Pics & Videos – Technology For You

11-13 year old girls most likely to be targeted by online predators

Technology For You — Tue, 27 Apr 2021 09:36:59 +0000

The Internet Watch Foundation (IWF), a not-for-profit organization in England whose mission is “to eliminate child sexual abuse imagery online”, has recently released its analysis of online predator victimology and the nature of sexual abuse media that is currently prevalent online. The scope of the report covered the whole of 2020.

IWF annual report: what the numbers reveal

The IWF assessed nearly 300,000 reports in 2020, wherein a little more than half of these—153,383—were confirmed pages containing material depicting child sexual abuse. Compared to their 2019 numbers, there was a 16 percent increase of pages hosting such imagery or being used to share.From these confirmed reports, the IWF were able to establish the following trends:The majority of child victims are female. There has been an increase in the number of female child victims since 2019. In 2020, the IWF has noted that 93 percent of the child sexual abuse material (CSAM) they assessed involved at least one (1) female child. That’s a 15 percent increase compared to numbers in 2019.

Females dominate the victimization type in online child abuse imagery. On the other hand, imagery involving males has significantly decreased since 2019, from 17 percent to 3 percent. (Source: IWF Annual Report 2020)

Online predators are after children ages 11-13. The IWF counted a total of 245,280 hashes—unique codes representing different pictures, videos or other CSAM—the majority of which involve females, where a child victim is 11-13 years of age. This is followed by children aged 7 to 10 years of age.

These hash statistics show a clear trend: a great majority of predators are after imagery of children aged 7 to 13. (Source: IWF Annual Report 2020)

To learn more about the IWF Hash List, watch this YouTube video.Tink Palmer, CEO of the Marie Collins Foundation, a charity group that helps child victims and their families to recover from sexual abuse involving technology, told the IWF why online predators gravitate within these age groups.“In many cases it is pre-pubescent children who are being targeted. They are less accomplished in their social, emotional and psychological development. They listen to grown-ups without questioning them, whereas teenagers are more likely to push back against what an adult tells them.”

Age breakdown of child sexual abuse graph, which further supports this trend against 11 – 13 year old girls. (Source: IWF Annual Report 2020)

Self-generated child sexual abuse content are on an uptick. 44 percent of images and videos analyzed by IWF in 2020 are classed as “self-generated” child sexual abuse content. This is a 77 percent increase from 2019 (wherein they received 38,400 reports) to 2020 (wherein they received 68,000 reports).“Self-generated” content means that the child victims themselves created the media that online predators propagate within and beyond certain internet platforms. Such content is created with the use of either smartphones or webcams, predominantly by 11 to 13 year old girls within their home (usually, their bedroom) and created during periods of COVID-19 lockdowns.Content concerning the use of webcams are often produced using an online service with a live streaming feature, such as Omegle.

Statistics on self-generated abuse vs contact sexual abuse among female children who are aged 11 to 13 years old (Source: IWF Annual Report 2020)

Europe is found hosting almost all child sexual abuse URLs. The IWF has identified that 90% of the URLs it analyzed and confirmed to house CSAM were hosted in Europe, in which they also included Russia and Turkey. Among all countries in Europe, the Netherlands is the prime location for hosting CSAM, a constant that the IWF has seen through the years.

Due to lower cost of web hosting, 77% of CSAM are physically hosted on servers in the Netherlands. (Source: IWF Annual Report 2020)

Shutting the door on child sexual abusers

The IWF report highlights a worrying trend on child victimology and gives us an idea that online predators not only groom their targets but also coerce and bully them to do their bidding. And child predators usually frequent platforms that a lot of teenage girls use.Sadly, there is no single measure or piece of technology that can solve the problem of child exploitation. The best protection for children is effective parenting, and the IWF urges parents and guardians to be T.A.L.K. to their children. T.A.L.K. is a list of comprehensive and actionable steps parents and/or carers can take to help guide their children through a safer online journey as they grow up. T.A.L.K. stands for:

Talk to your child about online sexual abuse. Start the conversation – and listen to their concerns.* Agree ground rules about the way you use technology as a family.* Learn about the platforms and apps your child loves. Take an interest in their online life.* Know how to use tools, apps and settings that can help to keep your child safe online.

If images or videos of your child have been shared online, it’s important for parents not to blame the child. Instead, reassure them and offer support. Lastly, make a report to the police about these images or videos, IWF, Childline, or your local equivalent.

More privacy control for all with TinyCheck tool

Technology For You — Wed, 03 Feb 2021 04:16:30 +0000

To increase privacy control over users’ data, two Kaspersky experts have combined the results of their research and upgraded the openly available TinyCheck tool. Initially developed as a stalkerware detection tool for service organizations working with victims of domestic violence, TinyCheck now also offers help to uncover all types of geo-tracking apps.

