Trend Micro Incorporated, the leader in cloud security, has identified a new class of cybercrime. Criminals are using cloud services and technology to speed up attacks, which decreases the amount of time enterprises have to identify and respond to a breach.

Trend Micro Research found terabytes of internal business data and logins for popular providers like Amazon, Google, Twitter, Facebook, and PayPal offered for sale on the dark web. This data is sold via access to the cloud logs in which it is stored. This results in more stolen accounts being monetized, and the time from initial data theft to stolen information being used against an enterprise has decreased from weeks to days or hours.

“The new market for access to cloud logs ensures stolen information can be used more quickly and effectively by the cybercrime community—that’s bad news for enterprise security teams,” said Robert McArdle, director of forward-looking threat research for Trend Micro. “This new cybercriminal market shows how criminals are using cloud technologies to compromise you. Which also means a business is not exempt from this attack method if they only use on-prem services. All organizations will need to double down on preventative measures and ensure they have the visibility and controls needed to react fast to any incidents that occur.”

Once access is purchased for logs of cloud-based stolen data, the purchaser will use the information for secondary infection. For example, Remote Desktop Protocol (RDP) credentials can be found in these logs and are a popular entry point for criminals targeting enterprises with ransomware.

Storing terabytes of stolen data in cloud environments has similar appeal for criminal businesses as it does for legitimate organizations. Cloud storage offers scalability and speed that provides more computing power and bandwidth to optimize operations.

Access to these logs of cloud data are often sold on a subscription basis for as much as $1,000 per month. Access to a single log can include millions of records, and higher prices are earned for frequently updated data sets or the promise of relative exclusivity.

With ready access to data in this way, cybercriminals can streamline and accelerate execution of attacks and potentially expand their number of targets. The result is to optimize cybercrime by ensuring threat actors who specialize in specific areas—say cryptocurrency theft, or e-commerce fraud—can get access to the data they need: quickly, easily and relatively cheaply.

The Trend Micro report warns that in the future, such activity could even give rise to a new type of cybercriminal—an expert in data mining who uses machine learning to enhance pre-processing and extraction of information to maximize its usefulness to buyers. The overall trend will be towards standardization of services and pricing, as the industry matures and professionalizes. 

The post Cybercriminals Use Cloud Technology To Accelerate Business Attacks appeared first on Artificial Intelligence.

The Morrison Government has today released a voluntary Code of Practice to improve the security of the Internet of Things (IoT) in Australia – including everyday devices such as smart fridges, smart televisions, baby monitors and security cameras.

Minister for Home Affairs Peter Dutton said cyber security has never been more important to Australia’s economic prosperity.

“Internet-connected devices are increasingly part of Australian homes and businesses and many of these devices have poor security features that expose owners to compromise,” Mr Dutton said.

“Manufacturers should be developing these devices with security built in by design.

“Australians should be considering security features when purchasing these devices to protect themselves against unsolicited access by cybercriminals.”

Minister for Defence Senator the Hon Linda Reynolds CSC said the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has today also released quick and easy tips to help Australian consumers protect themselves against cyber threats when buying and using internet-connected devices.

“Boosting the security and integrity of internet connected devices is critical to ensuring that the benefits and conveniences they provide can be enjoyed without falling victim to cybercriminals,” Minister Reynolds said.

When purchasing and setting up an IoT device, some of the questions families and businesses should ask are:

1. Is the device made by a well-known reputable company and sold by a well-known reputable company?
2. Is it possible to change the password?
3. Does the manufacturer provide updates?
4. What data will the device collect and who will the data be shared with?

The ACSC has also produced guidance for manufacturers on how to implement the loT Code of Practice.

The Code of Practice is a key deliverable as part of the 2020 Cyber Security Strategy and has been developed in close partnership with industry following nation-wide consultation earlier this year. It outlines the cyber security features the Government expects of internet-connected devices available in Australia.

The Code of Practice also aligns and builds upon guidance provided by the United Kingdom, and is consistent with other international standards.

