Phishing at the confluence of digital identity and Wi-Fi access

VERNON SHURE | January 10, 2019 | 83 views

When we think of phishing, most of us imagine a conventional phishing attack that begins with a legitimate-looking email. It might appear to come from an e-commerce site with which you happen to do business. “We’ve lost your credit card number. Please follow the link to re-enter it,” the email says. But the link leads to a malicious site where you enter your credit card number, press submit, and you have just been phished by hoody-clad hackers.

Spotlight

Techwave

Techwave is a leading global IT services company headquartered in Exton PA, USA. We are an end-to-end service provider helping business and industries optimize their performance with our wide array of services including, but not limited to, Digital, Big Data Analytics, EPM, Infrastructure Management, Engineering Services, and Application Development. Our 1000+ skilled associates combine their domain expertise and latest technology platforms to build custom-fit solutions, individualized to match specific needs of the industry. Our agile and collaborative approach makes us the right-sized partner in the industry.

OTHER ARTICLES
AI TECH

AI's Impact on Improving Customer Experience

Article | July 20, 2022

To enhance the consumer experience, businesses all over the world are experimenting with artificial intelligenace (AI), machine learning, and advanced analytics. Artificial intelligence (AI) is becoming increasingly popular among marketers and salespeople, and it has become a vital tool for businesses that want to offer their customers a hyper-personalized, outstanding experience. Customer relationship management (CRM) and customer data platform (CDP) software that has been upgraded with AI has made AI accessible to businesses without the exorbitant expenses previously associated with the technology. When AI and machine learning are used in conjunction for collecting and analyzing social, historical, and behavioral data, brands may develop a much more thorough understanding of their customers. In addition, AI can predict client behavior because it continuously learns from the data it analyzes, in contrast to traditional data analytics tools. As a result, businesses may deliver highly pertinent content, boost sales, and enhance the customer experience. Predictive Behavior Analysis and Real-time Decision Making Real-time decisioning is the capacity to act quickly and based on the most up-to-date information available, such as information from a customer's most recent encounter with a company. For instance, Precognitive's Decision-AI uses a combination of AI and machine learning to assess any event in real-time with a response time of less than 200 milliseconds. Precognitive's fraud prevention product includes Decision-AI, which can be implemented using an API on a website. Marketing to customers can be done more successfully by using real-time decisioning. For example, brands may display highly tailored, pertinent content and offer to clients by utilizing AI and real-time decisioning to discover and comprehend a customer's purpose from the data they produce in real-time. By providing deeper insights into what has already happened and what can be done to facilitate a sale through suggestions for related products and accessories, AI and predictive analytics are able to go further than historical data alone. This increases the relevance of the customer experience, increases the likelihood that a sale will be made, and increases the emotional connection that the customer has with a brand.

Read More
SOFTWARE

The Evolution of Quantum Computing and What its Future Beholds

Article | August 8, 2022

The mechanism of quantum computers will be entirely different from anything we humans have ever created or constructed in the past. Quantum computers, like classical computers, are designed to address problems in the real world. They process data in a unique way, though, which makes them a much more effective machine than any computer in use today. Superposition and entanglement, two fundamental ideas in quantum mechanics, could be used to explain what makes quantum computers unique. The goal of quantum computing research is to find a technique to accelerate the execution of lengthy chains of computer instructions. This method of execution would take advantage of a quantum physics event that is frequently observed but does not appear to make much sense when written out. When this fundamental objective of quantum computing is accomplished, and all theorists are confident works in practice, computing will undoubtedly undergo a revolution. Quantum computing promises that it will enable us to address specific issues that current classical computers cannot resolve in a timely manner. While not a cure-all for all computer issues, quantum computing is adequate for most "needle in a haystack" search and optimization issues. Quantum Computing and Its Deployment Only the big hyperscalers and a few hardware vendors offer quantum computer emulators and limited-sized quantum computers as a cloud service. Quantum computers are used for compute-intensive, non-latency-sensitive issues. Quantum computer architectures can't handle massive data sizes yet. In many circumstances, a hybrid quantum-classical computer is used. Quantum computers don't use much electricity to compute but need cryogenic refrigerators to sustain superconducting temperatures. Networking and Quantum Software Stacks Many quantum computing software stacks virtualize the hardware and build a virtual layer of logical qubits. Software stacks provide compilers that transform high-level programming structures into low-level assembly commands that operate on logical qubits. In addition, software stack suppliers are designing domain-specific application-level templates for quantum computing. The software layer hides complexity without affecting quantum computing hardware performance or mobility.