In December 2020, Apple and Google prohibited any apps in their stores which use X-Mode’s technology that secretly enables tracking and selling of location data. Several months prior to the tech companies’ decision, Kaspersky’s Global Research and Analysis Team (GReAT) director, Costin Raiu started to analyze such apps after he had seen a visualization that identified people’s movements using their GPS data made available by X-Mode.

Raiu found more than 240 distinct apps with X-Mode’s tracking technology which in total have been installed more than 500 million times. Such data collection becomes possible when developers embed a component – a software development kit (SDK) – in their app. The problem with these tracking SDKs is that it is impossible for a user to tell whether an app contains such location tracking components. Also, the app may have a legitimate reason to ask for the user’s location as many rely on location to function properly, but such an app might also sell the GPS data.

In addition, any app can contain more than just one tracking SDK. For example, while Raiu was looking at an app that included the X-Mode SDK in question, he discovered five other components from other companies that were also collecting location data.

Making life harder for secret trackers

Now, Raiu’s findings have been integrated into TinyCheck, an open-source tool developed and published in November last year by Félix Aimé, another of Kaspersky’s GReAT experts. Initially, TinyCheck was developed to help tackle the issue of stalkerware.

Stalkerware is software used to secretly spy on another person’s private life via a smart device and also installed without the user’s knowledge. While often used to facilitate violence against an intimate partner, the software may also be used in a different context. TinyCheck can now detect both stalkerware and tracking apps, but the tool issues two different alerts to the user.

A TinyCheck alert when stalkerware is detected.

A TinyCheck alert when geo-tracking apps are detected.

An excerpt of the TinyCheck report on any detected geo-tracking apps.

Using a regular Wi-Fi connection, TinyCheck scans a mobile device’s outgoing traffic and identifies interactions with known malicious sources. In order to make use of TinyCheck, a computer with a Raspberry Pi OS Buster is needed along with one of the following two options: either two Wi-Fi interfaces, one for connecting to the internet and one for your mobile’s connectivity (AP mode), or one Wi-Fi interface and an Ethernet connection for internet. In both cases, the best choice is a Raspberry Pi Model 3 or higher with a small touch screen.

A visualization of how TinyCheck works.

“Secret tracking of users and using their data without their knowledge should not happen for any reason. Having the combined list of indicators of compromise for mobile trackers and stalkerware integrated in TinyCheck, users are able to increase their privacy control. TinyCheck is therefore designed as an open source tool that is freely available to anyone, and one which the security community can share and contribute their knowledge to,” comments Félix Aimé, a Kaspersky GReAT security researcher.

In addition to using TinyCheck, there are a few tips to follow to lower the chances of being tracked by such apps and services, which involve limiting apps’ permissions:

Check which apps have permission to use your location. The following information shows how to perform such checks on an Android 8 device (later versions do not differ significantly) and an iOS device. If an app does not need location permission, you can simply revoke it.
Give apps permission to use your location only while they are being used. Most apps do not need to know your location when they are running in the background, making this setting ideal for many of them.
Delete apps that are not used anymore. If the app has not been opened in a month or more, it is probably safe to assume it is no longer needed; and if this changes in the future, it can always be reinstalled.

Use proven cybersecurity protection, such as Kaspersky Internet Security for Android, which protects you against all kinds of mobile threats.

To read about the TinyCheck installation process, please visit https://github.com/KasperskyLab/tinycheck#readme

Video | TinyCheck – A special stalkerware detection tool

How Apple’s self-driving car plans might transform the company itself

Technology For You — Thu, 31 Dec 2020 20:40:24 +0000

What would an Apple self-driving car look like? We don’t know yet, but what we do know is that the company has serious plans to roll out its own electric self-driving car by 2024.

Apple hasn’t officially confirmed any of the information disclosed in the Reuters reports that broke the news last week. And we are still missing many details on the company’s self-driving plans. Nonetheless, the news is significant, both for Apple and the self-driving car industry.

Depending on how the situation unfolds in the next months and years, the fact that there’s a concrete date for Apple’s self-driving car plans could indicate the company is making a fundamental change to its product-development strategy.

The current state of self-driving car technology

The history of self-driving cars is very much reflective of the decades-long search for artificial general intelligence (AGI): The finish line always seems to be around the corner, but the closer we get to it, the harder it becomes.

Like many of today’s AI technologies, self-driving cars have their roots in the 1970s and ’80s. But until recent years, they were only limited to academic and military research labs and science contests. In the 2010s, advances in deep learning have led to great improvements in computer vision, one of the key technologies powering self-driving cars. We’re finally seeing cars that can drive themselves in real streets.

