Νέα Ασφάλειας

 

Leveraging machine learning for cybersecurity

Data breaches and cyber attacks have become harder to deter over the last few years. According to Cisco’s 2018 Annual Cybersecurity Report, for example, the expanded volume of both legitimate and malicious encrypted traffic on the web has made it more difficult for security professionals to recognize and monitor potential threats. As a result, many security professionals are looking to leverage machine learning to advance cybersecurity.

What is machine learning?

Before exploring the ways machine learning can improve cybersecurity, it is important to first understand what machine learning actually is. To begin with, machine learning is not one in the same with artificial intelligence (A.I.), which is part of a broader initiative to enable computers to reason, solve problems, perceive and understand language. Rather, machine learning is a branch of A.I., and involves training an algorithm to learn and make predictions based upon data input. Netflix, for example, uses machine learning and algorithms to make show recommendations, while search engine giant Google uses the technology to collect signals for better search quality.

Monitoring and responding to suspicious traffic

One way machine learning can be used to improve cybersecurity is by monitoring network traffic and learning the norms of a system. A well-trained machine learning model will be able to spot atypical traffic within a network and quarantine an anomaly. Most machine algorithms typically send an alert to a human analyst to determine how to respond to a threat; however, some machine learning algorithms are able to act on their own accord, such as thwarting certain users from accessing a network.

Automating repetitive tasks

Another way machine learning can help propel cybersecurity is by automating several repetitive tasks. For example, during a data security breach, an analyst has to juggle multiple responsibilities, including determining what was exactly stolen, how it was taken and fixing the network to stop similar future attacks. With machine learning, many of these tasks can be automatically deployed, significantly reducing the amount of time it takes to fix the vulnerability in return.

Complementing human analysis

Machine learning can also be used to complement human analysis. For example, in a paper published in 2016, MIT and PatternEx researchers demonstrated an A.I. platform could predict cyber attacks significantly better than existing systems by continuously incorporating input from human experts. Specifically, the team illustrated the platform could detect 85% of attacks, which was approximately three times better than previous benchmarks. It also reduced the number of false positives by a factor of five. Generally speaking, machine learning technologies can be used to provide around the clock analysis, or assist junior analysts who have higher error rates in their ability to assess a threat.

Preventing zero-day exploits

Additionally, machine learning can be leveraged to combat zero-day exploits, which occur whenever a cyber criminal is able to seize upon a software vulnerability before a developer is able to release a patch for it. IoT devices are largely targeted by zero-day exploits since they often lack basic security features. Vendors are typically given a certain amount of time to patch the vulnerability before it is publicly disclosed, depending upon its severity. Machine learning could be used to narrow in on and prevent these sorts of exploits before they have a chance to take advantage of a network.

Limitations

None of this is to stay machine learning will make cybersecurity perfect. Like any technology, machine learning is a double edge sword. Both cybersecurity professionals and criminals are in an arms race to outsmart each other with machine learning. Although machine learning is effective at preventing the same attack from occurring twice, the technology is challenged to predict new threats based upon previous data. Nor are all machine learning systems created equal. Different machine learning systems have different error rates in pinpointing and responding to threats. And while machine learning can be used as part of a company’s overall cybersecurity strategy, it shouldn’t be relied upon as a sole line of defense.

 

The information contained in this website is for general information purposes only. The information is gathered from RCR Wireless while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

The National Cybersecurity and Communications Integration Center (NCCIC) has observed an increase in ransomware attacks across the world. Ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website.

 

Ransomware can be devastating to an individual or an organization. Anyone with important data stored on their computer or network is at risk, including government or law enforcement agencies and healthcare systems or other critical infrastructure entities. Recovery can be a difficult process that may require the services of a reputable data recovery specialist, and some victims pay to recover their files. However, there is no guarantee that individuals will recover their files if they pay the ransom.

Recommended Precautions to protect against the threat of ransomware:

  • Update software and operating systems with the latest patches. Outdated applications and operating systems are the target of most attacks.
  • Never click on links or open attachments in unsolicited emails.
  • Backup data on a regular basis. Keep it on a separate device and store it offline.
  • Follow safe practices when browsing the Internet. Read Good Security Habits for additional details.

Recommended best practices for organizations:

  • Restrict users’ permissions to install and run software applications, and apply the principle of “least privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through a network.
  • Use application whitelisting to allow only approved programs to run on a network.
  • Enable strong spam filters to prevent phishing emails from reaching the end users and authenticate inbound email to prevent email spoofing.
  • Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.
  • Configure firewalls to block access to known malicious IP addresses.

See the Ransomware Security Publication and technical guidance on How to Protect Your Networks from Ransomware for more information.

For recent NCCIC Alerts on specific ransomware threats, see:

 

The information contained in this website is for general information purposes only. The information is gathered from US-CERT while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

When it comes to cybersecurity, it’s no secret that the human aspect of any organization is its weakest link. From bad password sharing practices to falling victim to phishing emails, these challenges are any CISO’s nightmare. After all, the holes in network security that are created by the people on the front line of an enterprise can’t be plugged with a simple software patch. And despite efforts to train staff, employees are still the easiest route for a hacker to exploit. Particularly when it comes to USB-based security.

