Archive for October 17, 2023

ESET Research announces comprehensive report on Latin America’s threat landscape titled ‘Looking into TUT’s tomb: The universe of threats in LATAM’

Posted in Commentary with tags on October 17, 2023 by itnerd

ESET Research announced today the release of the report “Looking into TUT’s tomb: The universe of threats in LATAM,” which analyzes more than a dozen operations and various cybercriminal campaigns in Latin America. With evolving targeting strategies and techniques, these campaigns exhibit a high level of sophistication, specifically tailoring their approaches to exploit enterprise users, including government sectors. The predominant method of compromising victims is through phishing emails that deliver multiple malicious components.

In the paper, ESET Research looks back at various publicly documented campaigns targeting the LATAM region between 2019 and 2023; the vast majority of the detections surrounding these cybercriminal activities are in Latin America and are not associated with global crimeware. Since each of these operations has its own unique traits, and they don’t appear to be linked to a single threat actor, it’s highly likely that multiple actors are at play.

ESET analysis revealed a notable shift from simplistic, opportunistic crimeware to more complex threats. Notably, researchers have observed a transition in targeting, moving from a focus on the general public to high-profile users, including businesses and governmental entities. These threat actors continually update their tools, introducing different evasion techniques to increase the success of their campaigns. Furthermore, while the LATAM region contains the vast majority of victims, in some cases we have seen an expansion of these campaigns targeting countries outside the region, with the actors taking their crimeware business beyond Latin America and mirroring the pattern seen in banking trojans born in Brazil.

The precision and specificity observed in these attacks point to a high level of targeting, indicating that the threat actors have detailed knowledge about their intended victims. In these campaigns, attackers utilize malicious components like downloaders and droppers, mostly created in PowerShell and VBS. Regarding the tools used in these malicious operations in Latin America, ESET observations indicate a preference for remote access trojans.

For more technical information about “Operation King TUT: The universe of threats in LATAM,” read the blog post on WeLiveSecurity. 

Leave a comment »

Imply Welcomes Pranav Parekh as Chief Customer Officer 

Posted in Commentary with tags on October 17, 2023 by itnerd

Imply, the company founded by the original creators of Apache Druid, today announced that Pranav Parekh has been named its new Chief Customer Officer, a strategic move aimed at enhancing customer experience and elevating Imply’s commitment to delivering exceptional value to its customers. Parekh will take charge of sales engineering, solution architects, customer success and support, leading an initiative to drive customer-centric innovation and solidify Imply as the industry leader in real-time data analytics.

In this pivotal role as Chief Customer Officer, Parekh will be responsible for reshaping the customer journey, optimizing product and service offerings, and nurturing lasting relationships with Imply’s valued customers. His dedication to enhancing customer experiences aligns perfectly with Imply’s commitment to delivering cutting-edge solutions and unparalleled customer service.

Parekh brings a wealth of experience to his new role at Imply. His career spans more than 25 years, encompassing leadership roles in product management, software development, consulting, sales engineering and customer success at companies including Google, Oracle, BEA Systems, Apigee, DataStax and Akana. Notably, he was a key part of the go-to-market leadership team during Apigee’s successful journey to going public in 2015 and its subsequent acquisition by Google in 2016. Most recently, he led the global field engineering team at DataStax.

Parekh’s appointment underscores Imply’s unwavering dedication to enhancing customer experiences and helping customers realize exceptional value from its products and solutions.

Find out more about Imply herehttps://imply.io/.

Leave a comment »

AI Algorithms Detects Man In The Middle Attacks On Unmanned Military Vehicles In Seconds

Posted in Commentary with tags on October 17, 2023 by itnerd

In a paper published by University of South Australia and Charles Sturt University, professors have developed an algorithm to detect and intercept man-in-the-middle (MitM) attacks on unmanned military robots that aim to interrupt the operation, modify the transmitted instructions, and assume control and instruct the robots to take malicious actions.

The technical paper detailed how the robot operating system is extremely susceptible to data breaches and electronic hijacking because it is so highly networked, and can be compromised at various levels, from the core system to sub-components of sub-systems. Meanwhile, crewless vehicle systems operate under fault-tolerant modes further complicating MitM detection.

Using machine learning techniques, University researchers developed the algorithm to detect these attempts. Furthermore, the professors tested the algorithm in a replica of a bot used by the U.S. Army and recorded successful attack prevention 99% of the time, with false positives occurring in less than 2% of the tested cases.

“The advent of Industry 4, marked by the evolution in robotics, automation, and the Internet of Things, has demanded that robots work collaboratively, where sensors, actuators, and controllers need to communicate and exchange information with one another via cloud services,” comments Professor Anthony Finn, who participated in the study.

Ted Miracco, CEO, Approov Mobile Security had this comment:

   “Using AI to address security concerns in military robots raises significant concerns and warrants critical examination. While the development of an algorithm to detect and intercept man-in-the-middle (MitM) attacks is a commendable effort, relying on AI for such critical tasks may not be the most responsible approach.  A 99% success rate in preventing attacks may initially sound impressive, but when it comes to matters of national security and potential harm caused by compromised military robots, even a 1% failure rate is unacceptable if you are on the receiving end of the attack. MitM attacks can have severe consequences, including the potential for loss of life and significant damage and AI algorithms are probabilistic by nature, making them inherently fallible. There is always a risk of false positives or the much more disconcerting false negatives, where attacks go undetected. In the context of military operations, these errors can lead to disastrous outcomes.

