What's Your Preference - Find Out The Facts.
Updated: Mar 23, 2021
THIS PAST WEEK
You've probably heard that Macs don't need antivirus software. Whoever told you that was wrong; 30,000 Macs infected with new Silver Sparrow malware; 30,000 Macs infected with new Silver Sparrow malware; World Economic Forum: cyber crime is one of the “key threats of the next decade”; A quantum computer just solved a decades-old problem three million times faster than a classical computer; Kia hits a bump in the road with ransomware; Underwriters Laboratories didn’t check their cyber safety; Simon Fraser University is back for a cyberattack encore and major breaches in UNITED STATES; CANADA; NETHERLANDS and FRANCE.
DARK WEB ID’s TOP THREATS:
Top Source Hits: ID Theft Forum
Top Compromise Type: Domain
Top Industry: Aerospace & Defense
Top Employee Count: 11-50
You've probably heard that Macs don't need antivirus software. Whoever told you that was wrong.
The idea that Macs are generally more secure than PCs isn't totally off-base. Windows does tend to have more security vulnerabilities because, while Apple does everything in-house, Windows operates on hardware from a handful of manufacturers. Apple's closed-loop system simply makes holes smaller and harder to infiltrate. It's been a handful of years since Apple revealed that PC has it beat popularity-wise (by about four times, or 300 million active users). Apple's been chomping away at the market share, but still, fewer people own Macs. Fewer Mac owners, fewer targets for criminals, right? Hackers are obviously more likely to create malware that'll affect more people's computers rather than spend extra time working around a tricky operating system that fewer people have installed. But just like TikTok warns that the chances of your cat killing you are few but never zero, the chances of hackers deliberately going after Mac users are few, but never zero. MacBooks are the it-tech of the moment. They're the cool laptop to have and flaunt like a cool bag or pair of shoes, especially for students getting their first laptop. Hackers have zeroed in on this. They also know that most Mac owners are under the impression that their laptops — or iPads, which have surged Mac OS's prevalence big-time — are invincible, and therefore might not bother to arm their Mac or iPad with any type of virus defense. They know that the population isn't paying attention. Big mistake. Huge. o it's terrifying yet not that surprising that Mac's malware problem has not just caught up to, but outpaced the PC infection rate. A report from Malwarebytes found that Mac malware saw an increase of over 400% between 2018 and 2019. That number is all but guaranteed to rise, with new threats like OSX.Generic.Suspicious and FakeFileOpener cited as significant disruptors in the macOS world. Adware, or advertisement-supported software, is also a problem. Though not as dangerous as a virus, these "potentially unwanted programs" bombard your device with ads, and can go as far as to change your browser’s homepage and add spyware. You thought you had avoided the pain that is researching, installing, and paying regularly for antivirus software. However, it'd be far less convenient to have your valuable data compromised or to lose a lifetime of photos that you have yet to backup on iCloud.
What's the difference between a Virus, Malware, and Ransomware?
Every virus or instance of ransomware is malware, but not all malware is a virus or ransomware. Malware (short for malicious software) is an umbrella term covering any software intentionally to cause damage to a computer, server, network, or the user of any of these things. Malware can be as dully irritating as adware (pop-ups that don't go away) or as dangerous and invasive as webcam spying. A virus is a form of malware that self-replicates in different programs by using malicious code. The infection can stem from a variety of places: email or text attachments, links on social media or streaming sites, pop-ups where you really thought you just X-ed out, or seemingly-safe internet downloads like a game or browser add-on. Ransomware is a form of malware that blocks access to a system until a ransom is paid — essentially holding it hostage. Schools (institutions with lots of people who need access to computers to do their jobs) have fallen victim to ransom-related cyber attacks as of late. A school in Baltimore County experienced a days-long shut down after a ransomware attack left the system inaccessible — in the middle of coronavirus-induced online learning, no less. The average person probably doesn't need to be as worried about such an attack as a school or business. Not to get all doomsday, but the point here is that no computer is 100% immune to the different types of malware, especially as hackers get more creative with their methods.