The Australian Government will continue to explore further initiatives for lifting the security of the Internet of Things and making Australia the safest place to connect online.

The post Lifting the cyber security of the Internet of Things: voluntary Code of Practice appeared first on Artificial Intelligence.

Fortinet unveiled predictions from the FortiGuard Labs team about the threat landscape for 2020 and beyond. These predictions reveal methods that Fortinet anticipates cybercriminals will employ in the near future, along with important strategies that will help organizations protect against these oncoming attacks.

Michael Joseph, director system engineering, India & SAARC, Fortinet, said: “Much of the success of cyber adversaries has been due to the ability to take advantage of the expanding attack surface and the resulting security gaps due to digital transformation. Most recently, their attack methodologies have become more sophisticated by integrating the precursors of AI and swarm technology. Luckily, this trajectory is about to shift, if more organizations use the same sorts of strategies to defend their networks that criminals are using to target them. This requires a unified approach that is broad, integrated, and automated to enable protection and visibility across network segments as well as various edges, from IoT to dynamic-clouds.”

Changing the trajectory of cyberattacks

Cyberattack methodologies have become more sophisticated in recent years magnifying their effectiveness and speed. This trend looks likely to continue unless more organizations make a shift as to how they think about their security strategies. With the volume, velocity, and sophistication of today’s global threat landscape, organizations must be able to respond in real time at machine speed to effectively counter aggressive attacks. Advances in artificial intelligence and threat intelligence will be vital in this fight.

The evolution of artificial intelligence as a System

One of the objectives of developing security-focused artificial intelligence (AI) over time has been to create an adaptive immune system for the network similar to the one in the human body. The first generation of AI was designed to use machine learning models to learn, correlate and then determine a specific course of action. The second generation of AI leverages its increasingly sophisticated ability to detect patterns to significantly enhance things like access control by distributing learning nodes across an environment. The third generation of AI is where rather than relying on a central, monolithic processing center, AI will interconnect its regional learner nodes so that locally collected data can be shared, correlated, and analyzed in a more distributed manner. This will be a very important development as organizations look to secure their expanding edge environments.

Federated machine learning

In addition to leveraging traditional forms of threat intelligence pulled from feeds or derived from internal traffic and data analysis, machine learning will eventually rely on a flood of relevant information coming from new edge devices to local learning nodes. By tracking and correlating this real-time information, an AI system will not only be able to generate a more complete view of the threat landscape, but also refine how local systems can respond to local events. AI systems will be able to see, correlate, track, and prepare for threats by sharing information across the network. Eventually, a federated learning system will allow data sets to be interconnected so that learning models can adapt to changing environments and event trends and so that an event at one point improves the intelligence of the entire system.

Combining AI and playbooks to predict attacks

Investing in AI not only allows organizations to automate tasks, but it can also enable an automated system that can look for and discover attacks, after the fact, and before they occur. Combining machine learning with statistical analysis will allow organizations to develop customized action planning tied to AI to enhance threat detection and response. These threat playbooks could uncover underlying patterns that enable the AI system to predict an attacker’s next move, forecast where the next attack is likely to occur, and even determine which threat actors are the most likely culprits. If this information is added into an AI learning system, remote learning nodes will be able to provide advanced and proactive protection, where they not only detect a threat, but also forecast movements, proactively intervene, and coordinate with other nodes to simultaneously shut down all avenues of attack.

The opportunity in counterintelligence and deception

One of the most critical resources in the world of espionage is counterintelligence, and the same is true when attacking or defending an environment where moves are being carefully monitored. Defenders have a distinct advantage with access to the sorts of threat intelligence that cybercriminals generally do not, which can be augmented with machine learning and AI. The use of increased deception technologies could spark a counterintelligence retaliation by cyber adversaries. In this case, attackers will need to learn to differentiate between legitimate and deceptive traffic without getting caught simply for spying on traffic patterns. Organizations will be able to effectively counter this strategy by adding playbooks and more pervasive AI to their deception strategies. This strategy will not only detect criminals looking to identify legitimate traffic, but also improve the deceptive traffic so it becomes impossible to differentiate from legitimate transactions. Eventually, organizations could respond to any counterintelligence efforts before they happen, enabling them to maintain a position of superior control.

