Artificial intelligence has the potential to bring a select set of advanced techniques to the table when it comes to cyber offense, researchers say.

Last week, researchers from Darktracesaid that the current threat landscape is full of everything from opportunistic attacks from teen hackers to advanced, state-sponsored assaults, and in the latter sense, attacks continue to evolve.

However, for each sophisticated attack currently in use, there is the potential for further development through the future use of AI.

Within the report, the cybersecurity firm documented three active threats in the wild which have been detected within the past 12 months. Analysis of these attacks – and a little imagination – has led the team to create scenarios using AI which could one day become reality.

"We expect AI-driven malware to start mimicking behavior that is usually attributed to human operators by leveraging contextualization," said Max Heinemeyer, Director of Threat Hunting at Darktrace. "But we also anticipate the opposite; advanced human attacker groups utilizing AI-driven implants to improve their attacks and enable them to scale better."

Trickbot. The first attack relates to an employee at a law firm who fell victim to a phishing campaign leading to a Trickbot infection.

Trickbot is a financial Trojan which uses the Windows vulnerability EternalBluein order to target banks and other institutions. The malware continues to evolve and is currently equipped with injectors, obfuscation, data-stealing modules, and locking mechanisms.

In this example, Trickbot was able to infect a further 20 devices on the network, leading to a costly clean-up process. Empire Powershell modules were also uncovered which are typically used in remote, keyboard-based infiltration post-infection.

AI's Future Role.Darktrace believes that in the future, malware bolstered through artificial intelligence will be able to self-propagate and use every vulnerability on offer to compromise a network.

"Imagine a worm-style attack, like WannaCry, which, instead of relying on one form of lateral movement (e.g., the EternalBlue exploit), could understand the target environment and choose lateral movement techniques accordingly," the company says.

If chosen vulnerabilities are patched, for example, the malware could then switch to brute-force attacks, keylogging, and other techniques which have proven to be successful in the past in similar target environments.

As the AI could sit, learn, and 'decide' on an attack technique, no traditional command-and-control (C2) servers would be necessary.

AI's Future Role.It is possible that AI could be used to further adapt to its environment. In the same manner, as before, contextualization can be used to blend in, but AI could also be used to mimic trusted system elements, improving stealth.

"Instead of guessing during which times normal business operations are conducted, it will learn it," the report suggests. "Rather than guessing if an environment is using mostly Windows machines or Linux machines, or if Twitter or Instagram would be a better channel, it will be able to gain an understanding of what communication is dominant in the target's network and blend in with it."

Take It Slow. In the final example, Darktrace uncovered malware from a medical technology company. What made the findings special was that data was being stolen at such a slow pace and in tiny packages that it avoided triggering data volume thresholds in security tools.

Multiple connections were made to an external IP address, but each connection contained less than 1MB. Despite the small packets, it did not take long before over 15GB of information was stolen.

By fading into the background of daily network activity, the attackers behind the data breach were able to steal patient names, addresses, and medical histories.

AI's Future Role. AI could not only provide a conduit for incredibly fast attacks but also "low and slow" assaults. It can also be used as a tool to learn what data transfer rates would flag suspicion to security solutions.

Instead of relying on a hard-coded threshold, for example, AI-driven malware would be able to dynamically adapt data theft rates and times to exfiltrate information without detection.
​
"Defensive cyber AI is the only chance to prepare for the next paradigm shift in the threat landscape when AI-driven malware becomes a reality," the company added. "Once the genie is out of the bottle, it cannot be put back in again."

You may have recently gotten a message from your bank that, yes, you should read and act upon.
The message being sent by many banks involves a small, but crucial change affecting check deposits made using bank mobile apps on smartphones and other devices.

Depositors must now include the phrase “For Mobile Deposit Only” underneath their signature on all checks deposited using mobile apps. Some banks are also suggesting you add "For Mobile Deposit Only at (Bank Name)" or "For (BANK NAME) Mobile Deposit Only."