Read More
AI TECH

Language Models: Emerging Types and Why They Matter

Article | July 20, 2022

Language model systems, often known as text understanding and generation systems, are the newest trend in business. However, not every language model is made equal. A few are starting to take center stage, including massive general-purpose models like OpenAI's GPT-3 and models tailored for specific jobs. There is a third type of model at the edge that is intended to run on Internet of Things devices and workstations but is typically very compressed in size and has few functionalities. Large Language Models Large language models, which can reach tens of petabytes in size, are trained on vast volumes of text data. As a result, they rank among the models with the highest number of parameters, where a "parameter" is a value the model can alter on its own as it gains knowledge. The model's parameters, which are made of components learned from prior training data, fundamentally describe the model's aptitude for solving a particular task, like producing text. Fine-tuned Language Models Compared to their massive language model siblings, fine-tuned models are typically smaller. Examples include OpenAI's Codex, a version of GPT-3 that is specifically tailored for programming jobs. Codex is both smaller than OpenAI and more effective at creating and completing strings of computer code, although it still has billions of parameters. The performance of a model, like its capacity to generate protein sequences or respond to queries, can be improved through fine-tuning. Edge Language Models Edge models, which are intentionally small in size, occasionally take the shape of finely tuned models. To work within certain hardware limits, they are occasionally trained from scratch on modest data sets. In any event, edge models provide several advantages that massive language models simply cannot match, notwithstanding their limitations in some areas. The main factor is cost. There are no cloud usage fees with an edge approach that operates locally and offline. As significant, fine-tuned, and edge language models grow in response to new research, they are likely to encounter hurdles on their way to wider use. For example, compared to training a model from the start, fine-tuning requires less data, but fine-tuning still requires a dataset.

Read More
SOFTWARE

Low-code and No-code: A Business' New Best Friend

Article | July 5, 2022

Businesses are starting to integrate artificial intelligence (AI) into their workflow in greater numbers as a result of the growth of digital transformation and developments in machine learning (ML). As a result, platforms that need no coding, as well as their low-code counterparts, are becoming more popular. This development is a step toward computer science's long-term objective of automating manual coding. Low-code/no-code AI platforms will be beneficial to businesses in more data-driven industries like marketing, sales, and finance. AI can assist in a variety of ways, including automating invoicing, evaluating reports, making intelligent suggestions, and anticipating churn rates. How Does an Organization Look at Low-code/No-code as the Future? Developers and other tech-related positions are in high demand, particularly in the fields of AI and data science. Organizations have the chance to close the gap with the aid of citizen data scientists who don't require an AI professional to design unique AI solutions for many scenarios, thanks to low-code and no-code AI technologies. The demand for technological solutions and AI technologies is rising significantly as the technological landscape rapidly changes. AI systems, for example, require complex software that uses a lot of code, a variety of frameworks, and the Internet of Things (IoT). One person's capacity to comprehend every technical detail is strained by the array of complicated technology. Software delivery must be timely, effective, and secure while maintaining high standards. Conclusion Low-code AI solutions offer the speed, ease of use, and adaptability of ready-made software solutions while also drastically reducing the time to market for AI solutions and the cost of recruiting software and computer vision engineers. Organizations are free to construct the architecture, functionality, or pipeline that best suits their project, the sky being the limit. However, creating such unique models may be both costly and time-consuming. Therefore, employing low-code/no-code platforms would apply to particular pipeline actions that would streamline and accelerate the processes.

