Category Archives: Cyberattacks

AI is more than our digital security guard, says Vatican Library CIO – it’s helping preserve our reputation

The Vatican Apostolic Library’s digital security guard is doing more than shielding hundreds of historical texts from cyber threats, according to the library’s chief information officer – it’s guarding the library’s reputation.

Founded in 1451 by Nicholas V, the Vatican Apostolic Library is home to some of the oldest and most important collections of historical texts in the world, including the oldest surviving copy of The Bible. The library started the digitization process in 2012, and it has currently digitized around 20,000 of the 80,000 manuscripts – starting with the most unique, most famous and fragile pieces. 

“Digitizing for preservation requires digital preservation; we have to protect our online collection from cyberattacks so that our readers can trust the records are accurate, unaltered history and so that they can rely on their constant availability,” Manlio Miceli, chief information officer for the Vatican Library, told the publication in an email. “What is clear from the current threat landscape is that you cannot throw people at this problem – you need to augment human beings with technology that understands the shades of grey within very complex systems and fights back at machine-speed. AI is a term that is surrounded by a lot of hype today, which can be unhelpful. We have an extremely small security team managing two very large data centres – for us, AI is delivering value in the real world. You could think of it like this: our colleague is an AI that never sleeps, doesn’t take breaks and can spot and investigate more threats than any human team could.”

Also:

If ransomware doesn’t kill you, the downtime will, says Datto report [Channel Daily News]

Majority of Canadian cyber incidents happen due to poor cyber hygiene, new report says [IT World Canada]

 

The Vatican library has partnered with AI cybersecurity firm Darktrace to prevent further attempts to steal and manipulate its digital collection. The growing threat of ransomware is one of the library’s biggest fears.

Powered by an algorithm that evolves thanks to a solid understanding of the ‘normal’ activity within the Vatican Library’s digital systems, Darktrace’s cyber AI detects significant changes that may suggest an emerging cyber threat. The digital archives face roughly 100 threats a month, according to David Masson, director of enterprise security for Darktrace, in an interview with IT World Canada.

“What we do is learn the pattern-of-life of everything inside the Vatican library’s networks or digital infrastructure. If we know what this pattern-of-life is, we can easily see any changes that take place in it at any time, and this allows us to see attacks in very early stages, which means we can stop them before they cause any damage,” Masson said.

A successful attack on the library could see the collection stolen, manipulated or deleted altogether. While physical damage is often clear and immediate, an attack of this kind wouldn’t have the same physical visibility. This has the potential to cause enduring and potentially irreparable harm not only to the archive but to the world’s historical memory. In the era of fake news, these collections play an important role in the fight against misinformation. Defending them against these kinds of “trust attacks” is critical, explains Miceli. 

“What is clear from the current threat landscape is that you cannot throw people at this problem – you need to augment human beings with technology that understands the shades of grey within very complex systems and fights back at machine-speed. AI is a term that is surrounded by a lot of hype today, which can be unhelpful. We have an extremely small security team managing two very large data centres – for us, AI is delivering value in the real world. You could think of it like this: our colleague is an AI that never sleeps, doesn’t take breaks and can spot and investigate more threats than any human team could,” Miceli wrote.

The software makes decisions in seconds about what is strange but benign and strange but threatening – and not only does it detect the threat, but it writes up its own human-readable report on security events for Miceli and the rest of his team, as well as his bosses. Miceli says the AI does this “nine times faster than a human analyst ever could.”

The post AI is more than our digital security guard, says Vatican Library CIO - it's helping preserve our reputation first appeared on IT World Canada.

Google Services Weaponized to Bypass Security in Phishing, BEC Campaigns

Attackers exploiting an array of Google Services, including Forms, Firebase, Docs and more to boost phishing and BEC campaigns.

3 Ways to Prepare Your Enterprise’s Data Security for a Future of Advanced Attacks

One significant negative implication of technology’s continual evolution is proportional advancement in nefarious internet activities, particularly cyber attacks. The past few years have seen a rising sophistication in cyber attacks at levels never experienced before. The worst fact is that attacks will likely only continue to get more advanced. To fight them, enterprises need to […]… Read More

The post 3 Ways to Prepare Your Enterprise’s Data Security for a Future of Advanced Attacks appeared first on The State of Security.

Cybercrime Moves to the Cloud to Accelerate Attacks Amid Data Glut

A report on the underground economy finds that malicious actors are offering cloud-based troves of stolen data, accessible with handy tools to slice and dice what's on offer.

SEC’s Office of Compliance Inspection and Examinations Warns of a Sudden Increase in Credential Stuffing Hack

Recently, the Securities and Exchange Commission’s exam division issued a Risk Alert (the “Alert”) where it carried out several targeted cybersecurity investigations. The agency is now concerned with how there’s been an increase in a specific type of hack known as “credential stuffing.“ This cyberattack involves using stolen credentials to log into web-based systems and […]… Read More

The post SEC’s Office of Compliance Inspection and Examinations Warns of a Sudden Increase in Credential Stuffing Hack appeared first on The State of Security.

Nation-State Attackers Actively Target COVID-19 Vaccine-Makers

Three major APTs are involved in ongoing compromises at pharma and clinical organizations involved in COVID-19 research, Microsoft says.