This new endorsement requirement, instituted by the Federal Reserve, officially went into effect July 1. It applies to all mobile deposits at all financial institutions, such as PNC Bank, Capital Oneand Legend Bankin Texas.

Without the inclusion of the new phrase, banks say the check may be returned with the notification that your “deposit was rejected due to restrictive endorsement."

The change is meant to protect banks from fraud, which can occur when a check is accidentally, or intentionally, presented at a bank after it already has been deposited via mobile. 

"It’s not like there was rampant fraud, but it was just an area they wanted to tighten up," said Michael Diamond, senior vice president of payments at Mitek Systems, which has digital transaction technology used by more than 6,100 banks.

"This is the banks taking care of themselves," Diamond said. "The channel is very, very, very safe, and the growth is great. More and more people are using it." 
​
Case in point: Bank of America CEO Brian Moynihan said last month that during the April to June period, more customers deposited checks using the bank’s mobile app than in person at bank branches. Overall, 76% of all deposits come through ATMs and mobile deposits, he said.

Google might have just made itself the most significant example of how security keyscan work better than other forms of multi-factor authentication. According to Krebs on Security,ever since Google required over 85,000 of its employees to use physical security keys instead of one-time codes in 2017, it hasn't had a single case of account takeover from phishing. "We have had no reported or confirmed account takeovers since implementing security keys at Google," a company spokesperson said. "Users might be asked to authenticate using their security key for many different apps/reasons. It all depends on the sensitivity of the app and the risk of the user at that point in time."

Security keys like the one made by Yubikey give you a way to log into a website by merely plugging it in and pressing a button. You don't even need to type in your password anymore, much less generate a one-time code. While the method has its weakness, considering it relies on a physical item you can lose, it's considered safer than two-factor authentication, especially the type that sends you codes via SMS. Hackers could intercept messages sent to your device, after all, and gain entry to your account that way.
​
Unfortunately, Universal 2nd Factor (U2F) – that's what you call the type of multi-factor authentication that uses physical keys – support is pretty limited at the moment. You can already depend on it for protection on Chrome, but you'd have to manually activate it on Firefox by going to "about:config" first. Microsoft won't be rolling out U2F compatibility for Edgeuntil later this year, and Apple has yet to reveal whether Safari will ever support the standard. Further, only a few websites and services can use it, including Facebook and password managers such as Keepass and LastPass. It remains to be seen if Google's positive experience with the standard can help it become more widespread, but it's the kind of meaningful testimonial that could give it a massive boost.

Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security. Tokenization, which seeks to minimize the amount of data a business needs to keep on hand, has become a popular way for small and mid-sized businesses to bolster the security of credit card and e-commerce transactions while minimizing the cost and complexity of compliance with industry standards and government regulations.

Payment card industry (PCI) standardsdo not allow credit card numbers to be stored on a retailer's point-of-sale terminal or in its databases after a transaction. To be PCI compliant, merchants must install expensive end-to-end encryption systems or outsource their payment processing to a service provider who provides a "tokenization option." The service provider handles the issuance of the token value and bears the responsibility for keeping the cardholder data locked down. 

In such a scenario, the service provider issues the merchant a driver for the POS system that converts credit card numbers into randomly-generated values or tokens. Since the token is not a primary account number, it can't be used outside the context of a specific unique transaction with that particular merchant. In a credit card transaction, for example, the token typically contains only the last four digits of the actual card number. The rest of the token consists of alphanumeric characters that represent cardholder information and data specific to the transaction underway. 
​
Tokenization makes it more difficult for hackers to gain access to cardholder data, as compared with older systems in which credit card numbers were stored directly in databases and exchanged freely over networks. Tokenization technology can, in theory, be used with sensitive data of all kinds including bank transactions, medical records, criminal records, vehicle driver information, loan applications, stock trading and voter registration.

No doorman? No problem. Amazon introduced a new delivery solution for apartment complexes that promises to deliver both convenience and safety (alongside your actual package, of course). Meet Hub by Amazon, a container that allows for the storage of packages so that they’re not just strewn about a lobby, or worse yet, potentially stolen. The Hubs look just like traditional Amazon lockers, but instead of being installed in public spaces and businesses, they’re instead located in apartment and condominium complexes.

