Connect with us

Tech Features

Making Sense of Identity Threat Risks

Published

on

phishing

By David Warburton, Director, F5 Labs

The growing maturity of cloud computing, including shifts towards decentralized architectures and APIs, has highlighted the complexity of managing credentials in increasingly interconnected systems. It has also underlined the importance of managing non-human entities like servers, cloud workloads, third-party services, and mobile devices.

F5 Labs’ 2023 Identity Theft Report defines identity as an artifact that an entity uses to identify itself to a digital system – such as a workload, a computer, or an organization. Examples of digital identities include username/password pairs and other personally identifiable information or cryptographic artifacts such as digital certificates.

Digital identities cannot stand on their own. They require a system to accept and validate them. In other words, for a digital identity to function there must be at least two parties involved: an entity and an identity provider (IdP) that are responsible for issuing and vetting digital identities. However, not all organizations that provide resources are IdPs—many digital services rely on third-party IdPs such as Google, Facebook, Microsoft, or Apple to vet identities.

Based on our recent analysis, the three most prominent forms of attack in the identity threat arena currently are credential stuffing, phishing, and multi-factor authentication (MFA) bypass.

Credential stuffing

Credential stuffing is an attack on digital identity in which attackers use stolen username/password combinations from one identity provider to attempt to authenticate to other identity providers for malicious purposes, such as fraud.

It is a numbers game that hinges on the fact that people reuse passwords,
but the likelihood that any single publicly compromised password will work on another single web property is still small. Making credential stuffing profitable is all about maximizing the number of attempts, which requires automation.

Phishing

Phishing is perhaps rivaled only by denial of service (DoS) attacks in being fundamentally different from other kinds of attacks. It is an attack on digital identity, to be sure, but since it usually relies on a social engineering foothold, it is even more difficult to detect or prevent than credential stuffing.

Phishing attacks have two targets: there is the end user who is in possession of a digital identity, and there is the IdP, which the attacker will abuse once they’ve gotten credentials. Depending on the motives of the attacker and the nature of the system and the data it stores, the impact of a successful phishing trip can land primarily on the user (as in the case of bank fraud), solely on the organization (as in the case of compromised employee credentials), or somewhere in the middle.

On the attacker side, phishing can range from simple, hands-off solutions for unskilled actors to custom-built frameworks including infrastructure, hosting, and code. The most hands-off setup is the Phishing-as-a-service (PhaaS) approach in which the threat actor pays to gain access to a management panel containing the stolen credentials they want, and the rest is taken care of by the “vendor.”

Dark web research indicates that the most popular subtype of phishing service is best described as phishing infrastructure development, in which aspiring attackers buy phishing platforms, infrastructure, detection evasion tools, and viable target lists, but run them on their own.

Brokering phishing traffic, or pharming, is the practice of developing infrastructure and lures for the purposes of driving phishing traffic, and then selling that traffic to other threat actors who can capitalize on the reuse of credentials and collect credentials for other purposes.

Finally, the attacker community has a niche for those who exclusively rent out hosting services for phishing.

The most important tactical development in phishing is undoubtedly the rise of reverse proxy/ man-in-the-middle phishing tools (sometimes known as real-time phishing proxies or RTPPs), the best known of which are Evilginx and Modlishka.  This is largely because it grants attackers the ability to capture most multi-factor authentication codes and replay them immediately to the target site facilitating MFA bypass but also making it less likely that the user victim will detect anything is amiss.

Multi-factor authentication (MFA) bypass

Recent years have seen attackers adopt a handful of different approaches to bypassing multi-factor authentication. The differences between these approaches are largely driven by what attackers are trying to accomplish and who they are attacking.

Nowadays, the reverse proxy approach has become the new standard for phishing technology, largely because of its ability to defeat most types of MFA.

