Ransomware and Threat Intelligence in Las Vegas
This week will start off somewhat biased as it’s a report I wrote based on a survey we conducted at Black Hat 2017.
Some of the key findings from the report were:
- Ransomware is the biggest concern among security professionals (42%)
- Sharing of threat intelligence continues to grow among the different channels 56% of respondents use open source/public threat intelligence feeds
- For 50% of respondents, the shortage of security workforce is the biggest challenge that has increased over the last year
- 64% of participants state that they are either “confident” or “very confident” in their organizations ability to detect and respond quickly to a data breach
Google wanting to index the real world
Google is looking to improve its already impressive maps with newer cameras and algorithms they used to index the web, in the real world.
Google’s huge investment in machine learning and AI provides a natural way to get that information. Thanks to recent research inside the maps division, when a Street View car captures photos of a stretch of road, algorithms can now automatically create new addresses in the company’s maps database by locating and transcribing any street names and numbers. Street View was the first of Google's product groups to use the company's powerful custom AI chips, dubbed TPUs.
GOOGLE'S NEW STREET VIEW CAMERAS WILL HELP ALGORITHMS INDEX THE REAL WORLD (Wired)
Demand for cloud skills continues to rise
According to research by Akamai, the number of cloud engineering roles has increased by 18% over the past year, while roles for senior cloud engineers have risen by 34%.
In particular, the skills needed for successful cloud migration, and more nuanced skills across a range of areas, including cloud management, cyber security and application development, have all seen a rise in demand.
One would hope this vital skill gap gets plugged soon, as the number of breaches in the cloud as a result of misconfigured servers continues to grow.
- Demand for cloud skills (Information Age)
- Leaky S3 bucket sloshes deets of thousands with US security clearance (the Register)
In somewhat related news, according to a study by 451 Research, almost two-third of organizations surveyed say recruiting for jobs in data center and server management is becoming increasingly difficult because of the skills needed, both in traditional servers and converged infrastructure.
Phishing scams
Phishing scams aren’t really new, nor are they very noteworthy in the big scheme of things. But after major events or times of turmoil, there is usually a new wave.
Students in the UK found this out as student loan phishing scams spread throughout the country.
Perhaps a more evil example to bear in mind is the wave of phishing scams that often accompany natural disasters like hurricane Harvey. The US-CERT issued a warning and unfortunately is worth repeating.
OpSec Fail
Wrapping up on a slightly more light-hearted tale that involves OPSEC failure. An important part of OPSEC is compartmentation to limit the damage of any one penetration or compromise. (Source: the Grugq)
In other words, keep assets, data, and even your identity separate. So that if one aspect is compromised it doesn’t impact the other.
Unfortunately for one enterprising IoT botnet malware author he used the same Skype ID to advertise his IoT botnet, as well as for applying for jobs on freelancing portals.
Malware author uses same Skype ID to run IoT botnet and apply for jobs (Bleeping Computer)