Deep learning algorithms have helped self-driving cars come a long way toward navigating challenging environments. But the technology is far from perfect. Deep learning models are only as good as their training data. If the data is representative of all the situations the self-driving car will face, then it will have a robust performance. But the AI’s actions will become unpredictable when faced with edge cases–novel situations that happen rarely–such or a fire truck parked at an odd angle or an overturned car.

[embedded content]

Human drivers meet novel situations all the time but can handle them thanks to their understanding of how the world works in general. For instance, you don’t need previous training to know what to do if you see a deer calf crossing the road. We understand causes and effects, intuitive physics, goals, and intents, and this knowledge helps us make rational decisions (most of the time) when we face situations we’ve never seen before.

Some companies are using complementary technologies such as lidars, laser-emitting devices that create 3D maps of the car’s surroundings. Lidars can help detect obstacles and people where the computer vision system fails, but they’re not resistant to environmental factors and motion, and they do not solve the problem of causality.

[embedded content]

Apple’s self-driving car efforts

Apple has been doing autonomous driving research under the title “Project Titan” since 2014. But unlike efforts at other companies like Uber and the Google-owned Waymo, very little is known about Apple’s self-driving car project and the company’s progress.

The initial goal was reportedly for Apple to create a car from scratch. In 2016, the company shifted focus and aimed at developing software for self-driving cars. In January 2019, Apple laid off 200 employees from the project, then went on to acquire the self-driving startup Drive.ai in June. In December 2020, the company moved project Titan under the care of John Giannandrea, its head of artificial intelligence.

The history of Project Titan indicates that Apple has always maintained interest in self-driving cars, but there were never signs of a plan to launch a product. This changed with the Reuters report, which claimed Apple has “progressed enough that it now aims to build a vehicle.”

Apple’s product development strategy

Apple is usually not a first mover, but it certainly knows when to enter a new market. Apple II was not the first personal computer, but it was the first very successful one, building on top of a decade of rapid advances in storage and processing technologies and the gradual decrease of the costs of manufacturing the pieces required to assemble a home computer.

The iPod was not the first device to play audio files, but it launched at a very opportune time, when digital media adoption had reached critical mass and the market was ripe for high-end consumer products. The same with the iPhone, which entered the scene as mobile communications, internet, and computing had become common thanks to the likes of Nokia and BlackBerry. There was nothing new to the iPhone, but it was a novel combination of “an iPod, a phone, and an internet communicator.”

[embedded content]

If you look at some of Apple’s other products–the HomePod, Apple Music, and Apple Watch–they were never the first of their kind but a revolutionized version of what already existed. Maybe with the exception of the graphical user interface, Apple has seldom ventured into areas where the market has not been already established.

But the self-driving car industry is still marked with missed deadlines by all major players. Despite tremendous progress, there is still no real self-driving car solution. Uber and Waymo’s self-driving cars have logged millions of miles, but they are still attended by safety drivers. Tesla offers a fully autonomous autopilot feature but still requires drivers to keep their hands on the steering wheel when it is enabled.

While most experts agree that we’ll eventually have driverless cars on our roads, many questions remain, such as what they will look like, how and if they will share roads with human-driven cars, what will be the regulatory requirements, and will the meaning of car ownership change.

Training data for the AI algorithms

There’s one very convincing reason Apple would enter a market as immature and risky as self-driving cars. Unlike other sectors that Apple has conquered, self-driving cars are heavy on artificial intelligence and warrant a different development strategy. The deep learning algorithms used in self-driving cars require huge volumes of training data obtained from driving cars on roads. Therefore, aside from sound engineering and design, you need an AI factory built on top of a solid data infrastructure.

Waymo and Uber have been collecting their data by test-driving their cars in different cities. Tesla, on the other hand, has directly collected its data from the hundreds of thousands of cars it has sold to consumers.

According to reports, Apple had done some small-scale road testing in the past, but downgraded the effort in 2019. The plan to launch a consumer-level self-driving car might indicate that Apple will be adopting a strategy that is similar to Tesla, which would be a bit controversial for a company that takes pride in collecting very little data from customers.

It could also indicate that, like Tesla, Apple will roll out its self-driving technology in a phased manner, gradually developing and fine-tuning its AI algorithms as it collects more data from its cars. This, too, would go against Apple’s nature of delivering near-perfect products right off the bat. That, of course, can change if the company figures out another way to collect hundreds of millions of miles worth of driving data before 2024.

Who will buy Apple’s self-driving car?

According to Reuters’ report, Apple aims to build “a vehicle for consumers.” In this respect, too, Apple’s approach is like that of Tesla and unlike Waymo and Uber, which plan to launch robo-taxi services.

But selling directly to consumers raises the question: How much will the car cost? The benchmark we have is Tesla’s electric vehicles with autopilot support, which cost between $35,000 and $120,000. But while Tesla is using a pure computer vision approach, relying only on deep learning and minor help from a front radar and sensors to navigate roads, Apple plans to include lidars on its self-driving cars.

