“With 2019’s headlines of ransomware, malware, and RDP attacks almost behind us, we shift our focus to the cybercrime threats ahead. Cybercriminals are increasing the complexity and volume of their attacks and campaigns, always looking for ways to stay one step ahead of cybersecurity practices – and more often using the world’s evolving technology against us.
Continuing advancements in artificial intelligence and machine learning have led to invaluable technological gains, but threat actors are also learning to leverage AI and ML in increasingly sinister ways. AI technology has extended the capabilities of producing convincing deepfake video to a less-skilled class of threat actor attempting to manipulate individual and public opinion. AI-driven facial recognition, a growing security asset, is also being used to produce deepfake media capable of fooling humans and machines.
Our researchers also foresee more threat actors targeting corporate networks to exfiltrate corporate information in two-stage ransomware campaigns.
With more and more enterprises adopting cloud services to accelerate their business and promote collaboration, the need for cloud security is greater than ever. As a result, the number of organizations prioritizing the adoption container technologies will likely continue to increase in 2020. Which products will they rely on to help reduce container-related risk and accelerate DevSecOps?
The increased adoption of robotic process automation and the growing importance to secure system accounts used for automation raises security concerns tied to Application Programming Interface (API) and their wealth of personal data.
The threatscape of 2020 and beyond promises to be interesting for the cybersecurity community.”
– Raj Samani, Chief Scientist and McAfee Fellow, Advanced Threat Research
- Broader Deepfakes Capabilities for Less-Skilled Threat Actors
- Adversaries to Generate Deepfakes to Bypass Facial Recognition
- Ransomware Attacks to Morph into Two-Stage Extortion Campaigns
- Application Programming Interfaces (API) Will be Exposed as The Weakest Link Leading to Cloud-Native Threats
- DevSecOps Will Rise to Prominence as Growth in Containerized Workloads Causes Security Controls to ‘Shift Left’
Broader Deepfakes Capabilities for Less-skilled Threat Actors
Deepfake video or text can be weaponized to enhance information warfare. Freely available video of public comments can be used to train a machine-learning model that can develop of deepfake video depicting one person’s words coming out of another’s mouth. Attackers can now create automated, targeted content to increase the probability that an individual or groups fall for a campaign. In this way, AI and machine learning can be combined to create massive chaos.
In general, adversaries are going to use the best technology to accomplish their goals, so if we think about nation-state actors attempting to manipulate an election, using deepfake video to manipulate an audience makes a lot of sense. Adversaries will try to create wedges and divides in society. Or if a cybercriminal can have a CEO make what appears to be a compelling statement that a company missed earnings or that there’s a fatal flaw in a product that’s going to require a massive recall. Such a video can be distributed to manipulate a stock price or enable other financial crimes
We predict the ability of an untrained class to create deepfakes will enhance an increase in quantity of misinformation.
Adversaries to Generate Deepfakes to Bypass Facial Recognition
One of the most prevalent enhancements to facial recognition is the advancement of artificial intelligence (AI). A recent manifestation of this is deepfakes, an AI-driven technique producing extremely realistic text, images, and videos that are difficult for humans to discern real from fake. Primarily used for the spread of misinformation, the technology leverages capabilities. Generative Adversarial Networks (GANs), a recent analytic technology, that on the downside, can create fake but incredibly realistic images, text, and videos. Enhanced computers can rapidly process numerous biometrics of a face, and mathematically build or classify human features, among many other applications. While the technical benefits are impressive, underlying flaws inherent in all types of models represent a rapidly growing threat, which cyber criminals will look to exploit.
As technologies are adopted over the coming years, a very viable threat vector will emerge, and we predict adversaries will begin to generate deepfakes to bypass facial recognition. It will be critical for businesses to understand the security risks presented by facial recognition and other biometric systems and invest in educating themselves of the risks as well as hardening critical systems.
Ransomware Attacks to Morph into Two-Stage Extortion Campaigns
Based on what McAfee Advanced Threat Research (ATR) is seeing in the underground, we expect criminals to exploit their extortion victims even more moving forward. The rise of targeted ransomware created a growing demand for compromised corporate networks. This demand is met by criminals who specialize in penetrating corporate networks and sell complete network access in one-go.
