Executives targeted in Microsoft 365 phishing attacks, why you need an AI Red team, San Francisco’s AI boom fuels office market recovery and bots outperform humans in cracking Captcha tests.
These are the top tech news stories on today’s Hashtag Trending.
I’m your host Jim Love, CIO of IT World Canada and Tech News Day in the US.
In today’s rapidly evolving digital landscape, AI is becoming a double-edged sword. While it offers immense potential for innovation, it also presents new vulnerabilities. Daniel Fabian, head of Google Red Teams, underscores the significance of having dedicated AI red teams to simulate the potential threats to machine learning systems.
As AI integrates deeper into business operations, companies must be proactive in understanding the unique risks associated with it. Tactics like prompt injection attacks and data poisoning are just the tip of the iceberg. These strategies can manipulate AI outputs or even train models to produce incorrect results, potentially jeopardizing business operations or customer trust.
For businesses leveraging AI, it’s crucial to invest in AI-specific red teaming. Such teams can bring a hacker’s perspective, anticipating and countering potential threats before they are manifested. By understanding and simulating the tactics, techniques, and procedures adversaries might use against ML-based systems, companies can stay one step ahead.
In essence, if you’re integrating AI into your business, it’s not just about harnessing its power but also about fortifying its defenses.
Consider establishing or enhancing your AI red team to ensure your AI-driven innovations remain secure and trustworthy.
Sources include: The Register
Threat actors are successfully bypassing multifactor authentication to access Microsoft 365 cloud accounts, using the EvilProxy phishing kit, according to researchers at Proofpoint.
Since March, a campaign has been targeting thousands of Microsoft 365 accounts, focusing especially on C-level and senior executives. Interestingly, the attackers overlook accounts they consider of lesser value, unless those accounts have access to financial or sensitive corporate data.
Among the compromised users, about 39 per cent were C-level executives, with 17 per cent being CFOs and 9 per cent being presidents or CEOs.
Once a user’s credentials were acquired, attackers could access their Microsoft 365 account within seconds, indicating a highly automated process. The campaign sent around 120,000 phishing emails to numerous organizations globally from March to June. The attackers used various techniques, including brand impersonation, scan blocking, and multi-step infection chains. Once inside a victim’s account, the attackers solidified their position by adding their own multi-factor authentication method.
Proofpoint suggests several measures to counter such attacks, including effective business email compromise prevention solutions, identifying unauthorized access, and enhancing employee security training. I’d go with number 3.
Sources include: IT World Canada
San Francisco’s downtown, once struggling post-pandemic, is witnessing a resurgence, thanks to the AI industry. Office space searches in the city have surged, with a quarter of these searches coming from AI companies.
This activity has reached levels not seen since the introduction of COVID vaccines in 2021. San Francisco is becoming a hub for AI development, boasting 20 of the 50 companies on Forbes’ AI 50 list.
Currently, ten AI companies are on the hunt for between 700,000 to 800,000 square feet of office space in the city. This growth is significant, considering AI companies have tripled their footprint in San Francisco since 2016.
Many AI startups prefer in-person work, and the city’s concentration of tech talent and venture capital funding is a magnet. However, there’s still a vast amount of vacant office space in the city.
While AI is booming, it’s essential to note that many AI firms are still small and might not fill the large empty spaces in downtown skyscrapers.
Yet, the trend is clear: AI is playing a pivotal role in San Francisco’s office market recovery.
I can hear Tony Bennett singing it. “I left my artificial intelligence in San Francisco.” Okay, I’ll work on it.
Sources include: Axios
What if you were unintentionally broadcasting your passwords and sensitive information, not through your screen, but through the sound of your typing.
A recent study by a team from British universities has shown that artificial intelligence can now identify keystrokes based solely on the sound with a staggering 95 per cent accuracy.
The researchers demonstrated that just by listening to the typing sounds on a MacBook Pro via a nearby phone, the AI could correctly identify the keystrokes 95 per cent of the time. Even more concerning, a recorded Zoom call yielded a 93 per cent success rate.
This method, termed as “acoustic side channel attacks,” involves malicious entities using secondary devices, like a phone or an active microphone on a video call, to capture the sound of typing. This sound is then processed by a deep-learning A.I. trained to recognize individual key presses.
The research emphasizes the evolving nature of cyber threats and underscores the need for heightened awareness and protective measures. While stronger, more complex passwords can offer some protection, the study suggests that two-factor authentication and biometric methods, like fingerprint scans and facial recognition, can further reduce the risk.
Which takes us back to the password story. PASSWORD
Don’t use that as your password.
Sources include: Fortune
A new comprehensive study has revealed that bots are not only better but also significantly faster than humans at solving Captcha tests. These tests, deployed on over 100 popular websites, were designed as security measures to distinguish between genuine human users and potentially harmful bots. The study, conducted by scientists including those from the University of California, Irvine, assessed 200 of the most popular websites, finding that 120 still utilized Captcha. With the help of 1,000 online participants from diverse backgrounds, the difficulty levels of 10 captcha tests on these sites were gauged.
The results were startling: while some Captcha tests took humans between nine and 15 seconds to solve with an accuracy of 50 to 84 percent, bots cracked them in less than a second with near-perfect accuracy. Given these findings, the researchers have emphasized the need for more dynamic and effective approaches to safeguard websites.
I recommend they start to say, If you can find all the pictures with traffic lights – you’re not Jim – you’re a bot.
Just thinkin’ out loud.
Sources include: The Independent
Those are the top tech news stories for today. Hashtag Trending goes to air 5 days a week with a special weekend interview show we call “the Weekend Edition.”
You can get us anywhere you get audio podcasts and there is a copy of the show notes at itworldcanada.com/podcasts
If you want to catch up on these and other news more quickly, you can read these stories and more at TechNewsDay.com and some of them at ITWorldCanada.com on the home page.
We love your comments. So please go to the article at itworldcanada.com/podcasts (sing along with me) itworldcanada.com/podcasts – you’ll find a text edition there. Click on the x or the check mark but tell me what you think.
To those who have reached out – my sincere thanks. I answer each and every email. It is so great to hear from you.
I’m your host, Jim Love. Have Fantastic Friday!