   “To ensure the security and integrity of military robots, deterministic solutions that provide 100% accuracy should be prioritized. While AI can play a role in augmenting security measures, it should be used as a supportive tool rather than the primary line of defense. Incorporating reliable, deterministic protocols and encryption techniques that leave no room for ambiguity or uncertainty should be the foundation of any security framework for military robots. It is imperative to prioritize deterministic solutions that eliminate any margin for error and take a comprehensive approach to security to ensure the safety and effectiveness of unmanned military systems.”

Given that these are military vehicles, I have to admit that I have concerns that they might not be secure. If they aren’t, I hope there are means in place to make them as secure as possible. As in every possible way should be taken to ensure that these military vehicles are as secure as possible.

Leave a comment »

Datadobi Accelerates Channel Momentum with StorageMAP

Posted in Commentary with tags on October 17, 2023 by itnerd

 Datadobi, the global leader in unstructured data management, today announced significant developments that underscore its momentum and continued leadership position within the channel, highlighted by a 36% growth rate in channel partner revenue for this year. Central to these announcements is StorageMAP, the first and only end-to-end platform engineered from the ground up to assess, organize, and act on unstructured data—whether onsite, remote, or in the cloud—maximizing its potential value while effectively mitigating associated risks and expenses.

The first development Datadobi revealed today is recent upgrades to its DatadobiDriven Training Program for their partners including adding an updated course for sales teams and sales engineers to quickly and easily equip themselves to drive revenue by clearly articulating the value of StorageMAP to their customers. The DatadobiDriven training course takes sales engineers and sales professionals through four modules:  1. Quick Selling Guide Module, to help participants better understand StorageMAP, its use cases and benefits, what customer pain StorageMAP solves, and how to position it in sales opportunities; 2. Concepts and Workflow Module, which covers the three cornerstones of unstructured data management: Assess, Organize, and Act; 3. Hands-on Module, highlighting a simplified workflow in the software; and 4. Transacting Module, covering deal registration, the licensing model, pricing, and the steps to take once partners are ready to transact.

Next, Datadobi today shared that its newly enhanced DatadobiDriven Program has surpassed the significant milestone of 1,000 certifications, underscoring the industry’s desire to strengthen its StorageMAP expertise.

Last but not least, to navigate this burgeoning year-over-year channel growth and further fortify its channel-oriented roadmap, Datadobi has announced the addition of Ron Wagner to its management team in the newly created position of Director of Global Channel Strategy and Partner Business Development.

To learn more about the DatadobiDriven Program, please visit: https://info.datadobi.com/datadobidriven.

Leave a comment »

EPA Calls Off Water Surveys To Regulate Sector’s Cybersecurity

Posted in Commentary with tags on October 17, 2023 by itnerd

Last week, in a letter to state drinking water administrators, the EPA announced that it will no longer require cybersecurity audits of U.S. water utilities through sanitary surveys after litigation from various states and trade associations raised questions about the long-term, legal viability of the initiative to regulate water utilities cybersecurity.

Experts from the water industry who opposed the use of the EPA to be the cybersecurity industry authority doubted whether a sanitary survey was the right tool to enforce cybersecurity mandates, as the process traditionally does not involve security auditors who understand the complex nature of protecting industrial systems.

The EPA said it encourages “all states to voluntarily review public water system cybersecurity programs to ensure that any vulnerabilities are identified and corrected, and assistance is provided to systems that need help.”

Of the existing 16 critical infrastructure sectors, many, like water and wastewater, lack cybersecurity regulations. Using a voluntary approach to regulate cybersecurity was described in the National Cybersecurity Strategy as resulting in “inadequate and inconsistent outcomes.”

Emily Phelps, Director, Cyware had this to say:
 
   “No industry or sector is immune from cyber threats. Although there are legitimate concerns about the efficacy of sanitary surveys to assess cybersecurity readiness, securing our critical infrastructure must be a top priority. To truly combat rising cyberattacks, funding is necessary. Public-private partnerships can be instrumental in bridging this gap. Leveraging expertise from private cybersecurity firms can alleviate staffing issues and provide the needed technical expertise.

  “It’s crucial to address this across all sectors, ensuring there’s a unified approach to cybersecurity. Sector-specific cybersecurity frameworks, combined with cross-sector collaboration, can result in a stronger and more resilient infrastructure.”


Craig Harber, Security Evangelist: Open Systems follows with this comment:

   “The IT/OT convergence occurring within our industry sectors and the nation’s critical infrastructure creates new opportunities for efficiency and innovation, while it also introduces new cybersecurity challenges that organizations must mitigate.

   “These cybersecurity challenges are not limited to just attacks directed at the OT devices and systems from IT infrastructure. The IT infrastructure is equally as vulnerable to attacks originating on OT devices and systems. Both environments potentially expose new threats and create new attack vectors that, if not addressed, will become high-value targets for exploitation by threat actors.

   “The EPA’s approach to create a “coalition of the willing” whereby they encourage states to voluntarily do the right thing is not likely to succeed. Cybersecurity is not a siloed problem; it is a team sport. States need to develop a collective defense strategy where security teams from each industry sector share threat intelligence and work in collaboration to identify and neutralize threats. This collaborative approach will allow security teams within an industry sector (and possibly amongst industry sectors) to fully leverage the limited resources and skilled analysts available to combat cyber threats that are increasing in velocity and sophistication.”

Public infrastructure needs to be secure. Everyone needs to work together to ensure that infrastructure that we rely on is secure or we will all fail.

Leave a comment »