For 2020, we predict the targeted penetration of corporate networks will continue to grow and ultimately give way to two-stage extortion attacks. In the first stage cybercriminals will deliver a crippling ransomware attack, extorting victims to get their files back. In the second stage criminals will target the recovering ransomware victims again with an extortion attack, but this time they will threaten to disclose the sensitive data stolen before the ransomware attack.
DevSecOps Will Rise to Prominence as Growth in Containerized Workloads Causes Security Controls to ‘Shift Left’
Container-based cloud deployments are growing in popularity due to the ease with which DevOps teams can continuously roll out micro-services and interacting, reusable components as applications. As a result, the number of organizations prioritizing the adoption of container technologies will continue to increase in 2020.
Additionally, threats to containerized applications are introduced not only by IaC misconfigurations or application vulnerabilities, but also abused network privileges which allow lateral movement in an attack. To address these run-time threats, organizations are increasingly turning to cloud-native security tools developed specifically for container environments. Cloud Access Security Brokers (CASB) are used to conduct configuration and vulnerability scanning, while Cloud Workload Protection Platforms (CWPP) work as traffic enforcers for network micro-segmentation based on the identity of the application, regardless of its IP. This approach to application identity-based enforcement will push organizations away from the five-tuple approach to network security which is increasingly irrelevant in the context of ephemeral container deployments.
Application Programming Interfaces (API) Will Be Exposed as The Weakest Link Leading to Cloud-Native Threats
Threat actors are following the growing number of organizations using API-enabled apps because APIs continue to be an easy – and vulnerable – means to access a treasure trove of sensitive data. Despite the fallout of large-scale breaches and ongoing threats, APIs often still reside outside of the application security infrastructure and are ignored by security processes and teams. Vulnerabilities will continue to include broken authorization and authentication functions, excessive data exposure, and a failure to focus on rate limiting and resource limiting attacks. Insecure consumption-based APIs without strict rate limits are among the most vulnerable.
Headlines reporting API-based breaches will continue into 2020, affecting high-profile apps in social media, peer-to-peer, messaging, financial processes, and others, adding to the hundreds of millions of transactions and user profiles that have been scraped in the past two years. The increasing need and hurried pace of organizations adopting APIs for their applications in 2020 will expose API security as the weakest link leading to cloud-native threats, putting user privacy and data at risk until security strategies mature.
Airtel Payments Bank Rolls Out ‘Airtel Safe Pay’
To protect Airtel customers from the growing incidents of online payment frauds, Airtel Payments Bank launched ‘Airtel Safe Pay’ – India’s safest mode for making digital payments.
With ‘Airtel Safe Pay’, Airtel customers making UPI or Netbanking based payments through Airtel Payments Bank, no longer have to worry about money leaving their accounts without their explicit consent.
An India-First innovation, ‘Airtel Safe Pay’ leverages Airtel’s ‘telco exclusive’ strength of network intelligence to provide an additional layer of payment validation compared to the industry norm of two-factor authentication. This offers the highest level of protection from potential frauds such as phishing, stolen credentials or passwords, and even phone cloning that catches customers unaware.
Anubrata Biswas, MD & CEO, Airtel Payments Bank says, “As digital payments become the norm, especially in the post-pandemic world, we also have to solve for the challenge of frauds that are growing rapidly. We are happy to leverage Airtel’s core telco strengths to bring to market this unique capability that ensures that our customers have full control over their transactions. This sets a new benchmark in the Indian digital payments space by making security paramount.”
Using ‘Airtel Safe Pay’, Airtel Payments Bank customers can make secure digital payments across millions of merchants, online retailers and utilities, and even send money. Customers can open an Airtel Payments Bank account within few minutes with just a video call from the Airtel Thanks app and enjoy a range of benefits while they make fully secure digital payments.
