Work from Home: Stating the Obvious and a Newish Word
October 12, 2020
I read “Organizations Have Accrued Technical Debt in the Shift to Remote Work, and Now They Have to Face the Fallout.” Three facets of the article snagged my attention. The first was this observation attributed to a Security Awareness Advocate at KnowBe4, a information services firm:
“Many organizations have accrued a lot of technical debt, for lack of a better term, to get people working remotely,” said Malik. “They’ve enabled remote access to servers that they traditionally would never have given access to, or they might have relaxed some security rules. I heard of an organization that actually dropped 2FA to allow all of their employees to easily connect into the office, because they didn’t have enough resources to deploy 2FA to everyone, or train them up, or to deal with the number of tickets that would inevitably come in.
Okay, the obvious has been stated.
Second, the use of the phrase “technical debt” indicates that services firms want to make clear that taking one set of technologies and applying them to remote work has risks.
No kidding. News? Hardly. Reports from assorted cyber security companies have been pointing out that phishing has become a go-to mechanism for some time. A useful report is available from Interpol.
The third facet of the article was the use of the portmanteau “websem.” The coinage appears to be a combination of the word “webinar”, itself a modification of “seminar, and the now ubiquitous term “Web.”
Observations:
- Recycling Interpol data does not constitute an insight worthy of a consulting gig
- Whipping up jargon adds some froth to the Reddiwip analysis
Why not cite sources and use words WFH’ers will understand; for example, Zoom-eeting. Mammals braying, excitement, and snacks with toppings? The fallout? Plump targets for phishers.
Stephen E Arnold, October 12, 2020
Watch Out for Trojans
October 3, 2020
Here is an interesting little write-up on a specific type of malware. Predict gives us, “What You Need to Know About Trojan Horse?” Writer Rakesh Elamaran begins by defining the term—a trojan is an app that appears desirable but, once downloaded, turns malicious. Naturally, he observes, simply banning downloads is an impractical solution. Instead, we’re told:
“Because Trojan horses don’t reproduce after they have been installed on a computer, they are much easier to isolate and remove than some other cyber threats. To do this, you should use a Trojan remover, which usually comes bundled with the best antivirus software. If you suspect your computer may be infected, use your antivirus program to check your hard drive for any suspicious files. Some Trojans are not as dangerous as others, which is why your client may suggest quarantining an infected file rather than deleting it. Your antivirus software will then monitor the file closely and inform you if it detects any unusual and/or malicious activity. To ensure optimal safety, you should schedule full weekly scans of your computer and set up automatic definition updates in your antivirus program. Of course, in addition to using the best antivirus software you can prevent Trojan infections by avoiding any suspicious emails, attachments, and links sent to you from unknown addresses. Before typing your data into online forms, look for a padlock symbol in the address bar to make sure that your connection is secure and that all the data you enter is encrypted.”
The post lists some symptoms to watch out for. One is hardware, like a CD tray, that performs a function unprompted. The rest are changes settings not initiated by the user: browser home pages; passwords, usernames, or other login information; and screen savers, backgrounds, or mouse settings. It also specifies the most common actions trojans tend to take, from erasing files to installing a back door, and names a few famous versions that have caused havoc in the past.
Cynthia Murrell, October 3, 2020
Cybersecurity: A Booming Business
September 23, 2020
The United Kingdom has seen record growth for cyber security startups. The record growth in the cybersecurity field is due to the COVID-19 pandemic and the heavy demand on Internet and digital services. Internet and digital services must be protected from potential bad actors stealing individuals’ information or be mischievous during Zoom meetings. Tech Round explains more about cybersecurity’s growth in: “Cybersecurity: The Fastest Growing UK Startup Sector During COVID-19.”
