The future of cybersecurity: Hacking the cloud

Grant Gross

February 03, 05:00 AM February 03, 05:33 AM Video Embed

As the world moves further into 2023, cybersecurity experts are starting to see some trends in the way hackers will operate this year, with more attacks on information stored in the cloud on the way.

To be clear, criminal hackers will continue to use many of the same methods and attacks they have in recent years. Ransomware will still be a major way for them to make money going forward, and phishing will continue to be used to gain access to personal data or corporate networks, some cybersecurity experts said.

NORTH KOREAN HACKERS BEHIND $100 MILLION CRYPTO THEFT, FBI SAYS

However, some see a growing move toward attacks on cloud infrastructure as many organizations move more data to the cloud, often public clouds operated by large technology providers.

“There will likely be more focus on attacking workloads running in cloud services or attacks exploiting [continuous software deployment] infrastructure,” said Adam Crosser, staff security engineer at Praetorian, a cybersecurity vendor.

As Praetorian simulates attacks against its clients, “there is often a need for more visibility into the security” of company systems focused on the continuous integration and delivery of software, he added. In many cases, these continuous delivery systems are operated in the cloud.

“Usually, a weak link can be leveraged to escalate privileges within an environment,” Crosser said. “Part of this is attackers meeting organizations where they are, so many shifts towards cloud-native applications and development would also lead attackers to focus more on attacking services within those environments.”

Still, criminal hackers are generally motivated by money, and if current techniques are profitable, they see no need to change tactics, Crosser added. While hacking gangs constantly evolve, what “drives their evolution is all about how much money they can make,” he said. “Until their typical playbook becomes unprofitable, they'll keep running it, over and over, and continue monetizing their expertise.”

This means common attacks like ransomware and phishing aren’t going away but with modifications, said Dr. Ehud Ben Porat, head of security awareness at ThriveDX, a tech skills training provider.

“Cybercriminals are always changing their techniques,” he said. “We also see more sophisticated attacks on the horizon that will develop with the increasingly globalized workforce, recent trends in layoffs, new technology innovations, and other evolutions.”

For example, ransomware attacks are likely to become more sophisticated, with attackers targeting people, businesses, and entire municipalities, he said. In some cases, criminals are not only encrypting the comprised data, but they are storing it in a new location, giving companies more incentive to pay.

Meanwhile, phishing and other social engineering techniques are becoming more targeted and sophisticated, Ben Porat added. Attackers are using more advanced techniques like spear-phishing, or phishing emails targeted to specific people; vishing, which is the voice call version of phishing; and smishing, involving text messages.

Ben Porat also sees the possibility of hackers using artificial intelligence like ChatGPT to write malicious code.

Still, with recent attention on ransomware, some hackers may look for new ways to find victims, said Anand Raghavan, co-founder and chief product officer at Armorblox, a secure email provider.

“With cyber insurers and regulators clamping down on ransomware, we expect to see a continued move away from ransomware to easier categories of attacks like business email compromise or vendor fraud,” he said. “It has never been easier for attackers to use email providers to create free email accounts and launch impersonation attacks against organizations.”

Like Ben Porat, Raghavan sees hackers embracing ChatGPT, predicting they will use it to help them with their phishing and related schemes.

“With ChatGPT, they do not even need to be native speakers of English to be able to craft well-written email messages,” he said. “Until organizations find ways to protect themselves against these kinds of targeted attacks, money lost through [business email compromise] and vendor fraud will continue to increase over the next few years.”

CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER

In addition, many hackers are beginning to develop patience, Raghavan said.

“Over the past couple of years, we have seen a move away from launching an attack right after compromising an account to a long-game approach where the attackers squat on the account and observe communication patterns, discover more about the organization, the entities they work with, and the compromised user, and then wait for the right time to launch an attack that gives them the most benefit,” he said. “This long game allows for the attacker to be present inside of a corporate network to steal as much information as possible.”

© 2023 Washington Examiner

XI, YOU’VE LOST ANOTHER BALLOON? Canada monitoring potential second incident of suspected ‘spy balloon.’

School choice operates under a single premise: Parents know their child’s unique needs, desires, and interests better than anyone else.

'We believe that life begins at conception, and so we believe that each of those little frozen lives is a human being that deserves an opportunity to be born.'

I wrote a popular post about serial ports once, and serial ports are something I think about, worry about, and dream about with some regularity. Yet I have never really devoted that much attention to the serial port’s awkward sibling, always assuming that it was a fundamentally similar design employing either 8 data pins each way or 8 bidirectional data pins. It turns out that the truth is a lot more complicated. And it all starts with printers. You see, I have written here before that parallel ports are popular with printers because they avoid the need to buffer bits to assemble bytes, allowing the printer to operate on entire characters at a time in a fashion similar to the electromechanical Baudot teleprinters that early computer printers were based on. This isn’t wrong, it’s actually more correct than I had realized—the computer parallel port as we know it today was in fact designed entirely for printers, at least if you take the most straightforward historical lineage.

Let’s start back at the beginning of the modern parallel port: the dot matrix printer.

The serial port still sees tons of use today, but the parallel port seems to have vanished entirely.

