With more employees working from home, and possibly using their personal devices to complete tasks and collaborate with colleagues more often, it’s important to be wary of scams that are afoot within text messages. “With malicious actors recently diversifying their attack vectors, using Covid-19 as bait in SMS phishing scams, organisations are under a lot of pressure to bolster their defences,” said Brian Foster, senior vice-president of product management at MobileIron. “To protect devices and data from these advanced attacks, the use of machine learning in mobile threat defence (MTD) and other forms of managed threat detection continues to evolve as a highly effective security approach. “Machine learning models can be trained to instantly identify and protect against potentially harmful activity, including unknown and zero-day threats that other solutions can’t detect in time. Just as important, when machine learning-based MTD is deployed through a unified endpoint management (UEM) platform, it can augment the foundational security provided by UEM to support a layered enterprise mobile security strategy. “Machine learning is a powerful, yet unobtrusive, technology that continually monitors application and user behaviour over time so it can identify the difference between normal and abnormal behaviour. ...”
The infection chain also adds a rogue scheduled task called “Adobe Update Task", which executes yet another malicious downloader that poses as Adobe's Flash Player and is called Fplayer.exe. This file is a maliciously modified version of Nvidia's Stereoscopic 3D driver Installer. It seems that the Evilnum attackers have gone to great lengths to maintain persistence and stealth by impersonating a variety of legitimate programs that administrators might not find suspicious on a Windows system. The PyVil RAT talks to the command-and-control (C&C) server using HTTP but the data inside is encrypted with a hard-coded key to hide it from network-level Web traffic inspection products. In the past, Evilnum configured its malware to only talk to command-and-control servers using IP addresses, not domain names. However, Cybereason has detected a growing number of domains being associated with the IP addresses used by the Evilnum C&C infrastructure during the past weeks, signaling a change in tactics as well as a growing infrastructure. The researchers also observed PyVil RAT downloading a custom version of an open-source password dumping tool called LaZagne, a post-exploitation tool that's written in Python and is popular with penetration testers.
RBAC is based on the concepts of users, roles, groups, and privileges in an organization. Administrators grant privileges or permissions to pre-defined organizational roles—roles that are assigned to subjects or users based on their responsibility or area of expertise. For example, a user who is assigned the role of a manager might have access to a different set of objects and/or is given permission to perform a broader set of actions on them as compared to a user with the assigned role of an analyst. When the user generates a request to access a data object, the access control mechanism evaluates the role assigned to the user and the set of operations this role is authorized to perform on the object before deciding whether to grant or deny the request. RBAC simplifies the administration of data access controls because concepts such as users and roles are well-understood constructs in a majority of organizations. In addition to being based on familiar database concepts, RBAC also offers administrators the flexibility to assign users to various roles, reassign users from one role to another, and grant or revoke permissions as required. Once an RBAC framework is established, the administrator's role is primarily to assign or revoke users to specific roles.
Citrix’s Remote Works Podcast recently interviewed Laura Giurge, a post-doctoral researcher at London Business School and Oxford University’s Wellbeing Research Centre. Giurge explained that the pandemic has created a "big experiment of working from home." She explained that its findings were challenging the traditional assumption that productivity is measured in hours worked, rather than the impact of an employee’s output. Giurge explained that this required a change in mindset and was particularly challenging for traditional managers: It is really hard for managers, if you are really used to seeing your employees in the office and all of a sudden you’re not. It’s very difficult. But if you start from a mindset of experimentation and understanding there are better ways for experimenting with new ways of working and seeing what works, then you are likely to get your employees to work better and also be happier. Longman wrote that he "calculated the average number of stories" completed "during 2019 and used this as a comparison with 2020 data." By examining trends by month and by quarter he wrote that "both views suggested that the work completed during lockdown was within ... expected levels of volatility."
Once you have identified your training data, the next big decision is in determining how you’d like to label that data. The labels to be applied can lead to completely different algorithms. One team browsing a dataset of receipts may want to focus on the prices of individual items over time and use this to predict future prices. Another may be focused on identifying the store, date and timestamp and understanding purchase patterns. Practitioners will refer to the taxonomy of a label set. What level of granularity is required for this task? Is it enough to understand that a customer is sending in a customer complaint and route the email to the customer support team? Or would you like to specifically understand which product the customer is complaining about? Or even more specifically, whether they are asking for an exchange/refund, complaining of a defect, an issue in shipping, etc.? Note that the more granular the taxonomy you choose, the more training data will be required for the algorithm to adequately train on each individual label; phrased differently, each label requires a sufficient number of examples, so more labels means more labeled data overall.
