Daily Archives: April 20, 2018

Leveraging AI to protect our users and the web



Recent advances in AI are transforming how we combat fraud and abuse and implement new security protections. These advances are critical to meeting our users’ expectations and keeping increasingly sophisticated attackers at bay, but they come with brand new challenges as well.

This week at RSA, we explored the intersection between AI, anti-abuse, and security in two talks.

Our first talk provided a concise overview of how we apply AI to fraud and abuse problems. The talk started by detailing the fundamental reasons why AI is key to building defenses that keep up with user expectations and combat increasingly sophisticated attacks. It then delved into the top 10 anti-abuse specific challenges encountered while applying AI to abuse fighting and how to overcome them. Check out the infographic at the end of the post for a quick overview of the challenges we covered during the talk.

Our second talk looked at attacks on ML models themselves and the ongoing effort to develop new defenses.

It covered attackers’ attempts to recover private training data, to introduce examples into the training set of a machine learning model to cause it to learn incorrect behaviors, to modify the input that a machine learning model receives at classification time to cause it to make a mistake, and more.

Our talk also looked at various defense solutions, including differential privacy, which provides a rigorous theoretical framework for preventing attackers from recovering private training data.

Hopefully you were to able to join us at RSA! But if not, here is re-recording and the slides of our first talk on applying AI to abuse-prevention, along with the slides from our second talk about protecting ML models.

Game Over! Malicious Minecraft Character Skins Infect Over 50,000 Accounts

Video games allow users to become a whole new persona, to experience imaginary worlds, and live out scenarios that are beyond their wildest dreams. One of the most popular video games out there, Minecraft, allows users to build worlds out of cubes and create customized virtual avatars to represent themselves within the game. Only now, special add-ons that are used by players to personalize their avatar have become part of a cyber scheme, as over 50,000 Minecraft accounts have been infected with malware via character skins that were created and uploaded to the game’s official website by fellow users.

Though it is unclear who exactly created the malicious skins, it is believed that the malware does not come from any well-known cybercriminals but rather from inexperienced players looking to exploit others for their own amusement. This malware is not just simple competitive jab either, as its tactics are quite nasty. It has been reported that, once downloaded, the strain can reformat hard drives and delete backup data and system programs.

Now, knowing that fellow gamers are out there trying to sabotage others, what are next steps for Minecraft players? It’s important all users start doing all that they can now in order to avoid infection. You can start by following these proactive security tips:

  • Do your homework. Before you download any extra add-ons for games, make sure you read fellow user reviews. Conduct a quick Google scan and see what other users think – has it caused them issues or security strife? When in doubt, don’t download any add-ons (like character skins) that come from an untrustworthy source or seem remotely sketchy.
  • Back up your files on an external hard drive. Always make sure your files are backed up on an external hard drive. That way, if your data is deleted in this Minecraft malware attack or others like it, you can restore the data from the backup.
  • Use comprehensive security. Whether you’re using the mobile version of Minecraft, or gaming on your computer, it’s important you lock down all your devices with an extra layer of security. To do just that, use a comprehensive solution such as McAfee Total Protection.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Game Over! Malicious Minecraft Character Skins Infect Over 50,000 Accounts appeared first on McAfee Blogs.

McAfee vNSP and AWS Are Winning Combination for Enterprise and Federal Customers

Fun Facts: ECS stood up and managed the first security operations center at the White House. Today, ECS manages the world’s largest McAfee installation—employing just about every solution we make—for the U.S. Army.

ECS is more than a McAfee Platinum Partner: they’ve built their entire security solution around McAfee products. The company’s unique offering to Enterprise, military, intelligence and federal civilian combines their award-winning managed services powered by McAfee, and high-level competencies across the Amazon Web Services (AWS) product suite.

ECS has earned service delivery certifications for every McAfee product, participating regularly in betas and trials of new software with active input into the development of new products. Its AWS bona fides are equally ambitious: ECS is an AWS Premier Consulting Partner, an Audited Managed Service Partner, and one of the world’s largest AWS resellers.

For the past 17 years, ECS (formerly InfoReliance) has built a managed-services offering that focuses on delivering custom solutions for clients in regulated industries such as government and defense, but the company also has a large and growing roster of high-profile enterprise and commercial customers. ECS focuses its security solutions around the threat defense lifecycle, applying not only McAfee products but complementary solutions from McAfee Security Innovation Alliance.

“Our choice to provide a single-vendor security platform and deliver McAfee at scale is one of the things that makes us unique,” remarks Andy Woods, Director of Managed Cybersecurity at ECS. “It means our organization can have a depth of expertise that’s frankly unmatched by anyone else in the industry. We also believe it’s the best way to be technology-heavy and people-light, and to automate as much of the cybersecurity lifecycle as we can.”

The McAfee Virtual Network Security Platform (vNSP) and its tight synergy with AWS is a large focus of ECS’s business. Tim Gonda, ECS security engineer and vNSP expert, explains: “We feel it is important to recognize that as part of the AWS shared responsibility model, it is up to us to ensure the security of our virtual networks. We leverage vNSP as a way to augment the security of native AWS capabilities. We are able to establish more flexible controls for protecting our own workloads, as well as providing custom-tailored solutions to our clients.”