MFA bypass tactics include:

  • Malware. In mid-2022, F5 malware researchers published an analysis of a new strain of Android malware named MaliBot. While it primarily targeted online banking customers in Spain and Italy when it was first discovered, it had a wide range of capabilities, including the ability to create overlays for web pages to harvest credentials, collect codes from Google’s Authenticator app, capture other MFA codes including SMS single-use codes, and steal cookies.
  • Social engineering. There are several variations of social engineering for bypassing MFA. Some target the owner of the identity, and some target telecommunications companies to take control of phone accounts.
  • Social Engineering for MFA Code—Automated. These are attacks in which attackers make use of “robocallers” to make phone calls to the target, emulating an identity provider and asking the victim for an MFA code or one-time password (OTP).
  • Social engineering for MFA code—Human. This is the same as the above approach except that the phone calls come from humans and not an automated system.
  • SIM swaps. In this kind of attack, a threat actor obtains a SIM card for a mobile account that they want to compromise, allowing them to assume control of the victim’s phone number, allowing them to collect OTPs sent over SMS. There are several variations of this approach.

So, what does it all mean?

Identity threats are constant and continuous. Whereas a vulnerability represents unexpected and undesirable functionality, attacks on identity represent systems working exactly as designed. They are therefore “unpatchable” not only because we can’t shut users out, but because there isn’t anything technically broken.

This brings us back to the question of what digital identity really is. To go from real, human identity to digital identity, some abstraction is inevitable (by which we mean that none of us is reducible to our username-password pairs). We often teach about this abstraction in security by breaking it down to “something we know, something we have, and something we are.” It is this abstraction between the entity and the digital identity that attackers are exploiting, and this is the fundamental basis of identity risk.

By thinking about digital identities in this way, what we are really saying is that they are
a strategic threat on par with, but fundamentally different from, vulnerability management. With nothing to patch, each malicious request needs to be dealt with individually, as it were. If modern vulnerability management is all about prioritization, modern identity risk management is essentially all about the ability to detect bots and differentiate them from real human users. The next logical step is quantifying the error rate of detecting these attacker-controlled bots. This is the basis on which we can begin to manage the risk of
the “unpatchables.”

Tech Features

Digitalizing Fuel Efficiency over Engine Efficiency: Integrating Technology to Measure Consumption

Published

on

fuel efficiency

By: Rob Mortimer, Director, Fuelre4m

Modern ships are already starting to bristle with technology to measure vessel efficiency, yet one thing stands out over all the results, tech and noise. The importance of the efficiency of fuel isn’t quite understood or calculated. You’ll hear reference back to SFOC (Specific Fuel Oil Consumption) at any time fuel consumption is measured, yet while the principal is right, the measuring and calculating is far from ideal.

Heavy Fuel Oil has an energy density of between 39MJ/kg and 42MJ/kg when burnt. That’s a wide range and depends very much on the source and quality of the fuel. How is it stored, transferred, settled, heated and purified to remove pollutants, particulate, water and reduce the ‘drop’ size to help with better atomisation when introduced into the engine. Large drops of fuel don’t fully combust in the engine. They undergo secondary combustion and turn into heat energy and emissions. Our goal, and what should be the goal of the whole shipping industry, irrelevant of fuel, vessel size and function, should be to be able to account for every drop of fuel consumed.

The Fuel System Lockdown:

MFM Bunker to Bunker

The first challenge is to know and agree what is being bunkered onto the vessel in the first place. To know the mass of the bunker, we must be using a correctly ranged Mass Flow Meter.

MFM Bunker to Settling Tank

When using Fuelre4m’s Re4mx Fueloil re4mulator, we need to dose the correct amount of product for the weight of fuel that is being treated either in the bunker or in the settling tank.

MFM Settling to Purification

 Having a mass flow meter after the settling and before purification isn’t wholly necessary, but can be beneficial in understanding the temperature and density of transferred fuel, as well as understanding what the percentage of water and waste material has been lost to this point.

