The capitalist tool suggesting capitalism does not work as desired. Remarkable.
AI: The Answer to Cyberthreats Existing Systems Cannot Perceive?
October 12, 2021
This article from The Next Web gives us reason to hope: “Computer Vision Can Help Spot Cyber Threats with Startling Accuracy.” Researchers at the University of Portsmouth and the University of Peloponnese have combined machine learning with binary visualization to identify malware and phishing websites. Both processes involve patterns of color.
Traditional methods of detecting malware involve searching files for known malicious signatures or looking for suspicious behavior during runtime, both of which have their flaws. More recently, several machine learning techniques have been tried but have run into their own problems. Writer Ben Dickson describes these researchers’ approach:
“Binary visualization can redefine malware detection by turning it into a computer vision problem. In this methodology, files are run through algorithms that transform binary and ASCII values to color codes. … When benign and malicious files were visualized using this method, new patterns emerge that separate malicious and safe files. These differences would have gone unnoticed using classic malware detection methods. According to the paper, ‘Malicious files have a tendency for often including ASCII characters of various categories, presenting a colorful image, while benign files have a cleaner picture and distribution of values.’”
See the article for an illustration of this striking difference. The team trained their neural network to recognize these disparities. It became especially good at spotting malware in .doc and .pdf files, both of which are preferred vectors for ransomware attacks.
A phishing attack succeeds when a user is tricked into visiting a malicious website that poses as a legitimate service. Companies have used website blacklists and whitelists to combat the problem. However, blacklists can only be updated once someone has fallen victim to a particular site and whitelists restrict productivity and are time-consuming to maintain. Then there is heuristics, an approach that is more accurate than blacklists but still misses many malicious sites. Here is how the binary visualization – machine learning approach may save the day:
“The technique uses binary visualization libraries to transform website markup and source code into color values. As is the case with benign and malign application files, when visualizing websites, unique patterns emerge that separate safe and malicious websites. The researchers write, ‘The legitimate site has a more detailed RGB value because it would be constructed from additional characters sourced from licenses, hyperlinks, and detailed data entry forms. Whereas the phishing counterpart would generally contain a single or no CSS reference, multiple images rather than forms and a single login form with no security scripts. This would create a smaller data input string when scraped.’”
Again, the write-up shares an illustration of this difference—it would make for a lovely piece of abstract art. The researchers were able to train their neural network to identify phishing websites with an impressive 94% accuracy. Navigate to the article for more details on their methods. The papers’ co-author Stavros Shiaeles says the team is getting its technique ready for real-world applications as well as adapting it to detect malware traffic on the growing Internet of Things.
Cynthia Murrell, October 12, 2021
Is That an Iceberg or Dark Matter, Captain?
October 11, 2021
The spyware downloaded on your computer appears innocuous compared to what Gizmodo article: “The Ex-NSA Operative Cyber-Mercenary Scandal Shows The Spyware Industry Is Totally Out Of Control” discusses. Three ex-US intelligence operatives were almost charged with crimes related to work when they were employed by DarkMatter. DarkMatter is a cybersecurity company located in the United Arab Emirates.
The ex-operatives worked on Project Raven that helped the UAE government spy on its critics. They hacked computers around the world, including the United States. The ex-operatives avoided jail time thanks to a loophole that allows them to pay a $1.6 million fine. One of the accused, Daniel Gericke, is now employed by ExpressVPN, a prominent cyber security company.
ExpressVPN defended hiring Gericke and said they were aware of his actions on Project Raven. What is even more alarming is that surveillance experts are living double lives. The legally sell their services to reputable organizations as well as bad actors. It is like a weapons manufacturer who instigates war to augment their fortune.
There are organizations that are calling for an end to the double dipping in surveillance sales:
“However, privacy advocates have suggested that simply banning the occasional company from operation or the occasional prosecution is not going to be enough. Amnesty International, which helped expose NSO abuses, has called for a global moratorium on the sale of spyware products until a “human rights-compliant regulatory framework” can be developed and implemented. Other activists have similarly suggested that all sales should be halted until governments can “investigate and regulate this industry”—the likes of which is poorly understood by lawmakers and everyday people alike.”
Unfortunately the surveillance bad actors probably will not be reined in until a tragedy happens.
Whitney Grace, October 11, 2021
Insight into Hacking Targets: Headhunters Make Slip Ups but the Often Ignore Them
October 7, 2021
I read “Former NSA Hacker Describes Being Recruited for UAE Spy Program.”
Here’s the passage I noted:
There were no red flags because I was so naive. But… there’s a ton of red flags [in retrospect]…. [For example] when you’re in the interview process and you’re talking about defending [the UAE] and … doing tracking of terrorist activity,… but then you’re [being asked] very specific questions about integrated enterprise Windows environments and [how you might hack them]. Guess who doesn’t have those type of networks? Terrorist organizations. So why [is the recruiter] asking these kinds of questions…?
Several observations:
- Perhaps a training program for those exiting certain government work assignments would be helpful? It could be called “Don’t Be Naïve.”