According to a 2017 estimate, lidars used in self-driving cars can cost between $8,000 and $85,000, and each self-driving car requires several lidars, which can sometimes triple the price of the car. This might force Apple to reconsider its product delivery strategy and shift to a providing an autonomous ride-hailing service in the future.

But the industry is changing rapidly. There are now $100 and $500 lidars, and Apple has developed its own lidar scanners at a cost that makes it affordable to embed them in the iPhone 12 and iPad Pro devices. For its self-driving car, Apple will be using its own lidars and partner with other manufacturers. So, the consumer-level Apple car will probably be more expensive than the Tesla, but by 2024, the costs of the hardware might have dropped to the point that the difference will be negligible.

[embedded content]

Giving up full control?

According to the Reuters report, Apple is looking to outsource the manufacturing of the car, which would be in contrast to the company’s preference to maintain full control over its product stack. Apple controls the hardware, operating system, and the storefront for its phones, watches, TVs, and computers.

But even though Apple has decades of experience in running manufacturing plants and managing complex supply chains, building cars is a different challenge altogether, which would warrant partnering with a car manufacturer.

An alternative would be for Apple to acquire an automotive company. With more than $200 billion in liquid assets, the company could easily buy many top-tier carmakers, including General Motors, and Volkswagen, and build vehicles at scale.

The future of Apple’s self-driving car

Throughout its history, Apple has set an example of design, performance, and durability (and high prices). But this history of perfection has also set high expectations for Apple. Where consumers allow other companies to fail and recover, they expect Apple to be flawless. And at the moment, self-driving car technology is anything but flawless.

This might partly be the reason Apple has been reserved until recently and only leaked information about its self-driving car project through unnamed sources. It gives the company the maneuverability to backtrack on parts of its plans as the industry and its own project develop. The self-driving car industry is changing rapidly, and I wouldn’t be surprised if what we see in 2024 is very different from the initial report.

But what’s for sure is that Apple is serious about creating a self-driving car, and its engagement can have a serious impact on the future of transportation and the company itself.

A version of this story originally appeared on the author’s blog.

Ben Dickson is a software engineer and the founder of TechTalks, a blog that explores the ways technology is solving and creating problems.

By VentureBeat Source Link

VideoBytes: Offensive security tools and the bad guys that use them

Technology For You — Wed, 30 Dec 2020 04:39:31 +0000

by Malwarebytes Labs

Hello Folks! In this Videobyte, we’re talking about what penetration testing tools malware gangs love to use and why they are better than what you can get on the black market.

This article describes the VirusBulletin talk of a security researcher from Interzer Labs, Paul Litvak, in which he discusses his effort to identify how often offensive security tools (like Mimikatz) are used by criminal threat actors.

His findings showed an alarming trend, and his observations boiled down to a theory that criminals are reducing their overhead by utilizing (sometimes freely available) offensive security tools, meant to identify weaknesses for network penetration testers, to do much of the heavy lifting they need to infiltrate networks.

For example, in many cases tools used for lateral movement, initial infection and remote access were all created by security researchers. At the same time, tools for information gathering, which are much better in black-hat groups than those used by penetration testers, tended to be more customized for the criminal user.

Another interesting observation was that for tools which had a greater amount of technical complexity to use, the tool was used less often by attackers. Meaning that introducing greater complexity into the use of these tools, may act as a deterrent for some criminals.

Alternatively, developers of these tools should also utilize unique identifiers (symbols, characters, data chunks in the code) to make them easier to identify by scanners.

Either way, the discussion between whether Offensive Security Tools help or hurt more will continue, but this study certainly gives one point toward those who would prefer these tools be better protected.

Radware Threat Researchers Live: 2021 Predictions

Technology For You — Mon, 21 Dec 2020 03:36:59 +0000

2020 is coming to an end; it’s that time of year when we get asked to reflect on what might happen next year.

In the latest episode of Radware Threat Researchers Live, Pascal Geenens and Daniel Smith share their top ten predictions for 2021. Watch the clip below — and enjoy!

iPhones can now automatically recognize and label buttons and UI features for blind users

Technology For You — Thu, 03 Dec 2020 16:53:11 +0000

Apple has always gone out of its way to build features for users with disabilities, and Voiceover on iOS is an invaluable tool for anyone with a vision impairment — assuming every element of the interface has been manually labeled. But the company just unveiled a brand new feature that uses machine learning to identify and label every button, slider, and tab automatically.

Screen Recognition, available now in iOS 14, is a computer vision system that has been trained on thousands of images of apps in use, learning what a button looks like, what icons mean, and so on. Such systems are very flexible — depending on the data you give them, they can become expert at spotting cats, facial expressions, or as in this case the different parts of a user interface.