Read More

Spotlight

Techwave

Techwave is a leading global IT services company headquartered in Exton PA, USA. We are an end-to-end service provider helping business and industries optimize their performance with our wide array of services including, but not limited to, Digital, Big Data Analytics, EPM, Infrastructure Management, Engineering Services, and Application Development. Our 1000+ skilled associates combine their domain expertise and latest technology platforms to build custom-fit solutions, individualized to match specific needs of the industry. Our agile and collaborative approach makes us the right-sized partner in the industry.

Related News

Phishing, Humans Root of Most Healthcare Attacks

Infosecurity Magazine | February 12, 2019

Across healthcare organizations in the US, malicious actors are successfully leveraging phishing attacks to initially gain access to networks, according to findings from the 2019 HIMSS Cybersecurity Survey published by the Healthcare Information and Management Systems Society (HIMSS). The study, which surveyed 166 qualified information security leaders from November to December 2018, found that there are particular patterns of cybersecurity threats and experiences distinctive to healthcare organizations. “Significant security incidents are a near universal experience in US healthcare organizations with many of the incidents initiated by bad actors, leveraging email as a means to compromise the integrity of their targets,” the survey said. Nearly half (48%) of all respondents identified two different categories of major threat actors, which included online scam artists (28%) and negligent insiders (20%). The hospitals that participated in the survey said that when looking at the security incidents that occurred in the last 12 months, the initial point of compromise for 69% of the attacks was the result of phishing emails. Not all healthcare organizations are hospitals, though. Among all the survey participant, 59% said that the most commonly cited point of compromise was email and 25% were human error. “There are certain responses that are not necessarily 'bad' cybersecurity practices, but may be an 'early warning signal' about potential complacency seeping into the organization’s information security practices,” the report said.

Read More

Netcraft Launches Anti-Phishing Mobile App

SecurityWeek | January 28, 2019

UK-based cybersecurity services provider Netcraft on Monday announced the launch of a new mobile application designed to protect users against phishing and other threats. Netcraft has pointed out that the mobile versions of popular web browsers don’t provide the same level of protection against phishing attacks as the desktop versions. According to the company, a study it carried out last year showed that browsers running on Android and iOS devices blocked a “tiny fraction” of the malicious sites blocked by their desktop versions. The app it has developed, named Netcraft Phishing and Malware Protection, is designed to prevent users from accessing malicious websites based on data from the company’s anti-phishing feed. Launched in 2005, Netcraft’s anti-phishing system is powered by a database of more than 56 million unique phishing websites. The database, which is constantly growing based on reports from its users, is utilized by all major web browsers and licensed by many companies specializing in security, content filtering, and web hosting. The new mobile app works with several browsers, including Chrome, Firefox, Opera, Edge, UC, and the Samsung browser. Additionally, it protects users against threats in the Facebook, Instagram, Messenger, Twitter, Snapchat, Slack, Reddit and other apps. The application is designed to block phishing and malware sites when users browse the web, and alerts the user when a phishing URL is detected in an SMS message. Users are provided information on the number of blocked threats.

Read More

Amazon Order Confirmation Phishing Scam

Infosecurity Magazine | December 24, 2018

All those who have relied upon the e-commerce giant Amazon to order their holiday gifts should heed caution when receiving order confirmation emails, as EdgeWave reportedly discovered a new and highly sophisticated malspam campaign sending fake Amazon order confirmation messages. The messages are reportedly quite convincing, and include subject lines that read "Your Amazon.com order," "Amazon order details" and "Your order 162-2672000-0034071 has shipped." According to BleepingComputer, “When you open these emails, you will be shown an order confirmation that states your item has shipped, but without any details regarding what was ordered or tracking information. It then tells the recipient to click on the Order Details button in order to see more information.” Unsuspecting users who click on the link thinking they are downloading a Word document named order_details.doc are then instructed to “Enable Content” so that the order may be properly viewed. However, these unwitting users are actually enabling content that triggers the macros to execute a PowerShell command, which reportedly downloads and executes the Emotet banking Trojan. EdgeWave told BleepingComputer that while researchers were testing the malicious document, the Emotet downloaded as keyandsymbol.exe even though the name of the Trojan was mergedboost.exe.

