Skip to content
Imran ViraniNov 30, 20223 min read

Security Impurities: News of the Week (November 23rd - December 1st)

An arMLoad of pAIn: Cybersecurity problems with artificial intelligence and machine learning

Investment in machine learning and artificial intelligence has become very popular. AI/ML tech that uses real-world data to adapt to different situations can seem like a viable avenue to cut out human error and expenditures. However, this week's story shows these systems aren't infallible. Machine error in AI/ML systems poses a significant cybersecurity risk.
Artificial intelligence and machine learning systems increasingly show a high susceptibility to adversarial attacks. These are attacks where unexpected inputs cause logic centers to behave in unpredictable and insecure ways. Much of this data has come from threat exercises. In these exercises, researchers purposefully attack their machine learning models, seeing if they can function when given unanticipated malicious inputs. Security concerns for these malfunctions are a problem. Companies continue to pour money and research into AI/ML without putting the same resources into their security.
Fortunately, the best way to solve this problem is the same way this problem was discovered: extensive testing against adversarial attacks. These ensure their machine learning accounts for normal and abnormal inputs. Finding a way to perform these simulations can be the difference in whether or not these systems can be trusted to function in the real world. AI/ML systems can be very enticing. Companies must ensure that the resources they put into these systems are adequately tested.

Thinking outside the Xbox: gaming companies getting real on cybersecurity

In recent years, the video game industry has experienced tremendous growth. This growth was bolstered by the pandemic, the rise of mobile gaming, and expansion into other avenues for profit (including microtransactions and in-game currency). However, this growth has not been without its drawbacks. More and more, cybercriminals are setting their sights on the video game industry.

According to a report from Cloud cybersecurity company Akamai, Web application attacks on gaming companies and player accounts have risen by 167% in the past year. On top of this, 37% of all global DDoS attacks now target the gaming industry. Attacks on these companies have gotten more diverse as the industry grows. As details of highly anticipated releases have now become closely guarded secrets, the leaking of game details can do severe financial damage to a company. This happened to game producer Take-Two with leaks surrounding the Grand Theft Auto series earlier this year. In-game currency has also presented problems, as its theft and sale on third-party markets has become a problem few in the industry saw coming.
With all these added wrinkles associated with the industry's expansion, it is a good time for video game companies to invest in cybersecurity that can deal with these issues. These companies should seek services that protect their current valuables while ensuring that all new projects will be conducted with sound cybersecurity principles in mind. This sort of thinking should not be found only in the gaming industry. It should be applied to all companies in states of expansion. As organizations dive into new, expansive territories, cyber crime can never be far behind.

"For Whom the Phone Calls": Crackdown on vishing attacks from iSpoof

Vishing attacks are a distressingly common annoyance. That is why it can be gratifying whenever the purveyors of these common vishing scams get brought to justice.
This week, it was reported that over 100 hackers involved in the iSpoof vishing scam were arrested in the UK. iSpoof was a phone number spoofing service that allowed hackers to commit vishing attacks while posing as official representatives from banks, government organizations, and retailers. It targeted almost 200,000 victims, resulting in losses of nearly $120 million USD. The widespread nature of this attack shows how, no matter how advanced security solutions can be, human vulnerability will always exist. Good security awareness training can help alleviate many of these concerns, stopping the reach of scams like iSpoof.
Luckily, iSpoof is no longer one of these threats. In a joint effort by several of the UK's closest allies, the service was dismantled, and its operators now face criminal prosecution. Vishers are some of the most annoying and damaging cyber criminals out there. Seeing some of them being brought to justice is always welcome news.