Tighter integration with law enforcement

Cybersecurity has unique requirements related to things like privacy and access, while cybercrime has no borders. As a result, law enforcement organizations are not only establishing global command centers but have also begun connecting them to the private sector, so they are one step closer to seeing and responding to cybercriminals in real-time. A fabric of law enforcement, as well as public and private sector relationships, can help in terms of identifying and responding to cybercriminals. Initiatives that foster a more unified approach to bridge the gaps between different international and local law enforcement agencies, governments, businesses, and security experts will help expedite the timely and secure exchange of information to protect critical infrastructure and against cybercrime.

Cyber adversary sophistication is not slowing down

Changes in strategy will not go without a response from cyber adversaries. For networks and organizations using sophisticated methods to detect and respond to attacks, the response might be for criminals to attempt to reply with something even stronger. Combined with more sophisticated attack methods, the expanding potential attack surface, and more intelligent, AI-enabled systems, cybercriminal sophistication is not decreasing.

Advanced evasion techniques

A recent Fortinet Threat Landscape report demonstrates a rise in the use of advanced evasion techniques designed to prevent detection, disable security functions and devices, and operate under the radar using living off the land (LOTL) strategies by exploiting existing installed software and disguising malicious traffic as legitimate. Many modern malware tools already incorporate features for evading antivirus or other threat detection measures, but cyber adversaries are becoming more sophisticated in their obfuscation and anti-analysis practices to avoid detection. Such strategies maximize weaknesses in security resources and staffing.

Swarm technology

Over the past few years, the rise of swarm technology, which can leverage things like machine learning and AI to attack networks and devices has shown new potential. Advances in swarm technology, have powerful implications in the fields of medicine, transportation, engineering, and automated problem solving. However, if used maliciously, it may also be a game changer for adversaries if organizations do not update their security strategies. When used by cybercriminals, bot swarms could be used to infiltrate a network, overwhelm internal defenses, and efficiently find and extract data. Eventually, specialized bots, armed with specific functions, will be able to share and correlate intelligence gathered in real-time to accelerate a swarm’s ability to select and modify attacks to compromise a target, or even multiple targets simultaneously.

Weaponizing 5G and edge computing

The advent of 5G may end up being the initial catalyst for the development of functional swarm-based attacks. This could be enabled by the ability to create local, ad hoc networks that can quickly share and process information and applications. By weaponizing 5G and edge computing, individually exploited devices could become a conduit for malicious code, and groups of compromised devices could work in concert to target victims at 5G speeds. Given the speed, intelligence, and localized nature of such an attack, legacy security technologies could be challenged to effectively fight off such a persistent strategy.

A Change in how cybercriminals use zero-day attacks

Traditionally, finding and developing an exploit for a zero-day vulnerability was expensive, so criminals typically hoard them until their existing portfolio of attacks is neutralized. With the expanding attack surface, an increase in the ease of discovery, and as a result, in the volume of potentially exploitable zero-day vulnerabilities is on the horizon. Artificial Intelligence fuzzing and zero-day mining have the ability to exponentially increase the volume of zero-day attacks as well. Security measures will need to be in place to counter this trend.

The post Advanced artificial intelligence will evolve shifting the traditional advantage of the cybercriminal appeared first on Artificial Intelligence.

Ben Gurion, the main international airport in Israel, is one of the most protected airports in the world. It is known for its multilayered security. On the way from the office to the airport, you get caught in the lens of airport cameras. The road curves several kilometers to the terminal, and when you are driving, the security system has enough time to analyze your identity. In case of any signs of danger, you will be intercepted. The system of behavior anomalies analysis in computer systems works the same way. The implementation of these systems is effective in defense. While a perpetrator is running certain commands, an AI-based system can stave off any damage, having identified an intrusion.

AI deployment is not so rosy in the world of cybersecurity. Hackers move forward and adopt it as well. The U.S. intelligence community reports that artificial intelligence actually works in cybercriminals’ favor.