MFM Before Mixing Column, Pre Main Engine – Fuel In

This is the last reference check point of the fuel before it is injected into the engine. What will be reported as accurately as possible from this point will be how much fuel by weight is now passing through for combustion.

MFM Post Main Engine – Fuel Out

To understand the fuel consumption of the main engine, it’s important to be able to measure as close to the Fuel In and Fuel Out points as possible. Fuel consumption of the Main Engine should be as simple as MFM IN minus MFM OUT.

Torque / Shaft Power Meter

So, we’ve locked down the mass of the fuel flowing into the engine, now how do we measure the power produced?  Despite how it sounds, a torque meter does not measure torque. It simply measures time and distance. As forces against the propellor change, the amount of power needed to maintain the same turning speed will also change, and the propellor shaft with ‘twist’ with torque.

Why is the ranging important? Because the maximum power rating of the engine changes depending on the quality of the fuel and the energy it can release.

If your fuel produces 1kWh for 160g, 1000kg of fuel will produce 6,250kWh of power. If your fuel produces 1kWh for 180g, 1000kg of fuel will produce only 5,550kWh of power. If the maximum Fuel In capacity of the engine, from where the power rating is calculated, is 1000kg, your maximum power rating of that engine, and with it, the SFOC, has now changed.

Power Cards / Power Curves

The taking of indicator cards, allows the ship’s engineer to receive more information about the combustion process (via the draw or out of phase card), measure the cylinder power output of the engine (via the power cards), and check the cleanliness of the scavenging process (via the light spring diagram).

For the purposes of measuring the efficiency of the fuel, the power cards can be used to calculate the energy release of the fuel. This can then be used to build an algorithm to ‘range’ or adjust the power readings from the torque meter to the quality of the fuel.

MFM Auxiliary Engines – Fuel In

The auxiliary engines, strangely, are probably the easiest to prove fuel efficiency and the efficiency of the fuel on. Why? Because they’re generating electrical power that can easily be measured.

MFM Auxiliary Engines – Fuel In

A common fuel flow in and fuel flow out MFM will suffice if all of the auxiliary engines are sharing a common fuel flow system.

Auxiliary Engines – Constant Power Meter

Being able to monitor the amount of power produced at a given moment is not enough. Electrical loads can vary, and at the time once an hour that the kW reading is taken, or the kWh counter is recorded, the load just two seconds later could change. The fuel consumption for 100kWh over 3 minutes is vastly different than 100kWh over 1 hour.

Boilers & Cargo Offload Systems

Some vessels use boilers to generate steam power, running off the same fuel as the main engines. It is important to lock down all fuel consumers to understand where the fuel is being consumed.

MFM Boiler – Fuel In

Often fed straight from the settling tank without needing to go through further purification, the boiler directly combusts the fuel to generate steam from water.

To be able to calculate the boiler and fuel efficiency, we now need to firstly look at how much fuel in mass is being consumed.

Volumetric or MFM – Water In

Fresh water has a very well-known density of 1g per ml, but this is also affected by temperature. The use of a temperature compensated mass flow meter will improve accuracy of water used to produce the required steam.  

Recordable Pressure Gauge

The last variable? How much water and fuel is being used to produce the same amount of steam pressure.  

Continue Reading

Tech Features

Investing Megatrends – The transformative impact of AI

Published

on

AI impact on investment

By: Jakob Westh Christensen, Market Analyst at eToro

The one investment megatrend to watch out for is the rollout of AI. There is no doubt that this single megatrend has the potential to reshape companies and economies – and your investments.

As AI automates tasks that workers perform today manually, we will see a significant uptick in productivity in companies and economies. Seeing the megatrend is clear, but positioning your investment is the hard part. We are still in the early stages of this revolution, and I don’t expect we will see a measurable productivity impact on companies’ and economies’ output until 2 to 3 years.

While the earnings growth (and stock price gains) so far are coming from the chip designers and manufacturers, it’s vital for the successful investor to identify the sectors and companies that eventually will benefit from a productivity boost and consequently stronger earnings.

