Ransomware remains a lucrative strategy for threat actors, but extortion that targets retail during the holiday season could be quite lucrative for ransomware groups.Retail can be a juicy target for cyberattacks year-round, and that risk -- for retailers, their supply chain, and their consumers -- is amplified during the holidays. This year, online and in-store retail sales in the US could add up to more than $1 trillion, according to research and advisory company Forrester. And where that much money is flowing, cyber threat actors are always looking for their slice of the pie.Nearly 12,000 people reported cybersecurity scams to the FBIs Internet Crime Complaint Center (IC3) during last years holiday season. Those scams resulted in more than $73 million in losses, according to the Cybersecurity and infrastructure Security Agency (CISA). The average cost of a data breach in the retail space is $3.48 million, according to IBMs Cost of a Data Breach Report 2024.What are some of the top threats facing the retail industry? How can enterprise leaders in this sector protect their organizations and their consumers?Retail RisksThe retail industry is no stranger to large-scale data breaches and the need to respond fast is critical this time of year. You could imagine a bad actor coming in and trying to take over retailer systems with the expectation that the retailer may want to pay very quickly to handle the ransomware attack to get their systems back online so they don't lose out, says Sean McNee, vice president of research and data at DomainTools, an internet intelligence company.Related:Financially motivated threat actors can unearth and exfiltrate a trove of valuable personal information when they successfully breach a retailer or one of its vendors.The complex design of ecommerce platforms, featuring dynamic websites and applications, increases the risk of information leaks due to poorly secured APIs, mismanaged user input, and inadequate data management practices, Shobhit Gautam, staff solutions architect at security platform HackerOne, tells InformationWeek in an email interview.Data stolen from retailers is a valuable tool for fraudsters. Phishing and smishing are tried and true tactics that target consumers. Threat actors posing as legitimate retailers or delivery services, for example, will text consumers requesting personal information that enables theft.Brand impersonation campaigns can also lure victims with promises of earning cash. Threat actors will pose as a major retailer, like Amazon or Walmart, and offer people the possibility of remote work.Related:What they're doing is stringing you along, making you think you have a job so you can earn some extra cash for the holiday season. Instead, they're just taking your money and running, says McNee.Web skimming attacks are another common tactic. Magecart is an umbrella term for various cybercriminal groups specializing in web skimming attacks. These groups inject malicious JavaScript code into ecommerce websites to steal payment card information during checkout, Gautam explains.GenAI adds another dimension to the onslaught of attacks faced by retail and other industries. The technology can make phishing lures and sites much more convincing. Threat actors can also use AI in brute force attacks.AI can leverage botnets to carry out brute force attacks on gift card websites that can test thousands of card numbers and pin combinations per minute. This allows threat actors to exploit gift card balances and deplete account funds, says Gautam.Successful attacks in the retail space can result in consumer fraud, downtime for stores, lost revenue, and lasting brand damage.Threat ActorsWhile GenAI empowers more threat actors with low technical skills, there are a number of larger groups known for targeting retail. For example, LockBit and Play are two ransomware gangs known for attacking the retail sector, according to cybersecurity company Trustwave.Related:While law enforcement disrupted LockBit earlier this year, the group quickly reemerged. LockBit may be trying to target the retail sector this season try to make some quick cash, says McNee.Some threat groups out of China are angling for Black Friday shoppers, leveraging phishing to their advantage. Threat intelligence company EclecticIQ highlighted a campaign run by SilkSpecter, for example.While financial motivation is a major factor, other threat actors could target the retail space simply to gain attention. McNee points to current geopolitical tensions and the possibility of politically motivated cyber actors targeting retail to amplify their message. Given the geopolitical landscape that we live in now and have moved across for the last year or two, it would not surprise me to see some sort of attempt happen this holiday season, he says.Retail ResponseWith billions of dollars of revenue and consumer trust hanging in the balance, how can retail organizations navigate a season of busy shoppers and busy threat actors?While holiday shopping may mean cyber threats are ramped up, the foundation for defense is the same. I can't say there's some silver bullet this time of year to preventing things. Compliance and security are a 365 days a year thing, says Brent Johnson, CISO of Bluefin, a payment and data security solutions company.Johnson notes the shift some retailers are making to end-to-end encrypted and tokenized payments.Make sure merchants [are] aware these products exist, he urges. That way they're not really targets of fraud or targets of breaches because they just don't have the data anymore.Retailers have the responsibility to protect their consumers data and to keep them informed about the risks they face from threat actors.Retailers could spend some time reviewing social media platforms to see if people are complaining about fraudulent messaging or bad actors pretending to be related to [their] brand, says McNee. Retailers can work to educate their consumers on ways to recognize those impersonation and fraud attempts.Even retail organizations with strong cybersecurity defenses can still fall prey to persistent threat actors. When that does happen, it is essential that enterprises have thorough and tested incident response plans in place to mitigate the length and severity of an attack.These are all best practices but ones that can really make a difference during this holiday season, says McNee.

