Autonomous AI Cyber Weapons Inevitable Says Security Research Expert

Posted on by Andy Miller

Speaking at a recent CloudSec event in London, Trend Micro’s vice-president of security research, Rik Ferguson said that AI cyberattacks operated autonomously are an inevitable threat that security professionals must adapt to tackling.

If Leveraged By Cybercriminals

Mr Ferguson said that when cybercriminals manage to leverage the power of AI, organisations may find themselves experiencing attacks that happen very quickly, contain malicious code, and can even adapt themselves to target specific people in an organisation e.g. impersonating senior company personnel in order to get payments authorised, pretending to be a penetration testing tool, or finding ways to motivate targeted persons to fall victim to a phishing scam.

AI Vs AI

Mr Ferguson suggested that the inevitability of cybercriminals developing autonomous AI-driven attack weapons means that it may be time to be thinking in a world of AI versus AI.

Example of Attack

One close example given by Ferguson is the Emojet Trojan.  This malware, which obtains financial information by injecting computer code into the networking stack of an infected Microsoft Windows computer, was introduced 5 years ago but has managed to adapt and cover its tracks even though it is not even AI-driven.

AI Launching Own Attacks Without Human Intervention

Theresa Payton, who was the first women to be a White House CIO (under president George W Bush) and is now CEO of security consultancy Fortalice, has been reported as saying that the advent of genuine AI has posed serious questions, that the cybersecurity industry is falling behind, and that we may even be facing a situation where AI will be able to launch its own attacks without human intervention.

Challenge

One challenge to responding effectively to AI cyber-attacks is likely to be that cybersecurity and law enforcement agencies must move at the speed of law, particularly where procedures must be followed to request help from and arrange coordination between foreign agencies.  The speed of the law, unfortunately, is likely to be much slower than the speed of an AI-powered attack.

What Does This Mean For Your Business?

It is a good thing for all businesses that the cybersecurity industry recognises the inevitability of AI-powered attacks, and although it fears that it risks falling behind, it is talking about the issue, taking it seriously, and looking at ways in which it needs to change in order to respond.

Adopting AI Vs AI thinking now may be a sensible way to help security professionals, and those in charge of national security to focus thinking and resources on finding ways to innovate and create their own AI-based detection and defensive systems and tools, and the necessary strategies and alliances in readiness for a new kind of attack.

AI Destined For McDonald’s Drive-Throughs

Posted on by Andy Miller

The acquisition of AI voice recognition start-up Apprente by the McDonalds franchise gives the restaurant chain its own Silicon Valley technology division and promises an automated ordering system for drive-throughs, self-order interfaces and the mobile app.

Apprente

Apprente is a Silicon Valley-based start-up (founded 2017, Mountain View, California) that specialises in making customer service chatbots.  Its acquisition by McDonald’s gives the restaurant chain its own AI-powered voice-based conversational system that can handle human-level interactions, thereby helping improve the speed and accuracy of orders.

It is thought that the Apprente system will not completely replace the traditional front of house staff, but may be used in mobile ordering or kiosks i.e. added to drive-through kiosks or sited nearby (and added to the mobile app) so that that food can be ordered by the customer’s voice, and transcripts of the order can be given to staff to ensure that the order is correct.  The transcript may also be presented or read to the customer when they pick the order up minutes later.  The technology may, therefore, provide time-saving, accuracy, and convenience benefits to both customers and staff.

Why?

There are a few key reasons why McDonald’s has gone down the tech route with its order taking.  These include:

  1. Competition from home delivery companies.
  2. 70 per cent of the company’s orders come through its drive-throughs but some reports show that McDonald’s may be relatively slow in getting its drive-through food orders out.  For example, a recent report (Oches’ 2019) shows that while the average wait in a Burger King drive-through is over 193 seconds, the waiting time in McDonald’s is considerably longer at 273 seconds.  McDonald’s ranked the tenth and slowest fast-food company in that report, but the addition of the voice-based conversational system could help speed things up.
  3. To give McDonald’s a technology development centre, the McD Tech Labs in Silicon Valley so that the restaurant chain can keep adding value through new technology and stay ahead in the market.

