Rick Richardson's Views On Technology
  • Home
  • Blog

This Is How Artificial Intelligence Will Become Weaponized in Future Cyberattacks

11/25/2018

0 Comments

 
Picture
Artificial intelligence has the potential to bring a select set of advanced techniques to the table when it comes to cyber offense, researchers say.

Last week, researchers from Darktracesaid that the current threat landscape is full of everything from opportunistic attacks from teen hackers to advanced, state-sponsored assaults, and in the latter sense, attacks continue to evolve.

However, for each sophisticated attack currently in use, there is the potential for further development through the future use of AI.

Within the report, the cybersecurity firm documented three active threats in the wild which have been detected within the past 12 months. Analysis of these attacks – and a little imagination – has led the team to create scenarios using AI which could one day become reality.

"We expect AI-driven malware to start mimicking behavior that is usually attributed to human operators by leveraging contextualization," said Max Heinemeyer, Director of Threat Hunting at Darktrace. "But we also anticipate the opposite; advanced human attacker groups utilizing AI-driven implants to improve their attacks and enable them to scale better."

Trickbot. The first attack relates to an employee at a law firm who fell victim to a phishing campaign leading to a Trickbot infection.

Trickbot is a financial Trojan which uses the Windows vulnerability EternalBluein order to target banks and other institutions. The malware continues to evolve and is currently equipped with injectors, obfuscation, data-stealing modules, and locking mechanisms.

In this example, Trickbot was able to infect a further 20 devices on the network, leading to a costly clean-up process. Empire Powershell modules were also uncovered which are typically used in remote, keyboard-based infiltration post-infection.

AI's Future Role.Darktrace believes that in the future, malware bolstered through artificial intelligence will be able to self-propagate and use every vulnerability on offer to compromise a network.

"Imagine a worm-style attack, like WannaCry, which, instead of relying on one form of lateral movement (e.g., the EternalBlue exploit), could understand the target environment and choose lateral movement techniques accordingly," the company says.

If chosen vulnerabilities are patched, for example, the malware could then switch to brute-force attacks, keylogging, and other techniques which have proven to be successful in the past in similar target environments.

As the AI could sit, learn, and 'decide' on an attack technique, no traditional command-and-control (C2) servers would be necessary.

AI's Future Role.It is possible that AI could be used to further adapt to its environment. In the same manner, as before, contextualization can be used to blend in, but AI could also be used to mimic trusted system elements, improving stealth.

"Instead of guessing during which times normal business operations are conducted, it will learn it," the report suggests. "Rather than guessing if an environment is using mostly Windows machines or Linux machines, or if Twitter or Instagram would be a better channel, it will be able to gain an understanding of what communication is dominant in the target's network and blend in with it."

Take It Slow. In the final example, Darktrace uncovered malware from a medical technology company. What made the findings special was that data was being stolen at such a slow pace and in tiny packages that it avoided triggering data volume thresholds in security tools.

Multiple connections were made to an external IP address, but each connection contained less than 1MB. Despite the small packets, it did not take long before over 15GB of information was stolen.

By fading into the background of daily network activity, the attackers behind the data breach were able to steal patient names, addresses, and medical histories.

AI's Future Role. AI could not only provide a conduit for incredibly fast attacks but also "low and slow" assaults. It can also be used as a tool to learn what data transfer rates would flag suspicion to security solutions.

Instead of relying on a hard-coded threshold, for example, AI-driven malware would be able to dynamically adapt data theft rates and times to exfiltrate information without detection.
​
"Defensive cyber AI is the only chance to prepare for the next paradigm shift in the threat landscape when AI-driven malware becomes a reality," the company added. "Once the genie is out of the bottle, it cannot be put back in again."

0 Comments

Quantum ‘Compass’Promises Navigation Without Using GPS

11/18/2018

0 Comments

 
Picture
British scientists have developed a self-contained and tamper-proof "quantum compass" that doesn't rely on GPS signals to provide a highly accurate measure of where it is in the world.

The compass is a quantum accelerometer that is capable of measuring tiny shifts in supercooled atoms and so calculate how far and how fast the device has moved. Having a device like the quantum compass aboard a ship, the captain knows exactly where his ship is without having to rely on orbiting satellites.

The system has been designed by quantum physicistsat Imperial College, London – who developed a laser system for cooling atoms down and at photonics and quantum technology specialist firm M Squared– which developed another laser system to act as an “optical ruler.” Their work has been funded by the UK's Ministry of Defense.

Although GPS satellites are a modern marvel and are used by just about everyone to identify their precise location, the fact is the system is not perfect.

A phone's GPS is accurate to roughly 15 feet, although military GPS devices can be accurate to centimeters. Then there is the fact that tall buildings will often throw a signal off and signals can be impaired by any large, dense object.

But that's not why the Ministry of Defense is interested in a quantum compass: its concern is that the GPS system is vulnerable to attack or deliberate disruption. A GPS signal could be spoofed or blocked for instance. When you're thinking about nuclear submarines, it's usually best to consider the worst.

“Pirates are now sophisticated enough to cause disruptions to ships’ GPS systems and lure them to rocks or take over and board them,” said Graeme Malcolm, the CEO of M Squared.

“They can be an even bigger issue in areas of defense and security, where the resilience and security of cities and countries are impacted. This new device is an absolute reference that goes down to the atomic level.”

Accuracy. This is not the first time that accelerometers have been used for navigation, but the reality is that such systems are not sufficiently accurate, meaning that as time goes on the system becomes increasingly out of whack and requires recalibration.

Not so with the quantum compass, according to its makers. Lasers are used to supercool atoms, and then another laser is used to act as "optical ruler" measuring how far those atoms have moved. At extremely low temperatures, atoms behave in a ‘quantum’ way, acting like both matter and waves.

