August 22, 2023
- CYBERSECURITY HEADLINES TODAY -
Australian Infrastructure Suffers Data Breach
Generative AI is Biggest Cyber Threat
Ad Agency Exploits Data Dominance
Amazon's Google Ad Dives into Microsoft Scam
In this Episode:
Marcel Brown: August 22nd, 1987. The Legend of Zelda is released for the NES in North America. Considered one of the most influential games of all time, it was the forerunner of the role-playing video game genre and spawned one of the most successful series in video game history.
Edwin Kwan: AUDA might have suffered a data breach. The hackers claim to have access to 15 gigabytes of data, which includes powers of attorney and legal documents, passport information, personal data, medical records, loan repayment information, death certificates, and customer bank account details.
Ian Garrett: A recent attack impersonates Amazon and Microsoft, while leveraging Google ads to scam unsuspecting users. Today’s sneaky tactic and elaborate scheme acts as a legitimate looking Amazon ad in Google search results that takes an unexpected twist by leading unsuspecting users into a Microsoft support scam.
Katy Craig: Picture this: AI, the latest tech darling, is now on a mission to guide you through life’s twists and turns. The goal? To make AI not just smart, but also your trusted confidant and advisor.
Hillary Coover: The growing tensions between US and China in the tech sector could expose vulnerabilities in the coming years. The recent executive order bans US investments in Chinese firms working on advanced semiconductors and quantum computers.
The Stories Behind the Headlines
Critical Infrastructure Data Breach
Australia’s Internet domain administrator, AUDA, might have suffered a data breach.
This is Edwin Kwan reporting from Melbourne, Australia.
The organization was alerted to an alleged data breach last Friday afternoon and had initially denied it was affected after it found no evidence of such an event from their investigation. However, early this week, the cyber criminal provided evidence of a small sample of the breach data. This included a screenshot of a file list from a computer.
The hackers claim to have access to 15 gigabytes of data, which includes powers of attorney and legal documents, passport information, personal data, medical records, loan repayment information, death certificates, and customer bank account details.
AUDA is a nonprofit that is supported by the Australian government. They administer the.au domain name system and have more than 4 million .au domain names registered. The organization is deemed to be a critical infrastructure to Australia.
The Australian Cybersecurity Center, the Department of Home Affairs, and the office of the Australian Information Commissioner had been alerted of the data breach. The investigation is ongoing.
Amazon’s Google Ad Dives into Microsoft Scam
I promise I’m not just keyword stuffing the title with large tech company names. A recent attack impersonates Amazon and Microsoft, while leveraging Google ads to scam unsuspecting users.
Hey folks, this is Ian Garrett in Arlington, Virginia.
The best scammers use legitimate tools to facilitate their attacks. Today’s sneaky tactic and elaborate scheme acts as a legitimate looking Amazon ad in Google search results that takes an unexpected twist by leading unsuspecting users into a Microsoft support scam.
The attack starts with a seemingly innocuous Amazon ad nestled among Google search results. The ad displays Amazon’s genuine URL, mimicking the appearance of a regular search result and doesn’t show any sign of misintent. Upon clicking the ad, users are unexpectedly redirected to a tech support scam, masquerading as a Microsoft defender alert.
The scam claims that the user’s system is infected with malware. To make matters worse, the scam locks up the user’s browser, making it difficult to escape its grip, attempts to terminate the browser’s process and relaunch it only leads to restoration of the scam page.
This devious technique is reminiscent of a similar incident in June, 2022, where a legitimate looking YouTube ad with the platform URL also led victims the same tech support scam. Attackers are constantly changing their attacks to catch people off guard, so ensure you stay vigilant.
Mandiant: Generative AI is Biggest Cyber Threat
US cybersecurity company, Mandiant, has sounded the alarm bell, and here’s why you should be concerned. Despite the current low usage of AI in online malicious activities, cyber criminals are showing a keen interest in harnessing this powerful new technology.
This is Katie Craig in San Diego, California.