The result is that in any app now, users can invoke the feature and a fraction of a second later every item on screen will be labeled. And by “every,” they mean every — after all, screen readers need to be aware of every thing that a sighted user would see and be able to interact with, from images (which iOS has been able to create one-sentence summaries of for some time) to common icons (home, back) and context-specific ones like “…” menus that appear just about everywhere.

The idea is not to make manual labeling obsolete — developers know best how to label their own apps, but updates, changing standards, and challenging situations (in-game interfaces, for instance) can lead to things not being as accessible as they could be.

I chatted with Chris Fleizach from Apple’s iOS accessibility engineering team, and Jeff Bigham from the AI/ML accessibility team, about the origin of this extremely helpful new feature. (It’s described in a paper due to be presented next year.)

“We looked for areas where we can make inroads on accessibility, like image descriptions,” said Fleizach. “In iOS 13 we labeled icons automatically – Screen Recognition takes it another step forward. We can look at the pixels on screen and identify the hierarchy of objects you can interact with, and all of this happens on device within tenths of a second.”

The idea is not a new one, exactly; Bigham mentioned a screen reader, Outspoken, which years ago attempted to use pixel-level data to identify UI elements. But while that system needed precise matches, the fuzzy logic of machine learning systems and the speed of iPhones’ built-in AI accelerators means that Screen Recognition is much more flexible and powerful.

It wouldn’t have been possibly just a couple years ago — the state of machine learning and the lack of a dedicated unit for executing it meant that something like this would have been extremely taxing on the system, taking much longer and probably draining the battery all the while.

But once this kind of system seemed possible, the team got to work prototyping it with the help of their dedicated accessibility staff and testing community.

“VoiceOver has been the standard bearer for vision accessibility for so long. If you look at the steps in development for Screen Recognition, it was grounded in collaboration across teams — Accessibility throughout, our partners in data collection and annotation, AI/ML, and, of course, design. We did this to make sure that our machine learning development continued to push toward an excellent user experience,” said Bigham.

[embedded content]

It was done by taking thousands of screenshots of popular apps and games, then manually labeling them as one of several standard UI elements. This labeled data was fed to the machine learning system, which soon became proficient at picking out those same elements on its own.

It’s not as simple as it sounds — as humans, we’ve gotten quite good at understanding the intention of a particular graphic or bit of text, and so often we can navigate even abstract or creatively designed interfaces. It’s not nearly as clear to a machine learning model, and the team had to work with it to create a complex set of rules and hierarchies that ensure the resulting screen reader interpretation makes sense.

The new capability should help make millions of apps more accessible, or just accessible at all, to users with vision impairments. You can turn it on by going to Accessibility settings, then VoiceOver, then VoiceOver Recognition, where you can turn on and off image, screen, and text recognition.

It would not be trivial to bring Screen Recognition over to other platforms, like the Mac, so don’t get your hopes up for that just yet. But the principle is sound, though the model itself is not generalizable to desktop apps, which are very different from mobile ones. Perhaps others will take on that task; the prospect of AI-driven accessibility features is only just beginning to be realized.

By TechCrunch Source Link

Microsoft & Google Impersonation Attacks Are on the Rise – How to Stay Safe

Technology For You — Wed, 25 Nov 2020 11:36:23 +0000

By Danielle Guetta, Product Marketing Manager, CheckPoint | Source

Do you feel that your inbox is burdened with an increasing number of phisy-looking emails, now more than ever before? Well, that’s because it actually is.

According to Check Point Research Q3 Phishing Report, email-based phishing attacks saw the highest increase in number, compared to any other platform in Q2. The most common of these emails are impersonation emails asking users to reset or submit their Microsoft account credentials, in order to gain control over their accounts.

In Q3 of 2020, email was the most used platform for impersonation attacks, accounting for a staggering 44% of the attacks total, with Microsoft being the most imitated brand for impersonation phishing attempts (19% of total), followed by Google (9% of total).

So what does it mean for email security, especially in the new normal?

Figure 1: Account verification phishing email from “Microsoft Accounts Team”

Working from home is distracting, and cyber criminals know it

I believe most can relate to the next scenario: you are in the middle of a business call with your teammates on Zoom or Teams. Your kids are at home, and while you try to maintain your focus on your work call, your toddler is throwing his lunch on the carpet, while your dog has appointed itself the house’s vacuum cleaner.

In the middle of it all, you get an email from Microsoft saying that your account was blocked, and you have to verify your details ASAP. Sure, you might have been more cautious if you were at the office, undistracted by your kids, dogs, or spouse. However, in the midst of the chaos that is working from home, you clicked on that link and verified your account with your username and password, just so you can keep working. And just like that, you unknowingly fell victim to a phishing attack that harvested your account’s credentials.

