Ransomware Attacks, Payments Declined In 2022: Report

CRN reports:

Prominent incident response firm Mandiant disclosed Tuesday that it responded to 15 percent fewer ransomware incidents last year. The statistic was first reported by the Wall Street Journal. Mandiant, which is owned by Google Cloud, confirmed the stat in an email to CRN.

The WSJ report also included several other indicators that 2022 was a less successful year for ransomware. Cybersecurity giant CrowdStrike told the outlet that the average ransom demand dropped 28 percent last year, to $4.1 million, from $5.7 million the year before. The firm reportedly pinned the decline on factors including the arrests of ransomware gang members and other disruptions to the groups last year, as well as the drop in the value of cryptocurrencies such as Bitcoin. CrowdStrike confirmed the stat to CRN.

Their article also cites a blog post from Chainalysis, the blockchain data platform, which estimated that 2022’s total ransomware revenue “fell to at least $456.8 million in 2022 from $765.6 million in 2021 — a huge drop of 40.3%.” And that blog post cites the Chief Claims Officer of cyber insurance firm Resilience, who also specifically notes “signs that meaningful disruptions against ransomware actor groups are driving lower than expected successful extortion attempts,” including arrests and recovery of extorted cryptocurrency by western law enforcement agencies.

From the Wall Street Journal:
After ballooning for years, the amount of money being paid to ransomware criminals dropped in 2022, as did the odds that a victim would pay the criminals who installed the ransomware…. “It reflects, I think, the pivot that we have made to a posture where we’re on our front foot,” Deputy Attorney General Lisa Monaco said in an interview. “We’re focusing on making sure we’re doing everything to prevent the attacks in the first place.”

The hacking groups behind ransomware attacks have been slowed by better company security practices. Federal authorities have also used new tactics to help victims avoid paying ransom demands…. And the FBI said last month that it disrupted $130 million in potential ransomware profits last year by gaining access to servers run by the Hive ransomware group and giving away the group’s decryption keys — used to undo the effects of ransomware — for free.

In the fall, about 45 call-center operators were laid off by former members of a ransomware group known as Conti, according to Yelisey Bohuslavskiy, chief research officer with the threat intelligence firm Red Sense LLC. They had been hired as part of a scam to talk potential victims into installing remote-access software onto networks that would then be infected by ransomware, but the call centers ended up losing money, he said.
Companies have also stepped up their cybersecurity practices, driven by demands from insurance underwriters and a better understanding of the risks of ransomware following high-profile attacks. Companies are spending more money on business continuity and backup software that allow computer systems to restart after they have been infected. With improved backups, U.S. companies are better at bouncing back from ransomware attacks than they were four years ago, according to Coveware Inc., which helps victims respond to ransomware intrusions and has handled thousands of cases. Four years ago, 85% of ransomware victims wound up paying their attackers. Today that number is 37%, according to Coveware Inc. Chief Executive Bill Siegel.

Read more of this story at Slashdot.

As Cold Fronts Hit America, Half a Million Lose Power

More than 126,000 Californians are without electricity, reports ABC News. But Reuters notes that meanwhile “more than 400,000 customers of Detroit based DTE Energy remained without power on Saturday, the Detroit News reported,” suffering through “a separate storm that clobbered the U.S. Plains, Midwest and Great Lakes regions earlier this week” that finally moved over the Atlantic.

And ABC News notes that as of Saturday morning, “more than 30 million Americans are under weather alerts in the West” — roughly 1 in 11 Americans — “ranging from blizzard warnings in the mountains near Los Angeles to wind chill alerts in the Northern Plains” near Wyoming. But California’s problems came from its own major storm that delivered heavy snow, record rainfall, and damaging winds — a storm that “will be moving from southern California across the entire country over the next few days, eventually moving northeast by Tuesday.”

The Los Angeles area saw record rainfall on Friday, and it came along with 50- to 70-mile-per-hour winds. Burbank, California, saw 4.6 inches of rain Friday — stranding cars in floods and causing dozens of flight delays and cancellations. Records for daily rainfall were also set at the Los Angeles International Airport and the cities of Fresno, Bakersfield, Modesto and Oxnard…. Multiple stretches of I-5 in Los Angeles County were shuttered on Saturday due to rain and snow.

Snowflakes even fell around the “Hollywood” sign, reports Reuters. But bad weather wasn’t just hitting southern California:

In Northern California, San Francisco was expected to experience record cold temperatures on Saturday, and the National Weather Service warned residents of the state capital of Sacramento to avoid travel from Sunday through Wednesday as rain and snow started up again after a reprieve on Saturday. “Extreme impacts from heavy snow & winds will cause extremely dangerous to impossible driving conditions & likely widespread road closures & infrastructure impacts!” the agency said on Twitter. The next set of storms, expected to hit on Sunday, will bring wind gusts of up to 50 miles per hour (80 kph) in the Sacramento Valley, and up to 70 miles per hour in the nearby Sierra Nevada mountains….
A massive low-pressure system driven from the Arctic was responsible for the unusual conditions, said Bryan Jackson, a forecaster at the NWS Weather Prediction Center in College Park, Maryland.