Best of all, the Hub isn’t just for Amazon deliveries – instead, if your mother wants to FedEx a care package to you while you live your big city dreams, the package can reside safely in Hub until you have finished with your 12-hour workday. Neither senders nor recipients have to make any specifications when it comes to getting their packages delivered – you still input your regular shipping address, and the Hub merely serves as a temporary stopover until you return home. When you’re ready to pick up, use a personalized pickup code to open the corresponding door and access your delivery.

“We’re always striving to make things easier for our customers. Building on Amazon’s expertise in locker solutions, the Hub addresses frustrations from property owners, carriers, and residents concerning package delivery,” Patrick Supanc, director, Amazon Worldwide Lockers and Pickup, said in a statement. “Now half a million residents in some of the premier properties in the country have access to the Hub, Amazon’s latest delivery solution. The Hub simplifies delivery for residents, offering quick and secure access to packages, day or night. For delivery providers, it offers a single, convenient location for package drop-off and gives property managers time and resources back to focus on other priorities.”

This could serve as a huge help to folks who live in buildings with tricky delivery schedules. You will no longer have to worry about staying home to wait on a package to arrive, nor will you have to remember to ask your building staff about that delivery that was supposed to come last week. Building managers will likely also appreciate the convenience offered by Hub – rather than requiring property staff to declutter a lobby or send packages to the proper apartment unit; everything can be centralized in Hub.
​
Already, Amazon says that several of the largest residential property owners in the U.S. have signed up for Hub and that more than 500,000 apartment dwellers already have access to the amenity. If you’re interested in petitioning your building to include one of these handy lockers, you can request Hub by Amazon at the newly dedicated homepage.

Remember that Russian router malware warningfrom last week? The situation is even worse than we originally thought, and a whole lot more router owners are going to have to factory-reset their devices and install firmware updates.

Not only are many more Linksys, MicroTik, Netgear and TP-Link routers vulnerable to the VPNFilter malware, according a recent report from Cisco Talos labs, but several Asus and D-Link models are now also thought to be vulnerable, as well as a couple of Ubiquiti routers and individual Huawei, Upvel and ZTE devices. In all, nearly 70 devices are impacted, including QNAP network-attached-storage drives.

The malware itself has a previously unnoticed capability: It can stage a man-in-the-middle attackon your web traffic, altering what you see online and possibly hiding other nefarious deeds.

"They can manipulate everything going through the compromised device," a Cisco Talos researcher told Ars Technica. "They can modify your bank-account balance so that it looks normal while at the same time they're siphoning off money."

How to Protect Yourself. To really be protected from VPNFilter, you need to first fully update your router's firmware, then write down all your Wi-Fi network names and passwords, and finally factory-reset your router.
Once you've done all that, change the router's administrative username and password, then recreate the original network names and access passwords so that your Wi-Fi-enabled devices can reconnect without trouble.

To be safe, ALL routers should be updated and factory-reset because of the VPNFilter malware, despite that being an arduous process, because we don't know where this is going to end.

The malware seems to infect only devices that are known to have had security flaws, all of which have fixes available. If you've kept up on your router patches, or your router patches itself automatically, you probably haven't been infected. Unfortunately, there's no way of knowing for sure.

Only a factory reset will remove the malware, which contains a beachhead module that survives regular reboots; only firmware patches will prevent you from being infected again. Ten days ago, the FBI took down a server from which the beachhead module got instructions to download additional malware components, but it appears that a fallback mechanism lets the beachhead module use other sources.

Visa and Mastercard have chips embedded in hundreds of millions of credit and debit cards around the world. They're used in more than 200 countries and process billions of payments each year. And they both intend to create bank cards that use your fingerprint instead of a PIN. 

