Daily Tech Digest - February 22, 2024

New Wave of 'Anatsa' Banking Trojans Targets Android Users in Europe

"Initially the [cleaner] app appeared harmless, with no malicious code and its AccessibilityService not engaging in any harmful activities," ThreatFabric said. "However, a week after its release, an update introduced malicious code. This update altered the AccessibilityService functionality, enabling it to execute malicious actions such as automatically clicking buttons once it received a configuration from the C2 server," the vendor noted. The files that the dropper dynamically retrieved from the C2 server included configuration info for a malicious DEX file for distributing Android application code; a DEX file itself with malicious code for payload installation, configuration with a payload URL, and finally code for downloading and installing Anatsa on the device. The multi-stage, dynamically loaded approach used by the threat actors allowed each of the droppers that they used in the latest campaign to circumvent the tougher AccessibilityService restrictions Google implemented in Android 13, Threat Fabric said. For the latest campaign, the operator of Anatsa chose to use a total of five droppers disguised as free device-cleaner apps, PDF viewers, and PDF reader apps on Google Play.

CIO Gray Nester on fostering a culture of success

It’s easy to be courageous when you’ve already achieved more than you ever thought you would. I don’t have to be afraid to fail because I’m successful in the things that matter — my family. That’s where my love comes from. As a leader, courage and always doing what’s right equate to being honest but also being kind. There’s a difference between being honest and being truthful. As I have the opportunity to coach people, I have to deliver hard messages, and those are honest messages. I can be truthful with you and never address the opportunity to improve. So, I think courage is the willingness to say things that may not be popular but that help you achieve the goals and objectives you’re capable of achieving. We all show up here every day for something bigger than ourselves. If you believe in assuming positive intent and believe that people show up every day to be successful, then if you can give them the tough message, you have to believe they’re going to take that and do something with it because feedback is a gift. That doesn’t mean that everybody will be successful in that, but it’s our responsibility as leaders to go out and do that. That may mean saying, ‘Hey, Business, you’ve got a really bad idea, and this isn’t going to work, and let me tell you why.’ 

Navigating the Data Revolution: Exploring the Booming Trends in Data Science and Machine Learning

A significant trend in data science and machine learning revolves around incorporating artificial intelligence (AI) to drive automation. Industries across the spectrum are harnessing the potential of machine learning algorithms to streamline everyday tasks, fine-tune processes, and boost efficiency. Whether in manufacturing, healthcare, finance, or logistics, the wave of AI-powered automation is fundamentally transforming the operational landscape of businesses. ... Natural Language Processing (NLP) has taken center stage in the expansive realm of machine learning. Thanks to strides in deep learning models such as GPT-3, machines are rapidly evolving, displaying a remarkable proficiency in deciphering and generating language that mimics human expression. This transformative trend is reshaping how we engage with technology, from the intuitive responses of chatbots and virtual assistants to the seamless intricacies of language translation and content creation. ... The widespread adoption of Internet of Things (IoT) devices has triggered a notable upswing in data generation right at the edge of networks. A trend gaining significant traction is the fusion of edge computing with decentralized machine learning geared towards processing data near its source.

The Impact of Technical Ignorance

As most non-technical folks appear unable or unwilling to accept that software is hard, our responsibility – for better or worse – is to show and explain. Unique situations require adjusting the story told, but it is necessary – and never-ending – to have any chance to get the organization to understand: explaining how software is developed and deployed, demonstrating how a data-driven organization requires quality data to make correct decisions, explaining the advantages and disadvantages of leveraging open source solutions; showing examples of how open source licenses impact your organization’s intellectual property. Look for opportunities to inject background and substance when appropriate, as education is open-ended and never-ending. ... Aside from those employed in purely research and development roles, engineering/technology for engineering/technology's sake is not feasible, as technology concerns must be balanced with business concerns: product and its competitors, sales pipeline, customer support and feature requests, security, privacy, compliance, etc. 

Kubernetes Predictions Were Wrong

The view that Kubernetes would settle into quiet utility and effectively disappear while also running all our workloads failed to materialize. Nobody managed to create a single opinionated path for Kubernetes that would take care of all these choices. The simple reason for this is that the mythical one true way wouldn’t work for most applications and services. It’s impossible to create a simple, simple path without acknowledging the context of the application and organization. This is why platform engineering has gained traction. While there’s little chance of creating an industrywide path of simplified choices, creating one within an organization is perfectly feasible. A minimal viable platform could be a wiki page listing pre-baked decisions and providing a standard example for each configuration file. This might evolve into a facade that allows developers to specify what they need along a simple dimension, such as “size,” with the platform taking care of the details behind the flag. Platforms should provide simplified ways to do the right thing while letting expert developers peel back the layers when the standard approach isn’t suitable.