Other Acquisitions

McDonald’s has also recently acquired customer services personalisation company and AI start-up ‘Dynamic Yield’. With this deal, worth more than £240 million, McDonald’s can use the decision-logic technology to create drive-through menus tailored to its customers based on the time of the day, trends, previous choices and other factors.

What Does This Mean For Your Business?

For customers, the deployment of the new voice-recognition technology in addition to the Dynamic Yield (already deployed in 8,000 US drive-throughs) should make ordering food a faster and better experience.

For McDonald’s, the addition of the new technology and of a tech base in Silicon Valley to develop more of the same should help it to compete in a market that’s getting busier with companies that are using technology to reach customers and satisfy the same need for fast gratification.  The value-adding technology (combined with the fact that McDonald’s have a restaurant in most towns with a standardised and trusted product and brand) means that McDonald’s is taking steps to ensure that it stays ahead in a future where technology is an important competitive advantage in fast food delivery.   The new technology may also help McDonald’s address its current need to get orders ready more quickly and accurately while adding a novelty factor, talking point, and perceived advantage among customers.

Major Workforce Changes Over The Next Five Years

Posted on by Andy Miller

A new global Forrester Consulting study predicts major changes in their service workforce over the next five years, including replacing call centre and customer service centre staff with automated dispatch notification.

The Study

The “From Grease To Code: What Drives Digital Service Transformation” study, commissioned by cloud-based software for service execution management company ServiceMax, highlights the opinions of 675 digital transformation decision-makers across North America, Europe, the Middle East and Asia Pacific, that are undergoing or have completed much of their digital transformation.

The Findings

The report predicts disruptive and major changes to service workforces globally in the next five years as companies make their digital transformation and where actionable intelligence becomes an important factor for competition and growth.

Changes

Predictions of the kinds of key changes that will take place with digital service transformation according to those surveyed for the study include:

  • Within just five years, asset equipment will outlive the working life of the engineers who service them (72 percent of respondents).
  • Technology will completely automate service technician dispatch, thereby replacing call centre and customer service centre staff (62 percent of respondents). This means that as soon as customer service systems identify a fault, the nearest appropriate field technician can be sent the job details directly, thereby cutting out the need for call centre staff.
  • Self-healing equipment and remote monitoring will mean that field service technicians can focus on more complex specialist tasks (85 percent of respondents). This is why just over half of firms are already investing or planning to invest in condition-based maintenance within the next two to three years.

Digital Transformation A Challenge To Many Companies

However, as noted by John Meacock, Global Chief Strategy Officer, Deloitte on the Global Economic forum website, many companies have found reaping the true benefits of digital transformation a real challenge, not least because becoming a digital enterprise requires comprehensive, systemic change and not just a new website or mobile strategy.

What Does This Mean For Your Business?

The rapidly evolving business environment has put a lot of pressure on businesses to innovate and to prioritise digital transformation in order to compete.  The results of this survey predict big changes in a relatively short period of time, and should alert businesses to the need to look at how they need to change, and ensure that they can incorporate digital solutions to help them deliver the best levels of service to customers i.e. making sure that organisational workforce strategy maps to the service data strategy.

If companies can make a good job of their digital transformation, this may bring them the benefits of being able to use their service data to make better operational decisions around predictive maintenance and customer service, and to extend the working life of capital equipment.  Also, getting to grips with the kind of systemic changes that can lead to a shift to as-a-service delivery models can help businesses to dramatically improve how they schedule, dispatch and maximize the value from their technical service talent.

Predictions of automation at the expense of jobs, and the introduction of AI into more aspects of business do appear to be becoming reality, and organisations need to consider how automation and AI could bring them new strengths and opportunities.

Joker Malware Found In 24 Apps In Google Play Store

Posted on by Andy Miller

Security researcher Aleksejs Kuprins of CSIS cybersecurity services company has discovered 24 apps which have been available for download in the Google Play Store that contain ‘Joker’ malware.

What Is Joker Malware?

Joker malware is a spy and premium subscription bot that makes money by simulating clicks. If, for example, a Joker infected app is downloaded, the malware delivers a second-stage component which silently simulates the interaction with advertisement websites, and steals the victim’s SMS messages, their contact list and their device information.