Mandiant has been keeping tabs on this AI cyber dance since 2019, and they found that threat actors are eyeing AI and they’re not just twiddling their thumbs. Social engineering cases might have seen the lowest AI usage, but when it comes to spreading disinformation using AI generated imagery and video, the game changes.
With the release of several top-notch AI tools in recent times, Mandiant predicts that this trend is about to skyrocket. In simple terms, AI generated content could become the bad guy’s new favorite toy.
Why is this a big deal? The scale of attacks could explode and cyber criminals might just gain access to super realistic fake photos and videos. Imagine falling for something that looks real but isn’t, like those AI generated presidential surrender videos.
It’s not just the elderly who are at risk anymore. Even tech savvy internet users might be hoodwinked by these lifelike fake visuals.
Mandiant warns that we might need to rethink our internet usage altogether. Doubting the authenticity of content and even questioning if that person on your screen is human could become the norm. So next time you’re watching a video online, remember to check those faces carefully. The digital world is changing fast and staying vigilant is the new key to online safety.
This is Katie Craig, stay safe out there.
Goliath Ad Agency Exploits Data Dominance in Bid to Undermine California Privacy Bill
Ever wished to erase your data? Well keep wishing. Discover the shocking campaign, delaying your control over personal data.
Hi, this is Hillary Coover in Washington DC.
The Interpublic Group, IPG, one of the world’s largest advertising firms is orchestrating a campaign to counter a California bill known as SB-362 or the Delete Act.
This bill aims to empower individuals to request the removal of their personal data held by data brokers, companies that gather and sell personal information. The Delete Act proposes that companies delete all individual data upon request, including data obtained from third parties. This legislation could significantly reduce the personal information data brokers possess, like browsing history, birth dates, consumer purchases, thereby affecting their ability to create detailed profiles, also known as dossiers, for targeted advertising.
Emails obtained by Politico reveal that IPG is actively coordinating efforts against the bill. IPG’s strategy involves using those dossiers to sway California voters. The emails also suggest that IPG is collaborating with other parties, including Experian, a major credit monitoring agency and data broker to oppose the bill.
IPGs argument against the bill citing potential challenges for government agencies to detect fraud and increased health costs does not outweigh the fundamental right to privacy that individuals should have over their personal data. Also, I am all for government access to data to detect criminal behavior, but I believe that balance is possible by designing standard operating procedures around data access and control for those perhaps convicted or suspected of fraudulent behavior.
The ability to delete personal data en mass empowers individuals to regain control over their information, which is especially crucial in an era where data breaches and identity theft are rampant.
But also important to consider, the Delete Act’s provisions don’t aim to eliminate all data collection, but rather provide individuals with a choice to manage their data. Advertisers can still reach their audiences through consent based approaches, which would foster a relationship built on trust and transparency anyway. While immediate challenges might arise from adjusting to stricter data deletion requirements, businesses will probably find long-term benefits in building genuine customer relationships.
This Day, August 22, in Tech History
This is Marcel Brown bringing you some technology history for August 22nd.
August 22nd, 1955. Following a Los Angeles symposium hosted by IBM, representatives from 17 groups that had ordered the IBM-704 mainframe, met at the Rand Corporation in Santa Monica. During this meeting, the very first computer users group was formed, called Share.
The name was chosen to promote the idea of sharing information and programs between the groups using the IBM-704. The group grew quickly, eventually producing new software and documentation for their IBM computers.
August 22nd, 1987. The Legend of Zelda is released for the NES in North America. Considered one of the most influential games of all time, it was the forerunner of the role-playing video game genre and spawned one of the most successful series in video game history.
August 22nd, 2007. The Storm botnet, a remotely controlled network of zombie computers, sends out a record 57 million virus infected emails in a 24 hour period. At its height in September of 2007, the Storm worm accounted for 8% of all malware on Microsoft Windows computers.
That’s your technology history for today. For more, tune in tomorrow and visit my website ThisDayInTechHistory.com.