Says Adarsh Nair, Chief Product Officer, Bharti Airtel: “Airtel Safe Pay is yet another innovation where our secure network and world-class digital platforms combine to solve a unique market problem. At Airtel, we are taking the lead in offering the most secure digital payments platforms to our users and making sure that the customer is always in control without a worry about rogue transactions.”
ESET Rolls Out Latest Version of Its Windows Security Products
ESET has launched new versions of its Windows security products for consumers. The new versions upgrade the protection in ESET Internet Security, ESET NOD32 Antivirus and ESET Smart Security Premium.
The wide range of security improvements cover malware detection, online banking, password security and smart home support – in line with ESET’s goal to create a safer digital world for everyone to enjoy. With the ever-increasing volume of reported cyberattacks, it is vital that users are secured in their online activities. These product updates address key issues, including online payments and banking-related threats, identity theft and leaking of personal information, stolen passwords and connected device security.
ESET is continuously improving its solutions to ensure that users are equipped with the very latest technologies in cybersecurity while keeping a low system footprint. The updates bring fine-tuning of the Host-Based Intrusion Prevention System and Advanced Machine Learning modules, along with a significant reduction in the size of the Machine Learning module.
Other key updates include the new Windows Management Instrumentation (WMI) and System Registry scanners capable of detecting malware that uses the WMI or the registry maliciously. The Connected Home module is also improved with better connected device detection and security issue troubleshooting.
Financial security is a top priority, and the upgraded Banking & Payment Protection features a special secured browser mode through which users can safely pay online. The new feature allows users to run any supported browser in secured mode by default. With secured mode on, the communication of the keyboard and mouse with the browser is encrypted to guard against keylogging. In addition, Banking & Payment Protection now also notifies users when Remote Desktop Protocol (RDP) is turned on to alert them about the danger of malware abusing RDP.
Finally, ESET Password Manager has been completely rebuilt with new functionalities such as remote logout from websites and remote clearing of browser history, and is available via both browser extensions and native mobile apps.
Commenting on the updates, Matej Krištofík, product manager at ESET, said, “As cyberthreats continue to evolve in sophistication and frequency, it is vital that consumers and their devices are protected on every level. Technology is at the center of our lives, from online banking to connected homes, so it is more important than ever that our personal technology is safe and secure. We are proud to offer our latest Windows security product updates to consumers, reflecting our dedication to consistently improve and innovate in order to provide a safe digital experience for all.”
Critical Vulnerability Discovered in Instagram App by Researchers
Instagram is one of the most popular social media platforms globally, with over 100+ million photos uploaded every day, and nearly 1 billion monthly active users. Individuals and companies share photos and messages about their lives and products to their followers globally. So imagine what could happen if a hacker was able to completely take over Instagram accounts, and access all the messages and photos in those accounts, post new photos or delete or manipulate existing photos. What could that do to a person’s or company’s reputation?
Earlier this year, Check Point researchers found a critical vulnerability in the Instagram app that would have given an attacker the ability to take over a victim’s Instagram account, and turn their phone into a spying tool, simply by sending them a malicious image file. When the image is saved and opened in the Instagram app, the exploit would give the hacker full access to the victim’s Instagram messages and images, allowing them to post or delete images at will, as well as giving access to the phone’s contacts, camera and location data.
Here’s how we found the vulnerability, and worked with Facebook and Instagram to close it to keep users safe.
What are the apps on your phone permitted to do?
Wherever we go, our mobile phones usually go with us, to keep us in touch with families, loved ones and our work, too. Of course, this is also why mobiles are an attractive target for hackers. Not only can they steal data and credentials from our phones, but they can also use them for spying on us: tracking our location, listening to conversations, and accessing our data and messages.
Fortunately, all modern mobile operating systems include several layers of protection against this type of malicious activity. These protections usually rely on the basic concept of ‘application isolation’ – even if someone was able to hack a specific application, they would still be confined to that application alone, along with its strict permissions, and would not be able to extend their hacking attempt any further.
The key term here is “strict permissions” – for example, a map application should be able to access your location, but should not have access to your microphone; a dating app should be able to access your camera and nothing else, and so on.
