A Review of the Best News of the Week on AI, IoT, & Mobile Security

IoT Threats Triple Since 2017 (Dark Reading, Sep 18 2018)
The report shows that simple, brute-force attacks on passwords were still the most commonly used techniques to breach IoT security, making up at least part of 93% of the attacks seen. Those attacks compromised a wide variety of devices, which were then used for malicious cryptocurrency mining, DDoS attacks, the inclusion of devices in botnet threats, and more. While 60% of the devices used to hit the Kaspersky Labs honeypots were routers, DVRs, printers — and even 33 washing machines — were in the mix.

Pegasus Spyware Used in 45 Countries – Schneier on Security (Schneier on Security, Sep 24 2018)
The malware can operate on both Android and iOS devices, albeit it’s been mostly spotted in campaigns targeting iPhone users primarily. On infected devices, Pegasus is a powerful spyware that can do many things, such as record conversations, steal private messages, exfiltrate photos, and much much more.

China’s leaders are softening their stance on AI (MIT Technology Review, Sep 25 2018)
A year after announcing an aggressive plan to dominate artificial intelligence, China’s vice premier has called for international collaboration.

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.

QAnon Is Trying to Trick Facebook’s Meme-Reading AI (Wired, Sep 18 2018)
How should Facebook balance transparency about its automated systems with security?

Better security needed to harness the positive potential of AI, mitigate risks of attacks (Help Net Security, Sep 20 2018)
Survey respondents identify social engineering, manipulated media content and data poisoning as the types of malicious AI attacks that pose the greatest threat to society within the next five years.

Why humans are necessary to the threat hunting process (Help Net Security, Sep 19 2018)
However, discovering that this phishing domain was setup by a state-sponsored Chinese APT group trying to conduct cyber espionage is much more valuable long-term intelligence. This information can help you make longer term strategic decisions to defend against future attacks from this group.

Spending on cognitive and AI systems to reach $77.6 billion in 2022 (Help Net Security, Sep 21 2018)
Spending on cognitive and AI systems will reach $77.6 billion in 2022, more than three times the $24.0 billion forecast for 2018. The compound annual growth rate (CAGR) for the 2017-2022 forecast period will be 37.3%.

Artificial intelligence weaponry successfully trialled on mock urban battlefield (The Telegraph, Sep 25 2018)
The system, that was developed by British experts, uses space age technology to monitor and track opposing forces in built up areas.

Key weapon for closing IoT-era cybersecurity gaps? Artificial intelligence (Help Net Security, Sep 19 2018)
Ponemon researchers found that the majority of IT security teams believe that a key gap in their company’s overall security strategy is their inability to identify attacks that use IoT devices as the point of entry.

Mirai Botnet Authors Avoid Jail Time (Krebs on Security, Sep 19 2018)
“Mirai enslaves poorly secured “Internet of Things” (IoT) devices like security cameras, digital video recorders (DVRs) and routers for use in large-scale online attacks.”

The IoT in 2030 | Part 1: The impact on our lives (Gemalto, Sep 18 2018)
Gemalto surveyed 2500 consumers from 7 countries about their hopes and fears for the coming IoT revolution.

Peekaboo: Don’t Be Surprised by These Not So Candid Cameras (Tenable Blog, Sep 17 2018)
Tenable Research discovered a major software flaw, dubbed Peekaboo, which gives cyber criminals control of certain video surveillance cameras, allowing them to secretly monitor, tamper with and even disable feeds.

How the HTC Exodus Blockchain Phone Plans to Secure Your Cryptocurrency (Wired, Sep 19 2018)
The HTC Exodus aims instead for something of a compromise. It isn’t quite cold storage, but at least it empowers users by allowing them to hold their own keys. It does so by placing them in a so-called trusted execution environment, a part of an ARM chip called TrustZone. The secure enclave sits apart from the operating system, designed to inoculate precious cargo even in the event of a broader breach. Think of it as a smartphone’s panic room.

Bogus finance apps on Google Play target users worldwide (Help Net Security, Sep 19 2018)
Uploaded to Google’s official app store in June 2018 and collectively downloaded and installed over a thousand times, upon launch the apps would immediately request the user to enter credit card details and/or login credentials to the targeted bank or service.