One of the silent automated interactions with advertisement websites includes simulation of clicks and entering of the authorisation codes for premium service subscriptions.

One specific example of what Joker can do, given by Mr Kuprins on the CSIS tech blog is that in in Denmark, Joker can silently sign a victim up for a 50 DKK (6,71 EUR) per week service by automating interaction with a premium offer’s webpage, entering the offer code, waiting for a SMS message with a confirmation code and extracting it, and finally submitting the code to the offer’s webpage to authorise the premium subscription.

Which Apps?

The 24 apps harbouring the ‘Joker’ malware, which have been installed more than 472,000 times are: Advocate Wallpaper, Age Face, Altar Message, Antivirus Security – Security Scan, Beach Camera, Board picture editing, Certain Wallpaper, Climate SMS, Collate Face Scanner, Cute Camera, Dazzle Wallpaper, Declare Message, Display Camera, Great VPN, Humour Camera, Ignite Clean, Leaf Face Scanner, Mini Camera, Print Plant scan, Rapid Face Scanner, Reward Clean, Ruddy SMS, Soby Camera and Spark Wallpaper.

Only Targets Certain Countries

The good news is that ‘Joker’ malware only attacks targeted countries and that most of the infected apps contain a list of these targeted Mobile Country Codes (MCC) meaning that the victim has to be using a SIM card from one of these countries to receive the second stage payload.  The bad news is that the UK is one of those targeted countries.

Google On Top Of Things

Despite there being 24 apps identified so far, Mr Kuprins has reported that Google has stayed on top of things during his investigation and has been removing all the offending apps without the need for prompting.

Not The First Time

Back in January last year, Security researchers discovered 36 fake and malicious apps for Android that could harvest data and track a victim’s location, masquerading as security tools in the trusted Google Play Store.

What Does This Mean For Your Business?

Google Play is a trusted source for apps, and it’s worrying that hundreds of thousands of customers may have the affected apps from Google Play.  In this case, Google has responded relatively quickly and has deleted infected apps where they have been found.

The obvious advice to android phone users is to check the list of infected apps and delete any on your phone that match. If you think you may have been affected by Joker via an app it may be a good idea to check your Google Play account for any unauthorised subscriptions, check your credit card or bank statements as far back as June of this year, and let your contacts know that you may have been infected (because Joker steals your phone’s contact list).

To minimise the risk of falling victim to damage caused by fake apps, users should check the publisher of an app, check which permissions the app requests when you install it, delete apps from your phone that you no longer use, and contact your phone’s service provider or visit the high street store if you think you’ve downloaded a malicious/suspect app.

This latest discovery of infected apps on Google’s Play Store should prompt the company to make even greater efforts to police the apps that it offers there.

France Says ‘Non’ To Facebook’s Libra Cryptocurrency

Posted on by Andy Miller

France’s finance minister, Bruno Le Maire has said that the development of Facebook’s new Libra cryptocurrency will be blocked in Europe unless concerns over risks to consumers and to the monetary systems of countries can be addressed.

Libra – Announced in June

Announced in June this year and due to be launched in 2020, Libra is Facebook’s cryptocurrency which will enable payments to be made by a special phone app and by messaging services such as WhatsApp so that spending the new currency could be as easy and fast as texting.  Management of the currency, units of which can be purchased via Libra’s platforms and stored it in a digital wallet called “Calibra”.

In addition to Facebook, the Association has 27 other members/partners, all of whom will most likely have to accept Libra, including Mastercard, PayPal, eBay, Spotify, Uber, Vodafone, and a variety of charities such as Women’s World Banking.

For Use By The ‘Unbanked’

Facebook has promoted Libra as being targeted mainly at the 1.7 billion adults worldwide who do not have a bank account, and who use services such as payday loans although 1 million plus of these already have a smartphone, thereby enabling them to use the apps through which Libra can be operated.  This “unbanked” segment of the potential market contains mainly people from developing countries, a large proportion of which are women.

Why Does France Object?

In Bruno Le Maire’s speech at the OECD Global Blockchain Policy Forum 2019 he identified several reasons why France would consider blocking Libra in Europe, the main one being that monetary sovereignty of countries may be at stake from a possible privatisation of money e.g. because Facebook is a sole actor (company) with more than 2 billion users on the planet. Mr Le Maire also expressed concern that Libra’s digital credits could facilitate money laundering and terrorism.