Antivirus software needs to look extra alive on public WiFi
Public WiFi is the kind you access at places like coffee shops, hotels, or airports (before COVID, at least). Expectedly, it's a breeding ground for creeps. Hackers love free WiFi for the same reason you do: Connecting to the internet requires no authentication. That network is littered with unsecured devices, many times belonging to working professionals with bank accounts and business credentials that have phishers frothing at the mouth. Hackers could take advantage of this in two ways: sliding themselves between you and the connection point to eavesdrop on emails, credit card info, or work logins you may be relaying (a Man-in-the-Middle situation) or by distributing malware. If this type of mobile connection is one that you use frequently, antivirus software should know how to handle these threats. They should be able to safeguard your online activities, detect phishing threats or subtle-yet-sketchy email addresses, and warn you about questionable URLs before the site loads fully. Your best-case scenario would be to use a VPN, which software packages like Norton and Kaspersky provide. A VPN adds a level of encryption that a public network can't guarantee to provide, hooking you up to a secure server and adding an extra wall of protection around your data. Other precautions include disabling nearby file sharing and AirDrop, using your phone's hotspot if you can, and asking an employee for the official WiFi name to avoid fake, malicious hotspots. Some parents seek Chromebooks for their kids due to the fact that each Chrome page or app runs its own sandbox, and GoogleOS isn't super popular with hackers yet. So, do you really need a Password Manager? Let's say you find an email in your spam folder with one of your passwords — potentially one that you still use for multiple different logins — as the subject line. The email insists that by having that one password, someone was able to hack into your laptop's webcam. Sextortion threats and sketchy links to Bitcoin follow. How freaked out would you be? Once the initial shock wears off, some Googling will likely assure you that no, there's very little chance that a hacker installed webcam-attacking malware using a single password. But what's left is the fact that someone bad does know that one password. It's less worrisome if you haven't used it for anything in five years — but if you're one of those people who recycle some rendition of the same password over and over, the number of websites or apps where that password and your email (and credit card info, or worse) are connected is... concerning. FWIW, tracking down old passwords requires, like, the most bare bones hacking skills ever. Keylogging doesn't even need to be involved. Vulnerable login credentials are constantly passed around the dark web after major security breaches. Many antivirus software options consider password-related threats (which are equal opportunity employers, regardless of being a Mac or PC owner) to fall under the security threat umbrella and will include some type of password manager in their package. These programs take on the task of creating and remembering a super-random password unique to each website you log into. Saying goodbye to your go-to password can be a pain, but CNET insists the security benefits are worth it. It's clear that you need some sort of antivirus software for your Mac, but which option is the best for you? The research is the most time-consuming part of this selection process, so we've taken care of that. We've taken a look at some of the best antivirus solutions out there for your Mac, ensuring you have an extra layer of security between your data and nefarious viruses. We’ve evaluated their effectiveness at detecting viruses, and lay out any of their additional security features too.
30,000 Macs infected with new Silver Sparrow malware
Security researchers have spotted a new malware operation targeting Mac devices that has silently infected almost 30,000 systems. Named Silver Sparrow, the malware was discovered by security researchers from Red Canary and analyzed together with researchers from Malwarebytes and VMWare Carbon Black. "According to data provided by Malwarebytes, Silver Sparrow had infected 29,139 macOS endpoints across 153 countries as of February 17, including high volumes of detection in the United States, the United Kingdom, Canada, France, and Germany," Red Canary's Tony Lambert wrote in a report published last week. But despite the high number of infections, details about how the malware was distributed and infected users are still scarce, and it's unclear if Silver Sparrow was hidden inside malicious ads, pirated apps, or fake Flash updaters —the classic distribution vector for most Mac malware strains these days. Furthermore, the purpose of this malware is also unclear, and researchers don't know what its final goal is. Once Silver Sparrow infects a system, the malware just waits for new commands from its operators -- commands that never arrived during the time researchers analyzed it, hoping to learn more of its inner workings prior to releasing their report. But this shouldn't be interpreted as a failed malware strain, Red Canary warns. It may be possible that the malware is capable of detecting researchers analyzing its behavior and is simply avoiding delivering its second-stage payloads to these systems. The large number of infected systems clearly suggests this is a very serious threat and not just some threat actor's one-off tests. In addition, the malware also comes with support for infecting macOS systems running on Apple's latest M1 chip architecture, once again confirming this is a novel and well-maintained threat. In fact, Silver Sparrow is the second malware strain discovered that can run on M1 architectures after the first was discovered just four days before, showing exactly how cutting-edge this new threat really is. "Though we haven't observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment's notice," Lambert warned in his report. "Given these causes for concern, in the spirit of transparency, we wanted to share everything we know with the broader infosec industry sooner rather than later." The Red Canary report contains indicators of compromise, such as files and file paths created and used by the malware, which can be used to detect infected systems.
More bosses are using software to monitor remote workers. Not everyone is happy about it.