This week one political cartoonist suggested a connection between “crazy weather” and climate change.

Read more of this story at Slashdot.

Microsoft Has Been Secretly Testing Its Bing Chatbot ‘Sydney’ For Years

According to The Verge, Microsoft has been secretly testing its Sydney chatbot for several years after making a big bet on bots in 2016. From the report: Sydney is a codename for a chatbot that has been responding to some Bing users since late 2020. The user experience was very similar to what launched publicly earlier this month, with a blue Cortana-like orb appearing in a chatbot interface on Bing. “Sydney is an old codename for a chat feature based on earlier models that we began testing in India in late 2020,” says Caitlin Roulston, director of communications at Microsoft, in a statement to The Verge. “The insights we gathered as part of that have helped to inform our work with the new Bing preview. We continue to tune our techniques and are working on more advanced models to incorporate the learnings and feedback so that we can deliver the best user experience possible.”

“This is an experimental AI-powered Chat on Bing.com,” read a disclaimer inside the 2021 interface that was added before an early version of Sydney would start replying to users. Some Bing users in India and China spotted the Sydney bot in the first half of 2021 before others noticed it would identify itself as Sydney in late 2021. All of this was years after Microsoft started testing basic chatbots in Bing in 2017. The initial Bing bots used AI techniques that Microsoft had been using in Office and Bing for years and machine reading comprehension that isn’t as powerful as what exists in OpenAI’s GPT models today. These bots were created in 2017 in a broad Microsoft effort to move its Bing search engine to a more conversational model.

Microsoft made several improvements to its Bing bots between 2017 and 2021, including moving away from individual bots for websites and toward the idea of a single AI-powered bot, Sydney, that would answer general queries on Bing. Sources familiar with Microsoft’s early Bing chatbot work tell The Verge that the initial iterations of Sydney had far less personality until late last year. OpenAI shared its next-generation GPT model with Microsoft last summer, described by Jordi Ribas, Microsoft’s head of search and AI, as “game-changing.” While Microsoft had been working toward its dream of conversational search for more than six years, sources say this new large language model was the breakthrough the company needed to bring all of its its Sydney learnings to the masses. […] Microsoft hasn’t yet detailed the full history of Sydney, but Ribas did acknowledge its new Bing AI is “the culmination of many years of work by the Bing team” that involves “other innovations” that the Bing team will detail in future blog posts.

Read more of this story at Slashdot.

Spotify Is Testing Playlists That Could Be Unlocked By NFT Holders

Unlocking exclusive access has been a long-held promise of a lot of NFT-based communities. And now, Spotify is helping some of them realize that claim with token-gated playlists. TechCrunch reports: According to a series of tweets by Kingship, a metaverse band signed to Universal Music Group (UMG), the streaming company is piloting playlists that could be unlocked through NFTs in certain geographies. Under the pilot, Kingship has released a special playlist that could be accessed only by Kingship key card NFT holders. The group posted a series of steps that involves linking a crypto wallet like Metamask, Trust Wallet, Rainbow, Ledger Live, or Zerion to authenticate the NFT that unlocks the playlist. Kingship said that currently, this experience is only available to Android users in the U.S., the U.K., Germany, Australia and New Zealand. “At Spotify, we routinely conduct a number of tests in an effort to improve our user experience. Some of those end up paving the path for our broader user experience and others serve only as important learnings. We have no further news to share on future plans at this time,” a Spotify spokesperson said.

Read more of this story at Slashdot.

At Least One Open Source Vulnerability Found In 84% of Code Bases, Report Finds

L.Kynes shares a report from CSO Online: At a time when almost all software contains open source code, at least one known open source vulnerability was detected in 84% of all commercial and proprietary code bases examined by researchers at application security company Synopsys. In addition, 48% of all code bases analyzed by Synopsys researchers contained high-risk vulnerabilities, which are those that have been actively exploited, already have documented proof-of-concept exploits, or are classified as remote code execution vulnerabilities. The vulnerability data — along with information on open source license compliance — was included in Synopsys’ 2023 Open Source Security and Risk Analysis (OSSRA) report (PDF), put together by the company’s Cybersecurity Research Center (CyRC). “Of the 1,703 codebases that Synopsys audited in 2022, 96% of them contained open source,” adds L.Kynes, citing the report. “Aerospace, aviation, automotive, transportation, logistics; EdTech; and Internet of Things are three of the 17 industry sectors included in the report that had open source in 100% of their audited codebases. In the remaining verticals, over 92% of the codebases contained open source.”

Read more of this story at Slashdot.

Apple Is Reportedly Closer To Bringing No-Prick Glucose Monitoring To the Watch

According to Bloomberg, Apple’s quest to bring blood glucose monitoring to the Apple Watch is now at a “proof-of-concept stage.” The last remaining hurdle is for it to be made smaller. Engadget reports: The technology, which uses lasers to gauge glucose concentration under the skin, was previously tabletop sized but has reportedly advanced to the point where an iPhone-sized wearable prototype is in the works. The system would not only help people with diabetes monitor their conditions, but would ideally alert people who are prediabetic, the insiders say. They could then make changes that prevent Type 2 (adult onset) diabetes.