- Gee, what a surprise: Specific questions about hacking integrated enterprise Windows environments. Perhaps Microsoft should think about this statement from the article and adjust its security so that headhunters ask about MacOS, Linux, or Android?
- Does the government’s monitoring of certain former employees need a quick review?
Stephen E Arnold, October 7, 2021
The Darknet: a Dangerous Place
October 6, 2021
Criminal activity on the Darknet is growing and evolving. One person who has taken it on themselves to study the shadow realm shares some of their experiences and observations with reporter Vilius Petkauskas in, “Darknet Researcher: They Said They’ll Come and Kill Me—Interview” at CyberNews. The anonymous interviewee, who works with research firm DarkOwl, describes a threat to their life, one serious enough to prompt them to physically move their family to a new home. They state:
“There was one specific criminal actor I was going after, trying to figure out where they were operating, who they were involved with, what groups they were affiliated with. I became a target. They turned on me and said, we will find whoever wrote this and come kill them. We will destroy them.”
Yes, poking around the Darknet can be dangerous business. What sorts of insights has our brave explorer found? Recently, there has been a substantial uptick in ransomware, and for good reason. The researcher explains:
“Look at ransomware as a service (RaaS). First and second-generation ransomware lockers were developed by incredibly smart malware developers, cryptologists, and encryption specialists. Those who designed and employed such software were some of the most sophisticated malware developers or ‘elite’ hackers around if you want to label them that. But with the RaaS affiliate model, they’re giving others the chance to ‘rent’ ransomware for as little as a few hundred bucks a year, depending on which strain they’re using. Anyone interested in getting into the business of ransomware can enter the market without necessarily having any prior or expert knowledge of how to conduct an enterprise-level attack against a network. Some of the gangs, like Lockbit 2.0 are nearly entirely automated, and their affiliates don’t need to have the slightest clue what they’re doing. You just push, plug, and play. Identify the victim, drop it onto the network, and the rest is taken care of.”
How convenient. Getting into the target’s network, though, is another matter. For that criminals turn to
initial access brokers (IABs), also located on the Darknet, who help breach networks through vulnerabilities, leaked credentials, and other weaknesses. See the write-up for more of the researchers hard-won observations. They close with this warning—there is more going on here than opportunists looking to make a buck. Espionage and cyber terrorism are also likely involved, they say. We cannot say we are surprised.
Cynthia Murrell, October 6, 2021
Microsoft and Its Post Security Posture
October 1, 2021
Windows 11 seems like a half-baked pineapple upside down cake. My mother produced some spectacular versions of baking missteps. There was the SolarWinds’ version which had gaps everywhere, just hot air and holes. Then there was the Exchange Server variant. I exploded and only the hardiest ants would chow down on that disaster.
I thought about her baking adventures when I read “Microsoft Says Azure Users Will Have to Patch these Worrying Security Flaws Themselves.” Betty Crocker took the same approach when my beloved mother nuked a dessert.
Here’s the passage that evoked a Proustian memory:
instead of patching all affected Azure services, Microsoft has put an advisory stating that while it’ll update six of them, seven others must be updated by users themselves.
Let’s hope there’s a Sara Lee cake around to save the day for those who botch the remediation or just skip doing the baking thing.
Half baked? Yeah, and terrible.
Stephen E Arnold, October 1, 2021
India: Offensive Cyber Activity or a Swipe at Specialized Software and Threat Intelligence
September 29, 2021
I read “Exclusive: An American Company Fears Its Windows Hacks Helped India Spy On China And Pakistan.” The write up reports:
A U.S. company’s tech was abused by the Indian government, amidst warnings Americans are contributing to a spyware industry already under fire for being out of control.
The write up’s emphasis is on an intriguing point; to wit:
Sometimes American companies aren’t the victims, but the ones fueling costly digital espionage.
The named firm is Exodus. Forbes presents this factoid, which I assume is “true”:
“They’re significant because the size of the market is relatively small, and the skill set required [to find zero days] is in possession of just a few thousand people worldwide at any given time,” says Katie Moussouris, founder of Luta Security and creator of Microsoft’s bug bounty program to reward hackers for vulnerability disclosures.
Okay, the market is small. And the expert? From another low profile outfit called Luta. But the story is not straight forward.
Exodus pumped out a report of an exploit. India’s technology professionals (presumably one of the few thousand in the world) recognized the value of the information. Then hunted around for another vulnerability its cyber fighters could employ.
The Forbes’s report says:
Any such zero-day spill would be especially concerning coming from a company that tries to keep a lid on around 50 zero days a year, covering the world’s most popular operating systems, from Windows to Android to Apple’s iOS. And Brown isn’t alone in seeing his creation used in ways he didn’t intend.
Exodus cut off India from its threat information. The write up concludes:
With the supply there, American government is hungry for hacks of all kinds of technologies.
Several observations:
- How many companies pump out threat intelligence? Are there other examples of “customers” using threat intelligence to develop cyber weapons?
- Why is Microsoft opining about security; specifically, NSO Group? The reasons exploits exist may be in part due to the security posture of Microsoft itself. No, Windows 11 did not distract me from noticing the Redmond giant’s magnetism for bad actors.