Organizations are finding it tough to keep a tight grip on employees while working from home. As more turn to technology as a solution, what does this mean for privacy in the new remote-working landscape? Finding effective ways of managing remote workers will be a priority of many businesses in the months to come, as new styles of working spurred by COVID-19 settle into long-term trends. While many organizations have been able to keep teams running successfully using a hodgepodge of email, messaging apps and video-conferencing software, managers that want more visibility of their remote workers have started looking towards more comprehensive means of keeping a detailed track of what employees are up to. That means a renewed interest in remote management and monitoring software. Remote monitoring software is often sold as a tool for helping employers track productivity and as a means to help managers identify areas where workplace processes can be improved – something high on the agenda for businesses looking to make flexible working a permanent fixture. These technologies provide a variety of capabilities that can give employers a remarkable insight into how employees use their time while at work, including the websites they visit, the apps they use, and in some cases include the ability to record their keystrokes and desktop sessions. According to research from Skillcast and YouGov in December 2020, as many as one in five businesses are now using technology capable of tracking workers' online activity, or have plans to do so in the future. In a separate study by the UK's Trades Union Congress (TUC) in November, one in seven employees reported that their workplace had increased monitoring and surveillance since the start of the pandemic. While businesses may have legitimate reasons for wanting to introduce activity-tracking software, particularly in those industries that handle high-value data on a day-to-day basis, some have raised concerns over what the slow creep of this technology into the remote-working environment means for employee privacy, particularly as the boundaries that separate work and private life become even more blurred. "I think there are huge questions around how technology is changing our relationship to work and with employers, but also the speed at which it's being introduced," says Andrew Pakes, direction of communications and research at professional trade union Prospect. "During COVID-19, we've seen this growing interest in the use of digital technology to support remote working, and in many ways, that's been a real benefit to support and connect people. But alongside the positive use of technology, we've seen this worrying trend of intrusive surveillance, and a rush to use these new forms of software." Prospect has been vocal in its pursuit for clearer guidance around the use of remote monitoring software, and what more widespread introduction of the technology into businesses means. Research carried out by YouGov on behalf of Prospect last year suggested that two-thirds of employees were uncomfortable with the notion of employers recording information like screenshots and keystrokes while they were working from home. Since then, the union has called on the UK Information Commissioner's Office (ICO) to provide further clarity on what worker's rights are when it comes to the data employers collect on them, as well as ensure that workers can have a say in the conversation around workplace technology. Pakes calls the practice of monitoring employees "a discreet discussion that too often happens in procurement and board rooms", but far away from employees themselves. "The law is clear that workers have a right to be informed if their data is being collected for surveillance purposes, and we have a right to be consulted. Our worry is that, too often, that consultation involvement isn't happening," says Pakes. "We're saying two things. One, the ICO needs to provide greater and clearer guidance so that workers can see what their rights are. Secondly, we really need to start picking up and looking at where the gaps exist in existing legislation." The ICO's Code of Employment Practices warns that businesses risk breaching the General Data Protection Regulation (GDPR) if they begin monitoring employees without proper authority. It also states that workers should be left with a clear understanding of when information about them is likely to be obtained, why it is being obtained, how it will be used and to whom – if anyone – it will be disclosed. "If monitoring is to be justified on the basis that it is necessary to enforce the organization's rules and standards, [these] must be known and understood by workers," the guidance reads. And yet, in TUC's November survey, fewer than 1 in 3 (31%) employees said they were consulted when new forms of technology were introduced to the workplace. There are six lawful bases for processing personal data under GDPR: clear consent from the individual in question; legal obligation; vital interest to the individual; public interest; contractual obligation as well as legitimate interest of the data controller. Sarah Pearce, privacy and cybersecurity partner at global law firm Paul Hastings, says this is where things can get murky for remote monitoring tools, particularly those that collect anything that could be deemed as sensitive or personal data under GDPR. "When it pushes into the border of special category and sensitive data, then there is more of an issue, because there are certain additional conditions in Article 9 of GDPR that need to be satisfied," she tells ZDNet. Pearce also finds that companies are increasingly seeking to justify remote monitoring tools under the grounds of 'legitimate interest', which can be difficult for employers, as can using the consent mechanism. "There is a big issue with using consent in the employment context. Generally speaking, you cannot use the consent mechanism in an employment context, because it's seen as being an unfair balance of power," she adds. Certainly not all staff are comfortable with such monitoring. Microsoft faced criticism from privacy advocates who took issue with its Productivity Score feature for Microsoft 365. The tool analysed how users within an organization used Microsoft 365 products and then assigned them an overall "productivity score" based on how often they engaged with things like meetings, email and messaging apps. The outcry mainly stemmed from the fact that Productivity Score showed analytics for individual employees that could potentially be used by managers