A Review of the Best News of the Week on AI, IoT, & Mobile Security

Tracking down the developer of Android adware affecting millions of users (ESET, Oct 24 2019)
ESET researchers discovered a year-long adware campaign on Google Play and tracked down its operator. The apps involved, installed eight million times, use several tricks for stealth and persistence.

How to reduce the risk posed by vulnerabilities in IoT/ICS networks? (Help Net Security, Oct 23 2019)
Some of the top CyberX report findings noted that these networks have outdated operating systems (71 percent of sites), use unencrypted passwords (64 percent) and lack automatic antivirus updates (66 percent).

How 18 Malware Apps Snuck Into Apple’s App Store (Wired, Oct 25 2019)
…the apps, which ranged from a calculator to a yoga pose repository, ran invisible ads in the background of the device, generating phony website clicks to inflate ad revenues.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~11,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

The AI (R)evolution: Why Humans Will Always Have a Place in the SOC (Dark Reading, Oct 22 2019)
In cybersecurity, the combination of men, women and machines can do what neither can do alone — form a complementary team capable of upholding order and fighting the forces of evil.

Despite enthusiasm for AI adoption, governments are experiencing challenges (Help Net Security, Oct 28 2019)
Public-service executives in Europe are optimistic and enthusiastic about the impact of artificial intelligence (AI) on government operations and services but face challenges implementing the technology, according to a study issued by Accenture.

Mozilla and Element AI want to build ‘data trusts’ in the artificial intelligence age (The Next Web, Oct 29 2019)
The gathered data, according to the planned digital governance model, will not be sold, used for advertising, or shared without people’s permission. But the proposals have also courted surveillance concerns.

Your smart doorbell may be collecting more data than you think, study finds (WeLiveSecurity, Oct 25 2019)
The study tested 81 IoT devices to analyze their behavior and tracking habits, and in some cases brought rather surprising findings

The Threat to SoHo IoT Devices is Growing Rapidly (SecurityWeek, Oct 25 2019)
A network of 50 honeypots deployed around the world has been catching and monitoring attacks against IoT devices. Such detected attacks have increased almost nine-fold between H1 2018 and H1 2019, from 12 million to 105 million. During the same period, the number of unique attacking IP addresses increased from 69,000 to 276,000.

Most decision makers expect AI and 5G to impact their cybersecurity strategy (Help Net Security, Oct 29 2019)
An overwhelming majority of cybersecurity and risk management leaders believe that developments in 5G wireless technology will create cybersecurity challenges for their organizations. Their top three 5G-related concerns are greater risk of attacks on Internet of Things (IoT) networks, a wider attack surface and a lack of security by design in 5G hardware and firmware.

Smart cities must be cyber‑smart cities (WeLiveSecurity, Oct 23 2019)
As cities turn to IoT to address long-standing urban problems, what are the risks of leaving cybersecurity behind at the planning phase?

New Variant of Gustuff Android Banking Trojan Emerges (SecurityWeek, Oct 22 2019)
Recent Gustuff Android banking Trojan campaigns featured an updated malware version, Cisco Talos security researchers report.

5G Myth Busting: Unpacking the Cybersecurity Risks and Realities (SecurityWeek, Oct 23 2019)
The full potential of 5G lies in enterprise adoption of this technology. Moving files, accessing applications and data in the cloud, electronic communication and more will all be possible at speed, without needing to find a Wi-Fi hotspot. Additionally, this means the rich analytics that can be gathered from these activities will feed machine learning technology that drives improvements and efficiencies to reduce costs, improve business outcomes and provide a better customer experience.

Blacklisted apps increase 20%, attackers focus on tax-branded key terms (Help Net Security, Oct 25 2019)
Despite the 20% increase in blacklisted apps in Q2, the number of blacklisted apps in the Google Play Store decreased by a dramatic 59%.
The percentage of blacklisted apps relative to the total number of apps known also increased for the second-straight quarter, jumping from 1.95% to 2.1%.
2,554,616 apps have been detected, a nearly 11% increase in app downloads from Q1.

AT&T Faces New $1.8 Million Lawsuit Over Sim Hijacking Attack (VICE, Oct 24 2019)
Neither carriers nor the FCC are doing enough to protect consumers from the rise of such attacks.

Is Voting by Mobile App a Better Security Option or Just ‘A Bad Idea’? (Dark Reading, Oct 28 2019)
Security experts say voting by app adds another level of risk, as mobile-voting pilots expand for overseas military and voters with disabilities.