Week in Review – 8th September 2017

September 8, 2017 | Javvad Malik
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

Ransomware and Threat Intelligence in Las Vegas

This week will start off somewhat biased as it’s a report I wrote based on a survey we conducted at Black Hat 2017.

Some of the key findings from the report were:

  • Ransomware is the biggest concern among security professionals (42%)
  • Sharing of threat intelligence continues to grow among the different channels 56% of respondents use open source/public threat intelligence feeds
  • For 50% of respondents, the shortage of security workforce is the biggest challenge that has increased over the last year
  • 64% of participants state that they are either “confident” or “very confident” in their organizations ability to detect and respond quickly to a data breach​

Google wanting to index the real world

Google is looking to improve its already impressive maps with newer cameras and algorithms they used to index the web, in the real world.

Google’s huge investment in machine learning and AI provides a natural way to get that information. Thanks to recent research inside the maps division, when a Street View car captures photos of a stretch of road, algorithms can now automatically create new addresses in the company’s maps database by locating and transcribing any street names and numbers. Street View was the first of Google's product groups to use the company's powerful custom AI chips, dubbed TPUs.

GOOGLE'S NEW STREET VIEW CAMERAS WILL HELP ALGORITHMS INDEX THE REAL WORLD (Wired)

Demand for cloud skills continues to rise

According to research by Akamai, the number of cloud engineering roles has increased by 18% over the past year, while roles for senior cloud engineers have risen by 34%.

In particular, the skills needed for successful cloud migration, and more nuanced skills across a range of areas, including cloud management, cyber security and application development, have all seen a rise in demand.

One would hope this vital skill gap gets plugged soon, as the number of breaches in the cloud as a result of misconfigured servers continues to grow.

In somewhat related news, according to a study by 451 Research, almost two-third of organizations surveyed say recruiting for jobs in data center and server management is becoming increasingly difficult because of the skills needed, both in traditional servers and converged infrastructure.

Demand for server specialists increases, but talent pool is small

Phishing scams

Phishing scams aren’t really new, nor are they very noteworthy in the big scheme of things. But after major events or times of turmoil, there is usually a new wave.

Students in the UK found this out as student loan phishing scams spread throughout the country.

Perhaps a more evil example to bear in mind is the wave of phishing scams that often accompany natural disasters like hurricane Harvey. The US-CERT issued a warning and unfortunately is worth repeating.

OpSec Fail

Wrapping up on a slightly more light-hearted tale that involves OPSEC failure. An important part of OPSEC is compartmentation to limit the damage of any one penetration or compromise. (Source: the Grugq)

In other words, keep assets, data, and even your identity separate. So that if one aspect is compromised it doesn’t impact the other.

Unfortunately for one enterprising IoT botnet malware author he used the same Skype ID to advertise his IoT botnet, as well as for applying for jobs on freelancing portals.

Malware author uses same Skype ID to run IoT botnet and apply for jobs (Bleeping Computer)

Javvad Malik

About the Author: Javvad Malik
The man, the myth, the blogger; Javvad Malik is a London-based IT Security professional. Better known as an active blogger, event speaker and industry commentator who is possibly best known as one of the industry’s most prolific video bloggers with his signature fresh and light-hearted perspective on security. Prior to joining AlienVault, Javvad was a senior analyst with 451 Research providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning.
Read more posts from Javvad Malik ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL CHAT