Read More

Phishing, Humans Root of Most Healthcare Attacks

Infosecurity Magazine | February 12, 2019

Across healthcare organizations in the US, malicious actors are successfully leveraging phishing attacks to initially gain access to networks, according to findings from the 2019 HIMSS Cybersecurity Survey published by the Healthcare Information and Management Systems Society (HIMSS). The study, which surveyed 166 qualified information security leaders from November to December 2018, found that there are particular patterns of cybersecurity threats and experiences distinctive to healthcare organizations. “Significant security incidents are a near universal experience in US healthcare organizations with many of the incidents initiated by bad actors, leveraging email as a means to compromise the integrity of their targets,” the survey said. Nearly half (48%) of all respondents identified two different categories of major threat actors, which included online scam artists (28%) and negligent insiders (20%). The hospitals that participated in the survey said that when looking at the security incidents that occurred in the last 12 months, the initial point of compromise for 69% of the attacks was the result of phishing emails. Not all healthcare organizations are hospitals, though. Among all the survey participant, 59% said that the most commonly cited point of compromise was email and 25% were human error. “There are certain responses that are not necessarily 'bad' cybersecurity practices, but may be an 'early warning signal' about potential complacency seeping into the organization’s information security practices,” the report said.

Read More

Netcraft Launches Anti-Phishing Mobile App

SecurityWeek | January 28, 2019

UK-based cybersecurity services provider Netcraft on Monday announced the launch of a new mobile application designed to protect users against phishing and other threats. Netcraft has pointed out that the mobile versions of popular web browsers don’t provide the same level of protection against phishing attacks as the desktop versions. According to the company, a study it carried out last year showed that browsers running on Android and iOS devices blocked a “tiny fraction” of the malicious sites blocked by their desktop versions. The app it has developed, named Netcraft Phishing and Malware Protection, is designed to prevent users from accessing malicious websites based on data from the company’s anti-phishing feed. Launched in 2005, Netcraft’s anti-phishing system is powered by a database of more than 56 million unique phishing websites. The database, which is constantly growing based on reports from its users, is utilized by all major web browsers and licensed by many companies specializing in security, content filtering, and web hosting. The new mobile app works with several browsers, including Chrome, Firefox, Opera, Edge, UC, and the Samsung browser. Additionally, it protects users against threats in the Facebook, Instagram, Messenger, Twitter, Snapchat, Slack, Reddit and other apps. The application is designed to block phishing and malware sites when users browse the web, and alerts the user when a phishing URL is detected in an SMS message. Users are provided information on the number of blocked threats.

Read More

Amazon Order Confirmation Phishing Scam

Infosecurity Magazine | December 24, 2018

All those who have relied upon the e-commerce giant Amazon to order their holiday gifts should heed caution when receiving order confirmation emails, as EdgeWave reportedly discovered a new and highly sophisticated malspam campaign sending fake Amazon order confirmation messages. The messages are reportedly quite convincing, and include subject lines that read "Your Amazon.com order," "Amazon order details" and "Your order 162-2672000-0034071 has shipped." According to BleepingComputer, “When you open these emails, you will be shown an order confirmation that states your item has shipped, but without any details regarding what was ordered or tracking information. It then tells the recipient to click on the Order Details button in order to see more information.” Unsuspecting users who click on the link thinking they are downloading a Word document named order_details.doc are then instructed to “Enable Content” so that the order may be properly viewed. However, these unwitting users are actually enabling content that triggers the macros to execute a PowerShell command, which reportedly downloads and executes the Emotet banking Trojan. EdgeWave told BleepingComputer that while researchers were testing the malicious document, the Emotet downloaded as keyandsymbol.exe even though the name of the Trojan was mergedboost.exe.

Read More

Events