Other concerns about Libra’s introduction include:

  • Possible risks to consumers (their personal data) in the light of Facebook’s sharing of user data with Cambridge Analytica.
  • Consumers may turn to cryptocurrencies like Libra during a time of national crisis, which could make it more difficult for governments to stabilise their economies, thereby making matters worse.
  • The need for Libra to meet regulations for consumer protection, money laundering and financing terrorism.
  • Libra uses blockchain, which many banks still consider to be an emerging technology that should be approached with caution.

Highlights The Need To Work Together

According to the head of policy and communications at the Libra Association, the concerns expressed by Bruno Le Maire highlight the need for the project’s backers to work together with regulators to make the implementation of the Libra project safe, transparent and consumer focused.

What Does This Mean For Your Business?

For Facebook, Libra is an opportunity to monetise another of its services, and an opportunity to diversify.  Even though Facebook has promoted Libra as a currency for use by the 1.7 billion people without bank accounts, it is more likely that Libra will gain more users with bank accounts in developed countries more quickly.  Also, some more sceptical commentators have noted that Libra may be less about money and blockchain but more about gathering more information about the identity of clients.

Even though Libra users are not intended to be businesses, if Libra does help the ‘unbanked’ this could have a knock-on effect in helping that segment of society to buy more goods and services, thereby helping businesses and the economy.

Libra looks set to face more scrutiny and attempts to make sure that it meets the regulation of countries that are worried by the possible shift in control from governments and central banks to big business that Libra could bring. This shift in control could have a number of effects on the business environment and the economies of countries if Libra proves to be popular.

Tech Tip – Canva

Posted on by Andy Miller

If you’d like a free, graphic design app that can help you to improve your business and social media communications then Canva may be the app for you.

Canva is a versatile graphic design app: full editor, Instagram story maker, video maker, video editor, logo maker and poster maker, enabling you to easily stay on brand and create some very professional logo and poster designs with your photos and videos.

Canva also provides a great way to design your Instagram Highlight cover and create a logo and banner for social networks (Facebook, Pinterest and Twitter).

You can get Canva on the Google Play Store and Apple’s App Store.

Report Shows That 99% of Cyber Attacks Now Involve Social Engineering

Posted on by Andy Miller

The Human Factor report from Proofpoint shows that almost all cyber-attacks, at some stage, involve the exploitation of human error in the form of social engineering.

What Are Social Engineering Attacks?

Social engineering attacks involve the manipulation and deception of people into performing actions such as transferring money to criminal accounts or divulging confidential information.

What Kind of Attacks?

The Proofpoint Human Factor report makes the point that as many as 99% of cyber-attacks now involve social engineering through cloud applications, email or social media.  Social engineering attacks can also involve cybercriminals making phone calls to key persons in an organisation.

Easier and More Profitable

These attacks are designed to enable a macro, or trick people into opening a malicious file or follow a malicious link through human error, rather than the cyber attacker having to face the considerable and time-consuming challenge of trying to hack into the (often well-defended) systems and infrastructure of enterprises and other organisations. Social engineering attacks are, therefore, easier, less costly, more profitable, and more likely to be successful than having to create an exploit to try and gain access to company systems.

Targets – “Very Attacked People”

Cybercriminals are looking for money and valuable data and information. The Proofpoint report, which was based on 18 months of data analysis collated from across the company’s global customer base, highlights the fact that the gatekeepers of money and data in target organisations become the “very attacked people” (VAP) i.e. the most often approached targets. These VAPs are often identified by attackers using information from sources such as corporate websites, social media, trade publications, and search engines.

Patterns & Routines

The report also revealed how attacks involving email messages can be made to mimic standard business routines and legitimate email traffic patterns e.g. downtime at weekends and spikes on Mondays.  Also, malware tends to be evenly distributed over the first three days of the working week, and attacks in the Middle East and Europe appear to be more likely to succeed after lunch.

What Does This Mean For Your Business?

The fact that many businesses and organisations are taking cyber defence seriously and have improved their system defences means that cybercriminals are moving into social engineering attacks.