to judge their performance. Microsoft subsequently pared back the tool by removing the ability for admins to view data on named employees. Microsoft 365 corporate vice president, Jared Spataro, later clarified that Productivity Score was not designed as a tool for surveillance, but rather to help businesses identify how users were working within its software suite and help them run remote-working environments more successfully. Regardless of employee attitudes to these kinds of tools, the fact that Microsoft is making moves in this space is enough to set alarm bells ringing for Pakes, who sees it as a sign that the technology is moving into the mainstream. "If Microsoft is introducing tools that can be used for work-based surveillance, then lots of other software products will be offering similar forms of monitoring that employers can use," he says. "It was sold as a really exciting product for employers, that you could check what your workers are doing. That sets alarm bells off to me. What is says is that workers don't have a seat at the table when these issues are being discussed, either by big software companies or inside businesses, and that we need to get a better understanding of what the power of these tools are." Both employers and employees agree that remote working, or at the very least a combination of both at-home and office-based working, is going to form the foundations of the post-COVID work economy. It stands to reason, then, that more organizations will be looking for tools that can make this sustainable in the long-term, by leveraging the kind of insights that can be enabled by analytics and reporting capabilities – particularly if it offers to fix problems that the rushed approach to remote working has created. "What businesses want to know right now is really two things. One: what are the employees working on when they are working from home? And two: trying to bring back that level of security that they had in an office environment," says Eli Sutton, VP of operations at Teramind. Teramind's software offers a combination of user productivity monitoring, data loss and threat detection tools for employers who need deeper insight into workplace activity. The company has customers throughout the healthcare, legal, automotive, energy, government and financial industries. Sutton says the software ensures that workers are using company time properly. Teramind can track which websites employees visit and for how long; live-stream and record workers' desktop sessions, monitor employee keystrokes and read the contents of their email, along with any attachments. The purpose of the software is two-fold: keeping track of productivity and performance, as well as protecting businesses from any harm they could be exposed to as a result of data leaks, fraud or, in the case of banking and finance, insider trading. "Typically our customers in the financial sector use the solution on the security side of things: making sure that users who have access to their data don't either accidentally or maliciously leak information that could cause financial harm or harm to their credibility," says Sutton. "On the productivity side, it's essentially monitoring of websites and applications. From there, you can drill down and see exactly how much time they spend on either these websites or applications, if there are websites or applications that don't necessarily fit within their company tasks, and how much time was spent on those." Sutton explains that features can be enabled or disabled based on what customers want from the software. He also suggests that, for the most part, organizations aren't using Teramind's to micromanage employees or call them out for spending too much time on YouTube (although this is something the software can flag). "The only time it really comes to discussion is if somebody's really abusing company policy. For the most part, it's more about making sure the user has all the resources necessary, especially during the work-from-home environment," he says. "We've found that, for many of our customers, they've discovered that particular users were taking longer to complete certain tasks. Through the solution, they found that it was because they were lacking the essential tools while working at home to complete these tasks." Whatever your take on the technology is, there is clearly an appetite for it. According to Sutton, Teramind has seen business increase three-fold since the start of the pandemic. "Even today, with talks of vaccinations and talk of people going back to work, we're still seeing an increase," he says. The fact that a large chunk of the professional workforce is now working from home adds another degree of complexity to the debate around remote monitoring software. In December, the European Parliament voted in support of granting digital workers in Europe a fundamental 'right to disconnect' from work-related tasks outside of working hours, without facing consequences from their employers.I n January, MEPs called for this to be enshrined into EU law, saying it was crucial for preventing burnout among workers in a culture that pressured them to be always on – an issue that has undoubtedly been exacerbated by the pivot to working from home. Pakes argues that the rise of remote monitoring tools, particularly as they move into the home, would make it even harder for workers to disengage from work "This creeping boundary of what is our home life and our right to a private life, I think, is going to be one of the great challenges of this decade," he says. "This is a fundamental change, and that's why we've got to ensure that we're using the rights that we've got, but we also have an embracing conversation about, what does it look like for the future?" Kiri Addison, head of data science for threat intelligence and overwatch at Mimecast, suggests that more invasive forms of remote monitoring and surveillance software risks eroding trust between employer and employee. "Personally, I think to go to those extremes is probably more damaging for the relationship between the employer and the company," she tells ZDNet. "There are cases where, particular employees see it then as a game, they're trying to get around the monitoring software, and you're introducing security risks. It's not a good dynamic, the relationship between the company and the employee, if they see the company as an enemy or someone they have to 'beat'. Gartner analyst Whit Andrews shares a similar view, adding that workers may view monitoring attempts as a breach of the "social contract" between employer