Avast blog: Using AI as an offensive cyber weapon

The rise of offensive AIAI is a double-edged sword. It has enabled the creation of software tools that have helped to automate tasks such as prediction, information retrieval, and media synthesis, which have been used to improve various cyber defensive measures. However, AI has also been used by attackers to improve their malicious campaigns. For example, AI can be used to poison ML models and thus target their datasets and steal login credentials (think keylogging, for example). I recently spent some time at a newly created Offensive AI Research Lab run by Dr. Yisroel Mirsky. The lab is part of one of the research efforts at the Ben Gurion University in Beersheva, Israel. Mirsky is part of a team that published a report entitled “The Threat of Offensive AI to Organizations”. The Offensive AI Research Lab’s report and survey show the broad range of activities (both negative and positive) that are made possible through offensive AI.

You can read my latest post for Avast’s blog here.

Qualys annual user conference live blogging

Qualys’ annual security conference returned to a live-only event this week at the Venetian Hotel in Las Vegas, and the keynote addresses started things off on a very practical note… about selling coconuts, toasters, and carbon monoxide detectors. The first two keynotes featured speeches from both Shark Tank celebrity businessman and CEO of Cyderes, Robert Herjavec, and Qualys’ President and CEO, Sumedh Thakar. Both spoke around the similar theme of qualifying and quantifying digital cyber risks.

I am doing near-time blogging of their show, and this was the first of a series of posts.

The second post was a recap of the first day’s events, and included highlights from some of their customers and product team as they took a deeper dive into TotalCloud.

The third post profiled the special launch of the Qualys Threat Research Unit, showing some of its research and how it compiles threat intel and works with various industry bodies to share this data.

The next post highlights some of Qualys’ customers who came to the event to tell some of their stories about how their companies have benefitted from their products.

My final post recaps the second day of the conference sessions and some of the more interesting aspects of various Qualys products.

How Red Cross volunteer Dianne Tattitch helped with the Florida floods of Hurricane Ian

One of the fun volunteer jobs that I have is talking to American Red Cross volunteers about the wonderful work they do to help others in need. I recently wrote this post for the local chapter’s blog about the efforts of Dianne Tattitch (who works in IT for Mastercard) and what she did for those impacted by Hurricane Ian in Florida. Here she is helping with her guest’s laundry needs.


Avast blog: CISA recommendations on providing phishing-resistant authentication

The US Cybersecurity and Infrastructure Security Agency (CISA) has recently published a fact sheet on implementing phishing-resistant multi-factor authentication (MFA). The publication is in response to a growing number of cyberattacks that leverage poor MFA methods. “Not all forms of MFA are equally secure. Some forms are vulnerable to phishing, push bombing attacks, exploitation of Signaling System 7 (SS7) protocol vulnerabilities, or SIM swap attacks,” the agency writes. The strongest form of phishing protection is to employ FIDO2 or WebAuthn-based tokens as your MFA method, what CISA calls the “gold standard.”

You can read more at my latest blog post for Avast here.

Once again an Enactus judge

Once again I had an opportunity to judge several collegiate entrepreneurial efforts as part of the Enactus 2022 world cup competition. I was a virtual judge at last year’s competition and wrote about my experience then. This time around I was working with four teams, each of which had rather innovative ways to make and sell cattle feed. Now, such a mundane topic you wouldn’t think much of, and you would be wrong. I didn’t get to judge the ultimate winner, a team from Egypt. But I was impressed with the Tunisian team from the Higher Institute of Computer Science of El Manar. You can see their Enactus Report document here. What was impressive about the Tunisian students was how focused they were on solving several problems with their venture. First, they wanted to eliminate the use of imported corn and soy feedstocks that were very expensive for the ultimate feed product. They wanted to make use of by-products for human food production that could be used in animal feeds, and increase the nutritional value of the feed to provide better health and muscle production. Their project generated a net income of US$25,000 with 40 farmers using the feed that was a third cheaper than the existing commercial feed, produced entirely with Tunisian sources. They have plans to expand their project to neighboring countries next year.


Avast blog: The latest challenges to Section 230 reach the Supreme Court

The 2015 murder of the 23-year ago American student Nohemi Gonzalez is about to take center stage in a case that has made its way to the US Supreme Court. The woman was one of 129 people killed in Paris by a group of ISIS terrorists. Her estate and family members sued Google, claiming that a series of YouTube videos posted by ISIS are the cause of the attack (and her death), and requests damages as part of the Anti-Terrorism Act.

