The new security-focused data lake solution from Amazon Web Services (AWS), unveiled at re:Invent 2022, aims to give consumers more value from their security data.
The Amazon Security Lake service aims to consolidate an organization's security data from various on-premises and cloud-based sources into a single location to pinpoint security threats precisely.
With the help of Amazon Security Lake, based on Amazon S3, security teams will find it simple to automatically gather, aggregate, and analyze security data at petabyte size.
In his keynote address, AWS CEO Adam Selipsky stated that security data is spread across various applications, firewalls, and identity providers.
By combining a variety of AWS's existing data analytics and management services, the new platform may significantly enhance AWS's security capabilities.
The platform integrates with CloudTrail, Lambda, and GuardDuty to allow customers to import their data. The data can be analyzed further with tools such as Amazon Athena or SageMaker.
Security Lake is fully compliant with the Open Cybersecurity Schema Framework (OCSF), meaning it can combine data from the world's top technology companies and connect with up to 50 partner analytics systems.
Jon Ramsey, vice president of Security Services at AWS, emphasized the importance of customers being able to detect security risks to quickly and effectively protect data and networks. However, their data is often scattered and stored in various formats, making it difficult to analyze.
With Amazon Security Lake, customers can create a security data lake. Then, in just a few clicks, gather data from various sources and normalize it to OCSF standards, enabling customers to quickly take action with their preferred security tool.
Amazon Security Lake is in the preview phase in the AWS Regions of North Virginia, Ohio, Oregon, Sydney, Tokyo, Frankfurt, and Dublin. More AWS regions will be added soon.
While artificial intelligence (AI) is seen as a new phenomenon in mainstream society, it is not a new concept. As AI technologies increase, AI is becoming increasingly important for companies looking to stay competitive.
What is AI
Artificial intelligence is a broad term for any computer software that engages in human-like activities. This includes learning, planning, and problem-solving.
Many different types of artificial intelligence (AI) are used in business today. One of the main types is machine learning, which is primarily used to process large amounts of data quickly. These types of AIs are algorithms that appear to learn as they are given more data.
Machine learning algorithms can analyze data that would otherwise be too complex for humans. Additionally, the algorithms can rapidly analyze data as it is entered and identify patterns and anomalies as they appear.
Businesses can use machine learning to determine when equipment is working at a reduced capacity and inform decision-makers when preventative maintenance is required. Nevertheless, machine learning is still a relatively broad category.
Deep learning evolved as a result of the development of artificial neural networks. In deep learning, neural networks can perform nonlinear reasoning, a more advanced form of machine learning. Therefore, a deep learning model is essential for detecting fraud and conducting a more comprehensive analysis.
The deep learning approach allows simultaneous analysis of a wide array of factors. Deep learning models continue to improve their performance as more data is received. For example, self-driving vehicles must simultaneously identify, analyze, and respond to numerous factors. As a result, deep learning models become more detailed and scalable as more data is received.
AI and business
Artificial intelligence is not considered a replacement for human intelligence and ingenuity. However, it can process and analyze data much faster than humans. As a result, AI can assist with anticipating possible outcomes and decision-making by providing alternative courses of action.
AI is commonly used in cybersecurity, customer relationship management, content generation, and personal assistants.
It is unlikely that human jobs will disappear as artificial intelligence becomes more integrated into the workforce. Instead, it is predicted that the need for specific skills will shift as technology advances, leading to a growing demand for more refined technical skills.
Overall, AI is playing an increasingly important role in businesses today. As the technology continues to develop, it will be interesting to see how else AI will transform various industries.
The FBI warns about scammers pretending to be refund payment gateways from financial institutions to steal sensitive information from unsuspecting victims.
The federal law enforcement agency stated that scammers deceive victims into granting them access to their computers via email or phone calls by posing as representatives of technical or computer repair companies.
According to the FBI, scammers typically start by specifying the service to be renewed and include a fee, usually between $300 and $500 USD, causing a sense of urgency for the victims to supply information for a refund.
