Post reply

Ransomware vs. AI

  • February 7, 2024 at 12:00 am

    #4367264

    Comments posted to this topic are about the item Ransomware vs. AI

  • February 8, 2024 at 8:09 pm

    #4375543

    Most phishing emails I receive fall into a handful of categories like:

    • "Congratulations! You have won (this or that)" that purport to be from retailers like Costco
    • Requests from Netflix to change my login.
    • A bank I've never heard of stating that there is a problem with my account.

    They often contain the same stock photos and wording, so it shouldn't be too hard to profile and create a reliable signature similar to how anti-virus scanners work.

    Another thing Microsoft and other email providers can do is perform an automated WHOIS lookup on the registration information of the originating domain server and not just black list individual accounts but the entire domain name.

     

     

     

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • February 27, 2024 at 4:56 pm

    #4385833

    Interesting.

    Most of the scam emails I got have their copy made in a way that makes it clear that the sender is sketchy. For example, the copy contains low-quality assets, non-uniform indentation, spelling, and grammatical mistakes.

    And I think they intentionally make it this way because those who fall for it will regardless.

    The good news is Google has recently introduced verification badges to senders. So when emails come from verified organizations, there's a blue tick badge near the sender's name. But they only show up in Gmail. I wish all email providers would collaborate in making this an open standard.

  • February 28, 2024 at 5:28 pm

    #4386526

    Agreed. Wish that email providers would verify things. I've jumped through hoops to get sqlservercentral.com and sqlsaturday.com set up with verifications.

  • February 28, 2024 at 7:40 pm

    #4386611

    We had a cyber incident (sic) late last year and it was actually our ISP who picked up the problem. I doubt AI was involved as I think they found it by scanning packets for questionable destinations. Fortunately the problem was found before we were locked out or any data was stolen. For a week we only had very limited internet access while everything was scanned and cleaned. (I have no idea of the cost.) Also, since then we have only been able to use work devices to RDP into our network. I suspect we were infected by someone using a personal device on public wi-fi without a VPN. My understanding is a more secure way of using personal devices for RDP is being investigated.

    I suppose this underlines the importance of defense in depth.

  • February 28, 2024 at 7:52 pm

    #4386615

    I know when I've been on the MS campus, I can't connect if my device isn't patched. I think that's a good "in-depth" strategy for sure.

  • March 11, 2024 at 9:13 pm

    #4393601

    But no system is perfect...

    Russian state-backed hackers breached Microsoft's core software systems, company says (msn.com)

  • March 11, 2024 at 9:22 pm

    #4393605

    m60freeman wrote:

    But no system is perfect...

    Russian state-backed hackers breached Microsoft's core software systems, company says (msn.com)

    Indeed, though that wasn't ransomware. It was poor security on a test account

Viewing 8 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic. Login to reply