Daily Tech Digest - January 16, 2021

How next-gen cloud SIEM tools can offer critical visibility for effective threat hunting

Organizations must adopt a new cloud-centric mentality, supported by a combination of new security solutions ready to handle the high volume and velocity of data flowing across cloud environments. Organizations must focus on tools such as Next-Gen SIEM, cloud-focused tools such as cloud access security broker (CASB) and cloud security posture management (CSPM), and modern consolidated network and security services such as secure access service edge (SASE), which all enable modern security architecture approaches. These scalable tools include license models not based on the volume of data ingested but other variables, such as number of users monitored. CSPM and CASB can help users adopt new policy enforcement practices, helping organizations to navigate complex security settings and services from public cloud providers and cover any gaps in visibility from the multiple IaaS, PaaS and SaaS services adopted. Additionally, where users are operating off of personal devices and accessing cooperate resources, SASE offerings help transition controls such as secure web gateways to a cloud-based model from anywhere in the world. Companies no longer need to debate losing visibility for a better price or improved network resiliency.


Five emerging fraud threats facing businesses in 2021

Synthetic identity fraud – when a fraudster uses a combination of real and fake information to create an entirely new identity – is currently the fastest growing type of financial crime. The progressive uptick in synthetic identity fraud is likely due to multiple factors, including data breaches, dark web data access and the competitive lending landscape. As methods for fraud detection continue to mature, fraudsters are expected to use fake faces for biometric verification. These “Frankenstein faces” will use AI to combine facial characteristics from different people to form a new identity, creating a challenge for businesses relying on facial recognition technology as a significant part of their fraud prevention strategy. ... Once the stimulus fraud attacks run their course, it is predicted that hackers will increasingly turn to automated methods, including script creation (using fraudulent information to automate account creation) and credential stuffing (using stolen data from a breach to take over a user’s other accounts) to make cyberattacks and account takeovers easier and more scalable than ever before.


A guide to being an ethical online investigator

It’s not just legal issues that would-be amateur online investigators need to be aware of. Much of the online activity carried out in the wake of the Capitol riots raises ethical questions, too. Should a person who didn’t storm the Capitol but attended the rallies leading up to the riots be identified and risk punishment at work? Do those who were in and around the Capitol on January 6 automatically lose the right to privacy even if they weren’t involved in riots? It’s worth thinking through how you feel about some of these questions before you continue. Few are clear cut. So, where does the information come from? “Our bread and butter is open source,” Fiorella says. “Open-source media” refers to information that is publicly available for use. Data archivists, or those who collect and preserve information online for historical purposes, accessed such open-source data to save posts before they disappeared as social media companies pushed President Donald Trump and many of his supporters off their platforms. “If you were at the Capitol storming and recorded video and took selfies that anyone can access, and it’s openly available on the internet, it’s fair game,” says Fiorella.


Top Five Artificial Intelligence Predictions For 2021

Though regulation hasn’t reached a boiling point yet, AI governance will continue to be a hot topic in 2021. As AI becomes more pervasive, more and more stakeholders are waking up to the potential problems it introduces to the public. In response, organizations everywhere — from the most cutting-edge to the laggards — will be expected to deliver AI systems that are responsible, transparent, and unbiased. But whose responsibility is it to make sure this happens and regulates AI – the government, businesses, industry groups, or some combination? If businesses want to regulate themselves before the government does, they will have to take steps to ensure the data that feeds their AI is fair and unbiased, and that their models are empathetic, transparent, and robust. ... With several big consumer brands in the hot seat around questionable AI ethics, most people still don’t trust AI. For many, it’s because they don’t understand it or even realize they’re using it daily. Consumers are getting so many AI-powered services for free — Facebook, Google, TikTok, etc. — that they don’t understand what they’re personally giving up in return — namely their personal data. As long as the general public continues to be na├»ve, they won’t be able to anticipate the dangers AI can introduce or how to protect themselves — unless the market better educates customers or implements regulations to protect them.


Amid WhatsApp privacy concerns, the draft Data Protection Bill comes to mind

Is data property? No, because then it would fall under The Sale of Goods Act. Only if something can be physically sold, rented out or gifted, then it becomes a property. Data is an intimate connection bet­ween the human being and the thing in question. It has tremendous value, hence, there are always people waiting to take it. This was a concern in Puttaswamy vs Union of India where the Supreme Court said: “Aadhaar is a serious invasion into the right to privacy of persons and it has the tendency to lead to a surveillance state where each individual can be kept under surveillance by creating his/her life profile and movement as well on his/her use of Aadhaar.” ... Not everything is clear yet. The consent conundrum remains. With the age of majority being 18, all contracts under this age are said to have no value. Yet, when a child clicks “I agree”, it technically becomes a contract. Children often lie and say they are 18 and/or claim to have parental consent. Of course, it can have positive outcomes too. The Justice gave an anecdote of his grandson being aware of advanced mathematical concepts thanks to one Khan Academy. Consent should be given in a manner which is understood.