Security & Risk Summit 2024

Bird flu has been spreading in wild animals for years but it is now adapting to humansVuk Valcic//SOPA Images/LightRocket via Getty ImagesThe threat of the deadly H5N1 bird flu virus adapting to humans has been inching closer towards becoming a reality all year, and we may be nearing an inflection point. Three H5N1 cases in humans have happened in the very scenarios that public health officials are concerned could lead to a pandemic in people.There is no clear evidence yet of human-to-human transmission, but I

Deep-sea coral reefs are at risk from acidificationHoward Chew / Alamy Stock PhotoOcean acidification is sinking into marine regions as deep as 1500 metres, posing new threats to organisms like sea butterflies, sea snails and cold-water corals.The ocean is the largest natural sink of carbon dioxide, absorbing about a quarter of our annual emissions. That uptake of CO2 makes the oceans surface more acidic, with consequences for sensitive ecosystems like coral reefs. But until now, researchers did not know the extent to which acidification was reaching deeper waters. AdvertisementJens Daniel Mller at the Federal Institute of Technology Zurich in Switzerland and his colleagues developed a 3D reconstruction of how CO2 moves through the ocean, based on global measurements of currents and other circulation patterns. They used this model to estimate how the carbon dioxide the oceans have absorbed since 1800, around the start of the industrial revolution, has affected deep-water acidity.They found a clear acidification signal down to 1000 metres in most of the ocean. Some areas, such as the North Atlantic where the powerful Atlantic meridional overturning current (AMOC) carries carbon from the surface to deeper waters saw acidification down to 1500 metres. Some pockets of deeper water that are naturally more acidic saw even more acidification than the surface. Their higher original acidity reduces their capacity to absorb any added CO2, says Mller.This is more or less what researchers expected would happen as the ocean takes up more CO2, says Hongjie Wang at the University of Rhode Island. But its a different thing to really see the data coming in to affirm this. Receive a weekly dose of discovery in your inbox.Sign up to newsletterNotably, about half of all the acidification since 1800 occurred after 1994, as our emissions of CO2 have risen exponentially. We see this rather rapid progression, says Mller.The magnitude of the acidification is enough to threaten the survival of organisms in large areas of the ocean. Pteropods like sea snails and sea butterflies are at particular risk because they build their shells out of calcium, which dissolves if the water gets too acidic. The rise in acidification has also doubled the areas where cold-water corals will have trouble surviving.And ocean acidification is set to continue as the water absorbs more CO2. Even if we were able to stop CO2 emissions immediately, we would still for a couple of hundred of years or so see a process of ocean acidification in the interior, says Mller.Journal reference:Science Advances DOI: 10.1126/sciadv.ado3103Topics:

Nature, Published online: 27 November 2024; doi:10.1038/d41586-024-03826-zOpen-ended research is essential to building solid hypotheses in the social sciences without it, even the best-planned analyses can fail.

Nature, Published online: 27 November 2024; doi:10.1038/d41586-024-03649-yBy patterning an ultrathin layered structure with tiny wells, physicists have created and imaged peculiar states known as quantum scars revealing behaviour that could be used to boost the performance of electronic devices.