The increase in phishing emails in Q3 of 2020 is one of the most prominent trends of the Work-From-Home era. Cybercriminals are well aware of the distractions people are dealing with while trying to work and be productive from home. Combined with the enormous amount of emails employees receive every day, the recipe for a successful email phishing campaign is complete.

What’s worse is that an email phishing attack is often the first step in a multi-staged attack that puts your entire organization at risk. When cybercriminals obtain one employee’s account credentials, they have access to corporate data, and can use the hijacked account to send further phishing emails to other employees in the organization, pretending to be the hijacked account’s owner. These attacks can results in huge costs, loss of sensitive data and even compliance fines, in case of a customer data breach.

To learn more about these types of attacks, we invite you to watch the following video where Maya Horwitz, Director of threat research and intelligence, takes you through one of the most interesting stories we uncovered – the Florentine Banker Group

Email security is crucial now more than ever

Check Point Research’s Report findings are yet another testament to the fact organizations can’t afford to compromise on email security, now more than ever. The new normal presents a reality that is not going to change in the near future, which means remote work is here to stay. Employees working from home, distracted by their daily life, can’t be relied on to stop the next email phishing attack, and that is why a pre-emptive email security solution must be deployed.

To make matters worse, in the new normal, phishing and malware threats do not stop at mailboxes. The productivity applications employees use daily from Microsoft 365 or Google Workspace are a direct extension of their mailboxes, and used to send sensitive files and complete important tasks involving corporate data all the time. For that, organizations must consider a solution that provides complete protection from all attacks for both email and productivity suite applications such as Teams, OneDrive, Google Drive and others.

Video | Part #7: What Can a Malicious Email Do?

Gartner Keynote: The Future of Business Is Composable

Technology For You — Tue, 20 Oct 2020 18:46:46 +0000

Contributor: Kasey Panetta | Source: Gartner

Organizations must follow the four principles of composable business modularity, autonomy, orchestration and discovery.

When COVID-19 hit and Australia went into lockdown, many people lost their jobs. The result was a surge in welfare applications to Services Australia, which provides health, child support and welfare services to 25 million citizens.

There were so many applications, the site crashed.

But Services Australia rapidly pivoted to accommodate this surge in demand and made changes to how it traditionally operated. They shifted in-person appointments to phones or online, deployed voiceprint technology to 1.2 million users and saw a 600% increase in the use of digital assistants to orchestrate fast responses.

“Composable business means creating an organization made from interchangeable building blocks”.

The organization created resilience via the principles of composable business — a key feature of a successful business in 2020 and beyond — that enabled the agency to provide a safety net for citizens in need.

“Composable business is a natural acceleration of the digital business that you live every day. It allows us to deliver the resilience and agility that these interesting times demand,” said Daryl Plummer, Distinguished VP Analyst, during the opening keynote at virtual Gartner Symposium IT/Xpo®. “We’re talking about the intentional use of ‘composability’ in a business context architecting your business for real-time adaptability and resilience in the face of uncertainty.”

Gartner Keynote | Video

Composable means modularity

The pandemic highlighted vulnerabilities in business models that for years focused on efficiency. Organizations that were once efficient suddenly became fragile at a time when they needed to be flexible. Businesses that were smart pivoted to a more modular setup, creating a composable business. Organizations were prepared for one type of future, but now must plan for multiple futures.

Composable business means creating an organization made from interchangeable building blocks. The modular setup enables a business to rearrange and reorient as needed depending on external (or internal) factors like a shift in customer values or sudden change in supply chain or materials.

The 4 principles of composable business

The idea of composable business operates on four basic principles:

More speed through discovery
Greater agility through modularity
Better leadership through orchestration
Resilience through autonomy

This type of thinking enables a business to survive, and even flourish, in times of great disruption. From a technical perspective, this type of composability is not new to CIOs. It exists in familiar technology, from APIs to containers. But, it is a new, or perhaps ignored, idea for a CIO’s business counterparts and board of directors. Composable business requires a foundational change in business thinking, architecture and technology.

The building blocks of composable business

The three building blocks of composable business are:

Composable thinking, which keeps you from losing your creativity. Anything is composable. When you combine the principles of modularity, autonomy, orchestration and discovery with composable thinking, it should guide your approach to conceptualizing what to compose, and when.
Composable business architecture ensures that your organization is built to be flexible and resilient. It’s about structure and purpose. These are structural capabilities — giving you mechanisms to use in architecting your business.
Composable technologies are the tools for today and tomorrow. They are the pieces and parts, and what connects them all together. The four principles are product design goals driving the features of technology that support the notions of composability.

When combined with the principles, the building blocks of composable business enable organizations to pivot quickly. For example, a Chinese appliance manufacturer pivoted from making dishwashers and wine coolers to distributing critical medical equipment during the pandemic. The company flexed beyond its core competencies, listened to what customers needed at the time and used its platform to move from an idea to a product launch.

