How is March Madness like cybersecurity?

Plus, a massive crypto heist and a sneaky text message scam.

Cyber strategist Pete Lindstrom maintained in an article on CSO that cybersecurity risk is constantly changing in a way analogous to the probability odds in a March Madness tournament. Observing the constant data-analysis on the 538 March Madness prediction website throughout the games, seeing each team’s chance of success swing wildly back and forth game by game, Lindstrom likened it to the way “cybersecurity risk is changing in real-time as we identify new vulnerabilities and attacks, but also when we add or remove users, implement or retire systems, or simply use existing systems more.” He goes on to defend cyber risk quantification, suggesting that “with data-oriented analyses, not only can we provide predictions, but we can evaluate those predictions over time using well-established methods.” 

Some researchers, however, are skeptical about cyber risk quantification, arguing that knowing the amount of risk is not as important as simply having strong cybersecurity. “The number of variables involved,” commented Avast Security Evangelist Luis Corrons, “is so immense that I fail to see how [cyber risk quantification] could be a benefit versus investing in real cyber defense.”

$600M in crypto stolen from Ronin blockchain

Hackers exploited a backdoor in a blockchain’s network to approve their own fraudulent withdrawals of $591 million in Ethereum cryptocurrency and $25.5 million in stablecoin USDC. Sky Mavis is the parent company to Axie Infinity, the play-to-earn blockchain game that relies on the Ronin network. The large payload makes this one of the largest crypto scams in history. “We are working with law enforcement officials, forensic cryptographers, and our investors to make sure there is no loss of user funds,” Ronin reported in their blog. For more on this story, see Motherboard.  

“Free Msg” scam targets Verizon customers

A phishing scam aimed at Verizon customers sends texts that seem to come from users’ own numbers and which promise a free gift if the users click a link. One Verizon customer posted about it on the Verizon Community blog, to which a Verizon support representative replied, “We cannot confirm it is a valid link.” In an email to CNET, a Verizon rep wrote, “Verizon is aware that bad actors are sending spam text messages to some customers which appear to come from the customers’ own numbers. Our team is actively working to block these messages, and we have engaged with U.S. law enforcement to identify and stop the source of this fraudulent activity.”

E.U. and U.S. agree on data transfer deal 

Almost two years after Europe’s top court struck down Privacy Shield, a data transfer accord between the E.U. and U.S., the European Union this week announced that it had reached an agreement in principle with the United States on a revived trans-Atlantic data flows deal. “This will enable predictable, trustworthy data flows between the E.U. and the U.S., safeguarding privacy and civil liberties,” said European Commission President Ursula von der Leyen at a joint press conference with Joe Biden. The details of the agreement have not yet been announced. Learn more at TechCrunch

Study links social media use to bad mental health in teens 

In a new study led by psychologist Amy Orben at the University of Cambridge, social media use was linked to gloomy outlooks among teens, particularly around the time of puberty and when they are about to leave home. Orben and her team surveyed over 72,000 people between 10 and 80 years old in the U.K. They were surveyed up to seven times each between 2011 and 2018 and asked a series of questions about life satisfaction and their social media use. Teens who used social media more frequently during puberty or when they were leaving home scored lower on measures of life satisfaction. For more survey results, see The Verge

This week’s “must-read” on the Avast Blog

Before you download another application from the more than three million that are in the Google Play Store, read up on a few simple things you can do to protect yourself from malicious apps.

--> -->