IP Address Test

This is today's edition ofThe Download,our weekday newsletter that provides a daily dose of what's going on in the world of technology. These AI Minecraft characters did weirdly human stuff all on their own Left to their own devices, an army of AI characters didnt just survive they thrived. They developed in-game jobs, shared memes, voted on tax reforms and even spread a religion. The experiment played out on the open-world gaming platform Minecraft, where up to 1000 software agents at a time used large language models to interact with one another. Given just a nudge through text prompting, they developed a remarkable range of personality traits, preferences and specialist roles, with no further inputs from their human creators. The work, from AI startup Altera, is part of a broader field that wants to use simulated agents to model how human groups would react to new economic policies or other interventions. And its creators see it as an early step towards large-scale AI civilizations that can coexist and work alongside us in digital spaces. Read the full story.Niall Firth To learn more about the intersection of AI and gaming, why not check out: + How generative AI could reinvent what it means to play. AI-powered NPCs that dont need a script could make gamesand other worldsdeeply immersive. Read the full story. + What impact will AI have on video game development? It could make working conditions more bearableor it could just put people out of work. Read the full story.+ What happened when MIT Technology Reviews staff turned our colleague Niall into an AI-powered nonplayer characterand why he hated his digital incarnation so much. MIT Technology Review Narrated: The great commercial takeover of low Earth orbit Did you know that NASA intends to destroy the International Space Station by around 2030? Once it's gone, private companies will likely swoop in with their own replacements. Get ready for the great commercial takeover of low Earth orbit. This is our latest story to be turned into a MIT Technology Review Narrated podcast, whichwere publishing each week on Spotify and Apple Podcasts. Just navigate to MIT Technology Review Narrated on either platform, and follow us to get all our new content as its released. The must-reads Ive combed the internet to find you todays most fun/important/scary/fascinating stories about technology. 1 OpenAI has suspended access to its Sora video tool After a group of artists leaked access to it in protest. (TechCrunch)+ OpenAI responded to say they were under no obligation to use its tool. (WP $)+ Four ways to protect your art from AI. (MIT Technology Review)2 A researcher created a database of one million public Bluesky posts Even though Bluesky itself doesnt use AI trained on its user content. (404 Media)+ A new public database lists all the ways AI could go wrong. (MIT Technology Review)3 China is on a Silicon Valley hiring offensive Chinese firms are prepared to triple engineers salaries to lure them in. (WSJ $) 4 What happens when autonomous weapons make life-or-death decisionsThe notion of algorithms making decisions over who lives or dies is chilling. (Undark Magazine) + Inside the messy ethics of making war with machines. (MIT Technology Review)5 How Elon Musk is trying to make xAI a bona fide OpenAI competitor It's up against some pretty stiff competition. (WSJ $)+ The firm is likely to double its current valuation to the tune of $50 billion. (FT $)+ How OpenAI stress-tests its large language models. (MIT Technology Review)6 These treatments can bring patients back from the brink of deathSo when should they be deployedand who should get them? (New Scientist $) + Inside the billion-dollar meeting for the mega-rich who want to live forever. (MIT Technology Review)7 How this gigantic laser achieved a nuclear fusion milestoneThe team behind it already has a new goal in its sights, too. (Nature) + When the race for fusion ground to a halt. (MIT Technology Review)8 These two influencers are locked in a legal battleBut can you really legally protect an aesthetic thats everywhere? (The Verge) 9 LinkedIns viral posts are mostly written by AI That explains a lot. (Wired $)10 This lollipop device allows you to taste nine virtual flavors Willy Wonka eat your heart out. (Ars Technica) Quote of the day We are not your free bug testers, PR puppets, training data, validation tokens. A group of artists decry OpenAIs treatment of creators in an open letter accompanying a leaked version of the company Sora generative AI video tool, Variety reports. The big story Why we can no longer afford to ignore the case for climate adaptation August 2022 Back in the 1990s, anyone suggesting that wed need to adapt to climate change while also cutting emissions was met with suspicion. Most climate change researchers felt adaptation studies would distract from the vital work of keeping pollution out of the atmosphere to begin with. Despite this hostile environment, a handful of experts were already sowing the seeds for a new field of research called climate change adaptation: study and policy on how the world could prepare for and adapt to the new disasters and dangers brought forth on a warming planet. Today, their research is more important than ever. Read the full story. Madeline Ostrander We can still have nice things A place for comfort, fun and distraction to brighten up your day. (Got any ideas? Drop me a line or tweet 'em at me.) + Japanese leaf art is truly an impressive feat (thanks Stephen!)+ Can our Los Angeles readers let me know if this Cyberpunk exhibition at the Academy Museum is as amazing as it looks?+ The years best music books serve as great Christmas present inspiration.+ If you hate how Sam Altman takes notes, heres how to do it the right way.

Mark Zuckerberg met with President-elect Donald Trump at Mar-a-Lago in Florida, the NYT reported.Trump and Zuckerberg, who did not endorse a candidate for president, have had a rocky relationship.Trump previously threatened to jail Zuckerberg if he was elected.Mark Zuckerberg became the latest tech CEO to meet with President-elect Donald Trump.The New York Times reported the Meta CEO met with Trump at the latter's Mar-a-Lago resort in Florida on Wednesday, citing two sources briefed on the meeting.Details about the meeting were not immediately clear. Meta and representatives for Trump did not respond to requests for comment from Business Insider.Zuckerberg did not endorse a candidate for president in the 2024 election.He has had a contentious relationship with Trump, who earlier this year threatened to jail the billionaire if he were elected.Zuckerberg praised how Trump responded to the assassination attempt in July."On a personal note, seeing Donald Trump get up after getting shot in the face and pump his fist in the air with the American flag is one of the most badass things I've ever seen in my life," Zuckerberg said.After Trump won the election, Zuckerberg was among the many tech and business leaders who congratulated him."Congratulations to President Trump on a decisive victory. We have great opportunities ahead of us as a country," he wrote in a Threads post the day after the election. "Looking forward to working with you and your administration."Trump and Zuckerberg met at least twice during the president-elect's first term, including in an unannounced White House meeting and at a secret dinner with billionaire Peter Thiel in October 2019, according to several reports.In 2021, Trump suggested he should have banned Facebook while he was in office, but said, "Zuckerberg kept calling me and coming to the White House for dinner telling me how great I was."Facebook suspended the former president's account on the platform after the January 6, 2021, Capitol insurrection. Meta reinstated Trump's accounts in 2023.Zuckerberg isn't the only tech CEO to visit Mar-a-Lago in the wake of Trump's win.Billionaire Elon Musk, who played a major role in Trump's campaign, spent election night with Trump at the Florida resort and has spent time there since.

