credit: Steve Johnson
Artificial intelligence tools hold promise for applications ranging from autonomous vehicles to the interpretation of medical images. However, a new study finds these AI tools are more vulnerable than previously thought to targeted attacks that effectively force AI systems to make bad decisions. At issue are so-called “adversarial attacks,” in which someone manipulates the data being fed into an AI system in order to confuse it.…..Continue reading….
By:
Source: NC State News
.
Critics:
A direct-access attack is when an unauthorized user (an attacker) gains physical access to a computer, most likely to directly copy data from it or to steal information. Attackers may also compromise security by making operating system modifications, installing software worms, keyloggers, covert listening devices or using wireless microphones.
Even when the system is protected by standard security measures, these may be bypassed by booting another operating system or tool from a CD-ROM or other bootable media. Disk encryption and Trusted Platform Module are designed to prevent these attacks. Direct service attackers are related in concept to direct memory attacks that allows an attacker to gain direct access to a computer’s memory.
The attacks “take advantage of a feature of modern computers that allow certain devices, such as external hard drives, graphics cards or network cards, to access the computer’s memory directly. To help prevent these attacks, computer users must ensure that they have a strong passwords, that their computer is locked at all times when they are not using it, and that they keep their computer with them at all times when traveling.
Eavesdropping is the act of surreptitiously listening to a private computer conversation (communication), usually between hosts on a network. It typically occurs when a user connects to a network where traffic is not secured or encrypted and sends sensitive business data to a colleague, which when listened to by an attacker could be exploited.
Data transmitted across an “open network” gives an attacker the opportunity to exploit a vulnerability and intercept it via various methods. Unlike malware, direct-access attacks, or other forms of cyber attacks, eavesdropping attacks are unlikely to negatively affect the performance of networks or devices, making them difficult to notice.
In fact, “the attacker does not need to have any ongoing connection to the software at all. He or she can insert the software onto a compromised device, perhaps by direct insertion or perhaps by a virus or other malware, and then come back some time later to retrieve any data that is found or trigger the software to send the data at some determined time.”
Using a virtual private network (VPN), which encrypts data between two points, is one of the most common forms of protection against eavesdropping. Using the best form of encryption possible for wireless networks is best practice, as well as using HTTPS instead of the unencrypted HTTP. Programs such as Carnivore and NarusInSight have been used by the Federal Bureau of Investigation (FBI) and NSA to eavesdrop on the systems of internet service providers.
Even machines that operate as a closed system (i.e., with no contact with the outside world) can be eavesdropped upon by monitoring the faint electromagnetic transmissions generated by the hardware. TEMPEST is a specification by the NSA referring to these attacks. Malicious software (malware) is any software code or computer program “intentionally written to harm a computer system or its users.”
Once present on a computer, it can leak sensitive details such as personal information, business information and passwords, can give control of the system to the attacker, and can corrupt or delete data permanently. Another type of malware is ransomware, which is when “malware installs itself onto a victim’s machine, encrypts their files, and then turns around and demands a ransom (usually in Bitcoin) to return that data to the user.”
Types of malware include some of the following:
- Viruses are a specific type of malware, and are normally a malicious code that hijacks software with the intension to “do damage and spread copies of itself.” Copies are made with the aim to spread to other programs on a computer.[20]
- Worms are similar to viruses, however viruses can only function when a user runs (opens) a comprised program. Worms therefore are self-replicating malware that spread between programs, apps and devices without the need for human interaction.[20]
- Trojan horses are programs that pretend to be helpful or hide themselves within desired or legitimate software to “trick users into installing them.” Once installed, a RAT (remote access trojan) can create a secret backdoor on the affected device.[20]
- Spyware is a type of malware that secretly gathers information on an infected computers and transmits the sensitive information back to the attacker. One of the most common forms of spyware are known as keyloggers, which is a kind of malware which recorders all of a users keyboard inputs/keystrokes, used to “allow hackers to harvest usernames, passwords, bank account and credit card numbers.”[20]
- Scareware, as the name suggests, is a form of malware which uses social engineering (manipulation) to scare, shock, trigger anxiety, or suggest the perception of a threat in order to manipulate users into buying or installing unwanted software. These attacks often begin with a “sudden pop-up with an urgent message, usually warning the user that they’ve broken the law or their device has a virus.
Computer security incident management is an organized approach to addressing and managing the aftermath of a computer security incident or compromise with the goal of preventing a breach or thwarting a cyberattack. An incident that is not identified and managed at the time of intrusion typically escalates to a more damaging event such as a data breach or system failure.
The intended outcome of a computer security incident response plan is to contain the incident, limit damage and assist recovery to business as usual. Responding to compromises quickly can mitigate exploited vulnerabilities, restore services and processes and minimize losses. Incident response planning allows an organization to establish a series of best practices to stop an intrusion before it causes damage.
Typical incident response plans contain a set of written instructions that outline the organization’s response to a cyberattack. Without a documented plan in place, an organization may not successfully detect an intrusion or compromise and stakeholders may not understand their roles, processes and procedures during an escalation, slowing the organization’s response and resolution.
Leave a Reply