Info-tech

Beware! Unwanted apps could turn brokers for malware peddlers

Our Bureau Hyderabad | Updated on November 07, 2019 Published on November 07, 2019

Research showed how machine learning detection models could be tricked and applied to offensive activity to generate highly convincing fake content for social engineering

 

Sophos, a cybersecurity solutions company, has said that unwanted apps are acting as brokers and will become a threat next year. These apps are helping in spreading and execution of malware.

The firm has come out with 2020 Threat Report, giving contours of threats in the coming year.

“Ransomware attackers continue to raise the stakes with automated active attacks that turn organisations’ trusted management tools against them. They evade security controls and disable backups to cause a maximum impact in the shortest possible time,” the report said.

Many ransomware-deploying attackers seem to have developed a keen understanding of how network and endpoint security products detect or block malicious activity. “Ensure any management accounts or tools use multi-factor authentication to prevent criminals from using them against your organisation,” the SophosLabs 2020 Threat Report said.

“The threat landscape continues to evolve – and the speed and extent of that evolution is both accelerating and unpredictable,” it said.

The report focuses on unwanted apps, ransomware attacks, machine learning tools designed to fight malware, becoming targets of attacks.

“The greatest vulnerability of cloud computing is misconfiguration by operators. As cloud systems become more complex and more flexible, operator error is a growing risk. Combined with a general lack of visibility, this makes cloud computing environments a ready-made target for cyber attackers,” John Shier, senior security advisor, Sophos, said.

Machine learning under attack

The report sees an interesting trend wherein machine learning tools that are designed to defeat malware are coming under attacks.

“Research showed how machine learning detection models could possibly be tricked, and how machine learning could be applied to offensive activity to generate highly convincing fake content for social engineering,” he said.

This advanced game of cat and mouse is expected to become more prevalent in the future.

The other important trends would include cyber-criminal reconnaissance hidden in internet scanning applications and advancement of automated active attacks.

Published on November 07, 2019
  1. Comments will be moderated by The Hindu Business Line editorial team.
  2. Comments that are abusive, personal, incendiary or irrelevant cannot be published.
  3. Please write complete sentences. Do not type comments in all capital letters, or in all lower case letters, or using abbreviated text. (example: u cannot substitute for you, d is not 'the', n is not 'and').
  4. We may remove hyperlinks within comments.
  5. Please use a genuine email ID and provide your name, to avoid rejection.