and employee. "It's unsurprising then that we're beginning to see that workers are not particularly pleased with increased capacity to monitor them," he says. "They're seriously concerned about this, and their reaction is understandably oriented towards evading the system... When you start talking about monitoring workers in their homes, I think that social contract becomes a little bit harder to defend." ICO guidance makes clear that, in all but the most straightforward of cases, employers should perform a Data Protection Impact Assessment (DPIA) to decide if and how to carry out monitoring, and whether monitoring is justified to begin with. A DPIA can help organizations identify and minimize any risks associated with projects that include processing personal data, particularly those that could pose a high risk to individuals, and are something that Pearce always recommends to clients that are thinking about going down the monitoring avenue. "A DPIA really is an assessment, evaluation, and in-depth analysis of what you are anticipating doing: what are your reasons, what are your anticipations, and then equally, what is the impact on the individuals? That has to be very in-depth," she says. "The ICO has a template standard form. It's not a requirement that you follow it in that way, but it does set out some suggestions of what you might want to include in a DPIA. Any company looking to do that would be well-advised to have a look at that." Of course, with many organizations having been forced to move to cloud-based working almost overnight, businesses have been left with little time to draw up new technology blueprints for the months and years ahead. Reports have suggested that some organizations have had to bring forward their digital transformation plans by as many as five years, and that guidance could be slow to catch up. Last month, Labour shadow digital minister, Chi Onwurah, warned that "guidance and regulation to protect workers are woefully outdated in light of the accelerated move to remote working and rapid advancements in technology," and called on ministers to provide better regulatory oversight of online surveillance software to ensure people have the right to privacy whether in their workplace or home, "which are increasingly one and the same." Onwurah says that neither the Government nor the ICO have responded to this dramatic change in our working lives, leaving far too many subject to exploitative practices. "There is a woeful lack of protection for workers as they bring their work home in this pandemic, and they are also increasingly being subject to unacceptable levels of digital surveillance without their informed consent," she warns. An ICO spokesperson said that the organization was in the early stages of developing new employer-focused guidance, though didn't specify whether this would contain provisions for the use of remote monitoring and surveillance software. "As this work develops, we will be engaging with organizations and seeking their views," the spokesperson said. Pakes worries that too much of the ICO guidance is focused on employers, rather than workers themselves. "Yes, the ICO has a role to provide advice to employers, but it also has a role to provide it to workers," he says. "The ICO never says we're going to provide clear guidance for workers so that you can see your rights. They only talk about guidance for employers, and I think we've got to redress that balance."
World Economic Forum: cyber crime is one of the “key threats of the next decade”
A WEF (World Economic Forum) report lists cyber crime alongside COVID-19, climate change and the debt crisis as the biggest threats facing society in the next decade. Its 2021 Global Risks Report says cyber attacks pose a bigger immediate risk than terrorism, and are potentially catastrophic in both the short and long term. For an idea of how severe the threat is, IT Governance recorded more than a thousand publicly disclosed security incidents in 2020, which resulted in more than 20 billion breached records. To mitigate the threat, the WEF calls for the widespread adoption of privacy by design in new technologies and digital services, as well as stronger regulation of digital technologies. These are common in Europe, following the introduction of the GDPR (General Data Protection Regulation) and its UK equivalent, but data protection and data privacy laws leave a lot to be desired elsewhere in the world. This is particularly true in the US, which relies on a patchwork of federal laws that only begin to scratch the surface of effective information security and privacy. We may see improvements, especially if other states follow California, which introduced the CCPA (California Consumer Privacy Act) last year and will be expanding upon it in 2023 with the CPRA (California Privacy Rights Act). But even with stricter regulation, it will still take a monumental effort from organisations to slow the increasingly rampant cyber crime industry. Private businesses bear the brunt of cyber attacks, but the damage pales in comparison to incidents targeting governments, political parties and critical infrastructure. In those cases, the threat of individuals being exposed to fraud is greater than an organisation going out of business. The most notable example was the state-sponsored attacks during the 2016 US presidential election, with multiple intelligence reports concluding that Russian actors targeted the Democratic National Convention and Hillary Clinton’s campaign manager, John Podesta, to swing the election in favour of Donald Trump. That was just the tip of the iceberg. The WEF found there have been more than 400 “significant” cyber attacks since 2016 – with 47 of them targeting the UK. We’ve seen governments, technology providers, hospitals and even COVID-19 researchers come under attack, with the long-term effects rippling through society in the same way as a terrorist attack or a global pandemic. Practically every part of our lives is now technologically mediated – particularly during the pandemic – with cyber security at the forefront of our minds on a daily basis. If organisations don’t act now, they will suffer the consequences. A best-case scenario involves you being set back years as customers flee to your rivals, whereas a catastrophic attack could see your business shutter altogether. Tackling the threat will take resources, which is a big ask given the existing challenges posed by the pandemic, but the cost of cyber security defences will be less than the cost of recovery following an attack.