Businesses and organisations can protect themselves against such attacks through staff training (particularly for guardians of funds and data), keeping anti-virus and online filtering up to date, using encryption e.g. VPNs for certain employees, having clear policies and procedures in place with built-in verification and authorisation for money and data requests, and being careful about publicly-visible employee information that could be used to target key staff members.

AI Mimics CEO’s Voice To Steal Over £200,000

Posted on by Andy Miller

A recent Wall Street Journal report has highlighted how, in March this year, a group of hackers were able to use AI software to mimic an energy company CEO’s voice in order to steal £201,000.

What Happened?

Reports indicate that the CEO of an unnamed UK-based energy company received a phone call from someone that he believed to be the German chief executive of the parent company.  The person on the end of the phone ordered the CEO of the UK-based energy company to immediately transfer €220,000 (£201,000) into the bank account of a Hungarian supplier.

The voice was reported to have been so accurate in its sound, that the CEO of the energy company even recognised what he thought was the subtleties of the German accent of his boss, and even “melody” of the accent.

The call was so convincing that the energy company made the transfer of funds as requested.

Fraudster Using AI Software

The caller, who was later discovered to have been a fraudster using AI-base voice-altering software to simulate the voice of the German boss, called 3 times.  In the first call, the fraudster requested the transfer, in the second call they (falsely) claimed that the transfer had been reimbursed, and in the third call the fraudster requested an additional payment. It was this third call that aroused suspicion, partly based on the fact that the telephone number appeared to indicate that the caller was in Austria and not Hungary.

Money To Hungary, Mexico and Beyond

Unfortunately, the money had already been transferred to a Hungarian account after the first call, and it has since been discovered that money was immediately transferred from the alleged supplier’s Hungarian bank account to an account in Mexico, and then further disbursed to accounts in other locations, thereby making it very difficult for authorities to follow the trail.

What Sort of Software?

The kind of software used in this attack may have been similar in its output to that demonstrated by researchers from Dessa, an AI company based in Toronto.  Dessa has produced a video of how this kind of software has been able to produce a relatively accurate simulation of the voice of popular podcaster and comedian Joe Rogan – see: https://www.youtube.com/watch?time_continue=1&v=DWK_iYBl8cA

What Does This Mean For Your Business?

It is known that cybercriminals, deterred by improved and more robust enterprise security practices have decided to look for human error and concentrate more on social engineering attacks, a category that this voice simulation attack (via phone calls) fits into. The fact that this attack has taken place and been successful shows that some cybercriminals are already equipped with the computing power and most up-to-date machine-learning AI technology that they are clearly capable of using.

This means that companies and organisations (particularly larger ones), may now be at risk of facing more sophisticated deception and phishing attacks. The AI company Dessa has suggested that organisations and even individuals could expect to face future threats such as  spam callers impersonating relatives or spouses to obtain personal information, impersonations intended to bully or harass, persons trying to gain entrance to high security clearance areas by impersonating a government officials, and even an ‘audio deepfake’ of a politician being used to manipulate election results or cause a social uprising.

Companies should try to guard against social engineering attacks by educating all staff to the risks and having clear verification procedures (and not just relying on phone calls), tests, and chain of command authorisation in place for any requests for funds.

Record Levels of Investment in UK AI

Posted on by Andy Miller

A Tech Nation Report has shown that AI investment in the UK reached record levels in the first six months of the year making it the third biggest market in the world for AI investment, just behind the US and China.

Surge

Crunchbase figures show that AI investment in the UK reached £859.29m in just the first six months of this year, compared to £825.85m for the whole of last year.

This latest surge in AI investment marks five years of consecutive growth and a massive six-fold increase between 2014 and 2018.

Also, AI start-ups in the UK raised almost double the amount of those in the rest of Europe combined.

Why The High Investment Levels?

The AI investment growth can be attributed to several factors, not least:

  • A rise in the number of start-ups with 50 or fewer employees.  These account for 89% of the UK’s AI companies.
  • The Department for Digital, Culture, Media and Sport (DCMS) £1bn AI sector deal to put the UK at the forefront of the AI industry, including almost £300m of new private sector investment, as part of the UK government’s Industrial Strategy (announced November 2017).  This initiative was intended to establish partnerships between government and industry in order to increase productivity.