How DSPM Fits into Your Cloud Security Stack

DSPM solutions provide unique security capabilities and are specifically tailored to addressing sensitive data in the cloud, but also to supporting a holistic cloud security stack. As the variety and sophistication of attacks increase over time, new challenges arise that the existing security stack can hardly keep up with. A new, more aligned, and holistic inventory of security tools should be considered, consisting of identity threat protection, data-related risk reduction, privacy management, and a host of other imperative elements while ensuring continuous monitoring of any cloud asset, including CSPs, SaaS apps, File Shares, and DBaaS. However, building the most appropriate cloud security stack to do so may prove challenging in light of the numerous different – but similar-sounding – security domains in the market. DSPM tools protect data wherever it resides (IaaS, PaaS, SaaS, DBaaS, and File Shares), combined with advanced identity-centric data threat protection. They empower security teams to reduce data risk and achieve unparalleled visibility into data location, misconfiguration, comprehensive and tailored classification, access permissions, usage patterns, and potential threats, ensuring continuous data security and governance. 

Face off: Attackers are stealing biometrics to access victims’ bank accounts

Cybersecurity company Group-IB has discovered the first banking trojan that steals people’s faces. Unsuspecting users are tricked into giving up personal IDs and phone numbers and are prompted to perform face scans. These images are then swapped out with AI-generated deepfakes that can easily bypass security checkpoints The method — developed by a Chinese-based hacking family — is believed to have been used in Vietnam earlier this month, when attackers lured a victim into a malicious app, tricked them into face scanning, then withdrew the equivalent of $40,000 from their bank account. ... “These tools are relatively low cost, easily accessed and can be used to create highly convincing synthesized media such as face swaps or other forms of deepfakes that can easily fool the human eye as well as less advanced biometric solutions,” he said. ... “Organizations may begin to question the reliability of identity verification and authentication solutions, as they will not be able to tell whether the face of the person being verified is a live person or a deepfake,” writes Gartner VP analyst Akif Khan. 

Critical infrastructure attacks aren’t all the same: Why it matters to CISOs

Effectively restraining foreign adversaries would require limiting connectivity to critical infrastructure, which is only incrementally possible (via air-gapping, etc.). Better awareness of malign intentions, however, should dampen the sophistication of intrusion activity, and institutionalization of critical infrastructure preparedness and mitigation fundamentals should mitigate threat severity. From this perspective, Wray’s push to spread awareness of the PRC threat is wise, as is Canada’s attempt to pass stricter regulation of critical infrastructure operators’ security practices. One limits the discretionary conditions the Chinese need to build this capability; the other builds toward an inter-institutional apparatus that is more inherently adaptive, which should reduce the value of the capability. Stakeholders in the United States and elsewhere should double-down on efforts that conform to these parameters. From more consistent de-classification of details of critical infrastructure attacks to the publicization of critical infrastructure operator security performance outcomes, public sector stakeholders can limit the conditions under which foreign activity can find strategic value.

Report: Manufacturing bears the brunt of industrial ransomware

One of the main reasons that the manufacturing sector is so heavily targeted is because it adopted digitization at a much quicker pace compared to, for example, the water and wastewater or transportation sectors. But Lee was quick to point out that other industrial sectors are catching up to the broad digital footprint – and potential access points – of the manufacturing sector. “The manufacturing industry really went through that quote unquote, digital transformation and connectivity very quickly. As a result of not investing in IoT security when they did that, we’re seeing a lot of ransomware cases, a lot of activists, criminals, etc., disrupting manufacturing,” Lee said. “Far more than gets reported publicly.” The manufacturing sector, Lee said, still struggles with segmenting networks like those that deal with human resources from operational technology networks that control operations, which can allow a hacker broad access to the organization. However, that trend is spreading to other sectors, such as water and wastewater, Lee warned. He expects an increase of ransomware attacks on water and other utilities as digitization becomes more common.

4 Steps to Achieving Operational Flow and Improving Quality in Tech Teams

Removing dependencies is often a lot of work. Dependencies are often the result of specialist knowledge that resides in another part of the organisation, or past architectural choices. It often feels like the dependencies are inevitable and inescapable. There’s a lot of truth to the idea that removing dependencies will be painful and time-consuming, but they only have to be removed once, at which point the team never has to deal with that dependency again. It’s an investment today in order to get better results tomorrow. ... Rather than arranging teams in functional silos, arrange them so they can deliver value independently. This arrangement then allows more work to move through the system simultaneously, because the different work doesn’t create delays for other teams. Each of the above contributes to improving flow. But what about improving quality? The interesting thing is that each of the steps above improves quality, too. By doing fewer things at once, the reduced cognitive load will make it easier for the team to produce higher quality work, while reduced context switching makes it less likely they’ll miss something important. 

Quote for the day:

''To do great things is difficult; but to command great things is more difficult.'' -- Friedrich Nietzsche

No comments:

Post a Comment