen and can have a good guess at the digits in your PIN.

  • Cyber Regulation Could Be Coming Following Spate of Hacks, Ransomware Attacks

    By Jeff Seldin

    The United States may soon look to regulate private companies, mandating higher standards for cybersecurity following a series of damaging hacks and ransomware attacks against key firms and critical infrastructure. Cybersecurity experts say that malign actors are currently operating with impunity and that too many private sector organizations have, so far, failed to take the necessary precautions. “Enlightened self-interest, that’s apparently not working,” Chris Inglis, tapped to be the country’s first national cyber director, told members of the Senate Homeland Security and Governmental Affairs Committee. “Market forces, that’s apparently not working.”

  • U.S. Attorney General Warns Ransomware “Getting Worse and Worse”

    By Masood Farivar

    U.S. Attorney General Merrick Garland warned Wednesday that ransom-motivated cyberattacks are “getting worse and worse,” echoing other top Biden administration officials who have sounded the alarm about the problem in recent weeks.  “We have to do everything we possibly can here,” Garland told lawmakers. “This is a very, very serious threat.” 

  • Fastly’s Global Internet Meltdown Could Be a Sign of Things to Come

    By David S. Wall

    For an hour on the morning of June, dozens of the world’s most-visited websites went offline. Together, these websites handle hundreds of millions of users. This case illustrates the fragility of an internet that’s being routed through fewer and fewer channels. When one of those major channels fails, in what is called a “single point of failure”, the results are dramatic, disruptive and incredibly costly. It’s urgent we address this significant vulnerability if we’re to avoid another global internet meltdown – but this time caused by criminals, not code.

  • Study Shows AI-Generated Fake Reports Fool Experts

    By Priyanka Ranade, Anupam Joshi, and Tim Finin

    AIs can generate fake reports that are convincing enough to trick cybersecurity experts. If widely used, these AIs could hinder efforts to defend against cyberattacks. These systems could set off an AI arms race between misinformation generators and detectors.

  • Researchers Discover Novel Class of Vehicle Cyberattacks

    Vehicles are becoming more and more connected to the Internet, and malicious hackers are licking their lips. A team led by Carnegie Mellon University CyLab researchers have discovered a new class of cybersecurity vulnerabilities in modern day vehicles. If exploited, an attacker could sneak past a vehicle’s intrusion detection system (IDS) and shut down various components, including the engine, by executing some crafty computer code from a remote location. No hardware manipulations nor physical access to the vehicle are necessary.

  • White House Urges US Companies to Protect Against Ransomware

    The White House on Thursday urged American businesses to take new precautions to combat disruptive ransomware attacks that have increasingly hobbled companies throughout Western economies. Anne Neuberger, a White House cybersecurity official, said in a statement that the “most important takeaway” from the recent attacks, including those affecting a key gasoline pipeline and a meat production company in the U.S., is that “companies that view ransomware as a threat to their core business operations rather than a simple risk of data theft will react and recover more effectively.”

  • Shadow Figment Technology Foils Cyberattacks

    Scientists have created a cybersecurity technology called Shadow Figment that is designed to lure hackers into an artificial world, then stop them from doing damage by feeding them illusory tidbits of success.

  • The Weaponized Web: The National Security Implications of Data

    By Lindsay Gorman, Bret Schafer, Clara Tsao, and Dipayan Ghosh

    Open societies have encouraged and promoted rapid technological advancement and market innovation —but both have outpaced democratic governance. Authoritarian powers have noticed the underlying opportunity to exploit the open standards of the democratically regulated digital information environment and undermine democratic values and institutions while shoring up their own regimes. This poses a novel challenge for democracies, which must adapt to compete in this conflict over the data, architecture, and governance framework of the information space without compromising their democratic principles.

  • Cyber Attacks Can Shut Down Critical Infrastructure. It’s Time to Make Cyber Security Compulsory

    By Richard Oloruntoba and Nik Thompson

    The 7 May attack on the Colonial Pipeline highlights how vulnerable critical infrastructure such as fuel pipelines are in an era of growing cyber security threats. In Australia, we believe the time has come to make it compulsory for critical infrastructure companies to implement serious cyber security measures.

  • It’s Time to Surge Resources into Prosecuting Ransomware Gangs

    In the popular imagination, hacking is committed by lone wolves with exceptional computer skills. But in reality, the vast majority of hackers do not have the technical sophistication to create the malicious tools that are essential to their trade. Kellen Dwyer writes that hacking has exploded in recent years because criminals have specialized and subspecialized so that each one can concentrate on facilitating just a single phase of a successful data breach. This is known as cybercrime-as-a-service and it is a massive business. This intricate cybercrime ecosystem offers the key to fighting it: “While organization and specialization are strengths of cybercriminals, they are also weaknesses. That means there are organizations that can be infiltrated and exploited.”

  • Shape-Shifting Computer Chip Thwarts an Army of Hackers

    By Todd Austin and Lauren Biernacki

    A processor is the piece of computer hardware that runs software programs. Since a processor underlies all software systems, a secure processor has the potential to protect any software running on it from attack. We have developed and tested a secure new computer processor that thwarts hackers by randomly changing its underlying structure, thus making it virtually impossible to hack.

  • Cybersecurity as Counterterrorism: Seeking a Better Debate

    Earlier this month, a senior Justice Department official referred to ransomware as a potential “cyber weapon of mass destruction.” When hackers subsequently disabled the Colonial Pipeline, causing fuel shortages and disruptions along the East Coast, it seemed to validate this warning. Simon Handler, Emma Schroeder, and Trey Herr, however, write that it would be a mistake for the policy establishment to double down on an outdated view of cyber conflict rooted in Cold War analogies. To improve U.S. cybersecurity, policymakers should draw instead on more relevant strategic lessons from the study of terrorism and counterterrorism.

  • Colonial Pipeline is a Harbinger of Things to Come in Business

    Six days after the Colonial Pipeline was attacked by cyberhackers and left millions hanging at the gas pump, they have gained control of their operations once again. But not before the refinery paid their attackers $5 million in untraceable cryptocurrency, according to several news outlets. While the worst is over for now, experts say that it’s a harbinger of things to come and more preparation and alternative modes of supply chain are needed to ward off future attacks.

  • Panic at the Pump and the Real Threat to Energy Security

    On Friday, May 7, the Colonial Pipeline was taken offline by a cyber attack. A major piece of the national energy infrastructure, the 5,500-mile-long line carries 45% of all the fuel — including gasoline, aviation fuel, and home heating oil — consumed on the East Coast. Gregory Brew writes that “almost immediately, commentators compared the situation to the Arab oil embargo of 1973 to 1974. “Such thinking reflects years of scholarship and public discourse focusing on energy security: the ability of consumers and governments to maintain access to energy flows, at reasonable prices, and handle potential disruptions,” he writes. Such analogies, while tempting, focus attention on mythical dangers at the expense of real ones.