A quantum computer just solved a decades-old problem three million times faster than a classical computer.
Using a method called quantum annealing, D-Wave's researchers demonstrated that a quantum computational advantage could be achieved over classical means. Scientists from quantum computing company D-Wave have demonstrated that, using a method called quantum annealing, they could simulate some materials up to three million times faster than it would take with corresponding classical methods. Together with researchers from Google, the scientists set out to measure the speed of simulation in one of D-Wave's quantum annealing processors, and found that performance increased with both simulation size and problem difficulty, to reach a million-fold speedup over what could be achieved with a classical CPU. The calculation that D-Wave and Google's teams tackled is a real-world problem; in fact, it has already been resolved by the 2016 winners of the Nobel Prize in Physics, Vadim Berezinskii, J. Michael Kosterlitz and David Thouless, who studied the behavior of so-called "exotic magnetism", which occurs in quantum magnetic systems. The Nobel Prize winners used advanced mathematical methods to describe, in the 1970s, the properties of a two-dimensional quantum magnet, which shed light on the strange – or "exotic" – states that matter can take on. Instead of proving quantum supremacy, which happens when a quantum computer runs a calculation that is impossible to resolve with classical means, D-Wave's latest research demonstrates that the company's quantum annealing processors can lead to a computational performance advantage. "This work is the clearest evidence yet that quantum effects provide a computational advantage in D-Wave processors," said Andrew King, director of performance research at D-Wave. D-Wave's processors are based on quantum annealing technology, which is a quantum computing technique used to find solutions to optimization problems. While some argue that the scope of the problems that can be resolved by the technology is limited, quantum annealing processors are easier to control and operate than their gate-based equivalents, which is why D-Wave's technology has already reached much higher numbers of qubits than can be found in the devices built by big players like IBM or Google. To simulate exotic magnetism, King and his team used the D-Wave 2,000-qubit system, which was recently revised to reduce noise, to model a programmable quantum magnetic system, just like Berezinskii, Kosterlitz and Thouless did in the 1970s to observe the unusual states of matter. The researchers also programmed a standard classical algorithm for this kind of simulation, called a "path-integral Monte Carlo" (PIMC), to compare the quantum results with CPU-run calculations. As the numbers show, the quantum simulation outperformed classical methods by a margin. "What we see is a huge benefit in absolute terms," said King. "This simulation is a real problem that scientists have already attacked using the algorithms we compared against, marking a significant milestone and an important foundation for future development. This wouldn't have been possible today without D-Wave's lower noise processor." To simulate exotic magnetism, King and his team programmed the D-Wave 2,000-qubit system to model a quantum magnetic system. Equally as significant as the performance milestone, said D-Wave's team, is the fact that the quantum annealing processors were used to run a practical application, instead of a proof-of-concept or an engineered, synthetic problem with little real-world relevance. Until now, quantum methods have mostly been leveraged to prove that the technology has the potential to solve practical problems, and is yet to make tangible marks in the real world. In contrast, D-Wave's latest experiment resolved a meaningful problem that scientists are interested in independent of quantum computing. The findings have already attracted the attention of scientists around the world. "The search for quantum advantage in computations is becoming increasingly lively because there are special problems where genuine progress is being made. These problems may appear somewhat contrived even to physicists," said Gabriel Aeppli, professor of physics at ETH Zürich and EPF Lausanne. "But in this paper from a collaboration between D-Wave Systems, Google, and Simon Fraser University, it appears that there is an advantage for quantum annealing using a special purpose processor over classical simulations for the more 'practical' problem of finding the equilibrium state of a particular quantum magnet." D-Wave, however, stayed clear of claiming quantum advantage, which happens when a quantum processor can demonstrate superiority over all possible classical competition; King stressed that it is still possible to design highly specialized algorithms to simulate the model once the properties of the model are already known. The real significance of the experiment lies in the proof that a computational advantage can already be achieved using existing quantum methods to solve a valuable materials science problem. "These experiments are an important advance in the field, providing the best look yet at the inner workings of D-Wave computers, and showing a scaling advantage over its chief classical competition," said King. "All quantum computing platforms will have to pass this kind of checkpoint on the way to widespread adoption." Although D-Wave's 2,000-qubit system was used for the research due to the technology's lower noise rates, the company recently released a 5,000-qubit quantum processor, which is already available for programmers to build quantum applications. From improving the logistics of retail supply chains to simulating new proteins for therapeutic drugs, through optimizing vehicles' routes through busy city streets, D-Wave is currently counting 250 early quantum annealing applications from various different customers.
