This article was published on November 8, 2019

Pardon the Intrusion #4: Smart malware?

Pardon the Intrusion #4: Smart malware?
Ravie Lakshmanan
Story by

Ravie Lakshmanan

Subscribe to this bi-weekly newsletter here!

Welcome to the latest edition of Pardon The Intrusion, TNW’s bi-weekly newsletter in which we explore the wild world of security.

AI is now being used in a huge number of novel applications, from detecting cancer to recommending what to binge watch over the weekend.

Sadly, as with other disruptive technologies, it’s also being misused — and right now, AI is helping to target malware at YOU. It’s also increasingly being co-opted by criminals to power their dangerous campaigns and further their evil agendas.

It turns out what’s useful for one side can be exploited by the other. These offensive cybersecurity tools have quickly become powerful weapons for both the good and bad guys.

And as recent research in AI malware has shown, poisoning machine learning models with malicious inputs — an active research area called adversarial machine learning — has some serious consequences for cybersecurity and privacy.

Imagine a spam-filtering-machine-learning system that flags unwanted messages. If an attacker keeps feeding malicious data into the system, it can lead to false positives and false negatives over time, rendering it unusable.

It’s therefore essential that ML models are trained with possible adversarial inputs during training and leverage techniques like generative adversarial networks, differential privacy, and homomorphic encryption to ensure confidentiality and integrity.

Ultimately, if we’re going to trust AI to do their jobs, we also need to be careful and ensure they’re doing it the right way.

Now, onto more security news.

What’s trending in security?

  • The FBI issued a warning about e-skimming — aka Magecart attacks — that involves hackers compromising a company’s online store to silently steal payment card information from users while making purchases on the infected site. [FBI]
  • This new variant of the “Remcos” trojan sends phishing emails that tricks victims into opening a malicious ZIP file which installs data-stealing malware. [Fortinet]
  • UniCredit disclosed a data breach involving the personal records of 3 million domestic clients, making it the third security incident at Italy’s top bank in 4 years. [Reuters]
  • Michael Gillespie is the ransomware hero we deserve. [ProPublica]
  • A profile of cybersecurity firm Tiversa, whose CEO Robert Boback is facing federal charges for falsifying evidence about data breaches to extort clients. [The New Yorker]
  • Several popular “camgirl” sites exposed millions of sex workers and users after their owner, VTS Media, left the back-end database unprotected. [TechCrunch]
  • This new Chinese bad actor — dubbed “Calypso” — is targeting governmental institutions in Brazil, India, Kazakhstan, Russia, Thailand, and Turkey to steal confidential data. [Positive Technologies]

  • Google patched an Android bug that can let hackers spread malware to a nearby phone via NFC beaming. [ZDNet]
  • A new variant of Gafgyt malware has been found exploiting known vulnerabilities in Wi-Fi routers to recruit the devices into botnets to attack gaming servers. [Palo Alto Networks]
  • WIRED’s Andy Greenberg takes a deep dive into the rise of “Sandworm,” a dangerous Kremlin hacking group behind the Ukraine NotPetya attacks and the cyberwar on the Pyeongchang Olympics. [WIRED]
  • Kaspersky researchers found a new threat group called “DarkUniverse” that has gone silent after the 2017 Shadow Brokers leak. This dump contained a collection of exploits and hacking tools — including a malware scanner that NSA hackers used to scan infected computers for other threat groups. [Kaspersky]

Data Point

New statistics published by antivirus maker Emsisoft have revealed Indonesia, India, the US, Brazil, and Korea to be the most popular targets worldwide for ransomware attacks. Indonesia, India, and Brazil alone account for 45.3% of all infections.

Emsisoft’s ransomware statistics for 2019

Takeaway: You don’t need to be a genius to figure out that this is a dangerous trend. Emerging markets like India, Indonesia, and Brazil have witnessed an explosive digital growth. These countries also lack adequate infrastructure to enforce stringent security controls to safeguard businesses from ransomware threats. Auditing security strategies and implementing a sound recovery plan is the key.

Tweet of the week

Breach from the past

Join us on this short trip to the past, where we talk about a major security incident and how it changed the cyber threat landscape.

These days, it’s easy for a computer virus to spread quickly because… internet. All you need to do is click on a malicious link, or download some shady software.

But back in the 80s, it was a totally different time. It also marked the appearance of the first ever PC virus, called Brain.

Guess how it spread? Floppy disks.

It was definitely tame when compared to the modern trojans and other dangerous malware out there today, but that doesn’t mean it didn’t pack a punch.

The virus was created by brothers Amjad and Basit Alvi of Lahore, Pakistan in 1986. The brothers ran a neighborhood computer store that specialized in PC repair and software sales.

But after Amjad became aware that one of the programs he’d written was being pirated, he leaked copies containing “a self-replicating program that would ‘infect’ an unauthorized user’s computer, disrupt his operations and force him to contact Amjad for repairs,” according to this TIME article.

The fact that the virus’s spread banked on people exchanging infected floppy discs shows they were pretty novel at the time.

The irony here is that the Alvi brothers were selling pirated software themselves.

Although floppy disks have now gone out of fashion, this virus set in motion a chain of events that completely changed the computer virus landscape.

As for the Alvi brothers, they’re still in business running a wireless broadband service under the name… wait for it… Brain Telecommunication Limited.

That’s it. See you all in two weeks. Stay safe!

Ravie x TNW (ravie[at]thenextweb[dot]com)

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with

Back to top