Daily Tech Digest - December 15, 2016

Malvertising campaign targets routers and every device connected to router

If the attackers already know that IP, or if it is not one in the targeted ranges, then the victim is served a legitimate ad while the attackers go after the next victim. Otherwise, an infected fake ad is displayed which contains code that redirects the victim to the DNSChanger EK. After the IP address is again checked, then the researchers said the exploit kit “loads multiple functions and an AES key concealed with steganography in a small image.” Those functions include fingerprinting so that the victim’s browser reports back on what router is being used and pushing out instructions to attack the router. Currently, this malvertising campaign is using 166 router fingerprints. If an exploit is not known, the attack tries default credentials; otherwise, known exploits are used to change DNS entries and make administration ports remotely accessible. 


Cyber Market Hampered by Insurability Challenges

Extreme scenarios – also known as “Cybergeddon” – cannot be covered well by existing insurance policies, the report emphasized. “Additionally, there might be indirect effects of cyber losses that cannot be measured and thus are not covered (e.g. reputational losses and their impact on stock prices).” Policy complexity is another problematic aspect of coverage limits, GA continued. “Given the large number of exclusions and the dynamic nature of cyber risk, there is uncertainty about what the cyber policy actually covers. Worse yet, the policies in the market have no agreed-upon terminology, which makes the offerings very difficult to compare,” the report explained. “While the cyber insurance market is currently in its early stages, as market development continues, the risk pools will become larger and more data will be available,” it said,


91% Of Cyberattacks Start With A Phishing Email

Higbee adds that Locky's phishing campaign has been effective for the following reasons: It is presented in a business context; it’s personalized to the recipient; there are no noticeable errors in grammar or spelling; and finally, it mimics many organizations’ existing invoice processes. When PhishMe analyzed the Locky data in vertical industries it found that the response rates in the insurance industry were more than one in three (34.7%), while other high response rates occurred in the retail industry at 31.7%; energy, 27.8%; and healthcare at 24.9%. "We don’t really know why insurance was the leading vertical," Higbee says. "It could be that there’s not enough training or insurance workers tend to interact with many external people so the chance for them to receive a phishing email increases."


Where Video Analytics Falls Into Your Big Data Strategy: 5 Use Cases

One area that is receiving a great deal of attention is video analytics. As the name suggests, this field involves analyzing the data taken from recorded videos, usually from specially made cameras with that ability. Vendors specializing in intelligent video analytics have quickly popped up, offering their services as a way to capture this valuable data. But you may be wondering how video analytics actually fits into the big data picture for your organization. As with many new technologies, sometimes it can be difficult to grasp where it would work best. Luckily, major strides have been made in video analytics in the past few years, giving organizations good examples of how best to use it. Consider the following use cases when planning out your big data strategy.


How AI-powered cyberattacks will make fighting hackers even harder

The machine learning algorithms don't even need to be very advanced; relatively simple sequence-to-sequence machine learning could be installed on an infected device in order to monitor emails and conversations of a compromised victim. After a period of monitoring, the AI could tailor phishing messages to mimic the message style of the victim to particular contacts in their address book, in order to convince them to click on a malicious link. "If I were emailing someone outside the company, I'd probably be polite and formal, but if I was emailing a close colleague, I'd be more jokey as I email them all the time. Maybe I'd sign off my emails to them in a certain way. That would all be easily replicated by machine learning and it's not hard to envision an email mimicking my style with a malicious attachment," Palmer explains.


Are 4K optical discs really better than 4K streaming video?

On optical, it’s no contest. The HDR on the Philips player creates a color quality that makes you feel like you are in the scene. The blacks look distinctly black (not washed out or slightly gray), the tiny white flecks of the plant noticeably more pronounced. On streaming, even after making sure my movie from Vudu was playing in 4K (using the Epson, you can see the on-screen resolution), the clarity was not quite the same, and I started really missing the flat, glorious color of HDR. Vudu should support HDR, but it played in normal 4Kon my Roku 4. Similarly, on the NVIDIA Shield TV, 4K support is hit or miss. You can't play 4K movies from Google Play yet, even though they are available. But here’s where things get a little interesting. Watching The Amazing Spider-Man 2 in 4K on every player imaginable, you can still see the web during those CGI-rendered scenes flying around tall buildings.


Psychology explains why so many leaders pass the buck—and who is really to blame

While passing the buck can be an effective means of self-protection, it can be bad news for the people who will be affected by the decision. Our findings suggest that there is no guarantee that these decisions will end up in the hands of a more capable decision maker. In one experiment, we presented participants with a choice that they could either make themselves or delegate to a coworker who did or did not have expertise into the decision. Although people were more likely to delegate to an expert than non-expert overall, when stuck with a choice between unappealing options, people delegated to anyone else who could assume responsibility and blame for the outcome—even if that person did not have any relevant expertise into the decision. What people do seem to care about when considering potential surrogates is whether they have the authority to assume responsibility for the consequences of the decision.


9 Places to Learn How to Code in 15 Minutes or Less a Day

Coding has so many incredibly useful, important applications in many facets of business and marketing. Take, for example, the entrepreneur who has funding to hire just two programmers for her startup. How is she to evaluate the expertise and experience of those programmers without some basic understanding of what it is they do? Or consider the small local business owner who's finally hired his first marketing firm. They've set him up with a great content management system (CMS), but it would be so much more cost and time efficient for him to make some of the smaller website changes he finds himself needing from time to time if he could just do it himself. Heck, my entire pay-per-click (PPC) software company sprung from a piece of software I built for myself to automate some of the repetitive tasks I had to do in PPC advertising consulting.


IoT Botnets the Fault of Manufacturers, 69 Percent of Consumers Report

Manufacturers’ software development lifecycles should take the security of the devices more seriously, and a number of simple steps could prevent future attacks, including requiring a change to default passwords and enabling Over The Air (OTA) software updates to patch vulnerabilities. Without manufacturer action to secure these devices, IoT botnet attacks will only continue to grow, as we saw recently when hackers attempted to infect 900,000 internet routers in Germany with malware. Had they successfully harnessed a botnet that large, the DDoS attack they would be capable of generating an unprecedentedly massive DDoS attack. But manufacturers aren’t the only ones consumers feel should be responsible for preventing misuse of their devices by hackers.


Consider these Linux I/O scheduler options for storage performance

Many IT pros believe the noop scheduler offers the best possible performance when you use a smart underlying storage channel. With this scheduler, the Linux kernel directly transfers write and read requests to the storage channel, which reorders them. In most cases where a hypervisor, SSDs or SAN filer is used, noop offers the best possible performance. However, this might not always be the case -- particularly with heavily write-oriented loads -- and it may help the underlying storage channel to use the deadline scheduler. The deadline I/O scheduler optimizes write requests by reordering them in the most efficient way, which eases the performance load on the underlying hypervisor layer. If your server is writing a lot, the deadline scheduler is worth a try.



Quote for the day:


"Fear and urgency are a normal part of every day work for many users." -- Aaron Higbee