THREAT FOCUS: United States – Automatic Fund Transfer Services
Automatic Funds Transfer Services (AFTS): Payment Process
Risk to Business: 1.879 = Severe - Cuba ransomware is the culprit of an attack at AFTS, a payment processor that serves state government clients including the states of California and Washington. This cyberattack has caused major disruption to AFTS operations, making their website unavailable and impacting payment processing. The gang claims to have stolen financial documents, correspondence with bank employees, account movements, balance sheets, and tax documents Individual Risk: 1.847 = Severe - It is unclear how many individuals may have been impacted. The California Department of Motor Vehicles and several cities in Washington state have released data breach notifications. The potential data exposed varies depending on the city or agency, but may include names, addresses, phone numbers, license plate numbers, VIN numbers, credit card information, scanned paper checks, and billing details.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware at your third party business services partner’s business is also your problem. It pays to make sure that your company’s credentials haven’t been exposed.
Avantia Cyber Security & ID Agent to the Rescue: Watch for threats from the Dark Web without lifting a finger using Dark Web ID, 24/7/365 credential monitoring that alerts you to trouble fast. Call +61 7 30109711 for a FREE online demonstration for your organisation.
THREAT FOCUS: United States – Kia Motors America
Kia Motors America: Ransomware
Risk to Business: 1.381 = Severe - Kia Motors America has experienced a suspected ransomware attack that has had a severe impact on its entire US operation. crippling some functions and impacting others for dealers and consumers. Sevices impacted include mobile UVO Link apps, phone services, payment systems, owner’s portal, and internal sites used by dealerships.
Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.
Customers Impacted: 50 million
How it Could Affect Your Customers’ Business Ransomware can come calling at any time at any business with a devastating impact on operations, customer service, productivity and profit.
Avantia Cyber Security & ID Agent to the Rescue: With BullPhish ID, staffers learn to spot and stop the latest phishing-based cyberattacks because we provide fresh content every month for training.
THREAT FOCUS: United States – Sequoia Capital
Sequoia Capital: Venture Capital Firm
Risk to Business: 1.933 = Severe - Sequoia Capital, a major venture capital firm, announced this week that it has experienced a phishing-related cyberattack. The firm invests in companies like Airbnb, DoorDash, Robinhood and cybersecurity firms like FireEye and Carbon Black. Sequoia’s investors include university endowments, tech executives and charitable foundations.
Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Business: More than 65 percent of cybercrime is phishing based. Training employees to spot and stop phishing is essential to avoid becoming one of those 65 percent of hacked companies.
Avantia Cyber Security & ID Agent to the Rescue: Read our Security Awareness Champion’s Guide, for a complete walkthrough of today’s nastiest cyberattacks and the tricks that cybercriminals conduct them. Call =61 7 30109711 for more info.
United States – Underwriters Laboratories
Underwriters Laboratories: Safety Regulator
Risk to Business: 2.022 = Severe - Underwriters Laboratories, the oldest and largest device safety certifier in the world, should have checked the safety of their email systems a little more closely. They’ve experienced a ransomware attack that has encrypted its servers and caused them to shut down systems while they recover.
Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is a huge hit to every company’s performance and budget – and it’s preventable through security awareness training.
Avantia Cyber Security & ID Agent to the Rescue: BullPhish ID gets your staff ready to fight back against phishing, and that’s something that every business has to make a priority to protect their bottom line. Call Avantia on +61 7 30109711 for pricing.
THREAT FOCUS: Canada – Simon Fraser University
Simon Fraser University: Institution of Higher Learning
Risk to Business: 1.623 = Severe
Simon Fraser University is in the spotlight again after another data breach. Cybercriminals breached a server that stored information on student and employee ID numbers and other data, including admissions or academic standing. This is the second data breach at Simon Fraser University in 12 months.
Individual Risk: 2.117 = Severe - The server contained personal information for some current and former students, faculty, staff and student applicants including student or employee ID numbers.
Customers Impacted: 200,000
How it Could Affect Your Business: Continued security problems at any organization aren’t acceptable to consumers anymore as people become more serious about protecting their data.
AVANTIA CYBER SECURITY & ID Agent to the Rescue: Get The Road to Cyber Resilience to learn strategies and solutions that can make your business bounce back faster from cybersecurity failures. Call Avantia on +61 7 30109711 for more info.
THREAT FOCUS: The Netherlands – Dutch Research Council (NWO)
Dutch Research Council: Government Entity
Risk to Business: 1.913 = Severe - NWO has reported that it was the victim of a malware attack. Servers belonging to the Dutch Research Council (NWO) have been compromised, forcing the organization to make its network unavailable and suspend subsidy allocation for the foreseeable future. Impacted functions include the organization’s email service (Outlook) and online resources for two entities under NWO, the Netherlands Initiative for Education Research (NRO) and the National Governing Body for Practice-oriented Research (SIA).
