Since I’ve spent a large portion of my career in and around security, now would be the perfect time to leave the security industry. This is not due to the fact that the business is not still potentially profitable, but rather to the alarming rate at which threats seem to be growing. Due to the development of AI and the understaffing of security departments, this escalation is especially apparent.
HP claims that we don’t have the 3.5 million, yes, million, security professionals we need to deal with today’s threats, let alone the upcoming ones brought on by artificial intelligence.
Let’s talk about security this week in the context of HP’s Quarterly Security Report, what HP is doing to address the issue, and we’ll wrap up with what might be my new favorite phone: the Motorola 2023 Razr foldable phone, which is sort of a blend of the future and the past.
Targeting content pirates is Shampoo
Music, TV, and movies that you would otherwise have to pay for can be obtained for cheap by pirating the content. It is a bad idea because some of that content might contain malware that could infect or destroy your PC or infect or destroy your business. You could also be fined up to $10,000 for each piece of content you are caught pirating.
The situation has indeed gotten worse
A program called Shampoo has been attempted to be downloaded by users outside of the Chrome Web Store. Shampoo is one of many untested Android apps that can infect users’ PCs and run malicious VBScript. The browser extension is then downloaded as a result of a series of scripts that are triggered by this action. Following this, the extension loads into a fresh browser session and establishes persistence mechanisms that make uninstalling it nearly impossible.
This malicious app, which is a member of the ChromeLoader family and is known for injecting malware, uses a convoluted injection chain at first to pay for those sent out by redirecting search queries and injecting ads. Users will notice that their PCs are acting differently, but if they try to uninstall the app, it simply reinstalls itself when they reboot, making it very challenging to do so.
Piracy once more
Users who have been actively looking for pirated content, particularly games, are the target audience for this application. The fact that the perpetrators of these attacks specifically mention that they are aiming for pirates raises the possibility that this app contains painfully punitive features that haven’t yet been activated or reporting features that haven’t been activated yet.
The best way to prevent this is to avoid piracy and to stop side-loading (using a method other than the Google Play Store), as there are many other malicious apps out there, and as a result, things are about to get much less safe.
Malware in FormBook
Microsoft significantly tightened the security surrounding Office, but threat actors have already started to find ways to get around these limitations.
For instance, in March of last year, hackers were able to access the Microsoft 365 login information of employees. These login details were used to access the workers’ online Outlook accounts. Then, they created a new email account and pretended to be the target organization’s finance department using it. Then they started emailing harmful Word documents to the employees. The workers opened the documents, thinking they came from the finance division of their employer.
Receivers trust the emails because they appear to come from within the business and have the finance department’s label on them. Thus, unlike how they would normally be for an email from an external source, the internal macros in the documents are not disabled. FormBook, a program that steals data and is available on a few hacking forums, is the malware that was downloaded in this case.
Emergence of AI, as well as the main threat vectors
Email currently accounts for 80% of all usage, followed by browser downloads at 13% and other activities at 7%. Malware of the gzip (a popular data compression application) archive variety has increased by 53%, and HTML threats as a whole have increased by 37%. The HP report states that threats involving documents that contain exploits have increased by 85% and threats involving exploits for compression tools have increased by 6%.
All of this, though, occurs before the wave of threats brought on by AI, which is not covered in the report and is also growing quickly.
For instance, there have been more reports of people receiving phony phone calls from loved ones who are in distress. In contrast to earlier scams, the callers have sampled the voice of the person they claim was kidnapped, so the screams and pleading you hear on the other end of the line actually sound like the relative you’re trying to protect. Congress was informed of an instance of one of the attacks.
This alarming trend indicates that we all need a verification code that we can use to check the identity of the caller when one of these calls comes in and that we should treat these calls very suspiciously. Another analyst received a similar call, ostensibly from his wife, claiming that she was being held for ransom while out shopping. He didn’t fall for it, but the call had really rattled him.
You can get an idea of the range of tasks that AI is currently capable of by watching this video from the Wharton School, which ranges from writing complete apps for you even if you can’t code to quickly producing convincing deepfake videos to defraud people.
It’s important to remember that the tools the speaker used are largely outdated and aren’t even up to par with what they will be able to do in a few short months.
Defending Against Emerging Cyber Threats with HP’s Wolf Security
Though AI-based threats appear to be outside its current purview, HP has given its Wolf Security unit the mission to combat a variety of these threats. However, HP’s business-oriented products and security services, which cover small businesses and enterprises, have significantly reduced the threats mentioned in its report.
HP has a distinctive security controller and special safeguards that secure the PC while it is booting. It can reliably recover it even if the PC is compromised. It can wirelessly erase the data in the event of theft or prior to giving the PC to another person.
Not a single one of the 125 million devices using HP’s cutting-edge security solution has been compromised. Although no system can guarantee complete security, HP’s designs provide protection far beyond that of their rivals, greatly raising the likelihood that an attacker would give up and choose a target that was less secure.
HP was the first to point out to me the danger that quantum technology posed to already-encrypted files in the early 2000s, and it has been working on a fix for this issue longer than any other PC manufacturer. HP currently leads the PC security field with a unique combination of hardware, software, and a standalone security organization called Wolf Security.
I’m done now.
The rise of security threats is accelerating at a never-before-seen rate, and this trend is likely to be accelerated by the impending wave of AI-created threats, which is already generating considerable attention at the congressional level.
Given that it not only foresaw this issue but also enhanced its capabilities to handle the threats present in the market today, HP’s investment in Wolf Security now seems prophetic. those predicted to arise in the future. However, the emergence of threats from generative AI has the potential to overwhelm everyone in the industry.
The HP team is also putting forth effort to develop an AI defense against threats from AI. We can only hope that they finish it before the impending AI malware apocalypse.
The foldable Motorola Razr+
The Motorola Razr phone’s debut model was a huge success. Everyone who was anyone had one. It was the iPhone of its time, and in recent months, younger consumers have flocked to that design in a retro trend. However, you have to give up the majority of smartphone features in order to get what is arguably a far superior device for TikTok videos.
Although it is significantly more expensive, the Motorola Razr+ foldable phone offers the advantages of portability and an ergonomic design that makes it easier to hold while still having all the features of a full smartphone. It is priced at $999.99, a significant drop from the previous model, and is offered in Infinite Black, Viva Magenta, and Glacier Blue. The Motorola Razr+ has 256GB of internal storage and is available unlocked, giving you freedom to choose between cell phone carriers.
The new model has a significantly longer battery life of 14 hours. In contrast to the older model, this phone’s water resistance is less robust, and foldable screens are frequently more susceptible to dust, so you must be more cautious when using it. Although a down-speed Qualcomm processor is used to achieve this price point, performance is good. It does have a tendency to attract attention when you use it, like most foldable screen phones do.
Given its external display over the camera lenses and the fact that it is nearly as useful when folded as when it is when unfolded, it seems especially well-designed for selfies and TikTok videos. With regard to how millennials use flip phones, Motorola (a division of Lenovo) has obviously paid close attention. You can even set the phone up like a tent to watch videos on the smaller screen thanks to its clever design.
When unfolded, the Razr+’s enormous 6.9-inch display, Atmos audio, and respectable performance are all present. This phone is my Product of the Week because I really enjoy using it. This week, on June 29, it goes on sale.