Early trials of cards with fingerprint scanners built-in are underway, and success could eventually result in the death of the humble PIN. "A four-digit PIN is pretty good security – obviously, six, seven or eight digits are better, but it is very hard for people to remember," says Bob Reany, an executive vice president at Mastercard, who is working on the firm's biometric cards. "[This] security is going to be better than a PIN."

In April 2017, Mastercard started testing a biometric card in South Africa. The new card looks the same as any other bank card but has a small biometric scanner in the top right-hand corner. When a finger is placed on the sensor, it can recognize if it is a match with stored data and then authorize the payment.

Mastercard now has more trials running in Bulgaria, and Reany says thousands of fingerprint-detecting cards will be tested elsewhere in the world later this year. "We've gotten the algorithms in great shape, now we're doing matching on the native device where the template is captured, and we're ready to go to market at some scale," he says. Crucially, in the coming months, banks will be issuing them to regular customers for the first time. Reany won't reveal exactly where the cards will be given to people, but he says more announcements are coming. "I think you're going to see pockets of Europe go pretty quickly," Reany says of potential adoption. 

Rival Visa is also testing biometric cards in Cyprus with the country's national bank and security company Gemalto, which has been creating the cards for both of the major payment companies, says it has produced "tens of thousands" of biometric cards for tests. 
​
Ultimately, payment companies are continuing to develop biometric bank cards, and trials are getting bigger. At their very least, biometric cards will offer a slightly more convenient way to pay, but they may also evolve with increasing use of fingerprint technology in other areas of people's lives. As Berg says: "People forget their PINs but very rarely do you go out without your fingers."

You might want to think twice before plugging your iPhone into a friend’s laptop for a quick charge. 
Security researchers have discovered an all-new type of iOS hack called “trustjacking” that uses a little-known Wi-Fi feature to access a device’s data, even when the targeted device isn’t in the same location anymore.

The hack works this way: 

             1) An iPhone user plugs into the USB port on a friend’s computer.

             2) iOS asks if you want to trust the computer and mentions that it will have access to your data.

             3) You can then enable iTunes Wi-Fi Sync from the PC giving the devices the ability to communicate
​                 anytime they’re on the same network. Hence the name “trustjacking.”

iTunes Wi-Fi Sync is a useful feature when you’re at home and connected to a network you trust. But researchers at Symantec say, “everything is possible,” as far as attacks go if you trust the wrong computer.

The Discovery of Trustjacking. “We discovered this by mistake actually,” said Symantec’s Adi Sharabani in an interview with Wired.” Roy was doing research, and he connected his iPhone to his computer to access it. But accidentally he realized that he was not connected to his own phone. He was connected to one of his team members’ phones who had connected their mobile device to Roy’s desktop a few weeks before. So, Roy started to dig into what exactly he could do and find out if he were an attacker.”

Once your iPhone is synced to a hostile computer, the attacker could install malware on your phone or initiate a backup to pull all your photos, apps and text messages. Hackers could also use the flaw to watch your screen in real-time and take screenshots that sync back to their computer.

The good news is researchers haven’t found any instances of trustjacking attacks out in the wild yet. That doesn’t mean they don’t exist though. Apple tweaked the Wi-Fi Sync feature with iOS 11 so that it asks for the device’s passcode before trusting. Researchers say Apple needs to do more though to let users see what networks they’ve given trust to. 

If you’re worried that you may have given a malicious computer access to your iPhone you can scrub all your connections by going to Settings >> General >> Reset >> Reset Location & Privacy.

What's the first thing you do when you arrive at your hotel? Check into Wi-Fi, obviously. Everything else, like unpacking, eating, drinking, and enjoying yourself, comes after.

But a new report by NBC’s Today Show has raised concerns about the safety of your personal information while using hotel Wi-Fi.

According to journalist Jeff Rossen from The Sun, he and a security expert, set up fake Wi-Fi hotspots at a hotel in Cancun, Mexico to see how easy it would be to steal personal information from guests. The pair duped guests by naming their Wi-Fi similar to the official hotspots and were able to see transactions, flight info, and banking info when anyone logged on.