Customers Impacted: Unknown
How it Could Affect Your Business: Malware can strike when you least expect it and cause a cascade effect that ripples through an entire organization, gumming up the works, with an expensive cleanup.
Avantia Cyber Security & ID Agent to the Rescue: Are you ready to defend against malware like ransomware? Learn how to keep your data from being a cybercriminal’s next score in our eBook Ransomware 101. Call Avantia on 07 30109711 for more information.
The Netherlands – Réseaux IP Européens Network Coordination Centre (RIPE NCC)
Exploit: Credential Stuffing
Réseaux IP Européens Network Coordination Centre (RIPE NCC): World Regulatory Body
Risk to Business: 1.913 = Severe - RIPE NCC has reported that it recently defended against a credential stuffing attack that attempted to breach its single sign-on system. There was minimal disruption and the organization has resumed operations normally.
Customers Impacted: Unknown
How it Could Affect your Business: Credential stuffing is a favorite cyberattack technique because it’s cheap and simple – and cybercriminals won’t be giving it up anytime soon.
Avantia Cyber Security & ID Agent to the Rescue: Single sign on is a valuable mitigation, but it’s best coupled with multifactor authentication, and both are included with Passly. Call Avantia on +61 7 3010 9722
THREAT FOCUS: France – Beneteau SA
Beneteau SA: Maritime Vessel Builder
Risk to Business: 2.062 = Severe - French boat builder Beneteau SA has experienced a malware attack that has forced it to temporarily suspend some operations. The company says that it will be deploying backups and production at some of its units, particularly in France, will have to slow down or stop for a few days.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Malware is frequently used to damage a company’s operations capability, and its most commonly delivered by a phishing email.
ID Agent to the Rescue: Is your business ready to fend off today’s tricky phishing attacks? Learn what cybercriminals are using as bait and how to stay off the hook in our eBook Call Avantia on +61 7 30109711
RISK SCORES MATRIX
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
COVID-19 Threats Aren’t Over Yet
In a recent study, experts estimated a minimum growth rate of 220 percent for overall phishing in 2020 (including SMS, voice, message and social media) – and that trend is expected to continue into 2021 with a minimum 15 percent increase in overall phishing this year.
Much of that phishing was devoted to COVID-19 threats. Google indicated that it saw a 660 percent increase in phishing in Q2 2020 as it bulwarked the onslaught of phishing that powered a cybercrime burst in 2020. COVID-19 was Google’s biggest phishing topic in history, a record that’s unlikely to be broken anytime soon. More than 80 percent of businesses saw an increase in cybercrime including phishing in 2020 – and not all of that steep increase can be chalked up to COVID-19 threats.
Popular Phishing Categories That Trap the Unwary
Brand Impersonation - One major lure that cybercriminals have been profiting from is brand impersonation. Especially as email volumes surged at the start of the pandemic, faux branded phishing emails were a fast, easy way for cybercriminals to get past security and get into employee inboxes (which would be 40 percent less likely with Graphus). About than 405 percent of those emails mimicked just one brand – Microsoft. Rounding out the Top 5 were DHL (18 percent) LinkedIn, (6 percent), Amazon (5 percent) and Rakuten (4 percent). An estimated 55 percent of phishing sites made use of target brand names and identities in their URLs.
Remote Workforce Support Remote workers face a unique set of challenges, and every business in the world got to experience them in 2020. Phishing is an especially dangerous threat for remote workers. In a comprehensive study of over 1,000 remote workers, 47 percent of respondents cited distraction as the main factor in their failure to spot phishing attempts. Over half of employees said they were more likely to make security mistakes when stressed and 41 percent flubbed security procedures when tired. Overall 43 percent of the surveyed employees admitted that they’d made cybersecurity blunders as a result of newly remote workforce stress.
Training Works against These Threats A key way for companies to prevent these lures from snagging their staffers is through regular, comprehensive security awareness training that includes phishing. Up to 70 percent of phishing attacks now lack a malicious payload – employees aren’t just looking for an attachment anymore, and they need to know that. Most phishing is done through spurious links, and employees need to be ready for that. The newly revamped BullPhish ID is perfect for making sure that every staffer knows how to spot phishing. We’ve added functionality that allows trainers to customize training materials to more realistically imitate the threats that employees face every day. Plus we’ve created a user-friendly, while labelable portal that makes training easy for everyone.
DISCLAIMER* Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, other members of the 5 Eyes Alliance, the Australian Cyber Security Centers, and other sources in 56 countries who provide cyber breach and cyber security information in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.
*COPYRIGHT 2020* Avantia Corporate Services - All Rights Reserved.