Pages

Tuesday, January 23, 2024

What is credential stuffing and how can I protect myself?

Credential stuffing is a type of cyber attack where hackers use stolen usernames and passwords to gain unauthorised access to other online accounts.

Hackers purchase job lots of login credentials (obtained from earlier data breaches) on the “dark web”. 

They then use automated tools called “bots” to perform credential stuffing attacks. These tools can also be purchased on the dark web. 

Bots are programs that perform tasks on the internet much faster and more efficiently than humans can.

What is credential stuffing and how can I protect myself? A cybersecurity researcher explains


The Dead Horse Theory is a powerful reminder that it's important to be proactive about recognizing when a project or venture is no longer viable ...

More Police Are Using Your Cameras for Video Evidence

Police “nerve centers” are blurring the line between public and private surveillance.




"Whatever his colleagues thought of him, shooting armed robbers and drug dealers was one thing, but a police officer, Michael Drury, being shot in his own home with his family nearby, that was something else again, and I think that's when Rogerson really lost a huge amount of support."

In 1990 he was convicted of perverting the course of justice alongside two businessmen, over $110,000 deposited by him into a bank account under a false name.

He served almost four years in prison.

He was again jailed in 2005 for lying to the Police Integrity Commission and served 12 months of a five-year sentence.




Czech teen Linda Noskova has taken the scalp of world No. 1 Iga Swiatek on route to the Australian Open quarter-finals.

Czech giant killer is expecting fireworks

Linda Noskvoa has put the tennis world on notice after knocking out top players in a blistering Australian Open run, while Daniil Medvedev is still alive.


The poll results accompanied PM’s Proud to Pay More report, which profiles a handful of very wealthy people who believe their class should be taxed much more heavily. “We have spent the last 50 years believing in and nurturing an economic idea: that intensifying investment in the individual and encouraging the personal protection of wealth will benefit everyone,” writes Giorgiana Notarbartolo, an Italian entrepreneur from an old, wealthy industrial family. “It’s not hard to see how much damage the reality of the application of this idea has brought to our society.”

How to negotiate with, and win against, hackers

Victims of ransomware are turning to professionals to help reduce the cost of the ransom, or even avoid paying it 

After UK-based Euler Finance, a crypto lending platform, fell victim to a $197mn cyber theft, lawyers helped it to retrieve all the funds in three weeks.
They succeeded because the criminals made a strategic error in paying 100 ETH, or Ether, into an account reputed to be linked to North Korean hackers. Lawyers used this as a pressure point to warn the perpetrators that they could face reprisals from state actors or organised crime. It was enough to persuade the hackers to return the money.
While recovering funds in this way is extremely rare, victims of ransomware are increasingly turning to negotiators — be they in-house response teams, insurers, security firms, or lawyers — to reduce the cost of their ransom, or even avoid paying one altogether.
But what is the art of ransomware negotiation?
“Negotiators should ask open-ended questions to attempt problem-solving,” says Amanda Weirup, assistant professor of management at Babson College, and an expert in negotiation and conflict management. “For example, ‘What would it take to resolve this situation?’ The strongest negotiators tailor their approach based on the other parties’ interests and priorities,” she says, noting that, on top of financial gain, some cyber criminals seek recognition to further a political or ideological agenda.
Ransomware hacks — in which cyber criminals encrypt data systems and demand a payment to release them — have proliferated since the coronavirus pandemic, as remote working lessened cyber defences.
But data from US tech group IBM shows that organisations that paid a ransom achieved only a small difference in the cost of the attack — $5.06mn compared with $5.17mn — although this does not include the cost of the ransom itself. “Given the high cost of most ransomware demands, organisations that paid the ransom likely ended up spending more overall than those that didn’t,” the report said.
Some — particularly those who object to the idea of negotiating with criminals — argue that paying off hackers only encourages them and continues a cycle of cyber crime. They note that, by paying hackers, victims risk breaching sanctions and other national regulations, and could inadvertently fund a national adversary, corrupt regime, organised crime gang, human trafficker, or terrorist.
Payment does not guarantee hackers will unlock systems, either, or that they will not return to demand more money. Indeed, as the business of ransomware has proven more lucrative, cyber criminals from Russia, Iran and North Korea have evolved their strategies to squeeze as much money from a victim as possible, experts say.
David Higgins, senior director for the field technology office for information security group CyberArk, says his data shows that organisations hit by ransomware in 2023 typically paid up at least twice, meaning they were likely victims of so-called double extortion campaigns. These are attacks where hackers not only block access to a victim’s systems by encrypting data, but also steal data, threatening to release sensitive information only if a ransom is paid.
“Companies should have a contingency plan in place if their payment does not illicit the results they had been promised,” advises Matthew Roach, Head of i-4 cyber security leaders community at KPMG UK.
Some authorities are outlawing the payment of ransoms — for example, the US states of North Carolina and Florida have explicitly banned state and local government agencies from paying hackers.
But businesses may have little choice if they wish to stay afloat. “In reality, negotiations with cyber criminals are often necessary to maximise outcomes,” says Weirup. “Paying the ransom can be the quickest way to recover data and resume operations, especially if the ransom is less than the costs.”
The negotiating team should both “determine the underlying motives of the hackers” and “formulate a cost-benefit analysis by determining their alternatives”, she says. For example, victims should check whether they have data backups, or other ways to get critical services up and running.
Negotiators should engage with hackers sooner rather than later to prevent escalations, experts say. “They expect to be ignored and will respond by escalating their threats, calling executives, making threats via social media, and increasing hostilities until they feel they are being listened to,” says Roach.
But, while hackers might use time pressure to compel victims to pay up, so too can businesses slow down the process — giving them time to recover their data or operations behind the scenes. “Companies may choose to negotiate in an attempt to instil delays rather than merely reduce the ransom amount or avoid the payment altogether,” says Roach.
Ultimately, it is the victim and the negotiators who need to define how they will measure success, Weirup says — be that data recovery, minimising financial loss and disruption, or reducing reputational harm.

“It’s crucial to establish . . . a point beyond which they are not prepared to continue negotiations,” she says.


EVEN PUTIN IS NOT THAT DELUSIONAL:  Germany preparing for Russia to start World War 3, leaked war plans reveal


Origins of the Sicilian Mafia: The Market for Lemons The Journal of Economic History. From 2017, but too fascinating to let pass by. 

“The main hypothesis is that the growth and consolidation of the Sicilian mafia is strongly associated with an exogenous shock in the demand for lemons after 1800, driven by James Lind’s discovery on the effective use of citrus fruits in curing scurvy.”


YET ANOTHER REASON THEY SHOULD BE TARRED AND FEATHERED AFTER BEING REMOVED FROM POWER: Survey: America’s Elites Say There’s Too Much Freedom. “Know your place, peasants!” 

But there are too many for tarring and feathering. At the very least, though, they need to be put in their place, socially and politically.