source: darkreading.com

Exploits are getting more sophisticated by the day, and cybersecurity technology just isn't keeping up.

It's almost like something out of Star Trek. Imagine an alien who can see you, but whom you can't see — one who has violence on his/her/its mind. A punch coming from out of nowhere; a vase flung at your head with no one seemingly throwing it; a punch to the gut, then a karate chop to the neck, maybe a blast from an (also invisible) ray gun, and you're down for the count. How would you fight it? How could you fight it?

Those invisible aliens may not have landed on earth just yet, but invisible malware — called fileless malware or in-memory malware — is wreaking havoc and bringing intergalactic war-style destruction to IT systems the world over. Like an invisible alien, fileless malware can strike from multiple directions, without victims even being aware they were targeted, until it's too late. Fileless malware — in which hackers call malware routines remotely and load them into memory in order to compromise or steal data — is not new, but hackers increasingly have turned to that type of attack. According to McAfee, fileless threats with PowerShell malware grew by 119% in the third quarter of 2017 alone, and they have been such a rousing success that hackers plan to greatly expand their use this year, security experts are convinced.

But fileless malware is just one of numerous threats and attacks that are now in vogue; 2018 could see more and more challenging cyberattacks, experts believe. With cryptocurrencies so popular now, hackers have begun using botnets to create the computing power needed to mine coins. AI has helped hackers develop more effective social engineering messages, "weaponizing" big data and AI to convince hapless victims to open spear-phishing messages more frequently by matching the message with the personality of the recipient. And botnets that control infected devices, commanding them to infect even more devices — a "swarm effect" — will allow hackers to grow their networks of compromised devices and systems exponentially.

 source: krebsonsecurity.com

ATM “jackpotting” — a sophisticated crime in which thieves install malicious software and/or hardware at ATMs that forces the machines to spit out huge volumes of cash on demand — has long been a threat for banks in Europe and Asia, yet these attacks somehow have eluded U.S. ATM operators. But all that changed this week after the U.S. Secret Service quietly began warning financial institutions that jackpotting attacks have now been spotted targeting cash machines here in the United States.

To carry out a jackpotting attack, thieves first must gain physical access to the cash machine. From there they can use malware or specialized electronics — often a combination of both — to control the operations of the ATM.

On Jan. 21, 2018, KrebsOnSecurity began hearing rumblings about jackpotting attacks, also known as “logical attacks,” hitting U.S. ATM operators. I quickly reached out to ATM giant NCR Corp. to see if they’d heard anything. NCR said at the time it had received unconfirmed reports, but nothing solid yet.

On Jan. 26, NCR sent an advisory to its customers saying it had received reports from the Secret Service and other sources about jackpotting attacks against ATMs in the United States.

“While at present these appear focused on non-NCR ATMs, logical attacks are an industry-wide issue,” the NCR alert reads. “This represents the first confirmed cases of losses due to logical attacks in the US. This should be treated as a call to action to take appropriate steps to protect their ATMs against these forms of attack and mitigate any consequences.”

The NCR memo does not mention the type of jackpotting malware used against U.S. ATMs. But a source close to the matter said the Secret Service is warning that organized criminal gangs have been attacking stand-alone ATMs in the United States using “Ploutus.D,” an advanced strain of jackpotting malware first spotted in 2013.

 source: futurism.com

As the founder of Microsoft, Bill Gates is certainly no stranger to technological advancement. In a recent interview with Axios, however, the businessman and philanthropist voiced his concerns over the potential negative impact such advances could have — issues that he’ll delve more deeply into with the release of the annual letter from the Bill and Melinda Gates Foundation later today.

“There’s always the question how much technology is empowering a small group of people to cause damage,” Gates said, his words primarily directed at the large technology companies currently dominating the market, such as Apple.

Gates continued, pointing out that such monopolies aren’t just about computers and smartphones.  “A small group can have an impact — in the case of nuclear [weapons], on millions; and in the case of bio[terror], on billions. That is scary to me.”

 

The warning was directed at those in Silicon Valley, as Gates worries the companies’ activities could hinder the ability of the government to do its job ( that is, “under appropriate review,” he was careful to note). Gates specifically honed in on the issue of information access, alluding to tech giants like Facebook, Google, and Apple, who may have an “enthusiasm about making financial transactions anonymous and invisible, and their view that even a clear mass-murdering criminal’s communication should never be available to the government.”

Gates suggests the companies self-evaluate to see if the issues they’re facing could be solved by utilizing government oversight — and he’s not offering advice with a lack of experience to back it up. Gates told Axios that if these companies heed his warning, they might avoid what Gates described as the “nightmarish government intervention” he contended with for Microsoft.

Whatever a company’s goals, values, and ideals may be, they are not above or aside the law. “The tech companies have to be … careful that they’re not trying to think their view is more important than the government’s view,” Gates said. “Or than the government being able to function in some key areas.”

 source: cnet.com

Ever the tech enthusiast, Bert Green decided to start accepting bitcoin at his Chicago storefront in 2013, becoming one of the first art galleries in the US to accept the digital currency as payment.

Things didn't work out as planned.

"It's hardly ever happened," he said, recalling just two sales using the cryptocurrency over the past four years at his gallery, Bert Green Fine Art. "People do not transact in bitcoin."

 

Green's experience isn't unique. Despite bitcoin and other digital currencies being billed as -- you know -- currencies, they've instead turned into investment vehicles or stores of wealth. That shift appears to have sped up last year, when bitcoin's price skyrocketed from $1,000 last February to nearly $20,000 by December -- causing cryptocurrency to become a topic at the family dinner table.

This lack of spending with cryptocurrencies could limit their future potential. Bitcoin, ethereum and other digital currencies may remain in the realm of investors and crypto enthusiasts, instead of becoming long-sought universal monies that people use every day and can be spent at any store or website around the world.

Even after bitcoin's price tumbled this year, chances that it could reach that promise are anyone's guess.

"That is the $64,000 question, that is, what's the next narrative for bitcoin?" said Nick Colas, co-founder of the independent research firm DataTrek Research, who's been following cryptocurrencies since 2012. "It's really hard to pin down and that's why the price is so volatile."

The headaches of bitcoin lunch

Things weren't always this way. Back in 2013, bitcoin was being trumpeted as the next, new currency, unfettered by governments, easily movable across borders and anonymous for users.