“The building blocks of composable business enable organizations to pivot quickly”.

The more these composable business ideas are integrated within your business model, the more flexibility and agility your organization will have. That means faster response time and more consistency in execution for this new type of business setup.

Leverage existing technologies

Organizations that embraced — and continue to embrace — the building blocks and principles of composable business were able to successfully leverage existing digital investments and, the best-case scenario, accelerate investment.

“Sixty-nine percent of corporate directors want to accelerate enterprise digital strategies and implementations to help deal with the ongoing disruption,” said Tina Nunno, Distinguished VP Analyst, Gartner. “For some enterprises that means that their digital strategies become real for the first time, and for others that means rapidly scaling digital investments.”

These strategies will help organizations handle the global industrywide volatility that will continue well into next year.

“You, the CIOs, can contribute to the evolution of a more powerful and adaptable form of business, architected to deal with continuing business disruptions — composable business,” said Nunno.

Key opportunities for CIOs

Look for the “moments of composability” and seize the opportunity they present. These moments could be geopolitical, like the pandemic and global recession, but they could also be societal, such as a change in consumer attitude. These are moments in which the CIO must recognize the need for an immediate change in the organization or risk having the business falter or fail.

“Throughout history, great leaders have faced turmoil and turned it into inspiration,” said Don Scheibenreif, Distinguished VP Analyst, Gartner. “Composing: being flexible, fluid, continuous, even improvisational — is how we will move forward.”

Email threat types: Data exfiltration

Technology For You — Sun, 04 Oct 2020 19:08:33 +0000

Data exfiltration, sometimes referred to as data theft, is the unauthorized transfer of data from your computer, network, or other devices. The stolen data is transferred from the victim to a control server or some other device that is controlled by the attacker. This data is often sold on the dark web and used by other criminals for spear phishing, identity theft, and other advanced threats.

A comprehensive data loss prevention (DLP) system will scan all outbound emails and other network traffic to look for pre-determined patterns or keywords, such as credit card numbers or HIPAA medical terms. Emails containing this type of information are either blocked, encrypted, or quarantined for a review.

Video | 13 Email Threat Types

Data exfiltration is one of the threats identified in our free e-book, 13 Email Threats to Know About Right Now, and is sometimes part of a larger attack.

Download your free copy of the e-book, 13 Email Threats to Know About Right Now, to learn how to defend against data exfiltration and other dangerous email threats.

Get your copy of the e-book

VideoBytes: Ransomware gets wasted!

Technology For You — Sat, 03 Oct 2020 06:45:45 +0000

by Malwarebytes Labs

Hello dear readers, and welcome to the latest edition of VideoBytes! On today’s episode, we’re talking about how ransomware is on the rise again, focused on attacking corporations with malware that not only encrypts files, but also steals it.

The tactics used to deploy these forms of ransomware have become more capable and the amount of effort that goes into an attack is far greater than what we saw 3 years ago. Ransomware is also evolving as we continuously see new tactics to evade detection and/or increase infection and encryption speed.

Watch on to learn all about it. Or, as our esteemed host always says: Sit back, relax, here come the facts.

A rise in ransomware attacks

A recent study found that 25% of all UK universities have experienced a ransomware attack in the last 10 years, including Sheffield Hallam University that had 42 attacks in the past seven years!

Most of the universities covered in the study had been attacked multiple times. However, of the universities that responded, many reported that they did not pay the ransom, rather they restored from backups.

One point made by Ionut Ilascu from Bleeping Computer mentions that “the results from the FOIA are a poor reflection of the recent period as close to half of all the schools receiving the solicitation refused to give any information, motivating with concerns that admission of attack would only encourage the hackers.”

Logic dictates that going after a previous cybercrime victim is like trying to launch a sneak attack on an enemy who already knows you are coming. Clearly, some folks believe that admitting you have been the victim of a cyber-attack is a sign of weakness or insecurity.

Attackers threaten to report you!

There are possible legal difficulties that may affect whether or not a company pays or even reports a ransomware attack. For example, the General Data Protection Regulation, or GDPR, is a sweeping data privacy and protection law in the European Union that attempts to enforce the safe and secure protection of user data by organizations operating in Europe.

Admitting that an attack occurred and inviting possible investigation into how secure, or insecure, your data storage policies are may be enough reason for some organizations to downplay attacks. In fact, a ransomware group has recently taken advantage of this and is using GDPR threats to try and extort victims.

For example, servers running the MongoDB database software are being targeted by attackers who are focused on insecure deployments of the software, with the goal of accessing databases, stealing data and replacing it with README files that demand bitcoin payments in 48 hours or else all stolen data will get released online.