The 24-bit Wuyuan is based on superconducting chip technology and was delivered to an unknown user more than a year ago.

Specialist search equipment picked up radiation emitting from the widget, which went missing last month, apparently while being moved from a Rio Tinto iron ore mine.

‘Don’t even bother! As long as you allow my holy book to be burned and torn, we will not say yes’.

A witness argued that Elon Musk’s 2018 tweet claiming to have secured funding to take Tesla private cost investors US$12 billion, a figure that does not just apply to those part of the lawsuit.

The science is clear to anyone.

Boeing bid farewell to an icon on Tuesday, delivering its final 747 jumbo jet as thousands of workers who helped build the planes over the past 55 years looked on.Since its first flight in 1969, the giant yet graceful 747 has served as a cargo plane, a commercial aircraft...

Texas should increase funding in 2023 to accommodate the expanding needs of moms and their babies in post-Roe America.

Microsoft, GitHub, and OpenAI want the court to dismiss a proposed class action complaint that accuses the companies of scraping licensed code to build GitHub’s AI-powered Copilot tool, as reported earlier by Reuters. In a pair of filings submitted to a San Francisco federal court on Thursday, the Microsoft-owned GitHub and OpenAI say the claims outlined in the suit don’t hold up.

Launched in 2021, Copilot leverages OpenAI’s technology to generate and suggest lines of code directly within a programmer’s code editor. The tool, which is trained on publicly available code from GitHub, sparked concerns over whether it violates copyright laws soon after its release.

Things came to a head when programmer and lawyer, Matthew Butterick, teamed...

Continue reading…

OH: Two Officers Involved in Tyre Nichols Death Were Hired After Memphis PD Lowered Recruiting Standards.

"faces a precarious future, one that analysts have little faith will improve any time soon"

The post Webster University in Missouri Faces Annual Losses of $25 Million first appeared on Le·gal In·sur·rec·tion.

THE NEW SPACE RACE: This Rare Asteroid May Be Worth 70,000 Times the Global Economy. Now NASA Is Sending a Spaceship to Explore It.

The space agency decided back in 2017 that humankind would benefit from a closer look at 16 Psyche. The Psyche mission was initially slated to take place at the end of 2022 but was delayed due to “development problems.” NASA is now planning to launch the Psyche spacecraft this October. The vessel should reach the ultra-valuable asteroid in August 2029.
…
The metal-rich asteroid is about the size of Massachusetts and shaped somewhat like a potato, according to astronomers. Its average diameter is about 140 miles—or roughly the distance between Los Angeles and San Diego. The asteroid orbits between Mars and Jupiter at a distance ranging from 235 million to 309 million miles from the Sun.

A study published by The Planetary Science Journal in 2020 suggests that Psyche is made almost entirely of iron and nickel.

If Psyche turns out to be as metals-rich as we think, it might not be too outlandish to say that whoever controls Psyche will control the solar system.

“The horror stories I could tell you about [prostitutes] being beaten and being choked and being burned and being gang raped”

The post Prostitution and Human Trafficking Are Exploding in Los Angeles first appeared on Le·gal In·sur·rec·tion.

"A degree should not be the only way to get a good paying job or have a fulfilling future"

The post PA Gov. Josh Shapiro Removes Four-Year Degree Requirement ‘From 92% of Government Jobs’ first appeared on Le·gal In·sur·rec·tion.

The timepiece, a symbol of the perils facing humanity, moved forward to 90 seconds from midnight amid the Ukraine war, nuclear tensions and the climate crisis.

An asteroid about the size of a box truck is expected to make one of the closest approaches by a near-Earth object ever recorded, NASA said Wednesday.

HAHA: Master of the written word, J. K. Rowling, shuts down attack from trans activist in 2 words.

Nearly a thousand Americans have been charged for things like putting their feet on Nancy Pelosi's desk two years ago on January 6th. But not Ray Epps, the man filmed everywhere inciting open violence near and at the Capitol.

My incoming Christmas cards are a low-risk piece of mail. But if the USPS can't handle those, why should it be trusted with my ballot?

FASTER, PLEASE: The US certifies the first small modular nuclear reactor design. “The NRC’s certification is a significant stamp of approval for a potential climate solution that’s still controversial among environmental advocates. Essentially, it’s a green light for an entirely new generation of nuclear reactors.”

Environmental advocates who aren’t advocating for nuclear are advocating for something other than the environment.

They're making their lists, checking them twice, trying to decide who's in and who's not. Once again, it's admissions season, and tensions are running high as university leaders wrestle with challenging decisions that will affect the future of their schools. Chief among those tensions, in the past few years, has been the question of whether standardized tests should be central to the process.

“The vast majority of commercial and industrial establishments are now working not for the free market but for the government.” V.I. Lenin, State and Revolution; 1917

This Lenin quote leapt to mind amid the recent revelations coming from the “Twitter files” and exposed over the past several weeks. Among other disclosures, the files revealed direct lines of communication between government agencies, including the FBI and Department of Defense, and the social media company. 