Challenges

Even though the figures show that the investment trend is going in the right direction, UK-based companies hoping to make the most of AI face some clear challenges including:

  • A tech skills shortage and a so-called “brain drain” in the UK and across Europe as top university tech students are tempted to work further afield e.g. in the U.S.  Also, Brexit fears in the UK have deterred some European specialist tech workers from staying.
  • Challenges in scaling up their businesses so that they can become competitive in the global market.

Small Pool

These challenges to the growth of AI companies mean that there is only a relatively small pool of UK AI-focused companies that have been able to make the step to scaling-up and competing on the world stage.  AI companies in other countries such as China, by contrast, tend to have larger workforces e.g. 53% have more than 50 employees.

There is also a relatively small pool of people in the world who can contribute to cutting-edge AI research.

Benefits and Threats of AI

AI offers many benefits to businesses such as cost and time savings (greater productivity and reduction in errors), the ability to make better use of resources (AI handles repetitive jobs and bots handle common questions).

Many people are, however, concerned that the growth in AI will mean a loss of jobs e.g. Gartner figures show that AI could eliminate 1.8 million jobs.  It should also be remembered that AI could create 2.3 million jobs by 2020 (Gartner) and that if the large-scale introduction of AI follows the pattern of temporary job losses followed by recovery and business transformation, the combination of human and artificial intelligence could provide exciting news competitive advantages for businesses.

What Does This Mean For Your Business?

The investment in AI within the UK is promising for the tech sector, the economy, and for the future of the UK in the global tech market, provided that UK-based AI companies can tackle the challenges of being able to scale-up and successfully find the human tech talent at a time of skills shortages.

AI may cost jobs in the shorter term, but it may also bring new strengths and opportunities to businesses and could transform the way we are able to work for the better.

Microsoft’s Phone App Challenge to iMessage and FaceTime

Posted on by Andy Miller

Reports from online tech commentators indicate that Microsoft will soon be enhancing its Your Phone app with the ability to make phone calls from a desktop PC, thereby making the app a serious challenger to Apple’s iMessage and FaceTime.

The Your Phone App

Microsoft’s Your Phone desktop App connects your phone to your PC thereby giving you access to your phone’s notifications, photos and texts while working on your PC. Giving the desktop Phone App the details of your phone (Android or Apple, phone number) means that you receive a download link to the ‘Phone Companion’ via SMS text.

Installing the Phone Companion on your mobile enables you to sync your phone with your PC e.g. an Android phone with Windows 10 PC.  This gives instant access to your phone on your PC so that you can reply to texts at your PC and instantly receive photos on your PC that have been taken on the phone.

Making Calls – Challenging Apple’s iCloud Integrations

The addition of being able to dial a number, search your phone contacts and make a call directly from your PC is an important enhancement that could make Microsoft’s Your Phone desktop App a serious challenger to Apple’s iCloud integrations on macOS.

Apple Mac users can currently use these to send messages from their desktop using iMessage and can also make voice and video calls using FaceTime.

‘Use Phone’ Button

The enhanced Your Phone App from Microsoft will include a ‘Use Phone’ button that can send a call back from the PC (microphone and speakers) to the handset,  thereby enabling more privacy and/or shutting out any distracting background noise e.g. keyboard noises and noises from home working.

Who?

A full-feature Your Phone App would most likely be of maximum value to those workers who need to be in front of the desktop for long periods of time with minimal distractions although, arguably, messages and notifications popping up on the screen could be less easy to ignore than if they’d been quietly arriving on the phone in corner.

The Your Phone app could also be of use to workers in a situation where too much obvious interaction with their handset in the workplace is frowned upon and where visual monitoring and supervision is particularly intense.

What Does This Mean For Your Business?

For Microsoft, this improvement to the Your Phone desktop App, which has been around for some time, gives it much greater potential value to users and gives Microsoft another way to seriously compete with its rival Apple.

For any business users who are typically tied to the PC for most of the time the ability to handle all phone matters on the desktop adds value in terms of convenience, possible time savings, and fewer distractions.