In one example of a customer’s virtual private cloud (VPC) deployment, the ECS team launched a vNSP controller into the VPC, and deployed sensors per subnet. The application service also included the lightweight, host-based traffic redirector. “One of the biggest differentiators of vNSP versus other products is that it allows us to monitor internal VPC traffic, as well as traffic leaving the VPC, in an extremely lightweight framework,” Gonda comments. “In this example, we managed the lateral traffic within the VPC, as well as traffic going out to the internet, while providing custom filters and rules looking for specific threats on the wire.”

The application of vNSP with AWS-driven VPCs is just one example of ECS’s fearless innovation in today’s marketplace. Woods notes, “We’re proud of our internally developed intellectual properties, such as our iRamp billing system. We developed one of the very first DXL-enabled technologies within the partner community. We were also early adopters of integrated security through McAfee ePO, born out of a need to support clients in regulated industries.”

Woods concludes, “Our clients are focused on value management of their cybersecurity spend and how we can help them reduce their risk not only today but into the future. We deliver security customized security outcomes for every organization we work with. We’re confident in McAfee’s ability to scale along with core competencies on the endpoint, whether on-premises or in the cloud. The connected infrastructure is a key differentiator for us as we deliver managed services to customers across all verticals. For us, ‘Together is Power’ means being able to solve our clients’ cybersecurity problems in the most powerful manner possible, through a single platform of connected technologies.”

The post McAfee vNSP and AWS Are Winning Combination for Enterprise and Federal Customers appeared first on McAfee Blogs.

Online Trust: Do Executives, Consumers and Security Pros Define It Differently?

We are in the midst of the fourth industrial revolution. Instead of steam machines or textiles, our economy is becoming ever more tied to technology. In order for our digital economy to thrive, we as a collective society need to have trust in our technology. Yet, the technology world has done very little to earn that trust.

During RSA David Duncan, VP, Product Marketing and Mark McGovern, VP, Product Management discussed our state of digital trust and how not improving it will impact the growth of our digital economy. Duncan pointed out that the digital economy is the 5th largest economy in the world. The growth of this economy is essential to our current way of life and a lack of trust caused by a series of preventable breaches and loss of personal data is threatening this growth. It is estimated that the digital economy has lost $3 trillion in growth due to a lack of trust in technology. And when companies don’t earn trust on their own, governments take action. Just look at the slew of new regulations and legislations coming out, especially in Europe. After the Equifax breach, the former CEO was forced to testify in front of Congress, and just recently Mark Zuckerberg was asked to do the same in order to answer questions about breaches in privacy.

As McGovern pointed out during his presentation, the digital economy has us living in a paradox. We want better technology, faster and with more access but we also want to it be more secure. The equation doesn’t add up with the way we think about security. This is why we need a modern approach to things like application security – where security is a function of software quality and is built into the development process. And of course we need to have a modern approach to identity and access management. This means things like single sign-on, advanced authentication, directory services and mobile AppSec. And we need to make use of behavioral analytics so that IAM becomes background and not a nuisance.

We live in a borderless world, our security needs to be borderless too. Otherwise it becomes inconvenient and we cannot build the trust with our customers we so badly need for our economy to continue growing.

RSAC Panel Discussion: How can we protect our digital society?

During the RSA conference Sam King, general manager of CA Veracode lead an engaging discussion with Art Coviello, former CEO of RSA and Robert Knake, senior fellow for cyber policy at the Council on Foreign Relations and senior research scientist at Northwestern University’s Global Resilience Institute.

While the conversation touched on a variety of topics, the prevailing theme was on the need for a private and public partnership and the how much we can depend on the government for cybersecurity assistance. According to the panelists, the main thing holding the government back from improving overall cybersecurity of our country is a lack of technologist in government. As the questions posed to Mark Zukerberg during his congressional hearing demonstrated, our government officials are not entirely sure how this Internet thing works.

This is exactly why we need a partnership between government and the private sector. Companies know what is needed but do not have the authority or reach to get it done. While government has the authority they require the expertise of the private sector to determine what should be done.

How to respond to state sponsored cyberattacks also came up during the conversation. Should we respond in kind with our own cyberattacks? In our increasingly connected world, what is to say those counter attacks don’t end up impacting our own citizens and critical systems? Questions about the effectiveness of economic sanctions also came up. This seemed to be preferred to the concept of a mutually ensured digital destruction that escalation would create.

During the Q+A with the audience one particularly poignant question arose. After years of deadly shootings we’ve seen a group of individuals come together and protest. Regardless of which side you fall on the gun control debate – you cannot deny that this grassroots effort has been effective at creating change. Private industries are responding to their calls. Do we need a similar grassroots movement to entice the private sector and government to respond to the cyber threats facing our modern world? What will it take to spur citizen activists into action around this issue? It’s a question that keeps going around in my head after leaving this panel.

The panelists left the discussion on a positive note talking about the progress they’ve seen and how protecting our digital society is possible with cooperation from private sectors and government. As this issue becomes more and more relevant, I look forward to seeing how this debate evolves.