The project has supposedly been in development for a long time. It began in 2010, when an ailing Steve Jobs had his company buy blood glucose monitoring startup RareLight. Apple is said to have kept the effort secret by operating it as a seemingly isolated firm, Avolonte Health, but folded it into a previously unknown Exploratory Design Group (XDG). CEO Tim Cook, Apple Watch hardware lead Eugene Kim and other top leaders have been involved.

Any real-world product is likely years away, according to Bloomberg. The industry also doesn’t have a great track record of bringing no-prick monitors to market. In 2018, Alphabet’s health subsidiary Verily scrapped plans for a smart contact lens that would have tracked glucose using tears. Even major brands with vast resources aren’t guaranteed success, in other words, and it’s not clear how accurate Apple’s solution would be.

Read more of this story at Slashdot.

Instagram Co-Founders Launch Personalized News App ‘Artifact’

Artifact, the personalized news reader built by Instagram’s co-founders, is now open to the public, no sign-up required. TechCrunch reports: With today’s launch, Artifact is dropping its waitlist and phone number requirements, introducing the app’s first social feature and adding feedback controls to better personalize the news reading experience, among other changes. […] With today’s launch, Artifact will now give users more visibility into their news reading habits with a newly added stats feature that shows you the categories you’ve read as well as the recent articles you read within those categories, plus the publishers you’ve been reading the most. But it will also group your reading more narrowly by specific topics. In other words, instead of just “tech” or “AI,” you might find you’ve read a lot about the topic “ChatGPT,” specifically.

In time, Artifact’s goal is to provide tools that would allow readers to click a button to show more or less from a given topic to better control, personalize and diversify their feed. In the meantime, however, users can delve into settings to manage their interests by blocking or pausing publishers or selecting and unselecting general interest categories. Also new today is a feature that allows you to upload your contacts in order to see a signal that a particular article is popular in your network. This is slightly different from Twitter’s Top Articles feature, which shows you articles popular with the people you follow, because Artifact’s feature is more privacy-focused.

“It doesn’t tell you who read it. It doesn’t tell you how many of them read it, so it keeps privacy — and we clearly don’t do it with just one read. So you can’t have one contact and like figure out what that one contact is reading … it has to meet a certain minimum threshold,” notes [Instagram co-founder Kevin Systrom]. This way, he adds, the app isn’t driven by what your friends are reading, but it can use that as a signal to highlight items that everyone was reading. In time, the broader goal is to expand the social experience to also include a way to discuss the news articles within Artifact itself. The beta version, limited to testers, offers a Discover feed where users can share articles and like and comment on those shared by others. There’s a bit of a News Feed or even Instagram-like quality to engaging with news in this way, we found.

Read more of this story at Slashdot.

AI-Created Images Lose US Copyrights In Test For New Technology

Images in a graphic novel that were created using the artificial-intelligence system Midjourney should not have been granted copyright protection, the U.S. Copyright Office said in a letter seen by Reuters. From the report: “Zarya of the Dawn” author Kristina Kashtanova is entitled to a copyright for the parts of the book she wrote and arranged, but not for images she made using Midjourney, the office said in its letter, dated Tuesday. The decision is one of the first by a U.S. court or agency on the scope of copyright protection for works created with AI, and comes amid the meteoric rise of generative AI software like Midjourney, Dall-E and ChatGPT.

The Copyright Office said in its letter that it would reissue its registration for “Zarya of the Dawn” to omit images that “are not the product of human authorship.” […] Midjourney is an AI-based system that generates images based on text prompts entered by users. Kashtanova wrote the text of “Zarya of the Dawn,” and Midjourney created the book’s images based on her prompts.

Read more of this story at Slashdot.

Amazon Closes $3.9 Billion Deal To Acquire One Medical

An anonymous reader quotes a report from CNBC: Amazon on Wednesday said it had closed its $3.9 billion deal for primary care provider One Medical. Amazon agreed last July to acquire One Medical to deepen its presence in health care, and “dramatically improve” the experience of getting medical care. Amazon has long had ambitions to expand into health care, buying online pharmacy PillPack in 2018 for $750 million, then launching its own virtual clinic for chronic conditions, and prescription perks for Prime members. The deal gives Amazon access to One Medical’s more than 200 brick-and-mortar medical offices in 26 markets, and roughly 815,000 members.

The purchase was the first major deal announced since CEO Andy Jassy took the helm from founder Jeff Bezos in July 2021, and Jassy has indicated he sees health care as a major area of expansion. In a statement, he said health care is ripe for disruption, citing long appointment times and the complexities of primary care. “Customers want and deserve better, and that’s what One Medical has been working and innovating on for more than a decade,” Jassy said in a statement. “Together, we believe we can make the health care experience easier, faster, more personal, and more convenient for everyone.” Amazon said it would discount One Medical memberships for U.S. users to $144 from $199 for the first year, regardless of whether they’re a Prime subscriber.

Read more of this story at Slashdot.