Ransomware vs. AI

  • Comments posted to this topic are about the item Ransomware vs. AI

  • Most phishing emails I receive fall into a handful of categories like:

    • "Congratulations! You have won (this or that)" that purport to be from retailers like Costco
    • Requests from Netflix to change my login.
    • A bank I've never heard of stating that there is a problem with my account.

    They often contain the same stock photos and wording, so it shouldn't be too hard to profile and create a reliable signature similar to how anti-virus scanners work.

    Another thing Microsoft and other email providers can do is perform an automated WHOIS lookup on the registration information of the originating domain server and not just black list individual accounts but the entire domain name.




    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • Interesting.

    Most of the scam emails I got have their copy made in a way that makes it clear that the sender is sketchy. For example, the copy contains low-quality assets, non-uniform indentation, spelling, and grammatical mistakes.

    And I think they intentionally make it this way because those who fall for it will regardless.

    The good news is Google has recently introduced verification badges to senders. So when emails come from verified organizations, there's a blue tick badge near the sender's name. But they only show up in Gmail. I wish all email providers would collaborate in making this an open standard.

  • Agreed. Wish that email providers would verify things. I've jumped through hoops to get sqlservercentral.com and sqlsaturday.com set up with verifications.

  • We had a cyber incident (sic) late last year and it was actually our ISP who picked up the problem. I doubt AI was involved as I think they found it by scanning packets for questionable destinations. Fortunately the problem was found before we were locked out or any data was stolen. For a week we only had very limited internet access while everything was scanned and cleaned. (I have no idea of the cost.) Also, since then we have only been able to use work devices to RDP into our network. I suspect we were infected by someone using a personal device on public wi-fi without a VPN. My understanding is a more secure way of using personal devices for RDP is being investigated.

    I suppose this underlines the importance of defense in depth.

  • I know when I've been on the MS campus, I can't connect if my device isn't patched. I think that's a good "in-depth" strategy for sure.

  • Indeed, though that wasn't ransomware. It was poor security on a test account

Viewing 8 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic. Login to reply