But what happens when we`re talking about an application that has extensive permissions on your device? If the application is hacked, the hacker will have easy access to your GPS data, camera, microphone, contacts, and more.
Fortunately, there isn’t a huge list of apps that have such extensive permissions on users’ devices. One example is Instagram. Given its popularity and wide-ranging permissions, we decided to review the security of Instagram’s mobile app for both Android and iOS operating systems.
What did we find?
Our research revealed a critical vulnerability that might allow the attackers what is technically referred to as – remote code execution (RCE). This vulnerability can allow an attacker to perform any action they wish in the Instagram app (yes, even if it is not actually a part of the application logic or features). Since the Instagram app has very extensive permissions, this may allow an attacker to instantly turn the targeted phone into a perfect spying tool – putting the privacy of millions of users at serious risk.
So how does such a popular application include vulnerabilities, when huge amounts of time and resources are invested in developing it?
The answer is that most modern app developers do not actually write the entire application on their own: if they did so it would take years to write an application. Instead, they use 3rd party libraries to handle common (and often complicated) tasks such as image processing, sound processing, network connectivity, and so on. This frees the developers to handle only the coding tasks, which represent the apps core business logic. However, this relies on those 3rd party libraries being completely trustworthy and secure.
Our modus operandi for this research was to examine the 3rd party libraries used by Instagram, And the vulnerability we found was in the way that Instagram used Mozjpeg- an open source project used by Instagram as its JPEG format image decoder for images uploaded to the service.
A bad image: hacking and taking over the user’s mobile Instagram account
In the attack scenario we describe in our research, an attacker can simply send an image to their target victim via email, WhatsApp or another media exchange platform. The target user saves the image on their handset, and when they open the Instagram app, the exploitation takes place, allowing the attacker full access to any resource in the phone that is pre-allowed by Instagram.
These resources include contacts, device storage, location services and the device camera. In effect, the attacker gets full control over the app and can create actions on behalf of the user, including reading all of their personal messages in their Instagram account and deleting or posting photos at will. This turns the device into a tool for spying on targeted users without their knowledge, as well as enabling malicious manipulation of their Instagram profile. In either case, the attack could lead to a massive invasion of users’ privacy and could affect reputations – or lead to security risks that are even more serious.
At a basic level, this exploit can be used to crash a user’s Instagram app, effectively denying them access to the app until they delete it from their device and re-install it, causing inconvenience and possible loss of data.
Responsible disclosure & Protection
We have responsibly disclosed our findings to Facebook and the Instagram team. Facebook’s advisory was very responsive and helpful, they have described this vulnerability as an “Integer Overflow leading to Heap Buffer Overflow” and issued a patch to remediate the issue on the newer versions of the Instagram application on all platforms.
The patch for this vulnerability has already been available for 6 months prior to this publication, giving time to the majority of users to update their Instagram applications, thus mitigating the risk of this vulnerability being exploited. We strongly encourage all Instagram users to ensure they are using the latest Instagram app version and to update if any new version is available.
Check Point’s SandBlast Mobile (SBM) provides full visibility into mobile risks, with advanced threat prevention capabilities. With the market’s highest threat catch rate, users of SBM stay protected from malware, phishing, man-in-the-middle attacks, OS exploits, and more. Intuitive to use, users only hear from SandBlast Mobile if they are under attack.
Gadgets4 days ago
Poly Launches Voyager Focus 2 Wireless Headset
Trending4 days ago
Best Tech Gifts to Please Your Tech-Savvy Dad
Trending2 days ago
TCL Reveals Launch Date for its C-series Smart TVs
Smartphone4 days ago
Realme GT Smartphone with 64MP Triple Camera Launched
Gadgets2 days ago
Coolest Tech Gifts for Father’s Day 2021
Trending3 days ago
Tiger Shroff Appointed as Brand Ambassador of ESPL
Gadgets4 days ago
itel Unveils New 4G Feature Phone ‘Magic 2’
Trending4 days ago
Infinix Launches Big Discounts on Its Smart TVs and TWS Earbuds