Can Cloud Revolutionize Business and Software Architecture?

The physics behind software development changed completely in the past two to five years, Ahlawat said, with the growth of hybrid, multicloud, and edge. “Eighty percent of enterprises today have workloads that span multiple clouds and two out of three of them are using multiple clouds for many strategic reasons,” he said. That means applications in today’s environment can span data centers and clouds as well as go to the edge. Tied to this trend is the evolution of connected devices and the Internet of Things, Ahlawat said. “Up until a few years ago, there was still a question whether IoT was hype,” he said. “Today we have 20 billion connected devices generating about 50 zettabytes of data a year.” Use cases on this front, Ahlawat said, include connected homes and smart cities, which still have room to grow to become mainstream. The further development of data and AI also affects software development, he said. “Of all the data generated ever, 90% of that was generated in the last two years,” Ahlawat said. “When we talk with large software companies and enterprises, data and AI are central to their strategies.” This is unlocking transformative use cases such as autonomous cars and medical imaging, he said.


'Scam-as-a-Service' Scheme Spreads

The fraudsters are posting fake online classified advertisements for products to dupe interested buyers into visiting phishing pages, where their personal and payment data is harvested, according to Group-IB. Although the operation started in Russia two years ago, by early 2020, it had expanded to include 40 subgroups that have focused on targets in the U.S. and Europe, the new research report says. Brands spoofed by the cybercriminal gang include French marketplace Leboncoin, the Polish online brand Allegro, the Czech website Sbazar and Romania's FAN Courier site. The report also notes the group has expanded its operations in the U.S. and Bulgaria by mimicking FedEx and DHL Express. ... The hackers have set up several Telegram chatbots for automated management and expansion of the scheme, the report notes. These bots are designed to provide scammers with ready-to-use pages mimicking popular classified advertising, marketplace and phishing URLs. "Classiscam chatbots, where fake pages are generated and profits are reported, are not completely autonomous. They require ongoing technical support and moderation," says Dmitriy Tiunkin, head of the digital risk protection department at Group-IB Europe.  


Successful Malware Incidents Rise as Attackers Shift Tactics

"That shift is really interesting because it starts to show the new reality of the work device truly morphing into a work-and-personal device," Covington says. "When you don't leave the house anymore, the phishing events and social engineering events — the ways that attackers get into organizations — are not just happening in the context of business email anymore." Others have noted the impact of the move to remote work on security. In September, a survey of CIOs found that 76% of the executives were worried that content sprawl put company data at risk. An earlier survey found that about six in 10 workers were using personal devices to work from home, and most of them considered the devices to be secure. Wandera found a similar set of impacts from the move to remote work, with many employees behaving differently. Because workers traveled less, they were about half as likely to use a risky Wi-Fi connection for work. And because personal time and work time blended together, a single device had a greater blend of business and personal applications, says Covington. "Honestly, they were looking to kill time," he says. "The types of apps that we installed on work devices this year, we would not have typically seen installed. A lot of games and a lot of productivity tools."


Drone Technology Extends Reach of Mobile IoT

Drones are typically equipped with two types of software. The software that’s closely coupled with the drone hardware manipulates the drone and the gear to keep it aloft while connecting it back to an operator who controls the drone’s flight path. The second type of software is the application—the programs that enables the drone to complete its specific task and to gather relevant information. Currently, there are no standards for the control or the application software, so a potential purchaser must be aware that the application software usually has to be customized to work with a specific manufacturer’s drone and its basic operating system. As a result, you have to ensure that the software you need can actually run on the drone hardware you intended to acquire. Skydio, for example, markets some applications software, such as Skydio 3D Scan and Skydio House Scan, with its drones, and also partners with third-party drone software makers for other applications. And, of course, a potential user has to confirm that the format of the data that the drone collects and disseminates is consistent with other formats currently used by the data analysis programs already in place. Some integration work may be required.


What analytics can unveil about bot mitigation tactics

Shortcomings have recently come to light about even the most common and accepted bot mitigation technologies. For example, solutions offering CAPTCHA challenges are not only ineffective at detecting and stopping automated attacks, but they often lead to a friction-filled experience, frustrating customers and leading to lower conversion rates. Many online retailers and e-commerce providers will actually forgo implementing security due to fear that this friction will have a negative impact on sales. Bot mitigation approaches that are based on observations from historical and contextual data (e.g., IP addresses and analysis of known behaviors) and then rely on taking steps to block similar behavior can often block IP addresses or stop specific user behavior that might not actually indicate an attack (e.g., late night banking or shopping). These methods trigger poor experiences and have been shown through analysis to not produce the desired mitigation or prevention results. More recently, use of a rules-based architecture to prevent attacks has grown in popularity. Unfortunately, a rules-based solution falls short when faced with advanced AI- and ML- equipped bots that can morph on the spot to evade an organization’s cyber defenses.



Quote for the day:

"When building a team, I always search first for people who love to win. If I can't find any of those, I look for people who hate to lose." -- H. Ross Perot

No comments:

Post a Comment