A Review of the Best News of the Week on AI, IoT, & Mobile Security
Yes, Cops Are Now Opening iPhones With Dead People’s Fingerprints (Forbes, Mar 27 2018)
First attempt detailed after a stabbing in Ohio in 2016, but others have followed, say sources.
Gartner Says Worldwide IoT Security Spending Will Reach $1.5 Billion in 2018 (Gartner, Mar 21 2018)
A recent CEB, now Gartner, survey found that nearly 20 percent of organizations observed at least one IoT-based attack in the past three years. To protect against those threats Gartner, Inc. forecasts that worldwide spending on IoT security will reach $1.5 billion in 2018, a 28 percent increase from 2017 spending of $1.2 billion.
Android Banking Trojan Fakebank Adds Vishing Dimension (Infosecurity Magazine, Mar 20 2018)
The malware will intercept mobile calls and direct victims to a scammer impersonating a bank agent.
Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report
“Do They Have AI?” or That Rant on AI in Security (Gartner Blog Network, Mar 21 2018)
Q: How do you know that a security vendor REALLY uses AI in their product?
A: If they say they do it, then you know they don’t.
AI deployments to drive investments in storage, networking, and cloud infrastructure (Help Net Security, Mar 21 2018)
According to a new report from Tractica, of the three key parts of hardware infrastructure – compute, networking, and storage – compute has made significant progress in the last couple of years. The other two areas, storage and networking, are lagging behind and have yet to see major innovations pertaining to AI applications.
The future of computer security is machine vs machine (CSO Online, Mar 20 2018)
Better security automation at the OS level and via cloud services will force hackers to respond in kind.
Artificial Intelligence is the Future for Cybersecurity (SC Magazine, Mar 22 2018)
The entire industry needs to work towards a model that reduces human error while enabling and enhancing human oversight. The cybersecurity team of the future is much more than the narrow view of humans installing patches in combination with flawed, limited hardware or antiquated cloud-based solutions.
Understanding the Relationship Between AI and Cybersecurity (IBM Security Intelligence, Mar 22 2018)
One of the most significant potential benefits of AI technology is malware attribution. If you know your attacker and can respond quickly, according to Mimran, “the chances you will be hitting back your true adversary are higher if you can react in real time.”
Slingshot Malware Uses IoT Device in Targeted Attacks (Tenable Blog, Mar 19 2018)
So far, only one vendor’s router, MikroTik, has been reliably identified as being used in the compromise. MikroTik is based out of Riga, Latvia, and markets routers and wireless ISP systems to a global user base.
Penn State secures building automation, IoT traffic with microsegmentation (Network World Security, Mar 26 2018)
BACnet is a communications protocol for building automation and control (BAC) systems such as heating, ventilating and air conditioning (HVAC), lighting, access control and fire detection. Penn State standardized on BACnet because of its openness.
The password to your IoT device is just a Google search away (Naked Security – Sophos, Mar 22 2018)
Researchers at Ben-Gurion University were often able to find default passwords in under 30 minutes with a simple Google search.
The Consumerization of IoT (Gartner Blog Network, Mar 22 2018)
Consumerization of IT is a term that describes how technologies emerge and grow first in the consumer market, and then spread to enterprises. I think we will see the same phenomenon in IoT and immersive technologies.
Malicious apps in app stores decrease 37 percent (Help Net Security, Mar 22 2018)
Malicious mobile apps were on the decline in Q4 of 2017 largely due to a decrease in the inventory of AndroidAPKDescargar, the most prolific dealer of blacklisted apps, according to RiskIQ in its Q4 mobile threat landscape report, which analyzed 120 mobile app stores and more than 2 billion daily scanned resources.
TeleRAT: Another Android Trojan Leveraging Telegram’s Bot API to Target Iranian Users (Palo Alto Networks Blog, Mar 20 2018)
While Android malware abusing Telegram’s Bot API to target Iranian users is not fresh news (the emergence of a Trojan using this method called IRRAT was discussed in June and July 2017), we set out to investigate how these Telegram Bots were being abused to command and control malicious Android applications.
How Siri leaks your private iPhone messages, and how to stop her (Naked Security – Sophos, Mar 22 2018)
We haven’t tested out the details of this new bug ourselves, but the security hole seems to open up if you have:
Siri turned on.
Siri enabled on your lockscreen.
Siri set to activate when you say “Hey, Siri.”
One or more messaging apps set to Allow Notifications.
Those apps set to Show Previews When Unlocked.
Crooks infiltrate Google Play with malware in QR reading utilities (Naked Security – Sophos, Mar 23 2018)
We reported the offending apps to Google, and they’ve now been pulled from the Play Store, but not before some of them attracted more than 500,000 downloads.