Let’s go over a few areas for hackers deploying machine learning and find out which cybersecurity measures should be taken.

Data Gathering

Every single breach starts with data gathering. Hackers maximize the chances of success by gaining more information. They classify users and select a potential victim thoroughly using several classification and clustering methods. This task can be automated.

How can you protect yourself from being their victim? It goes without saying that your personal information must not be available in open sources, so you should not publish an awful lot of information about yourself on social networks.

Phishing

Neural networks can be trained to create spams that resemble a real email. However, in order for this to work, it is better to know the sender’s behavior. This can be achieved through network phishing that provides hackers with easy access to personal information. Research from BlackHat about automated spearphishing on Twitter proves this idea. This tool can increase the success of phishing campaigns up to 30% — which is twice as much as traditional automation and similar to manual phishing.

How can you protect yourself from phishing? You could just mail a question to a sender. Hackers have become savvier, however, and can analyze your message and respond appropriately so that you are sure that the account is not compromised. Nowadays systems are not complicated but it will not be long before smart chat bots communicate with you like your friends do.

The most actionable recommendation is to ask the user through other channels and messengers if he or she sent the message. There is little chance that several of his or her accounts are compromised at once.

Voice Fabrication

The new generation of AI-based companies like Lyrebird can create fake audio files and videos that can mimic any voice. It can help perpetrators in social engineering.

Frankly speaking, it seems nothing can protect you from these wild tricks, as believing that everything that is written or spoken is fabricated undermines confidence in all the information you receive.

CAPTCHA Bypass

A simple captcha test can be automatically resolved. Some computers promise over 98% accuracy. “I’m Not a Human: Breaking the Google reCAPTCHA” is a fascinating paper that was delivered at a BlackHat conference.

How can you protect yourself? Object recognition captchas are dead. If you choose a captcha for your website, it is better to try MathCaptcha or its alternatives.

Password brute force is yet another area where cybercriminals can deploy machine learning. You might hear about a neural network that generates texts based on the trained texts. You can give this network, say, a list of Eminem’s songs, and it will create a new song.

The same idea can have wide applicability to generating passwords. Researchers at MIT have taken this approach, applied it to passwords and received good results. An approach that was mentioned in one of the latest papers called “PassGAN” represents GANs (Generative Adversarial Networks) to generate passwords. Cybercriminals consider this idea a more promising one after recent reporting from 4IQ suggesting the existence of a database of 1.4 billion passwords from all breaches.

Use complicated passwords and exclude simple ones. Avoid those from the database. The only secure random passwords are those built on shortened sentences and mixed with special characters.

Malware

In 2017, the first publicly known example of AI for malware creation was proposed at Peking University in Beijing, when the authors created a MalGAN network.

It resembles our reality, where viruses mutate resulting in new flu epidemics. What counts here is that people who care about their health catch them less. The same happens with computers. Regular hygiene, or in the online, never visiting insecure sites, saves people from viruses most of the time.

Cybercrime Automation

Savvy hackers apply machine learning to other areas. In certain criminal tasks, there something called Hivenet, which refers to smart botnets. If cybercriminals manage botnets manually, Hivenets can change behavior depending on circumstances. They resemble parasites living in devices and deciding who will be next to use victims’ resources.

It is essential to change a default password to protect IoT devices from most attacks.

Conclusion

The ideas above are only some examples of the ways hackers can use machine learning.

Aside from using more secure passwords and being more careful while following third-party websites, I can only advise paying attention to security systems based on AI in order to be ahead of perpetrators. A year or two ago, everyone had a skeptical attitude toward the use of artificial intelligence. Today’s research findings and its implementation in products prove that AI actually works, and it’s here to stay.

The post Seven Ways Cybercriminals Can Use Machine Learning appeared first on Artificial Intelligence.

People are undoubtedly your company’s most valuable asset. But if you ask cybersecurity experts if they share that sentiment, most would tell you that people are your biggest liability.

Historically, no matter how much money an organization spends on cybersecurity, there is typically one problem technology can’t solve: humans being human.  Gartnerexpects worldwide spending on information security to reach $86.4 billion in 2017, growing to $93 billion in 2018, all in an effort to improve overall security and education programs to prevent humans from undermining the best-laid security plans. But it’s still not enough: human error continues to reign as a top threat.

According to IBM’s Cyber Security Intelligence Index, a staggering 95% of all security incidents involve human error. It is a shocking statistic, and for the most part it’s due to employees clicking on malicious links, losing or getting their mobile devices or computers stolen, or network administrators making simple misconfigurations. We’ve seen a rash of the latter problem recently with more than a billion records exposed so far this year due to misconfigured servers. Organizations can count on the fact that mistakes will be made, and that cybercriminals will be standing by, ready to take advantage of those mistakes.

So how do organizations not only monitor for suspicious activity coming from the outside world, but also look at the behaviors of their employees to determine security risks? As the adage goes, “to err is human” — people are going to make mistakes. So we need to find ways to better understand humans, and anticipate errors or behaviors that are out of character — not only to better protect against security risks, but also to better serve internal stakeholders.

There’s an emerging discipline in security focused around user behavior analytics that is showing promise in helping to address the threat from outside, while also providing insights needed to solve the people problem. It puts to use new technologies that leverage a combination of big data and machine learning, allowing security teams to get to know their employees better and to quickly identify when things may be happening that are out of the norm.

To start, behavioral and contextual data points such as the typical location of an employee’s IP address, the time of day they usually log into the networks, the use of multiple machines/IP addresses, the files and information they typically access, and more can be compiled and monitored to establish a profile of common behaviors. For example, if an employee in the HR team is suddenly trying to access engineering databases hundreds of times per minute, it can be quickly flagged to the security team to prevent an incident.

The real value here is when companies apply these learnings to build a risk-based authentication system to give staff access to data or systems. Essentially, it means customizing the level of access given to employees based on a risk score of their past behaviors, compared with an understanding of the data or systems they are asking for access to. This type of risk-based authentication enables better visibility of error-prone users, or those that have opened avenues of opportunity for cybercriminals in the past, helping to solve the “human” problem of cybersecurity.

In order to achieve this, we must first understand that all users are not on the same playing field. There are many different levels of “savvy” when it comes to each individual within a company: some are extremely knowledgeable about technology and implementing safeguards, such as biometrics and multi-factor authentication. Others may not be as careful or may do things such as recycle passwords (shudder) from common accounts, which can easily be leaked or breached, or downloading documents from a suspicious email address.

In addition, there are many varying roles and needs throughout every company, from users with basic computing environments, to those that may need up to five different machines to do their jobs. For these reasons, there is no “one size fits all” approach to navigating the human element of security, and organizations can no longer rely on traditional automated technologies that take a “set it and forget it” mentality.

While it may go against traditional instincts around security, which usually centers on control and restrictions to fight human error, it’s best to let employees just be themselves — and design your systems to cope with that. The combination of understanding employees’ everyday interactions with IT and having the power to analyze every possible scenario in real time can help security teams define more appropriate levels of authentication for the entire workforce, from tech-savvy developers to the Luddites in the boardroom. This provides the right balance of security, privacy, and user experience, while protecting organizations—and the people within them—from themselves.

The post How Machine Learning Can Help Identify Cyber Vulnerabilities appeared first on Artificial Intelligence.

Over the last few years, machine learning threat detection and defence company Darktrace has been something of a rising star in the cybersecurity industry. Its core unsupervised machine learning technology lend it the reputation of being one of the best in AI-enabled security. But what exactly do those on the cutting edge of cybersecurity research worry about?

Computerworld UK met with director of cyber analysis at Darktrace, Andrew Tsonchev, at the IP Expo show in London’s Docklands late last month.

“A lot of solutions out there look at previous attacks and try to learn from them, so AI and machine learning are being built around learning from what they’ve seen before,” he said. “That’s quite effective at, say, coming up with a machine learning classifier that can detect banking trojans.”