Shut the back door

In 2016, Researchers from the University of Illinois left 300 unlabelled USB drives around the campus and tracked what happened next. 98% of the dropped drives were picked up by staff and students alike, and at least half the drives were plugged into a computer to access the files stored on them – not bad odds if you’re a hacker. Although the study was conducted two years ago, its outcome is not unusual in 2018 and is a security backdoor that is still wide open for many networks around the world.

The reason is clear: practicality. There’s no doubt USB devices are one of the easiest ways to move files between machines. However, with the impact of suffering a cyber-attack so great, convenience can’t be a driver behind IT decision making. Especially not when cloud-based sharing platforms like Dropbox exist. Zero-Trust – which means no person or device is inherently trusted – is fast becoming the go-to security stance for enterprises as a result and is a strategy that has no place for USB devices.

So, with the use of flash drives being tackled in this way, can businesses do away with USB ports entirely? Not quite. USB ports serve many purposes beyond simply facilitating the use of storage devices. Before they can be completely disabled on end-user terminals and removed from the IT landscape in the interest of security, there are further challenges to overcome.

The software problem

One of the biggest factors preventing the phasing out of USB ports of employee machines comes from software vendors. From accountancy to law enforcement, high-value software applications have licenses that are tightly controlled and authenticated through USB dongles, a plug-in physical authentication device. Often worth thousands of dollars per license, it makes sense for vendors to take such a hard line as hardware-level protection is still the most effective mechanism for tackling software piracy and misuse. Since these applications are in use across all industries and often power software that’s at the heart of modern business, this isn’t going to change any time soon.

In some cases, it’s also a necessity. Take state police or defence bodies as an example. They need to know who’s running certain forensic software and where it is accessed, which makes relying on a physical dongle a highly logical solution. The problem, though, is that this can often increase the risk of a malicious device being plugged in if an employee relies on a USB dongle to access bespoke software for their role and a would-be hacker can exploit that.

The dongle server solution

However, this doesn’t necessarily mean that USB ports on end-user terminals and employee computers need to stay. Part of the responsibility of IT solution providers is to find a work around for issues like this, ensuring customer systems remain secure without compromising on functionality. And this is where USB device servers come into play.

A device server acts a central hub where all USB devices are managed. Rather than having each user plug a physical device into their own machine, it makes all connected USB devices available over the network. Dongle servers work on exactly the same principle, USB dongles for software authentication are plugged into a single centralised server, virtualised, and can be used by authorised users on the network as if they’d been connected directly to their computer.

They also meet the requirements of companies or organisations with high security needs. By encrypting the point-to-point connection between the end-user and the dongle server, the potential for unauthorised access is removed. More advanced dongle server vendors also make it possible to dynamically assign which user is authorised to access which dongle, ultimately controlling which computer is able to access the software.

Risk vs Reward

It’s widely accepted that hackers are getting more and more sophisticated. However, that doesn’t mean that they won’t go for low-level network infiltration attempts, such as baiting with USB flash drives, when the situation presents itself. Among the 10 major cyber threats identified by BSI in 2016 (German Office for Information Security), the use of USB devices ranks second.

Unfortunately, employees are always going to be the easy targets when it comes to enterprise security. It’s logical, then, that businesses seek to minimise damage that can be inflicted as a result of employee carelessness. Something as simple as disabling USB ports can have a significant impact on reducing a company’s attack vector and it is essential that vendors and enterprises work together to find solutions that lock hackers out of every security backdoor for good without impacting productivity.

 

The information contained in this website is for general information purposes only. The information is gathered from Information Security Buzz while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

Though it would be convenient, the fact that more and more organizations have dealt with cyberattacks doesn’t mean that similar attacks will stop anytime soon. As long as the economic incentives remain, the number of attacks will only increase, especially as money from successful ones flows back into the cybercrime infrastructure.

If cybersecurity is already daunting for many organizations, is there a way to make protecting data any more manageable in the coming year? IEEE asked a number of experts what cybersecurity advances they expected to see in 2018, and one answer was fairly unanimous: Artificial Intelligence.

For many organizations, analysts in security operations centers spend their days sifting through hoards of log files for suspicious activity. The repetitive nature of this work makes AI an ideal replacement, says Kayne McGladrey, IEEE Member, Director of Information Security Services at Integral Partners (US): “Artificial intelligence has been shown to be good at pattern recognition and correlation over a vast number of data points, and can make connections faster than human analysts would.”

“As a result of constantly-evolving cyber threats, building static defence systems for discovered attacks is not enough to protect users,” says Kevin Curran, IEEE Senior Member, Professor of Cyber Security at Ulster University, Northern Ireland (UK). Due to the rapid rate of change, “more sophisticated techniques such as machine learning are now needed to discover the embedded and lurking cyber intrusions and cyber intrusion techniques.”

Developing cybersecurity-specific AI with machine learning capabilities isn’t exactly easy. Unfortunately, other factors will make the challenge even harder. Andre Leon S. Gradvohl, IEEE Senior Member, Professor at the University of Campinas (Brazil), points to the emergence of cybercrime-as-a-service, “which, in a nutshell, means that we can buy or rent kits for practicing ransomware or malware.” And while AI and machine learning can help monitor for these attacks, “cyber criminals may also have these tools and can use them to promote attacks.”

 

The information contained in this website is for general information purposes only. The information is gathered from Techobserver while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.