In September, Katka Lapelosova took a solo trip to Greece.While she enjoyed the six days in Zakynthos, it wasn't the stress-free vacation she'd hoped for.If she could do it over, she'd travel there with friends and rent a car.Now that I live in Europe, I love how easy it is to visit different countries. Since leaving New York City in 2020, I aim to travel at least once a month.In September, I decided it was time for a solo trip to a Greek island to live out my "Mamma Mia" dreams. My friends recommended Santorini and Mykonos, but those islands were expensive, and I was nervous about them being overcrowded.I researched a few alternatives, like Corfu, Zakynthos, and Rhodes, and settled on Zakynthos, partly due to photos of a shipwreck I'd seen on Instagram.I wanted to see if the water was really the color of Colgate toothpaste, but more than that, I just needed a seaside break to relax and help me reset. My beach vacation in Greece was very much what I needed, but there are some things I would change if I had the chance for a vacation redo. The author came across a lot of gap year travelers during her trip to Zakynthos. Katka Lapelosova 1. Spend time in AthensI had an overnight layover in Athens, so I spent one night in the city center before heading to Zakynthos. Friends had told me I only needed a day in the city, saying that there wasn't much to see or do. The city took me by surprise, though, and I wish I'd had more time there.Outside the incredible historic Greek archaeology, I didn't have enough time for the art museums or festivals. While the residential architecture wasn't as charming as what I saw on the island, the mix of classical designs, modern restaurants, and cocktail bars all looked worthy of a visit.2. Avoid the party zonesOnce I got to Zakynthos, the energy level changed. I was greeted by the chaos of gap year travelers living out the last days of summer. I had read that the island was a hot spot for college-aged travelers, but I figured it was big enough that we could keep our distance. But despite my accommodation being just outside the main party zone of Laganas, I shared a floor with a group of eight rowdy college kids. I was thankful that I'd packed earplugs.In hindsight, I should have done more research on other parts of the island. While some locals told me Zakynthos has parties wherever you go, others said that renting a villa can be a good alternative for finding a bit of peace and quiet. They said that visitors who stay more inland can rent a car and drive to the beach, as most coastlines can be reached in a few minutes.3. Rent a car to explore more of the islandRenting a car would have been a great idea overall, but my plan had been to take buses. In true island fashion, these ran on their own scheduleOne day in Zakynthos, I waited over an hour for a bus that never came. Taxis proved to be just as unreliable, with many canceling or not showing up when I tried to book them by phone.While I was able to make the most of Laganas, the island's village and beach resort, I feel like there was more I could have explored. I was limited to the nearby beaches, which were not super crowded but not very serene or peaceful either.I also didn't realize that it was much easier to get to the shipwreck by car. Only one tour company offered to drive people there, so I had to work around their schedule to see it. Friends partying together on a boat in Zakynthos. Katka Lapelosova 4. Travel with friends instead of going soloNormally, I opt for solo travel. I find it to be the least stressful. But I often felt lonely on Zakynthos because I saw big groups of people everywhere I went not just college kids either, but multi-generational families and honeymooning couples, all having fun in the sun around me.I watched a lot of them enjoying the outdoor and water activities that Greece has to offer. Small boats can be rented to sail around the island, take tours of water caves and go diving or snorkeling, grab a few mopeds or four-wheelers and drive around, party on a booze cruise, or enjoy inflatable water playgrounds along the beach.While I could have done some of those things on my own, I knew they'd be more fun with a big group of friends to share the excitement. Hotels and restaurants in Zakynthos range between "beachfront," "beach access," or "private beach." Katka Lapelosova 5. Understand the difference between beachfront and beach accessOne of the biggest things I'd change about my Greek island trip is booking a hotel that had beach access. "Beachfront" doesn't necessarily mean you can just walk right out to the beach from your hotel, or at least not on Zakynthos.While my accommodation was next to the beach, if I wanted to spend time lounging in the sun, I had to pay for a crummy cappuccino or an overpriced bottle of water for the privilege.I didn't realize this before I booked my trip, but locals told me it's common. Many cafs, restaurants, and bars own beach access, and while most just ask that you purchase some food or drinks, some require you to rent a beach chair and umbrella or even buy a day pass.Next time, I'll read more reviews or even contact the property and ask if they have a beach for their guests. I only saw "beachfront" on my booking website and realized after spending a few days there that what I needed was "beach access" or "private beach."