This Week in Security #7
- 3 minsNavigating the ever-evolving landscape of cybersecurity can feel like a whirlwind—new threats, innovations, and incidents that are constantly reshaping the digital world. This week’s post breaks down some of the developments and that took place last week.
Rapid-fire:
- Ransomware attack in the UK leaves hospitals unable to match blood types
- Top-10 commercial bank in the US confirms breach that occurred back in October
The Fallout From Change Healthcare’s Ransom payment
Malicious actors tend to target information which would give them the most monetary value, and generally this means they target confidential and personal information. Following that train of thought, it makes sense that many attacks are targeted towards medical related companies.
- In March, Change Healthcare paid out a $22 million ransom making it one of the largest payments in history
- At the time, U.S. officials and cybersecurity researchers echoed the same sentiment that paying out ransoms sets a dangerous precedent
- On top of funding further criminal activity, such payments also signal that these companies are good prospective targets
- After the payment went through, a different group attempted to extort Change Healthcare with the same sensitive information
Since then, there has been an uptick in ransomware attacks targeting the medical industry. Not only did April have the highest number of such attacks recorded, it was the largest month over month jump recorded as well.
The US government is partnering with Microsoft and Google to provide better security resources for healthcare companies.
Deepfakes and the Indian Election
Early on in during the election cycle in India, we briefly mentioned that deepfakes of various public figures were being circulated to sway public opinion theorizing the ramifications they would have on the world’s largest democratic election.
Although this isn’t directly related to security, not only is tackling misinformation always something worth doing, staying aware of these technologies is important when considering how to deal with more advanced phishing campaigns.
So, what are a couple of ways parties spent approximately $50 million on AI generated content?
- A deepfake of Tamil Nadu’s late chief minister was created with the party’s consent
- Other beloved figures who had passed away were “brought back” through the use of generative AI to play on constituents’ emotions
- AI was used to translate speeches live to increase the reach of party members
- India is home to 22 official languages and many many more others, live translations helped reach more minority populations
While there’s obviously some good that’s come from these use cases, it raises many more questions and issues for me. It brings to mind issues like misinformation, the creation of toxic content, and getting consent.
With social media platforms like X removing many guardrails against misinformation, how do we ensure wide-spread education on these topics? Moreover, as I noted above, for one of the deepfakes, consent was given by the party but does that on its own make creating a deepfake okay?
Security Fundamentals
Attack Signatures: Attack signatures are a crucial resource used in identifying known threats to your machine.
- Signature-based malware detection scans a machine and by checking files, commands or traffic for these signatures they can detect known attacks
- The downside of this approach is that it can’t detect unknown attacks or even variants of a known attack To complement signature-based detection there are other methods such as behavioural detection.
Siddhantha Bose
Living, learning, and meeting people along the way