Before the pandemic struck, cybersecurity focused on financial and regulatory risks. Cyber risk management is now a hot ticket for investors. COVID-19 also points to a future where more people will be working remotely, organizations will host their data offsite, and more services will be online:
“Ajay Hayre, Senior Consultant Technology at Robert Walters comments: “Historically IT security has represented only 5% of a company’s IT budget but due to remote working and transition to online or cloud-based solutions, cybersecurity has been thrust to the centre of business continuity plans, having proved its worth in enabling business objectives during lockdown. Not only will every company see the benefit of having this expertise in-house, but they will be looking externally for tools, services and advisors to help guarantee the future-proofing of their business by way of solid and robust cybersecurity provisions.”
What is even more interesting are the venture capitalists behind the investing. The PHA Group breaks down who the “5 Key VCs Backing Cybersecurity Startups” are. According to the LORCA Report 2020, a half billion pounds were fundraised in the first half of 2020 for cybersecurity startups. This is a 940% increase compared to 2019. Venture capitalists also want to invest their money in newer technologies, such as AI, encryption, secure containers, and cloud security. The five companies that invested the most in UK cybersecurity are Ten Eleven Ventures, Energy Impact Partners, Index Ventures, and Crosslink Capital.
Whitney Grace, September 23, 2020
DarkCyber for September 22, 2020, Now Available: Bogus Passports, Chinese Data and Apps, and the Dronut Drone
September 22, 2020
DarkCyber for September 22, 2020, is now available. This week’s program features an update on falsified documents, three stories about China, and a report about the Dronut. You can view the video on YouTube. The video is available via the Beyond Search blog.
Kenny Toth, September 22, 2020
Passport Report: Useful Guidance for Governments and Bad Actors?
September 15, 2020
The consulting firm Bearing Point is an interesting outfit. Marketing, of course, is job one. DarkCyber noted “BearingPoint Study Assesses the Digital Maturity of Passport Services in Countries around the Globe.” The document provides the firm’s assessment of government processes related to digital work flows. Not surprisingly, the report finds opportunities for improvement across the 20 countries surveyed.
A passage DarkCyber noted states:
No examined countries currently assessed to be at level five.
Surprising? No, the object of the study is to sell consulting services for online passport application services.
However, the report provides some useful insights for bad actors interested in figuring out what type of false documents to purchase via an illegal channel. That’s right. The report is a compendium of ideas for bad actors; for example:
The study covers twenty countries selected from across Europe and other regions. The countries included in the study are Australia, Austria, Belgium, Brazil, Canada, Denmark, Estonia, Finland, France, Germany, Ireland, the Netherlands, New Zealand, Norway, Romania, Singapore, Sweden, Switzerland, the UK, and the USA. Of the countries included in the study, eleven offered a partial or full online passport application service. Australia, Brazil, Estonia, France, Switzerland, and the USA were assessed at level three in the service maturity assessment. Level three represents a partial online application service in which citizens can submit application details (all data required excluding the passport image) online, in advance of attending an appointment to complete the application. The critical efficiency at this level is minimizing the volume of data inaccuracy associated with paper applications and capturing the data in advance of attending a public office, which leads to a reduction in data errors and also provides a more efficient service. Finland, Ireland, New Zealand, Singapore and the UK were assessed at level four. This represents a passport service that offers citizens an entirely online application process, though some offline interaction may be required. Passport services at this level offer online services for handling problems with the application, for example, resubmitting a photo digitally if the initially submitted photo did not meet specified standards.
The countries with what appear to be business processes in need of digital enhancement are countries like Romania and Sweden. Sweden?
The report could be used as a shopping guide for false documents which may be used to enter a country illegally. On the other hand, the report is designed to help Bearing Point sell consulting services.
Interesting information if the data are accurate.
Stephen E Arnold, September 15, 2020
DarkCyber for September 8, 2020: Innovation, Black Hat SEO, Drovorub, Sparks Snuffed, and Killer Drones
September 8, 2020
DarkCyber Video News for September 8, 2020, is now available. You can view the video on YouTube, Facebook, and the DarkCyber blog.
The program covers five stories:
First, the Apple-Fortnite dispute has created some new opportunities for bad actors and their customers. The market for stolen Fortnite accounts is robust. Accounts are for sale on the Dark Web and the Regular Web. Some resellers are allegedly generating six figures per month by selling hapless gamers’ accounts.