Part of the ransom note claims that if the victim doesn’t pay, not only will they release the files, but they will also report the organization to the GDPR authorities, which may lead to a fine or arrest (according to the note, anyway, which is clearly meant to drum up fear).

Victor Gevers of the GDI Foundation, who has been tracking this threat, identified over 15,000 servers that the README ransom note was found on. He obtained this information after querying the internet device search engine Shodan. However, other scanners show up to 23,000 affected servers.

According to a Bleeping Computer article by Lawrence Abrams, which featured Victor Gevers: “With the ransom amount being small at $135.55 and the worry of GDPR violations, Gevers feels that it may cause some people to pay. The actors then know that the data is valuable to the owner and extort them for even more money.”

WastedLocker ransomware lands a whale

That $135 ransom is a lot less than Garmin reportedly paid when it suffered an attack from a ransomware known as WastedLocker, which knocked down a lot of their services in the process. According to media reports, Garmin ended up using a ransomware negotiation company called Arete IR to pay millions of dollars to the attackers and get everything back up and running again.

WastedLocker is a ransomware tool known to be associated with the Russian Cybercrime Gang: “Evil Corp” and it has been on a bit of a spree over the last few months. And you’re right—it’s not the most inventive name for a cybercriminal gang.

Fake news?

In July it was reported that this same ransomware strain was found infecting networks of dozens of US newspaper websites. They hosted WastedLocker executables on those infected servers and, when needed, would download it from the same sites. The goal was to mask the malicious intent of the traffic by making it look like a user just reading the news.

In addition, Symantec warned folks about this group a month before the Garmin attack was made public. These guys are not messing around; they only seem to go after well-resourced and likely well-researched organizations, unlike other ransomware families we have seen in the past who target anyone willing to run their malware.

Evading protection

An example of this group’s sophistication is their use of new features meant to evade detection by anti-ransomware tools. Many AR tools use the behavior of an untrusted executable doing ransomware-like things to identify a possible ransomware infection, for example, encrypting files and deleting them.

WastedLocker loads files into the “Windows Cache Manager” which can hold temporary versions of files. The malware reads the contents of a victim file into the Windows Cache Manager, then encrypts the data found in the cache, not the file on disk.

When enough of the data in the cache has been “modified” or encrypted by the ransomware, the cache manager automatically writes the modified data to the original file. In simple terms, it replaces the unencrypted, legitimate file with the encrypted version and it does this under the umbrella of a legitimate system process, not some shady EXE file.

The idea is that if an anti-ransomware tool does not see the malware binary doing the encryption, then maybe it will not detect the malware. However, vendors are already updating their tools to detect this kind of behavior, so it may not be a clever trick for much longer.

The new normal for ransomware

Researchers believe that WastedLocker is manually directed by attackers who utilize things like stolen passwords and outward facing, vulnerable network entry ports that allow them to not just launch malware, but scope out a target and determine the best strategy for attack. Something like that is more difficult to predict and defend against, especially when the actor is proven to be sophisticated and clever.

Wastedlocker has already proven itself multiple times over as being a dangerous and capable malware. Depending on what Evil Corp wants to do next, they could continue trying to ransom corporate networks or they could set up shop and start selling modified versions of WastedLocker to other cybercriminals. The ransomware-as-a-service scene (yes, you read that right) is very lucrative.

Ransomware-as-a-service

Ransomware-as-a-service is a term used to describe a cybercrime group that develops malware for individual customers to spread. This takes a lot of the overhead out of launching a ransomware attack, because previously an attacker might have needed to develop, steal, or buy their own ransomware, then go about trying to infect people with it. The quality of that ransomware was not guaranteed, and it might not even work.

With more advanced families of ransomware like Cerber and Locky, the value was in the proven effectiveness of the ransomware. The creators of these families only needed to make slight updates and provide individualized modifications to customers (like what email the victim should reach out to) who would then go about distributing the malware. Once a ransom payment occurs, the creators of the ransomware get their own cut and the distributors get most of the payment.

However, to avoid being scammed by the criminals selling the ransomware, who may include a backdoor in that ransomware, it comes down to reputation of the malware. Have there been news stories about it? Has it been proven in the wild? Combine those queries with the reputation of the creators and sellers of the service: Do they have good relationships with other criminals? Can they be counted on to come through on their end of the bargain?

It’s like buying something off the DarkNet, you have to put your confidence into the seller that they will deliver the product you are buying and a lot of times that comes in the form of previous customer reviews. If a criminal developing malware was putting backdoors into what they were selling, someone would notice and tell other folks about it. Eventually, the vendor will not be trusted anymore, and nobody will buy their wares.

It’s sort of like a rampant free market, but for ransomware, and totally terrible for businesses and consumers. The product with the most reliability, the strongest reviews, and the best, uh, returns, will likely enjoy the most sales.