Here's how Dr. Joseph Cotter, from the Centre for Cold Matter at Imperial College, explained it: "When the atoms are ultra-cold, we have to use quantum mechanics to describe how they move, and this allows us to make what we call an atom interferometer."

As the atoms move, their wave properties are affected by the acceleration of the vehicle. The optical ruler can measure these minute changes very accurately and then with a few relatively simple equations it is possible to figure out exactly where you are.

Size. But this is not something you're going to find in your smartphone: the prototype system is about three-feet wide and high, and it is incredibly expensive.
​
Plus, it can currently only measure in one plane. The scientists say they will soon be able to take measurements in three planes – making it an entirely independent super compass that can tell you where exactly it is at any point.
0 Comments

190 Universities Just Launched 600 Free Online Courses

11/11/2018

0 Comments

 
Picture
If you haven’t heard, universities around the world are offering their courses online for free (or at least partially free). These courses are collectively called MOOCs or Massive Open Online Courses.

In the past six years or so, over 800 universitieshave created more than 10,000 of these MOOCs. The people at Class Centralhave been keeping track of these MOOCs ever since they rose to prominence.

In the past four months alone, 190 universities have announced 600 such free online courses. Class Central has compiled a list of them and categorized them according to the following subjects: Computer Science, Mathematics, Programming, Data Science, Humanities, Social Sciences, Education & Teaching, Health & Medicine, Business, Personal Development, Engineering, Art & Design, and finally Science.

If you have trouble figuring out how to signup for Coursera courses for free, don’t worry — here’s an article on how to do that,too.
​
Many of these are completely self-paced, so you can start taking them at your convenience. Here is the list of courses.

0 Comments

Uber and Lyft Want to Get You to the Polls

11/4/2018

0 Comments

 
Picture
Every election season, Uber and Lyft jockey for the position of the most civic-minded ride-hailing company by offering various promotions, like free and discounted rides to polling places. This year, both companies are trying something new. On November 6th, Uber will add a new button in its app that will help people find and book rides to their polling place. It’s an extra step that Uber says it hopes will help get out the vote. Lyft also promises something similar. 

Uber. The poll locator will be available to anyone who lives in the US, but it’s targeted at suburban or exurban voters who tend to live outside of walking distance of their polling location. There are a variety of websites where voters can go to find their polling information but pairing that with a transportation service could help bridge the gap between the intention to vote and going to the polls. 

Lyft. The San Francisco-based ride service is also aiming to help its customers find their polling location. The company said in a recent announcement that it would release a “product integration to help passengers find their polling location.” It didn’t, however, specify what that integration would look like.

Surveys indicate that voter enthusiasm is at an all-time high this year, but if history is any indicator, most eligible voters will stay home. Slightly more than one-third of eligible voters turned out across the country in the last midterm elections.

Uber is hoping it can make a small contribution to turnout. “Using our technology and resources, we can help make it easier for every Uber rider in the US to get to their polling place at the push of a button,” Uber CEO Dara Khosrowshahi said in a blog post.

The ride-hail company will also partner with two GOTV organizations, #VoteTogether and Democracy Works, to provide free rides to voters in specific communities. Uber will also help register riders and drivers to vote by sharing voter registration information through the app. An email went out to all Uber drivers this week encouraging them to visit one of Uber’s 125 Greenlight Hubs where they can register to vote. 
​
In August, Lyft saidit planned to give away 50 percent off promo codes with GOTV partners to encourage voter turnout. Neither Uber nor Lyft would say how many free and discounted rides they plan on distributing.
0 Comments

    Author

    Rick Richardson, CPA, CITP, CGMA

    Rick is the editor of the weekly newsletter, Technology This Week. You can subscribe to it by visiting the website.

    Rick is also the Managing Partner of Richardson Media & Technologies, LLC. Prior to forming his current company, he had a 28-year career in technology with Ernst & Young, the last twelve years of which he served as National Director of Technology.

    Mr. Richardson has been named to the "Technology 100"- the annual honors list of the 100 key achievers in technology in America. He has also been honored by the American Institute of CPAs with two Lifetime Achievement awards and a Special Career Recognition Award for his contributions to the profession in the field of technology.

    In 2012, Rick was inducted into the Accounting Hall of Fame by CPA Practice Advisor Magazine. He has also been named to the 100 most influential individuals in the accounting profession in America by Accounting Today magazine.

    In 2017, Rick was inducted as a Marquis Who’s Who Lifetime Achiever, a registry of professionals who have excelled in their fields for many years and achieved greatness in their industry.

    He is a sought after speaker around the world, providing his annual forecast of future technology trends to thousands of business executives, professionals, community leaders, educators and students.

    Picture
    Picture
    Picture
    Picture
    Picture

    Archives

    October 2022
    September 2022
    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    November 2016
    October 2016
    September 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015
    November 2015
    October 2015
    September 2015
    August 2015
    July 2015
    June 2015

    Categories

    All
    Artificial Intelligence
    Audit
    Back Up
    Back-Up
    Blockchain
    Climate
    Cloud
    Collaboration
    Communication
    Coronavirus
    COVID 19
    COVID-19
    Digital Assistant
    Display
    Drone
    Edge Computing
    Education
    Enterprise
    Hardware
    Home Automation
    Internet Of Things
    Law
    Medicine
    Metaverse
    Mobile
    Mobile Payments
    Open Source
    Personalization
    Power
    Privacy
    Quantum Computing
    Remote Work
    Retail
    Robotics
    Security
    Software
    Taxes
    Transportation
    Wearables
    Wi Fi
    Wi-Fi

    RSS Feed

    View my profile on LinkedIn
Powered by Create your own unique website with customizable templates.