At the heart of the resulting Gonzalez v. Google case lies Section 230 of the Communications Decency Act of 1996. This section has been routinely vilified by various political groups, who claim that the protections under this section against civil suits should be struck down. For my latest blog for Avast, I summarize the various issues that are facing the court and implications for online communications.

The arguments are transcribed here.


Authenticating world-class artwork isn’t easy

I have been writing about authentication when it comes to the digital world for many years now. Last month I looked at authenticating sports memorabilia. Today’s story takes another look, this time about the ability to authenticate a painting by a world-class artist.

I got interested in this issue after reading a piece in the New Yorker about paintings by Lucien Freud (a relative of the doctor). The article mentioned a Swiss tech company called Art Recognition that uses machine learning and neural networks to authenticate art. I spoke to two of their 11 employees by phone to learn more about their technology and their customers, Ludovica Schaerf, an AI developer and data scientist and Romanas Einikis, their CTO and one of their founders.

Before the Swiss data scientists got involved, art experts required the actual artworks to be present in their own labs. This meant that the art had to be insured and shipped, typically great distances and at great cost. Once in their possession, the experts could keep the work for weeks or months as they examined it. “We don’t require the physical artwork in our presence,” said Einikis. “That saves on insurance and transportation costs, and also reduces the amount of time to obtain an analysis.” The scientists just require photographs of the work, and typically take a week to produce their analysis. A simple certification of authenticity costs less than $1,000.

The data team collects as many images of the artist’s work as they can obtain, typically from public domain sources or from museum and collectors’ websites. (This is legal under Swiss law, BTW.) These pictures — along with known fakes and similar work from other contemporary artists’ paintings  — are fed into more than 30 different data models that are run to produce a probability score. The models take advantage of cloud computing from AWS and Azure. “It doesn’t make sense to have on-premises machinery – it is a big headache and not worth it and the cloud is much more cost-effective,” he said. The models make use of NVIDIA GPUs and the CUDA tools for computer vision that were originally developed for video gaming.

To date, the company has found about half of the art works are fakes, which isn’t surprising given that the company gets called in when their provenance is questionable.

I asked a friend and former art gallery owner what she thought about this approach. She said that the art world is highly political and the traditional experts often have a vested interest in not being convinced by any computer program. She was concerned that many artists’ early works or unfinished works make this type of approach more difficult, but Einikis assured me that their models take this into account, along with incorporating information about which paintings were most likely created as collaborations among several assistants to the named artist. He mentioned that Reubens had periods of his painting career when his workers were helping paint the paintings. “We have to separate these different periods as part of our modeling process,” he said. So far, they are the sole provider of this type of service. It is an interesting intersection of art and science.

Avast blog: The IRS warns smishing attacks are on the rise

In a new blog for Avast, I report on a new study from the IRS which shows that smishing attacks — phishing using SMS text alerts– is on the rise. My wife and I have seen numerous messages that typically are phony package delivery acknowledgements on packages that we never ordered, or offers to send us money out of the blue.

The IRS said the attacks have increased exponentially, especially texts that appear to be coming from the taxing agency. It’s important to note that no matter who you are or your particular tax situation, the IRS never communicates with anyone in this fashion, or by email either. “It is phishing on an industrial scale,” said IRS commissioner Chuck Rettig.

Avast blog: Cryptojacking is back in the news – and it’s increasing

In my latest blog for Avast, I discuss the current state of affairs regarding cryptojacking — malware which takes root on your computers and generates crypto currency “mining” and creation. How it is detected and prevented. It has lots of current appeal to criminals because it continues to provide low risks for the rewards and profits generated: typically, the profit margin is about two percent of the computing costs for the resulting coins mined.

CSOonline: Secure web browsers for the enterprise compared

The web browser has long been the security sinkhole of enterprise infrastructure. While email is often cited as the most common entry point, malware often enters via the browser and is more difficult to prevent. Phishing, drive-by attacks, ransomware, SQL injections, man-in-the-middle, and other exploits all take advantage of the browser’s creaky user interface and huge attack surface, and the gullibility of most end users.

Enter the secure browser, which is available in a variety of configurations (as shown above) that can help IT managers get a better handle on stopping attackers from getting a foothold inside our networks.

I looked at four browsers in a variety of configurations in my latest review for CSOonline: