Connect with us

Tech

Kaspersky researchers: Targeted email attacks on the rise

Published

on

According to Kaspersky researchers, another targeted threat to watch out for is corporate doxing – the process of gathering confidential information about an organisation and its employees without their agreement to harm them or profit from it.

In a press release on Monday (29 Mar), the global cybersecurity firm stated that proliferation of publicly available information, data leaks, and advancement of technology are leading to a state in which tricking employees into giving out confidential information or even transferring funds is “becoming easier than ever before”.

Kaspersky noted that one of the methods used to dox organisations is Business Email Compromise (BEC) attacks. BEC attacks are targeted attacks in which criminals initiate email chains with employees by impersonating someone from the company.

In February 2021 alone, it detected 1,646 of such attacks – underlining the vulnerability of organisations when it comes to the exploitation of publicly available information.

Kaspersky explained that the general purpose of such attacks is to extract confidential information, such as client databases, or to steal funds.

For instance, its researchers regularly analyse cases in which criminals impersonate one of the target organisations’ employees using emails very similar to the real ones to extract funds.

An example of a BEC attack with banking details replacement (Source: Kaspersky)

According to Kaspersky, such attacks would not be possible on a massive scale without criminals gathering and analysing public information available on social media and beyond, such as names and positions of employees, their whereabouts, vacation times, and connections.

However, it noted that BEC attacks are just one type of attack that exploits publicly available information in order to harm an organisation.

Kaspersky went on to say that the diversity of ways organisations can be doxed is staggering and, besides the more obvious methods such as phishing or compiling profiles on organisations using data leaks, includes more creative, technology-driven approaches.

One of the most trending corporate doxing strategies is identity theft

It is noteworthy that one of the most trending corporate doxing strategies is said to be identity theft.

As a general rule, doxers rely on information to profile specific employees and then exploit their identity. Kaspersky explained that new technologies, such as deepfakes, make such initiatives easier to execute provided there is public data to begin with.

For instance, a deepfake video believed to be some organisation’s employee could harm the company’s reputation – and to create it. Doxers would simply need some kind of visual image of the target employee and basic personal information.

Voices could also be abused – a top-level speaker presenting on the radio or in some podcast could potentially end up having their voice recorded and then imitated later – for instance, in a call to accounting requesting an urgent banking transfer or sending over clients’ database.

“While doxing is generally believed to be an issue for regular users – we often see it figure in social media scandals – corporate doxing is a real threat for an organisations’ confidential data and one that should not be overlooked,” said Roman Dedenok, security researcher at Kaspersky.

“The doxing of organisations, just as of people, may result in financial and reputational losses, and the more sensitive the confidential information extracted is, the higher the harm. At the same time, doxing is one of the threats that could be prevented or at least significantly minimised with strong security procedures within an organisation,” he added.

Read about the threat of doxing, and where one’s data may end up here.

In order to avoid or minimise the risk of a successful attack on an organisation, Kaspersky recommends the following measures:

  • Establish a rigid rule to never discuss work-related issues in external messengers outside of the official corporate messengers, and train your employees to strictly adhere to this rule.
  • Help employees become more knowledgeable and aware of cybersecurity issues. This is the only way to effectively counteract the social engineering techniques that are aggressively used by cybercriminals. To do so, you could use an online training platform.
  • Educate employees on basic cyber threats. An employee who is well versed in cybersecurity issues will be able to thwart an attack. For instance, if they receive an e-mail from a colleague requesting information, they will know to first call the colleague to confirm that they actually sent the message.
  • Utilise anti-spam and anti-phishing technologies.
Continue Reading
Click to comment
Subscribe
Notify of
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments

International

Brain implants could restore paralyzed patients’ arm movements

In a groundbreaking development, a paralyzed Swiss man tests AI-enabled technology that translates his thoughts into nervous system signals, enabling arm and hand movement through brain-computer interface and spinal implant.

Published

on

WASHINGTON, UNITED STATES — A paralyzed Swiss man has become the first person to test a new technology that reads his thoughts using AI and then transmits signals through his own nervous system to his arms, hands and fingers in order to restore movement.

The treatment, a combination of a brain-computer interface and a spinal implant, had previously allow a paraplegic patient to walk again, a breakthrough that was published in the scientific journal Nature in May.

But this is the first time it’s being used for “upper extremity function,” Onward, the Dutch company behind it, said Wednesday.

“The mobility of the arm is more complex,” surgeon Jocelyne Bloch, who carried out the implantation procedures, told AFP.

Though walking comes with its own challenges — notably balance —  “the musculature of the hand is quite fine, with many different small muscles activated at the same time for certain movements,” she said.

The patient, who wishes to remain anonymous, is a 46-year-old who lost the use of his arms after a fall. Two operations were carried out last month at the Lausanne University Hospital in Switzerland.

The first involved removing a small piece of cranial bone and inserting in its place the brain implant, which was developed by the French group CEA-Clinatec and measures a few centimeters in diameter.

In the second, surgeons placed a stimulator roughly the size of a credit card developed by Onward inside the patient’s abdomen, and connected it through electrodes to the top of his spinal column.

The brain-computer interface (BCI) records brain signals and decodes them using artificial intelligence to make sense of the patient’s intentions, acting as a “digital bridge” to send these instructions on to the spinal cord stimulator.

“It’s going well so far,” said Bloch, who co-founded Onward and is a consultant for the company. “We are able to record brain activity, and we know that the stimulation works,” she said.

“But it is too early to talk about what progress he has made. ”

Still in training

The patient is still in the training phase, teaching his brain implant to recognize the different desired movements.

The movements will then have to be practiced many times before they can become natural. The process will take a few months, according to Dr. Bloch.

Two more patients are scheduled to participate in this clinical trial, and the full results will be published later.

Spinal cord stimulation has already been used in the past to successfully move paralyzed patients’ arms, but without reading their thoughts by pairing it with a brain implant.

And brain implants have already been used so that a patient can control an exoskeleton. The Battelle research organization used a brain implant to restore movement in a patient’s arm — through a sleeve of electrodes placed on the forearm, stimulating the muscles required from above.

“Onward is unique in our focus on restoring movement in people who have paralysis by stimulating the spinal cord,” the company’s CEO Dave Marver told AFP, adding the technology could be commercialized by the end of the decade.

Brain implants were long trapped in the realm of science fiction, but the field is now rapidly growing thanks to firms like Synchron and Elon Musk’s Neuralink.

They are working on having paralyzed patients to control computers through thought, restoring for example the ability to write.

— AFP

Continue Reading

International

Meta putting AI in smart glasses, assistants and more

Mark Zuckerberg unveils AI integration in smart glasses, digital assistants at Meta’s Connect conference, aiming to revolutionize user experience.

Published

on

MENLO PARK, UNITED STATES — Meta chief Mark Zuckerberg on Wednesday said the tech giant is putting artificial intelligence into digital assistants and smart glasses as it seeks to gain lost ground in the AI race.

Zuckerberg made his announcements at the Connect developers conference at Meta’s headquarters in Silicon Valley, the company’s main annual product event.

“Advances in AI allow us to create different (applications) and personas that help us accomplish different things,” Zuckerberg said as he kicked off the gathering.

“And smart glasses are going to eventually allow us to bring all of this together into a stylish form factor that we can wear.”

Smart glasses are one of the many ways that tech companies have tried to move beyond the smartphone as a user-friendly device, but so far with little success.

The second-generation Meta Ray-Ban smart glasses made in a partnership with EssilorLuxottica will have a starting price of US$299 when they hit the market on 17 October.

The smart glasses also add the ability for users to stream what they are seeing in real time, Zuckerberg said.

“Smart glasses are the ideal form factor for you to let AI assistants see what you’re seeing and hear what you’re hearing.”

Meta also introduced 28 AI characters that people can message on WhatsApp, Messenger and Instagram with “personalities” based on celebrities including Snoop Dogg, Paris Hilton and YouTube star MrBeast.

Zuckerberg demonstrated an interaction with one such AI from the stage in a type-written chat, promising that the new bots would soon be voiced.

“This is our first effort at training a bunch of AI that are a bit more fun,” Zuckerberg said.

“But look, this is early stuff and these still have a lot of limitations, which you will see when you use them.”

The event was the first in-person edition of Connect since 2019, before the pandemic, and announcements on generative AI were widely expected.

Meta has taken a much more cautious approach than its rivals Microsoft, OpenAI and Google to push out AI products, prioritizing small steps and making its in-house models available to developers and researchers.

‘Best value’

Meta also unveiled the latest version of its Quest virtual reality headset with richer graphics, improved audio and the ability for a wearer to see what is around them without taking the gear off, a demonstration for AFP showed.

“This is going to be a big game changer and a big capacity improvement for these headsets,” Zuckerberg told developers gathered in a Meta headquarters courtyard.

Quest 3 headsets are priced starting at US$499 and will begin shipping on 10 October, according to Meta.

This is substantially cheaper than Apple’s Vision Pro, which will cost a hefty US$3,499 when it is available early next year, in the United States only.

The Quest 3 “is going to be the best value on the market for a long time to come,” said Meta Chief Technology Officer Andrew Bosworth, to laughter from the audience.

New game titles for Quest 3 included Assassin’s Creed Nexus from Ubisoft as well as a Roblox game.

“Meta is trying to bring a much-upgraded version of (mixed-reality) to the masses,” said Insider Intelligence principal analyst Yory Wurmser.

Meta chief product officer Chris Cox joked to journalists that his sister complains  that she often winds up punching furniture when using virtual reality, and that problem goes away when gear instead digitally augments the real world around a person.

“We think that mixed reality is a really big step from virtual reality, which is basically a fully occluded thing,” Cox said.

“That will help make this more useful for more people.”

— AFP

Continue Reading

Trending