This is likely to be found in companies where they can achieve a high degree of automation, and at the same time have a strong competitive advantage. This ensures that cost cutting results in margin expansion, and not just passing on cost cutting to end users.

For example, the taxi industry could achieve an exceptionally high level of productivity per employee with the introduction of self-driving cars. While initially, the industry could see a margin expansion with a lower employee cost base, this competitive industry could soon see price competition lowering margin to ‘normalised levels’, benefiting the consumer and, to a lesser extent, the investors.

On the other hand, insurance companies could see significant cost reductions in the underwriting process, which can be highly automated. At the same time, customer habits and customer inertia can result in less price competition, benefitting the company and its investors.

Continue Reading

Features

Paving the Way for AI Success in Business

Published

on

AI in business

By Karim Azar, Regional Vice President – Middle East & Turkey, Cloudera

The digital landscape is evolving at an unprecedented pace, and at the heart of this evolution lies the transformative potential of artificial intelligence (AI). Across industries, AI is not merely a buzzword but a revolutionary force driving innovation, efficiency, and growth. Its impact extends beyond automation, touching every side of business operations and decision-making. It can revolutionize multiple sectors and fundamentally reshape the corporate industry.

Nonetheless, challenges arise with technological evolution, particularly in accessing and overseeing varied datasets across diverse environments. These challenges frequently act as obstacles to achieving successful AI implementation. In response to these challenges, the technology landscape is witnessing significant advancements in open data lakehouse technologies, providing a robust foundation for AI and analytics. Let’s delve into key technological developments and their advantages, focusing on the broader implications rather than specific products.

Unlocking Business Potential

AI has the potential to unleash new opportunities for businesses. McKinsey’s findings reveal that more than 62% of companies in the Gulf Cooperation Council (GCC) region currently utilize Generative AI in some operational aspect. The research underscores the substantial potential of AI to create tangible value in the GCC, with an estimated value of up to $150 billion.

This adoption trend is not without merit; statistics show that 83% of businesses adopting AI report substantial (30%) or moderate (53%) benefits. AI can address various challenges by providing predictive analytics and personalized customer experiences, enabling organizations to make faster and more accurate data-driven decisions.

Despite the obstacles in adopting AI, such as data management complexities and security concerns, offering air-gapped deployment for large language models (LLMs) is still a viable option. This feature boosts security, data privacy, and performance while also lowering customer operational expenses. However, overcoming these challenges requires more than just technological solutions. It demands a comprehensive approach that includes robust data governance frameworks, continuous employee training programs, and collaboration with regulatory bodies to ensure compliance with data protection laws.

AI Across Industries

AI is not a one-size-fits-all solution. It is applied differently across industries and business functions, including healthcare, finance, manufacturing, and retail. The potential uses of AI are vast, from boosting supply chain efficiency to transforming healthcare outcomes and customer service.

For example, in the healthcare industry, AI-powered predictive analytics can help doctors identify patients at high risk of developing certain diseases, allowing for early intervention and personalized treatment plans. AI algorithms can analyze market trends and financial customer behavior to recommend customized investment strategies. In manufacturing, AI-driven predictive maintenance can proactively anticipate equipment failures and schedule maintenance activities, minimizing downtime and reducing costs.

As businesses increasingly adopt AI, they invest in their organization’s future. By promoting innovation and agility, companies can leverage AI to maintain competitiveness in a digital era. Prioritizing data privacy and security helps build trust with customers and stakeholders, ensuring AI technologies’ responsible and ethical use.

AI is a significant transformation in how businesses function and innovate. Embracing AI opens up vast opportunities for organizations to reshape their operations, stimulate growth, and influence the future of business. While the journey may present challenges, the potential benefits are boundless for those willing to embrace the power of AI.

Continue Reading

Trending

Please enable JavaScript in your browser to complete this form.

Copyright © 2023 | The Integrator