Defense against the AI arts Archives - Cyber Protection Magazine

Greg Linres, Huntress principle threat Intelligence Analyst

Phishing grows but can be blunted

Lou Covey February 28, 2025

Phishing attacks are on the rise again with the help of sophisticated generative-AI tools. However, new defenses and increased wariness among potential victims are blunting phishing’s potential for widespread harm.

For the uninitiated, phishing is a foundational practice for all cybercrime. For the most part, it is a scatter-gun methodology, sending out as many emails, texts, social media posts, and even phone calls as possible to get victims to give up personal information or access sensitive files. There are billions of phishing attacks going on around the world every year. According to FBI reports, the latest report shows losses in 2022 were more than $10 billion. The totals go up every year.

Phishing on the rise

Huntress recently issued a comprehensive report on the state of cybercrime that showed an alarming increase in the number of attacks in 2024 using no less than 285 different forms of attack. Modern attack methodologies go far beyond just sending out massive amounts of emails. They can also include an “urgent” voicemail or text, urging the victim to immediately click on the link of an email; infiltrating reply chains; QR codes instead of links, and signature impersonations.

One new phishing kit is Astaroth, which was revealed in January by SlashNext, a cloud email security provider. Primarily marketing on the Telegram messaging platform, the kit sells for $2000 and includes free trials.

AI making life hard for consumers and cybersecurity

Lou Covey November 26, 2024

The AI industry supposedly to make life easier for humanity. Since it first burst onto the scene it has, arguably, made life more difficult. Consumers and the cybersecurity industry, in particular, are struggling professionally, emotionally, and mentally to understand the value, if not the efficacy, of the technology.

Cyber Protection Magazine evaluated three surveys, from Armorcode, Arkose Labs, and Appdome, over the past few weeks. They agreed the public image of AI is untrustworthy, full of false promises, and something to be feared. In spite of this image, customers believe they must adopt and adapt to the technology, even if they don’t want to.

Security expert collapsed from exhastion

Breach fatigue or too big to fail?

Lou Covey September 19, 2024

As we prepare for the annual October holiday season with Cybersecurity Awareness Month there is an important question to ask. Are we as a society at the point of fatigue over every new security breach, or are the companies getting breached just too big to fail?

Security giant Fortinet announced a data breach this week that was remarkable in two ways. One was how small the breach was (less than 500GB) Two was how calm Fortinet seemed to be about. Security gadfly Dr. Chase Cunningham posted a flippant comment about the breach on Linkedin, encouraging his followers to “buy on the breach.” He pointed out that with big public companies, in security or not, generally take a hit on their stock for a day or two after a breach, but the stock rises to new highs as the dust clears. And no one seems to care about the downstream customers whose data might have been stolen.

A 2010 study published in the Journal of Cost Management concluded that a company could be more profitable if it annoyed unhappy customers more than they already were. The success of that strategy increased with the size of the company, according to the study, and when there were fewer competitors for a customer to turn to.

The reasons for the success were simple. If a pissed off customer decided to go a smaller provider, there were always new customers who signed up, simply because they were the biggest. If there were no smaller competitors, the customer never went away. In the process, the offending company rarely has to pay out to make the customer whole. The study pointed our that companies like United Airlines have notoriously bad customer service, but they rarely lose market share because of it.

Kevin Szczepanski, co-chair of Barclay Damon's Data Security, is much more forgiving

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here

Crossing the Compliance Chasm

Tarique Mustafa August 22, 2024

There is a wide gap between regulatory compliance mandates and practical implementation and enforcement that I like to call the “Compliance Chasm”. That chasm is defined by the activity to protect consumers and consideration for the economic and operational impact on business enterprises. Finding that balance requires thought, not the more popular whack-a-mole enterprise strategy that reacts to new compliance mandates.

The frequency and size of regulatory fines are rising for non-compliance. In January 2023, Meta was fined $418 million for GDPR violations by Meta properties’ Facebook and Instagram. Ireland’s Data Protection Commission follows up in May that same year with a $1.3 billion fine for additional violations. And those were just the latest fines imposed on web giants, that also included Google and Amazon.

The targets of those fines might be justified in saying compliance is an impossible task. By 2025 the volume of data/information created, captured, copied, and consumed worldwide is forecast to reach 181 zettabytes. Nearly 80% of companies estimate that 50%-90% of their data is unstructured text, video, audio, web server logs, or social media activities.

Voters mareking ballots at voting station

Election security is not a technology problem. It is how naive we are

Lou Covey June 27, 2024

When it comes to election security, the technology we use to vote and count those votes is not the problem. The problem is how naive we are.

Election security has been at the forefront of daily news cycles for more a decade. The concerns about illicit use of technology to input and count the votes turned out to be largely overblown. Every U.S. state other than the Commonwealth of Louisiana, uses paper ballots, matching the practice of every other western democracy. Lawsuits have bankrupted people and organizations claiming the technology was changing votes. Those that have complained the loudest about election interference are now facing prosecution for the crimes.

Now the tech focus is on the use of artificial Intelligence to create deepfake video and audio. A recent pitch from Surfshark,

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here

Commentary: Move fast and break AI

Lou Covey January 26, 2024

Frontline documentary on Facebook

One person whispering in the ear of a newspaper reader, distracting him while the world burns

Before you post, would you bet your job on it?

Lou Covey December 5, 2023

In a world awash in AI-generated, intentional misinformation and urban myths, would you bet your job on the reliability of the information you want to share? You might be betting someone’s life on it.

Criminal using a device to make a deep fake voice call

Study: Consumers ambivalent about deep fake content

Lou Covey November 30, 2023

A recent study performed by Synthedia has found that consumers are, by and large, ambivalent over the value and threatsmore

Podcast: Defense against the AI Arts

Lou Covey October 3, 2023

The rise of generative AI products for commercial use is probably the fastest and most controversial of any technological advancemore

Standards bodies doing the heavy lifting in AI regulation

Lou Covey August 11, 2023

As with any digital product, security relies on four arenas. User responsibility, corporate accountability, government regulation and industry standards.