But what’s the flip-side to that? If vendors are taking artificial intelligence seriously in threat detection, won’t their counterparts in the criminal world consider the same? Are these hackers as sophisticated currently as some of the vendors would have us believe they are?

To understand where machine learning might be useful for attackers, it’s useful to consider some instances where it has demonstrated strong advantages in defence.

The post What happens when cybercriminals start to use machine learning? appeared first on Artificial Intelligence.

The next major cyberattack could involve artificial intelligence systems. It could even happen soon: At a recent cybersecurity conference, 62 industry professionals, out of the 100 questioned, said they thought the first AI-enhanced cyberattack could come in the next 12 months.

This doesn’t mean robots will be marching down Main Street. Rather, artificial intelligence will make existing cyberattack efforts – things like identity theft, denial-of-service attacks and password cracking – more powerful and more efficient. This is dangerous enough – this type of hacking can steal money, cause emotional harm and even injure or kill people. Larger attacks can cut power to hundreds of thousands of people, shut down hospitals and even affect national security.

As a scholar who has studied AI decision-making, I can tell you that interpreting human actions is still difficult for AI’s and that humans don’t really trust AI systems to make major decisions. So, unlike in the movies, the capabilities AI could bring to cyberattacks – and cyberdefense – are not likely to immediately involve computers choosing targets and attacking them on their own. People will still have to create attack AI systems, and launch them at particular targets. But nevertheless, adding AI to today’s cybercrime and cybersecurity world will escalate what is already a rapidly changing arms race between attackers and defenders.

Faster attacks

Beyond computers’ lack of need for food and sleep – needs that limit human hackers’ efforts, even when they work in teams – automation can make complex attacks much faster and more effective.

To date, the effects of automation have been limited. Very rudimentary AI-like capabilities have for decades given virus programs the ability to self-replicate, spreading from computer to computer without specific human instructions. In addition, programmers have used their skills to automate different elements of hacking efforts. Distributed attacks, for example, involve triggering a remote program on several computers or devices to overwhelm servers. The attack that shut down large sections of the internet in October 2016 used this type of approach. In some cases, common attacks are made available as a script that allows an unsophisticated user to choose a target and launch an attack against it.

AI, however, could help human cybercriminals customize attacks. Spearphishing attacks, for instance, require attackers to have personal information about prospective targets, details like where they bank or what medical insurance company they use. AI systems can help gather, organize and process large databases to connect identifying information, making this type of attack easier and faster to carry out. That reduced workload may drive thieves to launch lots of smaller attacks that go unnoticed for a long period of time – if detected at all – due to their more limited impact.

AI systems could even be used to pull information together from multiple sources to identify people who would be particularly vulnerable to attack. Someone who is hospitalized or in a nursing home, for example, might not notice money missing out of their account until long after the thief has gotten away.

Improved adaptation

AI-enabled attackers will also be much faster to react when they encounter resistance, or when cybersecurity experts fix weaknesses that had previously allowed entry by unauthorized users. The AI may be able to exploit another vulnerability, or start scanning for new ways into the system – without waiting for human instructions.

This could mean that human responders and defenders find themselves unable to keep up with the speed of incoming attacks. It may result in a programming and technological arms race, with defenders developing AI assistants to identify and protect against attacks – or perhaps even AI’s with retaliatory attack capabilities.

Avoiding the dangers

Operating autonomously could lead AI systems to attack a system it shouldn’t, or cause unexpected damage. For example, software started by an attacker intending only to steal money might decide to target a hospital computer in a way that causes human injury or death. The potential for unmanned aerial vehicles to operate autonomously has raised similar questions of the need for humans to make the decisions about targets.

The consequences and implications are significant, but most people won’t notice a big change when the first AI attack is unleashed. For most of those affected, the outcome will be the same as human-triggered attacks. But as we continue to fill our homes, factories, offices and roads with internet-connected robotic systems, the potential effects of an attack by artificial intelligence only grows.

The post Artificial intelligence cyber attacks are coming – but what does that mean? appeared first on Artificial Intelligence.