Twitter was found to not only be a landing spot for many agents in the government intelligence community, but also doing the bidding of agencies to suppress information deemed to be antithetical to the agencies’ goals and preferred narratives. Indeed, journalist Matt Taibbi went so far as to describe Twitter as an “FBI subsidiary.” 

And it wasn’t just Twitter that the government targeted. Late last month Elon Musk tweeted “*Every* social media company is engaged in heavy censorship, with significant involvement of and, at times, explicit direction of the government,” illustrating his point by saying, “Google frequently makes links disappear, for example.”

Such revelations undercut many defenders of tech giants, who insist “they’re private companies, they can do what they want.” Instead, we must ask: are these truly ‘private companies’ in any meaningful sense?

Indeed, Lockheed Martin, Raytheon and Northrup Grumman are all nominally “private companies.” But they are private in name only because they are in reality appendages of the state, relying on defense contracts (not market transactions) for their success. 

We should treat big tech companies with the same skepticism we apply to tools of the military industrial complex. Certainly so after the “Twitter file” revelations.

In his quote above, Lenin was, of course, bragging about the progress made toward complete nationalization of industry in the Soviet Union of the time.

But we can also consider his statement as descriptive. When your main mission is to do the bidding of the state, rather than serving consumers in the voluntary marketplace, you are not really a private company in the true sense of the term. Your company is not a market phenomenon.

It’s no longer possible to defend social media corporations on the basis of private property rights, because big tech are what Michael Rectenwald would describe as “governmentalities,” not private companies.

Michael Rectenwald, former professor of liberal studies at New York University and author of the book “Google Archipelago: The Digital Gulag and the Simulation of Freedom,” provided context for how he believes tech goliaths like Google and Twitter come to do the state’s bidding in a November 2020 lecture.  

“In a series of lectures entitled Security, Territory, Population, the postmodern theorist Michel Foucault introduced the term ‘governmentality’ to refer to the distribution of state power to the population, or the transmission of governance to the governed,” Rectenwald noted. 

“Foucault referred to the means by which the populace comes to govern itself as it adopts and personalizes the imperatives of the state, or how the governed adopt the mentality desired by the government—govern-mentality,” he added.

Rectenwald, however, went even further than Foucault. “I adopt and amend the term to include the distribution of state power to extragovernmental agents—in particular to the extension and transfer of state power to supposedly private enterprises.”

What transpires, then, is a form of ‘governmentalization’ of nominally private enterprises, rather than the privatization of government functions that free market advocates prefer. 

How intertwined with the government are the tech giants? The relationship predates the more recent phenomena revealed by Elon Musk’s divulgences. 

“First, both Google and Facebook received start-up capital—both directly and indirectly—from US intelligence agencies,” Rectenwald informs us. In their early days, Google in particular was heavily reliant on CIA contracts and deals with other U.S. intelligence agencies. 

As Lenin boasted, “The vast majority of commercial and industrial establishments are now working not for the free market but for the government.” And work for the government, including shutting down dissident voices, is what big tech has indeed been doing for years.

As a result, they can no longer be defended with cries of “but they’re private companies,” and instead be called out for what they really are: tools of state oppression.

 

Courtesy of the American Institute for Economic Research (Originally titled The Twitter Files: Lenin Would Be Proud).

From an article about Zheng Xiaoqing, an American convicted of spying for China:

According to a Department of Justice (DOJ) indictment, the US citizen hid confidential files stolen from his employers in the binary code of a digital photograph of a sunset, which Mr Zheng then mailed to himself.

Australian Mike Cannon-Brookes’s Grok Ventures will provide the funding after Sun Cable entered administration – the US$21 billion project aims to construct the world’s biggest solar farm.

I’M NOT SURPRISED: People Forced to ‘Go to Work.’ in the Metaverse Say It’s a Complete Nightmare.

“I am totally immersed in the metaverse, have a big headset on, and then I need to take off the Oculus, look on my phone for the two-factor authentication code that’s been sent to my phone, then memorize the number, put my headset back on, and try to key it in,” an employee at the tech-consulting firm Accenture, a major Meta funder that’s attempting to implement Oculus into the workspace, griped to Slate. “But when you take off the Oculus it automatically goes to sleep mode, and I was trying to navigate the back-and-forth.”

Also speaking to Slate, other workers attempting to get the job done in metaverse workspaces experienced similar woes.

“Between forgetting to charge headsets, operating system updates, new app installation/updates, logging into accounts, screensharing between desktop and headset,” David Stern, founder and CEO of the Slate Group’s Supporting Cast podcast platform, told Slate, “there’s just a lot that can go wrong.”

Workers also told Slate that there are some glaring accessibility issues, particularly for those with disabilities like motion sickness. And once someone actually gets into their digital workspace, the problems don’t end — even just figuring out basic social cues and conventions is apparently pretty difficult, and most of Slate’s sources seemed to agree that any merits of current VR work fail to outweigh the many reported downsides.

Facebook is spending up to $10 billion a year on this effort.

Investigative "team has to date been unable to identify a person responsible by a preponderance of the evidence."

The post Supreme Court Says Unable To Figure Out Who Leaked Abortion Decision Draft first appeared on Le·gal In·sur·rec·tion.