Second, you can learn how to erode relevance and make a page jump higher in the Google search results lists. Pay $50 and you get information to set up an Amazon or eBay store with little or no investment. No inventory has to be purchased, stored, and shipped. Sound like magic?
Third, the FBI and NSA have published a free analysis of Drovorub malware. If you are responsible for a Linux server, requesting a free copy of the publication may save you time, money, and loss of important data.
Fourth, a team of international law enforcement professionals shut down the Sparks video piracy operation. The impact of the shut down hits pirate sites and torrents. Three of the alleged operators have been identified. Two are under arrest, and the third is fleeing Interpol.
Finally, in this program’s drone report, DarkCyber explains how drug lords are using consumer drones in a novel and deadly way. Consumer-grade drones are fitted with explosives and a detonator. Each drone comes with a radio control unit and a remote trigger for the explosive’s on drone detonator. The purpose is to fly the drone near a target and set off the explosive. To ensure a kill, each of the weaponized drones carries a container of steel ball bearings to ensure the mission is accomplished.
DarkCyber is a production of Stephen E Arnold and the DarkCyber research team.
Kenny Toth, September 8, 2020
The Possibilities of GPT-3 from OpenAI Are Being Explored
August 27, 2020
Unsurprisingly, hackers have taken notice of the possibilities presented by OpenAI’s text-generating software. WibestBroker News reports, “Fake Blog Posts Land at the Top of Hacker News.” The post was generated by college student Liam Porr, who found it easy to generate content with OpenAI’s latest iteration, GPT-3, that could fool readers into thinking it had been crafted by a person. Writer John Marley describes the software:
“GPT-3, like all deep learning systems, looks for patterns in data. To simplify, the program has been trained on a huge corpus of text mined for statistical regularities. These regularities are unknown to humans. Between the different nodes in GPT-3’s neural network, they are stored as billions of weighted connections. There’s no human input involved in this process. Without any guidance, the program looks and finds patterns.”
Rather than being unleashed upon the public at large, the software has been released to select researchers in a private beta. Marley continues:
“Porr is a computer science student at the University of California, Berkeley. He was able to find a PhD student who already had access to the API. The student agreed to work with him on the experiment. Porr wrote a script that gave GPT-3 a headline and intro for the blog post. It generated some versions of the post, and Porr chose one for the blog. He copy-pasted from GPT-3’s version with very little editing. The post went viral in a matter of a few hours and had more than 26,000 visitors. Porr wrote that only one person reached out to ask if the post was AI-generated. Albeit, several commenters did guess GPT-3 was the author. But, the community down voted those comments, Porr says.”
Little did the down-voters know. Poor reports he applied for his own access to the tool, but it has yet to be granted. Perhaps OpenAI is not too pleased with his post, he suggests. We wonder whether this blogger received any backlash from the software’s creators.
Cynthia Murrell, August 27, 2020
Insider Threats: Yep, a Problem for Cyber Security Systems
August 20, 2020
The number of cyber threat, security, alerting, and pentesting services is interesting. Cyber security investments have helped cultivate an amazing number of companies. DarkCyber’s research team has a difficult time keeping up with startups, new studies about threats, and systems which are allegedly one step ahead of bad actors. Against this context, two news stories caught our attention. It is too soon to determine if these reports are spot on, but each is interesting.
The first report appeared in Time Magazine’s story “Former CIA Officer Charged With Giving China Classified Information.” China is in the news, and this article reveals that China is or was inside two US government agencies. The story is about what insiders can do when they gather information and pass it to hostile third parties. The problem with insiders is that detecting improper behavior is difficult. There are cyber security firms which assert that their systems can detect these individuals’ actions. If the Time article is accurate, perhaps the US government should avail itself of such a system. Oh, right. The US government has invested in such systems. Time Magazine, at least in my opinion, did not explore what cyber security steps were in place. Maybe a follow up article will address this topic?