The incident is currently being investigated as having originated from a malicious Office document received and opened by an employee. The malicious Office file is believed to have installed a backdoor on the bank's network. Investigators believe that on the night between Friday and Saturday, hackers used this backdoor to access the bank's network and install ransomware. Bank employees working weekend shifts discovered the attack when they couldn't access their work files on Saturday. BancoEstado reported the incident to Chilean police, and on the same day, the Chilean government sent out a nationwide cyber-security alert warning about a ransomware campaign targeting the private sector. While initially, the bank hoped to recover from the attack unnoticed, the damage was extensive, according to sources, with the ransomware encrypting the vast majority of internal servers and employee workstations. The bank initially disclosed the attack on Sunday, but as time went by, bank officials realized employees wouldn't be able to work on Monday, and decided to keep branches closed, while they recover. Luckily, it appears the bank had done its job and properly segmented its internal network, which limited what the hackers could encrypt.
Ideally, according to industry good practice, a disruptive incident should trigger an IR plan that assesses the damage and initiates steps to respond quickly to the cyber incident. Results of the IR plan can trigger a BC or a DR plan, or both, based on the nature of the event. BC/DR plans recover and restore critical assets -- people, processes, technology and facilities -- the business needs to function. Cybersecurity plans respond to specific disruptive events and may include an IR plan component to determine the nature of the event before launching response activities. The key is to determine at what point the cybersecurity attack threatens the organization and its ability to conduct business. This suggests that descriptive language should be added to cybersecurity plans to trigger IR, as well as BC/DR plans. Let's assume there's a full complement of plans in place that deal with business- and technology-focused incidents. In some cases, only a specific security strategy or plan -- e.g., information security -- will be needed. In other situations, one or more plans may need to be launched. The figure below depicts a simple decision flow diagram showing how such plan linkages may be arranged and launched in response to a cybersecurity attack.
“Since lockdown, companies have come to realise that they need industrial-grade technology to run their businesses and tech companies are hiring people to service these new customers, expand and build new products,” said Haakon Overli, co-founder of enterprise software-focused venture fund Dawn Capital. “We’re seeing it right across our portfolio.” The Tech Nation research also suggests that recovery from the pandemic is set to be uneven, with industries such as travel and retail predicted to drastically cut their workforces, while others are able to prosper from changes in customer behaviour. Additionally, the report said the trend of remote working will continue to open up “high-paid, quality” opportunities to residents outside larger cities. Recent research from Culture Shift found that culture has improved for tech sector employees while remote working. However, 50% said they feel isolated while working from home. Despite employment in the UK tech sector looking promising due to the surge in vacancies, the skills gap remains an issue, with two thirds of businesses already have unfilled digital skills vacancies, while 58% say they’ll need significantly more digital skills in the next five years, according to the CBI.
In what may be one of the hardest truths of this extraordinary time -- apart from the human suffering -- is that the need for dynamic surge capacity will not disappear when a vaccine is available. As the World Economic Forum has said, we have entered a new era where the risk of future pandemics is high. This forever alters the infrastructure needed to support shifting demands on technology. The public cloud offers the systems resilience that healthcare providers need in order to sustain operations under severe disruption, flexing to address highly volatile customer demand and managing vastly increased needs for remote network access. Providers long viewed investing in the public cloud as a risky business because of security concerns. But over the past two years, many have begun their cloud journey buoyed by other industries’ and research institutions’ embrace of its “deny by default” security posture and, most importantly, limitless opportunities for innovation. There could not be a better time for this. An investment in systems resilience via cloud is an investment in business enablement. A resilient technology infrastructure scales up or down on demand based on real-time changes in usage to support care volume variability. It identifies traffic spikes and automatically adjusts capacity to drive responsiveness with new cost efficiencies.
The fundamental causes for the skill gap are myriad, starting with a lack of training and career-development opportunities. About 68 percent of the cybersecurity professionals surveyed by ESG/ISSA said they don’t have a well-defined career path, and basic growth activities, such as finding mentor, getting basic cybersecurity certifications, taking on cybersecurity internships and joining a professional organization, are missing steps in their endeavors. The survey also found that many professionals start out in IT, and find themselves working in cybersecurity without a complete skill set. A full 63 percent of respondents in the survey said they’ve worked in cybersecurity for less than three years, with 76 percent starting as IT professionals before switching their career to cybersecurity. “Cybersecurity professionals often muddle through their careers with little direction, jumping from job to job and enhancing their skill sets on the fly rather than in any systematic way,” according to the report. To go along with this, the survey asked respondents to speculate on how long it takes a cybersecurity professional to become proficient at the job. The highest percentage of respondents (39 percent) believe it takes anywhere from three to five years to develop real cybersecurity proficiency, while 22 percent say two to three years, and 18 percent claim it takes more than five years.
Quote for the day:
"It's fine to celebrate success but it is more important to heed the lessons of failure." -- Bill Gates