- What’s the agenda for this story? A lack of regulation? The behavior of the many, many outfits engaged in generating alerts, notices of exploitable flaws, or the damage done by leaking once secret specialized software into the public spotlight?
Stephen E Arnold, September 29, 2021
Elastic: Differentiation and Wagon Circling
September 22, 2021
Elastic expects two recent acquisitions to beef up its security in the cloud. Betakit reports, “Cybersecurity Startup Cmd to Be Acquired by Enterprise Search Firm Elastic.” This deal is on the heels of the company’s announcement that it snapped up authorization policy management platform build.security. Writer Josh Scott tells us:
“Cmd was founded in 2016 by CSO Jake King, former security operations lead at Hootsuite, and Milun Tesovic, general partner at Expa. The startup offers a runtime security platform for cloud workloads and Linux assets, providing infrastructure detection and response capabilities to global brands, financial institutions, and software companies. Cmd’s offering observes real-time session activity and allows Linux administrators and developers to take immediate remediation action. … Following the close of the deal, Elastic plans to work with Cmd to integrate Cmd’s cloud native data collection capabilities directly into the company’s Elastic Agent product, and Cmd’s user experience and workflows into Kibana, Elastic’s data visualization offering.”
Citing an article from TechCrunch, Scott notes that Cmd’s employees will be moving to Elastic, with King and CEO Santosh Krishnan slipping into executive roles. Elastic says current customers of both firms will benefit from the integration and specifically promises its existing clients will soon receive Cmd’s cloud security capabilities. Built around open source software, Elastic began as Elasticsearch Inc. in 2012, simplified its name in 2015, and went public in 2018. The company is based in Mountain View, California, and maintains offices around the world.
Cynthia Murrell, September 22, 2021
Triggering the Turtle Response: A Cyber Security Misstep?
September 15, 2021
One noble idea is to ask each and every organization to report a cyber attack and data breach. How are noble ideas like this greeted by commercial organizations or government bureaucrats with one eye on SES and one on retirement on a full pension? My hunch is that certain noble ideas are going to be ignored, sidestepped, or bulldozed under legal briefs.
I read “Exclusive: Wide-Ranging SolarWinds Probe Sparks Fear in Corporate America.” The trustworthy outfit Thomson Reuters says:
The SEC is asking companies to turn over records into “any other” data breach or ransomware attack since October 2019 if they downloaded a bugged network-management software update from SolarWinds Corp, which delivers products used across corporate America, according to details of the letters shared with Reuters. People familiar with the inquiry say the requests may reveal numerous unreported cyber incidents unrelated to the Russian espionage campaign, giving the SEC a rare level of insight into previously unknown incidents that the companies likely never intended to disclose.
Many organizations bite the bullet and keep cyber breach info under wraps. Examples include outfits dealing with financial transactions and juicy pharma companies, among others.
What’s going to happen? Investigators will find interesting information to explore and, in the manner of investigators, and piece together.
What’s one method of dealing with this intriguing government request? The turtle response. Pull one’s head into a shell and hope the legal eagles can make it safe to return to pre-SolarWinds’ practices.
Stephen E Arnold, September 15, 2021
T-Mobile Security: A Quote to Note
September 1, 2021
“T-Mobile Hacker Found Weakness” is a summary of the all-too-familiar story of a big company, indifference, security hand waving, and an alleged breach of alleged customers. Please, read the original “real” news story. No payee; no viewee, however. I want to highlight what I think is the most important direct quote in the write up; to wit:
Their security is awful.
That’s pretty juicy.
Wait, please. One more gem is tucked into the write up. Here’s that statement:
On August 13, the security research firm Unit221B LLC reported to T-Mobile that an account was attempting to sell T-Mobile customer data, according to the security firm.
What this statement, if accurate, suggests that the hundreds of high end, proactive threat detection systems did not spot this breach and offer of customer data.
One firm did. And what about other cyber security experts?
My hunch is that if the statements in the article are on the money, it may be time to entertain this question: Why don’t high end cyber security systems work?
Stephen E Arnold, September 1, 2021
Tips for Phishers
August 31, 2021
I spotted “AI Analysis Unveils the Most Effective Email Subject Lines for the Holidays.” My hunch is that a “real” news professionals wanted to provide helpful tips to those who engage in email marketing. The write up includes “tips” from professional email marketers. Here’s one example:
email subject lines that are direct or evoke curiosity or friendliness are the most likely to get opened
Gee, I wonder what other group of email marketers might benefit from such advice?
What about phishers? These are the bad actors who seek to compromise a user’s or an organization’s security via malicious email. With some cyber security solutions relying on rules, database look up, or the human recipient for blocking phishing attempts, the write up is likely to be quite useful. Just in time for the holidays: AI-derived tips for getting someone to open an email. Super thinking!
What bad actor can resist taking this advice?
Including empathy in your messages for your customers helps you make them feel that you are on their side.
Helpful, right?
Stephen E Arnold, August 31, 2021