The second news item concerns a loss of health related personally identifiable information. The data breach is described in “Medical Data of Auto Accident Victims Exposed Online.” The security misstep allowed a bad actor to abscond with 2.5 million health records. The company responsible for the data loss is a firm engaged in artificial intelligence. The article explains that a PII health record can fetch hundreds of dollars when sold on “the Dark Web.” There is scant information about the security systems in place at this firm. That information strikes me as important.
Several questions come to mind:
- What cyber security systems were in place and operating when these breaches took place?
- Why did these systems fail?
- Are security procedures out of step with what bad actors are actually doing?
- What systemic issues exist to create what appear to be quite serious lapses?
DarkCyber does not have answers to these questions. DarkCyber is becoming increasingly less confident in richly funded, over-hyped, and ever fancier smart security systems. Maybe these whizzy new solutions just don’t work?
Stephen E Arnold, August 20, 2020
Data Loss: An Interesting Number
August 19, 2020
“Over 27 Billion Records Exposed in the First Half of 2020” contains some interesting assertions. One which caught my attention was:
Although reports of data breaches are down 52 percent in the first half of this year, the number of records exposed over the same period has soared to 27 billion.
The write up quotes an expert from Risk Based Security as saying:
“The striking differences between 2020 and prior years brings up many questions,” says Inga Goddijn, executive vice president at Risk Based Security. “Why is the breach count low compared to prior years? What is driving the growth in the number of records exposed? And perhaps most importantly, is this a permanent change in the data breach landscape?”
I am curious as well. Interpol’s August 2020 “Cybercrime: Covid-19 Impact” suggests that cybercrime is chugging along quite nicely.
DarkCyber’s question is:
With hundreds of cyber security firms offering everything from real time AI monitors to old fashioned and expensive humans, bad actors appear to be increasingly successful. How is that Garmin cyber security system working now? Any Amazon S3 buckets compromised recently? Is Self-Key’s statement that “the first quarter of 2020 has been one of the worst in data breach history with over 8 billion records exposed” accurate?
The numbers may be interesting but the question is, “Why are state-of-the-art, artificially intelligence cyber security systems performing in a way that suggests bad actors are experiencing a surfeit of target opportunities?
Stephen E Arnold, August 19, 2020
Quantexa: Awash in Cash
August 13, 2020
As the COVID-19 pandemic continues to spread, crime has not stopped. Instead of illegal activities taking place in person, bad actors have moved their activities online. Cybersecurity experts discovered that the pandemic has also made bad actors more desperate and are willing to take more risks online. Inventiva explains with the rise of risky cyber crimes, cybersecurity companies are seeing huge investments such as: “Quantexa Raises $64.7M To Bring Big Data Intelligence To Risk Analysis And Investigations.”
Quantexa is a UK-based company that designed a Contextual Decision Intelligence. Machine learning platform that analyzes data points to track criminal activity and build better profiles of companies’ customer base. Quantexa recently raised $64.7 million in Series C fundraising. The funds will be used to develop further tools for cybersecurity and expand Quantexa into other continents.
Quantexa has done work for banks and other businesses in the financial industry. The company hopes the fundraising infusion will set them up with work in the government/public sector and insurance companies.
Quantexa founder and CEO Vishal Marria said he created the company, because he encountered many challenges with investigations while he was an Ernst & Young executive director. He noticed that when potential bad actors were investigated, only small pieces of information were used. Marria thought of a better way, so he designed AL algorithms and used big data to find the bigger picture:
“As an example, typically, an investigation needs to do significantly more than just track the activity of one individual or one shell company, and you need to seek out the most unlikely connections between a number of actions in order to build up an accurate picture. When you think about it, trying to identify, track, shut down and catch a large money launderer (a typical use case for Quantexa’s software) is a classic big data problem.”
This sector of cybersecurity continues to grow and similar companies to Quantexa are also fundraising with investors.
Pieces of information always point to a larger puzzle. It begs the question how bad actors were caught in the past.
Whitney Grace, August 13, 2020
-
- Subscribe to Beyond Search
Feature archive
News archive
-