So, what can you do to stay safe? Make sure you ask someone working at the hotel for the official Wi-Fi network name before attempting to log on. Today's advice is to enter the wrong room number in the system when it asks for it. If you are allowed in any way, the Wi-Fi is probably dodgy, while real hotspots won't let you access them without the correct information.

Another option is to invest in a Virtual Private Network (VPN). We covered VPNs in Issue 2-42 and Issue 4-13.
​
Rossen and the security expert also suggested hitting 'forget this network' whenever you leave a place so that you are never automatically logged onto a network without realizing it.

Self-driving cars may be getting all the attention, but the significant impact of artificial intelligence and machine learning in the enterprise is in cybersecurity, and especially in securing data center networks. And given all the threats data centers are facing this year the help is much needed.

According to a recent survey of 400 security professionals by Wakefield Research and Webroot, 99% of US respondents believe AI overall could improve their organizations’ cybersecurity. And 87% report their teams are already using AI as part of their cybersecurity strategy. In fact, 74% of cybersecurity professionals in the US believe that within the next three years their companies will not be able to safeguard digital assets without AI.

AI and machine learning are being used to spot never before seen malware, recognize suspicious user behaviors, and detect anomalous network traffic.

According to the survey, 82% of US respondents said AI could spot threats that would otherwise be missed. But finding problems is just the first brick in the defensive wall. Intelligent systems can also detect indicators that pose the biggest threats, suggest actions such as re-imaging servers or isolating network segments, and even carry out remediation actions automatically.

AI can also:
          • Collect and analyze forensic data
          • Scan code and infrastructure for vulnerabilities, potential weaknesses, and configuration errors
          • Make security tools more powerful and easier to use
          • Learn from experience to adapt quickly to changing conditions.

All that has the potential to improve security and user experience dramatically said David Vergara, head of global product marketing at VASCO Data Security, which provides identity and authentication solutions to more than half of the world's top 100 banks and financial institutions.

Human Security Pros Overwhelmed by Data. There is hype around AI in data centers, Vergara said, but it’s based on real benefits. "It is centered on compelling use cases, ranging from improved situational awareness via trend analyses that drive recommended actions to predicting failures and spotting intrusions through anomalous pattern detection."

One of the biggest strengths of AI and machine learning is its ability to handle large volumes of data very quickly.

"The number of physical and virtual assets in the data center continues to grow," said Manoj Asnani, VP of product and design at Balbix. "Without AI, it is not possible for enterprises to be prepared for continuously evolving attack surfaces."

Humans cannot handle all the information fast enough or react with enough speed to address the risks, he said.

Take, for example, manually changing firewall rules when things change in a data center, said Josh Mayfield, director at cybersecurity vendor FireMon. With virtual machines, micro-segmentation, and on-demand computing, a data center's configuration can shift faster than humans can keep up.

"The Machine Learning and Artificial Intelligence capabilities do this on our behalf," he said. "They recognize compliance drifting in the data center, then adjust and write a new firewall rule to pull it back. They pick up a new application that needs to be secured under a set of conditions and automatically write the firewall rule needed to fortify the new app. Something moves from one data center to another – or within the same data center – [and] they write the new firewall rule."

Measuring Server Heat to Spot Trouble. Intelligent systems can also spot behaviors that are too subtle for humans, said Terry Ray, chief product strategist at cybersecurity vendor Imperva.

For example, AI and machine learning can be used to model hardware temperatures and compare them to typical activities or compare individual users' access times to their peers to spot suspicious anomalies.

The largest and most forward-looking companies will invest heavily in AI expertise to get an AI-powered advantage. But even smaller data center operators will benefit because most, if not all, of the top cybersecurity vendors, are adding AI to their products.

"If vendors have not yet adopted some form of machine learning into their offerings, they’re likely behind the curve of their peers," said Ray.
​
This is resulting in a rapid spread of embedded AI and machine learning in security technologies used by data centers. "The IT application of AI and machine learning is growing at a much faster rate than what we have seen previously," Ray said.