Interesting paper by Lennart Maschmeyer: “The Subversive Trilemma: Why Cyber Operations Fall Short of Expectations“:

Abstract: Although cyber conflict has existed for thirty years, the strategic utility of cyber operations remains unclear. Many expect cyber operations to provide independent utility in both warfare and low-intensity competition. Underlying these expectations are broadly shared assumptions that information technology increases operational effectiveness. But a growing body of research shows how cyber operations tend to fall short of their promise. The reason for this shortfall is their subversive mechanism of action. In theory, subversion provides a way to exert influence at lower risks than force because it is secret and indirect, exploiting systems to use them against adversaries. The mismatch between promise and practice is the consequence of the subversive trilemma of cyber operations, whereby speed, intensity, and control are negatively correlated. These constraints pose a trilemma for actors because a gain in one variable tends to produce losses across the other two variables. A case study of the Russo-Ukrainian conflict provides empirical support for the argument. Qualitative analysis leverages original data from field interviews, leaked documents, forensic evidence, and local media. Findings show that the subversive trilemma limited the strategic utility of all five major disruptive cyber operations in this conflict.

Read More

Interpol helps Nigerian investigators pounce

Read More

Today is the second day of the fifteenth Workshop on Security and Human Behavior, hosted by Ross Anderson and Alice Hutchings at the University of Cambridge. After two years of having this conference remotely on Zoom, it’s nice to be back together in person.

SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, Alice Hutchings, and myself. The forty or so attendees include psychologists, economists, computer security researchers, sociologists, political scientists, criminologists, neuroscientists, designers, lawyers, philosophers, anthropologists, geographers, business school professors, and a smattering of others. It’s not just an interdisciplinary event; most of the people here are individually interdisciplinary.

For the past decade and a half, this workshop has been the most intellectually stimulating two days of my professional year. It influences my thinking in different and sometimes surprising ways—and has resulted in some unexpected collaborations.

Our goal is always to maximize discussion and interaction. We do that by putting everyone on panels, and limiting talks to six to eight minutes, with the rest of the time for open discussion. Because everyone was not able to attend in person, our panels all include remote participants as well. The hybrid structure is working well, even though our remote participants aren’t around for the social program.

This year’s schedule is here. This page lists the participants and includes links to some of their work. As he does every year, Ross Anderson is liveblogging the talks.

Here are my posts on the first, second, third, fourth, fifth, sixth, seventh, eighth, ninth, tenth, eleventh, twelfth, thirteenth, and fourteenth SHB workshops. Follow those links to find summaries, papers, and occasionally audio/video recordings of the various workshops. Ross also maintains a good webpage of psychology and security resources.

Read More

Information commissioner wants immediate end to the practice

Read More

Conti has been one of the most aggressive ransomware operations over the past two years and continues to victimize many large companies as well as government, law enforcement and healthcare organizations. Researchers warn that unlike other ransomware groups that generally care about their reputation, Conti doesn’t always deliver on its promises to victims.

“Usually, the more successful ransomware operators put a lot of effort into establishing and maintaining some semblance of ‘integrity’ as a way of facilitating ransom payments from victims,” researchers from Palo Alto Networks said in an analysis. “They want to establish stellar reputations for ‘customer service’ and for delivering on what they promise—that if you pay a ransom, your files will be decrypted (and they will not appear on a leak website). Yet in our experience helping clients remediate attacks, Conti has not demonstrated any signs that it cares about its reputation with would-be victims.”

To read this article in full, please click here

Read More

Security-savvy organizations understand that it’s best to assume that their systems are breached. It’s one reason why zero-trust architectures get so much attention nowadays, and it’s why more enterprises have threat hunters who go on the lookout for attackers that are already active on their networks.

This practice has grown popular because threats have become so pervasive, and traditional intrusion detection/prevention systems dispatch too many false positives. They can be too easy to circumvent. Still, threat hunters can’t catch everything, and there are not enough people with these skills to go around. So, where do security teams go to get some relief? More are turning to active defense, or deception technologies, to help identify attacker movement within their systems.

To read this article in full, please click here

Read More

Misconfigured AWS bucket to blame for privacy snafu

Read More

A database of contact information for hundreds of Verizon employees is in the hands of cybercriminals, after a member of staff was duped into granting a hacker access to their work PC.

Read more in my article on the Hot for Security blog.

Read More

Several ministry websites shut down by Anonymous affiliates in retaliation for Belarus’ support of Russia’s Ukrainian invasion.

Read More

Credentials from several US-based universities and colleges have been spotted by the FBI in Russian cyber-criminal forums

Read More