"In this case, the scammers pretend to help the victim secure a refund by gaining remote access to the victim's computer."
Although tech support scams are nothing new, the FBI said that recently, con artists started employing scripts created to mimic the appearance and feel of refund payment gateways in command prompt windows.
It has been discovered that some of the scripts imitate Chase Bank, JPMorgan Chase's division for consumer and commercial banking. In addition, other batch files used in this tech support campaign have also been uncovered. These batch files allow dynamic customization by changing the output's bank name using Windows environment variables.
However, these scripts aim to gather the targets' personal and financial data (such as full name, bank name, ZIP code, and refund amount) to facilitate unlawful wire transfers of money from the victims' bank accounts.
According to the FBI, "the malware will often launch a command prompt styled to seem like a service interface."
The script also has many pauses that encourage user interaction as they "wait" for a refund or other action to happen, as well as commands to send data to a text file.
Individuals who have been victims of this tech support fraud should report it as soon as possible by submitting a report to the Internet Crime Complaint Center.
The FBI also cautioned potential victims against granting remote access to their computers to unauthorized parties and against sending wire transfers in response to the advice they received from internet or telephone contacts.
Earlier this year, Twitter confirmed that an API vulnerability had caused a massive data leak containing non-public information for over 5.4 million Twitter users.
Twitter denied claims that hackers had leaked the private information priorly. However, Pompompurin, the owner of the hacking forum Breached, stated they were responsible for exploiting the API bug and platforming the data after another hacker shared the vulnerability with them.
The stolen data includes public information like Twitter IDs, account names, logins, locations, and verified status. In addition, private information like phone numbers and email addresses have also been exposed. Fraudulent activities such as phishing could be carried out using this information.
In addition to the breach of the 5.4 million active accounts, private information for roughly 1.4 million suspended Twitter profiles were also shared using the same API bug. While the extent of the data breach is not fully known, security expert Chad Loder stated that information for "tens of millions" of Twitter users might have been collected using the same API bug.
To keep yourself safe, disregard emails claiming to be from Twitter that state your account is suspended. In addition, be skeptical of emails about issues logging in or the account is about to lose its verified status. These emails are probably attempting to phish for your private information to use in fraudulent activities.
Threat actors may now launch their own sophisticated assaults thanks to the emergence of Phishing as a Service (PhaaS) platforms like "Caffeine." Through an open registration procedure, anyone who wishes to launch their phishing campaign can sign up on these platforms.
Security experts at Mandiant discovered the first sighting of these threats while investigating a large-scale phishing campaign. The purpose of this campaign was to steal Microsoft 365 credentials.
The company noticed that the threat now known as Caffeine was a problematic PhaaS platform with a low entry barrier and a feature-rich nature.
Although phishing assaults are made possible by an underground economy, Caffeine was the first to stand apart from other phishing-as-a-service platforms.
This generation of PhaaS platforms quickly gained popularity because they offer built-in features for cybercriminals rather than paying service providers who do the work.
The Caffeine-like platforms lower the entry barrier for cybercriminals compared to other PhaaS platforms by allowing anyone with an email address to register for its services. Other platforms require an endorsement or referral from existing subscribers or to work directly through underground forums to access their services.
When Caffeine was first discovered, the investigation revealed that the platform has an entirely subscription-based license structure, with several service tiers and the ability to sign up for a Core Caffeine account.
The administrators of Caffeine announced many significant changes to the platform, including the addition of new features and support. But, aside from that, "attackers have a variety of alternatives at their disposal for phishing email designs, including webmail phishing lures targeting subscribers of major Russian and Chinese services."
Threat actors are always looking to improve their methods regarding phishing attacks, especially in response to improvements in automated detection techniques by email and security protection platforms.
When Caffeine was discovered, Mandiant researchers advised companies to implement necessary security methods to protect themselves from this type of attack.
The Caffeine phishing platform makes it easy for inexperienced cybercriminals to launch sophisticated attacks. Companies should implement necessary security measures to protect themselves from this type of threat.